diff options
| author |  Alessandro Ghedini <alessandro@ghedini.me>
| 2023-10-31 16:51:19 +0000 |
|---|---|---|
| committer | Alessandro Ghedini <alessandro@ghedini.me>
| 2023-11-04 11:31:52 +0100 |
| commit | c91268bdf5c3a76356422ff73c63366d44f3be99 (patch) | |
| tree | 6ad4bd1b2d049f03911dfcc4127e03c915b5cd1e | |
| parent | f53e6cdb17e0cf3368f7530184f889c916a9b6f8 (diff) | |
| download | quiche-crypto-no-dup.tar.gz quiche-crypto-no-dup.tar.zst quiche-crypto-no-dup.zip | |
crypto: avoid unnecessary allocations when generating keyscrypto-no-dup
In some cases we are turning Vec values into slices to pass them to
functions that will then turn the slice back into a Vec.
Instead just pass `Vec`s around to avoid some unnecessary allocations.
| -rw-r--r-- | quiche/src/crypto.rs | 91 | ||||
| -rw-r--r-- | quiche/src/packet.rs | 4 | ||||
| -rw-r--r-- | quiche/src/tls.rs | 4 |
3 files changed, 52 insertions, 47 deletions
diff --git a/quiche/src/crypto.rs b/quiche/src/crypto.rs index 598779c1..93cd41ad 100644 --- a/quiche/src/crypto.rs +++ b/quiche/src/crypto.rs @@ -138,28 +138,29 @@ pub struct Open { impl Open { pub fn new( - alg: Algorithm, key: &[u8], iv: &[u8], hp_key: &[u8], secret: &[u8], + alg: Algorithm, key: Vec<u8>, iv: Vec<u8>, hp_key: Vec<u8>, + secret: Vec<u8>, ) -> Result<Open> { Ok(Open { alg, - secret: Vec::from(secret), - header: HeaderProtectionKey::new(alg, hp_key)?, packet: PacketKey::new(alg, key, iv)?, + + secret, }) } - pub fn from_secret(aead: Algorithm, secret: &[u8]) -> Result<Open> { + pub fn from_secret(aead: Algorithm, secret: Vec<u8>) -> Result<Open> { Ok(Open { alg: aead, - secret: Vec::from(secret), + header: HeaderProtectionKey::from_secret(aead, &secret)?, - header: HeaderProtectionKey::from_secret(aead, secret)?, + packet: PacketKey::from_secret(aead, &secret)?, - packet: PacketKey::from_secret(aead, secret)?, + secret, }) } @@ -231,7 +232,10 @@ impl Open { secret: next_secret, - header: HeaderProtectionKey::new(self.alg, &self.header.hp_key)?, + header: HeaderProtectionKey::new( + self.alg, + self.header.hp_key.clone(), + )?, packet: next_packet_key, }) @@ -250,28 +254,29 @@ pub struct Seal { impl Seal { pub fn new( - alg: Algorithm, key: &[u8], iv: &[u8], hp_key: &[u8], secret: &[u8], + alg: Algorithm, key: Vec<u8>, iv: Vec<u8>, hp_key: Vec<u8>, + secret: Vec<u8>, ) -> Result<Seal> { Ok(Seal { alg, - secret: Vec::from(secret), - header: HeaderProtectionKey::new(alg, hp_key)?, packet: PacketKey::new(alg, key, iv)?, + + secret, }) } - pub fn from_secret(aead: Algorithm, secret: &[u8]) -> Result<Seal> { + pub fn from_secret(aead: Algorithm, secret: Vec<u8>) -> Result<Seal> { Ok(Seal { alg: aead, - secret: Vec::from(secret), + header: HeaderProtectionKey::from_secret(aead, &secret)?, - header: HeaderProtectionKey::from_secret(aead, secret)?, + packet: PacketKey::from_secret(aead, &secret)?, - packet: PacketKey::from_secret(aead, secret)?, + secret, }) } @@ -358,7 +363,10 @@ impl Seal { secret: next_secret, - header: HeaderProtectionKey::new(self.alg, &self.header.hp_key)?, + header: HeaderProtectionKey::new( + self.alg, + self.header.hp_key.clone(), + )?, packet: next_packet_key, }) @@ -372,12 +380,9 @@ pub struct HeaderProtectionKey { } impl HeaderProtectionKey { - pub fn new(alg: Algorithm, hp_key: &[u8]) -> Result<Self> { - aead::quic::HeaderProtectionKey::new(alg.get_ring_hp(), hp_key) - .map(|hpk| Self { - hpk, - hp_key: Vec::from(hp_key), - }) + pub fn new(alg: Algorithm, hp_key: Vec<u8>) -> Result<Self> { + aead::quic::HeaderProtectionKey::new(alg.get_ring_hp(), &hp_key) + .map(|hpk| Self { hpk, hp_key }) .map_err(|_| Error::CryptoFail) } @@ -388,7 +393,7 @@ impl HeaderProtectionKey { derive_hdr_key(aead, secret, &mut hp_key)?; - Self::new(aead, &hp_key) + Self::new(aead, hp_key) } } @@ -399,11 +404,11 @@ pub struct PacketKey { } impl PacketKey { - pub fn new(alg: Algorithm, key: &[u8], iv: &[u8]) -> Result<Self> { + pub fn new(alg: Algorithm, key: Vec<u8>, iv: Vec<u8>) -> Result<Self> { Ok(Self { - ctx: make_aead_ctx(alg, key)?, + ctx: make_aead_ctx(alg, &key)?, - nonce: Vec::from(iv), + nonce: iv, }) } @@ -417,7 +422,7 @@ impl PacketKey { derive_pkt_key(aead, secret, &mut key)?; derive_pkt_iv(aead, secret, &mut iv)?; - Self::new(aead, &key, &iv) + Self::new(aead, key, iv) } } @@ -458,34 +463,34 @@ pub fn derive_initial_key_material( ( Open::new( aead, - &client_key, - &client_iv, - &client_hp_key, - &client_secret, + client_key, + client_iv, + client_hp_key, + client_secret.to_vec(), )?, Seal::new( aead, - &server_key, - &server_iv, - &server_hp_key, - &server_secret, + server_key, + server_iv, + server_hp_key, + server_secret.to_vec(), )?, ) } else { ( Open::new( aead, - &server_key, - &server_iv, - &server_hp_key, - &server_secret, + server_key, + server_iv, + server_hp_key, + server_secret.to_vec(), )?, Seal::new( aead, - &client_key, - &client_iv, - &client_hp_key, - &client_secret, + client_key, + client_iv, + client_hp_key, + client_secret.to_vec(), )?, ) }; diff --git a/quiche/src/packet.rs b/quiche/src/packet.rs index c2dbddbf..b785f6ee 100644 --- a/quiche/src/packet.rs +++ b/quiche/src/packet.rs @@ -1514,7 +1514,7 @@ mod tests { let alg = crypto::Algorithm::ChaCha20_Poly1305; - let aead = crypto::Open::from_secret(alg, &secret).unwrap(); + let aead = crypto::Open::from_secret(alg, secret.into()).unwrap(); let mut hdr = Header::from_bytes(&mut b, 0).unwrap(); assert_eq!(hdr.ty, Type::Short); @@ -1882,7 +1882,7 @@ mod tests { let alg = crypto::Algorithm::ChaCha20_Poly1305; - let aead = crypto::Seal::from_secret(alg, &secret).unwrap(); + let aead = crypto::Seal::from_secret(alg, secret.into()).unwrap(); let pn = 654_360_564; let pn_len = 3; diff --git a/quiche/src/tls.rs b/quiche/src/tls.rs index 05f27b8b..04bda715 100644 --- a/quiche/src/tls.rs +++ b/quiche/src/tls.rs @@ -984,7 +984,7 @@ extern fn set_read_secret( if level != crypto::Level::ZeroRTT || ex_data.is_server { let secret = unsafe { slice::from_raw_parts(secret, secret_len) }; - let open = match crypto::Open::from_secret(aead, secret) { + let open = match crypto::Open::from_secret(aead, secret.to_vec()) { Ok(v) => v, Err(_) => return 0, @@ -1035,7 +1035,7 @@ extern fn set_write_secret( if level != crypto::Level::ZeroRTT || !ex_data.is_server { let secret = unsafe { slice::from_raw_parts(secret, secret_len) }; - let seal = match crypto::Seal::from_secret(aead, secret) { + let seal = match crypto::Seal::from_secret(aead, secret.to_vec()) { Ok(v) => v, Err(_) => return 0, |