From b9074fa1ed489993d60ce873fd8105a95d30782a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Jeli=C5=84ski?= Date: Thu, 15 Dec 2022 06:54:33 +0000 Subject: [PATCH] 8298249: Excessive memory allocation in CipherInputStream AEAD decryption Reviewed-by: ascarpino, valeriep --- .../javax/crypto/CipherInputStream.java | 30 ++++- .../crypto/full/AESGCMCipherInputStream.java | 120 ++++++++++++++++++ 2 files changed, 146 insertions(+), 4 deletions(-) create mode 100644 test/micro/org/openjdk/bench/javax/crypto/full/AESGCMCipherInputStream.java diff --git a/src/java.base/share/classes/javax/crypto/CipherInputStream.java b/src/java.base/share/classes/javax/crypto/CipherInputStream.java index a7637e4b811..3505d43b11b 100644 --- a/src/java.base/share/classes/javax/crypto/CipherInputStream.java +++ b/src/java.base/share/classes/javax/crypto/CipherInputStream.java @@ -105,11 +105,17 @@ public class CipherInputStream extends FilterInputStream { * operation, given the input length {@code inLen} (in bytes) * The ostart and ofinish indices are reset to 0. * + * If obuffer is null/zero-sized, do not allocate a new buffer. + * This reduces allocation for AEAD ciphers that never return data from update + * * @param inLen the input length (in bytes) */ private void ensureCapacity(int inLen) { + if (obuffer == null || obuffer.length == 0) { + return; + } int minLen = cipher.getOutputSize(inLen); - if (obuffer == null || obuffer.length < minLen) { + if (obuffer.length < minLen) { obuffer = new byte[minLen]; } ostart = 0; @@ -142,7 +148,12 @@ public class CipherInputStream extends FilterInputStream { done = true; ensureCapacity(0); try { - ofinish = cipher.doFinal(obuffer, 0); + if (obuffer != null && obuffer.length > 0) { + ofinish = cipher.doFinal(obuffer, 0); + } else { + obuffer = cipher.doFinal(); + ofinish = obuffer.length; + } } catch (IllegalBlockSizeException | BadPaddingException | ShortBufferException e) { throw new IOException(e); @@ -155,7 +166,14 @@ public class CipherInputStream extends FilterInputStream { } ensureCapacity(readin); try { - ofinish = cipher.update(ibuffer, 0, readin, obuffer, ostart); + // initial obuffer is assigned by update/doFinal; + // for AEAD ciphers, obuffer is always null or zero-length here + if (obuffer != null && obuffer.length > 0) { + ofinish = cipher.update(ibuffer, 0, readin, obuffer, ostart); + } else { + obuffer = cipher.update(ibuffer, 0, readin); + ofinish = (obuffer != null) ? obuffer.length : 0; + } } catch (IllegalStateException e) { throw e; } catch (ShortBufferException e) { @@ -343,7 +361,11 @@ public class CipherInputStream extends FilterInputStream { if (!done) { ensureCapacity(0); try { - cipher.doFinal(obuffer, 0); + if (obuffer != null && obuffer.length > 0) { + cipher.doFinal(obuffer, 0); + } else { + cipher.doFinal(); + } } catch (BadPaddingException | IllegalBlockSizeException | ShortBufferException ex) { // Catch exceptions as the rest of the stream is unused. diff --git a/test/micro/org/openjdk/bench/javax/crypto/full/AESGCMCipherInputStream.java b/test/micro/org/openjdk/bench/javax/crypto/full/AESGCMCipherInputStream.java new file mode 100644 index 00000000000..69d379a8a83 --- /dev/null +++ b/test/micro/org/openjdk/bench/javax/crypto/full/AESGCMCipherInputStream.java @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ +package org.openjdk.bench.javax.crypto.full; + +import org.openjdk.jmh.annotations.Benchmark; +import org.openjdk.jmh.annotations.Param; +import org.openjdk.jmh.annotations.Setup; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; + +/** + * This performance test runs AES/GCM encryption and decryption using CipherInputStream. + * + * This test rotates the IV and creates a new GCMParameterSpec for each encrypt + * benchmark operation + */ + +public class AESGCMCipherInputStream extends CryptoBase { + + @Param({"128"}) + private int keyLength; + + @Param({"16384", "1048576"}) + private int dataSize; + + byte[] encryptedData; + byte[] in; + ByteArrayOutputStream out; + private Cipher encryptCipher; + private Cipher decryptCipher; + SecretKeySpec ks; + GCMParameterSpec gcm_spec; + byte[] iv; + + private static final int IV_BUFFER_SIZE = 32; + private static final int IV_MODULO = IV_BUFFER_SIZE - 16; + int iv_index = 0; + + private int next_iv_index() { + int r = iv_index; + iv_index = (iv_index + 1) % IV_MODULO; + return r; + } + + @Setup + public void setup() throws Exception { + setupProvider(); + + // Setup key material + byte[] keystring = fillSecureRandom(new byte[keyLength / 8]); + ks = new SecretKeySpec(keystring, "AES"); + iv = fillSecureRandom(new byte[IV_BUFFER_SIZE]); + gcm_spec = new GCMParameterSpec(96, iv, next_iv_index(), 16); + + // Setup Cipher classes + encryptCipher = makeCipher(prov, "AES/GCM/NoPadding"); + encryptCipher.init(Cipher.ENCRYPT_MODE, ks, gcm_spec); + decryptCipher = makeCipher(prov, "AES/GCM/NoPadding"); + decryptCipher.init(Cipher.DECRYPT_MODE, ks, + encryptCipher.getParameters(). + getParameterSpec(GCMParameterSpec.class)); + + // Setup input/output buffers + in = fillRandom(new byte[dataSize]); + encryptedData = new byte[encryptCipher.getOutputSize(in.length)]; + out = new ByteArrayOutputStream(encryptedData.length); + encryptCipher.doFinal(in, 0, in.length, encryptedData, 0); + } + + @Benchmark + public byte[] encrypt() throws Exception { + out.reset(); + gcm_spec = new GCMParameterSpec(96, iv, next_iv_index(), 16); + encryptCipher.init(Cipher.ENCRYPT_MODE, ks, gcm_spec); + ByteArrayInputStream fin = new ByteArrayInputStream(in); + InputStream cin = new CipherInputStream(fin, encryptCipher); + + cin.transferTo(out); + return out.toByteArray(); + } + + @Benchmark + public byte[] decrypt() throws Exception { + out.reset(); + decryptCipher.init(Cipher.DECRYPT_MODE, ks, + encryptCipher.getParameters(). + getParameterSpec(GCMParameterSpec.class)); + ByteArrayInputStream fin = new ByteArrayInputStream(encryptedData); + InputStream cin = new CipherInputStream(fin, decryptCipher); + + cin.transferTo(out); + return out.toByteArray(); + } +}