tls: in AES-CBC code, do not set key for every record - do it once

function old new delta aes_setkey 16 212 +196 tls_handshake 1941 1977 +36 aes_encrypt_1 382 396 +14 xwrite_encrypted 605 604 -1 tls_xread_record 659 656 -3 aes_encrypt_one_block 65 59 -6 aes_cbc_encrypt 172 121 -51 aesgcm_setkey 58 - -58 aes_cbc_decrypt 958 881 -77 KeyExpansion 188 - -188 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2018-11-23 18:02:44 +01:00
parent 83e5c627e1
commit 5e4236d226
5 changed files with 28 additions and 32 deletions
--- a/networking/tls_aes.c
+++ b/networking/tls_aes.c
@@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16])
 	}
 }

-static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
+
 	for (;;) {
 		AddRoundKey(astate, RoundKey);
 		RoundKey += 4;
@@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void

 	for (i = 0; i < 16; i++)
 		astate[i] = pt[i];
-	aes_encrypt_1(astate, aes->rounds, aes->key);
+	aes_encrypt_1(aes, astate);
 	for (i = 0; i < 16; i++)
 		ct[i] = astate[i];
 }

-void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-	uint32_t RoundKey[60];
 	uint8_t iv2[16];
-	unsigned rounds;

 	const uint8_t *pt = data;
 	uint8_t *ct = dst;

 	memcpy(iv2, iv, 16);
-	rounds = KeyExpansion(RoundKey, key, klen);
 	while (len > 0) {
 		{
 			/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
@@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
 			unsigned astate[16];
 			for (i = 0; i < 16; i++)
 				astate[i] = pt[i] ^ iv2[i];
-			aes_encrypt_1(astate, rounds, RoundKey);
+			aes_encrypt_1(aes, astate);
 			for (i = 0; i < 16; i++)
 				iv2[i] = ct[i] = astate[i];
 		}
@@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
 	}
 }

-static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
+
 	RoundKey += rounds * 4;
 	AddRoundKey(astate, RoundKey);
 	for (;;) {
@@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *
 }

 #if 0 //UNUSED
-static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
+static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
 	unsigned astate[16];
 	unsigned i;

@@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con

 	for (i = 0; i < 16; i++)
 		astate[i] = ct[i];
-	aes_decrypt_1(astate, rounds, RoundKey);
+	aes_decrypt_1(aes, astate);
 	for (i = 0; i < 16; i++)
 		pt[i] = astate[i];
 }
 #endif

-void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-	uint32_t RoundKey[60];
 	uint8_t iv2[16];
 	uint8_t iv3[16];
-	unsigned rounds;
 	uint8_t *ivbuf;
 	uint8_t *ivnext;

 	const uint8_t *ct = data;
 	uint8_t *pt = dst;

-	rounds = KeyExpansion(RoundKey, key, klen);
 	ivbuf = memcpy(iv2, iv, 16);
 	while (len) {
 		ivnext = (ivbuf==iv2) ? iv3 : iv2;
@@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *
 			unsigned astate[16];
 			for (i = 0; i < 16; i++)
 				ivnext[i] = astate[i] = ct[i];
-			aes_decrypt_1(astate, rounds, RoundKey);
+			aes_decrypt_1(aes, astate);
 			for (i = 0; i < 16; i++)
 				pt[i] = astate[i] ^ ivbuf[i];
 		}