[git commit] tls: fold AES CBC en/decryption into single functions

Denys Vlasenko vda.linux at googlemail.com
Sat Feb 4 15:23:49 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=c31b54fd81690b3df3898437f5865674d06e6577
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls.c     | 30 +++++++++++------------------
 networking/tls_aes.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++---
 networking/tls_aes.h | 14 ++------------
 3 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/networking/tls.c b/networking/tls.c
index 4e9187d..30afd9e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -722,17 +722,12 @@ static void xwrite_encrypted(tls_state_t *tls, unsigned size, unsigned type)
 	} while ((size & (AES_BLOCKSIZE - 1)) != 0);
 
 	/* Encrypt content+MAC+padding in place */
-	{
-		psCipherContext_t ctx;
-		psAesInit(&ctx, buf - AES_BLOCKSIZE, /* IV */
-			tls->client_write_key, tls->key_size /* selects 128/256 */
-		);
-		psAesEncrypt(&ctx,
-			buf, /* plaintext */
-			buf, /* ciphertext */
-			size
-		);
-	}
+	aes_cbc_encrypt(
+		tls->client_write_key, tls->key_size, /* selects 128/256 */
+		buf - AES_BLOCKSIZE, /* IV */
+		buf, size, /* plaintext */
+		buf /* ciphertext */
+	);
 
 	/* Write out */
 	dbg("writing 5 + %u IV + %u encrypted bytes, padding_length:0x%02x\n",
@@ -875,7 +870,6 @@ static int tls_xread_record(tls_state_t *tls)
 
 	/* Needs to be decrypted? */
 	if (tls->min_encrypted_len_on_read > tls->MAC_size) {
-		psCipherContext_t ctx;
 		uint8_t *p = tls->inbuf + RECHDR_LEN;
 		int padding_len;
 
@@ -886,14 +880,12 @@ static int tls_xread_record(tls_state_t *tls)
 				sz, tls->min_encrypted_len_on_read);
 		}
 		/* Decrypt content+MAC+padding, moving it over IV in the process */
-		psAesInit(&ctx, p, /* IV */
-			tls->server_write_key, tls->key_size /* selects 128/256 */
-		);
 		sz -= AES_BLOCKSIZE; /* we will overwrite IV now */
-		psAesDecrypt(&ctx,
-			p + AES_BLOCKSIZE, /* ciphertext */
-			p,                 /* plaintext */
-			sz
+		aes_cbc_decrypt(
+			tls->server_write_key, tls->key_size, /* selects 128/256 */
+			p, /* IV */
+			p + AES_BLOCKSIZE, sz, /* ciphertext */
+			p /* plaintext */
 		);
 		padding_len = p[sz - 1];
 		dbg("encrypted size:%u type:0x%02x padding_length:0x%02x\n", sz, p[0], padding_len);
diff --git a/networking/tls_aes.c b/networking/tls_aes.c
index 6c3c393..ebaab15 100644
--- a/networking/tls_aes.c
+++ b/networking/tls_aes.c
@@ -5,6 +5,46 @@
  */
 #include "tls.h"
 
+static
+int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey);
+static
+void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
+		psAesKey_t *skey);
+static
+void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
+		psAesKey_t *skey);
+static
+int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
+		const unsigned char *key, uint32 keylen);
+static
+int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt,
+		unsigned char *ct, uint32 len);
+static
+int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct,
+		unsigned char *pt, uint32 len);
+
+void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+{
+	psCipherContext_t ctx;
+	psAesInit(&ctx, iv, key, klen);
+	psAesEncrypt(&ctx,
+		data, /* plaintext */
+		dst,  /* ciphertext */
+		len
+	);
+}
+
+void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+{
+	psCipherContext_t ctx;
+	psAesInit(&ctx, iv, key, klen);
+	psAesDecrypt(&ctx,
+		data, /* ciphertext */
+		dst,  /* plaintext */
+		len
+	);
+}
+
 /* The file is taken almost verbatim from matrixssl-3-7-2b-open/crypto/symmetric/.
  * Changes are flagged with //bbox
  */
@@ -1079,8 +1119,9 @@ static uint32 setup_mix2(uint32 temp)
 	Software implementation of AES CBC APIs
  */
 #ifndef USE_AES_CBC_EXTERNAL
+static //bbox
 int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
-				  unsigned char *key, uint32 keylen)
+				  const unsigned char *key, uint32 keylen)
 {
 	int32		x, err;
 
@@ -1106,7 +1147,8 @@ int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
 	return PS_SUCCESS;
 }
 
-int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt,
+static //bbox
+int32 psAesEncrypt(psCipherContext_t *ctx, const unsigned char *pt,
 					 unsigned char *ct, uint32 len)
 {
 	int32			x;
@@ -1156,7 +1198,8 @@ int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt,
 	return len;
 }
 
-int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct,
+static //bbox
+int32 psAesDecrypt(psCipherContext_t *ctx, const unsigned char *ct,
 					 unsigned char *pt, uint32 len)
 {
 	int32			x;
@@ -1223,6 +1266,7 @@ int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct,
 	skey: The key in as scheduled by this function.
 */
 
+static //bbox
 int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey)
 {
 	int32		i, j;
@@ -1390,6 +1434,7 @@ int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey)
 
 
 #ifdef USE_BURN_STACK
+static //bbox
 void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
 				psAesKey_t *skey)
 {
@@ -1399,6 +1444,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
 static void _aes_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
 				psAesKey_t *skey)
 #else
+static //bbox
 void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
 				psAesKey_t *skey)
 #endif /* USE_BURN_STACK */
@@ -1555,6 +1601,7 @@ void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
 }
 
 #ifdef USE_BURN_STACK
+static //bbox
 void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
 				psAesKey_t *skey)
 {
@@ -1564,6 +1611,7 @@ void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
 static void _aes_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
 				psAesKey_t *skey)
 #else
+static //bbox
 void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
 				psAesKey_t *skey)
 #endif /* USE_BURN_STACK */
diff --git a/networking/tls_aes.h b/networking/tls_aes.h
index ea8ed7e..c679186 100644
--- a/networking/tls_aes.h
+++ b/networking/tls_aes.h
@@ -6,15 +6,5 @@
  * Selected few declarations for AES.
  */
 
-int32 psAesInitKey(const unsigned char *key, uint32 keylen, psAesKey_t *skey);
-void psAesEncryptBlock(const unsigned char *pt, unsigned char *ct,
-				psAesKey_t *skey);
-void psAesDecryptBlock(const unsigned char *ct, unsigned char *pt,
-				psAesKey_t *skey);
-
-int32 psAesInit(psCipherContext_t *ctx, unsigned char *IV,
-				  unsigned char *key, uint32 keylen);
-int32 psAesEncrypt(psCipherContext_t *ctx, unsigned char *pt,
-					 unsigned char *ct, uint32 len);
-int32 psAesDecrypt(psCipherContext_t *ctx, unsigned char *ct,
-					 unsigned char *pt, uint32 len);
+void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst);
+void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst);


More information about the busybox-cvs mailing list