Logan007
commented
4 years ago The numbering scheme of the encryption parameter comes from the internal representation of cipher selection in which 0 means invalid. This is actually a good way to code the cipher as the (often default) 0 with its invalid meaning makes sure that a field was not forgotten to set.
By the way, the current scheme to choose a cipher unintentionally got somewhat mnemonic, making it easier to memorize: A2 is for 2-Fish, A3 is for Aes (leetly), and A4 is for chAchA (also leetly) and A5 is for Speck.
Any other encoding would require to add a kind of translation code between the internal and the external coding.
Talking about code size, the current executable size is due to enabled optimizations -O3 and -march=native. If code size is of concern for your platform, you could change the corresponding compiler flags in the OPTIMIZATION?= line of the Makefile (around line 10). Possible changes are to choose a lower optimization level such as -O2, -O1 or omitting the optimizations completely. You could even go with -Os which will produce size-optimized code. You could also omit -march=native which will disable platform optimized code (SSE, AVX, possibly NEON). There are quite a few choices to try... However, in doing so, you usually will have to trade size with speed. Also, be sure that CFLAGS= line of the Makefile (around line 19) does not contain any -O_ parameter. And finally, to get a realistic impression of the corresponding speed in running tools/n2n-benchmark, copy the same optimization settings to tools/Makefile. After any changes, you have to do a make clean before running make for rebuilding – I ran into this...
To give an example of three different settings I tried on my i7 2860QM earlier today:
no optimization
-------------------------
size of edge = 747,000 bytes
Run enc[transop_null] for 3s (512 bytes): 16240584 packets 5413.5 Kpps 2771.7 MB/s
Run enc[transop_twofish] for 3s (512 bytes): 88062 packets 29.4 Kpps 15.0 MB/s
Run enc[transop_aes] for 3s (512 bytes): 2225453 packets 741.8 Kpps 379.8 MB/s
Run enc[transop_cc20] for 3s (512 bytes): 3531064 packets 1177.0 Kpps 602.6 MB/s
Run enc[transop_speck] for 3s (512 bytes): 399893 packets 133.3 Kpps 68.2 MB/s
-Os
-------------------------
size of edge = 903,344 bytes
Run enc[transop_null] for 3s (512 bytes): 7537659 packets 2512.6 Kpps 1286.4 MB/s
Run enc[transop_twofish] for 3s (512 bytes): 503514 packets 167.8 Kpps 85.9 MB/s
Run enc[transop_aes] for 3s (512 bytes): 1853511 packets 617.8 Kpps 316.3 MB/s
Run enc[transop_cc20] for 3s (512 bytes): 2609744 packets 869.9 Kpps 445.4 MB/s
Run enc[transop_speck] for 3s (512 bytes): 1989230 packets 663.1 Kpps 339.5 MB/s
-O3 -march=native (default)
---------------------------
size of edge = 1,400,712 bytes
Run enc[transop_null] for 3s (512 bytes): 41623622 packets 13874.5 Kpps 7103.8 MB/s
Run enc[transop_twofish] for 3s (512 bytes): 521178 packets 173.7 Kpps 88.9 MB/s
Run enc[transop_aes] for 3s (512 bytes): 2664208 packets 888.1 Kpps 454.7 MB/s
Run enc[transop_cc20] for 3s (512 bytes): 4542817 packets 1514.3 Kpps 775.3 MB/s
Run enc[transop_speck] for 3s (512 bytes): 5538461 packets 1846.2 Kpps 945.2 MB/sI hope these hints are somewhat helpful to find optimal settings for your environment.
lucktu
panketing
skyformat99
lucaderi
from
-A1 | Disable payload encryption. Do not use with -k. -A2 | Use Twofish for payload encryption (default). Requires a key (-k). -A3 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key (-k). -z1 or -z | Enable lzo1x compression for outgoing data packets | (default=compression disabled)
to
-A0 or blank | Use Twofish for payload encryption (default). Requires a key (-k). -A1 or -A (deprecated) | Use AES-CBC for payload encryption. Requires a key (-k). -A2 | Enable lzo1x compression for outgoing data packets. | (default=compression disabled)
Although I object to adding too much encryption, increase the size of the file, increase the difficulty of operation