Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize Secure Message length #777

Merged
merged 4 commits into from
Feb 13, 2021
Merged

Optimize Secure Message length #777

merged 4 commits into from
Feb 13, 2021

Conversation

ilammy
Copy link
Collaborator

@ilammy ilammy commented Feb 11, 2021

Following #775, make the same changes to JavaThemis to slightly reduce the length of Secure Message signatures. At a cost, though.

JavaThemis has the same issue as GoThemis and ThemisPP had: it disregards the real size of Secure Message output as reported by the second call to themis_secure_message_...() functions. The first call will only report an upper bound to the output length, not the actual length—which is only know after processing.

Unfortunately, JVM arrays cannot be resized after they are allocated and JavaThemis API returns plain arrays. Hence, in order for the array to have correct size, we need to buffer Themis output in the native code before allocating a JVM array.

This has a side effect of adding more allocations to the happy path: previously, if you were lucky, Themis Core could write directly into JVM heap and no copying or reallocation would have taken place. Now JNI code always allocates a temporary buffer and makes a copy of it.

(Another minor side effect is that in case of a failure JNI code no longer allocates a JVM array beforehand, slightly relieving the GC pressure.)

Checklist

  • Change is covered by automated tests
  • Benchmark results are attached
    • Strictly speaking, this gotta be benchmarked, but I'm too lazy for that now. It's not like any decision will be made based on those results, they would be more for curiosity. JavaThemis has no benchmarking harness whatsoever and making one takes time. Do we need it that much?
  • The coding guidelines are followed
  • Changelog is updated

@ilammy
Fix a possible memory leak
be1a67d 
Instead of immediately returning from this function, previously
allocated resources need to be freed first. Also, use "goto err" just
for the sake of error handling consistency.
@ilammy
Fix Secure Message output length
d332940 
JavaThemis has the same issue as GoThemis and ThemisPP had: it
disregards the real size of Secure Message output as reported by the
second call to themis_secure_message_...() functions. The first call
will only report an upper bound to the output length, not the actual
length--which is only know after processing.

Unfortunately, JVM arrays cannot be resized after they are allocated
and JavaThemis API returns plain arrays. Hence, in order for the array
to have correct size, we need to buffer Themis output in the native
code before allocating a JVM array.

This has a side effect of adding more allocations to the happy path:
previously, if you were lucky, Themis Core could write directly into
JVM heap and no copying or reallocation would have taked place. Now
JNI code always allocates a temporary buffer and makes a copy of it.

(Another minor side effect is that in case of a failure JNI code no
longer allocates a JVM array beforehand, slightly relieving the GC
pressure.)
@ilammy
Drop a line into the changelog
daf3f60 
777 GET!
@ilammy
Test for overlong signatures in Java
bc23f04 
Port the test for overlong Secure Message signatures from GoThemis and
ThemisPP into Java land. Just to make sure.
@ilammy ilammy added the W-JavaThemis ☕ Wrapper: Java, Java and Kotlin API label Feb 11, 2021
@ilammy ilammy requested review from vixentael, iamnotacake and a team February 11, 2021 04:50
vixentael
vixentael approved these changes Feb 11, 2021
View reviewed changes
jni/themis_message.c
goto err;
}

output_bytes = (*env)->GetPrimitiveArrayCritical(env, output, NULL);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we pause garbage collectors here, moves bytes from output_buffer to output_bytes, and un-pause garbage collectors, right?

i followed description of GetPrimitiveArrayCritical at SO.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we pause garbage collectors here, moves bytes from output_buffer to output_bytes, and un-pause garbage collectors, right?

Basically yeah. Either pause to synchronize access, or making a copy and synchronizing copying it back.

This may or may not have an effect on the overall system. I'm sure there are effects to using both critical and non-critical variants, but I'm not an expert on Dalvik or other JVMs so have no clue on how strong those effects can be.

@ilammy ilammy merged commit 339e682 into cossacklabs:master Feb 13, 2021
@ilammy ilammy deleted the smessage-overlong-java branch February 13, 2021 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vixentael vixentael vixentael approved these changes

@iamnotacake iamnotacake Awaiting requested review from iamnotacake

Assignees
No one assigned
Labels
W-JavaThemis ☕ Wrapper: Java, Java and Kotlin API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ilammy @vixentael