From 941440cf166ef77ad82c4ead9eae3a8a2552a418 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sat, 24 Nov 2018 13:51:46 +0100 Subject: [PATCH] tls: in AES-GCM decoding, avoid memmove function old new delta xorbuf3 - 36 +36 xorbuf 24 12 -12 tls_xread_record 656 634 -22 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/2 up/down: 36/-34) Total: 2 bytes Signed-off-by: Denys Vlasenko --- networking/tls.c | 20 ++++++++++++++++---- networking/tls.h | 1 + networking/tls_aesgcm.c | 9 --------- networking/tls_aesgcm.h | 2 -- 4 files changed, 17 insertions(+), 15 deletions(-) diff --git a/networking/tls.c b/networking/tls.c index 1e0e0991c..1f8c21f8b 100644 --- a/networking/tls.c +++ b/networking/tls.c @@ -343,6 +343,20 @@ void FAST_FUNC tls_get_random(void *buf, unsigned len) xfunc_die(); } +static void xorbuf3(void *dst, const void *src1, const void *src2, unsigned count) +{ + uint8_t *d = dst; + const uint8_t *s1 = src1; + const uint8_t* s2 = src2; + while (count--) + *d++ = *s1++ ^ *s2++; +} + +void FAST_FUNC xorbuf(void *dst, const void *src, unsigned count) +{ + xorbuf3(dst, dst, src, count); +} + /* Nondestructively see the current hash value */ static unsigned sha_peek(md5sha_ctx_t *ctx, void *buffer) { @@ -941,7 +955,6 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) memcpy(nonce, tls->server_write_IV, 4); memcpy(nonce + 4, buf, 8); - buf += 8; cnt = 1; remaining = size; @@ -952,12 +965,12 @@ static void tls_aesgcm_decrypt(tls_state_t *tls, uint8_t *buf, int size) COUNTER(nonce) = htonl(cnt); /* yes, first cnt here is 2 (!) */ aes_encrypt_one_block(&tls->aes_decrypt, nonce, scratch); n = remaining > AES_BLOCK_SIZE ? AES_BLOCK_SIZE : remaining; - xorbuf(buf, scratch, n); + xorbuf3(buf, scratch, buf + 8, n); buf += n; remaining -= n; } - //aesgcm_GHASH(tls->H, aad, tls->outbuf + OUTBUF_PFX, size, authtag); + //aesgcm_GHASH(tls->H, aad, tls->inbuf + RECHDR_LEN, size, authtag); //COUNTER(nonce) = htonl(1); //aes_encrypt_one_block(&tls->aes_encrypt, nonce, scratch); //xorbuf(authtag, scratch, sizeof(authtag)); @@ -1046,7 +1059,6 @@ static int tls_xread_record(tls_state_t *tls, const char *expected) sz -= 8 + AES_BLOCK_SIZE; /* we will overwrite nonce, drop hash */ tls_aesgcm_decrypt(tls, p, sz); - memmove(p, p + 8, sz); dbg("encrypted size:%u\n", sz); } else if (tls->min_encrypted_len_on_read > tls->MAC_size) { diff --git a/networking/tls.h b/networking/tls.h index f2ef67aac..4b0dc7459 100644 --- a/networking/tls.h +++ b/networking/tls.h @@ -81,6 +81,7 @@ typedef int16_t int16; #define AES_BLOCK_SIZE 16 void tls_get_random(void *buf, unsigned len) FAST_FUNC; +void xorbuf(void* buf, const void* mask, unsigned count) FAST_FUNC; #define matrixCryptoGetPrngData(buf, len, userPtr) (tls_get_random(buf, len), PS_SUCCESS) diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c index b9a6a9b0a..db720e5f6 100644 --- a/networking/tls_aesgcm.c +++ b/networking/tls_aesgcm.c @@ -11,15 +11,6 @@ typedef uint32_t word32; #define XMEMSET memset #define XMEMCPY memcpy -void FAST_FUNC xorbuf(void* buf, const void* mask, unsigned count) -{ - word32 i; - byte* b = (byte*)buf; - const byte* m = (const byte*)mask; - for (i = 0; i < count; i++) - b[i] ^= m[i]; -} - /* from wolfssl-3.15.3/wolfcrypt/src/aes.c */ static ALWAYS_INLINE void FlattenSzInBits(byte* buf, word32 sz) diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h index 75694f3fa..d7e672e6e 100644 --- a/networking/tls_aesgcm.h +++ b/networking/tls_aesgcm.h @@ -4,8 +4,6 @@ * Licensed under GPLv2, see file LICENSE in this source tree. */ -void xorbuf(void* buf, const void* mask, unsigned count) FAST_FUNC; - void aesgcm_GHASH(uint8_t* h, const uint8_t* a, //unsigned aSz, const uint8_t* c, unsigned cSz,