Subpage of TitleServer (and related TitleServerDocumentation)
"losetup server" How to mount a cryptoloop device early after boot ?
- small https (ssl) service
- listening on a certain TCP port. Possibly saying some <hellomsg> when connected to.
- looking for GET /cmount/<mountpt>/hexakey message early after connection
- if <mountpt> exists (keys compiled in, or read at startup from small textfile) AND hexakey checksum matches for given <mountpt> => then related script is started as root
- the script will losetup and mount over the given <mountpt>. If all mountpoints are mounted, maybe the service could exit (this could also depends on some options received via ssl stream ).
Implementation options:
- written in C
- like hacked example tunala.c from libssl0.9.8 ?
- Some tls code ?
- apache2
- Some ssl wrapper (+plaintext tcp listener)
- tunala.c unhacked
- sslwrapper
- http://www.stunnel.org/
- socat
socat openssl-listen:8888,reuseaddr,forever,verify=0,cert=server.pem,key=server.key stdout
socat "scp -r" example over unencrypted ip4 tcp (so netcat nc could be used too):tar czf - /tmp/a | socat tcp4-listen:7777 stdinsocat tcp4:hostip:7777 stdout | tar xzvf -
- .... ?
RSA/DSA pubkey crypto library of choice is libgcrypt (the library of gnupg) possibly via OpenCDK ... so the rest of this page is mostly obsolete.
bmrsa library - slow !
Originally signiture was done with bmrsa, an opensource RSA library (http://sourceforge.net/projects/bmrsa/
Small and simple, we can easily check if it is a correct implementation. But it turned out to be extremely slow (to the point of being useless for production). Useful for regression-tests though: comparing results of other libraries.
- To try signature demo: register to download demo program ported to linux, Makefile and demo.sh added
- SHA512 hash (160 bit SHA1 is breakable in 2^69 steps, it might have been good enough but the RSA is taking more time anyways so why not be sure)
- 1024 bit RSA (we should switch to 2048 or even 4096 bit later)
- signature generation and verification is too slow (several seconds on 2.4GHz), % (remainder) calculation needs some speed-up (I have some ideas, will check out other source codes too)
www.gnupg.org uses libgcrypt (download .tar.bz2 source) or view libgcrypt repository
- gnupg-source/mpi is a highly optimized library.
- Around 10k lines. The algorithms seem sane, and fine-optimized for 16 different architectures (including i386 and i586, around 1000 assembly lines each).
- both gnupg and libgcrypt compiles with cygwin on windows (according to README, and there is a gnupg for windows released binary as well). Not yet tested by cell.
Proposal to use libgcrypt:
- or use libgcrypt with small wrappers instead of bmrsa (possibly only use bmrsa for regression testing only, or not at all).
- or use the relevant signature functions from gnupg (not just the mpi "big-number functions"). This would be tough. gnupg has lotsof dependencies, unnecessary for us.
- Even if we use gnupg, we want to rely on small parts of it, not the whole. This makes it possible to have a ripped-down version later, that is easy to audit.
GPGME seems useless for us. It calls gnupg.
MD5 0ms 20ms 60ms
SHA1 10ms 20ms 70ms
RIPEMD160 20ms 20ms 80ms
TIGER192 30ms 30ms 100ms
SHA256 30ms 40ms 100ms
SHA384 60ms 70ms 130ms
SHA512 50ms 70ms 130ms
SHA224 30ms 50ms 100ms
MD4 0ms 10ms 80ms
CRC32 0ms 0ms 60ms
CRC32RFC1510 0ms 0ms 60ms
CRC24RFC2440 50ms 50ms 100ms
WHIRLPOOL 60ms 50ms 120ms
Algorithm generate 100*sign 100*verify
------------------------------------------------
RSA 1024 bit 60ms 550ms 20ms
RSA 2048 bit 1070ms 3480ms 70ms
RSA 3072 bit 5720ms 10450ms 130ms
RSA 4096 bit 27250ms 22920ms 230ms
DSA 1024/160 - 310ms 350ms
DSA 2048/224 - 1280ms 1540ms
DSA 3072/256 - 2960ms 3530ms
ECDSA 192 bit 20ms 490ms 860ms
ECDSA 224 bit 30ms 610ms 1150ms
ECDSA 256 bit 30ms 750ms 1450ms
ECDSA 384 bit 70ms 1800ms 3440ms
ECDSA 521 bit 180ms 4380ms 8480ms
libgcrypt make check results on 1.86 GHz Celeron notebook
Other fast bignum libraries ?
