diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:31:26 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:31:26 +0100 |
| commit | ecc9090cfcccf412288147f385808f8f9df97ebe (patch) | |
| tree | 0c937204026d3a2420597180e3db07cb3896ade3 /networking/tls.c | |
| parent | 5e4236d226309a32842a6928878fd0e1cd5937e7 (diff) | |
| download | busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.tar.gz busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.tar.bz2 busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.zip | |
tls: simplify aesgcm_GHASH()
function old new delta
xwrite_encrypted 604 599 -5
FlattenSzInBits 52 - -52
aesgcm_GHASH 395 262 -133
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-190) Total: -190 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls.c')
| -rw-r--r-- | networking/tls.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/networking/tls.c b/networking/tls.c index 23622d76e..3b4f1b7e2 100644 --- a/networking/tls.c +++ b/networking/tls.c | |||
| @@ -270,7 +270,7 @@ struct record_hdr { | |||
| 270 | enum { | 270 | enum { |
| 271 | NEED_EC_KEY = 1 << 0, | 271 | NEED_EC_KEY = 1 << 0, |
| 272 | GOT_CERT_RSA_KEY_ALG = 1 << 1, | 272 | GOT_CERT_RSA_KEY_ALG = 1 << 1, |
| 273 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, | 273 | GOT_CERT_ECDSA_KEY_ALG = 1 << 2, |
| 274 | GOT_EC_KEY = 1 << 3, | 274 | GOT_EC_KEY = 1 << 3, |
| 275 | ENCRYPTION_AESGCM = 1 << 4, | 275 | ENCRYPTION_AESGCM = 1 << 4, |
| 276 | }; | 276 | }; |
| @@ -756,7 +756,6 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 756 | } while ((size & (AES_BLOCK_SIZE - 1)) != 0); | 756 | } while ((size & (AES_BLOCK_SIZE - 1)) != 0); |
| 757 | 757 | ||
| 758 | /* Encrypt content+MAC+padding in place */ | 758 | /* Encrypt content+MAC+padding in place */ |
| 759 | //optimize key setup | ||
| 760 | aes_cbc_encrypt( | 759 | aes_cbc_encrypt( |
| 761 | &tls->aes_decrypt, /* selects 128/256 */ | 760 | &tls->aes_decrypt, /* selects 128/256 */ |
| 762 | buf - AES_BLOCK_SIZE, /* IV */ | 761 | buf - AES_BLOCK_SIZE, /* IV */ |
| @@ -787,8 +786,9 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un | |||
| 787 | */ | 786 | */ |
| 788 | static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned type) | 787 | static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned type) |
| 789 | { | 788 | { |
| 790 | //go for [16] | 789 | #define COUNTER(v) (*(uint32_t*)(v + 12)) |
| 791 | uint8_t aad[13]; | 790 | |
| 791 | uint8_t aad[13 + 3]; /* +3 creates [16] buffer, simplifying GHASH() */ | ||
| 792 | uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ | 792 | uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ |
| 793 | uint8_t scratch[AES_BLOCK_SIZE]; //[16] | 793 | uint8_t scratch[AES_BLOCK_SIZE]; //[16] |
| 794 | uint8_t authtag[AES_BLOCK_SIZE]; //[16] | 794 | uint8_t authtag[AES_BLOCK_SIZE]; //[16] |
| @@ -807,7 +807,8 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty | |||
| 807 | aad[9] = TLS_MAJ; | 807 | aad[9] = TLS_MAJ; |
| 808 | aad[10] = TLS_MIN; | 808 | aad[10] = TLS_MIN; |
| 809 | aad[11] = size >> 8; | 809 | aad[11] = size >> 8; |
| 810 | aad[12] = size & 0xff; | 810 | /* set aad[12], and clear aad[13..15] */ |
| 811 | COUNTER(aad) = SWAP_LE32(size & 0xff); | ||
| 811 | 812 | ||
| 812 | memcpy(nonce, tls->client_write_IV, 4); | 813 | memcpy(nonce, tls->client_write_IV, 4); |
| 813 | memcpy(nonce + 4, &tls->write_seq64_be, 8); | 814 | memcpy(nonce + 4, &tls->write_seq64_be, 8); |
| @@ -817,8 +818,6 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty | |||
| 817 | /* seq64 is not used later in this func, can increment here */ | 818 | /* seq64 is not used later in this func, can increment here */ |
| 818 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); | 819 | tls->write_seq64_be = SWAP_BE64(1 + SWAP_BE64(tls->write_seq64_be)); |
| 819 | 820 | ||
| 820 | #define COUNTER(v) (*(uint32_t*)(v + 12)) | ||
| 821 | |||
| 822 | cnt = 1; | 821 | cnt = 1; |
| 823 | remaining = size; | 822 | remaining = size; |
| 824 | while (remaining != 0) { | 823 | while (remaining != 0) { |
| @@ -833,8 +832,7 @@ static void xwrite_encrypted_aesgcm(tls_state_t *tls, unsigned size, unsigned ty | |||
| 833 | remaining -= n; | 832 | remaining -= n; |
| 834 | } | 833 | } |
| 835 | 834 | ||
| 836 | //optimize fixed sizes | 835 | aesgcm_GHASH(tls->H, aad, /*sizeof(aad),*/ tls->outbuf + OUTBUF_PFX, size, authtag /*, sizeof(authtag)*/); |
| 837 | aesgcm_GHASH(tls->H, aad, sizeof(aad), tls->outbuf + OUTBUF_PFX, size, authtag, sizeof(authtag)); | ||
| 838 | COUNTER(nonce) = htonl(1); | 836 | COUNTER(nonce) = htonl(1); |
| 839 | aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch); | 837 | aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch); |
| 840 | xorbuf(authtag, scratch, sizeof(authtag)); | 838 | xorbuf(authtag, scratch, sizeof(authtag)); |
| @@ -923,8 +921,9 @@ static const char *alert_text(int code) | |||
| 923 | 921 | ||
| 924 | static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) | 922 | static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) |
| 925 | { | 923 | { |
| 926 | //go for [16] | 924 | #define COUNTER(v) (*(uint32_t*)(v + 12)) |
| 927 | //uint8_t aad[13]; | 925 | |
| 926 | //uint8_t aad[13 + 3]; /* +3 creates [16] buffer, simplifying GHASH() */ | ||
| 928 | uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ | 927 | uint8_t nonce[12 + 4]; /* +4 creates space for AES block counter */ |
| 929 | uint8_t scratch[AES_BLOCK_SIZE]; //[16] | 928 | uint8_t scratch[AES_BLOCK_SIZE]; //[16] |
| 930 | //uint8_t authtag[AES_BLOCK_SIZE]; //[16] | 929 | //uint8_t authtag[AES_BLOCK_SIZE]; //[16] |
| @@ -935,14 +934,14 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) | |||
| 935 | //aad[9] = TLS_MAJ; | 934 | //aad[9] = TLS_MAJ; |
| 936 | //aad[10] = TLS_MIN; | 935 | //aad[10] = TLS_MIN; |
| 937 | //aad[11] = size >> 8; | 936 | //aad[11] = size >> 8; |
| 938 | //aad[12] = size & 0xff; | 937 | ///* set aad[12], and clear aad[13..15] */ |
| 938 | //COUNTER(aad) = SWAP_LE32(size & 0xff); | ||
| 939 | 939 | ||
| 940 | //memcpy(aad, &tls->write_seq64_be, 8); | ||
| 940 | memcpy(nonce, tls->server_write_IV, 4); | 941 | memcpy(nonce, tls->server_write_IV, 4); |
| 941 | memcpy(nonce + 4, buf, 8); | 942 | memcpy(nonce + 4, buf, 8); |
| 942 | buf += 8; | 943 | buf += 8; |
| 943 | 944 | ||
| 944 | #define COUNTER(v) (*(uint32_t*)(v + 12)) | ||
| 945 | |||
| 946 | cnt = 1; | 945 | cnt = 1; |
| 947 | remaining = size; | 946 | remaining = size; |
| 948 | while (remaining != 0) { | 947 | while (remaining != 0) { |
| @@ -957,8 +956,7 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) | |||
| 957 | remaining -= n; | 956 | remaining -= n; |
| 958 | } | 957 | } |
| 959 | 958 | ||
| 960 | ////optimize fixed sizes | 959 | //aesgcm_GHASH(tls->H, aad, tls->outbuf + OUTBUF_PFX, size, authtag); |
| 961 | //aesgcm_GHASH(tls->H, aad, sizeof(aad), tls->outbuf + OUTBUF_PFX, size, authtag, sizeof(authtag)); | ||
| 962 | //COUNTER(nonce) = htonl(1); | 960 | //COUNTER(nonce) = htonl(1); |
| 963 | //aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch); | 961 | //aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch); |
| 964 | //xorbuf(authtag, scratch, sizeof(authtag)); | 962 | //xorbuf(authtag, scratch, sizeof(authtag)); |