URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7187e0b1ba0303dc493c4a75d9949cfca8ede98
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
d7187e0 by Peter Wu (peter@xxxxxxxxxxxxx):
wsutil: Add Curve25519 ECDH (X25519) using Gcrypt
The WireGuard dissector will need X25519 to enable decryption, add a
Gcrypt implementation that implements the NaCl/Sodium interface.
While inspired by the MPI example in t-cv25519.c, note subtle but
important correctness/interoperability fixes: add a check for infinity
(gcry_mpi_ec_get_affine) and handle short values from gcry_mpi_print.
The last issue is ugly, perhaps the high level API (gcry_pk_decrypt)
should be used instead (which < 2% slower than this MPI implementation).
(Both issues were found through fuzzing.)
As for alternative options, Sodium is superior but would be a new
dependency. For some older performance and usability notes (comparing
crypto_scalarmult_curve25519_base (note "_base") against others), see
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-July/004532.html
Performance comparison on Ubuntu 18.04 (i7-3770) between Sodium 1.0.16
against Gcrypt 1.8.3 and Gcrypt 86e5e06a (git master, future 1.9.x) by
computing 65536 times X25519(1, 8) via crypto_scalarmult_curve25519:
Sodium (sandy2x): 1.4x faster than ref10
Sodium (ref10): 1 (baseline)
Gcrypt (git): 5x slower than ref10, 7x slower than sandy2x
Gcrypt (1.8.3): 17x ref10, 24x sandy2x (took 65 seconds)
Change-Id: Ia54e73cc3cc469a6697554729aff4edd19f55630
Ping-Bug: 15011
Reviewed-on: https://code.wireshark.org/review/28987
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from e50ae0a WireGuard: add session tracking
add d7187e0 wsutil: Add Curve25519 ECDH (X25519) using Gcrypt
Summary of changes:
debian/libwsutil0.symbols | 2 +
wsutil/CMakeLists.txt | 2 +
wsutil/curve25519.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++
wsutil/curve25519.h | 41 ++++++++++++++++++
4 files changed, 148 insertions(+)
create mode 100644 wsutil/curve25519.c
create mode 100644 wsutil/curve25519.h