Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce memory usage when AEAD en/decrypting large messages #259

Merged
merged 6 commits into from
Dec 16, 2024
Merged

Reduce memory usage when AEAD en/decrypting large messages #259

merged 6 commits into from
Dec 16, 2024

Conversation

twiss
Copy link
Member

@twiss twiss commented Dec 10, 2024

The AEAD code buffered the data to be en/decrypted at multiple points. Firstly, when decrypting, the ciphertext was buffered in order to not pre-allocate the chunk size. However, given RFC9580 caps the chunk size at 4MiB, and most (all?) OSes reuse empty pages, the overhead of allocating the the entire chunk size (256KiB by default in our implementation) is not that large. This leads to a large reduction in memory usage when decrypting large messages, at the cost of somewhat increased memory usage when decrypting small messages. For an added reduction, the ciphertext buffer can be reused for the plaintext, and also for the buffered plaintext when it's read across multiple calls to Read().

Similarly, we can reduce the memory usage when encrypting large messages (though not by as much) by manually buffering the plaintext to be encrypted carefully to reserve space for the tag. That way, the plaintext buffer can be reused for the ciphertext.

Finally, fix OCB en/decryption when reusing the buffer.

Before (chunk size = 256KiB):

BenchmarkEncryptOpenPgpAEAD1KB-20           1000              5906 ns/op           11637 B/op         69 allocs/op
BenchmarkDecryptOpenPgpAEAD1KB-20           1000              7413 ns/op           15664 B/op         82 allocs/op
BenchmarkEncryptOpenPgpAEAD1MB-20           1000           1452205 ns/op         6853508 B/op        104 allocs/op
BenchmarkDecryptOpenPgpAEAD1MB-20           1000           2319484 ns/op        11728449 B/op        337 allocs/op
BenchmarkEncryptOpenPgpAEAD4MB-20           1000           3911609 ns/op        26908267 B/op        202 allocs/op
BenchmarkDecryptOpenPgpAEAD4MB-20           1000           6586654 ns/op        46843797 B/op       1064 allocs/op

After (chunk size = 256KiB):

BenchmarkEncryptOpenPgpAEAD1KB-20           1000             33286 ns/op          279538 B/op         62 allocs/op
BenchmarkDecryptOpenPgpAEAD1KB-20           1000             34539 ns/op          277458 B/op         65 allocs/op
BenchmarkEncryptOpenPgpAEAD1MB-20           1000           1441909 ns/op         5083626 B/op         65 allocs/op
BenchmarkDecryptOpenPgpAEAD1MB-20           1000           1361304 ns/op         5515768 B/op         92 allocs/op
BenchmarkEncryptOpenPgpAEAD4MB-20           1000           3265659 ns/op        17863129 B/op         67 allocs/op
BenchmarkDecryptOpenPgpAEAD4MB-20           1000           3672796 ns/op        21383718 B/op        110 allocs/op

After (chunk size = 4MiB):

BenchmarkEncryptOpenPgpAEAD1KB-20           1000             15371 ns/op           82896 B/op         62 allocs/op
BenchmarkDecryptOpenPgpAEAD1KB-20           1000             18963 ns/op           80848 B/op         65 allocs/op
BenchmarkEncryptOpenPgpAEAD1MB-20           1000           1257834 ns/op         4690397 B/op         67 allocs/op
BenchmarkDecryptOpenPgpAEAD1MB-20           1000           1633398 ns/op         5319211 B/op        104 allocs/op
BenchmarkEncryptOpenPgpAEAD4MB-20           1000           3122793 ns/op        18059736 B/op         69 allocs/op
BenchmarkDecryptOpenPgpAEAD4MB-20           1000           3707209 ns/op        21187301 B/op        159 allocs/op

After (chunk size = message size):

BenchmarkEncryptOpenPgpAEAD1KB-20           1000              5402 ns/op           10320 B/op         62 allocs/op
BenchmarkDecryptOpenPgpAEAD1KB-20           1000              4605 ns/op            8277 B/op         65 allocs/op
BenchmarkEncryptOpenPgpAEAD1MB-20           1000           1416058 ns/op         4690407 B/op         67 allocs/op
BenchmarkDecryptOpenPgpAEAD1MB-20           1000           1530036 ns/op         5319209 B/op        104 allocs/op
BenchmarkEncryptOpenPgpAEAD4MB-20           1000           3060694 ns/op        18059737 B/op         69 allocs/op
BenchmarkDecryptOpenPgpAEAD4MB-20           1000           3710514 ns/op        21187300 B/op        159 allocs/op

Because of the above results, it may be worth setting the chunk size to the message size when known (e.g. in gopenpgp).

@twiss twiss requested a review from lubux December 10, 2024 15:46
@twiss twiss mentioned this pull request Dec 10, 2024
Open
lubux
lubux reviewed Dec 12, 2024
View reviewed changes
Copy link
Member

@lubux lubux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done, I went over most of the logic.
The only thing I did not get is the ar.peekedBytes in the first chunk, but I might have missed something.

@twiss twiss force-pushed the less-memory-large-msgs branch from 172524b to 1fd5ec8 Compare December 16, 2024 11:50
@twiss twiss merged commit be3aef0 into main Dec 16, 2024
8 checks passed
@twiss twiss deleted the less-memory-large-msgs branch December 16, 2024 12:03
DennisRasey pushed a commit to DennisRasey/forgejo that referenced this pull request Jan 8, 2025
Update module github.com/ProtonMail/go-crypto to v1.1.4 (forgejo) (#6…
83aba05 
…499)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | require | patch | `v1.1.3` -> `v1.1.4` |

---

### Release Notes

<details>
<summary>ProtonMail/go-crypto (github.com/ProtonMail/go-crypto)</summary>

### [`v1.1.4`](https://github.com/ProtonMail/go-crypto/releases/tag/v1.1.4)

[Compare Source](ProtonMail/go-crypto@v1.1.3...v1.1.4)

#### What's Changed

-   Emit armor headers in sorted order by [@&#8203;andrewgdotcom](https://github.com/andrewgdotcom) in ProtonMail/go-crypto#255
-   Reduce memory usage when AEAD en/decrypting large messages by [@&#8203;twiss](https://github.com/twiss) in ProtonMail/go-crypto#259
-   Update artifact actions to v4 by [@&#8203;twiss](https://github.com/twiss) in ProtonMail/go-crypto#260

**Full Changelog**: ProtonMail/go-crypto@v1.1.3...v1.1.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS45Mi4wIiwidXBkYXRlZEluVmVyIjoiMzkuOTIuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6499
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lubux lubux lubux approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@twiss @lubux