diff options
author | Denys Vlasenko | 2018-11-23 18:02:44 +0100 |
---|---|---|
committer | Denys Vlasenko | 2018-11-23 18:02:44 +0100 |
commit | 5e4236d226309a32842a6928878fd0e1cd5937e7 (patch) | |
tree | eb41a6c5cbaaac79b22b8c200e0aabfe26ba7d15 | |
parent | 83e5c627e1b2c7f34d694696d0c3d5a3ce25dc59 (diff) | |
download | busybox-5e4236d226309a32842a6928878fd0e1cd5937e7.zip busybox-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.gz |
tls: in AES-CBC code, do not set key for every record - do it once
function old new delta
aes_setkey 16 212 +196
tls_handshake 1941 1977 +36
aes_encrypt_1 382 396 +14
xwrite_encrypted 605 604 -1
tls_xread_record 659 656 -3
aes_encrypt_one_block 65 59 -6
aes_cbc_encrypt 172 121 -51
aesgcm_setkey 58 - -58
aes_cbc_decrypt 958 881 -77
KeyExpansion 188 - -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | networking/tls.c | 12 | ||||
-rw-r--r-- | networking/tls_aes.c | 32 | ||||
-rw-r--r-- | networking/tls_aes.h | 4 | ||||
-rw-r--r-- | networking/tls_aesgcm.c | 10 | ||||
-rw-r--r-- | networking/tls_aesgcm.h | 2 |
5 files changed, 28 insertions, 32 deletions
diff --git a/networking/tls.c b/networking/tls.c index 38a965a..23622d7 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un /* Encrypt content+MAC+padding in place */ //optimize key setup aes_cbc_encrypt( - tls->client_write_key, tls->key_size, /* selects 128/256 */ + &tls->aes_decrypt, /* selects 128/256 */ buf - AES_BLOCK_SIZE, /* IV */ buf, size, /* plaintext */ buf /* ciphertext */ @@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) /* Decrypt content+MAC+padding, moving it over IV in the process */ sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */ aes_cbc_decrypt( - tls->server_write_key, tls->key_size, /* selects 128/256 */ + &tls->aes_decrypt, /* selects 128/256 */ p, /* IV */ p + AES_BLOCK_SIZE, sz, /* ciphertext */ p /* plaintext */ @@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls) dump_hex("client_write_IV:%s\n", tls->client_write_IV, tls->IV_size ); - aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size); + aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size); + aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size); + { + uint8_t iv[AES_BLOCK_SIZE]; + memset(iv, 0, AES_BLOCK_SIZE); + aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H); + } } } diff --git a/networking/tls_aes.c b/networking/tls_aes.c index 4d2b689..cf6b5fe 100644 --- a/networking/tls_aes.c +++ b/networking/tls_aes.c @@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16]) } } -static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey) +static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16]) { + unsigned rounds = aes->rounds; + const uint32_t *RoundKey = aes->key; + for (;;) { AddRoundKey(astate, RoundKey); RoundKey += 4; @@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void for (i = 0; i < 16; i++) astate[i] = pt[i]; - aes_encrypt_1(astate, aes->rounds, aes->key); + aes_encrypt_1(aes, astate); for (i = 0; i < 16; i++) ct[i] = astate[i]; } -void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) +void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) { - uint32_t RoundKey[60]; uint8_t iv2[16]; - unsigned rounds; const uint8_t *pt = data; uint8_t *ct = dst; memcpy(iv2, iv, 16); - rounds = KeyExpansion(RoundKey, key, klen); while (len > 0) { { /* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct); @@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void * unsigned astate[16]; for (i = 0; i < 16; i++) astate[i] = pt[i] ^ iv2[i]; - aes_encrypt_1(astate, rounds, RoundKey); + aes_encrypt_1(aes, astate); for (i = 0; i < 16; i++) iv2[i] = ct[i] = astate[i]; } @@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void * } } -static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey) +static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16]) { + unsigned rounds = aes->rounds; + const uint32_t *RoundKey = aes->key; + RoundKey += rounds * 4; AddRoundKey(astate, RoundKey); for (;;) { @@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t * } #if 0 //UNUSED -static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst) +static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst) { + unsigned rounds = aes->rounds; + const uint32_t *RoundKey = aes->key; unsigned astate[16]; unsigned i; @@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con for (i = 0; i < 16; i++) astate[i] = ct[i]; - aes_decrypt_1(astate, rounds, RoundKey); + aes_decrypt_1(aes, astate); for (i = 0; i < 16; i++) pt[i] = astate[i]; } #endif -void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) +void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) { - uint32_t RoundKey[60]; uint8_t iv2[16]; uint8_t iv3[16]; - unsigned rounds; uint8_t *ivbuf; uint8_t *ivnext; const uint8_t *ct = data; uint8_t *pt = dst; - rounds = KeyExpansion(RoundKey, key, klen); ivbuf = memcpy(iv2, iv, 16); while (len) { ivnext = (ivbuf==iv2) ? iv3 : iv2; @@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void * unsigned astate[16]; for (i = 0; i < 16; i++) ivnext[i] = astate[i] = ct[i]; - aes_decrypt_1(astate, rounds, RoundKey); + aes_decrypt_1(aes, astate); for (i = 0; i < 16; i++) pt[i] = astate[i] ^ ivbuf[i]; } diff --git a/networking/tls_aes.h b/networking/tls_aes.h index fc38817..e9e3721 100644 --- a/networking/tls_aes.h +++ b/networking/tls_aes.h @@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC; -void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; -void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; +void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; +void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c index 584cee9..eb32f4c 100644 --- a/networking/tls_aesgcm.c +++ b/networking/tls_aesgcm.c @@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c, /* Copy the result into s. */ XMEMCPY(s, x, sSz); } - -void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len) -{ - byte iv[AES_BLOCK_SIZE]; - - aes_setkey(aes, key, len); - - memset(iv, 0, AES_BLOCK_SIZE); - aes_encrypt_one_block(aes, iv, H); -} diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h index d4cde01..a71eced 100644 --- a/networking/tls_aesgcm.h +++ b/networking/tls_aesgcm.h @@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h, const uint8_t* c, unsigned cSz, uint8_t* s, unsigned sSz ) FAST_FUNC; - -void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC; |