Improved crypto

This commit is contained in:
Dennis Schwerdel 2015-11-30 22:11:37 +01:00
parent ec6d1b544f
commit 7dfcd92ab0
5 changed files with 78 additions and 44 deletions

22
Cargo.lock generated
View File

@ -1,7 +1,8 @@
[root] [root]
name = "vpncloud" name = "vpncloud"
version = "0.2.0" version = "0.3.0"
dependencies = [ dependencies = [
"aligned_alloc 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"docopt 0.6.76 (registry+https://github.com/rust-lang/crates.io-index)", "docopt 0.6.76 (registry+https://github.com/rust-lang/crates.io-index)",
"epoll 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)", "epoll 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
"gcc 0.3.20 (registry+https://github.com/rust-lang/crates.io-index)", "gcc 0.3.20 (registry+https://github.com/rust-lang/crates.io-index)",
@ -31,6 +32,16 @@ dependencies = [
"memchr 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "memchr 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
] ]
[[package]]
name = "aligned_alloc"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"kernel32-sys 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
"libc 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "bitflags" name = "bitflags"
version = "0.3.3" version = "0.3.3"
@ -74,6 +85,15 @@ dependencies = [
"winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)", "winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
] ]
[[package]]
name = "kernel32-sys"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"winapi 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)",
"winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "kernel32-sys" name = "kernel32-sys"
version = "0.2.1" version = "0.2.1"

View File

@ -1,6 +1,6 @@
[package] [package]
name = "vpncloud" name = "vpncloud"
version = "0.2.0" version = "0.3.0"
authors = ["Dennis Schwerdel <schwerdel@informatik.uni-kl.de>"] authors = ["Dennis Schwerdel <schwerdel@informatik.uni-kl.de>"]
build = "build.rs" build = "build.rs"
license = "GPL-3.0" license = "GPL-3.0"
@ -19,6 +19,7 @@ epoll = "0.2"
signal = "0.1" signal = "0.1"
nix = "0.4" nix = "0.4"
libc = "0.2" libc = "0.2"
aligned_alloc = "0.1.1"
[build-dependencies] [build-dependencies]
gcc = "0.3" gcc = "0.3"

View File

@ -17,7 +17,7 @@ Receiver node:
* Ubuntu 14.04 (Kernel 3.13.0-63-generic) * Ubuntu 14.04 (Kernel 3.13.0-63-generic)
* Libsodium 1.0.7 * Libsodium 1.0.7
VpnCloud version: `VpnCloud v0.2.0 (with crypto support, protocol version 1)` VpnCloud version: `VpnCloud v0.3.0 (protocol version 1, libsodium 1.0.7)`
The sender runs the following command: The sender runs the following command:
@ -35,7 +35,7 @@ $> iperf -s &
$> top $> top
``` ```
For encrypted tests, `--shared-key test` is appended. For encrypted tests, `--shared-key test --crypto METHOD` is appended.
### Throughput ### Throughput
@ -57,14 +57,14 @@ The test is run in 3 steps:
| Without VpnCloud | 926 Mbits/sec | - | | Without VpnCloud | 926 Mbits/sec | - |
| Unencrypted VpnCloud | 873 Mbits/sec | 80% / 95% | | Unencrypted VpnCloud | 873 Mbits/sec | 80% / 95% |
| Encrypted VpnCloud (ChaCha20) | 770 Mbits/sec | 100% | | Encrypted VpnCloud (ChaCha20) | 770 Mbits/sec | 100% |
| Encrypted VpnCloud (AES256) | 813 Mbits/sec | 90% / 100% | | Encrypted VpnCloud (AES256) | 835 Mbits/sec | 90% / 100% |
### Latency ### Latency
The latency is measured with the following command: The latency is measured with the following command:
``` ```
$> ping DST -c 10000 -i 0.001 -s SIZE -U -q $> ping DST -c 100000 -i 0.001 -s SIZE -U -q
``` ```
For all the test, the best average RTT out of 5 runs is selected. The latency is For all the test, the best average RTT out of 5 runs is selected. The latency is
@ -73,18 +73,18 @@ assumed to be half of the RTT.
| Payload size | 100 bytes | 500 bytes | 1000 bytes | | Payload size | 100 bytes | 500 bytes | 1000 bytes |
| ----------------------------- | --------- | --------- | ---------- | | ----------------------------- | --------- | --------- | ---------- |
| Without VpnCloud | 158 µs | 165 µs | 178 µs | | Without VpnCloud | 158 µs | 164 µs | 171 µs |
| Unencrypted VpnCloud | 210 µs | 216 µs | 237 µs | | Unencrypted VpnCloud | 217 µs | 227 µs | 242 µs |
| Difference | +52 µs | +51 µs | +59 µs | | Difference | +59 µs | +63 µs | +71 µs |
| Encrypted VpnCloud (ChaCha20) | 218 µs | 230 µs | 257 µs | | Encrypted VpnCloud (ChaCha20) | 231 µs | 245 µs | 259 µs |
| Difference | +8 µs | +14 µs | +20 µs | | Difference | +14 µs | +18 µs | +17 µs |
| Encrypted VpnCloud (AES256) | 224 µs | 230 µs | 255 µs | | Encrypted VpnCloud (AES256) | 223 µs | 237 µs | 251 µs |
| Difference | +14 µs | +14 µs | +18 µs | | Difference | +6 µs | +10 µs | +9 µs |
### Conclusion ### Conclusion
* VpnCloud achieves over 850 MBit/s with default MTU settings. * VpnCloud achieves over 850 MBit/s with default MTU settings.
* In encrypted mode, VpnCloud reaches over 750 MBit/s with default MTU settings. * In encrypted mode, VpnCloud reaches over 800 MBit/s with default MTU settings.
* VpnCloud adds about 60µs to the latency. * VpnCloud adds about 70µs to the latency.
* Encryption adds an additional latency up to 20µs depending on the packet size. * Encryption adds an additional latency up to 20µs depending on the packet size.

View File

@ -2,6 +2,7 @@ use std::{mem, ptr};
use std::ffi::CStr; use std::ffi::CStr;
use libc::{size_t, c_char, c_ulonglong, c_int}; use libc::{size_t, c_char, c_ulonglong, c_int};
use aligned_alloc::{aligned_alloc, aligned_free};
use super::types::Error; use super::types::Error;
@ -32,6 +33,22 @@ const crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE: usize = 524288;
#[allow(non_upper_case_globals)] #[allow(non_upper_case_globals)]
const crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE: usize = 16777216; const crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE: usize = 16777216;
struct Aes256State(*mut [u8; 512]);
impl Aes256State {
fn new() -> Aes256State {
let ptr = aligned_alloc(512, 16) as *mut [u8; 512];
Aes256State(ptr)
}
}
impl Drop for Aes256State {
fn drop(&mut self) {
unsafe { aligned_free(self.0 as *mut ()) }
}
}
#[link(name="sodium", kind="static")] #[link(name="sodium", kind="static")]
extern { extern {
pub fn sodium_init() -> c_int; pub fn sodium_init() -> c_int;
@ -65,7 +82,10 @@ extern {
adlen: c_ulonglong, adlen: c_ulonglong,
npub: *const [u8; crypto_aead_chacha20poly1305_NPUBBYTES], npub: *const [u8; crypto_aead_chacha20poly1305_NPUBBYTES],
k: *const [u8; crypto_aead_chacha20poly1305_KEYBYTES]) -> c_int; k: *const [u8; crypto_aead_chacha20poly1305_KEYBYTES]) -> c_int;
pub fn crypto_aead_aes256gcm_encrypt( pub fn crypto_aead_aes256gcm_beforenm(
state: *mut [u8; 512],
k: *const [u8; crypto_aead_aes256gcm_KEYBYTES]) -> c_int;
pub fn crypto_aead_aes256gcm_encrypt_afternm(
c: *mut u8, c: *mut u8,
clen: *mut c_ulonglong, clen: *mut c_ulonglong,
m: *const u8, m: *const u8,
@ -74,8 +94,8 @@ extern {
adlen: c_ulonglong, adlen: c_ulonglong,
nsec: *const [u8; crypto_aead_aes256gcm_NSECBYTES], nsec: *const [u8; crypto_aead_aes256gcm_NSECBYTES],
npub: *const [u8; crypto_aead_aes256gcm_NPUBBYTES], npub: *const [u8; crypto_aead_aes256gcm_NPUBBYTES],
k: *const [u8; crypto_aead_aes256gcm_KEYBYTES]) -> c_int; state: *const [u8; 512]) -> c_int;
pub fn crypto_aead_aes256gcm_decrypt( pub fn crypto_aead_aes256gcm_decrypt_afternm(
m: *mut u8, m: *mut u8,
mlen: *mut c_ulonglong, mlen: *mut c_ulonglong,
nsec: *mut [u8; crypto_aead_aes256gcm_NSECBYTES], nsec: *mut [u8; crypto_aead_aes256gcm_NSECBYTES],
@ -84,7 +104,7 @@ extern {
ad: *const u8, ad: *const u8,
adlen: c_ulonglong, adlen: c_ulonglong,
npub: *const [u8; crypto_aead_aes256gcm_NPUBBYTES], npub: *const [u8; crypto_aead_aes256gcm_NPUBBYTES],
k: *const [u8; crypto_aead_aes256gcm_KEYBYTES]) -> c_int; state: *const [u8; 512]) -> c_int;
} }
@ -96,7 +116,7 @@ pub enum CryptoMethod {
pub enum Crypto { pub enum Crypto {
None, None,
ChaCha20Poly1305{key: [u8; 32], nonce: [u8; 8]}, ChaCha20Poly1305{key: [u8; 32], nonce: [u8; 8]},
AES256GCM{key: [u8; 32], nonce: [u8; 12]} AES256GCM{state: Aes256State, nonce: [u8; 12]}
} }
fn inc_nonce_8(nonce: &mut [u8; 8]) { fn inc_nonce_8(nonce: &mut [u8; 8]) {
@ -133,7 +153,7 @@ impl Crypto {
match self { match self {
&Crypto::None => 0, &Crypto::None => 0,
&Crypto::ChaCha20Poly1305{key: _, nonce: _} => 1, &Crypto::ChaCha20Poly1305{key: _, nonce: _} => 1,
&Crypto::AES256GCM{key: _, nonce: _} => 2 &Crypto::AES256GCM{state: _, nonce: _} => 2
} }
} }
@ -141,7 +161,7 @@ impl Crypto {
match self { match self {
&Crypto::None => 0, &Crypto::None => 0,
&Crypto::ChaCha20Poly1305{key: _, ref nonce} => nonce.len(), &Crypto::ChaCha20Poly1305{key: _, ref nonce} => nonce.len(),
&Crypto::AES256GCM{key: _, ref nonce} => nonce.len() &Crypto::AES256GCM{state: _, ref nonce} => nonce.len()
} }
} }
@ -149,7 +169,7 @@ impl Crypto {
match self { match self {
&Crypto::None => 0, &Crypto::None => 0,
&Crypto::ChaCha20Poly1305{key: _, nonce: _} => crypto_aead_chacha20poly1305_ABYTES, &Crypto::ChaCha20Poly1305{key: _, nonce: _} => crypto_aead_chacha20poly1305_ABYTES,
&Crypto::AES256GCM{key: _, nonce: _} => crypto_aead_aes256gcm_ABYTES &Crypto::AES256GCM{state: _, nonce: _} => crypto_aead_aes256gcm_ABYTES
} }
} }
@ -180,13 +200,15 @@ impl Crypto {
Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce} Crypto::ChaCha20Poly1305{key: crypto_key, nonce: nonce}
}, },
CryptoMethod::AES256 => { CryptoMethod::AES256 => {
let mut crypto_key = [0; crypto_aead_aes256gcm_KEYBYTES];
for i in 0..crypto_key.len() {
crypto_key[i] = key[i];
}
let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES]; let mut nonce = [0u8; crypto_aead_aes256gcm_NPUBBYTES];
unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) }; unsafe { randombytes_buf(nonce.as_mut_ptr(), nonce.len()) };
Crypto::AES256GCM{key: crypto_key, nonce: nonce} let state = Aes256State::new();
let res = unsafe { crypto_aead_aes256gcm_beforenm(
state.0,
key[..crypto_aead_aes256gcm_KEYBYTES].as_ptr() as *const [u8; crypto_aead_aes256gcm_KEYBYTES]
) };
assert_eq!(res, 0);
Crypto::AES256GCM{state: state, nonce: nonce}
} }
} }
} }
@ -212,9 +234,9 @@ impl Crypto {
_ => Err(Error::CryptoError("Failed to decrypt")) _ => Err(Error::CryptoError("Failed to decrypt"))
} }
}, },
&Crypto::AES256GCM{ref key, nonce: _} => { &Crypto::AES256GCM{ref state, nonce: _} => {
let mut mlen: u64 = buf.len() as u64; let mut mlen: u64 = buf.len() as u64;
let res = unsafe { crypto_aead_aes256gcm_decrypt( let res = unsafe { crypto_aead_aes256gcm_decrypt_afternm(
buf.as_mut_ptr(), // Base pointer to buffer buf.as_mut_ptr(), // Base pointer to buffer
&mut mlen, // Mutable size of buffer (will be set to used size) &mut mlen, // Mutable size of buffer (will be set to used size)
ptr::null_mut::<[u8; 0]>(), // Mutable base pointer to secret nonce (always NULL) ptr::null_mut::<[u8; 0]>(), // Mutable base pointer to secret nonce (always NULL)
@ -223,7 +245,7 @@ impl Crypto {
header.as_ptr(), // Base pointer to additional data header.as_ptr(), // Base pointer to additional data
header.len() as u64, // Size of additional data header.len() as u64, // Size of additional data
nonce.as_ptr() as *const [u8; 12], // Base pointer to public nonce nonce.as_ptr() as *const [u8; 12], // Base pointer to public nonce
key.as_ptr() as *const [u8; 32] // Base pointer to key state.0 // Base pointer to state
) }; ) };
match res { match res {
0 => Ok(mlen as usize), 0 => Ok(mlen as usize),
@ -239,10 +261,6 @@ impl Crypto {
&mut Crypto::ChaCha20Poly1305{ref key, ref mut nonce} => { &mut Crypto::ChaCha20Poly1305{ref key, ref mut nonce} => {
inc_nonce_8(nonce); inc_nonce_8(nonce);
let mut clen: u64 = buf.len() as u64; let mut clen: u64 = buf.len() as u64;
assert_eq!(nonce_bytes.len(), nonce.len());
assert_eq!(nonce.len(), crypto_aead_chacha20poly1305_NPUBBYTES);
assert_eq!(key.len(), crypto_aead_chacha20poly1305_KEYBYTES);
assert_eq!(0, crypto_aead_chacha20poly1305_NSECBYTES);
assert!(clen as usize >= mlen + crypto_aead_chacha20poly1305_ABYTES); assert!(clen as usize >= mlen + crypto_aead_chacha20poly1305_ABYTES);
let res = unsafe { crypto_aead_chacha20poly1305_encrypt( let res = unsafe { crypto_aead_chacha20poly1305_encrypt(
buf.as_mut_ptr(), // Base pointer to buffer buf.as_mut_ptr(), // Base pointer to buffer
@ -256,21 +274,16 @@ impl Crypto {
key.as_ptr() as *const [u8; 32] // Base pointer to key key.as_ptr() as *const [u8; 32] // Base pointer to key
) }; ) };
assert_eq!(res, 0); assert_eq!(res, 0);
assert_eq!(clen as usize, mlen + crypto_aead_chacha20poly1305_ABYTES);
unsafe { unsafe {
ptr::copy_nonoverlapping(nonce.as_ptr(), nonce_bytes.as_mut_ptr(), nonce.len()); ptr::copy_nonoverlapping(nonce.as_ptr(), nonce_bytes.as_mut_ptr(), nonce.len());
} }
clen as usize clen as usize
}, },
&mut Crypto::AES256GCM{ref key, ref mut nonce} => { &mut Crypto::AES256GCM{ref state, ref mut nonce} => {
inc_nonce_12(nonce); inc_nonce_12(nonce);
let mut clen: u64 = buf.len() as u64; let mut clen: u64 = buf.len() as u64;
assert_eq!(nonce_bytes.len(), nonce.len());
assert_eq!(nonce.len(), crypto_aead_aes256gcm_NPUBBYTES);
assert_eq!(key.len(), crypto_aead_aes256gcm_KEYBYTES);
assert_eq!(0, crypto_aead_aes256gcm_NSECBYTES);
assert!(clen as usize >= mlen + crypto_aead_aes256gcm_ABYTES); assert!(clen as usize >= mlen + crypto_aead_aes256gcm_ABYTES);
let res = unsafe { crypto_aead_aes256gcm_encrypt( let res = unsafe { crypto_aead_aes256gcm_encrypt_afternm(
buf.as_mut_ptr(), // Base pointer to buffer buf.as_mut_ptr(), // Base pointer to buffer
&mut clen, // Mutable size of buffer (will be set to used size) &mut clen, // Mutable size of buffer (will be set to used size)
buf.as_ptr(), // Base pointer to message buf.as_ptr(), // Base pointer to message
@ -279,10 +292,9 @@ impl Crypto {
header.len() as u64, // Size of additional data header.len() as u64, // Size of additional data
ptr::null::<[u8; 0]>(), // Base pointer to secret nonce (always NULL) ptr::null::<[u8; 0]>(), // Base pointer to secret nonce (always NULL)
nonce.as_ptr() as *const [u8; 12], // Base pointer to public nonce nonce.as_ptr() as *const [u8; 12], // Base pointer to public nonce
key.as_ptr() as *const [u8; 32] // Base pointer to key state.0 // Base pointer to state
) }; ) };
assert_eq!(res, 0); assert_eq!(res, 0);
assert_eq!(clen as usize, mlen + crypto_aead_aes256gcm_ABYTES);
unsafe { unsafe {
ptr::copy_nonoverlapping(nonce.as_ptr(), nonce_bytes.as_mut_ptr(), nonce.len()); ptr::copy_nonoverlapping(nonce.as_ptr(), nonce_bytes.as_mut_ptr(), nonce.len());
} }

View File

@ -7,6 +7,7 @@ extern crate epoll;
extern crate signal; extern crate signal;
extern crate nix; extern crate nix;
extern crate libc; extern crate libc;
extern crate aligned_alloc;
#[cfg(feature = "bench")] extern crate test; #[cfg(feature = "bench")] extern crate test;
#[macro_use] mod util; #[macro_use] mod util;