diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:31:26 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-11-23 18:31:26 +0100 |
| commit | ecc9090cfcccf412288147f385808f8f9df97ebe (patch) | |
| tree | 0c937204026d3a2420597180e3db07cb3896ade3 /networking/tls_aesgcm.c | |
| parent | 5e4236d226309a32842a6928878fd0e1cd5937e7 (diff) | |
| download | busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.tar.gz busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.tar.bz2 busybox-w32-ecc9090cfcccf412288147f385808f8f9df97ebe.zip | |
tls: simplify aesgcm_GHASH()
function old new delta
xwrite_encrypted 604 599 -5
FlattenSzInBits 52 - -52
aesgcm_GHASH 395 262 -133
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/2 up/down: 0/-190) Total: -190 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls_aesgcm.c')
| -rw-r--r-- | networking/tls_aesgcm.c | 73 |
1 files changed, 44 insertions, 29 deletions
diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c index eb32f4c05..1a7ddb2e2 100644 --- a/networking/tls_aesgcm.c +++ b/networking/tls_aesgcm.c | |||
| @@ -25,23 +25,26 @@ void FAST_FUNC xorbuf(void* buf, const void* mask, unsigned count) | |||
| 25 | b[i] ^= m[i]; | 25 | b[i] ^= m[i]; |
| 26 | } | 26 | } |
| 27 | 27 | ||
| 28 | /* wolfssl-3.15.3/wolfcrypt/src/aes.c */ | 28 | /* from wolfssl-3.15.3/wolfcrypt/src/aes.c */ |
| 29 | 29 | ||
| 30 | static void FlattenSzInBits(byte* buf, word32 sz) | 30 | static ALWAYS_INLINE void FlattenSzInBits(byte* buf, word32 sz) |
| 31 | { | 31 | { |
| 32 | /* Multiply the sz by 8 */ | 32 | /* Multiply the sz by 8 */ |
| 33 | word32 szHi = (sz >> (8*sizeof(sz) - 3)); | 33 | //bbox: these sizes are never even close to 2^32/8 |
| 34 | // word32 szHi = (sz >> (8*sizeof(sz) - 3)); | ||
| 34 | sz <<= 3; | 35 | sz <<= 3; |
| 35 | 36 | ||
| 36 | /* copy over the words of the sz into the destination buffer */ | 37 | /* copy over the words of the sz into the destination buffer */ |
| 37 | buf[0] = (szHi >> 24) & 0xff; | 38 | // buf[0] = (szHi >> 24) & 0xff; |
| 38 | buf[1] = (szHi >> 16) & 0xff; | 39 | // buf[1] = (szHi >> 16) & 0xff; |
| 39 | buf[2] = (szHi >> 8) & 0xff; | 40 | // buf[2] = (szHi >> 8) & 0xff; |
| 40 | buf[3] = szHi & 0xff; | 41 | // buf[3] = szHi & 0xff; |
| 41 | buf[4] = (sz >> 24) & 0xff; | 42 | move_to_unaligned32(buf, 0); |
| 42 | buf[5] = (sz >> 16) & 0xff; | 43 | // buf[4] = (sz >> 24) & 0xff; |
| 43 | buf[6] = (sz >> 8) & 0xff; | 44 | // buf[5] = (sz >> 16) & 0xff; |
| 44 | buf[7] = sz & 0xff; | 45 | // buf[6] = (sz >> 8) & 0xff; |
| 46 | // buf[7] = sz & 0xff; | ||
| 47 | move_to_unaligned32(buf + 4, SWAP_BE32(sz)); | ||
| 45 | } | 48 | } |
| 46 | 49 | ||
| 47 | static void RIGHTSHIFTX(byte* x) | 50 | static void RIGHTSHIFTX(byte* x) |
| @@ -83,35 +86,47 @@ static void GMULT(byte* X, byte* Y) | |||
| 83 | XMEMCPY(X, Z, AES_BLOCK_SIZE); | 86 | XMEMCPY(X, Z, AES_BLOCK_SIZE); |
| 84 | } | 87 | } |
| 85 | 88 | ||
| 86 | void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c, | 89 | //bbox: |
| 87 | unsigned cSz, byte* s, unsigned sSz) | 90 | // for TLS AES-GCM, a (which as AAD) is always 13 bytes long, and bbox code provides |
| 91 | // extra 3 zeroed bytes, making it a[16], or a[AES_BLOCK_SIZE]. | ||
| 92 | // Resulting auth tag in s is also always AES_BLOCK_SIZE bytes. | ||
| 93 | // | ||
| 94 | // This allows some simplifications. | ||
| 95 | #define aSz AES_BLOCK_SIZE | ||
| 96 | #define sSz AES_BLOCK_SIZE | ||
| 97 | void FAST_FUNC aesgcm_GHASH(byte* h, | ||
| 98 | const byte* a, //unsigned aSz, | ||
| 99 | const byte* c, unsigned cSz, | ||
| 100 | byte* s //, unsigned sSz | ||
| 101 | ) | ||
| 88 | { | 102 | { |
| 89 | byte x[AES_BLOCK_SIZE]; | 103 | byte x[AES_BLOCK_SIZE]; |
| 90 | byte scratch[AES_BLOCK_SIZE]; | 104 | byte scratch[AES_BLOCK_SIZE]; |
| 91 | word32 blocks, partial; | 105 | word32 blocks, partial; |
| 92 | //was: byte* h = aes->H; | 106 | //was: byte* h = aes->H; |
| 93 | 107 | ||
| 94 | XMEMSET(x, 0, AES_BLOCK_SIZE); | 108 | //XMEMSET(x, 0, AES_BLOCK_SIZE); |
| 95 | 109 | ||
| 96 | /* Hash in A, the Additional Authentication Data */ | 110 | /* Hash in A, the Additional Authentication Data */ |
| 97 | if (aSz != 0 && a != NULL) { | 111 | // if (aSz != 0 && a != NULL) { |
| 98 | blocks = aSz / AES_BLOCK_SIZE; | 112 | // blocks = aSz / AES_BLOCK_SIZE; |
| 99 | partial = aSz % AES_BLOCK_SIZE; | 113 | // partial = aSz % AES_BLOCK_SIZE; |
| 100 | while (blocks--) { | 114 | // while (blocks--) { |
| 101 | xorbuf(x, a, AES_BLOCK_SIZE); | 115 | //xorbuf(x, a, AES_BLOCK_SIZE); |
| 102 | GMULT(x, h); | 116 | XMEMCPY(x, a, AES_BLOCK_SIZE);// memcpy(x,a) = memset(x,0)+xorbuf(x,a) |
| 103 | a += AES_BLOCK_SIZE; | ||
| 104 | } | ||
| 105 | if (partial != 0) { | ||
| 106 | XMEMSET(scratch, 0, AES_BLOCK_SIZE); | ||
| 107 | XMEMCPY(scratch, a, partial); | ||
| 108 | xorbuf(x, scratch, AES_BLOCK_SIZE); | ||
| 109 | GMULT(x, h); | 117 | GMULT(x, h); |
| 110 | } | 118 | // a += AES_BLOCK_SIZE; |
| 111 | } | 119 | // } |
| 120 | // if (partial != 0) { | ||
| 121 | // XMEMSET(scratch, 0, AES_BLOCK_SIZE); | ||
| 122 | // XMEMCPY(scratch, a, partial); | ||
| 123 | // xorbuf(x, scratch, AES_BLOCK_SIZE); | ||
| 124 | // GMULT(x, h); | ||
| 125 | // } | ||
| 126 | // } | ||
| 112 | 127 | ||
| 113 | /* Hash in C, the Ciphertext */ | 128 | /* Hash in C, the Ciphertext */ |
| 114 | if (cSz != 0 && c != NULL) { | 129 | if (cSz != 0 /*&& c != NULL*/) { |
| 115 | blocks = cSz / AES_BLOCK_SIZE; | 130 | blocks = cSz / AES_BLOCK_SIZE; |
| 116 | partial = cSz % AES_BLOCK_SIZE; | 131 | partial = cSz % AES_BLOCK_SIZE; |
| 117 | while (blocks--) { | 132 | while (blocks--) { |