各地可怕的SecretKeyFactory性能,LVL和AESObfuscator什么办法? [英] Any way around awful SecretKeyFactory performance with LVL and AESObfuscator?
问题描述
我期待使用新的许可(LVL)的东西与Android市场,但我正在与股票AESObfuscator性能问题。具体来说,构造花费几秒钟的设备(模拟器上纯的痛苦)上运行。由于这code需要运行,甚至检查缓存许可证的响应,提出了严重的阻尼器在启动时检查许可证。
I'm looking to use the new licensing (LVL) stuff with Android Marketplace, but I'm running into a performance problem with the stock AESObfuscator. Specifically, the constructor takes several seconds to run on a device (pure agony on emulator). Since this code needs to run to even check for cached license responses, it puts a serious damper on checking the license at startup.
运行拉特示例应用程序,这是我的野蛮式AESObfuscator的构造函数的分析:
Running the LVL sample app, here's my barbarian-style profiling of AESObfuscator's constructor:
public AESObfuscator(byte[] salt, String applicationId, String deviceId) {
Log.w("AESObfuscator", "constructor starting");
try {
Log.w("AESObfuscator", "1");
SecretKeyFactory factory = SecretKeyFactory.getInstance(KEYGEN_ALGORITHM);
Log.w("AESObfuscator", "2");
KeySpec keySpec =
new PBEKeySpec((applicationId + deviceId).toCharArray(), salt, 1024, 256);
Log.w("AESObfuscator", "3");
SecretKey tmp = factory.generateSecret(keySpec);
Log.w("AESObfuscator", "4");
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
Log.w("AESObfuscator", "5");
mEncryptor = Cipher.getInstance(CIPHER_ALGORITHM);
Log.w("AESObfuscator", "6");
mEncryptor.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(IV));
Log.w("AESObfuscator", "7");
mDecryptor = Cipher.getInstance(CIPHER_ALGORITHM);
Log.w("AESObfuscator", "8");
mDecryptor.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(IV));
} catch (GeneralSecurityException e) {
// This can't happen on a compatible Android device.
throw new RuntimeException("Invalid environment", e);
}
Log.w("AESObfuscator", "constructor done");
}
上的输出Nexus One的:
The output on a Nexus One:
09-28 09:29:02.799: INFO/System.out(12377): debugger has settled (1396)
09-28 09:29:02.988: WARN/AESObfuscator(12377): constructor starting
09-28 09:29:02.988: WARN/AESObfuscator(12377): 1
09-28 09:29:02.999: WARN/AESObfuscator(12377): 2
09-28 09:29:02.999: WARN/AESObfuscator(12377): 3
09-28 09:29:09.369: WARN/AESObfuscator(12377): 4
09-28 09:29:09.369: WARN/AESObfuscator(12377): 5
09-28 09:29:10.389: WARN/AESObfuscator(12377): 6
09-28 09:29:10.398: WARN/AESObfuscator(12377): 7
09-28 09:29:10.398: WARN/AESObfuscator(12377): 8
09-28 09:29:10.409: WARN/AESObfuscator(12377): constructor done
09-28 09:29:10.409: WARN/ActivityManager(83): Launch timeout has expired, giving up wake lock!
09-28 09:29:10.458: INFO/LicenseChecker(12377): Binding to licensing service.
7秒抖动的(约20模拟器,唉)。我可以在一个AsyncTask的旋转它关闭,但它不会做太大的好处还有,因为应用程序不能真正运行,直到我已经验证了许可证。我得到的是进度条很好,pretty的7秒而用户等待我检查许可。
7 seconds of thrashing (about 20 in emulator, ugh). I can spin it off on an AsyncTask, but it doesn't do much good there, since the app can't really run until I've validated the license. All I get is a nice, pretty seven seconds of progress bar while the user waits for me to check the license.
任何想法?有东西比AES简单缓存我自己的许可证回应推出自己的混淆?
Any ideas? Roll my own obfuscator with something simpler than AES to cache my own license responses?
推荐答案
广泛的搜索和他的动手后,我最好的解决方法似乎是使用PKCS#5 code。在我自己创建AES密钥,而不是PBEKeySpec。我有些惊讶,其他人都没有贴这个问题。
After extensive searching and tinkering, my best workaround seems to be to create the AES key on my own, rather than using the PKCS#5 code in PBEKeySpec. I am somewhat amazed that other people have not posted this problem.
解决方法的方法是一串识别数据(设备ID,IMEI,包名等)组合成一个字符串。然后我去了SHA-1散列这个字符串,以获得20个字节的24个字节的AES密钥。诚然,并不像在PKCS#5和4个字节的密钥被称为多熵。但是,真的,谁去安装一个加密的攻击?它仍然pretty的声音,并有弱得多的攻击点在拉特,尽管我的其他企图强化它。
The workaround method is to combine a bunch of identifying data (device id, IMEI, package name, etc) into a string. I then take the SHA-1 hash of that string to get 20 bytes of the 24-byte AES key. Admittedly, there's not as much entropy as PKCS#5 and 4 bytes of the key are known. But, really, who is going to mount a crypto attack? It's still pretty sound and there are much weaker attack points in the LVL, despite my other attempts at hardening it.
由于即使创造了AES密码似乎是一个昂贵的(2秒开仿真器)操作,我也推迟创建加密和解密的成员直到需要时通过调用混淆和反混淆。当应用程序所使用的缓存许可响应时,它并不需要一个加密;这减少相当多的周期出最常见的启动模式。
Since even creating the AES cipher seems to be an expensive (2 secs on emulator) operation, I also defer creation of the encryptor and decryptor members until they are needed by calls to obfuscate and deobfuscate. When the app is using a cached license response, it does not need an encryptor; this cuts quite a bit of cycle out of the most common startup mode.
我的新构造如下。如果有人想整源文件,只是给我发一个。
My new constructor is below. If anyone wants the whole source file, just drop me a line.
/**
* @param initialNoise device/app identifier. Use as many sources as possible to
* create this unique identifier.
*/
public PixieObfuscator(String initialNoise) {
try {
// Hash up the initial noise into something smaller:
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
md.update(initialNoise.getBytes());
byte[] hash = md.digest();
// Allocate a buffer for our actual AES key:
byte[] aesKEY = new byte[AES_KEY_LENGTH];
// Fill it with our lucky byte to take up whatever slack is not filled by hash:
Arrays.fill(aesKEY, LUCKY_BYTE);
// Copy in as much of the hash as we got (should be twenty bytes, take as much as we can):
for (int i = 0; i < hash.length && i < aesKEY.length; i++)
aesKEY[i] = hash[i];
// Now make the damn AES key object:
secret = new SecretKeySpec(aesKEY, "AES");
}
catch (GeneralSecurityException ex) {
throw new RuntimeException("Exception in PixieObfuscator constructor, invalid environment");
}
}
这篇关于各地可怕的SecretKeyFactory性能,LVL和AESObfuscator什么办法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
