Multithreaded encrypt: improvements

Split out encryption in software for TLSv13. Call software encryption in async encrypt. Support ChaCha20-Poly1305.
wolfSSL · Dec 17, 2024 · a68f776 · a68f776
1 parent dd3a59c
commit a68f776
Show file tree

Hide file tree

Showing 5 changed files with 217 additions and 195 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -8234,10 +8234,17 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
     {
         int i;
         for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
-            bufferStatic* buff = &ssl->buffers.encrypt[i].buffer;
-
-            ssl->buffers.encrypt[i].stop = 1;
-            FreeCiphersSide(&ssl->buffers.encrypt[i].cipher, ssl->heap);
+            ThreadCrypt* encrypt = &ssl->buffers.encrypt[i];
+            bufferStatic* buff = &encrypt->buffer;
+
+            encrypt->stop = 1;
+            FreeCiphersSide(&encrypt->cipher, ssl->heap);
+        #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
+            if (encrypt->auth.poly1305)
+                ForceZero(encrypt->auth.poly1305, sizeof(Poly1305));
+            XFREE(encrypt->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
+            encrypt->auth.poly1305 = NULL;
+        #endif
             if (buff->dynamicFlag) {
                 XFREE(buff->buffer - buff->offset, ssl->heap,
                     DYNAMIC_TYPE_OUT_BUFFER);
@@ -8248,10 +8255,17 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
             }
         }
         for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) {
-            bufferStatic* buff = &ssl->buffers.decrypt[i].buffer;
-
-            ssl->buffers.decrypt[i].stop = 1;
-            FreeCiphersSide(&ssl->buffers.decrypt[i].cipher, ssl->heap);
+            ThreadCrypt* decrypt = &ssl->buffers.decrypt[i];
+            bufferStatic* buff = &decrypt->buffer;
+
+            decrypt->stop = 1;
+            FreeCiphersSide(&decrypt->cipher, ssl->heap);
+        #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH)
+            if (decrypt->auth.poly1305)
+                ForceZero(decrypt->auth.poly1305, sizeof(Poly1305));
+            XFREE(decrypt->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
+            decrypt->auth.poly1305 = NULL;
+        #endif
             if (buff->dynamicFlag) {
                 XFREE(buff->buffer - buff->offset, ssl->heap,
                     DYNAMIC_TYPE_OUT_BUFFER);
@@ -25295,40 +25309,27 @@ int SendData(WOLFSSL* ssl, const void* data, int sz)
                 SetKeys(&encrypt->cipher, NULL, &ssl->keys, &ssl->specs,
                     ssl->options.side, ssl->heap, ssl->devId, ssl->rng,
                     ssl->options.tls1_3);
+            #ifdef HAVE_ONE_TIME_AUTH
+                if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {
+                    ret = SetAuthKeys(&encrypt->auth, &ssl->keys, &ssl->specs,
+                        ssl->heap, ssl->devId);
+                    if (ret != 0)
+                        return ret;
+                }
+            #endif
+
                 encrypt->init = 1;
             }
+
             encrypt->buffer.length = sendSz;
             encrypt->offset = RECORD_HEADER_SZ;
-            if (ssl->options.dtls) {
-                encrypt->offset += DTLS_RECORD_EXTRA;
-            }
-            encrypt->cryptLen = outputSz - encrypt->offset;
-        #ifdef HAVE_TRUNCATED_HMAC
-            if (ssl->truncated_hmac) {
-                encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ,
-                    ssl->specs.hash_size);
-            }
-            else
-        #endif
-            {
-                encrypt->cryptLen -= ssl->specs.hash_size;
-            }
-
-    #if !defined(NO_PUBLIC_GCM_SET_IV) && \
-        ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \
-        (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))
-            XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV,
-                AESGCM_IMP_IV_SZ);
-            XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV,
-                AESGCM_EXP_IV_SZ);
-    #endif
-            XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ);
-            WriteSEQ(ssl, CUR_ORDER, encrypt->additional);
-            XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET,
-                encrypt->buffer.buffer, 3);
-            c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ -
-                ssl->specs.aead_mac_size,
-                encrypt->additional + AEAD_LEN_OFFSET);
+            encrypt->buffer.idx = 0;
+            encrypt->cryptLen = sendSz - RECORD_HEADER_SZ;
+
+            BuildTls13Nonce(ssl, encrypt->nonce, ssl->keys.aead_enc_imp_IV,
+                            CUR_ORDER);
+            XMEMCPY(encrypt->additional, encrypt->buffer.buffer,
+                    encrypt->offset);
 
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls)

diff --git a/src/keys.c b/src/keys.c
@@ -3403,7 +3403,10 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 
 #ifdef HAVE_ONE_TIME_AUTH
 /* set one time authentication keys */
-static int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
+#ifndef WOLFSSL_THREADED_CRYPT
+static
+#endif
+int SetAuthKeys(OneTimeAuth* authentication, Keys* keys,
                        CipherSpecs* specs, void* heap, int devId)
 {
 

diff --git a/src/ssl.c b/src/ssl.c
@@ -23914,36 +23914,27 @@ int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx)
 
 int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx)
 {
-    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    int ret;
     ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx];
+    unsigned char* out = encrypt->buffer.buffer + encrypt->offset;
+    word32 dataSz = encrypt->cryptLen - ssl->specs.aead_mac_size;
 
-    if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
-        unsigned char* out = encrypt->buffer.buffer + encrypt->offset;
-        unsigned char* input = encrypt->buffer.buffer + encrypt->offset;
-        word32 encSz = encrypt->buffer.length - encrypt->offset;
-
-        ret =
-#if !defined(NO_GCM_ENCRYPT_EXTRA) && \
-    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
-              wc_AesGcmEncrypt_ex
+    ret = EncryptTls13Sw(ssl->specs.bulk_cipher_algorithm, &encrypt->cipher,
+#ifdef HAVE_ONE_TIME_AUTH
+        &encrypt->auth,
 #else
-              wc_AesGcmEncrypt
-#endif
-              (encrypt->cipher.aes,
-               out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
-               encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-               encrypt->nonce, AESGCM_NONCE_SZ,
-               out + encSz - ssl->specs.aead_mac_size,
-               ssl->specs.aead_mac_size,
-               encrypt->additional, AEAD_AUTH_DATA_SZ);
-#if !defined(NO_PUBLIC_GCM_SET_IV) && \
-    ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
-        XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ);
-#endif
-        encrypt->done = 1;
+        NULL,
+#endif
+        out, out, dataSz, encrypt->nonce, encrypt->additional, RECORD_HEADER_SZ,
+        ssl->specs.aead_mac_size, 1);
+#ifdef WOLFSSL_DTLS13
+    if (ret == 0 && ssl->options.dtls) {
+        ret = Dtls13EncryptRecordNumber(ssl, encrypt->buffer.buffer,
+            (word16)encrypt->buffer.length);
     }
+#endif /* WOLFSSL_DTLS13 */
+
+    encrypt->done = 1;
 
     return ret;
 }