optimization: reusing AEAD Cipher instance (#79)

zonyitoo · web-flow · commit fe03c1fe7779 · 2022-03-10T18:03:43.000-07:00
Preventing the Key being copied every time when calling encrypt_* and
decrypt_*
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,7 +19,6 @@ rust-version = "1.56"
 generic-array = { version = "0.14", default-features = false }
 opaque-debug = "0.3"
 ring = { version = "0.16", default-features = false }
-zeroize = { version = "1", default-features = false }
 
 # optional features
 aead = { version = "0.4", optional = true, default-features = false }
diff --git a/src/aead.rs b/src/aead.rs
@@ -12,27 +12,27 @@ use aead::{
 use ring::aead::{
     Aad, LessSafeKey as Key, Nonce, UnboundKey, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305,
 };
-use zeroize::Zeroize;
 
 /// Authentication tags
 pub type Tag = GenericArray<u8, U16>;
 
 /// AES-GCM with a 128-bit key
-pub struct Aes128Gcm(GenericArray<u8, U16>);
+pub struct Aes128Gcm(Cipher);
 
 /// AES-GCM with a 256-bit key
-pub struct Aes256Gcm(GenericArray<u8, U32>);
+pub struct Aes256Gcm(Cipher);
 
 /// ChaCha20Poly1305
-pub struct ChaCha20Poly1305(GenericArray<u8, U32>);
+pub struct ChaCha20Poly1305(Cipher);
 
 macro_rules! impl_aead {
     ($cipher:ty, $algorithm:expr, $key_size:ty) => {
         impl NewAead for $cipher {
             type KeySize = $key_size;
 
             fn new(key: &GenericArray<u8, Self::KeySize>) -> Self {
-                Self(*key)
+                let key = UnboundKey::new(&$algorithm, key.as_slice()).unwrap();
+                Self(Cipher::new(key))
             }
         }
 
@@ -49,12 +49,8 @@ macro_rules! impl_aead {
                 associated_data: &[u8],
                 buffer: &mut [u8],
             ) -> Result<Tag, Error> {
-                let key = UnboundKey::new(&$algorithm, self.0.as_slice()).unwrap();
-                Cipher::new(key).encrypt_in_place_detached(
-                    nonce.as_slice(),
-                    associated_data,
-                    buffer,
-                )
+                self.0
+                    .encrypt_in_place_detached(nonce.as_slice(), associated_data, buffer)
             }
 
             fn decrypt_in_place(
@@ -63,8 +59,8 @@ macro_rules! impl_aead {
                 associated_data: &[u8],
                 buffer: &mut dyn Buffer,
             ) -> Result<(), Error> {
-                let key = UnboundKey::new(&$algorithm, self.0.as_slice()).unwrap();
-                Cipher::new(key).decrypt_in_place(nonce.as_slice(), associated_data, buffer)
+                self.0
+                    .decrypt_in_place(nonce.as_slice(), associated_data, buffer)
             }
 
             fn decrypt_in_place_detached(
@@ -77,12 +73,6 @@ macro_rules! impl_aead {
                 unimplemented!(); // ring does not allow us to implement this API
             }
         }
-
-        impl Drop for $cipher {
-            fn drop(&mut self) {
-                self.0.zeroize();
-            }
-        }
     };
 }
 
