diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:02:44 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:02:44 +0100 |
| commit | 5e4236d226309a32842a6928878fd0e1cd5937e7 (patch) | |
| tree | eb41a6c5cbaaac79b22b8c200e0aabfe26ba7d15 | |
| parent | 83e5c627e1b2c7f34d694696d0c3d5a3ce25dc59 (diff) | |
| download | busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.gz busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.bz2 busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.zip | |
tls: in AES-CBC code, do not set key for every record - do it once
function old new delta
aes_setkey 16 212 +196
tls_handshake 1941 1977 +36
aes_encrypt_1 382 396 +14
xwrite_encrypted 605 604 -1
tls_xread_record 659 656 -3
aes_encrypt_one_block 65 59 -6
aes_cbc_encrypt 172 121 -51
aesgcm_setkey 58 - -58
aes_cbc_decrypt 958 881 -77
KeyExpansion 188 - -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/tls.c | 12 | ||||
| -rw-r--r-- | networking/tls_aes.c | 32 | ||||
| -rw-r--r-- | networking/tls_aes.h | 4 | ||||
| -rw-r--r-- | networking/tls_aesgcm.c | 10 | ||||
| -rw-r--r-- | networking/tls_aesgcm.h | 2 |
5 files changed, 28 insertions, 32 deletions
diff --git a/networking/tls.c b/networking/tls.c index 38a965ad6..23622d76e 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 758 | /* Encrypt content+MAC+padding in place */ | 758 | /* Encrypt content+MAC+padding in place */ |
| 759 | //optimize key setup | 759 | //optimize key setup |
| 760 | aes_cbc_encrypt( | 760 | aes_cbc_encrypt( |
| 761 | tls->client_write_key, tls->key_size, /* selects 128/256 */ | 761 | &tls->aes_decrypt, /* selects 128/256 */ |
| 762 | buf - AES_BLOCK_SIZE, /* IV */ | 762 | buf - AES_BLOCK_SIZE, /* IV */ |
| 763 | buf, size, /* plaintext */ | 763 | buf, size, /* plaintext */ |
| 764 | buf /* ciphertext */ | 764 | buf /* ciphertext */ |
| @@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) | |||
| 1061 | /* Decrypt content+MAC+padding, moving it over IV in the process */ | 1061 | /* Decrypt content+MAC+padding, moving it over IV in the process */ |
| 1062 | sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */ | 1062 | sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */ |
| 1063 | aes_cbc_decrypt( | 1063 | aes_cbc_decrypt( |
| 1064 | tls->server_write_key, tls->key_size, /* selects 128/256 */ | 1064 | &tls->aes_decrypt, /* selects 128/256 */ |
| 1065 | p, /* IV */ | 1065 | p, /* IV */ |
| 1066 | p + AES_BLOCK_SIZE, sz, /* ciphertext */ | 1066 | p + AES_BLOCK_SIZE, sz, /* ciphertext */ |
| 1067 | p /* plaintext */ | 1067 | p /* plaintext */ |
| @@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls) | |||
| 1934 | dump_hex("client_write_IV:%s\n", | 1934 | dump_hex("client_write_IV:%s\n", |
| 1935 | tls->client_write_IV, tls->IV_size | 1935 | tls->client_write_IV, tls->IV_size |
| 1936 | ); | 1936 | ); |
| 1937 | aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size); | 1937 | |
| 1938 | aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size); | 1938 | aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size); |
| 1939 | aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size); | ||
| 1940 | { | ||
| 1941 | uint8_t iv[AES_BLOCK_SIZE]; | ||
| 1942 | memset(iv, 0, AES_BLOCK_SIZE); | ||
| 1943 | aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H); | ||
| 1944 | } | ||
| 1939 | } | 1945 | } |
| 1940 | } | 1946 | } |
| 1941 | 1947 | ||
diff --git a/networking/tls_aes.c b/networking/tls_aes.c index 4d2b68975..cf6b5fe3d 100644 --- a/networking/tls_aes.c +++ b/networking/tls_aes.c | |||
| @@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16]) | |||
| 326 | } | 326 | } |
| 327 | } | 327 | } |
| 328 | 328 | ||
| 329 | static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey) | 329 | static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16]) |
| 330 | { | 330 | { |
| 331 | unsigned rounds = aes->rounds; | ||
| 332 | const uint32_t *RoundKey = aes->key; | ||
| 333 | |||
| 331 | for (;;) { | 334 | for (;;) { |
| 332 | AddRoundKey(astate, RoundKey); | 335 | AddRoundKey(astate, RoundKey); |
| 333 | RoundKey += 4; | 336 | RoundKey += 4; |
| @@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void | |||
| 355 | 358 | ||
| 356 | for (i = 0; i < 16; i++) | 359 | for (i = 0; i < 16; i++) |
| 357 | astate[i] = pt[i]; | 360 | astate[i] = pt[i]; |
| 358 | aes_encrypt_1(astate, aes->rounds, aes->key); | 361 | aes_encrypt_1(aes, astate); |
| 359 | for (i = 0; i < 16; i++) | 362 | for (i = 0; i < 16; i++) |
| 360 | ct[i] = astate[i]; | 363 | ct[i] = astate[i]; |
| 361 | } | 364 | } |
| 362 | 365 | ||
| 363 | void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) | 366 | void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) |
| 364 | { | 367 | { |
| 365 | uint32_t RoundKey[60]; | ||
| 366 | uint8_t iv2[16]; | 368 | uint8_t iv2[16]; |
| 367 | unsigned rounds; | ||
| 368 | 369 | ||
| 369 | const uint8_t *pt = data; | 370 | const uint8_t *pt = data; |
| 370 | uint8_t *ct = dst; | 371 | uint8_t *ct = dst; |
| 371 | 372 | ||
| 372 | memcpy(iv2, iv, 16); | 373 | memcpy(iv2, iv, 16); |
| 373 | rounds = KeyExpansion(RoundKey, key, klen); | ||
| 374 | while (len > 0) { | 374 | while (len > 0) { |
| 375 | { | 375 | { |
| 376 | /* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct); | 376 | /* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct); |
| @@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void * | |||
| 381 | unsigned astate[16]; | 381 | unsigned astate[16]; |
| 382 | for (i = 0; i < 16; i++) | 382 | for (i = 0; i < 16; i++) |
| 383 | astate[i] = pt[i] ^ iv2[i]; | 383 | astate[i] = pt[i] ^ iv2[i]; |
| 384 | aes_encrypt_1(astate, rounds, RoundKey); | 384 | aes_encrypt_1(aes, astate); |
| 385 | for (i = 0; i < 16; i++) | 385 | for (i = 0; i < 16; i++) |
| 386 | iv2[i] = ct[i] = astate[i]; | 386 | iv2[i] = ct[i] = astate[i]; |
| 387 | } | 387 | } |
| @@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void * | |||
| 391 | } | 391 | } |
| 392 | } | 392 | } |
| 393 | 393 | ||
| 394 | static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey) | 394 | static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16]) |
| 395 | { | 395 | { |
| 396 | unsigned rounds = aes->rounds; | ||
| 397 | const uint32_t *RoundKey = aes->key; | ||
| 398 | |||
| 396 | RoundKey += rounds * 4; | 399 | RoundKey += rounds * 4; |
| 397 | AddRoundKey(astate, RoundKey); | 400 | AddRoundKey(astate, RoundKey); |
| 398 | for (;;) { | 401 | for (;;) { |
| @@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t * | |||
| 407 | } | 410 | } |
| 408 | 411 | ||
| 409 | #if 0 //UNUSED | 412 | #if 0 //UNUSED |
| 410 | static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst) | 413 | static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst) |
| 411 | { | 414 | { |
| 415 | unsigned rounds = aes->rounds; | ||
| 416 | const uint32_t *RoundKey = aes->key; | ||
| 412 | unsigned astate[16]; | 417 | unsigned astate[16]; |
| 413 | unsigned i; | 418 | unsigned i; |
| 414 | 419 | ||
| @@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con | |||
| 417 | 422 | ||
| 418 | for (i = 0; i < 16; i++) | 423 | for (i = 0; i < 16; i++) |
| 419 | astate[i] = ct[i]; | 424 | astate[i] = ct[i]; |
| 420 | aes_decrypt_1(astate, rounds, RoundKey); | 425 | aes_decrypt_1(aes, astate); |
| 421 | for (i = 0; i < 16; i++) | 426 | for (i = 0; i < 16; i++) |
| 422 | pt[i] = astate[i]; | 427 | pt[i] = astate[i]; |
| 423 | } | 428 | } |
| 424 | #endif | 429 | #endif |
| 425 | 430 | ||
| 426 | void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) | 431 | void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) |
| 427 | { | 432 | { |
| 428 | uint32_t RoundKey[60]; | ||
| 429 | uint8_t iv2[16]; | 433 | uint8_t iv2[16]; |
| 430 | uint8_t iv3[16]; | 434 | uint8_t iv3[16]; |
| 431 | unsigned rounds; | ||
| 432 | uint8_t *ivbuf; | 435 | uint8_t *ivbuf; |
| 433 | uint8_t *ivnext; | 436 | uint8_t *ivnext; |
| 434 | 437 | ||
| 435 | const uint8_t *ct = data; | 438 | const uint8_t *ct = data; |
| 436 | uint8_t *pt = dst; | 439 | uint8_t *pt = dst; |
| 437 | 440 | ||
| 438 | rounds = KeyExpansion(RoundKey, key, klen); | ||
| 439 | ivbuf = memcpy(iv2, iv, 16); | 441 | ivbuf = memcpy(iv2, iv, 16); |
| 440 | while (len) { | 442 | while (len) { |
| 441 | ivnext = (ivbuf==iv2) ? iv3 : iv2; | 443 | ivnext = (ivbuf==iv2) ? iv3 : iv2; |
| @@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void * | |||
| 447 | unsigned astate[16]; | 449 | unsigned astate[16]; |
| 448 | for (i = 0; i < 16; i++) | 450 | for (i = 0; i < 16; i++) |
| 449 | ivnext[i] = astate[i] = ct[i]; | 451 | ivnext[i] = astate[i] = ct[i]; |
| 450 | aes_decrypt_1(astate, rounds, RoundKey); | 452 | aes_decrypt_1(aes, astate); |
| 451 | for (i = 0; i < 16; i++) | 453 | for (i = 0; i < 16; i++) |
| 452 | pt[i] = astate[i] ^ ivbuf[i]; | 454 | pt[i] = astate[i] ^ ivbuf[i]; |
| 453 | } | 455 | } |
diff --git a/networking/tls_aes.h b/networking/tls_aes.h index fc3881793..e9e3721f1 100644 --- a/networking/tls_aes.h +++ b/networking/tls_aes.h | |||
| @@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN | |||
| 10 | 10 | ||
| 11 | void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC; | 11 | void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC; |
| 12 | 12 | ||
| 13 | void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; | 13 | void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; |
| 14 | void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; | 14 | void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC; |
diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c index 584cee98e..eb32f4c05 100644 --- a/networking/tls_aesgcm.c +++ b/networking/tls_aesgcm.c | |||
| @@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c, | |||
| 136 | /* Copy the result into s. */ | 136 | /* Copy the result into s. */ |
| 137 | XMEMCPY(s, x, sSz); | 137 | XMEMCPY(s, x, sSz); |
| 138 | } | 138 | } |
| 139 | |||
| 140 | void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len) | ||
| 141 | { | ||
| 142 | byte iv[AES_BLOCK_SIZE]; | ||
| 143 | |||
| 144 | aes_setkey(aes, key, len); | ||
| 145 | |||
| 146 | memset(iv, 0, AES_BLOCK_SIZE); | ||
| 147 | aes_encrypt_one_block(aes, iv, H); | ||
| 148 | } | ||
diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h index d4cde01f9..a71eced54 100644 --- a/networking/tls_aesgcm.h +++ b/networking/tls_aesgcm.h | |||
| @@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h, | |||
| 11 | const uint8_t* c, unsigned cSz, | 11 | const uint8_t* c, unsigned cSz, |
| 12 | uint8_t* s, unsigned sSz | 12 | uint8_t* s, unsigned sSz |
| 13 | ) FAST_FUNC; | 13 | ) FAST_FUNC; |
| 14 | |||
| 15 | void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC; | ||