tls: in AES-CBC code, do not set key for every record - do it once
function old new delta aes_setkey 16 212 +196 tls_handshake 1941 1977 +36 aes_encrypt_1 382 396 +14 xwrite_encrypted 605 604 -1 tls_xread_record 659 656 -3 aes_encrypt_one_block 65 59 -6 aes_cbc_encrypt 172 121 -51 aesgcm_setkey 58 - -58 aes_cbc_decrypt 958 881 -77 KeyExpansion 188 - -188 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384) Total: -138 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
parent
83e5c627e1
commit
5e4236d226
@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
|
|||||||
/* Encrypt content+MAC+padding in place */
|
/* Encrypt content+MAC+padding in place */
|
||||||
//optimize key setup
|
//optimize key setup
|
||||||
aes_cbc_encrypt(
|
aes_cbc_encrypt(
|
||||||
tls->client_write_key, tls->key_size, /* selects 128/256 */
|
&tls->aes_decrypt, /* selects 128/256 */
|
||||||
buf - AES_BLOCK_SIZE, /* IV */
|
buf - AES_BLOCK_SIZE, /* IV */
|
||||||
buf, size, /* plaintext */
|
buf, size, /* plaintext */
|
||||||
buf /* ciphertext */
|
buf /* ciphertext */
|
||||||
@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
|
|||||||
/* Decrypt content+MAC+padding, moving it over IV in the process */
|
/* Decrypt content+MAC+padding, moving it over IV in the process */
|
||||||
sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
|
sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
|
||||||
aes_cbc_decrypt(
|
aes_cbc_decrypt(
|
||||||
tls->server_write_key, tls->key_size, /* selects 128/256 */
|
&tls->aes_decrypt, /* selects 128/256 */
|
||||||
p, /* IV */
|
p, /* IV */
|
||||||
p + AES_BLOCK_SIZE, sz, /* ciphertext */
|
p + AES_BLOCK_SIZE, sz, /* ciphertext */
|
||||||
p /* plaintext */
|
p /* plaintext */
|
||||||
@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
|
|||||||
dump_hex("client_write_IV:%s\n",
|
dump_hex("client_write_IV:%s\n",
|
||||||
tls->client_write_IV, tls->IV_size
|
tls->client_write_IV, tls->IV_size
|
||||||
);
|
);
|
||||||
aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
|
|
||||||
aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
|
aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
|
||||||
|
aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
|
||||||
|
{
|
||||||
|
uint8_t iv[AES_BLOCK_SIZE];
|
||||||
|
memset(iv, 0, AES_BLOCK_SIZE);
|
||||||
|
aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16])
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
|
static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
|
||||||
{
|
{
|
||||||
|
unsigned rounds = aes->rounds;
|
||||||
|
const uint32_t *RoundKey = aes->key;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
AddRoundKey(astate, RoundKey);
|
AddRoundKey(astate, RoundKey);
|
||||||
RoundKey += 4;
|
RoundKey += 4;
|
||||||
@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void
|
|||||||
|
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
astate[i] = pt[i];
|
astate[i] = pt[i];
|
||||||
aes_encrypt_1(astate, aes->rounds, aes->key);
|
aes_encrypt_1(aes, astate);
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
ct[i] = astate[i];
|
ct[i] = astate[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
|
void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
|
||||||
{
|
{
|
||||||
uint32_t RoundKey[60];
|
|
||||||
uint8_t iv2[16];
|
uint8_t iv2[16];
|
||||||
unsigned rounds;
|
|
||||||
|
|
||||||
const uint8_t *pt = data;
|
const uint8_t *pt = data;
|
||||||
uint8_t *ct = dst;
|
uint8_t *ct = dst;
|
||||||
|
|
||||||
memcpy(iv2, iv, 16);
|
memcpy(iv2, iv, 16);
|
||||||
rounds = KeyExpansion(RoundKey, key, klen);
|
|
||||||
while (len > 0) {
|
while (len > 0) {
|
||||||
{
|
{
|
||||||
/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
|
/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
|
||||||
@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
|
|||||||
unsigned astate[16];
|
unsigned astate[16];
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
astate[i] = pt[i] ^ iv2[i];
|
astate[i] = pt[i] ^ iv2[i];
|
||||||
aes_encrypt_1(astate, rounds, RoundKey);
|
aes_encrypt_1(aes, astate);
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
iv2[i] = ct[i] = astate[i];
|
iv2[i] = ct[i] = astate[i];
|
||||||
}
|
}
|
||||||
@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
|
static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
|
||||||
{
|
{
|
||||||
|
unsigned rounds = aes->rounds;
|
||||||
|
const uint32_t *RoundKey = aes->key;
|
||||||
|
|
||||||
RoundKey += rounds * 4;
|
RoundKey += rounds * 4;
|
||||||
AddRoundKey(astate, RoundKey);
|
AddRoundKey(astate, RoundKey);
|
||||||
for (;;) {
|
for (;;) {
|
||||||
@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if 0 //UNUSED
|
#if 0 //UNUSED
|
||||||
static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
|
static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
|
||||||
{
|
{
|
||||||
|
unsigned rounds = aes->rounds;
|
||||||
|
const uint32_t *RoundKey = aes->key;
|
||||||
unsigned astate[16];
|
unsigned astate[16];
|
||||||
unsigned i;
|
unsigned i;
|
||||||
|
|
||||||
@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con
|
|||||||
|
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
astate[i] = ct[i];
|
astate[i] = ct[i];
|
||||||
aes_decrypt_1(astate, rounds, RoundKey);
|
aes_decrypt_1(aes, astate);
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
pt[i] = astate[i];
|
pt[i] = astate[i];
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
|
void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
|
||||||
{
|
{
|
||||||
uint32_t RoundKey[60];
|
|
||||||
uint8_t iv2[16];
|
uint8_t iv2[16];
|
||||||
uint8_t iv3[16];
|
uint8_t iv3[16];
|
||||||
unsigned rounds;
|
|
||||||
uint8_t *ivbuf;
|
uint8_t *ivbuf;
|
||||||
uint8_t *ivnext;
|
uint8_t *ivnext;
|
||||||
|
|
||||||
const uint8_t *ct = data;
|
const uint8_t *ct = data;
|
||||||
uint8_t *pt = dst;
|
uint8_t *pt = dst;
|
||||||
|
|
||||||
rounds = KeyExpansion(RoundKey, key, klen);
|
|
||||||
ivbuf = memcpy(iv2, iv, 16);
|
ivbuf = memcpy(iv2, iv, 16);
|
||||||
while (len) {
|
while (len) {
|
||||||
ivnext = (ivbuf==iv2) ? iv3 : iv2;
|
ivnext = (ivbuf==iv2) ? iv3 : iv2;
|
||||||
@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *
|
|||||||
unsigned astate[16];
|
unsigned astate[16];
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
ivnext[i] = astate[i] = ct[i];
|
ivnext[i] = astate[i] = ct[i];
|
||||||
aes_decrypt_1(astate, rounds, RoundKey);
|
aes_decrypt_1(aes, astate);
|
||||||
for (i = 0; i < 16; i++)
|
for (i = 0; i < 16; i++)
|
||||||
pt[i] = astate[i] ^ ivbuf[i];
|
pt[i] = astate[i] ^ ivbuf[i];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN
|
|||||||
|
|
||||||
void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
|
void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
|
||||||
|
|
||||||
void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
|
void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
|
||||||
void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
|
void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
|
||||||
|
|||||||
@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c,
|
|||||||
/* Copy the result into s. */
|
/* Copy the result into s. */
|
||||||
XMEMCPY(s, x, sSz);
|
XMEMCPY(s, x, sSz);
|
||||||
}
|
}
|
||||||
|
|
||||||
void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len)
|
|
||||||
{
|
|
||||||
byte iv[AES_BLOCK_SIZE];
|
|
||||||
|
|
||||||
aes_setkey(aes, key, len);
|
|
||||||
|
|
||||||
memset(iv, 0, AES_BLOCK_SIZE);
|
|
||||||
aes_encrypt_one_block(aes, iv, H);
|
|
||||||
}
|
|
||||||
|
|||||||
@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h,
|
|||||||
const uint8_t* c, unsigned cSz,
|
const uint8_t* c, unsigned cSz,
|
||||||
uint8_t* s, unsigned sSz
|
uint8_t* s, unsigned sSz
|
||||||
) FAST_FUNC;
|
) FAST_FUNC;
|
||||||
|
|
||||||
void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC;
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user