feat: reuse encrypted data to avoid memory allocation (#242)

twoeths · web-flow · commit 0b4b7f6048bf · 2022-11-22T16:22:32.000+01:00
feat: reused ciphertext allocation in decrypt function
diff --git a/src/@types/handshake-interface.ts b/src/@types/handshake-interface.ts
@@ -8,5 +8,5 @@ export interface IHandshake {
   remotePeer: PeerId
   remoteExtensions: NoiseExtensions
   encrypt: (plaintext: bytes, session: NoiseSession) => bytes
-  decrypt: (ciphertext: bytes, session: NoiseSession) => { plaintext: bytes, valid: boolean }
+  decrypt: (ciphertext: bytes, session: NoiseSession, dst?: Uint8Array) => { plaintext: bytes, valid: boolean }
 }
diff --git a/src/crypto.ts b/src/crypto.ts
@@ -12,5 +12,5 @@ export interface ICryptoInterface {
   generateX25519SharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => Uint8Array
 
   chaCha20Poly1305Encrypt: (plaintext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32) => bytes
-  chaCha20Poly1305Decrypt: (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32) => bytes | null
+  chaCha20Poly1305Decrypt: (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32, dst?: Uint8Array) => bytes | null
 }
diff --git a/src/crypto/stablelib.ts b/src/crypto/stablelib.ts
@@ -52,9 +52,9 @@ export const stablelib: ICryptoInterface = {
     return ctx.seal(nonce, plaintext, ad)
   },
 
-  chaCha20Poly1305Decrypt (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32): bytes | null {
+  chaCha20Poly1305Decrypt (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32, dst?: Uint8Array): bytes | null {
     const ctx = new ChaCha20Poly1305(k)
 
-    return ctx.open(nonce, ciphertext, ad)
+    return ctx.open(nonce, ciphertext, ad, dst)
   }
 }
diff --git a/src/crypto/streaming.ts b/src/crypto/streaming.ts
@@ -1,3 +1,4 @@
+import { TAG_LENGTH } from '@stablelib/chacha20poly1305'
 import type { Transform } from 'it-stream-types'
 import type { Uint8ArrayList } from 'uint8arraylist'
 import type { IHandshake } from '../@types/handshake-interface.js'
@@ -35,7 +36,16 @@ export function decryptStream (handshake: IHandshake, metrics?: MetricsRegistry)
           end = chunk.length
         }
 
-        const { plaintext: decrypted, valid } = handshake.decrypt(chunk.subarray(i, end), handshake.session)
+        if (end - TAG_LENGTH < i) {
+          throw new Error('Invalid chunk')
+        }
+        const encrypted = chunk.subarray(i, end)
+        // memory allocation is not cheap so reuse the encrypted Uint8Array
+        // see https://github.com/ChainSafe/js-libp2p-noise/pull/242#issue-1422126164
+        // this is ok because chacha20 reads bytes one by one and don't reread after that
+        // it's also tested in https://github.com/ChainSafe/as-chacha20poly1305/pull/1/files#diff-25252846b58979dcaf4e41d47b3eadd7e4f335e7fb98da6c049b1f9cd011f381R48
+        const dst = chunk.subarray(i, end - TAG_LENGTH)
+        const { plaintext: decrypted, valid } = handshake.decrypt(encrypted, handshake.session, dst)
         if (!valid) {
           metrics?.decryptErrors.increment()
           throw new Error('Failed to validate decrypted chunk')
diff --git a/src/handshake-xx.ts b/src/handshake-xx.ts
@@ -147,10 +147,10 @@ export class XXHandshake implements IHandshake {
     return this.xx.encryptWithAd(cs, new Uint8Array(0), plaintext)
   }
 
-  public decrypt (ciphertext: Uint8Array, session: NoiseSession): { plaintext: bytes, valid: boolean } {
+  public decrypt (ciphertext: Uint8Array, session: NoiseSession, dst?: Uint8Array): { plaintext: bytes, valid: boolean } {
     const cs = this.getCS(session, false)
 
-    return this.xx.decryptWithAd(cs, new Uint8Array(0), ciphertext)
+    return this.xx.decryptWithAd(cs, new Uint8Array(0), ciphertext, dst)
   }
 
   public getRemoteStaticKey (): bytes {
diff --git a/src/handshakes/abstract-handshake.ts b/src/handshakes/abstract-handshake.ts
@@ -21,8 +21,8 @@ export abstract class AbstractHandshake {
     return e
   }
 
-  public decryptWithAd (cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array): {plaintext: bytes, valid: boolean} {
-    const { plaintext, valid } = this.decrypt(cs.k, cs.n, ad, ciphertext)
+  public decryptWithAd (cs: CipherState, ad: Uint8Array, ciphertext: Uint8Array, dst?: Uint8Array): {plaintext: bytes, valid: boolean} {
+    const { plaintext, valid } = this.decrypt(cs.k, cs.n, ad, ciphertext, dst)
     if (valid) cs.n.increment()
 
     return { plaintext, valid }
@@ -60,10 +60,10 @@ export abstract class AbstractHandshake {
     return ciphertext
   }
 
-  protected decrypt (k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes): {plaintext: bytes, valid: boolean} {
+  protected decrypt (k: bytes32, n: Nonce, ad: bytes, ciphertext: bytes, dst?: Uint8Array): {plaintext: bytes, valid: boolean} {
     n.assertValue()
 
-    const encryptedMessage = this.crypto.chaCha20Poly1305Decrypt(ciphertext, n.getBytes(), ad, k)
+    const encryptedMessage = this.crypto.chaCha20Poly1305Decrypt(ciphertext, n.getBytes(), ad, k, dst)
 
     if (encryptedMessage) {
       return {

Original file line number	Diff line number	Diff line change
`@@ -8,5 +8,5 @@ export interface IHandshake {`
`8`	`8`	`remotePeer: PeerId`
`9`	`9`	`remoteExtensions: NoiseExtensions`
`10`	`10`	`encrypt: (plaintext: bytes, session: NoiseSession) => bytes`
`11`		`- decrypt: (ciphertext: bytes, session: NoiseSession) => { plaintext: bytes, valid: boolean }`
	`11`	`+ decrypt: (ciphertext: bytes, session: NoiseSession, dst?: Uint8Array) => { plaintext: bytes, valid: boolean }`
`12`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,5 +12,5 @@ export interface ICryptoInterface {`
`12`	`12`	`generateX25519SharedKey: (privateKey: Uint8Array, publicKey: Uint8Array) => Uint8Array`
`13`	`13`
`14`	`14`	`chaCha20Poly1305Encrypt: (plaintext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32) => bytes`
`15`		`- chaCha20Poly1305Decrypt: (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32) => bytes \| null`
	`15`	`+ chaCha20Poly1305Decrypt: (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32, dst?: Uint8Array) => bytes \| null`
`16`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,9 +52,9 @@ export const stablelib: ICryptoInterface = {`
`52`	`52`	`return ctx.seal(nonce, plaintext, ad)`
`53`	`53`	`},`
`54`	`54`
`55`		`- chaCha20Poly1305Decrypt (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32): bytes \| null {`
	`55`	`+ chaCha20Poly1305Decrypt (ciphertext: Uint8Array, nonce: Uint8Array, ad: Uint8Array, k: bytes32, dst?: Uint8Array): bytes \| null {`
`56`	`56`	`const ctx = new ChaCha20Poly1305(k)`
`57`	`57`
`58`		`- return ctx.open(nonce, ciphertext, ad)`
	`58`	`+ return ctx.open(nonce, ciphertext, ad, dst)`
`59`	`59`	`}`
`60`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -147,10 +147,10 @@ export class XXHandshake implements IHandshake {`
`147`	`147`	`return this.xx.encryptWithAd(cs, new Uint8Array(0), plaintext)`
`148`	`148`	`}`
`149`	`149`
`150`		`- public decrypt (ciphertext: Uint8Array, session: NoiseSession): { plaintext: bytes, valid: boolean } {`
	`150`	`+ public decrypt (ciphertext: Uint8Array, session: NoiseSession, dst?: Uint8Array): { plaintext: bytes, valid: boolean } {`
`151`	`151`	`const cs = this.getCS(session, false)`
`152`	`152`
`153`		`- return this.xx.decryptWithAd(cs, new Uint8Array(0), ciphertext)`
	`153`	`+ return this.xx.decryptWithAd(cs, new Uint8Array(0), ciphertext, dst)`
`154`	`154`	`}`
`155`	`155`
`156`	`156`	`public getRemoteStaticKey (): bytes {`