tls: in AES-CBC code, do not set key for every record - do it once

function                                             old     new   delta
aes_setkey                                            16     212    +196
tls_handshake                                       1941    1977     +36
aes_encrypt_1                                        382     396     +14
xwrite_encrypted                                     605     604      -1
tls_xread_record                                     659     656      -3
aes_encrypt_one_block                                 65      59      -6
aes_cbc_encrypt                                      172     121     -51
aesgcm_setkey                                         58       -     -58
aes_cbc_decrypt                                      958     881     -77
KeyExpansion                                         188       -    -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384)         Total: -138 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/networking/tls.c b/networking/tls.c
index 38a965ad684244e86c219bb970eabe0fa1eefac8..23622d76ed693974832f5ec91a892581dd82a8ab 100644 (file)
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
        /* Encrypt content+MAC+padding in place */
 //optimize key setup
        aes_cbc_encrypt(
-               tls->client_write_key, tls->key_size, /* selects 128/256 */
+               &tls->aes_decrypt, /* selects 128/256 */
                buf - AES_BLOCK_SIZE, /* IV */
                buf, size, /* plaintext */
                buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
                        /* Decrypt content+MAC+padding, moving it over IV in the process */
                        sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
                        aes_cbc_decrypt(
-                               tls->server_write_key, tls->key_size, /* selects 128/256 */
+                               &tls->aes_decrypt, /* selects 128/256 */
                                p, /* IV */
                                p + AES_BLOCK_SIZE, sz, /* ciphertext */
                                p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
                dump_hex("client_write_IV:%s\n",
                        tls->client_write_IV, tls->IV_size
                );
-               aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
+
                aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+               aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+               {
+                       uint8_t iv[AES_BLOCK_SIZE];
+                       memset(iv, 0, AES_BLOCK_SIZE);
+                       aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+               }
        }
 }
 

diff --git a/networking/tls_aes.c b/networking/tls_aes.c
index 4d2b689754ecf8ed1b4db8722689804492b985b9..cf6b5fe3d3bb4461810231f4534f4f6d7e1bfa68 100644 (file)
--- a/networking/tls_aes.c
+++ b/networking/tls_aes.c
@@ -326,8 +326,11 @@ static void InvMixColumns(unsigned astate[16])
        }
 }
 
-static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+       unsigned rounds = aes->rounds;
+       const uint32_t *RoundKey = aes->key;
+
        for (;;) {
                AddRoundKey(astate, RoundKey);
                RoundKey += 4;
@@ -355,22 +358,19 @@ void FAST_FUNC aes_encrypt_one_block(struct tls_aes *aes, const void *data, void
 
        for (i = 0; i < 16; i++)
                astate[i] = pt[i];
-       aes_encrypt_1(astate, aes->rounds, aes->key);
+       aes_encrypt_1(aes, astate);
        for (i = 0; i < 16; i++)
                ct[i] = astate[i];
 }
 
-void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-       uint32_t RoundKey[60];
        uint8_t iv2[16];
-       unsigned rounds;
 
        const uint8_t *pt = data;
        uint8_t *ct = dst;
 
        memcpy(iv2, iv, 16);
-       rounds = KeyExpansion(RoundKey, key, klen);
        while (len > 0) {
                {
                        /* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
@@ -381,7 +381,7 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
                        unsigned astate[16];
                        for (i = 0; i < 16; i++)
                                astate[i] = pt[i] ^ iv2[i];
-                       aes_encrypt_1(astate, rounds, RoundKey);
+                       aes_encrypt_1(aes, astate);
                        for (i = 0; i < 16; i++)
                                iv2[i] = ct[i] = astate[i];
                }
@@ -391,8 +391,11 @@ void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *
        }
 }
 
-static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
 {
+       unsigned rounds = aes->rounds;
+       const uint32_t *RoundKey = aes->key;
+
        RoundKey += rounds * 4;
        AddRoundKey(astate, RoundKey);
        for (;;) {
@@ -407,8 +410,10 @@ static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *
 }
 
 #if 0 //UNUSED
-static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
+static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
 {
+       unsigned rounds = aes->rounds;
+       const uint32_t *RoundKey = aes->key;
        unsigned astate[16];
        unsigned i;
 
@@ -417,25 +422,22 @@ static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, con
 
        for (i = 0; i < 16; i++)
                astate[i] = ct[i];
-       aes_decrypt_1(astate, rounds, RoundKey);
+       aes_decrypt_1(aes, astate);
        for (i = 0; i < 16; i++)
                pt[i] = astate[i];
 }
 #endif
 
-void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
 {
-       uint32_t RoundKey[60];
        uint8_t iv2[16];
        uint8_t iv3[16];
-       unsigned rounds;
        uint8_t *ivbuf;
        uint8_t *ivnext;
 
        const uint8_t *ct = data;
        uint8_t *pt = dst;
 
-       rounds = KeyExpansion(RoundKey, key, klen);
        ivbuf = memcpy(iv2, iv, 16);
        while (len) {
                ivnext = (ivbuf==iv2) ? iv3 : iv2;
@@ -447,7 +449,7 @@ void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *
                        unsigned astate[16];
                        for (i = 0; i < 16; i++)
                                ivnext[i] = astate[i] = ct[i];
-                       aes_decrypt_1(astate, rounds, RoundKey);
+                       aes_decrypt_1(aes, astate);
                        for (i = 0; i < 16; i++)
                                pt[i] = astate[i] ^ ivbuf[i];
                }

diff --git a/networking/tls_aes.h b/networking/tls_aes.h
index fc388179334faff8c7d4abc8c403cd931e38b965..e9e3721f13f749de36f4b4dbbd9b7c1b635779d9 100644 (file)
--- a/networking/tls_aes.h
+++ b/networking/tls_aes.h
@@ -10,5 +10,5 @@ void aes_setkey(struct tls_aes *aes, const void *key, unsigned key_len) FAST_FUN
 
 void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
 
-void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
-void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;

diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c
index 584cee98eee1fac462eb1e4c31e276f59d7ccab4..eb32f4c05a50309f3f6cc4364e200b4ad1f32745 100644 (file)
--- a/networking/tls_aesgcm.c
+++ b/networking/tls_aesgcm.c
@@ -136,13 +136,3 @@ void FAST_FUNC aesgcm_GHASH(byte* h, const byte* a, unsigned aSz, const byte* c,
     /* Copy the result into s. */
     XMEMCPY(s, x, sSz);
 }
-
-void FAST_FUNC aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const byte* key, unsigned len)
-{
-    byte iv[AES_BLOCK_SIZE];
-
-    aes_setkey(aes, key, len);
-
-    memset(iv, 0, AES_BLOCK_SIZE);
-    aes_encrypt_one_block(aes, iv, H);
-}

diff --git a/networking/tls_aesgcm.h b/networking/tls_aesgcm.h
index d4cde01f9a12b2918bab9963603296eaba71840f..a71eced54eccc59de218d4e12a58f734613a4ddb 100644 (file)
--- a/networking/tls_aesgcm.h
+++ b/networking/tls_aesgcm.h
@@ -11,5 +11,3 @@ void aesgcm_GHASH(uint8_t* h,
        const uint8_t* c, unsigned cSz,
        uint8_t* s, unsigned sSz
 ) FAST_FUNC;
-
-void aesgcm_setkey(uint8_t H[16], struct tls_aes *aes, const uint8_t* key, unsigned len) FAST_FUNC;