emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: in AES-CBC code, do not set key for every record - do it once

Browse Source 
function                                             old     new   delta
aes_setkey                                            16     212    +196
tls_handshake                                       1941    1977     +36
aes_encrypt_1                                        382     396     +14
xwrite_encrypted                                     605     604      -1
tls_xread_record                                     659     656      -3
aes_encrypt_one_block                                 65      59      -6
aes_cbc_encrypt                                      172     121     -51
aesgcm_setkey                                         58       -     -58
aes_cbc_decrypt                                      958     881     -77
KeyExpansion                                         188       -    -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384)         Total: -138 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
2018-11-23 18:02:44 +01:00
parent 83e5c627e1
commit 5e4236d226
5 changed files with 28 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
networking/tls.c
View File

@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
/* Encrypt content+MAC+padding in place */
//optimize key setup
aes_cbc_encrypt(
tls->client_write_key, tls->key_size, /* selects 128/256 */
&tls->aes_decrypt, /* selects 128/256 */
buf - AES_BLOCK_SIZE, /* IV */
buf, size, /* plaintext */
buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
/* Decrypt content+MAC+padding, moving it over IV in the process */
sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
aes_cbc_decrypt(
tls->server_write_key, tls->key_size, /* selects 128/256 */
&tls->aes_decrypt, /* selects 128/256 */
p, /* IV */
p + AES_BLOCK_SIZE, sz, /* ciphertext */
p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
dump_hex("client_write_IV:%s\n",
tls->client_write_IV, tls->IV_size
);
aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
{
uint8_t iv[AES_BLOCK_SIZE];
memset(iv, 0, AES_BLOCK_SIZE);
aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
}
}
}