Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Get rid of a large number of allocations #512

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Get rid of a large number of allocations #512

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
dec464b
don't allocate when initializing AesEngine_x86
lostmsu Jan 14, 2024
c70c93c
GCM exponentiator works on Spans
lostmsu Jan 14, 2024
4e9ea9c
reduce allocations in GCMBlockGipher
lostmsu Jan 14, 2024
901a26a
TLS Ciphers support bypassing allocation using ArrayPool
lostmsu Jan 14, 2024
3837c95
reduce allocations in DtlsRecordLayer and RecordStream
lostmsu Jan 14, 2024
2dcca6f
revert Unsafe blocks
lostmsu Jan 14, 2024
a6c808a
bad formatting
lostmsu Jan 14, 2024
ca91762
fixed null reference
lostmsu Jan 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions crypto/src/BouncyCastle.Crypto.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

<PropertyGroup>
<TargetFrameworks>net6.0;netstandard2.0;net461</TargetFrameworks>
<LangVersion>12</LangVersion>
<RootNamespace>Org.BouncyCastle</RootNamespace>
<AssemblyOriginatorKeyFile>..\..\BouncyCastle.NET.snk</AssemblyOriginatorKeyFile>
<SignAssembly>true</SignAssembly>
Expand Down
53 changes: 30 additions & 23 deletions crypto/src/crypto/engines/AesEngine_X86.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,16 @@ public struct AesEngine_X86
{
public static bool IsSupported => Org.BouncyCastle.Runtime.Intrinsics.X86.Aes.IsEnabled;

private static Vector128<byte>[] CreateRoundKeys(ReadOnlySpan<byte> key, bool forEncryption)
private static void CreateRoundKeys(ReadOnlySpan<byte> key, bool forEncryption, Span<Vector128<byte>> K, out int length)
{
Vector128<byte>[] K;

switch (key.Length)
{
case 16:
{
ReadOnlySpan<byte> rcon = stackalloc byte[]{ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };

K = new Vector128<byte>[11];
length = 11;
K = K[..length];

var s = Load128(key[..16]);
K[0] = s;
Expand All @@ -47,7 +46,8 @@ private static Vector128<byte>[] CreateRoundKeys(ReadOnlySpan<byte> key, bool fo
}
case 24:
{
K = new Vector128<byte>[13];
length = 13;
K = K[..length];

var s1 = Load128(key[..16]);
var s2 = Load64(key[16..24]).ToVector128();
Expand Down Expand Up @@ -93,7 +93,8 @@ private static Vector128<byte>[] CreateRoundKeys(ReadOnlySpan<byte> key, bool fo
}
case 32:
{
K = new Vector128<byte>[15];
length = 15;
K = K[..length];

var s1 = Load128(key[..16]);
var s2 = Load128(key[16..32]);
Expand Down Expand Up @@ -134,15 +135,19 @@ private static Vector128<byte>[] CreateRoundKeys(ReadOnlySpan<byte> key, bool fo
K[i] = Aes.InverseMixColumns(K[i]);
}

Array.Reverse(K);
K.Reverse();
}

return K;
}

private enum Mode { DEC_128, DEC_192, DEC_256, ENC_128, ENC_192, ENC_256, UNINITIALIZED };

private Vector128<byte>[] m_roundKeys = null;
struct Keys
{
public Vector128<byte> k0, k1, k2, k3, k4, k5, k6, k7, k8, k9, k10, k11, k12, k13, k14;
}
private Keys keys;
private int keysLength = 15;
private Span<Vector128<byte>> m_roundKeys => MemoryMarshal.Cast<Keys, Vector128<byte>>(MemoryMarshal.CreateSpan(ref keys, 1))[..keysLength];
private Mode m_mode = Mode.UNINITIALIZED;

public AesEngine_X86()
Expand All @@ -163,7 +168,9 @@ public void Init(bool forEncryption, ICipherParameters parameters)
throw new ArgumentException("invalid type: " + Platform.GetTypeName(parameters), nameof(parameters));
}

m_roundKeys = CreateRoundKeys(keyParameter.Key, forEncryption);
keysLength = 15;
m_roundKeys.Fill(default);
CreateRoundKeys(keyParameter.Key, forEncryption, m_roundKeys, out keysLength);

if (m_roundKeys.Length == 11)
{
Expand Down Expand Up @@ -250,7 +257,7 @@ private void ImplRounds(
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Decrypt128(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Decrypt128(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[10];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -267,7 +274,7 @@ private static void Decrypt128(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Decrypt192(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Decrypt192(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[12];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -286,7 +293,7 @@ private static void Decrypt192(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Decrypt256(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Decrypt256(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[14];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -307,7 +314,7 @@ private static void Decrypt256(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void DecryptFour128(Vector128<byte>[] rk,
private static void DecryptFour128(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[10];
Expand Down Expand Up @@ -369,7 +376,7 @@ private static void DecryptFour128(Vector128<byte>[] rk,
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void DecryptFour192(Vector128<byte>[] rk,
private static void DecryptFour192(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[12];
Expand Down Expand Up @@ -441,7 +448,7 @@ private static void DecryptFour192(Vector128<byte>[] rk,
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void DecryptFour256(Vector128<byte>[] rk,
private static void DecryptFour256(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[14];
Expand Down Expand Up @@ -523,7 +530,7 @@ private static void DecryptFour256(Vector128<byte>[] rk,
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Encrypt128(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Encrypt128(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[10];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -540,7 +547,7 @@ private static void Encrypt128(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Encrypt192(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Encrypt192(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[12];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -559,7 +566,7 @@ private static void Encrypt192(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void Encrypt256(Vector128<byte>[] roundKeys, ref Vector128<byte> state)
private static void Encrypt256(ReadOnlySpan<Vector128<byte>> roundKeys, ref Vector128<byte> state)
{
var bounds = roundKeys[14];
var value = Sse2.Xor(state, roundKeys[0]);
Expand All @@ -580,7 +587,7 @@ private static void Encrypt256(Vector128<byte>[] roundKeys, ref Vector128<byte>
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void EncryptFour128(Vector128<byte>[] rk,
private static void EncryptFour128(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[10];
Expand Down Expand Up @@ -642,7 +649,7 @@ private static void EncryptFour128(Vector128<byte>[] rk,
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void EncryptFour192(Vector128<byte>[] rk,
private static void EncryptFour192(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[12];
Expand Down Expand Up @@ -714,7 +721,7 @@ private static void EncryptFour192(Vector128<byte>[] rk,
}

[MethodImpl(MethodImplOptions.AggressiveInlining)]
private static void EncryptFour256(Vector128<byte>[] rk,
private static void EncryptFour256(ReadOnlySpan<Vector128<byte>> rk,
ref Vector128<byte> s1, ref Vector128<byte> s2, ref Vector128<byte> s3, ref Vector128<byte> s4)
{
var bounds = rk[14];
Expand Down
26 changes: 20 additions & 6 deletions crypto/src/crypto/modes/GCMBlockCipher.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using System;
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
using System.Buffers;
using System.Runtime.CompilerServices;
#endif
#if NETCOREAPP3_0_OR_GREATER
Expand Down Expand Up @@ -988,7 +989,7 @@ public int DoFinal(Span<byte> output)
long c = (long)(((totalLength * 8) + 127) >> 7);

// Calculate the adjustment factor
byte[] H_c = new byte[16];
Span<byte> H_c = stackalloc byte[16];
if (exp == null)
{
exp = new BasicGcmExponentiator();
Expand Down Expand Up @@ -1047,18 +1048,31 @@ public void Reset()
Reset(true);
}

static void Reset<T>(ref T[] array, int size)
{
if (array is null || array.Length != size)
{
array = new T[size];
}
else
{
Arrays.Fill(array, default);
}
}

private void Reset(bool clearMac)
{
// note: we do not reset the nonce.

S = new byte[BlockSize];
S_at = new byte[BlockSize];
S_atPre = new byte[BlockSize];
atBlock = new byte[BlockSize];
Reset(ref S, BlockSize);
Reset(ref S_at, BlockSize);
Reset(ref S_atPre, BlockSize);
Reset(ref atBlock, BlockSize);
atBlockPos = 0;
atLength = 0;
atLengthPre = 0;
counter = Arrays.Clone(J0);
Reset(ref counter, BlockSize);
J0.CopyTo(counter, 0);
counter32 = Pack.BE_To_UInt32(counter, 12);
blocksRemaining = uint.MaxValue - 1;
bufOff = 0;
Expand Down
9 changes: 8 additions & 1 deletion crypto/src/crypto/modes/gcm/BasicGcmExponentiator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,15 @@ public void Init(byte[] x)
{
GcmUtilities.AsFieldElement(x, out this.x);
}

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
public void ExponentiateX(long pow, byte[] output)
{
ExponentiateX(pow, output.AsSpan());
}
public void ExponentiateX(long pow, Span<byte> output)
#else
public void ExponentiateX(long pow, byte[] output)
#endif
{
GcmUtilities.FieldElement y;
GcmUtilities.One(out y);
Expand Down
35 changes: 35 additions & 0 deletions crypto/src/crypto/modes/gcm/GcmUtilities.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,15 @@ internal static void AsBytes(ulong x0, ulong x1, byte[] z)
Pack.UInt64_To_BE(x1, z, 8);
}

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
[MethodImpl(MethodImplOptions.AggressiveInlining)]
internal static void AsBytes(ulong x0, ulong x1, Span<byte> z)
{
Pack.UInt64_To_BE(x0, z, 0);
Pack.UInt64_To_BE(x1, z, 8);
}
#endif

#if NETSTANDARD1_0_OR_GREATER || NETCOREAPP1_0_OR_GREATER
[MethodImpl(MethodImplOptions.AggressiveInlining)]
#endif
Expand All @@ -47,6 +56,14 @@ internal static void AsBytes(ref FieldElement x, byte[] z)
AsBytes(x.n0, x.n1, z);
}

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
[MethodImpl(MethodImplOptions.AggressiveInlining)]
internal static void AsBytes(ref FieldElement x, Span<byte> z)
{
AsBytes(x.n0, x.n1, z);
}
#endif

#if NETSTANDARD1_0_OR_GREATER || NETCOREAPP1_0_OR_GREATER
[MethodImpl(MethodImplOptions.AggressiveInlining)]
#endif
Expand All @@ -56,6 +73,15 @@ internal static void AsFieldElement(byte[] x, out FieldElement z)
z.n1 = Pack.BE_To_UInt64(x, 8);
}

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
[MethodImpl(MethodImplOptions.AggressiveInlining)]
internal static void AsFieldElement(ReadOnlySpan<byte> x, out FieldElement z)
{
z.n0 = Pack.BE_To_UInt64(x, 0);
z.n1 = Pack.BE_To_UInt64(x, 8);
}
#endif

internal static void DivideP(ref FieldElement x, out FieldElement z)
{
ulong x0 = x.n0, x1 = x.n1;
Expand All @@ -72,6 +98,15 @@ internal static void Multiply(byte[] x, byte[] y)
Multiply(ref X, ref Y);
AsBytes(ref X, x);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
internal static void Multiply(Span<byte> x, ReadOnlySpan<byte> y)
{
AsFieldElement(x, out FieldElement X);
AsFieldElement(y, out FieldElement Y);
Multiply(ref X, ref Y);
AsBytes(ref X, x);
}
#endif

internal static void Multiply(ref FieldElement x, ref FieldElement y)
{
Expand Down
7 changes: 5 additions & 2 deletions crypto/src/crypto/modes/gcm/IGcmExponentiator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ namespace Org.BouncyCastle.Crypto.Modes.Gcm
public interface IGcmExponentiator
{
void Init(byte[] x);
void ExponentiateX(long pow, byte[] output);
}
void ExponentiateX(long pow, byte[] output);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
void ExponentiateX(long pow, Span<byte> output);
#endif
}
}
8 changes: 8 additions & 0 deletions crypto/src/crypto/modes/gcm/Tables1kGcmExponentiator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,15 @@ public void Init(byte[] x)
lookupPowX2.Add(y);
}

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
public void ExponentiateX(long pow, byte[] output)
{
ExponentiateX(pow, output.AsSpan());
}
public void ExponentiateX(long pow, Span<byte> output)
#else
public void ExponentiateX(long pow, byte[] output)
#endif
{
GcmUtilities.FieldElement y;
GcmUtilities.One(out y);
Expand Down
Loading