emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: fold AES CBC en/decryption into single functions

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2017-02-04 16:23:49 +01:00
parent 5b05d9db29
commit c31b54fd81
3 changed files with 64 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
networking/tls.c
View File

@ -722,17 +722,12 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
} while ((size & (AES_BLOCKSIZE - 1)) != 0); } while ((size & (AES_BLOCKSIZE - 1)) != 0);
/* Encrypt content+MAC+padding in place */ /* Encrypt content+MAC+padding in place */
{ aes_cbc_encrypt(
psCipherContext_t ctx; tls->client_write_key, tls->key_size, /* selects 128/256 */
psAesInit(&ctx, buf - AES_BLOCKSIZE, /* IV */ buf - AES_BLOCKSIZE, /* IV */
tls->client_write_key, tls->key_size /* selects 128/256 */ buf, size, /* plaintext */
); buf /* ciphertext */
psAesEncrypt(&ctx, );
buf, /* plaintext */
buf, /* ciphertext */
size
);
}
/* Write out */ /* Write out */
dbg("writing 5 + %u IV + %u encrypted bytes, padding_length:0x%02x\n", dbg("writing 5 + %u IV + %u encrypted bytes, padding_length:0x%02x\n",
@ -875,7 +870,6 @@ static int tls_xread_record(tls_state_t *tls)
/* Needs to be decrypted? */ /* Needs to be decrypted? */
if (tls->min_encrypted_len_on_read > tls->MAC_size) { if (tls->min_encrypted_len_on_read > tls->MAC_size) {
psCipherContext_t ctx;
uint8_t *p = tls->inbuf + RECHDR_LEN; uint8_t *p = tls->inbuf + RECHDR_LEN;
int padding_len; int padding_len;
@ -886,14 +880,12 @@ static int tls_xread_record(tls_state_t *tls)
sz, tls->min_encrypted_len_on_read); sz, tls->min_encrypted_len_on_read);
} }
/* Decrypt content+MAC+padding, moving it over IV in the process */ /* Decrypt content+MAC+padding, moving it over IV in the process */
psAesInit(&ctx, p, /* IV */
tls->server_write_key, tls->key_size /* selects 128/256 */
);
sz -= AES_BLOCKSIZE; /* we will overwrite IV now */ sz -= AES_BLOCKSIZE; /* we will overwrite IV now */
psAesDecrypt(&ctx, aes_cbc_decrypt(
p + AES_BLOCKSIZE, /* ciphertext */ tls->server_write_key, tls->key_size, /* selects 128/256 */
p, /* plaintext */ p, /* IV */
sz p + AES_BLOCKSIZE, sz, /* ciphertext */
p /* plaintext */
); );
padding_len = p[sz - 1]; padding_len = p[sz - 1];
dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len); dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);

54
networking/tls_aes.c
View File

@ -5,6 +5,46 @@
*/ */
#include "tls.h" #include "tls.h"
static
int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey);
static
void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
psAesKey_t *skey);
static
void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
psAesKey_t *skey);
static
int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
const unsigned char *key, uint32 keylen);
static
int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt,
unsigned char *ct, uint32 len);
static
int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct,
unsigned char *pt, uint32 len);
void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
{
psCipherContext_t ctx;
psAesInit(&ctx, iv, key, klen);
psAesEncrypt(&ctx,
data, /* plaintext */
dst, /* ciphertext */
len
);
}
void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
{
psCipherContext_t ctx;
psAesInit(&ctx, iv, key, klen);
psAesDecrypt(&ctx,
data, /* ciphertext */
dst, /* plaintext */
len
);
}
/* The file is taken almost verbatim from matrixssl-3-7-2b-open/crypto/symmetric/. /* The file is taken almost verbatim from matrixssl-3-7-2b-open/crypto/symmetric/.
* Changes are flagged with //bbox * Changes are flagged with //bbox
*/ */
@ -1079,8 +1119,9 @@ static uint32 setup_mix2(uint32 temp)
Software implementation of AES CBC APIs Software implementation of AES CBC APIs
*/ */
#ifndef USE_AES_CBC_EXTERNAL #ifndef USE_AES_CBC_EXTERNAL
static //bbox
int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV, int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
unsigned char *key, uint32 keylen) const unsigned char *key, uint32 keylen)
{ {
int32 x, err; int32 x, err;
@ -1106,7 +1147,8 @@ int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
return PS_SUCCESS; return PS_SUCCESS;
} }
int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt, static //bbox
int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt,
unsigned char *ct, uint32 len) unsigned char *ct, uint32 len)
{ {
int32 x; int32 x;
@ -1156,7 +1198,8 @@ int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt,
return len; return len;
} }
int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct, static //bbox
int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct,
unsigned char *pt, uint32 len) unsigned char *pt, uint32 len)
{ {
int32 x; int32 x;
@ -1223,6 +1266,7 @@ int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct,
skey: The key in as scheduled by this function. skey: The key in as scheduled by this function.
*/ */
static //bbox
int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey) int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey)
{ {
int32 i, j; int32 i, j;
@ -1390,6 +1434,7 @@ int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey)
#ifdef USE_BURN_STACK #ifdef USE_BURN_STACK
static //bbox
void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
psAesKey_t *skey) psAesKey_t *skey)
{ {
@ -1399,6 +1444,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
static void _aes_ecb_encrypt(const unsigned char *pt, unsigned char *ct, static void _aes_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
psAesKey_t *skey) psAesKey_t *skey)
#else #else
static //bbox
void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
psAesKey_t *skey) psAesKey_t *skey)
#endif /* USE_BURN_STACK */ #endif /* USE_BURN_STACK */
@ -1555,6 +1601,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
} }
#ifdef USE_BURN_STACK #ifdef USE_BURN_STACK
static //bbox
void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
psAesKey_t *skey) psAesKey_t *skey)
{ {
@ -1564,6 +1611,7 @@ void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
static void _aes_ecb_decrypt(const unsigned char *ct, unsigned char *pt, static void _aes_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
psAesKey_t *skey) psAesKey_t *skey)
#else #else
static //bbox
void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt, void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
psAesKey_t *skey) psAesKey_t *skey)
#endif /* USE_BURN_STACK */ #endif /* USE_BURN_STACK */

14
networking/tls_aes.h
View File

@ -6,15 +6,5 @@
* Selected few declarations for AES. * Selected few declarations for AES.
*/ */
int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey); void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst);
void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct, void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst);
psAesKey_t *skey);
void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
psAesKey_t *skey);
int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
unsigned char *key, uint32 keylen);
int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt,
unsigned char *ct, uint32 len);
int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct,
unsigned char *pt, uint32 len);