mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 23:37:36 +00:00
LibCrypto+LibTLS+Kernel: Switch the Cipher::Mode interface to use Span
This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the Mode<T> interface a lot more allocation-friendly.
This commit is contained in:
parent
caedd05bd8
commit
bc7a149039
11 changed files with 182 additions and 153 deletions
|
@ -27,8 +27,8 @@
|
|||
#pragma once
|
||||
|
||||
#include <AK/String.h>
|
||||
#include <AK/StringView.h>
|
||||
#include <AK/StringBuilder.h>
|
||||
#include <AK/StringView.h>
|
||||
#include <LibCrypto/Cipher/Mode/Mode.h>
|
||||
|
||||
namespace Crypto {
|
||||
|
@ -56,44 +56,7 @@ public:
|
|||
|
||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||
|
||||
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
|
||||
{
|
||||
auto length = in.size();
|
||||
if (length == 0)
|
||||
return {};
|
||||
|
||||
auto& cipher = this->cipher();
|
||||
|
||||
// FIXME: We should have two of these encrypt/decrypt functions that
|
||||
// we SFINAE out based on whether the Cipher mode needs an ivec
|
||||
ASSERT(ivec.has_value());
|
||||
const auto* iv = ivec.value().data();
|
||||
|
||||
typename T::BlockType block { cipher.padding_mode() };
|
||||
size_t offset { 0 };
|
||||
auto block_size = cipher.block_size();
|
||||
|
||||
while (length >= block_size) {
|
||||
block.overwrite(in.slice_view(offset, block_size));
|
||||
block.apply_initialization_vector(iv);
|
||||
cipher.encrypt_block(block, block);
|
||||
out.overwrite(offset, block.get().data(), block_size);
|
||||
iv = out.offset_pointer(offset);
|
||||
length -= block_size;
|
||||
offset += block_size;
|
||||
}
|
||||
|
||||
if (length > 0) {
|
||||
block.overwrite(in.slice_view(offset, length));
|
||||
block.apply_initialization_vector(iv);
|
||||
cipher.encrypt_block(block, block);
|
||||
out.overwrite(offset, block.get().data(), block_size);
|
||||
iv = out.offset_pointer(offset);
|
||||
}
|
||||
|
||||
return ByteBuffer::copy(iv, block_size);
|
||||
}
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
{
|
||||
auto length = in.size();
|
||||
if (length == 0)
|
||||
|
@ -101,8 +64,49 @@ public:
|
|||
|
||||
auto& cipher = this->cipher();
|
||||
|
||||
ASSERT(ivec.has_value());
|
||||
const auto* iv = ivec.value().data();
|
||||
// FIXME: We should have two of these encrypt/decrypt functions that
|
||||
// we SFINAE out based on whether the Cipher mode needs an ivec
|
||||
ASSERT(!ivec.is_empty());
|
||||
const auto* iv = ivec.data();
|
||||
|
||||
m_cipher_block.set_padding_mode(cipher.padding_mode());
|
||||
size_t offset { 0 };
|
||||
auto block_size = cipher.block_size();
|
||||
|
||||
while (length >= block_size) {
|
||||
m_cipher_block.overwrite(in.slice(offset, block_size));
|
||||
m_cipher_block.apply_initialization_vector(iv);
|
||||
cipher.encrypt_block(m_cipher_block, m_cipher_block);
|
||||
ASSERT(offset + block_size <= out.size());
|
||||
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), block_size);
|
||||
iv = out.offset(offset);
|
||||
length -= block_size;
|
||||
offset += block_size;
|
||||
}
|
||||
|
||||
if (length > 0) {
|
||||
m_cipher_block.overwrite(in.slice(offset, length));
|
||||
m_cipher_block.apply_initialization_vector(iv);
|
||||
cipher.encrypt_block(m_cipher_block, m_cipher_block);
|
||||
ASSERT(offset + block_size <= out.size());
|
||||
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), block_size);
|
||||
iv = out.offset(offset);
|
||||
}
|
||||
|
||||
if (ivec_out)
|
||||
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
|
||||
}
|
||||
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
||||
{
|
||||
auto length = in.size();
|
||||
if (length == 0)
|
||||
return;
|
||||
|
||||
auto& cipher = this->cipher();
|
||||
|
||||
ASSERT(!ivec.is_empty());
|
||||
const auto* iv = ivec.data();
|
||||
|
||||
auto block_size = cipher.block_size();
|
||||
|
||||
|
@ -110,23 +114,27 @@ public:
|
|||
// FIXME (ponder): Should we simply decrypt as much as we can?
|
||||
ASSERT(length % block_size == 0);
|
||||
|
||||
typename T::BlockType block { cipher.padding_mode() };
|
||||
m_cipher_block.set_padding_mode(cipher.padding_mode());
|
||||
size_t offset { 0 };
|
||||
|
||||
while (length > 0) {
|
||||
auto* slice = in.offset_pointer(offset);
|
||||
block.overwrite(slice, block_size);
|
||||
cipher.decrypt_block(block, block);
|
||||
block.apply_initialization_vector(iv);
|
||||
auto decrypted = block.get();
|
||||
out.overwrite(offset, decrypted.data(), decrypted.size());
|
||||
auto* slice = in.offset(offset);
|
||||
m_cipher_block.overwrite(slice, block_size);
|
||||
cipher.decrypt_block(m_cipher_block, m_cipher_block);
|
||||
m_cipher_block.apply_initialization_vector(iv);
|
||||
auto decrypted = m_cipher_block.get();
|
||||
ASSERT(offset + decrypted.size() <= out.size());
|
||||
__builtin_memcpy(out.offset(offset), decrypted.data(), decrypted.size());
|
||||
iv = slice;
|
||||
length -= block_size;
|
||||
offset += block_size;
|
||||
}
|
||||
out.trim(offset);
|
||||
out = out.slice(0, offset);
|
||||
this->prune_padding(out);
|
||||
}
|
||||
|
||||
private:
|
||||
typename T::BlockType m_cipher_block {};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -98,8 +98,8 @@ public:
|
|||
// Must intercept `Intent`, because AES must always be set to
|
||||
// Encryption, even when decrypting AES-CTR.
|
||||
// TODO: How to deal with ciphers that take different arguments?
|
||||
template<typename... Args>
|
||||
explicit constexpr CTR<T>(const ByteBuffer& user_key, size_t key_bits, Intent = Intent::Encryption, Args... args)
|
||||
template<typename KeyType, typename... Args>
|
||||
explicit constexpr CTR<T>(const KeyType& user_key, size_t key_bits, Intent = Intent::Encryption, Args... args)
|
||||
: Mode<T>(user_key, key_bits, args...)
|
||||
{
|
||||
}
|
||||
|
@ -114,26 +114,29 @@ public:
|
|||
|
||||
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
|
||||
|
||||
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
|
||||
{
|
||||
// Our interpretation of "ivec" is what AES-CTR
|
||||
// would define as nonce + IV + 4 zero bytes.
|
||||
return this->encrypt_or_stream(&in, out, ivec);
|
||||
this->encrypt_or_stream(&in, out, ivec, ivec_out);
|
||||
}
|
||||
|
||||
Optional<ByteBuffer> key_stream(ByteBuffer& out, Optional<ByteBuffer> ivec = {})
|
||||
void key_stream(Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr)
|
||||
{
|
||||
return this->encrypt_or_stream(nullptr, out, ivec);
|
||||
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
|
||||
}
|
||||
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
|
||||
{
|
||||
// XOR (and thus CTR) is the most symmetric mode.
|
||||
(void)this->encrypt(in, out, ivec);
|
||||
this->encrypt(in, out, ivec);
|
||||
}
|
||||
|
||||
private:
|
||||
static void increment_inplace(ByteBuffer& in)
|
||||
u8 m_ivec_storage[IVSizeInBits / 8];
|
||||
typename T::BlockType m_cipher_block {};
|
||||
|
||||
static void increment_inplace(Bytes& in)
|
||||
{
|
||||
for (size_t i = in.size(); i > 0;) {
|
||||
--i;
|
||||
|
@ -146,14 +149,14 @@ private:
|
|||
}
|
||||
}
|
||||
|
||||
Optional<ByteBuffer> encrypt_or_stream(const ByteBuffer* in, ByteBuffer& out, Optional<ByteBuffer> ivec)
|
||||
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr)
|
||||
{
|
||||
size_t length;
|
||||
if (in) {
|
||||
ASSERT(in->size() <= out.size());
|
||||
length = in->size();
|
||||
if (length == 0)
|
||||
return {};
|
||||
return;
|
||||
} else {
|
||||
length = out.size();
|
||||
}
|
||||
|
@ -162,29 +165,36 @@ private:
|
|||
|
||||
// FIXME: We should have two of these encrypt/decrypt functions that
|
||||
// we SFINAE out based on whether the Cipher mode needs an ivec
|
||||
ASSERT(ivec.has_value());
|
||||
auto iv = ivec.value();
|
||||
ASSERT(!ivec.is_empty());
|
||||
ASSERT(ivec.size() >= IV_length());
|
||||
|
||||
m_cipher_block.set_padding_mode(cipher.padding_mode());
|
||||
|
||||
__builtin_memcpy(m_ivec_storage, ivec.data(), IV_length());
|
||||
Bytes iv { m_ivec_storage, IV_length() };
|
||||
|
||||
typename T::BlockType block { cipher.padding_mode() };
|
||||
size_t offset { 0 };
|
||||
auto block_size = cipher.block_size();
|
||||
|
||||
while (length > 0) {
|
||||
block.overwrite(iv.slice_view(0, block_size));
|
||||
m_cipher_block.overwrite(iv.slice(0, block_size));
|
||||
|
||||
cipher.encrypt_block(block, block);
|
||||
cipher.encrypt_block(m_cipher_block, m_cipher_block);
|
||||
if (in) {
|
||||
block.apply_initialization_vector(in->data() + offset);
|
||||
m_cipher_block.apply_initialization_vector(in->data() + offset);
|
||||
}
|
||||
auto write_size = min(block_size, length);
|
||||
out.overwrite(offset, block.get().data(), write_size);
|
||||
|
||||
ASSERT(offset + write_size <= out.size());
|
||||
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), write_size);
|
||||
|
||||
increment_inplace(iv);
|
||||
length -= write_size;
|
||||
offset += write_size;
|
||||
}
|
||||
|
||||
return iv;
|
||||
if (ivec_out)
|
||||
__builtin_memcpy(ivec_out->data(), iv.data(), min(ivec_out->size(), IV_length()));
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -27,6 +27,8 @@
|
|||
#pragma once
|
||||
|
||||
#include <AK/ByteBuffer.h>
|
||||
#include <AK/Span.h>
|
||||
#include <AK/StdLibExtras.h>
|
||||
#include <LibCrypto/Cipher/Cipher.h>
|
||||
|
||||
namespace Crypto {
|
||||
|
@ -37,9 +39,8 @@ class Mode {
|
|||
public:
|
||||
virtual ~Mode() { }
|
||||
|
||||
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
|
||||
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
|
||||
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
|
||||
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0;
|
||||
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0;
|
||||
|
||||
virtual size_t IV_length() const = 0;
|
||||
|
||||
|
@ -58,7 +59,7 @@ public:
|
|||
T& cipher() { return m_cipher; }
|
||||
|
||||
protected:
|
||||
virtual void prune_padding(ByteBuffer& data)
|
||||
virtual void prune_padding(Bytes& data)
|
||||
{
|
||||
auto size = data.size();
|
||||
switch (m_cipher.padding_mode()) {
|
||||
|
@ -74,7 +75,7 @@ protected:
|
|||
return;
|
||||
}
|
||||
}
|
||||
data.trim(size - maybe_padding_length);
|
||||
data = data.slice(0, size - maybe_padding_length);
|
||||
break;
|
||||
}
|
||||
case PaddingMode::RFC5246: {
|
||||
|
@ -86,13 +87,13 @@ protected:
|
|||
return;
|
||||
}
|
||||
}
|
||||
data.trim(size - maybe_padding_length - 1);
|
||||
data = data.slice(0, size - maybe_padding_length - 1);
|
||||
break;
|
||||
}
|
||||
case PaddingMode::Null: {
|
||||
while (data[size - 1] == 0)
|
||||
--size;
|
||||
data.trim(size);
|
||||
data = data.slice(0, size);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue