Some small DHT CPU optimizations.

Only compute the shared key once instead of twice for received DHT
requests/responses.
This commit is contained in:
irungentoo 2014-03-01 21:18:53 -05:00
parent 16b93e823b
commit de69dcef24
2 changed files with 38 additions and 35 deletions

View File

@ -844,7 +844,8 @@ static int getnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cli
/* because of BINARY compatibility, the Node_format MUST BE Node4_format,
* IPv6 nodes are sent in a different message
* encrypted_data must be of size NODES_ENCRYPTED_MESSAGE_LENGTH */
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data)
static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data,
uint8_t *shared_encryption_key)
{
/* Check if packet is going to be sent to ourself. */
if (id_equal(public_key, dht->self_public_key))
@ -891,12 +892,11 @@ static int sendnodes(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *cl
}
memcpy(plain + num_nodes * Node4_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
int len = encrypt_data( public_key,
dht->self_secret_key,
nonce,
plain,
num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt );
int len = encrypt_data_fast( shared_encryption_key,
nonce,
plain,
num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt );
if ((unsigned int)len != num_nodes * Node4_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH +
crypto_box_MACBYTES)
@ -930,7 +930,8 @@ void to_host_family(IP *ip)
ip->family = AF_INET6;
}
/* Send a send nodes response: message for IPv6 nodes */
static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data)
static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_t *client_id, uint8_t *encrypted_data,
uint8_t *shared_encryption_key)
{
/* Check if packet is going to be sent to ourself. */
if (id_equal(public_key, dht->self_public_key))
@ -958,12 +959,11 @@ static int sendnodes_ipv6(DHT *dht, IP_Port ip_port, uint8_t *public_key, uint8_
memcpy(plain, nodes_list, num_nodes * Node_format_size);
memcpy(plain + num_nodes * Node_format_size, encrypted_data, NODES_ENCRYPTED_MESSAGE_LENGTH);
int len = encrypt_data( public_key,
dht->self_secret_key,
nonce,
plain,
num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt );
int len = encrypt_data_fast( shared_encryption_key,
nonce,
plain,
num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH,
encrypt );
if ((unsigned int)len != num_nodes * Node_format_size + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES)
return -1;
@ -989,20 +989,21 @@ static int handle_getnodes(void *object, IP_Port source, uint8_t *packet, uint32
return 1;
uint8_t plain[CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH];
uint8_t shared_key[crypto_box_BEFORENMBYTES];
int len = decrypt_data( packet + 1,
dht->self_secret_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
plain );
encrypt_precompute(packet + 1, dht->self_secret_key, shared_key);
int len = decrypt_data_fast( shared_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH + crypto_box_MACBYTES,
plain );
if (len != CLIENT_ID_SIZE + NODES_ENCRYPTED_MESSAGE_LENGTH)
return 1;
sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE);
sendnodes(dht, source, packet + 1, plain, plain + CLIENT_ID_SIZE, shared_key);
sendnodes_ipv6(dht, source, packet + 1, plain,
plain + CLIENT_ID_SIZE); /* TODO: prevent possible amplification attacks */
plain + CLIENT_ID_SIZE, shared_key); /* TODO: prevent possible amplification attacks */
add_toping(dht->ping, packet + 1, source);
//send_ping_request(dht, source, packet + 1); /* TODO: make this smarter? */

View File

@ -171,7 +171,8 @@ int send_ping_request(PING *ping, IP_Port ipp, uint8_t *client_id)
return sendpacket(ping->dht->net, ipp, pk, sizeof(pk));
}
static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint64_t ping_id)
static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint64_t ping_id,
uint8_t *shared_encryption_key)
{
uint8_t pk[DHT_PING_SIZE];
int rc;
@ -184,11 +185,10 @@ static int send_ping_response(PING *ping, IP_Port ipp, uint8_t *client_id, uint6
new_nonce(pk + 1 + CLIENT_ID_SIZE); // Generate new nonce
// Encrypt ping_id using recipient privkey
rc = encrypt_data(client_id,
ping->dht->self_secret_key,
pk + 1 + CLIENT_ID_SIZE,
(uint8_t *) &ping_id, sizeof(ping_id),
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES);
rc = encrypt_data_fast(shared_encryption_key,
pk + 1 + CLIENT_ID_SIZE,
(uint8_t *) &ping_id, sizeof(ping_id),
pk + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES );
if (rc != sizeof(ping_id) + crypto_box_MACBYTES)
return 1;
@ -210,19 +210,21 @@ static int handle_ping_request(void *_dht, IP_Port source, uint8_t *packet, uint
if (id_equal(packet + 1, ping->dht->self_public_key))
return 1;
uint8_t shared_key[crypto_box_BEFORENMBYTES];
// Decrypt ping_id
rc = decrypt_data(packet + 1,
ping->dht->self_secret_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + crypto_box_MACBYTES,
(uint8_t *) &ping_id);
encrypt_precompute(packet + 1, ping->dht->self_secret_key, shared_key);
rc = decrypt_data_fast(shared_key,
packet + 1 + CLIENT_ID_SIZE,
packet + 1 + CLIENT_ID_SIZE + crypto_box_NONCEBYTES,
sizeof(ping_id) + crypto_box_MACBYTES,
(uint8_t *) &ping_id );
if (rc != sizeof(ping_id))
return 1;
// Send response
send_ping_response(ping, source, packet + 1, ping_id);
send_ping_response(ping, source, packet + 1, ping_id, shared_key);
add_toping(ping, packet + 1, source);
return 0;