/* Encrypt content+MAC+padding in place */
//optimize key setup
aes_cbc_encrypt(
- tls->client_write_key, tls->key_size, /* selects 128/256 */
+ &tls->aes_decrypt, /* selects 128/256 */
buf - AES_BLOCK_SIZE, /* IV */
buf, size, /* plaintext */
buf /* ciphertext */
/* Decrypt content+MAC+padding, moving it over IV in the process */
sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
aes_cbc_decrypt(
- tls->server_write_key, tls->key_size, /* selects 128/256 */
+ &tls->aes_decrypt, /* selects 128/256 */
p, /* IV */
p + AES_BLOCK_SIZE, sz, /* ciphertext */
p /* plaintext */
dump_hex("client_write_IV:%s\n",
tls->client_write_IV, tls->IV_size
);
- aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
+
aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+ aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+ {
+ uint8_t iv[AES_BLOCK_SIZE];
+ memset(iv, 0, AES_BLOCK_SIZE);
+ aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+ }
}
}
}
}
-static void aes_encrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_encrypt_1(struct tls_aes *aes, unsigned astate[16])
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
+
for (;;) {
AddRoundKey(astate, RoundKey);
RoundKey += 4;
for (i = 0; i < 16; i++)
astate[i] = pt[i];
- aes_encrypt_1(astate, aes->rounds, aes->key);
+ aes_encrypt_1(aes, astate);
for (i = 0; i < 16; i++)
ct[i] = astate[i];
}
-void FAST_FUNC aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
{
- uint32_t RoundKey[60];
uint8_t iv2[16];
- unsigned rounds;
const uint8_t *pt = data;
uint8_t *ct = dst;
memcpy(iv2, iv, 16);
- rounds = KeyExpansion(RoundKey, key, klen);
while (len > 0) {
{
/* almost aes_encrypt_one_block(rounds, RoundKey, pt, ct);
unsigned astate[16];
for (i = 0; i < 16; i++)
astate[i] = pt[i] ^ iv2[i];
- aes_encrypt_1(astate, rounds, RoundKey);
+ aes_encrypt_1(aes, astate);
for (i = 0; i < 16; i++)
iv2[i] = ct[i] = astate[i];
}
}
}
-static void aes_decrypt_1(unsigned astate[16], unsigned rounds, const uint32_t *RoundKey)
+static void aes_decrypt_1(struct tls_aes *aes, unsigned astate[16])
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
+
RoundKey += rounds * 4;
AddRoundKey(astate, RoundKey);
for (;;) {
}
#if 0 //UNUSED
-static void aes_decrypt_one_block(unsigned rounds, const uint32_t *RoundKey, const void *data, void *dst)
+static void aes_decrypt_one_block(struct tls_aes *aes, const void *data, void *dst)
{
+ unsigned rounds = aes->rounds;
+ const uint32_t *RoundKey = aes->key;
unsigned astate[16];
unsigned i;
for (i = 0; i < 16; i++)
astate[i] = ct[i];
- aes_decrypt_1(astate, rounds, RoundKey);
+ aes_decrypt_1(aes, astate);
for (i = 0; i < 16; i++)
pt[i] = astate[i];
}
#endif
-void FAST_FUNC aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst)
+void FAST_FUNC aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst)
{
- uint32_t RoundKey[60];
uint8_t iv2[16];
uint8_t iv3[16];
- unsigned rounds;
uint8_t *ivbuf;
uint8_t *ivnext;
const uint8_t *ct = data;
uint8_t *pt = dst;
- rounds = KeyExpansion(RoundKey, key, klen);
ivbuf = memcpy(iv2, iv, 16);
while (len) {
ivnext = (ivbuf==iv2) ? iv3 : iv2;
unsigned astate[16];
for (i = 0; i < 16; i++)
ivnext[i] = astate[i] = ct[i];
- aes_decrypt_1(astate, rounds, RoundKey);
+ aes_decrypt_1(aes, astate);
for (i = 0; i < 16; i++)
pt[i] = astate[i] ^ ivbuf[i];
}
void aes_encrypt_one_block(struct tls_aes *aes, const void *data, void *dst) FAST_FUNC;
-void aes_cbc_encrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
-void aes_cbc_decrypt(const void *key, int klen, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_encrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;
+void aes_cbc_decrypt(struct tls_aes *aes, void *iv, const void *data, size_t len, void *dst) FAST_FUNC;