don't create EVP_CIPHER_CTX for each AEAD/Chacha20/Poly1305 message

Author: orignal

libi2pd/ECIESX25519AEADRatchetSession.cpp

@@ -725,23 +725,24 @@ namespace garlic
 
 	bool ECIESX25519AEADRatchetSession::NewExistingSessionMessage (const uint8_t * payload, size_t len, uint8_t * out, size_t outLen)
 	{
+		auto owner = GetOwner ();
+		if (!owner) return false;
 		uint8_t nonce[12];
 		auto index = m_SendTagset->GetNextIndex ();
 		CreateNonce (index, nonce); // tag's index
 		uint64_t tag = m_SendTagset->GetNextSessionTag ();
 		if (!tag)
 		{
 			LogPrint (eLogError, "Garlic: Can't create new ECIES-X25519-AEAD-Ratchet tag for send tagset");
-			if (GetOwner ())
-				GetOwner ()->RemoveECIESx25519Session (m_RemoteStaticKey);
+			owner->RemoveECIESx25519Session (m_RemoteStaticKey);
 			return false;
 		}
 		memcpy (out, &tag, 8);
 		// ad = The session tag, 8 bytes
 		// ciphertext = ENCRYPT(k, n, payload, ad)
 		uint8_t key[32];
 		m_SendTagset->GetSymmKey (index, key);
-		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len, out, 8, key, nonce, out + 8, outLen - 8, true)) // encrypt
+		if (!owner->AEADChaCha20Poly1305Encrypt (payload, len, out, 8, key, nonce, out + 8, outLen - 8))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD encryption failed");
 			return false;
@@ -760,34 +761,35 @@ namespace garlic
 		uint8_t * payload = buf + 8;
 		uint8_t key[32];
 		receiveTagset->GetSymmKey (index, key);
-		if (!i2p::crypto::AEADChaCha20Poly1305 (payload, len - 16, buf, 8, key, nonce, payload, len - 16, false)) // decrypt
+		auto owner = GetOwner ();
+		if (!owner) return true; // drop message
+		
+		if (!owner->AEADChaCha20Poly1305Decrypt (payload, len - 16, buf, 8, key, nonce, payload, len - 16))
 		{
 			LogPrint (eLogWarning, "Garlic: Payload section AEAD decryption failed");
 			return false;
 		}
 		HandlePayload (payload, len - 16, receiveTagset, index);
-		if (GetOwner ())
+		
+		int moreTags = 0;
+		if (owner->GetNumRatchetInboundTags () > 0) // override in settings?
 		{
-			int moreTags = 0;
-			if (GetOwner ()->GetNumRatchetInboundTags () > 0) // override in settings?
-			{
-				if (receiveTagset->GetNextIndex () - index < GetOwner ()->GetNumRatchetInboundTags ()/2)
-					moreTags = GetOwner ()->GetNumRatchetInboundTags ();
-				index -= GetOwner ()->GetNumRatchetInboundTags (); // trim behind
-			}
-			else
-			{
-				moreTags = (receiveTagset->GetTagSetID () > 0) ? ECIESX25519_MAX_NUM_GENERATED_TAGS : // for non first tagset
-					(ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 1)); // N/2
-				if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
-				moreTags -= (receiveTagset->GetNextIndex () - index);
-				index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
-			}
-			if (moreTags > 0)
-				GenerateMoreReceiveTags (receiveTagset, moreTags);
-			if (index > 0)
-				receiveTagset->SetTrimBehind (index);
+			if (receiveTagset->GetNextIndex () - index < owner->GetNumRatchetInboundTags ()/2)
+				moreTags = owner->GetNumRatchetInboundTags ();
+			index -= owner->GetNumRatchetInboundTags (); // trim behind
+		}
+		else
+		{
+			moreTags = (receiveTagset->GetTagSetID () > 0) ? ECIESX25519_MAX_NUM_GENERATED_TAGS : // for non first tagset
+				(ECIESX25519_MIN_NUM_GENERATED_TAGS + (index >> 1)); // N/2
+			if (moreTags > ECIESX25519_MAX_NUM_GENERATED_TAGS) moreTags = ECIESX25519_MAX_NUM_GENERATED_TAGS;
+			moreTags -= (receiveTagset->GetNextIndex () - index);
+			index -= ECIESX25519_MAX_NUM_GENERATED_TAGS; // trim behind
 		}
+		if (moreTags > 0)
+			GenerateMoreReceiveTags (receiveTagset, moreTags);
+		if (index > 0)
+			receiveTagset->SetTrimBehind (index);
 		return true;
 	}
 

libi2pd/Garlic.cpp

@@ -1103,5 +1103,17 @@ namespace garlic
 			m_PayloadBuffer = new uint8_t[I2NP_MAX_MESSAGE_SIZE];
 		return m_PayloadBuffer;
 	}
+
+	bool GarlicDestination::AEADChaCha20Poly1305Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return m_Encryptor.Encrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
+	}
+		
+	bool GarlicDestination::AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+		const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len)
+	{
+		return m_Decryptor.Decrypt (msg, msgLen, ad, adLen, key, nonce, buf, len);
+	}	
 }
 }

libi2pd/Garlic.h

@@ -242,6 +242,11 @@ namespace garlic
 			void RemoveDeliveryStatusSession (uint32_t msgID);
 			std::shared_ptr<I2NPMessage> WrapMessageForRouter (std::shared_ptr<const i2p::data::RouterInfo> router,
 				std::shared_ptr<I2NPMessage> msg);
+			
+			bool AEADChaCha20Poly1305Encrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
+			bool AEADChaCha20Poly1305Decrypt (const uint8_t * msg, size_t msgLen, const uint8_t * ad, size_t adLen,
+				const uint8_t * key, const uint8_t * nonce, uint8_t * buf, size_t len); 
 
 			void AddSessionKey (const uint8_t * key, const uint8_t * tag); // one tag
 			void AddECIESx25519Key (const uint8_t * key, uint64_t tag); // one tag
@@ -295,7 +300,10 @@ namespace garlic
 			// DeliveryStatus
 			std::mutex m_DeliveryStatusSessionsMutex;
 			std::unordered_map<uint32_t, GarlicRoutingSessionPtr> m_DeliveryStatusSessions; // msgID -> session
-
+			// encryption
+			i2p::crypto::AEADChaCha20Poly1305Encryptor m_Encryptor;
+			i2p::crypto::AEADChaCha20Poly1305Decryptor m_Decryptor;
+			
 		public:
 
 			// for HTTP only