[From nobody Thu Jun 25 05:54:46 2020
Received: from sonic310-20.consmr.mail.gq1.yahoo.com ([98.137.69.146])
 by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
 id 1fkrfH-0008FS-4N
 for openwrt-devel@lists.openwrt.org; Wed, 01 Aug 2018 13:59:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1533131975; bh=R8WE6+9RdpnGpQNO8AQPEbbkbur/6BjFU5lCekrHGEw=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject;
 b=W3ws/tbjl2L7CLgETCYUKU8zd2CoZW8HNmWMmkr4lOtrOpYEzmb6qMGIQBSjKW+k2a3eB250HzXLeqYNgkImGJFLO6XTZb0Xkcy99B9Q1uHdo12Ykzd6KMeKTb/AD1LWpsaeTKYpo7LT8/eA/AbY4ErNsByXh/iI56paAbK/7Ra3Q/RrKesDcXSh19CZV6cFPpXOCyB0p7OVot0vZN6U6qrFfNNCoOHtXf06mOToBteJSTJswV5hKJx/T4d1YjB9dMJQNYGHUJI3u2/gUeJA1JVELlPD3VAqoTUNpUp/KrTgTiT6S24scxmqIWWh0QL9Fo7YMYFNl0UHg/HCE/azXg==
X-YMail-OSG: pyi_60oVM1kotBncNSollilxhE.QW7o_wxhZAQh6EV_r.JBIy7b.e1xAv2fUR3e
 7ibSYpiNTXLhJU0h.gxseG_KkdTU4ocFBDYaYUA6AzD83eZcJTjikP4IEzZbrD30jaWzhKMLdyyM
 nsHtaEyb8V.Yil0hSAVSKdIb_GU2QHopCCiianf6g_VorOjfeRpIxNpLgajveBSKg78CkvNk7TMJ
 SHT1IPUL060.riFLh_uIk1hlX.Z6t8NxAyLIytbDhHs.DwFjf3WxaDj0sGLdsrKJJnUuSGwah2Vj
 kyF3zmoAd30fspiVGL4ASgJDIHE4drZwNHMWCkP4Zfek8CzZn3WQ.ohiWdFOieixAYP4QaZby.8s
 Yd4LZ_rluy9H.gBkkQ9o3eTNWobpvhaeE3xzO3JgtahMqSo8tjA1lNKToGzFPYhWN8A7PY7yrcS_
 fBl5oab5d3SnPJ5iEr.HitqKr5hnAV4jMt16f0Nac08Y1P0GUdUcEMHv7ZWrIIfbTqGok_AlpKup
 R5Z1EsVIag7jN0es97csw91ofK3veOvt4um1sNS9lwrLKNo0Z1p410yPUWgNBQoBr7YX9Oab3TTf
 3jYaCDQeCB9JWMlIWVSyLDQdiXPBgmdIVJo3mGex3OJKutU_FtU1zIi3eUhQ_QztdmqSUId2UIjc
 edstw7e1MQ_CIgV4b7izGSNP1N3Qm4LXsBphUC3PXJJRu9i9BubIhDxf_guS.uft6Rrpv9eoipyR
 N1gphm1FDuMC_IJa3Vc.dUyVMeundlq.QhrF0iIP0LDtwxYiFOgkJtdKpyl4PmvzUQgE68lP7zg4
 3LgS9nZLFnkzy5eyPKOfDdhGUkSSJ1Jtw2BU13HkFwx0ctfhhNk_lEERjHFZEeR.YycPMNIjLpDL
 cM_GjnGPEsDR.TXn9oa_gRuPOBDDL4.2p2T3HEmSuW.yjikWS3IC9UQt_GXTGp7MSVnG6HXygsZF
 jze6IAC4JmPhXsDIIBcb4nq7f8D2yIdLVmE3WcPRKHDiKKfF8pDkHVB4-
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic310.consmr.mail.gq1.yahoo.com with HTTP; Wed, 1 Aug 2018 13:59:35 +0000
Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br)
 ([177.75.175.18])
 by smtp427.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID
 66e7fe722df94a8c880f67aa8e362aeb; 
 Wed, 01 Aug 2018 13:59:33 +0000 (UTC)
From: Eneas U de Queiroz &lt;cote2004-github@yahoo.com&gt;
To: openwrt-devel@lists.openwrt.org
Cc: Eneas U de Queiroz &lt;cote2004-github@yahoo.com&gt;
Subject: [PATCH v2 0/1] ustream-ssl: mbedtls: use chacha-poly ciphersuites
Date: Wed,  1 Aug 2018 10:59:12 -0300
Message-Id: &lt;20180801135913.5960-1-cote2004-github@yahoo.com&gt;
X-Mailer: git-send-email 2.16.4
In-Reply-To: &lt;580f0e74-866b-67bf-d23e-ed7efe377bfd@phrozen.org&gt;
References: &lt;580f0e74-866b-67bf-d23e-ed7efe377bfd@phrozen.org&gt;
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180801_065947_209019_89C89CD9 
X-CRM114-Status: UNSURE (   4.49  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.1 (/)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
 Content analysis details:   (-0.1 points)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [98.137.69.146 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (cote2004-github[at]yahoo.com)
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
 domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid

Here are the ciphersuite preference parameters being used in
ustream-ssl with openssl/wolfssl (and with mbedtls, minus the
chacha-poly cipher):

 - key exchange: prefer ECDHE, then DHE(client only), then RSA
 - prefer AEAD ciphers:
      chacha20-poly1305, the fastest in software, 256-bits
      aes128-gcm, 128-bits
      aes256-gcm, 256-bits
 - CBC ciphers
      aes128, aes256, 3DES(client only)

Now that mbedtls added support to chacha-poly, we can finally make them
all the same.  As for the speed comparison between the AEAD ciphers,
here are the numbers using openssl 1.1.0 on Asus RT-N56U (mips74kc).

((openssl speed -evp chacha20-poly1305 | egrep &quot;^(type|chacha)&quot;) &amp;&amp; (openssl speed -evp aes-128-gcm &amp;&amp; openssl speed -evp aes-256-gcm) | egrep &quot;^aes&quot;) 2&gt;/dev/null
type              16 bytes   64 bytes  256 bytes  1024 bytes 8192 bytes  16384 bytes
chacha20-poly1305  6873.30k  10734.22k  12217.75k   12613.07k  12769.39k    12665.00k
aes-128-gcm        3759.88k   4280.96k   4415.66k    4437.79k   4456.12k     4436.88k
aes-256-gcm        3408.83k   3738.10k   3838.52k    3841.90k   3864.31k     3882.17k

chach20-poly1305 is almost 3 times faster than AES128, with twice the
strength.

Eneas U de Queiroz (1):
  ustream-ssl: mbedtls: use chacha-poly ciphersuites

 ustream-mbedtls.c | 5 +++++
 1 file changed, 5 insertions(+)

-- 
2.16.4


]