tls: in AES-CBC code, do not set key for every record - do it once

function old new delta aes_setkey 16 212 +196 tls_handshake 1941 1977 +36 aes_encrypt_1 382 396 +14 xwrite_encrypted 605 604 -1 tls_xread_record 659 656 -3 aes_encrypt_one_block 65 59 -6 aes_cbc_encrypt 172 121 -51 aesgcm_setkey 58 - -58 aes_cbc_decrypt 958 881 -77 KeyExpansion 188 - -188 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2018-11-23 18:02:44 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2018-11-23 18:02:44 +0100
commit: 5e4236d226309a32842a6928878fd0e1cd5937e7 (patch)
tree: eb41a6c5cbaaac79b22b8c200e0aabfe26ba7d15 /networking/tls.c
parent: 83e5c627e1b2c7f34d694696d0c3d5a3ce25dc59 (diff)
download: busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.gz
busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.bz2
busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/networking/tls.c b/networking/tls.c
index 38a965ad6..23622d76e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
        /* Encrypt content+MAC+padding in place */
 //optimize key setup
        aes_cbc_encrypt(
-                tls->client_write_key, tls->key_size, /* selects 128/256 */
+                &tls->aes_decrypt, /* selects 128/256 */
                buf - AES_BLOCK_SIZE, /* IV */
                buf, size, /* plaintext */
                buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
                        /* Decrypt content+MAC+padding, moving it over IV in the process */
                        sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
                        aes_cbc_decrypt(
-                                tls->server_write_key, tls->key_size, /* selects 128/256 */
+                                &tls->aes_decrypt, /* selects 128/256 */
                                p, /* IV */
                                p + AES_BLOCK_SIZE, sz, /* ciphertext */
                                p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
                dump_hex("client_write_IV:%s\n",
                        tls->client_write_IV, tls->IV_size
                );
-                aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
                aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+                aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+                {
+                        uint8_t iv[AES_BLOCK_SIZE];
+                        memset(iv, 0, AES_BLOCK_SIZE);
+                        aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+                }
        }
 }
author	Denys Vlasenko <vda.linux@googlemail.com>	2018-11-23 18:02:44 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2018-11-23 18:02:44 +0100
commit	5e4236d226309a32842a6928878fd0e1cd5937e7 (patch)
tree	eb41a6c5cbaaac79b22b8c200e0aabfe26ba7d15 /networking/tls.c
parent	83e5c627e1b2c7f34d694696d0c3d5a3ce25dc59 (diff)
download	busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.gz busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.tar.bz2 busybox-w32-5e4236d226309a32842a6928878fd0e1cd5937e7.zip

diff --git a/networking/tls.c b/networking/tls.c index 38a965ad6..23622d76e 100644 --- a/networking/tls.c +++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
758	/* Encrypt content+MAC+padding in place */	758	/* Encrypt content+MAC+padding in place */
759	//optimize key setup	759	//optimize key setup
760	aes_cbc_encrypt(	760	aes_cbc_encrypt(
761	tls->client_write_key, tls->key_size, /* selects 128/256 */	761	&tls->aes_decrypt, /* selects 128/256 */
762	buf - AES_BLOCK_SIZE, /* IV */	762	buf - AES_BLOCK_SIZE, /* IV */
763	buf, size, /* plaintext */	763	buf, size, /* plaintext */
764	buf /* ciphertext */	764	buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t tls, const char expected)
1061	/* Decrypt content+MAC+padding, moving it over IV in the process */	1061	/* Decrypt content+MAC+padding, moving it over IV in the process */
1062	sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */	1062	sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
1063	aes_cbc_decrypt(	1063	aes_cbc_decrypt(
1064	tls->server_write_key, tls->key_size, /* selects 128/256 */	1064	&tls->aes_decrypt, /* selects 128/256 */
1065	p, /* IV */	1065	p, /* IV */
1066	p + AES_BLOCK_SIZE, sz, /* ciphertext */	1066	p + AES_BLOCK_SIZE, sz, /* ciphertext */
1067	p /* plaintext */	1067	p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
1934	dump_hex("client_write_IV:%s\n",	1934	dump_hex("client_write_IV:%s\n",
1935	tls->client_write_IV, tls->IV_size	1935	tls->client_write_IV, tls->IV_size
1936	);	1936	);
1937	aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);	1937
1938	aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);	1938	aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
		1939	aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
		1940	{
		1941	uint8_t iv[AES_BLOCK_SIZE];
		1942	memset(iv, 0, AES_BLOCK_SIZE);
		1943	aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
		1944	}
1939	}	1945	}
1940	}	1946	}
1941		1947