tomato42
commented
2 days ago The calls to _mul() are because it most likely uses a GCM ciphersuite, and the Galois MAC needs to be implemented in Python, as that's not supported in m2crypto: https://todo.sr.ht/~mcepl/m2crypto/264
the solution would to be to add a new back-end that calls to pyca/cryptography to do the whole AES-GCM operation outside python, you can see example code for that here: https://github.com/tlsfuzzer/tlslite-ng/issues/300 adding pyca/cryptography backend is tracked in https://github.com/tlsfuzzer/tlslite-ng/issues/303
I'm using tlslite-ng to establish a TLS 1.3 PSK connection to my server, and download a ~50MB file. Doing this over curl takes about 2-3 seconds. Using tlslite-ng without m2crypto, it takes about 10 minutes. With m2crypto, it takes 58 seconds.
I've profiled the code and while it does seem to be calling decrypt() in openssl_aes.py, it spends almost all of the time inside open()'s call to _auth(). Specifically, _mul() is called about 3 million times, and that's where 90% of the time is spent.
Is there any workaround for this?
Thank you.