enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

readability code clean-up (#529)

Browse Source
This commit is contained in:
Logan oos Even 2020-12-08 20:31:57 +05:45 committed by GitHub
parent d7654397a8
commit 3252231ecb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 669 additions and 772 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/aes.h
View File

@ -37,7 +37,7 @@
#define AES128_KEY_BYTES (128/8)
#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 ---------------------------------------------
#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 ---------------------------------------------------------------------
#include <openssl/aes.h>
#include <openssl/evp.h>
@ -51,7 +51,7 @@ typedef struct aes_context_t {
AES_KEY ecb_dec_key; /* one step ecb decryption key */
} aes_context_t;
#elif defined (__AES__) && defined (__SSE2__) // Intel's AES-NI ---------------------------
#elif defined (__AES__) && defined (__SSE2__) // Intel's AES-NI ---------------------------------------------------
#include <immintrin.h>
@ -61,7 +61,7 @@ typedef struct aes_context_t {
int Nr;
} aes_context_t;
#else // plain C --------------------------------------------------------------------------
#else // plain C --------------------------------------------------------------------------------------------------
typedef struct aes_context_t {
uint32_t enc_rk[60]; // round keys for encryption
@ -69,7 +69,7 @@ typedef struct aes_context_t {
int Nr; // number of rounds
} aes_context_t;
#endif // ---------------------------------------------------------------------------------
#endif // ---------------------------------------------------------------------------------------------------------
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,

201
src/aes.c
View File

@ -20,7 +20,7 @@
#include "n2n.h"
#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 ---------------------------------------------
#if defined (HAVE_OPENSSL_1_1) // openSSL 1.1 ---------------------------------------------------------------------
// get any erorr message out of openssl
@ -37,6 +37,7 @@ static char *openssl_err_as_string (void) {
memcpy (ret, buf, len);
BIO_free (bio);
return ret;
}
@ -123,7 +124,8 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
*ctx = (aes_context_t*) calloc(1, sizeof(aes_context_t));
if(!(*ctx))
return -1;
// ...and fill her up
// ...and fill her up:
// initialize data structures
if(!((*ctx)->enc_ctx = EVP_CIPHER_CTX_new())) {
@ -131,6 +133,7 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
openssl_err_as_string());
return -1;
}
if(!((*ctx)->dec_ctx = EVP_CIPHER_CTX_new())) {
traceEvent(TRACE_ERROR, "aes_init openssl's evp_* decryption context creation failed: %s",
openssl_err_as_string());
@ -161,7 +164,7 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
}
#elif defined (__AES__) && defined (__SSE2__) // Intel's AES-NI ---------------------------
#elif defined (__AES__) && defined (__SSE2__) // Intel's AES-NI ---------------------------------------------------
// inspired by https://gist.github.com/acapola/d5b940da024080dfaf5f
@ -172,10 +175,14 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
static __m128i aes128_keyexpand(__m128i key, __m128i keygened, uint8_t shuf) {
key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
// unfortunately, shuffle expects immediate argument ... macrorize???!!!
// unfortunately, shuffle expects immediate argument, thus the not-so-stylish switch ...
// REVISIT: either macrorize this whole function (and perhaps the following one) or
// use shuffle_epi8 (which would require SSSE3 instead of SSE2)
switch(shuf) {
case 0x55:
keygened = _mm_shuffle_epi32(keygened, 0x55 );
@ -189,14 +196,16 @@ static __m128i aes128_keyexpand(__m128i key, __m128i keygened, uint8_t shuf) {
default:
break;
}
return _mm_xor_si128(key, keygened);
}
static __m128i aes192_keyexpand_2(__m128i key, __m128i key2)
{
static __m128i aes192_keyexpand_2(__m128i key, __m128i key2) {
key = _mm_shuffle_epi32(key, 0xff);
key2 = _mm_xor_si128(key2, _mm_slli_si128(key2, 4));
return _mm_xor_si128(key, key2);
}
@ -233,28 +242,36 @@ static int aes_internal_key_setup (aes_context_t *ctx, const uint8_t *key, int k
case 192: {
__m128i temp[2];
ctx->rk_enc[ 0] = _mm_loadu_si128((const __m128i*) key);
ctx->rk_enc[ 1] = _mm_loadu_si128((const __m128i*) (key+16));
temp[0] = KEYEXP192(ctx->rk_enc[0], ctx->rk_enc[1], 0x01);
temp[1] = KEYEXP192_2(temp[0], ctx->rk_enc[1]);
ctx->rk_enc[ 1] = (__m128i)_mm_shuffle_pd((__m128d)ctx->rk_enc[1], (__m128d)temp[0], 0);
ctx->rk_enc[ 2] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);
ctx->rk_enc[ 3] = KEYEXP192(temp[0], temp[1], 0x02);
ctx->rk_enc[ 4] = KEYEXP192_2(ctx->rk_enc[3], temp[1]);
temp[0] = KEYEXP192(ctx->rk_enc[3], ctx->rk_enc[4], 0x04);
temp[1] = KEYEXP192_2(temp[0], ctx->rk_enc[4]);
ctx->rk_enc[ 4] = (__m128i)_mm_shuffle_pd((__m128d)ctx->rk_enc[4], (__m128d)temp[0], 0);
ctx->rk_enc[ 5] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);
ctx->rk_enc[ 6] = KEYEXP192(temp[0], temp[1], 0x08);
ctx->rk_enc[ 7] = KEYEXP192_2(ctx->rk_enc[6], temp[1]);
temp[0] = KEYEXP192(ctx->rk_enc[6], ctx->rk_enc[7], 0x10);
temp[1] = KEYEXP192_2(temp[0], ctx->rk_enc[7]);
ctx->rk_enc[ 7] = (__m128i)_mm_shuffle_pd((__m128d)ctx->rk_enc[7], (__m128d)temp[0], 0);
ctx->rk_enc[ 8] = (__m128i)_mm_shuffle_pd((__m128d)temp[0], (__m128d)temp[1], 1);
ctx->rk_enc[ 9] = KEYEXP192(temp[0], temp[1], 0x20);
ctx->rk_enc[10] = KEYEXP192_2(ctx->rk_enc[9], temp[1]);
temp[0] = KEYEXP192(ctx->rk_enc[9], ctx->rk_enc[10], 0x40);
temp[1] = KEYEXP192_2(temp[0], ctx->rk_enc[10]);
ctx->rk_enc[10] = (__m128i)_mm_shuffle_pd((__m128d)ctx->rk_enc[10], (__m128d) temp[0], 0);
ctx->rk_enc[11] = (__m128i)_mm_shuffle_pd((__m128d)temp[0],(__m128d) temp[1], 1);
ctx->rk_enc[12] = KEYEXP192(temp[0], temp[1], 0x80);
break;
@ -368,8 +385,8 @@ int aes_ecb_encrypt (unsigned char *out, const unsigned char *in, aes_context_t
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
const unsigned char *iv, aes_context_t *ctx) {
int n; // number of blocks
int ret = (int)in_len & 15; // remainder
int n; /* number of blocks */
int ret = (int)in_len & 15; /* remainder */
__m128i ivec = _mm_loadu_si128((__m128i*)iv);
@ -411,11 +428,12 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
const unsigned char *iv, aes_context_t *ctx) {
int n; // number of blocks
int ret = (int)in_len & 15; // remainder
int n; /* number of blocks */
int ret = (int)in_len & 15; /* remainder */
__m128i ivec = _mm_loadu_si128((__m128i*)iv);
// 4 parallel rails of AES decryption to reduce data dependencies in x86's deep pipelines
for(n = in_len / 16; n > 3; n -=4) {
__m128i tmp1 = _mm_loadu_si128((__m128i*)in); in += 16;
__m128i tmp2 = _mm_loadu_si128((__m128i*)in); in += 16;
@ -484,9 +502,11 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
_mm_storeu_si128((__m128i*) out, tmp2); out += 16;
_mm_storeu_si128((__m128i*) out, tmp3); out += 16;
_mm_storeu_si128((__m128i*) out, tmp4); out += 16;
} // now: less than 4 blocks remaining
}
// now: less than 4 blocks remaining
if(n > 1) { // 2 or 3 blocks remaining --> this code handles two of them
// if 2 or 3 blocks remaining --> this code handles two of them
if(n > 1) {
n-= 2;
__m128i tmp1 = _mm_loadu_si128((__m128i*)in); in += 16;
@ -523,7 +543,8 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
_mm_storeu_si128((__m128i*) out, tmp2); out += 16;
}
if(n) { // one block remaining
// one block remaining
if(n) {
__m128i tmp = _mm_loadu_si128((__m128i*)in);
__m128i old_in = tmp;
@ -562,7 +583,7 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
*ctx = (aes_context_t*) calloc(1, sizeof(aes_context_t));
if(!(*ctx))
return -1;
// ...and fill her up
// ...and fill her up:
// initialize data structures
@ -581,12 +602,14 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
// key materiel handling
aes_internal_key_setup ( *ctx, key, 8 * key_size);
return 0;
}
#else // plain C --------------------------------------------------------------------------
// rijndael-alg-fst.c version 3.0 (December 2000)
// optimised ANSI C code for the Rijndael cipher (now AES)
// original authors: Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@ -968,11 +991,8 @@ static const uint32_t rcon[] = {
#define m3(x) ((x) & 0xff000000)
/**
* Expand the cipher key into the encryption key schedule.
*
* @return the number of rounds for the given cipher key size.
*/
// expand the cipher key into the encryption key schedule and
// return the number of rounds for the given cipher key size
static int aes_internal_key_setup_enc (uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits) {
int i = 0;
@ -1048,22 +1068,19 @@ static int aes_internal_key_setup_enc (uint32_t rk[/*4*(Nr + 1)*/], const uint8_
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
rk += 8;
}
}
return 0;
}
/**
* Expand the cipher key into the decryption key schedule.
*
* @return the number of rounds for the given cipher key size.
*/
#define INVMIXCOLRK(n) rk[n] = Td0[b0(Te4[b3(rk[n])])] ^ Td1[b0(Te4[b2(rk[n])])] ^ Td2[b0(Te4[b1(rk[n])])] ^ Td3[b0(Te4[b0(rk[n])])]
// expand the cipher key into the decryption key schedule and
// return the number of rounds for the given cipher key size
static int aes_internal_key_setup_dec (uint32_t rk[/*4*(Nr + 1)*/], const uint8_t cipherKey[], int keyBits) {
int Nr, i, j;
@ -1078,6 +1095,7 @@ static int aes_internal_key_setup_dec (uint32_t rk[/*4*(Nr + 1)*/], const uint8_
temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
}
// apply the inverse MixColumn transform to all round keys but the first and the last
for(i = 1; i < Nr; i++) {
rk += 4;
@ -1212,6 +1230,7 @@ int aes_ecb_encrypt (unsigned char *out, const unsigned char *in, aes_context_t
#define fix_xor(target, source) *(uint32_t*)&(target)[0] = *(uint32_t*)&(target)[0] ^ *(uint32_t*)&(source)[0]; *(uint32_t*)&(target)[4] = *(uint32_t*)&(target)[4] ^ *(uint32_t*)&(source)[4]; \
*(uint32_t*)&(target)[8] = *(uint32_t*)&(target)[8] ^ *(uint32_t*)&(source)[8]; *(uint32_t*)&(target)[12] = *(uint32_t*)&(target)[12] ^ *(uint32_t*)&(source)[12];
int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
const unsigned char *iv, aes_context_t *ctx) {
@ -1227,6 +1246,7 @@ int aes_cbc_encrypt (unsigned char *out, const unsigned char *in, size_t in_len,
aes_internal_encrypt(ctx->enc_rk, ctx->Nr, tmp, tmp);
memcpy(&out[i * AES_BLOCK_SIZE], tmp, AES_BLOCK_SIZE);
}
return n * AES_BLOCK_SIZE;
}
@ -1252,13 +1272,14 @@ int aes_cbc_decrypt (unsigned char *out, const unsigned char *in, size_t in_len,
return n * AES_BLOCK_SIZE;
}
int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
// allocate context...
*ctx = (aes_context_t*) calloc(1, sizeof(aes_context_t));
if(!(*ctx))
return -1;
// ...and fill her up
// ...and fill her up:
// initialize data structures
@ -1282,7 +1303,8 @@ int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
}
#endif // openSSL 1.1, AES-NI, plain C ----------------------------------------------------
#endif // openSSL 1.1, AES-NI, plain C ----------------------------------------------------------------------------
int aes_deinit (aes_context_t *ctx) {
@ -1290,128 +1312,3 @@ int aes_deinit (aes_context_t *ctx) {
return 0;
}
// --- for testing ------------------------------------------------------------------------
// --- remove when done ---
/* int aes_init (const unsigned char *key, size_t key_size, aes_context_t **ctx) {
// allocate context...
*ctx = (aes_context_t*) calloc(1, sizeof(aes_context_t));
if (!(*ctx))
return -1;
// ...and fill her up
// initialize data structures
#ifdef HAVE_OPENSSL_1_1
if(!((*ctx)->enc_ctx = EVP_CIPHER_CTX_new())) {
traceEvent(TRACE_ERROR, "aes_init openssl's evp_* encryption context creation failed: %s",
openssl_err_as_string());
return(-1);
}
if(!((*ctx)->dec_ctx = EVP_CIPHER_CTX_new())) {
traceEvent(TRACE_ERROR, "aes_init openssl's evp_* decryption context creation failed: %s",
openssl_err_as_string());
return(-1);
}
#endif
// check key size and make key size (given in bytes) dependant settings
switch(key_size) {
case AES128_KEY_BYTES: // 128 bit key size
#ifdef HAVE_OPENSSL_1_1
(*ctx)->cipher = EVP_aes_128_cbc();
#endif
break;
case AES192_KEY_BYTES: // 192 bit key size
#ifdef HAVE_OPENSSL_1_1
(*ctx)->cipher = EVP_aes_192_cbc();
#endif
break;
case AES256_KEY_BYTES: // 256 bit key size
#ifdef HAVE_OPENSSL_1_1
(*ctx)->cipher = EVP_aes_256_cbc();
#endif
break;
default:
traceEvent(TRACE_ERROR, "aes_init invalid key size %u\n", key_size);
return -1;
}
// key materiel handling
#ifdef HAVE_OPENSSL_1_1
memcpy((*ctx)->key, key, key_size);
AES_set_decrypt_key(key, key_size * 8, &((*ctx)->ecb_dec_key));
#else
AES_set_encrypt_key(key, key_size * 8, &((*ctx)->enc_key));
AES_set_decrypt_key(key, key_size * 8, &((*ctx)->dec_key));
#endif
return 0;
}
#ifdef TEST_AES
int main () {
aes_context_t *ctx;
// *ctx = malloc(sizeof(aes_context_t));
// uint8_t key[32] = {0};
// 128 bit key 0 --> 0336763e966d92595a567cc9ce537f5e
// uint8_t pt[16] = {0xf3, 0x44, 0x81, 0xec, 0x3c, 0xc6, 0x27, 0xba,
// 0xcd, 0x5d, 0xc3, 0xfb, 0x08, 0xf2, 0x73, 0xe6 };
// 256 bit key 0 --> 5c9d844ed46f9885085e5d6a4f94c7d7
// uint8_t pt[16] = {0x01, 0x47, 0x30, 0xf8, 0x0a, 0xc6, 0x25, 0xfe,
// 0x84, 0xf0, 0x26, 0xc6, 0x0b, 0xfd, 0x54, 0x7d };
uint8_t pt[16] = {0};
// 0 pt --> 6d251e6944b051e04eaa6fb4dbf78465
uint8_t key[16] = {0x10, 0xa5, 0x88, 0x69, 0xd7, 0x4b, 0xe5, 0xa3,
0x74, 0xcf, 0x86, 0x7c, 0xfb, 0x47, 0x38, 0x59 };
uint8_t ct[16] = {0};
int i;
// aes_internal_key_setup (ctx, key, 8 * sizeof(key));
aes_init (key, sizeof(key), &ctx);
printf ("Nr = %u\n",(ctx)->Nr);
memset (pt, 0, 16);
for(i = 0; i < 16; i++)
printf ("%02x",pt[i]);
printf ("--- pt\n");
aes_internal_encrypt((ctx), pt, ct);
memset (pt, 4, 16);
for(i = 0; i < 16; i++)
printf ("%02x",ct[i]);
printf ("--- ct\n");
printf ("Nr = %u\n",(ctx)->Nr);
printf ("Nr = %u\n",(ctx)->Nr);
aes_internal_decrypt((ctx), ct, pt);
memset (ct, 9, 16);
for(i = 0; i < 16; i++)
printf ("%02x",pt[i]);
printf ("--- pt\n");
aes_internal_encrypt((ctx), pt, ct);
for(i = 0; i < 16; i++)
printf ("%02x",ct[i]);
printf ("--- ct\n");
}
#endif
*/