Improve Sealed Box construction (#132)

Lukasa · web-flow · commit baa05dc6ff3d · 2023-01-23T07:55:32.000-08:00
AES.GCM.SealedBox is expensive to construct from parts, in part because
it's not inlinable. We can construct the combined representation
directly and improve performance substantially by replacing 8
allocations with 3.
diff --git a/Sources/NIOSSH/TransportProtection/AESGCM.swift b/Sources/NIOSSH/TransportProtection/AESGCM.swift
@@ -99,7 +99,7 @@ extension AESGCMTransportProtection: NIOSSHTransportProtection {
             }
 
             // Ok, let's try to decrypt this data.
-            let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: self.inboundNonce), ciphertext: ciphertextView, tag: tagView)
+            let sealedBox = try AES.GCM.SealedBox(nonce: self.inboundNonce, ciphertext: ciphertextView, tag: tagView)
             plaintext = try AES.GCM.open(sealedBox, using: self.inboundEncryptionKey, authenticating: lengthView)
 
             // All good! A quick soundness check to verify that the length of the plaintext is ok.
@@ -342,3 +342,18 @@ extension Data {
         self = self[contentStartIndex ..< contentEndIndex]
     }
 }
+
+extension AES.GCM.SealedBox {
+    fileprivate init(nonce: SSHAESGCMNonce, ciphertext: ByteBufferView, tag: ByteBufferView) throws {
+        // As a workaround for a Swift Crypto inefficiency, we create the combined representation
+        // directly.
+        var combined: [UInt8] = []
+        combined.reserveCapacity(nonce.count + ciphertext.count + tag.count)
+
+        combined.append(contentsOf: nonce)
+        combined.append(contentsOf: ciphertext)
+        combined.append(contentsOf: tag)
+
+        try self.init(combined: combined)
+    }
+}
diff --git a/docker/docker-compose.2004.55.yaml b/docker/docker-compose.2004.55.yaml
@@ -12,9 +12,9 @@ services:
   test:
     image: swift-nio-ssh:20.04-5.5
     environment:
-      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=270900
-      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1158050
-      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65150
+      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=240900
+      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1108050
+      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55100
       #- SANITIZER_ARG=--sanitize=thread
       #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
 
diff --git a/docker/docker-compose.2004.56.yaml b/docker/docker-compose.2004.56.yaml
@@ -12,9 +12,9 @@ services:
   test:
     image: swift-nio-ssh:20.04-5.6
     environment:
-      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=267850
-      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1100050
-      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=65100
+      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=237850
+      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1050050
+      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=55050
       #- SANITIZER_ARG=--sanitize=thread
       #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
 
diff --git a/docker/docker-compose.2204.57.yaml b/docker/docker-compose.2204.57.yaml
@@ -12,9 +12,9 @@ services:
   test:
     image: swift-nio-ssh:22.04-5.7
     environment:
-      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=255850
-      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1068050
-      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=61050
+      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=225800
+      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1018050
+      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=51000
       #- SANITIZER_ARG=--sanitize=thread
       #- WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
 
diff --git a/docker/docker-compose.2204.58.yaml b/docker/docker-compose.2204.58.yaml
@@ -11,9 +11,9 @@ services:
   test:
     image: swift-nio-ssh:22.04-5.8
     environment:
-      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850
-      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050
-      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050
+      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800
+      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050
+      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000
       - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error
       #- SANITIZER_ARG=--sanitize=thread
       - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
diff --git a/docker/docker-compose.2204.main.yaml b/docker/docker-compose.2204.main.yaml
@@ -11,9 +11,9 @@ services:
   test:
     image: swift-nio-ssh:22.04-main
     environment:
-      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=249850
-      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1055050
-      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=59050
+      - MAX_ALLOCS_ALLOWED_client_server_many_small_commands_per_connection=219800
+      - MAX_ALLOCS_ALLOWED_client_server_one_command_per_connection=1005050
+      - MAX_ALLOCS_ALLOWED_client_server_streaming_large_message_in_small_chunks=49000
       - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error
       #- SANITIZER_ARG=--sanitize=thread
       - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors
