summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2018-11-23 18:02:44 +0100
committerDenys Vlasenko2018-11-23 18:02:44 +0100
commit5e4236d226309a32842a6928878fd0e1cd5937e7 (patch)
treeeb41a6c5cbaaac79b22b8c200e0aabfe26ba7d15
parent83e5c627e1b2c7f34d694696d0c3d5a3ce25dc59 (diff)
downloadbusybox-5e4236d226309a32842a6928878fd0e1cd5937e7.zip
busybox-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.gz
tls: in AES-CBC code, do not set key for every record - do it once
function old new delta aes_setkey 16 212 +196 tls_handshake 1941 1977 +36 aes_encrypt_1 382 396 +14 xwrite_encrypted 605 604 -1 tls_xread_record 659 656 -3 aes_encrypt_one_block 65 59 -6 aes_cbc_encrypt 172 121 -51 aesgcm_setkey 58 - -58 aes_cbc_decrypt 958 881 -77 KeyExpansion 188 - -188 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/tls.c12
-rw-r--r--networking/tls_aes.c32
-rw-r--r--networking/tls_aes.h4
-rw-r--r--networking/tls_aesgcm.c10
-rw-r--r--networking/tls_aesgcm.h2
5 files changed, 28 insertions, 32 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 38a965a..23622d7 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
/* Encrypt content+MAC+padding in place */
//optimize key setup
aes_cbc_encrypt(
- tls->client_write_key, tls->key_size, /* selects 128/256 */
+ &tls->aes_decrypt, /* selects 128/256 */
buf - AES_BLOCK_SIZE, /* IV */
buf, size, /* plaintext */
buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
/* Decrypt content+MAC+padding, moving it over IV in the process */
sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
aes_cbc_decrypt(
- tls->server_write_key, tls->key_size, /* selects 128/256 */
+ &tls->aes_decrypt, /* selects 128/256 */
p, /* IV */
p + AES_BLOCK_SIZE, sz, /* ciphertext */
p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
dump_hex("client_write_IV:%s\n",
tls->client_write_IV, tls->IV_size
);
- aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
+
aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+ aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+ {
+ uint8_t iv[AES_BLOCK_SIZE];
+ memset(iv, 0, AES_BLOCK_SIZE);
+ aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+ }
}
}
diff --git a/networking/tls_aes.c b/networking/tls_aes.c
index 4d2b689..cf6b5fe 100644
--- a/networking/tls_aes.c
+++ b/networking/tls_aes.c
@@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16])
}
}
-static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
+
for (;;) {
AddRoundKey(astate, RoundKey);
RoundKey += 4;
@@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void
for (i = 0; i < 16; i++)
astate[i] = pt[i];
- aes_encrypt_1(astate, aes->rounds, aes->key);
+ aes_encrypt_1(aes, astate);
for (i = 0; i < 16; i++)
ct[i] = astate[i];
}
-void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
{
- uint32_t RoundKey[60];
uint8_t iv2[16];
- unsigned rounds;
const uint8_t *pt = data;
uint8_t *ct = dst;
memcpy(iv2, iv, 16);
- rounds = KeyExpansion(RoundKey, key, klen);
while (len > 0) {
{
/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
@@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
unsigned astate[16];
for (i = 0; i < 16; i++)
astate[i] = pt[i] ^ iv2[i];
- aes_encrypt_1(astate, rounds, RoundKey);
+ aes_encrypt_1(aes, astate);
for (i = 0; i < 16; i++)
iv2[i] = ct[i] = astate[i];
}
@@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
}
}
-static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
+
RoundKey += rounds * 4;
AddRoundKey(astate, RoundKey);
for (;;) {
@@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *
}
#if 0 //UNUSED
-static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
+static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
unsigned astate[16];
unsigned i;
@@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con
for (i = 0; i < 16; i++)
astate[i] = ct[i];
- aes_decrypt_1(astate, rounds, RoundKey);
+ aes_decrypt_1(aes, astate);
for (i = 0; i < 16; i++)
pt[i] = astate[i];
}
#endif
-void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
{
- uint32_t RoundKey[60];
uint8_t iv2[16];
uint8_t iv3[16];
- unsigned rounds;
uint8_t *ivbuf;
uint8_t *ivnext;
const uint8_t *ct = data;
uint8_t *pt = dst;
- rounds = KeyExpansion(RoundKey, key, klen);
ivbuf = memcpy(iv2, iv, 16);
while (len) {
ivnext = (ivbuf==iv2) ? iv3 : iv2;
@@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *
unsigned astate[16];
for (i = 0; i < 16; i++)
ivnext[i] = astate[i] = ct[i];
- aes_decrypt_1(astate, rounds, RoundKey);
+ aes_decrypt_1(aes, astate);
for (i = 0; i < 16; i++)
pt[i] = astate[i] ^ ivbuf[i];
}
diff --git a/networking/tls_aes.h b/networking/tls_aes.h
index fc38817..e9e3721 100644
--- a/networking/tls_aes.h
+++ b/networking/tls_aes.h
@@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN
void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
-void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
-void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c
index 584cee9..eb32f4c 100644
--- a/networking/tls_aesgcm.c
+++ b/networking/tls_aesgcm.c
@@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c,
/* Copy the result into s. */
XMEMCPY(s, x, sSz);
}
-
-void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len)
-{
- byte iv[AES_BLOCK_SIZE];
-
- aes_setkey(aes, key, len);
-
- memset(iv, 0, AES_BLOCK_SIZE);
- aes_encrypt_one_block(aes, iv, H);
-}
diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h
index d4cde01..a71eced 100644
--- a/networking/tls_aesgcm.h
+++ b/networking/tls_aesgcm.h
@@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h,
const uint8_t* c, unsigned cSz,
uint8_t* s, unsigned sSz
) FAST_FUNC;
-
-void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC;