From 0357e508e4fd8e8f61e82a48b16adb5c381a740d Mon Sep 17 00:00:00 2001 From: Jeffrey Walton Date: Sat, 5 Aug 2017 06:05:57 -0400 Subject: [PATCH] Make nonce a class member rather than temporary Effectively this creates a workspace for encrypting the nonce. The zeroizer will run when the class is destroyed, rather than each invocation of UncheckedSetKey. Performance went from 3.6 cpb as a temporary to 2.9 cpb as a class member --- poly1305.cpp | 12 ++++++------ poly1305.h | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/poly1305.cpp b/poly1305.cpp index f580fc42..9bef7585 100644 --- a/poly1305.cpp +++ b/poly1305.cpp @@ -33,13 +33,13 @@ void Poly1305_Base::UncheckedSetKey(const byte *key, unsigned int length, con ConstByteArrayParameter t; if (params.GetValue(Name::IV(), t) && t.begin() && t.size()) { - SecByteBlock nk(16); - m_cipher.ProcessBlock(t.begin(), nk); + // Nonce key is a class member to avoid the zeroizer on a temporary + m_cipher.ProcessBlock(t.begin(), m_nk.begin()); - m_n[0] = GetWord(false, LITTLE_ENDIAN_ORDER, nk + 0); - m_n[1] = GetWord(false, LITTLE_ENDIAN_ORDER, nk + 4); - m_n[2] = GetWord(false, LITTLE_ENDIAN_ORDER, nk + 8); - m_n[3] = GetWord(false, LITTLE_ENDIAN_ORDER, nk + 12); + m_n[0] = GetWord(false, LITTLE_ENDIAN_ORDER, m_nk + 0); + m_n[1] = GetWord(false, LITTLE_ENDIAN_ORDER, m_nk + 4); + m_n[2] = GetWord(false, LITTLE_ENDIAN_ORDER, m_nk + 8); + m_n[3] = GetWord(false, LITTLE_ENDIAN_ORDER, m_nk + 12); m_used = false; } diff --git a/poly1305.h b/poly1305.h index 2e70dcf3..8e2617d0 100644 --- a/poly1305.h +++ b/poly1305.h @@ -93,7 +93,7 @@ protected: FixedSizeAlignedSecBlock m_n; // Accumulated message bytes and index - FixedSizeAlignedSecBlock m_acc; + FixedSizeAlignedSecBlock m_acc, m_nk; size_t m_idx; // Track nonce reuse; assert in debug but continue