From 5e4236d226309a32842a6928878fd0e1cd5937e7 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 23 Nov 2018 18:02:44 +0100
Subject: tls: in AES-CBC code, do not set key for every record - do it once

function                                             old     new   delta
aes_setkey                                            16     212    +196
tls_handshake                                       1941    1977     +36
aes_encrypt_1                                        382     396     +14
xwrite_encrypted                                     605     604      -1
tls_xread_record                                     659     656      -3
aes_encrypt_one_block                                 65      59      -6
aes_cbc_encrypt                                      172     121     -51
aesgcm_setkey                                         58       -     -58
aes_cbc_decrypt                                      958     881     -77
KeyExpansion                                         188       -    -188
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 3/5 up/down: 246/-384)         Total: -138 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/tls.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'networking/tls.c')

diff --git a/networking/tls.c b/networking/tls.c
index 38a965ad6..23622d76e 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -758,7 +758,7 @@ static void xwrite_encrypted_and_hmac_signed(tls_state_t *tls, unsigned size, un
 	/* Encrypt content+MAC+padding in place */
 //optimize key setup
 	aes_cbc_encrypt(
-		tls->client_write_key, tls->key_size, /* selects 128/256 */
+		&tls->aes_decrypt, /* selects 128/256 */
 		buf - AES_BLOCK_SIZE, /* IV */
 		buf, size, /* plaintext */
 		buf /* ciphertext */
@@ -1061,7 +1061,7 @@ static int tls_xread_record(tls_state_t *tls, const char *expected)
 			/* Decrypt content+MAC+padding, moving it over IV in the process */
 			sz -= AES_BLOCK_SIZE; /* we will overwrite IV now */
 			aes_cbc_decrypt(
-				tls->server_write_key, tls->key_size, /* selects 128/256 */
+				&tls->aes_decrypt, /* selects 128/256 */
 				p, /* IV */
 				p + AES_BLOCK_SIZE, sz, /* ciphertext */
 				p /* plaintext */
@@ -1934,8 +1934,14 @@ static void send_client_key_exchange(tls_state_t *tls)
 		dump_hex("client_write_IV:%s\n",
 			tls->client_write_IV, tls->IV_size
 		);
-		aesgcm_setkey(tls->H, &tls->aes_encrypt, tls->client_write_key, tls->key_size);
+
 		aes_setkey(&tls->aes_decrypt, tls->server_write_key, tls->key_size);
+		aes_setkey(&tls->aes_encrypt, tls->client_write_key, tls->key_size);
+		{
+			uint8_t iv[AES_BLOCK_SIZE];
+			memset(iv, 0, AES_BLOCK_SIZE);
+			aes_encrypt_one_block(&tls->aes_encrypt, iv, tls->H);
+		}
 	}
 }
 
-- 
cgit v1.2.3