Make nonce a class member rather than temporary

Effectively this creates a workspace for encrypting the nonce. The zeroizer will run when the class is destroyed, rather than each invocation of UncheckedSetKey. Performance went from 3.6 cpb as a temporary to 2.9 cpb as a class member
2017-08-05 06:05:57 -04:00 · 2017-08-05 06:05:57 -04:00 · 0357e508e4
parent bf35d58ad7
commit 0357e508e4
2 changed files with 7 additions and 7 deletions
--- a/poly1305.cpp
+++ b/poly1305.cpp
@ -33,13 +33,13 @@ void Poly1305_Base<T>::UncheckedSetKey(const byte *key, unsigned int length, con
 	ConstByteArrayParameter t;
 	if (params.GetValue(Name::IV(), t) && t.begin() && t.size())
 	{
-		SecByteBlock nk(16);
+		// Nonce key is a class member to avoid the zeroizer on a temporary
-		m_cipher.ProcessBlock(t.begin(), nk);
+		m_cipher.ProcessBlock(t.begin(), m_nk.begin());
-		m_n[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, nk +  0);
+		m_n[0] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk +  0);
-		m_n[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, nk +  4);
+		m_n[1] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk +  4);
-		m_n[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, nk +  8);
+		m_n[2] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk +  8);
-		m_n[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, nk + 12);
+		m_n[3] = GetWord<word32>(false, LITTLE_ENDIAN_ORDER, m_nk + 12);
 		m_used = false;
 	}
--- a/poly1305.h
+++ b/poly1305.h
@ -93,7 +93,7 @@ protected:
 	FixedSizeAlignedSecBlock<word32, 4> m_n;
 	// Accumulated message bytes and index
-	FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m_acc;
+	FixedSizeAlignedSecBlock<byte, BLOCKSIZE> m_acc, m_nk;
 	size_t m_idx;
 	// Track nonce reuse; assert in debug but continue