CPU optimizations.

Use get_shared_key() in more places.
This commit is contained in:
irungentoo 2014-03-05 16:54:17 -05:00
parent 3a1f259cb9
commit 3bcc6e2ae5
7 changed files with 89 additions and 46 deletions

View File

@ -114,29 +114,33 @@ static int client_id_cmp(ClientPair p1, ClientPair p2)
return c; return c;
} }
/* Copy shared_key to decrypt DHT packet from client_id into shared_key /* Shared key generations are costly, it is therefor smart to store commonly used
* ones so that they can re used later without being computed again.
*
* If shared key is already in shared_keys, copy it to shared_key.
* else generate it into shared_key and copy it to shared_keys
*/ */
void DHT_get_shared_key(DHT *dht, uint8_t *shared_key, uint8_t *client_id) void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, uint8_t *secret_key, uint8_t *client_id)
{ {
uint32_t i, num = ~0, curr = 0; uint32_t i, num = ~0, curr = 0;
for (i = 0; i < MAX_KEYS_PER_SLOT; ++i) { for (i = 0; i < MAX_KEYS_PER_SLOT; ++i) {
int index = client_id[30] * MAX_KEYS_PER_SLOT + i; int index = client_id[30] * MAX_KEYS_PER_SLOT + i;
if (dht->shared_keys.keys[index].stored) { if (shared_keys->keys[index].stored) {
if (memcmp(client_id, dht->shared_keys.keys[index].client_id, CLIENT_ID_SIZE) == 0) { if (memcmp(client_id, shared_keys->keys[index].client_id, CLIENT_ID_SIZE) == 0) {
memcpy(shared_key, dht->shared_keys.keys[index].shared_key, crypto_box_BEFORENMBYTES); memcpy(shared_key, shared_keys->keys[index].shared_key, crypto_box_BEFORENMBYTES);
++dht->shared_keys.keys[index].times_requested; ++shared_keys->keys[index].times_requested;
dht->shared_keys.keys[index].time_last_requested = unix_time(); shared_keys->keys[index].time_last_requested = unix_time();
return; return;
} }
if (num != 0) { if (num != 0) {
if (is_timeout(dht->shared_keys.keys[index].time_last_requested, KEYS_TIMEOUT)) { if (is_timeout(shared_keys->keys[index].time_last_requested, KEYS_TIMEOUT)) {
num = 0; num = 0;
curr = index; curr = index;
} else if (num > dht->shared_keys.keys[index].times_requested) { } else if (num > shared_keys->keys[index].times_requested) {
num = dht->shared_keys.keys[index].times_requested; num = shared_keys->keys[index].times_requested;
curr = index; curr = index;
} }
} }
@ -148,17 +152,34 @@ void DHT_get_shared_key(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
} }
} }
encrypt_precompute(client_id, dht->self_secret_key, shared_key); encrypt_precompute(client_id, secret_key, shared_key);
if (num != (uint32_t)~0) { if (num != (uint32_t)~0) {
dht->shared_keys.keys[curr].stored = 1; shared_keys->keys[curr].stored = 1;
dht->shared_keys.keys[curr].times_requested = 1; shared_keys->keys[curr].times_requested = 1;
memcpy(dht->shared_keys.keys[curr].client_id, client_id, CLIENT_ID_SIZE); memcpy(shared_keys->keys[curr].client_id, client_id, CLIENT_ID_SIZE);
memcpy(dht->shared_keys.keys[curr].shared_key, shared_key, crypto_box_BEFORENMBYTES); memcpy(shared_keys->keys[curr].shared_key, shared_key, crypto_box_BEFORENMBYTES);
dht->shared_keys.keys[curr].time_last_requested = unix_time(); shared_keys->keys[curr].time_last_requested = unix_time();
} }
} }
/* Copy shared_key to decrypt DHT packet from client_id into shared_key
* for packets that we recieve.
*/
void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
{
return get_shared_key(&dht->shared_keys_recv, shared_key, dht->self_secret_key, client_id);
}
/* Copy shared_key to decrypt DHT packet from client_id into shared_key
* for packets that we send.
*/
void DHT_get_shared_key_sent(DHT *dht, uint8_t *shared_key, uint8_t *client_id)
{
return get_shared_key(&dht->shared_keys_sent, shared_key, dht->self_secret_key, client_id);
}
/* Check if client with client_id is already in list of length length. /* Check if client with client_id is already in list of length length.
* If it is then set its corresponding timestamp to current time. * If it is then set its corresponding timestamp to current time.
* If the id is already in the list with a different ip_port, update it. * If the id is already in the list with a different ip_port, update it.
@ -867,8 +888,9 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
memcpy(plain, client_id, CLIENT_ID_SIZE); memcpy(plain, client_id, CLIENT_ID_SIZE);
memcpy(plain + CLIENT_ID_SIZE, encrypted_message, NODES_ENCRYPTED_MESSAGE_LENGTH); memcpy(plain + CLIENT_ID_SIZE, encrypted_message, NODES_ENCRYPTED_MESSAGE_LENGTH);
int len = encrypt_data( public_key, uint8_t shared_key[crypto_box_BEFORENMBYTES];
dht->self_secret_key, DHT_get_shared_key_sent(dht, shared_key, public_key);
int len = encrypt_data_fast( shared_key,
nonce, nonce,
plain, plain,
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH, CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH,
@ -1036,7 +1058,7 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
uint8_t plain[CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH]; uint8_t plain[CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH];
uint8_t shared_key[crypto_box_BEFORENMBYTES]; uint8_t shared_key[crypto_box_BEFORENMBYTES];
DHT_get_shared_key(dht, shared_key, packet + 1); DHT_get_shared_key_recv(dht, shared_key, packet + 1);
int len = decrypt_data_fast( shared_key, int len = decrypt_data_fast( shared_key,
packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
@ -1111,9 +1133,10 @@ static int handle_sendnodes_core(void *object, IP_Port source, uint8_t *packet,
if (num_nodes > MAX_SENT_NODES) /* too long */ if (num_nodes > MAX_SENT_NODES) /* too long */
return 1; return 1;
int len = decrypt_data( uint8_t shared_key[crypto_box_BEFORENMBYTES];
packet + 1, DHT_get_shared_key_sent(dht, shared_key, packet + 1);
dht->self_secret_key, int len = decrypt_data_fast(
shared_key,
packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
num_nodes * node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES, num_nodes * node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,

View File

@ -146,7 +146,7 @@ typedef struct {
/* struct to store some shared keys so we don't have to regenerate them for each request. */ /* struct to store some shared keys so we don't have to regenerate them for each request. */
#define MAX_KEYS_PER_SLOT 4 #define MAX_KEYS_PER_SLOT 4
#define KEYS_TIMEOUT 600 #define KEYS_TIMEOUT 600
struct SHARED_KEYS { typedef struct {
struct { struct {
uint8_t client_id[CLIENT_ID_SIZE]; uint8_t client_id[CLIENT_ID_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES]; uint8_t shared_key[crypto_box_BEFORENMBYTES];
@ -154,7 +154,7 @@ struct SHARED_KEYS {
uint8_t stored; /* 0 if not, 1 if is */ uint8_t stored; /* 0 if not, 1 if is */
uint64_t time_last_requested; uint64_t time_last_requested;
} keys[256 * MAX_KEYS_PER_SLOT]; } keys[256 * MAX_KEYS_PER_SLOT];
}; } Shared_Keys;
/*----------------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------------*/
@ -175,7 +175,8 @@ typedef struct {
DHT_Friend *friends_list; DHT_Friend *friends_list;
uint16_t num_friends; uint16_t num_friends;
struct SHARED_KEYS shared_keys; Shared_Keys shared_keys_recv;
Shared_Keys shared_keys_sent;
struct PING *ping; struct PING *ping;
#ifdef ENABLE_ASSOC_DHT #ifdef ENABLE_ASSOC_DHT
@ -185,10 +186,23 @@ typedef struct {
} DHT; } DHT;
/*----------------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------------*/
/* Copy shared_key to decrypt DHT packet from client_id into shared_key /* Shared key generations are costly, it is therefor smart to store commonly used
* ones so that they can re used later without being computed again.
*
* If shared key is already in shared_keys, copy it to shared_key.
* else generate it into shared_key and copy it to shared_keys
*/ */
void DHT_get_shared_key(DHT *dht, uint8_t *shared_key, uint8_t *client_id); void get_shared_key(Shared_Keys *shared_keys, uint8_t *shared_key, uint8_t *secret_key, uint8_t *client_id);
/* Copy shared_key to decrypt DHT packet from client_id into shared_key
* for packets that we recieve.
*/
void DHT_get_shared_key_recv(DHT *dht, uint8_t *shared_key, uint8_t *client_id);
/* Copy shared_key to decrypt DHT packet from client_id into shared_key
* for packets that we send.
*/
void DHT_get_shared_key_sent(DHT *dht, uint8_t *shared_key, uint8_t *client_id);
void DHT_getnodes(DHT *dht, IP_Port *from_ipp, uint8_t *from_id, uint8_t *which_id); void DHT_getnodes(DHT *dht, IP_Port *from_ipp, uint8_t *from_id, uint8_t *which_id);

View File

@ -173,9 +173,9 @@ static int handle_send_initial(void *object, IP_Port source, uint8_t *packet, ui
change_symmetric_key(onion); change_symmetric_key(onion);
uint8_t plain[MAX_ONION_SIZE]; uint8_t plain[MAX_ONION_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->self_secret_key, packet + 1, get_shared_key(&onion->shared_keys_1, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain); length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES), plain);
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)) if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES))
@ -219,9 +219,9 @@ static int handle_send_1(void *object, IP_Port source, uint8_t *packet, uint32_t
change_symmetric_key(onion); change_symmetric_key(onion);
uint8_t plain[MAX_ONION_SIZE]; uint8_t plain[MAX_ONION_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->self_secret_key, packet + 1, get_shared_key(&onion->shared_keys_2, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain); length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1), plain);
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES)) if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_1 + crypto_box_MACBYTES))
@ -268,9 +268,9 @@ static int handle_send_2(void *object, IP_Port source, uint8_t *packet, uint32_t
change_symmetric_key(onion); change_symmetric_key(onion);
uint8_t plain[MAX_ONION_SIZE]; uint8_t plain[MAX_ONION_SIZE];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
int len = decrypt_data(packet + 1 + crypto_box_NONCEBYTES, onion->dht->self_secret_key, packet + 1, get_shared_key(&onion->shared_keys_3, shared_key, onion->dht->self_secret_key, packet + 1 + crypto_box_NONCEBYTES);
packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,
length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain); length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2), plain);
if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES)) if ((uint32_t)len != length - (1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES + RETURN_2 + crypto_box_MACBYTES))

View File

@ -30,6 +30,10 @@ typedef struct {
Networking_Core *net; Networking_Core *net;
uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES]; uint8_t secret_symmetric_key[crypto_secretbox_KEYBYTES];
uint64_t timestamp; uint64_t timestamp;
Shared_Keys shared_keys_1;
Shared_Keys shared_keys_2;
Shared_Keys shared_keys_3;
} Onion; } Onion;
#define ONION_RETURN_1 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES) #define ONION_RETURN_1 (crypto_secretbox_NONCEBYTES + sizeof(IP_Port) + crypto_secretbox_MACBYTES)

View File

@ -218,7 +218,7 @@ static int handle_announce_request(void *object, IP_Port source, uint8_t *packet
uint8_t *packet_public_key = packet + 1 + crypto_box_NONCEBYTES; uint8_t *packet_public_key = packet + 1 + crypto_box_NONCEBYTES;
uint8_t shared_key[crypto_box_BEFORENMBYTES]; uint8_t shared_key[crypto_box_BEFORENMBYTES];
encrypt_precompute(packet_public_key, onion_a->dht->self_secret_key, shared_key); get_shared_key(&onion_a->shared_keys_recv, shared_key, onion_a->dht->self_secret_key, packet_public_key);
uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH]; uint8_t plain[ONION_PING_ID_SIZE + crypto_box_PUBLICKEYBYTES + crypto_box_PUBLICKEYBYTES + ONION_ANNOUNCE_SENDBACK_DATA_LENGTH];
int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES, int len = decrypt_data_fast(shared_key, packet + 1, packet + 1 + crypto_box_NONCEBYTES + crypto_box_PUBLICKEYBYTES,

View File

@ -54,6 +54,8 @@ typedef struct {
Onion_Announce_Entry entries[ONION_ANNOUNCE_MAX_ENTRIES]; Onion_Announce_Entry entries[ONION_ANNOUNCE_MAX_ENTRIES];
/* This is crypto_secretbox_KEYBYTES long just so we can use new_symmetric_key() to fill it */ /* This is crypto_secretbox_KEYBYTES long just so we can use new_symmetric_key() to fill it */
uint8_t secret_bytes[crypto_secretbox_KEYBYTES]; uint8_t secret_bytes[crypto_secretbox_KEYBYTES];
Shared_Keys shared_keys_recv;
} Onion_Announce; } Onion_Announce;
/* Create and send an onion announce request packet. /* Create and send an onion announce request packet.

View File

@ -156,7 +156,7 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
uint8_t shared_key[crypto_box_BEFORENMBYTES]; uint8_t shared_key[crypto_box_BEFORENMBYTES];
// generate key to encrypt ping_id with recipient privkey // generate key to encrypt ping_id with recipient privkey
encrypt_precompute(client_id, ping->dht->self_secret_key, shared_key); DHT_get_shared_key_sent(ping->dht, shared_key, client_id);
// Generate random ping_id. // Generate random ping_id.
ping_id = add_ping(ping, ipp, shared_key); ping_id = add_ping(ping, ipp, shared_key);
@ -218,7 +218,7 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
uint8_t shared_key[crypto_box_BEFORENMBYTES]; uint8_t shared_key[crypto_box_BEFORENMBYTES];
// Decrypt ping_id // Decrypt ping_id
DHT_get_shared_key(dht, shared_key, packet + 1); DHT_get_shared_key_recv(dht, shared_key, packet + 1);
rc = decrypt_data_fast(shared_key, rc = decrypt_data_fast(shared_key,
packet + 1 + CLIENT_ID_SIZE, packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES, packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,