From 13041e0323685ff1b2ccade347cb1de850286d23 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Thu, 22 Apr 2021 17:49:51 -0500 Subject: [PATCH] Further optimization to avoid needless calls to EVP_aes_128_gcm() and EVP_aes_128_cbc() --- src/PlatformCrypto.c | 72 +++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 44 deletions(-) diff --git a/src/PlatformCrypto.c b/src/PlatformCrypto.c index bf1f375..72e2fb3 100644 --- a/src/PlatformCrypto.c +++ b/src/PlatformCrypto.c @@ -103,31 +103,16 @@ bool PltEncryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, *outputDataLength = outLength; return true; #else - const EVP_CIPHER* cipher; - - switch (algorithm) { - case ALGORITHM_AES_CBC: - LC_ASSERT(keyLength == 16); - LC_ASSERT(tag == NULL); - LC_ASSERT(tagLength == 0); - cipher = EVP_aes_128_cbc(); - break; - case ALGORITHM_AES_GCM: - LC_ASSERT(keyLength == 16); - LC_ASSERT(tag != NULL); - LC_ASSERT(tagLength > 0); - cipher = EVP_aes_128_gcm(); - break; - default: - LC_ASSERT(false); - return false; - } + LC_ASSERT(keyLength == 16); if (algorithm == ALGORITHM_AES_GCM) { + LC_ASSERT(tag != NULL); + LC_ASSERT(tagLength > 0); + if (!ctx->initialized || (flags & CIPHER_FLAG_RESET_IV)) { // Perform a full initialization. This codepath also allows // us to change the IV length if required. - if (EVP_EncryptInit_ex(ctx->ctx, cipher, NULL, NULL, NULL) != 1) { + if (EVP_EncryptInit_ex(ctx->ctx, EVP_aes_128_gcm(), NULL, NULL, NULL) != 1) { return false; } @@ -149,10 +134,13 @@ bool PltEncryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, } } } - else { + else if (algorithm == ALGORITHM_AES_CBC) { + LC_ASSERT(tag == NULL); + LC_ASSERT(tagLength == 0); + if (!ctx->initialized) { // Perform a full initialization - if (EVP_EncryptInit_ex(ctx->ctx, cipher, NULL, key, iv) != 1) { + if (EVP_EncryptInit_ex(ctx->ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1) { return false; } @@ -170,6 +158,10 @@ bool PltEncryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, inputDataLength = addPkcs7PaddingInPlace(inputData, inputDataLength); } } + else { + LC_ASSERT(false); + return false; + } if (EVP_EncryptUpdate(ctx->ctx, outputData, outputDataLength, inputData, inputDataLength) != 1) { return false; @@ -279,31 +271,16 @@ bool PltDecryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, *outputDataLength = outLength; return true; #else - const EVP_CIPHER* cipher; - - switch (algorithm) { - case ALGORITHM_AES_CBC: - LC_ASSERT(keyLength == 16); - LC_ASSERT(tag == NULL); - LC_ASSERT(tagLength == 0); - cipher = EVP_aes_128_cbc(); - break; - case ALGORITHM_AES_GCM: - LC_ASSERT(keyLength == 16); - LC_ASSERT(tag != NULL); - LC_ASSERT(tagLength > 0); - cipher = EVP_aes_128_gcm(); - break; - default: - LC_ASSERT(false); - return false; - } + LC_ASSERT(keyLength == 16); if (algorithm == ALGORITHM_AES_GCM) { + LC_ASSERT(tag != NULL); + LC_ASSERT(tagLength > 0); + if (!ctx->initialized || (flags & CIPHER_FLAG_RESET_IV)) { // Perform a full initialization. This codepath also allows // us to change the IV length if required. - if (EVP_DecryptInit_ex(ctx->ctx, cipher, NULL, NULL, NULL) != 1) { + if (EVP_DecryptInit_ex(ctx->ctx, EVP_aes_128_gcm(), NULL, NULL, NULL) != 1) { return false; } @@ -325,10 +302,13 @@ bool PltDecryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, } } } - else { + else if (algorithm == ALGORITHM_AES_CBC) { + LC_ASSERT(tag == NULL); + LC_ASSERT(tagLength == 0); + if (!ctx->initialized) { // Perform a full initialization - if (EVP_DecryptInit_ex(ctx->ctx, cipher, NULL, key, iv) != 1) { + if (EVP_DecryptInit_ex(ctx->ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1) { return false; } @@ -342,6 +322,10 @@ bool PltDecryptMessage(PPLT_CRYPTO_CONTEXT ctx, int algorithm, int flags, } } } + else { + LC_ASSERT(false); + return false; + } if (EVP_DecryptUpdate(ctx->ctx, outputData, outputDataLength, inputData, inputDataLength) != 1) { return false;