performance: cache session keys per compatible S2K configuration

4 files changed, 159 insertions, 6 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 7394c07c3..7f2a00617 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -19,6 +19,7 @@
 package org.sufficientlysecure.keychain.pgp;
 
 import org.spongycastle.bcpg.S2K;
+import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPPrivateKey;
 import org.spongycastle.openpgp.PGPSecretKey;
@@ -33,6 +34,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPKeyConverter;
 import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
 import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
 import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder;
+import org.spongycastle.openpgp.operator.jcajce.SessionKeySecretKeyDecryptorBuilder;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
@@ -145,13 +147,12 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
             // Otherwise, it's just a regular ol' passphrase
             return SecretKeyType.PASSPHRASE;
         }
-
     }
 
     /**
      * Returns true on right passphrase
      */
-    public boolean unlock(Passphrase passphrase) throws PgpGeneralException {
+    public boolean unlock(final Passphrase passphrase) throws PgpGeneralException {
         // handle keys on OpenPGP cards like they were unlocked
         S2K s2k = mSecretKey.getS2K();
         if (s2k != null
@@ -163,8 +164,26 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
         // try to extract keys using the passphrase
         try {
-            PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
-                    Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
+
+            int keyEncryptionAlgorithm = mSecretKey.getKeyEncryptionAlgorithm();
+            if (keyEncryptionAlgorithm == SymmetricKeyAlgorithmTags.NULL) {
+                mPrivateKey = mSecretKey.extractPrivateKey(null);
+                mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED;
+                return true;
+            }
+
+            byte[] sessionKey;
+            sessionKey = passphrase.getCachedSessionKeyForAlgorithm(keyEncryptionAlgorithm, s2k);
+            if (sessionKey == null) {
+                PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+                        Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
+                // this operation is EXPENSIVE, so we cache its result in the passed Passphrase object!
+                sessionKey = keyDecryptor.makeKeyFromPassPhrase(keyEncryptionAlgorithm, s2k);
+                passphrase.addCachedSessionKey(keyEncryptionAlgorithm, s2k, sessionKey);
+            }
+
+            PBESecretKeyDecryptor keyDecryptor = new SessionKeySecretKeyDecryptorBuilder()
+                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(sessionKey);
             mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor);
             mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED;
         } catch (PGPException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/ComparableS2K.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/ComparableS2K.java
new file mode 100644
index 000000000..b10f77739
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/ComparableS2K.java
@@ -0,0 +1,91 @@
+package org.sufficientlysecure.keychain.pgp;
+
+
+import java.util.Arrays;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import org.spongycastle.bcpg.S2K;
+
+
+public class ComparableS2K implements Parcelable {
+
+    int encryptionAlgorithm;
+    int s2kType;
+    int s2kHashAlgo;
+    long s2kItCount;
+    byte[] s2kIV;
+
+    Integer cachedHashCode;
+
+    public ComparableS2K(int encryptionAlgorithm, S2K s2k) {
+        this.encryptionAlgorithm = encryptionAlgorithm;
+        this.s2kType = s2k.getType();
+        this.s2kHashAlgo = s2k.getHashAlgorithm();
+        this.s2kItCount = s2k.getIterationCount();
+        this.s2kIV = s2k.getIV();
+    }
+
+    protected ComparableS2K(Parcel in) {
+        encryptionAlgorithm = in.readInt();
+        s2kType = in.readInt();
+        s2kHashAlgo = in.readInt();
+        s2kItCount = in.readLong();
+        s2kIV = in.createByteArray();
+    }
+
+    @Override
+    public int hashCode() {
+        if (cachedHashCode == null) {
+            cachedHashCode = encryptionAlgorithm;
+            cachedHashCode *= 31 * s2kType;
+            cachedHashCode *= 31 * s2kHashAlgo;
+            cachedHashCode *= (int) (31 * s2kItCount);
+            cachedHashCode *= 31 * Arrays.hashCode(s2kIV);
+        }
+
+        return cachedHashCode;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        boolean isComparableS2K = o instanceof ComparableS2K;
+        if (!isComparableS2K) {
+            return false;
+        }
+        ComparableS2K other = (ComparableS2K) o;
+        return encryptionAlgorithm == other.encryptionAlgorithm
+                && s2kType == other.s2kType
+                && s2kHashAlgo == other.s2kHashAlgo
+                && s2kItCount == other.s2kItCount
+                && Arrays.equals(s2kIV, other.s2kIV);
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeInt(encryptionAlgorithm);
+        dest.writeInt(s2kType);
+        dest.writeInt(s2kHashAlgo);
+        dest.writeLong(s2kItCount);
+        dest.writeByteArray(s2kIV);
+    }
+
+    public static final Creator<ComparableS2K> CREATOR = new Creator<ComparableS2K>() {
+        @Override
+        public ComparableS2K createFromParcel(Parcel in) {
+            return new ComparableS2K(in);
+        }
+
+        @Override
+        public ComparableS2K[] newArray(int size) {
+            return new ComparableS2K[size];
+        }
+    };
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
index ea7465209..79a7a8fe1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
@@ -610,6 +610,8 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
 
                 if (secretEncryptionKey.getSecretKeyType() == SecretKeyType.DIVERT_TO_CARD) {
                     passphrase = null;
+                } else if (secretKeyType == SecretKeyType.PASSPHRASE_EMPTY) {
+                    passphrase = new Passphrase("");
                 } else if (cryptoInput.hasPassphrase()) {
                     passphrase = cryptoInput.getPassphrase();
                 } else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Passphrase.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Passphrase.java
index fe42c7a2c..bb54f8024 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Passphrase.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Passphrase.java
@@ -22,9 +22,14 @@ import android.os.Parcelable;
 import android.text.Editable;
 import android.widget.EditText;
 
+import org.spongycastle.bcpg.S2K;
 import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.pgp.ComparableS2K;
 
 import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map.Entry;
+
 
 /**
  * Passwords should not be stored as Strings in memory.
@@ -38,6 +43,7 @@ import java.util.Arrays;
  */
 public class Passphrase implements Parcelable {
     private char[] mPassphrase;
+    HashMap<ComparableS2K, byte[]> mCachedSessionKeys;
 
     /**
      * According to http://stackoverflow.com/a/15844273 EditText is not using String internally
@@ -87,8 +93,18 @@ public class Passphrase implements Parcelable {
         return mPassphrase.length;
     }
 
-    public char charAt(int index) {
-        return mPassphrase[index];
+    public byte[] getCachedSessionKeyForAlgorithm(int keyEncryptionAlgorithm, S2K s2k) {
+        if (mCachedSessionKeys == null) {
+            return null;
+        }
+        return mCachedSessionKeys.get(new ComparableS2K(keyEncryptionAlgorithm, s2k));
+    }
+
+    public void addCachedSessionKey(int keyEncryptionAlgorithm, S2K s2k, byte[] sessionKey) {
+        if (mCachedSessionKeys == null) {
+            mCachedSessionKeys = new HashMap<>();
+        }
+        mCachedSessionKeys.put(new ComparableS2K(keyEncryptionAlgorithm, s2k), sessionKey);
     }
 
     /**
@@ -98,6 +114,12 @@ public class Passphrase implements Parcelable {
         if (mPassphrase != null) {
             Arrays.fill(mPassphrase, ' ');
         }
+        if (mCachedSessionKeys == null) {
+            return;
+        }
+        for (byte[] cachedSessionKey : mCachedSessionKeys.values()) {
+            Arrays.fill(cachedSessionKey, (byte) 0);
+        }
     }
 
     @Override
@@ -144,10 +166,29 @@ public class Passphrase implements Parcelable {
 
     private Passphrase(Parcel source) {
         mPassphrase = source.createCharArray();
+        int size = source.readInt();
+        if (size == 0) {
+            return;
+        }
+        mCachedSessionKeys = new HashMap<>(size);
+        for (int i = 0; i < size; i++) {
+            ComparableS2K cachedS2K = source.readParcelable(getClass().getClassLoader());
+            byte[] cachedSessionKey = source.createByteArray();
+            mCachedSessionKeys.put(cachedS2K, cachedSessionKey);
+        }
     }
 
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeCharArray(mPassphrase);
+        if (mCachedSessionKeys == null || mCachedSessionKeys.isEmpty()) {
+            dest.writeInt(0);
+            return;
+        }
+        dest.writeInt(mCachedSessionKeys.size());
+        for (Entry<ComparableS2K,byte[]> entry : mCachedSessionKeys.entrySet()) {
+            dest.writeParcelable(entry.getKey(), 0);
+            dest.writeByteArray(entry.getValue());
+        }
     }
 
     public static final Creator<Passphrase> CREATOR = new Creator<Passphrase>() {