Random Images



Subpage of TitleServer (and related TitleServerDocumentation)

"losetup server" How to mount a cryptoloop device early after boot ?

  • small https (ssl) service 
  • listening on a certain TCP port. Possibly saying some <hellomsg> when connected to.
  • looking for GET /cmount/<mountpt>/hexakey message early after connection
  • if <mountpt> exists (keys compiled in, or read at startup from small textfile) AND hexakey checksum matches for given <mountpt> => then related script is started as root
    • the script will losetup and mount over the given <mountpt>. If all mountpoints are mounted, maybe the service could exit (this could also depends on some options received via ssl stream ). 

Implementation options:

  • written in C
    • like hacked example tunala.c from libssl0.9.8 ?
    • Some tls code ?
  • apache2
  • Some ssl wrapper (+plaintext tcp listener)
    • tunala.c unhacked
    • sslwrapper
    • http://www.stunnel.org/
    • socat socat openssl-listen:8888,reuseaddr,forever,verify=0,cert=server.pem,key=server.key stdout
    • socat "scp -r" example over unencrypted ip4 tcp (so netcat nc could be used too):
    • tar czf - /tmp/a | socat tcp4-listen:7777 stdin
    • socat tcp4:hostip:7777 stdout | tar xzvf -
    • .... ?

RSA/DSA pubkey crypto library of choice is libgcrypt (the library of gnupg) possibly via OpenCDK ... so the rest of this page is mostly obsolete.

bmrsa library - slow !

Originally signiture was done with bmrsa, an opensource RSA library (http://sourceforge.net/projects/bmrsa/ 

Small and simple, we can easily check if it is a correct implementation. But it turned out to be extremely slow (to the point of being useless for production). Useful for regression-tests though: comparing results of other libraries.

  • To try signature demo: register to download demo program ported to linux, Makefile and demo.sh added
    • SHA512 hash (160 bit SHA1 is breakable in 2^69 steps, it might have been good enough but the RSA is taking more time anyways so why not be sure)
    • 1024 bit RSA (we should switch to 2048 or even 4096 bit later)
    • signature generation and verification is too slow (several seconds on 2.4GHz), % (remainder) calculation needs some speed-up (I have some ideas, will check out other source codes too)

www.gnupg.org uses libgcrypt (download .tar.bz2 source)  or  view libgcrypt repository


  • gnupg-source/mpi is a highly optimized library.
  • Around 10k lines.  The algorithms seem sane, and fine-optimized for 16 different architectures (including i386 and i586, around 1000 assembly lines each).
  • both gnupg and libgcrypt compiles with cygwin on windows (according to README, and there is a gnupg for windows released binary as well). Not yet tested by cell.

Proposal to use libgcrypt:

  • or use libgcrypt with small wrappers instead of bmrsa (possibly only use bmrsa for regression testing only, or not at all).
  • or use the relevant signature functions from gnupg (not just the mpi  "big-number functions"). This would be tough. gnupg has lotsof dependencies, unnecessary for us.
  • Even if we use gnupg, we want to rely on small parts of it, not the whole. This makes it possible to have a ripped-down version later, that is easy to audit.

GPGME seems useless for us. It calls gnupg.

MD5              0ms    20ms    60ms
SHA1            10ms    20ms    70ms
RIPEMD160       20ms    20ms    80ms
TIGER192        30ms    30ms   100ms
SHA256          30ms    40ms   100ms
SHA384          60ms    70ms   130ms
SHA512          50ms    70ms   130ms
SHA224          30ms    50ms   100ms
MD4              0ms    10ms    80ms
CRC32            0ms     0ms    60ms
CRC32RFC1510     0ms     0ms    60ms
CRC24RFC2440    50ms    50ms   100ms
WHIRLPOOL       60ms    50ms   120ms

Algorithm         generate  100*sign  100*verify
RSA 1024 bit          60ms     550ms        20ms
RSA 2048 bit        1070ms    3480ms        70ms
RSA 3072 bit        5720ms   10450ms       130ms
RSA 4096 bit       27250ms   22920ms       230ms
DSA 1024/160             -     310ms       350ms
DSA 2048/224             -    1280ms      1540ms
DSA 3072/256             -    2960ms      3530ms
ECDSA 192 bit         20ms     490ms       860ms
ECDSA 224 bit         30ms     610ms      1150ms
ECDSA 256 bit         30ms     750ms      1450ms
ECDSA 384 bit         70ms    1800ms      3440ms
ECDSA 521 bit        180ms    4380ms      8480ms

libgcrypt make check results on 1.86 GHz Celeron notebook


Other fast bignum libraries ?


Created by: cell. Last Modification: 2011-02-11 (Fri) 23:17:41 CET by cell.