[LEDE-DEV] Planning v17.01.2

Vincenzo Romano vincenzo.romano at notorand.it
Thu Jun 15 11:00:01 EDT 2017


2017-06-15 16:41 GMT+02:00 Jo-Philipp Wich <jo at mein.io>:
> Hi,
>
>> ... and, if I may throw my EUR 0.02 in, why not recompile dropbear
>> with "elliptic curve" support?
>
> whats the size impact?
>
>
> ~ Jo

>From the options.h file I read:

/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
 * code (either ECDSA or ECDH) increases binary size - around 30kB
 * on x86-64 */
#define DROPBEAR_ECDSA

/* Generate hostkeys as-needed when the first connection using that
key type occurs.
   This avoids the need to otherwise run "dropbearkey" and avoids some problems
   with badly seeded /dev/urandom when systems first boot.
   This also requires a runtime flag "-R". This adds ~4kB to binary
size (or hardly
   anything if dropbearkey is linked in a "dropbearmulti" binary) */
#define DROPBEAR_DELAY_HOSTKEY

/* Enable Curve25519 for key exchange. This is another elliptic
 * curve method with good security properties. Increases binary size
 * by ~8kB on x86-64 */
#define DROPBEAR_CURVE25519

/* Enable elliptic curve Diffie Hellman key exchange, see note about
 * ECDSA above */
#define DROPBEAR_ECDH

Then I have tried a compilation on my x86-64 macchine with defaults
(ECC enabled) and with those 4 options disabled.
In the first case I've got:

dbclient: 228504
dropbear: 233624
dropbearkey: 137736

While in the second one:

dbclient: 194136
dropbear: 203336
dropbearkey: 108120

More or less confirming what's in the options.h.
By rough comparison, my Archer C7 says its dropbear single binary is
176517 bytes long.
Unfortunately I haven't a cross compilation environment at hand right
now to provide RISC binary code sizes.

Maybe one could think about an alternative dropbear-full package.

--
Vincenzo Romano - NotOrAnd.IT
Information Technologies
--
NON QVIETIS MARIBVS NAVTA PERITVS




More information about the openwrt-adm mailing list