1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 23:37:36 +00:00

LibCrypto+LibTLS+Kernel: Switch the Cipher::Mode interface to use Span

This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the
Mode<T> interface a lot more allocation-friendly.
This commit is contained in:
AnotherTest 2020-08-11 23:30:49 +04:30 committed by Andreas Kling
parent caedd05bd8
commit bc7a149039
11 changed files with 182 additions and 153 deletions

View file

@ -27,8 +27,8 @@
#pragma once
#include <AK/String.h>
#include <AK/StringView.h>
#include <AK/StringBuilder.h>
#include <AK/StringView.h>
#include <LibCrypto/Cipher/Mode/Mode.h>
namespace Crypto {
@ -56,44 +56,7 @@ public:
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();
if (length == 0)
return {};
auto& cipher = this->cipher();
// FIXME: We should have two of these encrypt/decrypt functions that
// we SFINAE out based on whether the Cipher mode needs an ivec
ASSERT(ivec.has_value());
const auto* iv = ivec.value().data();
typename T::BlockType block { cipher.padding_mode() };
size_t offset { 0 };
auto block_size = cipher.block_size();
while (length >= block_size) {
block.overwrite(in.slice_view(offset, block_size));
block.apply_initialization_vector(iv);
cipher.encrypt_block(block, block);
out.overwrite(offset, block.get().data(), block_size);
iv = out.offset_pointer(offset);
length -= block_size;
offset += block_size;
}
if (length > 0) {
block.overwrite(in.slice_view(offset, length));
block.apply_initialization_vector(iv);
cipher.encrypt_block(block, block);
out.overwrite(offset, block.get().data(), block_size);
iv = out.offset_pointer(offset);
}
return ByteBuffer::copy(iv, block_size);
}
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
{
auto length = in.size();
if (length == 0)
@ -101,8 +64,49 @@ public:
auto& cipher = this->cipher();
ASSERT(ivec.has_value());
const auto* iv = ivec.value().data();
// FIXME: We should have two of these encrypt/decrypt functions that
// we SFINAE out based on whether the Cipher mode needs an ivec
ASSERT(!ivec.is_empty());
const auto* iv = ivec.data();
m_cipher_block.set_padding_mode(cipher.padding_mode());
size_t offset { 0 };
auto block_size = cipher.block_size();
while (length >= block_size) {
m_cipher_block.overwrite(in.slice(offset, block_size));
m_cipher_block.apply_initialization_vector(iv);
cipher.encrypt_block(m_cipher_block, m_cipher_block);
ASSERT(offset + block_size <= out.size());
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), block_size);
iv = out.offset(offset);
length -= block_size;
offset += block_size;
}
if (length > 0) {
m_cipher_block.overwrite(in.slice(offset, length));
m_cipher_block.apply_initialization_vector(iv);
cipher.encrypt_block(m_cipher_block, m_cipher_block);
ASSERT(offset + block_size <= out.size());
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), block_size);
iv = out.offset(offset);
}
if (ivec_out)
__builtin_memcpy(ivec_out->data(), iv, min(IV_length(), ivec_out->size()));
}
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
{
auto length = in.size();
if (length == 0)
return;
auto& cipher = this->cipher();
ASSERT(!ivec.is_empty());
const auto* iv = ivec.data();
auto block_size = cipher.block_size();
@ -110,23 +114,27 @@ public:
// FIXME (ponder): Should we simply decrypt as much as we can?
ASSERT(length % block_size == 0);
typename T::BlockType block { cipher.padding_mode() };
m_cipher_block.set_padding_mode(cipher.padding_mode());
size_t offset { 0 };
while (length > 0) {
auto* slice = in.offset_pointer(offset);
block.overwrite(slice, block_size);
cipher.decrypt_block(block, block);
block.apply_initialization_vector(iv);
auto decrypted = block.get();
out.overwrite(offset, decrypted.data(), decrypted.size());
auto* slice = in.offset(offset);
m_cipher_block.overwrite(slice, block_size);
cipher.decrypt_block(m_cipher_block, m_cipher_block);
m_cipher_block.apply_initialization_vector(iv);
auto decrypted = m_cipher_block.get();
ASSERT(offset + decrypted.size() <= out.size());
__builtin_memcpy(out.offset(offset), decrypted.data(), decrypted.size());
iv = slice;
length -= block_size;
offset += block_size;
}
out.trim(offset);
out = out.slice(0, offset);
this->prune_padding(out);
}
private:
typename T::BlockType m_cipher_block {};
};
}

View file

@ -98,8 +98,8 @@ public:
// Must intercept `Intent`, because AES must always be set to
// Encryption, even when decrypting AES-CTR.
// TODO: How to deal with ciphers that take different arguments?
template<typename... Args>
explicit constexpr CTR<T>(const ByteBuffer& user_key, size_t key_bits, Intent = Intent::Encryption, Args... args)
template<typename KeyType, typename... Args>
explicit constexpr CTR<T>(const KeyType& user_key, size_t key_bits, Intent = Intent::Encryption, Args... args)
: Mode<T>(user_key, key_bits, args...)
{
}
@ -114,26 +114,29 @@ public:
virtual size_t IV_length() const override { return IVSizeInBits / 8; }
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) override
{
// Our interpretation of "ivec" is what AES-CTR
// would define as nonce + IV + 4 zero bytes.
return this->encrypt_or_stream(&in, out, ivec);
this->encrypt_or_stream(&in, out, ivec, ivec_out);
}
Optional<ByteBuffer> key_stream(ByteBuffer& out, Optional<ByteBuffer> ivec = {})
void key_stream(Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr)
{
return this->encrypt_or_stream(nullptr, out, ivec);
this->encrypt_or_stream(nullptr, out, ivec, ivec_out);
}
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) override
{
// XOR (and thus CTR) is the most symmetric mode.
(void)this->encrypt(in, out, ivec);
this->encrypt(in, out, ivec);
}
private:
static void increment_inplace(ByteBuffer& in)
u8 m_ivec_storage[IVSizeInBits / 8];
typename T::BlockType m_cipher_block {};
static void increment_inplace(Bytes& in)
{
for (size_t i = in.size(); i > 0;) {
--i;
@ -146,14 +149,14 @@ private:
}
}
Optional<ByteBuffer> encrypt_or_stream(const ByteBuffer* in, ByteBuffer& out, Optional<ByteBuffer> ivec)
void encrypt_or_stream(const ReadonlyBytes* in, Bytes& out, const Bytes& ivec, Bytes* ivec_out = nullptr)
{
size_t length;
if (in) {
ASSERT(in->size() <= out.size());
length = in->size();
if (length == 0)
return {};
return;
} else {
length = out.size();
}
@ -162,29 +165,36 @@ private:
// FIXME: We should have two of these encrypt/decrypt functions that
// we SFINAE out based on whether the Cipher mode needs an ivec
ASSERT(ivec.has_value());
auto iv = ivec.value();
ASSERT(!ivec.is_empty());
ASSERT(ivec.size() >= IV_length());
m_cipher_block.set_padding_mode(cipher.padding_mode());
__builtin_memcpy(m_ivec_storage, ivec.data(), IV_length());
Bytes iv { m_ivec_storage, IV_length() };
typename T::BlockType block { cipher.padding_mode() };
size_t offset { 0 };
auto block_size = cipher.block_size();
while (length > 0) {
block.overwrite(iv.slice_view(0, block_size));
m_cipher_block.overwrite(iv.slice(0, block_size));
cipher.encrypt_block(block, block);
cipher.encrypt_block(m_cipher_block, m_cipher_block);
if (in) {
block.apply_initialization_vector(in->data() + offset);
m_cipher_block.apply_initialization_vector(in->data() + offset);
}
auto write_size = min(block_size, length);
out.overwrite(offset, block.get().data(), write_size);
ASSERT(offset + write_size <= out.size());
__builtin_memcpy(out.offset(offset), m_cipher_block.get().data(), write_size);
increment_inplace(iv);
length -= write_size;
offset += write_size;
}
return iv;
if (ivec_out)
__builtin_memcpy(ivec_out->data(), iv.data(), min(ivec_out->size(), IV_length()));
}
};

View file

@ -27,6 +27,8 @@
#pragma once
#include <AK/ByteBuffer.h>
#include <AK/Span.h>
#include <AK/StdLibExtras.h>
#include <LibCrypto/Cipher/Cipher.h>
namespace Crypto {
@ -37,9 +39,8 @@ class Mode {
public:
virtual ~Mode() { }
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void encrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}, Bytes* ivec_out = nullptr) = 0;
virtual void decrypt(const ReadonlyBytes& in, Bytes& out, const Bytes& ivec = {}) = 0;
virtual size_t IV_length() const = 0;
@ -58,7 +59,7 @@ public:
T& cipher() { return m_cipher; }
protected:
virtual void prune_padding(ByteBuffer& data)
virtual void prune_padding(Bytes& data)
{
auto size = data.size();
switch (m_cipher.padding_mode()) {
@ -74,7 +75,7 @@ protected:
return;
}
}
data.trim(size - maybe_padding_length);
data = data.slice(0, size - maybe_padding_length);
break;
}
case PaddingMode::RFC5246: {
@ -86,13 +87,13 @@ protected:
return;
}
}
data.trim(size - maybe_padding_length - 1);
data = data.slice(0, size - maybe_padding_length - 1);
break;
}
case PaddingMode::Null: {
while (data[size - 1] == 0)
--size;
data.trim(size);
data = data.slice(0, size);
break;
}
default: