mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-27 21:44:34 +01:00
99 lines
3.8 KiB
Plaintext
99 lines
3.8 KiB
Plaintext
|
|
FreeSec - NetBSD libcrypt replacement
|
|
|
|
David Burren <davidb@werj.com.au>
|
|
Release 1.0, March 1994
|
|
|
|
Document ref: $Id$
|
|
|
|
|
|
Description
|
|
===========
|
|
This library is a drop-in replacement for the libcrypt used in U.S. copies
|
|
of NetBSD, duplicating that library's functionality. A suite of verification
|
|
and benchmark tools is provided.
|
|
|
|
FreeSec 1.0 is an original implementation of the DES algorithm and the
|
|
crypt(3) interfaces used in Unix-style operating systems. It was produced
|
|
in Australia and as such is not covered by U.S. export restrictions (at
|
|
least for copies that remain outside the U.S.).
|
|
|
|
|
|
History
|
|
=======
|
|
An earlier version of the FreeSec library was built using the UFC-crypt
|
|
package that is distributed as part of the GNU library. UFC-crypt did not
|
|
support the des_cipher() or des_setkey() functions, nor the new-style
|
|
crypt with long keys. These were implemented in FreeSec 0.2, but at least
|
|
one bug remained, where encryption would only succeed if either the salt
|
|
or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered
|
|
by the GNU Library Licence.
|
|
|
|
FreeSec 1.0 is an original implementation by myself, and has been tested
|
|
against the verification suite I'd been using with FreeSec 0.2 (this is not
|
|
encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style
|
|
licence, which better fits into the *BSD hierarchy than the earlier GNU
|
|
licence.
|
|
|
|
|
|
Why should you use FreeSec?
|
|
===========================
|
|
FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt,
|
|
to act as a baseline for encryption functionality.
|
|
|
|
Some other packages (such as Eric Young's libdes package) are faster and
|
|
more complete than FreeSec, but typically have different licencing
|
|
arrangements. While some applications will justify the use of these
|
|
packages, the idea here is that everyone should have access to *at least*
|
|
the functionality of FreeSec.
|
|
|
|
|
|
Performance of FreeSec 1.0
|
|
==========================
|
|
I compare below the performance of three libcrypt implementations. As can be
|
|
seen, it's between the U.S. library and UFC-crypt. While the performance of
|
|
FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in
|
|
future versions. I was interested to note that while UFC-crypt is faster on
|
|
a 386, hardware characteristics can have markedly different effects on each
|
|
implementation.
|
|
|
|
|
|
386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2
|
|
CFLAGS=-O2 | | |
|
|
========================+===============+===============+==================
|
|
crypt (alternate keys) | 317 | 341 | 395
|
|
crypt/sec | | |
|
|
------------------------+---------------+---------------+------------------
|
|
crypt (constant key) | 317 | 368 | 436
|
|
crypt/sec | | |
|
|
------------------------+---------------+---------------+------------------
|
|
des_cipher( , , , 1) | 6037 | 7459 | 3343
|
|
blocks/sec | | |
|
|
------------------------+---------------+---------------+------------------
|
|
des_cipher( , , , 25) | 8871 | 9627 | 15926
|
|
blocks/sec | | |
|
|
|
|
Notes: The results tabled here are the average over 10 runs.
|
|
The entry/exit code for FreeSec 0.2's des_cipher() is particularly
|
|
inefficient, thus the anomalous result for single encryptions.
|
|
|
|
|
|
As an experiment using a machine with a larger register set and an
|
|
obscenely fast CPU, I obtained the following results:
|
|
|
|
60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2
|
|
========================+=================================
|
|
crypt (alternate keys) | 2545 | 2702
|
|
crypt/sec | |
|
|
------------------------+---------------------------------
|
|
crypt (constant key) | 2852 | 2981
|
|
crypt/sec | |
|
|
------------------------+---------------------------------
|
|
des_cipher( , , , 1) | 56443 | 21409
|
|
blocks/sec | |
|
|
------------------------+---------------------------------
|
|
des_cipher( , , , 25) | 82531 | 18276
|
|
blocks/sec | |
|
|
|
|
Obviously your mileage will vary with your hardware and your compiler...
|