Android：AEAD密码的CipherStream-API速度慢 [英] Android: CipherStream-API for AEAD Ciphers inacceptable slow

问题描述

我们有一个Android应用，可通过HTTP流对大型（最大100MB）文件进行解密和加密。

We are having an android app which a decrypting and encrypting large (up to 100MB) files over HTTP-Streams.

因此，我们使用的是 CipherInputStreams 和 CipherOutputStreams 可以很好地用于 AES / CBC / PKCS7Padding 。我们最近切换到了 AES / GCM / NoPadding 。现在，对于大约50MB以上的文件，加密和解密的速度太慢了。

Therefore, we are using CipherInputStreams and CipherOutputStreams which works fine for AES/CBC/PKCS7Padding. We recently switched to AES/GCM/NoPadding. Now the encryption and decryption is inacceptable slow for files over roughly 50MB.

调试到android源代码后，发现了以下问题： https://android.googlesource.com/platform/ libcore / + / master / ojluni / src / main / java / javax / crypto / CipherInputStream.java＃112

Debugging into the android source code, reveals the issues: https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#112

此方法具有字节缓冲区 oBuffer它被重新分配并增加了512位，直到它可以容纳整个消息为止（请参见以下行： https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax /crypto/CipherInputStream.java#121 ）

This method has byte buffer "oBuffer" which is reallocated and increased by 512bits until it can hold the whole message (see line: https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#121)

我知道有关此方法的注释，该注释表明在AEAD中对整个消息进行加密作为缓冲。这是一个问题，因为我们无法将整个消息保存到内存缓冲区中。另一个问题是oBuffer会不断重新分配。

I am aware of the note over this method which stated that in AEAD ciphers the whole message has to be buffered. This is one issue, because we cannot hold the whole message into a memory buffer. Another issue is that the oBuffer is constantly reallocated.

使用流媒体API来使用GCM是否有任何解决方案？

Is there any solution for using GCM with a streaming API?

推荐答案

将文件拆分成多个部分并进行链接是您的解决方案。

Splitting the file into the parts and chaining is a solution for you.

假设您将文件划分为 n 个零件。使用以下附加功能，使用AES-GCM对每个加密。在加密之前对每个部分进行以下前缀;

Assume that you divide the file into n parts. Encrypt each of them with AES-GCM with the following additions. Prefix each part before encryption as follows;

tag_0 = ''
for i from 1 to n
    ciphertextBlock_i, tag_i = AES-GCM( i:n || tag_i-1 || plaintextBlock_i)

• 为每个零件加上前缀，零件编号为 i：n


• 为每个零件加上前缀，第一个零件带有



有了这些，您现在有了一个可以在解密后进行控制的链。您可以检测，添加，删除。订单由您控制，即使没有订单也可以发送。但是，您需要检查前缀。

With these, you have now a chain that can be controlled after decryption. You can detect, additions, deletions. The order is under your control, you can send even without the order. However, you need to check the prefix.

您还可以



• 添加部件的大小，并且


• 也添加加密时间，如果您担心重播攻击的话。



这篇关于Android：AEAD密码的CipherStream-API速度慢的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！