How to avoid extra memory use during encryption and decryption?

Question

So I have a basic crypto class. Note that this is a simplified implementation to illustrate the question.

Now to my mind both these methods have an extra byte array and string instance.

xmlString and bytes in Encrypt

and

decryptedString and decryptedBytes in Decrypt

So how can I rework the usage of streams in this class to minimize the memory usage?

class Crypto 
{
    Rijndael rijndael;

    public Crypto()
    {
        rijndael = Rijndael.Create();
        rijndael.Key = Encoding.ASCII.GetBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); ;
        rijndael.IV = Encoding.ASCII.GetBytes("bbbbbbbbbbbbbbbb"); ;
        rijndael.Padding = PaddingMode.PKCS7;
    }

    public byte[] Encrypt(object obj)
    {
        var settings = new XmlWriterSettings
            {
                OmitXmlDeclaration = true
            };

        var ns = new XmlSerializerNamespaces();
        ns.Add("", "");

        var sb = new StringBuilder();
        var xmlSerializer = new XmlSerializer(obj.GetType());
        using (var xmlWriter = XmlWriter.Create(sb, settings))
        {
            xmlSerializer.Serialize(xmlWriter, obj, ns);
            xmlWriter.Flush();
        }

        var xmlString = sb.ToString();
        var bytes = Encoding.UTF8.GetBytes(xmlString);
        using (var encryptor = rijndael.CreateEncryptor())
        using (var stream = new MemoryStream())
        using (var crypto = new CryptoStream(stream, encryptor, CryptoStreamMode.Write))
        {
            crypto.Write(bytes, 0, bytes.Length);
            crypto.FlushFinalBlock();
            stream.Position = 0;
            var encrypted = new byte[stream.Length];
            stream.Read(encrypted, 0, encrypted.Length);
            return encrypted;
        }
    }

    public T Decrypt<T>(byte[] encryptedValue)
    {
        byte[] decryptedBytes;
        using (var decryptor = rijndael.CreateDecryptor())
        using (var stream = new MemoryStream())
        using (var crypto = new CryptoStream(stream, decryptor, CryptoStreamMode.Write))
        {
            crypto.Write(encryptedValue, 0, encryptedValue.Length);
            crypto.FlushFinalBlock();
            stream.Position = 0;
            decryptedBytes = new Byte[stream.Length];
            stream.Read(decryptedBytes, 0, decryptedBytes.Length);
        }

        var ser = new XmlSerializer(typeof(T));

        var decryptedString = Encoding.UTF8.GetString(decryptedBytes);
        using (var stringReader = new StringReader(decryptedString))
        using (var xmlReader = new XmlTextReader(stringReader))
        {
            return (T)ser.Deserialize(xmlReader);

        }
    }

}

And here is a unit test

[TestFixture]
public class Tests
{
    [Test]
    public void Run()
    {
        var before = new MyClassForSerialize()
            {
                Property = "Sdf"
            };

        var dataEncryptor = new Crypto();
        var encrypted = dataEncryptor.Encrypt(before);
        var after = dataEncryptor.Decrypt<MyClassForSerialize>(encrypted);
        Assert.AreEqual(before.Property, after.Property);
    }
}
public class MyClassForSerialize
{
    public string Property { get; set; }
}

=== Edit ===

Based on the anser from Damien_The_Unbeliever I tried this. Which fails the unit test

public byte[] Encrypt(object obj)
{
    var settings = new XmlWriterSettings
    {
        OmitXmlDeclaration = true
    };

    var ns = new XmlSerializerNamespaces();
    ns.Add("", "");
    var xmlSerializer = new XmlSerializer(obj.GetType());

    using (var encryptor = rijndael.CreateEncryptor())
    using (var stream = new MemoryStream())
    using (var crypto = new CryptoStream(stream, encryptor, CryptoStreamMode.Write))
    {
        using (var xmlWriter = XmlWriter.Create(crypto, settings))
        {
            xmlSerializer.Serialize(xmlWriter, obj, ns);
            xmlWriter.Flush();
        }
        crypto.FlushFinalBlock();
        stream.Position = 0;
        return stream.ToArray();
    }
}

Just use `Stream`. IOW, serializing xml to a `Stream` will already be in a 'byte' form. — leppie, Dec 19 '12 at 08:02
@leppie I know how it should work :) but i am running on lack of sleep and something about the interaction is alluding me — Simon, Dec 19 '12 at 08:56

score 4 · Accepted Answer · edited Dec 20 '12 at 00:09

You can construct your XmlWriter directly on top of your CryptoStream (pass crypto to XmlWriter.Create), rather than using a separate buffer. (Ditto for decryption)

And MemoryStream has a ToArray method so you don't have to manually allocate, re-position and read from it.

Other than that, it looks like a reasonable implementation - are there specific issues that need fixing?

Based on your edit, if I change decrypt to:

    public T Decrypt<T>(byte[] encryptedValue)
    {
        using (var decryptor = rijndael.CreateDecryptor())
        using (var stream = new MemoryStream(encryptedValue))
            using (var crypto = new CryptoStream(stream, decryptor, CryptoStreamMode.Read))
            using (var xmlReader = XmlReader.Create(crypto))
            {
                var ser = new XmlSerializer(typeof(T));
                return (T)ser.Deserialize(xmlReader);

            }
    }

Then it seems to work for me.

The new version is including an XML BOM, whereas the old one wasn't. The XmlReader should cope, I'd have thought, but appears not to. Try the following settings in Encrypt:

var settings = new XmlWriterSettings
{
    OmitXmlDeclaration = true,
    Encoding = new UTF8Encoding(false)
};

And now it works with the old Decrypt function.

Full Solution

Encrypt

public byte[] Encrypt(object obj)
{
    var settings = new XmlWriterSettings
        {
            OmitXmlDeclaration = true,
            Encoding = new UTF8Encoding(false)
        };

    var ns = new XmlSerializerNamespaces();
    ns.Add("", "");

    var xmlSerializer = new XmlSerializer(obj.GetType());
    using (var encryptor = rijndael.CreateEncryptor())
    using (var stream = new MemoryStream())
    using (var crypto = new CryptoStream(stream, encryptor, CryptoStreamMode.Write))
    {
        using (var xmlWriter = XmlWriter.Create(crypto, settings))
        {
            xmlSerializer.Serialize(xmlWriter, obj, ns);
            xmlWriter.Flush();
        }
        crypto.FlushFinalBlock();
        return stream.ToArray();
    }
}

Decrypt

public T Decrypt<T>(byte[] encryptedValue)
{
    using (var decryptor = rijndael.CreateDecryptor())
    using (var stream = new MemoryStream(encryptedValue))
    using (var crypto = new CryptoStream(stream, decryptor, CryptoStreamMode.Read))
    {
        var ser = new XmlSerializer(typeof(T));
        return (T)ser.Deserialize(crypto);
    }
}

but for the implementation to stay the same the encypted bytes must be the same. why is it different? — Simon, Dec 19 '12 at 10:10
so basically there is already information encrypted with this algorithm. so the implementation has to remain the same — Simon, Dec 19 '12 at 10:56
@Simon - see second update. Seems that including a BOM in the XML upsets the decryption routine. — Damien_The_Unbeliever, Dec 19 '12 at 11:29

How to avoid extra memory use during encryption and decryption?

1 Answers1

Full Solution

Linked