Remove/rename some old files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
44c8a5e2b9
commit
b8a9af6881
36 changed files with 1 additions and 1693 deletions
|
@ -93,9 +93,7 @@ GENERATED={- join(" ",
|
|||
|
||||
{- output_off() if $disabled{apps}; "" -}
|
||||
BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash
|
||||
MISC_SCRIPTS=$(SRCDIR)/tools/c_hash $(SRCDIR)/tools/c_info \
|
||||
$(SRCDIR)/tools/c_issuer $(SRCDIR)/tools/c_name \
|
||||
$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
|
||||
MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget
|
||||
{- output_on() if $disabled{apps}; "" -}
|
||||
|
||||
SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -}
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
All rights reserved.
|
||||
|
||||
This package is an Blowfish implementation written
|
||||
by Eric Young (eay@cryptsoft.com).
|
||||
|
||||
This library is free for commercial and non-commercial use as long as
|
||||
the following conditions are aheared to. The following conditions
|
||||
apply to all code found in this distribution.
|
||||
|
||||
Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
the code are not to be removed.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
This product includes software developed by Eric Young (eay@cryptsoft.com)
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
The license and distribution terms for any publically available version or
|
||||
derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
copied and put under another distrubution license
|
||||
[including the GNU Public License.]
|
||||
|
||||
The reason behind this being stated in this direct manner is past
|
||||
experience in code simply being copied and the attribution removed
|
||||
from it and then being distributed as part of other packages. This
|
||||
implementation was a non-trivial and unpaid effort.
|
|
@ -1,14 +0,0 @@
|
|||
This Eric Young's blowfish implementation, taken from his SSLeay library
|
||||
and made available as a separate library.
|
||||
|
||||
The version number (0.7.2m) is the SSLeay version that this library was
|
||||
taken from.
|
||||
|
||||
To build, just unpack and type make.
|
||||
If you are not using gcc, edit the Makefile.
|
||||
If you are compiling for an x86 box, try the assembler (it needs improving).
|
||||
There are also some compile time options that can improve performance,
|
||||
these are documented in the Makefile.
|
||||
|
||||
eric 15-Apr-1997
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
The version numbers will follow my SSL implementation
|
||||
|
||||
0.7.2r - Some reasonable default compiler options from
|
||||
Peter Gutman <pgut001@cs.auckland.ac.nz>
|
||||
|
||||
0.7.2m - the first release
|
|
@ -1,67 +0,0 @@
|
|||
//
|
||||
// gettsc.inl
|
||||
//
|
||||
// gives access to the Pentium's (secret) cycle counter
|
||||
//
|
||||
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
|
||||
// in 1996-7 and is entered, by him, into the public domain.
|
||||
|
||||
#if defined(__WATCOMC__)
|
||||
void GetTSC(unsigned long&);
|
||||
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
|
||||
#elif defined(__GNUC__)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
asm volatile(".byte 15, 49\n\t"
|
||||
: "=eax" (tsc)
|
||||
:
|
||||
: "%edx", "%eax");
|
||||
}
|
||||
#elif defined(_MSC_VER)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
unsigned long a;
|
||||
__asm _emit 0fh
|
||||
__asm _emit 31h
|
||||
__asm mov a, eax;
|
||||
tsc=a;
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/blowfish.h>
|
||||
|
||||
void main(int argc,char *argv[])
|
||||
{
|
||||
BF_KEY key;
|
||||
unsigned long s1,s2,e1,e2;
|
||||
unsigned long data[2];
|
||||
int i,j;
|
||||
|
||||
for (j=0; j<6; j++)
|
||||
{
|
||||
for (i=0; i<1000; i++) /**/
|
||||
{
|
||||
BF_encrypt(&data[0],&key);
|
||||
GetTSC(s1);
|
||||
BF_encrypt(&data[0],&key);
|
||||
BF_encrypt(&data[0],&key);
|
||||
BF_encrypt(&data[0],&key);
|
||||
GetTSC(e1);
|
||||
GetTSC(s2);
|
||||
BF_encrypt(&data[0],&key);
|
||||
BF_encrypt(&data[0],&key);
|
||||
BF_encrypt(&data[0],&key);
|
||||
BF_encrypt(&data[0],&key);
|
||||
GetTSC(e2);
|
||||
BF_encrypt(&data[0],&key);
|
||||
}
|
||||
|
||||
printf("blowfish %d %d (%d)\n",
|
||||
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
|
||||
}
|
||||
}
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
//
|
||||
// gettsc.inl
|
||||
//
|
||||
// gives access to the Pentium's (secret) cycle counter
|
||||
//
|
||||
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
|
||||
// in 1996-7 and is entered, by him, into the public domain.
|
||||
|
||||
#if defined(__WATCOMC__)
|
||||
void GetTSC(unsigned long&);
|
||||
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
|
||||
#elif defined(__GNUC__)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
asm volatile(".byte 15, 49\n\t"
|
||||
: "=eax" (tsc)
|
||||
:
|
||||
: "%edx", "%eax");
|
||||
}
|
||||
#elif defined(_MSC_VER)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
unsigned long a;
|
||||
__asm _emit 0fh
|
||||
__asm _emit 31h
|
||||
__asm mov a, eax;
|
||||
tsc=a;
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/cast.h>
|
||||
|
||||
void main(int argc,char *argv[])
|
||||
{
|
||||
CAST_KEY key;
|
||||
unsigned long s1,s2,e1,e2;
|
||||
unsigned long data[2];
|
||||
int i,j;
|
||||
static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
|
||||
|
||||
CAST_set_key(&key, 16,d);
|
||||
|
||||
for (j=0; j<6; j++)
|
||||
{
|
||||
for (i=0; i<1000; i++) /**/
|
||||
{
|
||||
CAST_encrypt(&data[0],&key);
|
||||
GetTSC(s1);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
GetTSC(e1);
|
||||
GetTSC(s2);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
GetTSC(e2);
|
||||
CAST_encrypt(&data[0],&key);
|
||||
}
|
||||
|
||||
printf("cast %d %d (%d)\n",
|
||||
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
|
||||
}
|
||||
}
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
All rights reserved.
|
||||
|
||||
This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
|
||||
The implementation was written so as to conform with MIT's libdes.
|
||||
|
||||
This library is free for commercial and non-commercial use as long as
|
||||
the following conditions are aheared to. The following conditions
|
||||
apply to all code found in this distribution.
|
||||
|
||||
Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
the code are not to be removed.
|
||||
If this package is used in a product, Eric Young should be given attribution
|
||||
as the author of that the SSL library. This can be in the form of a textual
|
||||
message at program startup or in documentation (online or textual) provided
|
||||
with the package.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
This product includes software developed by Eric Young (eay@cryptsoft.com)
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
The license and distribution terms for any publically available version or
|
||||
derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
copied and put under another distrubution license
|
||||
[including the GNU Public License.]
|
||||
|
||||
The reason behind this being stated in this direct manner is past
|
||||
experience in code simply being copied and the attribution removed
|
||||
from it and then being distributed as part of other packages. This
|
||||
implementation was a non-trivial and unpaid effort.
|
|
@ -1,131 +0,0 @@
|
|||
First up, let me say I don't like writing in assembler. It is not portable,
|
||||
dependant on the particular CPU architecture release and is generally a pig
|
||||
to debug and get right. Having said that, the x86 architecture is probably
|
||||
the most important for speed due to number of boxes and since
|
||||
it appears to be the worst architecture to to get
|
||||
good C compilers for. So due to this, I have lowered myself to do
|
||||
assembler for the inner DES routines in libdes :-).
|
||||
|
||||
The file to implement in assembler is des_enc.c. Replace the following
|
||||
4 functions
|
||||
des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
|
||||
des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
|
||||
des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
|
||||
des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
|
||||
|
||||
They encrypt/decrypt the 64 bits held in 'data' using
|
||||
the 'ks' key schedules. The only difference between the 4 functions is that
|
||||
des_encrypt2() does not perform IP() or FP() on the data (this is an
|
||||
optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
|
||||
perform triple des. The triple DES routines are in here because it does
|
||||
make a big difference to have them located near the des_encrypt2 function
|
||||
at link time..
|
||||
|
||||
Now as we all know, there are lots of different operating systems running on
|
||||
x86 boxes, and unfortunately they normally try to make sure their assembler
|
||||
formating is not the same as the other peoples.
|
||||
The 4 main formats I know of are
|
||||
Microsoft Windows 95/Windows NT
|
||||
Elf Includes Linux and FreeBSD(?).
|
||||
a.out The older Linux.
|
||||
Solaris Same as Elf but different comments :-(.
|
||||
|
||||
Now I was not overly keen to write 4 different copies of the same code,
|
||||
so I wrote a few perl routines to output the correct assembler, given
|
||||
a target assembler type. This code is ugly and is just a hack.
|
||||
The libraries are x86unix.pl and x86ms.pl.
|
||||
des586.pl, des686.pl and des-som[23].pl are the programs to actually
|
||||
generate the assembler.
|
||||
|
||||
So to generate elf assembler
|
||||
perl des-som3.pl elf >dx86-elf.s
|
||||
For Windows 95/NT
|
||||
perl des-som2.pl win32 >win32.asm
|
||||
|
||||
[ update 4 Jan 1996 ]
|
||||
I have added another way to do things.
|
||||
perl des-som3.pl cpp >dx86-cpp.s
|
||||
generates a file that will be included by dx86unix.cpp when it is compiled.
|
||||
To build for elf, a.out, solaris, bsdi etc,
|
||||
cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
|
||||
cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
|
||||
cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
|
||||
cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
|
||||
This was done to cut down the number of files in the distribution.
|
||||
|
||||
Now the ugly part. I acquired my copy of Intels
|
||||
"Optimization's For Intel's 32-Bit Processors" and found a few interesting
|
||||
things. First, the aim of the exersize is to 'extract' one byte at a time
|
||||
from a word and do an array lookup. This involves getting the byte from
|
||||
the 4 locations in the word and moving it to a new word and doing the lookup.
|
||||
The most obvious way to do this is
|
||||
xor eax, eax # clear word
|
||||
movb al, cl # get low byte
|
||||
xor edi DWORD PTR 0x100+des_SP[eax] # xor in word
|
||||
movb al, ch # get next byte
|
||||
xor edi DWORD PTR 0x300+des_SP[eax] # xor in word
|
||||
shr ecx 16
|
||||
which seems ok. For the pentium, this system appears to be the best.
|
||||
One has to do instruction interleaving to keep both functional units
|
||||
operating, but it is basically very efficient.
|
||||
|
||||
Now the crunch. When a full register is used after a partial write, eg.
|
||||
mov al, cl
|
||||
xor edi, DWORD PTR 0x100+des_SP[eax]
|
||||
386 - 1 cycle stall
|
||||
486 - 1 cycle stall
|
||||
586 - 0 cycle stall
|
||||
686 - at least 7 cycle stall (page 22 of the above mentioned document).
|
||||
|
||||
So the technique that produces the best results on a pentium, according to
|
||||
the documentation, will produce hideous results on a pentium pro.
|
||||
|
||||
To get around this, des686.pl will generate code that is not as fast on
|
||||
a pentium, should be very good on a pentium pro.
|
||||
mov eax, ecx # copy word
|
||||
shr ecx, 8 # line up next byte
|
||||
and eax, 0fch # mask byte
|
||||
xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup
|
||||
mov eax, ecx # get word
|
||||
shr ecx 8 # line up next byte
|
||||
and eax, 0fch # mask byte
|
||||
xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup
|
||||
|
||||
Due to the execution units in the pentium, this actually works quite well.
|
||||
For a pentium pro it should be very good. This is the type of output
|
||||
Visual C++ generates.
|
||||
|
||||
There is a third option. instead of using
|
||||
mov al, ch
|
||||
which is bad on the pentium pro, one may be able to use
|
||||
movzx eax, ch
|
||||
which may not incur the partial write penalty. On the pentium,
|
||||
this instruction takes 4 cycles so is not worth using but on the
|
||||
pentium pro it appears it may be worth while. I need access to one to
|
||||
experiment :-).
|
||||
|
||||
eric (20 Oct 1996)
|
||||
|
||||
22 Nov 1996 - I have asked people to run the 2 different version on pentium
|
||||
pros and it appears that the intel documentation is wrong. The
|
||||
mov al,bh is still faster on a pentium pro, so just use the des586.pl
|
||||
install des686.pl
|
||||
|
||||
3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
|
||||
functions into des_enc.c because it does make a massive performance
|
||||
difference on some boxes to have the functions code located close to
|
||||
the des_encrypt2() function.
|
||||
|
||||
9 Jan 1997 - des-som2.pl is now the correct perl script to use for
|
||||
pentiums. It contains an inner loop from
|
||||
Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
|
||||
273,000 per second. He had a previous version at 250,000 and the best
|
||||
I was able to get was 203,000. The content has not changed, this is all
|
||||
due to instruction sequencing (and actual instructions choice) which is able
|
||||
to keep both functional units of the pentium going.
|
||||
We may have lost the ugly register usage restrictions when x86 went 32 bit
|
||||
but for the pentium it has been replaced by evil instruction ordering tricks.
|
||||
|
||||
13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
|
||||
raw DES at 281,000 per second on a pentium 100.
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
|
||||
Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
|
||||
(5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
|
||||
Received: by minbne.mincom.oz.au id AA19958
|
||||
(5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
|
||||
Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
|
||||
Wed, 27 Sep 1995 19:13:05 +1000
|
||||
Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
|
||||
Wed, 27 Sep 1995 04:48:46 -0400
|
||||
Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
|
||||
Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
|
||||
Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14])
|
||||
by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442
|
||||
for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
|
||||
Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1)
|
||||
id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
|
||||
Date: Mon, 25 Sep 1995 17:50:51 -0700
|
||||
From: Phil Karn <karn@qualcomm.com>
|
||||
Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
|
||||
To: cypherpunks@toad.com, ipsec-dev@eit.com
|
||||
Subject: Primality verification needed
|
||||
Sender: owner-cypherpunks@toad.com
|
||||
Precedence: bulk
|
||||
Status: RO
|
||||
X-Status:
|
||||
|
||||
Hi. I've generated a 2047-bit "strong" prime number that I would like to
|
||||
use with Diffie-Hellman key exchange. I assert that not only is this number
|
||||
'p' prime, but so is (p-1)/2.
|
||||
|
||||
I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
|
||||
1.3.2 to test this number. This function uses the Miller-Rabin primality test.
|
||||
However, to increase my confidence that this number really is a strong prime,
|
||||
I'd like to ask others to confirm it with other tests. Here's the number in hex:
|
||||
|
||||
72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
|
||||
fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
|
||||
a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
|
||||
fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
|
||||
3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
|
||||
ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
|
||||
56a05180c3bec7ddd5ef6fe76b1f717b
|
||||
|
||||
The generator, g, for this prime is 2.
|
||||
|
||||
Thanks!
|
||||
|
||||
Phil Karn
|
||||
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
From: stewarts@ix.netcom.com (Bill Stewart)
|
||||
Newsgroups: sci.crypt
|
||||
Subject: Re: Diffie-Hellman key exchange
|
||||
Date: Wed, 11 Oct 1995 23:08:28 GMT
|
||||
Organization: Freelance Information Architect
|
||||
Lines: 32
|
||||
Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
|
||||
References: <458rhn$76m$1@mhadf.production.compuserve.com>
|
||||
NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
|
||||
X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995
|
||||
X-Newsreader: Forte Free Agent 1.0.82
|
||||
|
||||
Kent Briggs <72124.3234@CompuServe.COM> wrote:
|
||||
|
||||
>I have a copy of the 1976 IEEE article describing the
|
||||
>Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm
|
||||
>looking for sources that give examples of secure a,q pairs and
|
||||
>possible some source code that I could examine.
|
||||
|
||||
q should be prime, and ideally should be a "strong prime",
|
||||
which means it's of the form 2n+1 where n is also prime.
|
||||
q also needs to be long enough to prevent the attacks LaMacchia and
|
||||
Odlyzko described (some variant on a factoring attack which generates
|
||||
a large pile of simultaneous equations and then solves them);
|
||||
long enough is about the same size as factoring, so 512 bits may not
|
||||
be secure enough for most applications. (The 192 bits used by
|
||||
"secure NFS" was certainly not long enough.)
|
||||
|
||||
a should be a generator for q, which means it needs to be
|
||||
relatively prime to q-1. Usually a small prime like 2, 3 or 5 will
|
||||
work.
|
||||
|
||||
....
|
||||
|
||||
Date: Tue, 26 Sep 1995 13:52:36 MST
|
||||
From: "Richard Schroeppel" <rcs@cs.arizona.edu>
|
||||
To: karn
|
||||
Cc: ho@cs.arizona.edu
|
||||
Subject: random large primes
|
||||
|
||||
Since your prime is really random, proving it is hard.
|
||||
My personal limit on rigorously proved primes is ~350 digits.
|
||||
If you really want a proof, we should talk to Francois Morain,
|
||||
or the Australian group.
|
||||
|
||||
If you want 2 to be a generator (mod P), then you need it
|
||||
to be a non-square. If (P-1)/2 is also prime, then
|
||||
non-square == primitive-root for bases << P.
|
||||
|
||||
In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
|
||||
If you want this, you should restrict your sieve accordingly.
|
||||
|
||||
3 is a generator iff P = 5 (mod 12).
|
||||
|
||||
5 is a generator iff P = 3 or 7 (mod 10).
|
||||
|
||||
2 is perfectly usable as a base even if it's a non-generator, since
|
||||
it still covers half the space of possible residues. And an
|
||||
eavesdropper can always determine the low-bit of your exponent for
|
||||
a generator anyway.
|
||||
|
||||
Rich rcs@cs.arizona.edu
|
||||
|
||||
|
||||
|
|
@ -1,122 +0,0 @@
|
|||
The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
|
||||
examples. This is an updated version that uses SHA-1 (FIPS 180-1)
|
||||
supplied to me by Wei Dai
|
||||
--
|
||||
APPENDIX 5. EXAMPLE OF THE DSA
|
||||
|
||||
|
||||
This appendix is for informational purposes only and is not required to meet
|
||||
the standard.
|
||||
|
||||
Let L = 512 (size of p). The values in this example are expressed in
|
||||
hexadecimal notation. The p and q given here were generated by the prime
|
||||
generation standard described in appendix 2 using the 160-bit SEED:
|
||||
|
||||
d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
|
||||
|
||||
With this SEED, the algorithm found p and q when the counter was at 105.
|
||||
|
||||
x was generated by the algorithm described in appendix 3, section 3.1, using
|
||||
the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
|
||||
|
||||
XSEED =
|
||||
|
||||
bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
|
||||
|
||||
t =
|
||||
67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
|
||||
|
||||
x = G(t,XSEED) mod q
|
||||
|
||||
k was generated by the algorithm described in appendix 3, section 3.2, using
|
||||
the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
|
||||
|
||||
KSEED =
|
||||
|
||||
687a66d9 0648f993 867e121f 4ddf9ddb 01205584
|
||||
|
||||
t =
|
||||
EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
|
||||
|
||||
k = G(t,KSEED) mod q
|
||||
|
||||
Finally:
|
||||
|
||||
h = 2
|
||||
|
||||
p =
|
||||
8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
|
||||
cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
|
||||
49693dfb f83724c2 ec0736ee 31c80291
|
||||
|
||||
|
||||
q =
|
||||
c773218c 737ec8ee 993b4f2d ed30f48e dace915f
|
||||
|
||||
|
||||
g =
|
||||
626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
|
||||
3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
|
||||
c42e9f6f 464b088c c572af53 e6d78802
|
||||
|
||||
|
||||
x =
|
||||
2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
|
||||
|
||||
|
||||
k =
|
||||
358dad57 1462710f 50e254cf 1a376b2b deaadfbf
|
||||
|
||||
|
||||
kinv =
|
||||
|
||||
0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
|
||||
|
||||
M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
|
||||
|
||||
SHA(M) =
|
||||
|
||||
a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
|
||||
|
||||
|
||||
y =
|
||||
|
||||
19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
|
||||
9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
|
||||
858fba33 f44c0669 9630a76b 030ee333
|
||||
|
||||
|
||||
r =
|
||||
8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
|
||||
|
||||
s =
|
||||
41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
|
||||
|
||||
|
||||
w =
|
||||
9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
|
||||
|
||||
|
||||
u1 =
|
||||
bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
|
||||
|
||||
|
||||
u2 =
|
||||
821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
|
||||
|
||||
|
||||
gu1 mod p =
|
||||
|
||||
51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
|
||||
9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
|
||||
6f96662a 1987a21b e4ec1071 010b6069
|
||||
|
||||
|
||||
yu2 mod p =
|
||||
|
||||
8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
|
||||
5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67
|
||||
c19441f4 22bf3c34 08aeba1f 0a4dbec7
|
||||
|
||||
v =
|
||||
8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
|
|
@ -1,22 +0,0 @@
|
|||
NOTES
|
||||
-----
|
||||
|
||||
I've checked out HPUX (well, version 11 at least) and shl_t is
|
||||
a pointer type so it's safe to use in the way it has been in
|
||||
dso_dl.c. On the other hand, HPUX11 support dlfcn too and
|
||||
according to their man page, prefer developers to move to that.
|
||||
I'll leave Richard's changes there as I guess dso_dl is needed
|
||||
for HPUX10.20.
|
||||
|
||||
There is now a callback scheme in place where filename conversion can
|
||||
(a) be turned off altogether through the use of the
|
||||
DSO_FLAG_NO_NAME_TRANSLATION flag,
|
||||
(b) be handled by default using the default DSO_METHOD's converter
|
||||
(c) overriden per-DSO by setting the override callback
|
||||
(d) a mix of (b) and (c) - eg. implement an override callback that;
|
||||
(i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
|
||||
and if so, convert "blah" into "blah32.dll" (the default is
|
||||
otherwise to make it "blah.dll").
|
||||
(ii) default to the normal behaviour - we're not on win32, eg.
|
||||
finish with (return dso->meth->dso_name_converter(dso,NULL)).
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
1.1 07/12/95 - eay
|
||||
Many thanks to Rhys Weatherley <rweather@us.oracle.com>
|
||||
for pointing out that I was assuming little endian byte
|
||||
order for all quantities what idea actually used
|
||||
bigendian. No where in the spec does it mention
|
||||
this, it is all in terms of 16 bit numbers and even the example
|
||||
does not use byte streams for the input example :-(.
|
||||
If you byte swap each pair of input, keys and iv, the functions
|
||||
would produce the output as the old version :-(.
|
||||
|
||||
1.0 ??/??/95 - eay
|
||||
First version.
|
|
@ -1,78 +0,0 @@
|
|||
//
|
||||
// gettsc.inl
|
||||
//
|
||||
// gives access to the Pentium's (secret) cycle counter
|
||||
//
|
||||
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
|
||||
// in 1996-7 and is entered, by him, into the public domain.
|
||||
|
||||
#if defined(__WATCOMC__)
|
||||
void GetTSC(unsigned long&);
|
||||
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
|
||||
#elif defined(__GNUC__)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
asm volatile(".byte 15, 49\n\t"
|
||||
: "=eax" (tsc)
|
||||
:
|
||||
: "%edx", "%eax");
|
||||
}
|
||||
#elif defined(_MSC_VER)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
unsigned long a;
|
||||
__asm _emit 0fh
|
||||
__asm _emit 31h
|
||||
__asm mov a, eax;
|
||||
tsc=a;
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/md4.h>
|
||||
|
||||
extern "C" {
|
||||
void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
|
||||
}
|
||||
|
||||
void main(int argc,char *argv[])
|
||||
{
|
||||
unsigned char buffer[64*256];
|
||||
MD4_CTX ctx;
|
||||
unsigned long s1,s2,e1,e2;
|
||||
unsigned char k[16];
|
||||
unsigned long data[2];
|
||||
unsigned char iv[8];
|
||||
int i,num=0,numm;
|
||||
int j=0;
|
||||
|
||||
if (argc >= 2)
|
||||
num=atoi(argv[1]);
|
||||
|
||||
if (num == 0) num=16;
|
||||
if (num > 250) num=16;
|
||||
numm=num+2;
|
||||
num*=64;
|
||||
numm*=64;
|
||||
|
||||
for (j=0; j<6; j++)
|
||||
{
|
||||
for (i=0; i<10; i++) /**/
|
||||
{
|
||||
md4_block_x86(&ctx,buffer,numm);
|
||||
GetTSC(s1);
|
||||
md4_block_x86(&ctx,buffer,numm);
|
||||
GetTSC(e1);
|
||||
GetTSC(s2);
|
||||
md4_block_x86(&ctx,buffer,num);
|
||||
GetTSC(e2);
|
||||
md4_block_x86(&ctx,buffer,num);
|
||||
}
|
||||
printf("md4 (%d bytes) %d %d (%.2f)\n",num,
|
||||
e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
//
|
||||
// gettsc.inl
|
||||
//
|
||||
// gives access to the Pentium's (secret) cycle counter
|
||||
//
|
||||
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
|
||||
// in 1996-7 and is entered, by him, into the public domain.
|
||||
|
||||
#if defined(__WATCOMC__)
|
||||
void GetTSC(unsigned long&);
|
||||
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
|
||||
#elif defined(__GNUC__)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
asm volatile(".byte 15, 49\n\t"
|
||||
: "=eax" (tsc)
|
||||
:
|
||||
: "%edx", "%eax");
|
||||
}
|
||||
#elif defined(_MSC_VER)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
unsigned long a;
|
||||
__asm _emit 0fh
|
||||
__asm _emit 31h
|
||||
__asm mov a, eax;
|
||||
tsc=a;
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
extern "C" {
|
||||
void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
|
||||
}
|
||||
|
||||
void main(int argc,char *argv[])
|
||||
{
|
||||
unsigned char buffer[64*256];
|
||||
MD5_CTX ctx;
|
||||
unsigned long s1,s2,e1,e2;
|
||||
unsigned char k[16];
|
||||
unsigned long data[2];
|
||||
unsigned char iv[8];
|
||||
int i,num=0,numm;
|
||||
int j=0;
|
||||
|
||||
if (argc >= 2)
|
||||
num=atoi(argv[1]);
|
||||
|
||||
if (num == 0) num=16;
|
||||
if (num > 250) num=16;
|
||||
numm=num+2;
|
||||
num*=64;
|
||||
numm*=64;
|
||||
|
||||
for (j=0; j<6; j++)
|
||||
{
|
||||
for (i=0; i<10; i++) /**/
|
||||
{
|
||||
md5_block_x86(&ctx,buffer,numm);
|
||||
GetTSC(s1);
|
||||
md5_block_x86(&ctx,buffer,numm);
|
||||
GetTSC(e1);
|
||||
GetTSC(s2);
|
||||
md5_block_x86(&ctx,buffer,num);
|
||||
GetTSC(e2);
|
||||
md5_block_x86(&ctx,buffer,num);
|
||||
}
|
||||
printf("md5 (%d bytes) %d %d (%.2f)\n",num,
|
||||
e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
Proc-Type: 4,MIC-ONLY
|
||||
Proc-Type: 4,MIC-CLEAR
|
||||
Content-Domain: RFC822
|
||||
DEK-Info: DES-CBC,0123456789abcdef
|
||||
Originator-Certificate
|
||||
xxxx
|
||||
Issuer-Certificate
|
||||
xxxx
|
||||
MIC-Info: RSA-MD5,RSA,
|
||||
xxxx
|
||||
|
||||
|
||||
-----END PRIVACY-ENHANCED MESSAGE-----
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
21 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
|
||||
00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
|
||||
21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
|
||||
21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
|
||||
00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
|
||||
20 20:d=0 hl=2 l= 0 cons: univ: SET
|
||||
21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
|
||||
00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
|
||||
00 35:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
|
||||
20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
|
||||
20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
|
||||
00 1116:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
|
||||
20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
|
||||
20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
|
||||
00 2066:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
|
||||
00 2070:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
00 2072:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
00 2074:d=0 hl=2 l= 0 prim: univ: EOC
|
||||
00 2076:d=0 hl=2 l= 0 prim: univ: EOC
|
|
@ -1,219 +0,0 @@
|
|||
>From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
|
||||
Article 23601 of sci.crypt:
|
||||
Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
|
||||
>From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
|
||||
Newsgroups: sci.crypt
|
||||
Subject: Specification for Ron Rivests Cipher No.2
|
||||
Date: 11 Feb 1996 06:45:03 GMT
|
||||
Organization: University of Auckland
|
||||
Lines: 203
|
||||
Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
|
||||
Message-ID: <4fk39f$f70@net.auckland.ac.nz>
|
||||
NNTP-Posting-Host: cs26.cs.auckland.ac.nz
|
||||
X-Newsreader: NN version 6.5.0 #3 (NOV)
|
||||
|
||||
|
||||
|
||||
|
||||
Ron Rivest's Cipher No.2
|
||||
------------------------
|
||||
|
||||
Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
|
||||
refer to it by other names) is word oriented, operating on a block of 64 bits
|
||||
divided into four 16-bit words, with a key table of 64 words. All data units
|
||||
are little-endian. This functional description of the algorithm is based in
|
||||
the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
|
||||
the same general layout, terminology, and pseudocode style.
|
||||
|
||||
|
||||
Notation and RRC.2 Primitive Operations
|
||||
|
||||
RRC.2 uses the following primitive operations:
|
||||
|
||||
1. Two's-complement addition of words, denoted by "+". The inverse operation,
|
||||
subtraction, is denoted by "-".
|
||||
2. Bitwise exclusive OR, denoted by "^".
|
||||
3. Bitwise AND, denoted by "&".
|
||||
4. Bitwise NOT, denoted by "~".
|
||||
5. A left-rotation of words; the rotation of word x left by y is denoted
|
||||
x <<< y. The inverse operation, right-rotation, is denoted x >>> y.
|
||||
|
||||
These operations are directly and efficiently supported by most processors.
|
||||
|
||||
|
||||
The RRC.2 Algorithm
|
||||
|
||||
RRC.2 consists of three components, a *key expansion* algorithm, an
|
||||
*encryption* algorithm, and a *decryption* algorithm.
|
||||
|
||||
|
||||
Key Expansion
|
||||
|
||||
The purpose of the key-expansion routine is to expand the user's key K to fill
|
||||
the expanded key array S, so S resembles an array of random binary words
|
||||
determined by the user's secret key K.
|
||||
|
||||
Initialising the S-box
|
||||
|
||||
RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
|
||||
Beale Cipher No.1 XOR'd with a one-time pad. The Beale Ciphers predate modern
|
||||
cryptography by enough time that there should be no concerns about trapdoors
|
||||
hidden in the data. They have been published widely, and the S-box can be
|
||||
easily recreated from the one-time pad values and the Beale Cipher data taken
|
||||
from a standard source. To initialise the S-box:
|
||||
|
||||
for i = 0 to 255 do
|
||||
sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
|
||||
|
||||
The contents of Beale Cipher No.1 and the necessary one-time pad are given as
|
||||
an appendix at the end of this document. For efficiency, implementors may wish
|
||||
to skip the Beale Cipher expansion and store the sBox table directly.
|
||||
|
||||
Expanding the Secret Key to 128 Bytes
|
||||
|
||||
The secret key is first expanded to fill 128 bytes (64 words). The expansion
|
||||
consists of taking the sum of the first and last bytes in the user key, looking
|
||||
up the sum (modulo 256) in the S-box, and appending the result to the key. The
|
||||
operation is repeated with the second byte and new last byte of the key until
|
||||
all 128 bytes have been generated. Note that the following pseudocode treats
|
||||
the S array as an array of 128 bytes rather than 64 words.
|
||||
|
||||
for j = 0 to length-1 do
|
||||
S[ j ] = K[ j ]
|
||||
for j = length to 127 do
|
||||
s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
|
||||
|
||||
At this point it is possible to perform a truncation of the effective key
|
||||
length to ease the creation of espionage-enabled software products. However
|
||||
since the author cannot conceive why anyone would want to do this, it will not
|
||||
be considered further.
|
||||
|
||||
The final phase of the key expansion involves replacing the first byte of S
|
||||
with the entry selected from the S-box:
|
||||
|
||||
S[ 0 ] = sBox[ S[ 0 ] ]
|
||||
|
||||
|
||||
Encryption
|
||||
|
||||
The cipher has 16 full rounds, each divided into 4 subrounds. Two of the full
|
||||
rounds perform an additional transformation on the data. Note that the
|
||||
following pseudocode treats the S array as an array of 64 words rather than 128
|
||||
bytes.
|
||||
|
||||
for i = 0 to 15 do
|
||||
j = i * 4;
|
||||
word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
|
||||
word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
|
||||
word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
|
||||
word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
|
||||
|
||||
In addition the fifth and eleventh rounds add the contents of the S-box indexed
|
||||
by one of the data words to another of the data words following the four
|
||||
subrounds as follows:
|
||||
|
||||
word0 = word0 + S[ word3 & 63 ];
|
||||
word1 = word1 + S[ word0 & 63 ];
|
||||
word2 = word2 + S[ word1 & 63 ];
|
||||
word3 = word3 + S[ word2 & 63 ];
|
||||
|
||||
|
||||
Decryption
|
||||
|
||||
The decryption operation is simply the inverse of the encryption operation.
|
||||
Note that the following pseudocode treats the S array as an array of 64 words
|
||||
rather than 128 bytes.
|
||||
|
||||
for i = 15 downto 0 do
|
||||
j = i * 4;
|
||||
word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
|
||||
word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
|
||||
word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
|
||||
word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
|
||||
|
||||
In addition the fifth and eleventh rounds subtract the contents of the S-box
|
||||
indexed by one of the data words from another one of the data words following
|
||||
the four subrounds as follows:
|
||||
|
||||
word3 = word3 - S[ word2 & 63 ]
|
||||
word2 = word2 - S[ word1 & 63 ]
|
||||
word1 = word1 - S[ word0 & 63 ]
|
||||
word0 = word0 - S[ word3 & 63 ]
|
||||
|
||||
|
||||
Test Vectors
|
||||
|
||||
The following test vectors may be used to test the correctness of an RRC.2
|
||||
implementation:
|
||||
|
||||
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
Cipher: 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
|
||||
|
||||
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
||||
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
Cipher: 0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
|
||||
|
||||
Key: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
Plain: 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
Cipher: 0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
|
||||
|
||||
Key: 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
|
||||
Plain: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
Cipher: 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
|
||||
|
||||
|
||||
Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
|
||||
Creating the S-Box
|
||||
|
||||
Beale Cipher No.1.
|
||||
|
||||
71, 194, 38,1701, 89, 76, 11, 83,1629, 48, 94, 63, 132, 16, 111, 95,
|
||||
84, 341, 975, 14, 40, 64, 27, 81, 139, 213, 63, 90,1120, 8, 15, 3,
|
||||
126,2018, 40, 74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
|
||||
124, 211, 486, 225, 401, 370, 11, 101, 305, 139, 189, 17, 33, 88, 208, 193,
|
||||
145, 1, 94, 73, 416, 918, 263, 28, 500, 538, 356, 117, 136, 219, 27, 176,
|
||||
130, 10, 460, 25, 485, 18, 436, 65, 84, 200, 283, 118, 320, 138, 36, 416,
|
||||
280, 15, 71, 224, 961, 44, 16, 401, 39, 88, 61, 304, 12, 21, 24, 283,
|
||||
134, 92, 63, 246, 486, 682, 7, 219, 184, 360, 780, 18, 64, 463, 474, 131,
|
||||
160, 79, 73, 440, 95, 18, 64, 581, 34, 69, 128, 367, 460, 17, 81, 12,
|
||||
103, 820, 62, 110, 97, 103, 862, 70, 60,1317, 471, 540, 208, 121, 890, 346,
|
||||
36, 150, 59, 568, 614, 13, 120, 63, 219, 812,2160,1780, 99, 35, 18, 21,
|
||||
136, 872, 15, 28, 170, 88, 4, 30, 44, 112, 18, 147, 436, 195, 320, 37,
|
||||
122, 113, 6, 140, 8, 120, 305, 42, 58, 461, 44, 106, 301, 13, 408, 680,
|
||||
93, 86, 116, 530, 82, 568, 9, 102, 38, 416, 89, 71, 216, 728, 965, 818,
|
||||
2, 38, 121, 195, 14, 326, 148, 234, 18, 55, 131, 234, 361, 824, 5, 81,
|
||||
623, 48, 961, 19, 26, 33, 10,1101, 365, 92, 88, 181, 275, 346, 201, 206
|
||||
|
||||
One-time Pad.
|
||||
|
||||
158, 186, 223, 97, 64, 145, 190, 190, 117, 217, 163, 70, 206, 176, 183, 194,
|
||||
146, 43, 248, 141, 3, 54, 72, 223, 233, 153, 91, 210, 36, 131, 244, 161,
|
||||
105, 120, 113, 191, 113, 86, 19, 245, 213, 221, 43, 27, 242, 157, 73, 213,
|
||||
193, 92, 166, 10, 23, 197, 112, 110, 193, 30, 156, 51, 125, 51, 158, 67,
|
||||
197, 215, 59, 218, 110, 246, 181, 0, 135, 76, 164, 97, 47, 87, 234, 108,
|
||||
144, 127, 6, 6, 222, 172, 80, 144, 22, 245, 207, 70, 227, 182, 146, 134,
|
||||
119, 176, 73, 58, 135, 69, 23, 198, 0, 170, 32, 171, 176, 129, 91, 24,
|
||||
126, 77, 248, 0, 118, 69, 57, 60, 190, 171, 217, 61, 136, 169, 196, 84,
|
||||
168, 167, 163, 102, 223, 64, 174, 178, 166, 239, 242, 195, 249, 92, 59, 38,
|
||||
241, 46, 236, 31, 59, 114, 23, 50, 119, 186, 7, 66, 212, 97, 222, 182,
|
||||
230, 118, 122, 86, 105, 92, 179, 243, 255, 189, 223, 164, 194, 215, 98, 44,
|
||||
17, 20, 53, 153, 137, 224, 176, 100, 208, 114, 36, 200, 145, 150, 215, 20,
|
||||
87, 44, 252, 20, 235, 242, 163, 132, 63, 18, 5, 122, 74, 97, 34, 97,
|
||||
142, 86, 146, 221, 179, 166, 161, 74, 69, 182, 88, 120, 128, 58, 76, 155,
|
||||
15, 30, 77, 216, 165, 117, 107, 90, 169, 127, 143, 181, 208, 137, 200, 127,
|
||||
170, 195, 26, 84, 255, 132, 150, 58, 103, 250, 120, 221, 237, 37, 8, 99
|
||||
|
||||
|
||||
Implementation
|
||||
|
||||
A non-US based programmer who has never seen any encryption code before will
|
||||
shortly be implementing RRC.2 based solely on this specification and not on
|
||||
knowledge of any other encryption algorithms. Stand by.
|
||||
|
||||
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
1.1 23/08/96 - eay
|
||||
Changed RC2_set_key() so it now takes another argument. Many
|
||||
thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
|
||||
clarification and original specification of RC2. BSAFE uses
|
||||
this last parameter, 'bits'. It the key is 128 bits, BSAFE
|
||||
also sets this parameter to 128. The old behaviour can be
|
||||
duplicated by setting this parameter to 1024.
|
||||
|
||||
1.0 08/04/96 - eay
|
||||
First version of SSLeay with rc2. This has been written from the spec
|
||||
posted sci.crypt. It is in this directory under rrc2.doc
|
||||
I have no test values for any mode other than ecb, my wrappers for the
|
||||
other modes should be ok since they are basically the same as
|
||||
the ones taken from idea and des :-). I have implemented them as
|
||||
little-endian operators.
|
||||
While rc2 is included because it is used with SSL, I don't know how
|
||||
far I trust it. It is about the same speed as IDEA and DES.
|
||||
So if you are paranoid, used Tripple DES, else IDEA. If RC2
|
||||
does get used more, perhaps more people will look for weaknesses in
|
||||
it.
|
||||
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
//
|
||||
// gettsc.inl
|
||||
//
|
||||
// gives access to the Pentium's (secret) cycle counter
|
||||
//
|
||||
// This software was written by Leonard Janke (janke@unixg.ubc.ca)
|
||||
// in 1996-7 and is entered, by him, into the public domain.
|
||||
|
||||
#if defined(__WATCOMC__)
|
||||
void GetTSC(unsigned long&);
|
||||
#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
|
||||
#elif defined(__GNUC__)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
asm volatile(".byte 15, 49\n\t"
|
||||
: "=eax" (tsc)
|
||||
:
|
||||
: "%edx", "%eax");
|
||||
}
|
||||
#elif defined(_MSC_VER)
|
||||
inline
|
||||
void GetTSC(unsigned long& tsc)
|
||||
{
|
||||
unsigned long a;
|
||||
__asm _emit 0fh
|
||||
__asm _emit 31h
|
||||
__asm mov a, eax;
|
||||
tsc=a;
|
||||
}
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/rc5.h>
|
||||
|
||||
void main(int argc,char *argv[])
|
||||
{
|
||||
RC5_32_KEY key;
|
||||
unsigned long s1,s2,e1,e2;
|
||||
unsigned long data[2];
|
||||
int i,j;
|
||||
static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
|
||||
|
||||
RC5_32_set_key(&key, 16,d,12);
|
||||
|
||||
for (j=0; j<6; j++)
|
||||
{
|
||||
for (i=0; i<1000; i++) /**/
|
||||
{
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
GetTSC(s1);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
GetTSC(e1);
|
||||
GetTSC(s2);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
GetTSC(e2);
|
||||
RC5_32_encrypt(&data[0],&key);
|
||||
}
|
||||
|
||||
printf("cast %d %d (%d)\n",
|
||||
e1-s1,e2-s2,((e2-s2)-(e1-s1)));
|
||||
}
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
C2.pl works
|
|
@ -1 +0,0 @@
|
|||
perl ../util/mkerr.pl -conf e_capi.ec -nostatic -staticloader -write e_capi.c
|
|
@ -1,68 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
PROG=$1
|
||||
|
||||
if [ -x $PROG ]; then
|
||||
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
|
||||
:
|
||||
else
|
||||
echo "$PROG is not OpenSSL executable"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "$PROG is not executable"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if [ 1 ]; then
|
||||
|
||||
HASH=`cat $PROG | $PROG dgst -hex`
|
||||
|
||||
AES_ALGS=" aes-128-ctr aes-128-ecb aes-128-cbc aes-128-cfb aes-128-ofb \
|
||||
aes-192-ctr aes-192-ecb aes-192-cbc aes-192-cfb aes-192-ofb \
|
||||
aes-256-ctr aes-256-ecb aes-256-cbc aes-256-cfb aes-256-ofb"
|
||||
BUFSIZE="16 32 48 64 80 96 128 144 999"
|
||||
|
||||
nerr=0
|
||||
|
||||
for alg in $AES_ALGS; do
|
||||
echo $alg
|
||||
for bufsize in $BUFSIZE; do
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
|
||||
env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -d -k "$HASH" -$alg | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg/$bufsize encrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
for bufsize in $BUFSIZE; do
|
||||
TEST=`( cat $PROG | \
|
||||
env OPENSSL_ia32cap=~0x0200000000000000 $PROG enc -e -k "$HASH" -$alg | \
|
||||
$PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg/$bufsize decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg | \
|
||||
$PROG enc -d -k "$HASH" -$alg | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg en/decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $nerr -gt 0 ]; then
|
||||
echo "AESNI engine test failed."
|
||||
exit 1;
|
||||
fi
|
||||
else
|
||||
echo "AESNI engine is not available"
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -1,64 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
PROG=$1
|
||||
|
||||
if [ -x $PROG ]; then
|
||||
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
|
||||
:
|
||||
else
|
||||
echo "$PROG is not OpenSSL executable"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "$PROG is not executable"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if $PROG engine padlock | grep -v no-ACE; then
|
||||
|
||||
HASH=`cat $PROG | $PROG dgst -hex`
|
||||
|
||||
ACE_ALGS=" aes-128-ecb aes-192-ecb aes-256-ecb \
|
||||
aes-128-cbc aes-192-cbc aes-256-cbc \
|
||||
aes-128-cfb aes-192-cfb aes-256-cfb \
|
||||
aes-128-ofb aes-192-ofb aes-256-ofb"
|
||||
|
||||
nerr=0
|
||||
|
||||
for alg in $ACE_ALGS; do
|
||||
echo $alg
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
|
||||
$PROG enc -d -k "$HASH" -$alg | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg encrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg | \
|
||||
$PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg -engine padlock | \
|
||||
$PROG enc -d -k "$HASH" -$alg -engine padlock | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg en/decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $nerr -gt 0 ]; then
|
||||
echo "PadLock ACE test failed."
|
||||
exit 1;
|
||||
fi
|
||||
else
|
||||
echo "PadLock ACE is not available"
|
||||
fi
|
||||
|
||||
exit 0
|
70
test/test_t4
70
test/test_t4
|
@ -1,70 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
PROG=$1
|
||||
|
||||
if [ -x $PROG ]; then
|
||||
if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
|
||||
:
|
||||
else
|
||||
echo "$PROG is not OpenSSL executable"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "$PROG is not executable"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if [ 1 ]; then
|
||||
|
||||
HASH=`cat $PROG | $PROG dgst -hex`
|
||||
|
||||
AES_ALGS=" des-cbc des-ede-cbc des-ede3-cbc \
|
||||
camellia-128-cbc camellia-128-cfb \
|
||||
camellia-192-cbc camellia-192-cfb \
|
||||
camellia-256-cbc camellia-256-cfb \
|
||||
aes-128-ctr aes-128-cbc aes-128-cfb aes-128-ofb \
|
||||
aes-192-ctr aes-192-cbc aes-192-cfb aes-192-ofb \
|
||||
aes-256-ctr aes-256-cbc aes-256-cfb aes-256-ofb"
|
||||
BUFSIZE="16 32 48 999"
|
||||
|
||||
nerr=0
|
||||
|
||||
for alg in $AES_ALGS; do
|
||||
echo $alg
|
||||
for bufsize in $BUFSIZE; do
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg -bufsize $bufsize | \
|
||||
env OPENSSL_sparcv9cap=0 $PROG enc -d -k "$HASH" -$alg | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg/$bufsize encrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
for bufsize in $BUFSIZE; do
|
||||
TEST=`( cat $PROG | \
|
||||
env OPENSSL_sparcv9cap=0 $PROG enc -e -k "$HASH" -$alg | \
|
||||
$PROG enc -d -k "$HASH" -$alg -bufsize $bufsize | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg/$bufsize decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
TEST=`( cat $PROG | \
|
||||
$PROG enc -e -k "$HASH" -$alg | \
|
||||
$PROG enc -d -k "$HASH" -$alg | \
|
||||
$PROG dgst -hex ) 2>/dev/null`
|
||||
if [ "$TEST" != "$HASH" ]; then
|
||||
echo "-$alg en/decrypt test failed"
|
||||
nerr=`expr $nerr + 1`
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $nerr -gt 0 ]; then
|
||||
echo "SPARC T4 test failed."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
113
test/times
113
test/times
|
@ -1,113 +0,0 @@
|
|||
|
||||
More number for the questions about SSL overheads....
|
||||
|
||||
The following numbers were generated on a Pentium pro 200, running Linux.
|
||||
They give an indication of the SSL protocol and encryption overheads.
|
||||
|
||||
The program that generated them is an unreleased version of ssl/ssltest.c
|
||||
which is the SSLeay ssl protocol testing program. It is a single process that
|
||||
talks both sides of the SSL protocol via a non-blocking memory buffer
|
||||
interface.
|
||||
|
||||
How do I read this? The protocol and cipher are reasonable obvious.
|
||||
The next number is the number of connections being made. The next is the
|
||||
number of bytes exchanged between the client and server side of the protocol.
|
||||
This is the number of bytes that the client sends to the server, and then
|
||||
the server sends back. Because this is all happening in one process,
|
||||
the data is being encrypted, decrypted, encrypted and then decrypted again.
|
||||
It is a round trip of that many bytes. Because the one process performs
|
||||
both the client and server sides of the protocol and it sends this many bytes
|
||||
each direction, multiply this number by 4 to generate the number
|
||||
of bytes encrypted/decrypted/MACed. The first time value is how many seconds
|
||||
elapsed doing a full SSL handshake, the second is the cost of one
|
||||
full handshake and the rest being session-id reuse.
|
||||
|
||||
SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
|
||||
SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
|
||||
SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
|
||||
SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
|
||||
SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
|
||||
SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
|
||||
SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
|
||||
|
||||
SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
|
||||
SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
|
||||
SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
|
||||
SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
|
||||
SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
|
||||
SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
|
||||
|
||||
SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
|
||||
SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
|
||||
SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
|
||||
SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
|
||||
SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
|
||||
SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
|
||||
SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
|
||||
|
||||
SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
|
||||
SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
|
||||
SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
|
||||
SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
|
||||
SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
|
||||
SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
|
||||
SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
|
||||
|
||||
What does this all mean? Well for a server, with no session-id reuse, with
|
||||
a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
|
||||
a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
|
||||
about 49 connections a second. Reality will be quite different :-).
|
||||
|
||||
Remember the first number is 1000 full ssl handshakes, the second is
|
||||
1 full and 999 with session-id reuse. The RSA overheads for each exchange
|
||||
would be one public and one private operation, but the protocol/MAC/cipher
|
||||
cost would be quite similar in both the client and server.
|
||||
|
||||
eric (adding numbers to speculation)
|
||||
|
||||
--- Appendix ---
|
||||
- The time measured is user time but these number a very rough.
|
||||
- Remember this is the cost of both client and server sides of the protocol.
|
||||
- The TCP/kernel overhead of connection establishment is normally the
|
||||
killer in SSL. Often delays in the TCP protocol will make session-id
|
||||
reuse look slower that new sessions, but this would not be the case on
|
||||
a loaded server.
|
||||
- The TCP round trip latencies, while slowing individual connections,
|
||||
would have minimal impact on throughput.
|
||||
- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
|
||||
- the required number of bytes are processed.
|
||||
- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
|
||||
- A 512bit server key was being used except where noted.
|
||||
- No server key verification was being performed on the client side of the
|
||||
protocol. This would slow things down very little.
|
||||
- The library being used is SSLeay 0.8.x.
|
||||
- The normal measuring system was commands of the form
|
||||
time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
|
||||
This modified version of ssltest should be in the next public release of
|
||||
SSLeay.
|
||||
|
||||
The general cipher performance number for this platform are
|
||||
|
||||
SSLeay 0.8.2a 04-Sep-1997
|
||||
built on Fri Sep 5 17:37:05 EST 1997
|
||||
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
|
||||
C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
|
||||
The 'numbers' are in 1000s of bytes per second processed.
|
||||
type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
|
||||
md2 131.02k 368.41k 500.57k 549.21k 566.09k
|
||||
mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
|
||||
md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
|
||||
sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
|
||||
sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
|
||||
rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
|
||||
des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
|
||||
des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
|
||||
idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
|
||||
rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
|
||||
blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
|
||||
sign verify
|
||||
rsa 512 bits 0.0100s 0.0011s
|
||||
rsa 1024 bits 0.0451s 0.0012s
|
||||
rsa 2048 bits 0.2605s 0.0086s
|
||||
rsa 4096 bits 1.6883s 0.0302s
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/sh
|
||||
# print out the hash values
|
||||
#
|
||||
|
||||
for i in $*
|
||||
do
|
||||
h=`openssl x509 -hash -noout -in $i`
|
||||
echo "$h.0 => $i"
|
||||
done
|
12
tools/c_info
12
tools/c_info
|
@ -1,12 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# print the subject
|
||||
#
|
||||
|
||||
for i in $*
|
||||
do
|
||||
n=`openssl x509 -subject -issuer -enddate -noout -in $i`
|
||||
echo "$i"
|
||||
echo "$n"
|
||||
echo "--------"
|
||||
done
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# print out the issuer
|
||||
#
|
||||
|
||||
for i in $*
|
||||
do
|
||||
n=`openssl x509 -issuer -noout -in $i`
|
||||
echo "$i $n"
|
||||
done
|
10
tools/c_name
10
tools/c_name
|
@ -1,10 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# print the subject
|
||||
#
|
||||
|
||||
for i in $*
|
||||
do
|
||||
n=`openssl x509 -subject -noout -in $i`
|
||||
echo "$i $n"
|
||||
done
|
|
@ -1,21 +0,0 @@
|
|||
primes = [2, 3, 5, 7, 11]
|
||||
safe = False # Not sure if the period's right on safe primes.
|
||||
|
||||
muliplier = 1 if not safe else 2
|
||||
for p in primes:
|
||||
muliplier *= p
|
||||
|
||||
offsets = []
|
||||
for x in range(3, muliplier + 3, 2):
|
||||
prime = True
|
||||
for p in primes:
|
||||
if not x % p or (safe and not ((x - 1) / 2) % p):
|
||||
prime = False
|
||||
break
|
||||
|
||||
if prime:
|
||||
offsets.append(x)
|
||||
|
||||
print(offsets)
|
||||
print(len(offsets))
|
||||
print(muliplier)
|
26
util/domd.in
26
util/domd.in
|
@ -1,26 +0,0 @@
|
|||
#!/bin/sh
|
||||
## Wrapper to portably run makedepend or equivalent compiler built-in.
|
||||
## Runs on Makefile.in, generates Makefile
|
||||
## {- join("\n## ", @autowarntext) -}
|
||||
|
||||
{- "MAKEDEPEND=" . quotify1($config{makedepprog}) -}
|
||||
|
||||
case "${MAKEDEPEND}" in
|
||||
cat)
|
||||
;;
|
||||
makedepend)
|
||||
${MAKEDEPEND} $@ || exit 1
|
||||
;;
|
||||
*)
|
||||
args="-Werror -MM"
|
||||
while [ $# -gt 0 ]; do
|
||||
if [ "$1" != '--' ] ; then
|
||||
args="$args $1"
|
||||
fi
|
||||
shift
|
||||
done
|
||||
sed -e '/DO NOT DELETE THIS LINE/q' Makefile >Makefile.tmp
|
||||
${MAKEDEPEND} $args >>Makefile.tmp || exit 1
|
||||
mv Makefile.tmp Makefile
|
||||
;;
|
||||
esac
|
108
util/install.sh
108
util/install.sh
|
@ -1,108 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# install - install a program, script, or datafile
|
||||
# This comes from X11R5; it is not part of GNU.
|
||||
#
|
||||
# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
|
||||
#
|
||||
# This script is compatible with the BSD install script, but was written
|
||||
# from scratch.
|
||||
#
|
||||
|
||||
|
||||
# set DOITPROG to echo to test this script
|
||||
|
||||
doit="${DOITPROG:-}"
|
||||
|
||||
|
||||
# put in absolute paths if you don't have them in your path; or use env. vars.
|
||||
|
||||
mvprog="${MVPROG:-mv}"
|
||||
cpprog="${CPPROG:-cp}"
|
||||
chmodprog="${CHMODPROG:-chmod}"
|
||||
chownprog="${CHOWNPROG:-chown}"
|
||||
chgrpprog="${CHGRPPROG:-chgrp}"
|
||||
stripprog="${STRIPPROG:-strip}"
|
||||
rmprog="${RMPROG:-rm}"
|
||||
|
||||
instcmd="$mvprog"
|
||||
chmodcmd=""
|
||||
chowncmd=""
|
||||
chgrpcmd=""
|
||||
stripcmd=""
|
||||
rmcmd="$rmprog -f"
|
||||
src=""
|
||||
dst=""
|
||||
|
||||
while [ x"$1" != x ]; do
|
||||
case $1 in
|
||||
-c) instcmd="$cpprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-m) chmodcmd="$chmodprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-o) chowncmd="$chownprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-g) chgrpcmd="$chgrpprog $2"
|
||||
shift
|
||||
shift
|
||||
continue;;
|
||||
|
||||
-s) stripcmd="$stripprog"
|
||||
shift
|
||||
continue;;
|
||||
|
||||
*) if [ x"$src" = x ]
|
||||
then
|
||||
src=$1
|
||||
else
|
||||
dst=$1
|
||||
fi
|
||||
shift
|
||||
continue;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ x"$src" = x ]
|
||||
then
|
||||
echo "install: no input file specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ x"$dst" = x ]
|
||||
then
|
||||
echo "install: no destination specified"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
# if destination is a directory, append the input filename; if your system
|
||||
# does not like double slashes in filenames, you may need to add some logic
|
||||
|
||||
if [ -d $dst ]
|
||||
then
|
||||
dst="$dst"/`basename $src`
|
||||
fi
|
||||
|
||||
|
||||
# get rid of the old one and mode the new one in
|
||||
|
||||
$doit $rmcmd $dst
|
||||
$doit $instcmd $src $dst
|
||||
|
||||
|
||||
# and set any options; do chmod last to preserve setuid bits
|
||||
|
||||
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
|
||||
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
|
||||
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
|
||||
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
|
||||
|
||||
exit 0
|
|
@ -1,17 +0,0 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
# Very simple script to detect and convert files that we want to re-encode to UTF8
|
||||
|
||||
git ls-tree -r --name-only HEAD | \
|
||||
while read F; do
|
||||
charset=`file -bi "$F" | sed -e 's|.*charset=||'`
|
||||
if [ "$charset" != "utf-8" -a "$charset" != "binary" -a "$charset" != "us-ascii" ]; then
|
||||
iconv -f ISO-8859-1 -t UTF8 < "$F" > "$F.utf8" && \
|
||||
( cmp -s "$F" "$F.utf8" || \
|
||||
( echo "$F"
|
||||
mv "$F" "$F.iso-8859-1"
|
||||
mv "$F.utf8" "$F"
|
||||
)
|
||||
)
|
||||
fi
|
||||
done
|
Loading…
Reference in a new issue