Remove an unnecessary copy of data in aes_gcm_256_decrypt

When truncating the vector, the current implementation creates a copy where we could just truncate in place and not incur the allocation and copy overhead. I also tried to get rid of the `Vec::from` in the decryption step but that just moved the copy into the underlying library so we can't avoid taht cost. I made a note for future reference about that. Change-Id: I5b51194fc6b73e30f25ebc7fd18973c4cc9b8d51
project-oak · Jan 30, 2025 · 0161952 · 0161952
1 parent 7f99062
commit 0161952
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/oak_crypto/src/noise_handshake/mod.rs b/oak_crypto/src/noise_handshake/mod.rs
@@ -128,7 +128,9 @@ fn aes_gcm_256_decrypt(
     nonce: &[u8; NONCE_LEN],
     ciphertext: &[u8],
 ) -> Result<Vec<u8>, Error> {
-    let plaintext =
+    // Aes256Gcm implements Aead in terms of AeadInPlace, so even if you remove the
+    // `Vec::from` here the underlying libraries will end up doing the copy anyway.
+    let mut plaintext =
         crypto_wrapper::aes_256_gcm_open_in_place(key, nonce, &[], Vec::from(ciphertext))
             .map_err(|_| Error::DecryptFailed)?;
 
@@ -138,7 +140,8 @@ fn aes_gcm_256_decrypt(
         return Err(Error::DecryptionPadding);
     }
     let unpadded_length = plaintext.len() - (plaintext[plaintext.len() - 1] as usize);
-    Ok(Vec::from(&plaintext[0..unpadded_length - 1]))
+    plaintext.truncate(unpadded_length - 1);
+    Ok(plaintext)
 }
 
 pub struct OrderedCrypter {