Skip to content

Commit

Permalink
Improve Sealed Box construction (#132)
Browse files Browse the repository at this point in the history
AES.GCM.SealedBox is expensive to construct from parts, in part because
it's not inlinable. We can construct the combined representation
directly and improve performance substantially by replacing 8
allocations with 3.
  • Loading branch information
Lukasa authored Jan 23, 2023
1 parent 3213dc6 commit baa05dc
Show file tree
Hide file tree
Showing 6 changed files with 31 additions and 16 deletions.
17 changes: 16 additions & 1 deletion Sources/NIOSSH/TransportProtection/AESGCM.swift
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ extension AESGCMTransportProtection: NIOSSHTransportProtection {
}

// Ok, let's try to decrypt this data.
let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: self.inboundNonce), ciphertext: ciphertextView, tag: tagView)
let sealedBox = try AES.GCM.SealedBox(nonce: self.inboundNonce, ciphertext: ciphertextView, tag: tagView)
plaintext = try AES.GCM.open(sealedBox, using: self.inboundEncryptionKey, authenticating: lengthView)

// All good! A quick soundness check to verify that the length of the plaintext is ok.
Expand Down Expand Up @@ -342,3 +342,18 @@ extension Data {
self = self[contentStartIndex ..< contentEndIndex]
}
}

extension AES.GCM.SealedBox {
fileprivate init(nonce: SSHAESGCMNonce, ciphertext: ByteBufferView, tag: ByteBufferView) throws {
// As a workaround for a Swift Crypto inefficiency, we create the combined representation
// directly.
var combined: [UInt8] = []
combined.reserveCapacity(nonce.count + ciphertext.count + tag.count)

combined.append(contentsOf: nonce)
combined.append(contentsOf: ciphertext)
combined.append(contentsOf: tag)

try self.init(combined: combined)
}
}
6 changes: 3 additions & 3 deletions docker/docker-compose.2004.55.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ services:
test:
image: swift-nio-ssh:20.04-5.5
environment:
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=270900
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1158050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65150
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=240900
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1108050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55100
#- SANITIZER_ARG=--sanitize=thread
#- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors

Expand Down
6 changes: 3 additions & 3 deletions docker/docker-compose.2004.56.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ services:
test:
image: swift-nio-ssh:20.04-5.6
environment:
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=267850
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1100050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65100
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=237850
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1050050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55050
#- SANITIZER_ARG=--sanitize=thread
#- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors

Expand Down
6 changes: 3 additions & 3 deletions docker/docker-compose.2204.57.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ services:
test:
image: swift-nio-ssh:22.04-5.7
environment:
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=255850
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1068050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=61050
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=225800
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1018050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=51000
#- SANITIZER_ARG=--sanitize=thread
#- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors

Expand Down
6 changes: 3 additions & 3 deletions docker/docker-compose.2204.58.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ services:
test:
image: swift-nio-ssh:22.04-5.8
environment:
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000
- IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error
#- SANITIZER_ARG=--sanitize=thread
- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
Expand Down
6 changes: 3 additions & 3 deletions docker/docker-compose.2204.main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ services:
test:
image: swift-nio-ssh:22.04-main
environment:
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050
- MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800
- MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050
- MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000
- IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error
#- SANITIZER_ARG=--sanitize=thread
- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
Expand Down

0 comments on commit baa05dc

Please sign in to comment.