crypto: Make aes_unwrap look similar to aes_wrap

Running basic performance testing on x86 shows new and old code within a few percent of each other. The main penalty is the AES AF_ALG invocation.
2024-11-22 06:29:23 +01:00 · 2017-08-31 12:18:07 -05:00 · 2017-08-31 12:18:07 -05:00 · 6d6fa57550
commit 6d6fa57550
parent 4f865ba9f8
1 changed files with 11 additions and 11 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@ -125,11 +125,12 @@ bool cmac_aes(const void *key, size_t key_len,
 bool aes_unwrap(const uint8_t *kek, const uint8_t *in, size_t len,
 			uint8_t *out)
 {
-	uint8_t b[16];
-	uint8_t *r;
+	uint64_t b[2];
+	uint64_t *r;
 	size_t n = (len - 8) >> 3;
 	int i, j;
 	struct l_cipher *cipher;
+	uint64_t t = n * 6;

 	cipher = l_cipher_new(L_CIPHER_AES, kek, 16);
 	if (!cipher)
@ -141,23 +142,22 @@ bool aes_unwrap(const uint8_t *kek, const uint8_t *in, size_t len,

 	/* Unwrap */
 	for (j = 5; j >= 0; j--) {
-		r = out + (n - 1) * 8;
+		r = (uint64_t *) out + n - 1;

-		for (i = n; i >= 1; i--) {
-			memcpy(b + 8, r, 8);
-			b[7] ^= n * j + i;
+		for (i = n; i >= 1; i--, t--) {
+			b[0] ^= L_CPU_TO_BE64(t);
+			b[1] = L_GET_UNALIGNED(r);
 			l_cipher_decrypt(cipher, b, b, 16);
-			memcpy(r, b + 8, 8);
-			r -= 8;
+			L_PUT_UNALIGNED(b[1], r);
+			r -= 1;
 		}
 	}

 	l_cipher_free(cipher);

 	/* Check IV */
-	for (i = 0; i < 8; i++)
-		if (b[i] != 0xA6)
-			return false;
+	if (b[0] != 0xa6a6a6a6a6a6a6a6)
+		return false;

 	return true;
 }