auth: optimize crypto++ key context

The cbc appears to be stateful, but the key is not.

Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 7762f1886cab7f7b941851b0be4ec904723cb0e3)

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index b3898bfe23add98ea10748ead88c34edd94f0b47..cd53fbe8cd8853675ec2669e6f69d97272ef019a 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -117,21 +117,35 @@ public:
 
 class CryptoAESKeyHandler : public CryptoKeyHandler {
 public:
+  CryptoPP::AES::Encryption *enc_key;
+  CryptoPP::AES::Decryption *dec_key;
+
+  CryptoAESKeyHandler()
+    : enc_key(NULL),
+      dec_key(NULL) {}
+  ~CryptoAESKeyHandler() {
+    delete enc_key;
+    delete dec_key;
+  }
+
   int init(const bufferptr& s, ostringstream& err) {
     secret = s;
+
+    enc_key = new CryptoPP::AES::Encryption(
+      (byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);
+    dec_key = new CryptoPP::AES::Decryption(
+      (byte*)secret.c_str(), CryptoPP::AES::DEFAULT_KEYLENGTH);
+
     return 0;
   }
 
   void encrypt(const bufferlist& in,
               bufferlist& out, std::string &error) const {
-    const unsigned char *key = (const unsigned char *)secret.c_str();
-
     string ciphertext;
-    CryptoPP::AES::Encryption aesEncryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
-    CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(
-      aesEncryption, (const byte*)CEPH_AES_IV);
     CryptoPP::StringSink *sink = new CryptoPP::StringSink(ciphertext);
-    CryptoPP::StreamTransformationFilter stfEncryptor(cbcEncryption, sink);
+    CryptoPP::CBC_Mode_ExternalCipher::Encryption cbc(
+      *enc_key, (const byte*)CEPH_AES_IV);
+    CryptoPP::StreamTransformationFilter stfEncryptor(cbc, sink);
 
     for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
         it != in.buffers().end(); ++it) {
@@ -151,15 +165,11 @@ public:
 
   void decrypt(const bufferlist& in,
               bufferlist& out, std::string &error) const {
-    const unsigned char *key = (const unsigned char *)secret.c_str();
-
-    CryptoPP::AES::Decryption aesDecryption(key, CryptoPP::AES::DEFAULT_KEYLENGTH);
-    CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption(
-      aesDecryption, (const byte*)CEPH_AES_IV );
-
     string decryptedtext;
     CryptoPP::StringSink *sink = new CryptoPP::StringSink(decryptedtext);
-    CryptoPP::StreamTransformationFilter stfDecryptor(cbcDecryption, sink);
+    CryptoPP::CBC_Mode_ExternalCipher::Decryption cbc(
+      *dec_key, (const byte*)CEPH_AES_IV );
+    CryptoPP::StreamTransformationFilter stfDecryptor(cbc, sink);
     for (std::list<bufferptr>::const_iterator it = in.buffers().begin();
         it != in.buffers().end(); ++it) {
       const unsigned char *in_buf = (const unsigned char *)it->c_str();