From 6f0c7e2bcc12c176e26f0c591e2153cefcb8ba41 Mon Sep 17 00:00:00 2001
From: zonyitoo <zonyitoo@gmail.com>
Date: Fri, 11 Mar 2022 01:32:25 +0800
Subject: [PATCH] optimization: reusing AEAD Cipher instance

Preventing the Key being copied every time when calling encrypt_* and
decrypt_*
---
 Cargo.lock  | 21 ++++++++++-----------
 Cargo.toml  |  1 -
 src/aead.rs | 28 +++++++++-------------------
 3 files changed, 19 insertions(+), 31 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 242bb68..ce8fd36 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -46,9 +46,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 
 [[package]]
 name = "cc"
-version = "1.0.72"
+version = "1.0.73"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee"
+checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
 
 [[package]]
 name = "cfg-if"
@@ -106,9 +106,9 @@ dependencies = [
 
 [[package]]
 name = "ed25519"
-version = "1.3.0"
+version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74e1069e39f1454367eb2de793ed062fac4c35c2934b76a81d90dd9abcd28816"
+checksum = "eed12bbf7b5312f8da1c2722bc06d8c6b12c2d86a7fb35a194c7f3e6fc2bbe39"
 dependencies = [
  "signature",
 ]
@@ -141,9 +141,9 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.4"
+version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "418d37c8b1d42553c93648be529cb70f920d3baf8ef469b74b9638df426e0b4c"
+checksum = "d39cd93900197114fa1fcb7ae84ca742095eed9442088988ae74fa744e930e77"
 dependencies = [
  "cfg-if",
  "libc",
@@ -173,9 +173,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 
 [[package]]
 name = "libc"
-version = "0.2.116"
+version = "0.2.119"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "565dbd88872dbe4cc8a46e527f26483c1d1f7afa6b884a3bd6cd893d4f98da74"
+checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4"
 
 [[package]]
 name = "log"
@@ -188,9 +188,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.9.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5"
+checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9"
 
 [[package]]
 name = "opaque-debug"
@@ -287,7 +287,6 @@ dependencies = [
  "p256",
  "p384",
  "ring",
- "zeroize",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 370ccf5..6c0e4a2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,6 @@ rust-version = "1.56"
 generic-array = { version = "0.14", default-features = false }
 opaque-debug = "0.3"
 ring = { version = "0.16", default-features = false }
-zeroize = { version = "1", default-features = false }
 
 # optional features
 aead = { version = "0.4", optional = true, default-features = false }
diff --git a/src/aead.rs b/src/aead.rs
index 0e0bb21..d7e6edb 100644
--- a/src/aead.rs
+++ b/src/aead.rs
@@ -12,19 +12,18 @@ use aead::{
 use ring::aead::{
     Aad, LessSafeKey as Key, Nonce, UnboundKey, AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305,
 };
-use zeroize::Zeroize;
 
 /// Authentication tags
 pub type Tag = GenericArray<u8, U16>;
 
 /// AES-GCM with a 128-bit key
-pub struct Aes128Gcm(GenericArray<u8, U16>);
+pub struct Aes128Gcm(Cipher);
 
 /// AES-GCM with a 256-bit key
-pub struct Aes256Gcm(GenericArray<u8, U32>);
+pub struct Aes256Gcm(Cipher);
 
 /// ChaCha20Poly1305
-pub struct ChaCha20Poly1305(GenericArray<u8, U32>);
+pub struct ChaCha20Poly1305(Cipher);
 
 macro_rules! impl_aead {
     ($cipher:ty, $algorithm:expr, $key_size:ty) => {
@@ -32,7 +31,8 @@ macro_rules! impl_aead {
             type KeySize = $key_size;
 
             fn new(key: &GenericArray<u8, Self::KeySize>) -> Self {
-                Self(*key)
+                let key = UnboundKey::new(&$algorithm, key.as_slice()).unwrap();
+                Self(Cipher::new(key))
             }
         }
 
@@ -49,12 +49,8 @@ macro_rules! impl_aead {
                 associated_data: &[u8],
                 buffer: &mut [u8],
             ) -> Result<Tag, Error> {
-                let key = UnboundKey::new(&$algorithm, self.0.as_slice()).unwrap();
-                Cipher::new(key).encrypt_in_place_detached(
-                    nonce.as_slice(),
-                    associated_data,
-                    buffer,
-                )
+                self.0
+                    .encrypt_in_place_detached(nonce.as_slice(), associated_data, buffer)
             }
 
             fn decrypt_in_place(
@@ -63,8 +59,8 @@ macro_rules! impl_aead {
                 associated_data: &[u8],
                 buffer: &mut dyn Buffer,
             ) -> Result<(), Error> {
-                let key = UnboundKey::new(&$algorithm, self.0.as_slice()).unwrap();
-                Cipher::new(key).decrypt_in_place(nonce.as_slice(), associated_data, buffer)
+                self.0
+                    .decrypt_in_place(nonce.as_slice(), associated_data, buffer)
             }
 
             fn decrypt_in_place_detached(
@@ -77,12 +73,6 @@ macro_rules! impl_aead {
                 unimplemented!(); // ring does not allow us to implement this API
             }
         }
-
-        impl Drop for $cipher {
-            fn drop(&mut self) {
-                self.0.zeroize();
-            }
-        }
     };
 }