[git commit] tls: in AES-CBC code, do not set key for every record - do it once

Denys Vlasenko vda.linux at googlemail.com
Fri Nov 23 17:02:44 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=5e4236d226309a32842a6928878fd0e1cd5937e7
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
aes_setkey                                            16     212    +196
tls_handshake                                       1941    1977     +36
aes_encrypt_1                                        382     396     +14
xwrite_encrypted                                     605     604      -1
tls_xread_record                                     659     656      -3
aes_encrypt_one_block                                 65      59      -6
aes_cbc_encrypt                                      172     121     -51
aesgcm_setkey                                         58       -     -58
aes_cbc_decrypt                                      958     881     -77
KeyExpansion                                         188       -    -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384)         Total: -138 bytes

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls.c        | 12 +++++++++---
 networking/tls_aes.c    | 32 +++++++++++++++++---------------
 networking/tls_aes.h    |  4 ++--
 networking/tls_aesgcm.c | 10 ----------
 networking/tls_aesgcm.h |  2 --
 5 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/networking/tls.c b/networking/tls.c
index 38a965ad6..23622d76e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	/* Encrypt content+MAC+padding in place */
 //optimize key setup
 	aes_cbc_encrypt(
-		tls->client_write_key, tls->key_size, /* selects 128/256 */
+		&tls->aes_decrypt, /* selects 128/256 */
 		buf - AES_BLOCK_SIZE, /* IV */
 		buf, size, /* plaintext */
 		buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			/* Decrypt content+MAC+padding, moving it over IV in the process */
 			sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
 			aes_cbc_decrypt(
-				tls->server_write_key, tls->key_size, /* selects 128/256 */
+				&tls->aes_decrypt, /* selects 128/256 */
 				p, /* IV */
 				p + AES_BLOCK_SIZE, sz, /* ciphertext */
 				p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
 		dump_hex("client_write_IV:%s\n",
 			tls->client_write_IV, tls->IV_size
 		);
-		aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
+
 		aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+		aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+		{
+			uint8_t iv[AES_BLOCK_SIZE];
+			memset(iv, 0, AES_BLOCK_SIZE);
+			aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+		}
 	}
 }
 
diff --git a/networking/tls_aes.c b/networking/tls_aes.c
index 4d2b68975..cf6b5fe3d 100644
--- a/networking/tls_aes.c
+++ b/networking/tls_aes.c
@@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16])
 	}
 }
 
-static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
+
 	for (;;) {
 		AddRoundKey(astate, RoundKey);
 		RoundKey += 4;
@@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void
 
 	for (i = 0; i < 16; i++)
 		astate[i] = pt[i];
-	aes_encrypt_1(astate, aes->rounds, aes->key);
+	aes_encrypt_1(aes, astate);
 	for (i = 0; i < 16; i++)
 		ct[i] = astate[i];
 }
 
-void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-	uint32_t RoundKey[60];
 	uint8_t iv2[16];
-	unsigned rounds;
 
 	const uint8_t *pt = data;
 	uint8_t *ct = dst;
 
 	memcpy(iv2, iv, 16);
-	rounds = KeyExpansion(RoundKey, key, klen);
 	while (len > 0) {
 		{
 			/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
@@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
 			unsigned astate[16];
 			for (i = 0; i < 16; i++)
 				astate[i] = pt[i] ^ iv2[i];
-			aes_encrypt_1(astate, rounds, RoundKey);
+			aes_encrypt_1(aes, astate);
 			for (i = 0; i < 16; i++)
 				iv2[i] = ct[i] = astate[i];
 		}
@@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
 	}
 }
 
-static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
+
 	RoundKey += rounds * 4;
 	AddRoundKey(astate, RoundKey);
 	for (;;) {
@@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *
 }
 
 #if 0 //UNUSED
-static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
+static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
 {
+	unsigned rounds = aes->rounds;
+	const uint32_t *RoundKey = aes->key;
 	unsigned astate[16];
 	unsigned i;
 
@@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con
 
 	for (i = 0; i < 16; i++)
 		astate[i] = ct[i];
-	aes_decrypt_1(astate, rounds, RoundKey);
+	aes_decrypt_1(aes, astate);
 	for (i = 0; i < 16; i++)
 		pt[i] = astate[i];
 }
 #endif
 
-void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-	uint32_t RoundKey[60];
 	uint8_t iv2[16];
 	uint8_t iv3[16];
-	unsigned rounds;
 	uint8_t *ivbuf;
 	uint8_t *ivnext;
 
 	const uint8_t *ct = data;
 	uint8_t *pt = dst;
 
-	rounds = KeyExpansion(RoundKey, key, klen);
 	ivbuf = memcpy(iv2, iv, 16);
 	while (len) {
 		ivnext = (ivbuf==iv2) ? iv3 : iv2;
@@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *
 			unsigned astate[16];
 			for (i = 0; i < 16; i++)
 				ivnext[i] = astate[i] = ct[i];
-			aes_decrypt_1(astate, rounds, RoundKey);
+			aes_decrypt_1(aes, astate);
 			for (i = 0; i < 16; i++)
 				pt[i] = astate[i] ^ ivbuf[i];
 		}
diff --git a/networking/tls_aes.h b/networking/tls_aes.h
index fc3881793..e9e3721f1 100644
--- a/networking/tls_aes.h
+++ b/networking/tls_aes.h
@@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN
 
 void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
 
-void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
-void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c
index 584cee98e..eb32f4c05 100644
--- a/networking/tls_aesgcm.c
+++ b/networking/tls_aesgcm.c
@@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c,
     /* Copy the result into s. */
     XMEMCPY(s, x, sSz);
 }
-
-void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len)
-{
-    byte iv[AES_BLOCK_SIZE];
-
-    aes_setkey(aes, key, len);
-
-    memset(iv, 0, AES_BLOCK_SIZE);
-    aes_encrypt_one_block(aes, iv, H);
-}
diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h
index d4cde01f9..a71eced54 100644
--- a/networking/tls_aesgcm.h
+++ b/networking/tls_aesgcm.h
@@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h,
 	const uint8_t* c, unsigned cSz,
 	uint8_t* s, unsigned sSz
 ) FAST_FUNC;
-
-void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC;


More information about the busybox-cvs mailing list