Pre-initialize vectors when the capacity is known, or use arrays

Co-authored-by: Jack Grigg <thestr4d@gmail.com>

age/src/cli_common.rs

@@ -108,7 +108,7 @@ pub fn read_identities(
     filenames: Vec<String>,
     max_work_factor: Option<u8>,
 ) -> Result<Vec<Box<dyn Identity>>, ReadError> {
-    let mut identities: Vec<Box<dyn Identity>> = vec![];
+    let mut identities: Vec<Box<dyn Identity>> = Vec::with_capacity(filenames.len());
 
     for filename in filenames {
         #[cfg(feature = "armor")]

age/src/scrypt.rs

@@ -84,9 +84,9 @@ impl crate::Recipient for Recipient {
         let mut salt = [0; SALT_LEN];
         OsRng.fill_bytes(&mut salt);
 
-        let mut inner_salt = vec![];
+        let mut inner_salt = [0; SCRYPT_SALT_LABEL.len() + SALT_LEN];
-        inner_salt.extend_from_slice(SCRYPT_SALT_LABEL);
+        inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL);
-        inner_salt.extend_from_slice(&salt);
+        inner_salt[SCRYPT_SALT_LABEL.len()..].copy_from_slice(&salt);
 
         let log_n = target_scrypt_work_factor();
 
@@ -137,9 +137,9 @@ impl<'a> crate::Identity for Identity<'a> {
             }));
         }
 
-        let mut inner_salt = vec![];
+        let mut inner_salt = [0; SCRYPT_SALT_LABEL.len() + SALT_LEN];
-        inner_salt.extend_from_slice(SCRYPT_SALT_LABEL);
+        inner_salt[..SCRYPT_SALT_LABEL.len()].copy_from_slice(SCRYPT_SALT_LABEL);
-        inner_salt.extend_from_slice(&salt);
+        inner_salt[SCRYPT_SALT_LABEL.len()..].copy_from_slice(&salt);
 
         let enc_key = match scrypt(&inner_salt, log_n, self.passphrase.expose_secret()) {
             Ok(k) => k,

age/src/ssh/identity.rs

@@ -96,9 +96,9 @@ impl UnencryptedKey {
                 let shared_secret = tweak
                     .diffie_hellman(&X25519PublicKey::from(*sk.diffie_hellman(&epk).as_bytes()));
 
-                let mut salt = vec![];
+                let mut salt = [0; 64];
-                salt.extend_from_slice(epk.as_bytes());
+                salt[..32].copy_from_slice(epk.as_bytes());
-                salt.extend_from_slice(pk.as_bytes());
+                salt[32..].copy_from_slice(pk.as_bytes());
 
                 let enc_key = hkdf(
                     &salt,

age/src/ssh/recipient.rs

@@ -147,9 +147,9 @@ impl crate::Recipient for Recipient {
                 let shared_secret =
                     tweak.diffie_hellman(&(*esk.diffie_hellman(&pk).as_bytes()).into());
 
-                let mut salt = vec![];
+                let mut salt = [0; 64];
-                salt.extend_from_slice(epk.as_bytes());
+                salt[..32].copy_from_slice(epk.as_bytes());
-                salt.extend_from_slice(pk.as_bytes());
+                salt[32..].copy_from_slice(pk.as_bytes());
 
                 let enc_key = hkdf(
                     &salt,

age/src/x25519.rs

@@ -120,9 +120,9 @@ impl crate::Identity for Identity {
             return Some(Err(DecryptError::InvalidHeader));
         }
 
-        let mut salt = vec![];
+        let mut salt = [0; 64];
-        salt.extend_from_slice(epk.as_bytes());
+        salt[..32].copy_from_slice(epk.as_bytes());
-        salt.extend_from_slice(pk.as_bytes());
+        salt[32..].copy_from_slice(pk.as_bytes());
 
         let enc_key = hkdf(&salt, X25519_RECIPIENT_KEY_LABEL, shared_secret.as_bytes());
 
@@ -204,9 +204,9 @@ impl crate::Recipient for Recipient {
             panic!("Generated the all-zero esk; OS RNG is likely failing!");
         }
 
-        let mut salt = vec![];
+        let mut salt = [0; 64];
-        salt.extend_from_slice(epk.as_bytes());
+        salt[..32].copy_from_slice(epk.as_bytes());
-        salt.extend_from_slice(self.0.as_bytes());
+        salt[32..].copy_from_slice(self.0.as_bytes());
 
         let enc_key = hkdf(&salt, X25519_RECIPIENT_KEY_LABEL, shared_secret.as_bytes());
         let encrypted_file_key = aead_encrypt(&enc_key, file_key.expose_secret());