我需要多个 EVP_CIPHER_CTX 结构吗? [英] Do I need multiple EVP_CIPHER_CTX structures?
问题描述
我有一个单线程客户端/服务器应用程序,需要对其网络通信进行加密和解密.我计划使用 OpenSSL 的 EVP API 和 AES-256-CBC.
I have a single-threaded client/server application that needs to do both encryption and decryption of their network communication. I plan on using OpenSSL's EVP API and AES-256-CBC.
我从几个例子中找到的一些示例伪代码:
Some sample pseudo-code I found from a few examples:
// key is 256 bits (32 bytes) when using EVP_aes_256_*()
// I think iv is the same size as the block size, 128 bits (16 bytes)...is it?
1: EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
2: EVP_CipherInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv, 1); //0=decrypt, 1=encrypt
3: EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen);
4: EVP_CipherFinal_ex(ctx, outbuf + outlen, &tmplen));
5: outlen += tmplen;
6: EVP_CIPHER_CTX_cleanup(ctx);
7: EVP_CIPHER_CTX_free(ctx);
问题来自所有这些例子,我不确定每次加密/解密需要做什么,以及我应该在启动时只做一次.
The problem is from all these examples, I'm not sure what needs to be done at every encryption/decryption, and what I should only do once on startup.
特别是:
- 在第 1 行,我是否只创建一次
EVP_CIPHER_CTX并继续重复使用它直到应用程序结束? - 同样在第 1 行,我可以重复使用相同的
EVP_CIPHER_CTX进行加密和解密,还是应该创建其中的 2 个? - 在第 2 行,是否应该在我加密的每个数据包上重新设置 IV?还是我只设置一次 IV,然后让它一直持续下去?
- 如果我正在加密 UDP 数据包,其中数据包很容易丢失或无序接收怎么办:我是否认为 CBC 不起作用,或者这是我需要在开始时重置 IV 的地方我发出的每个数据包?
- At line 1, do I create this
EVP_CIPHER_CTXjust once and keep re-using it until the application ends? - Also at line 1, can I re-use the same
EVP_CIPHER_CTXfor both encryption and decryption, or am I supposed to create 2 of them? - At line 2, should the IV be re-set at every packet I'm encrypting? Or do I set the IV just once, and then let it continue forever?
- What if I'm encrypting UDP packets, where a packet can easily go missing or be received out-of-order: am I correct in thinking CBC wont work, or is this where I need to reset the IV at the start of every packet I send out?
推荐答案
我有一个单线程客户端/服务器应用程序,需要对其网络通信进行加密和解密.我计划使用 OpenSSL 的 EVP API 和 AES-256-CBC.
I have a single-threaded client/server application that needs to do both encryption and decryption of their network communication. I plan on using OpenSSL's EVP API and AES-256-CBC.
如果您正在使用 libssl 中的 SSL_* 函数,那么您可能永远不会接触 EVP_* API.
If you are using the SSL_* functions from libssl, then you will likely never touch the EVP_* APIs.
在第 1 行,我是否只创建一次 EVP_CIPHER_CTX 并继续重复使用它直到应用程序结束?
At line 1, do I create this EVP_CIPHER_CTX just once and keep re-using it until the application ends?
您每次使用创建一次.也就是说,当您需要加密时,您使用相同的上下文.如果您需要加密第二个流,您将使用第二个上下文.如果您需要解密第三个流,您将使用第三个上下文.
You create it once per use. That is, as you need to encrypt, you use the same context. If you need to encrypt a second stream, you would use a second context. If you needed to decrypt a third stream, you would use a third context.
同样在第 1 行,我可以重新使用相同的 EVP_CIPHER_CTX 进行加密和解密,还是应该创建其中的 2 个?
Also at line 1, can I re-use the same EVP_CIPHER_CTX for both encryption and decryption, or am I supposed to create 2 of them?
不,见上文.
密码会有不同的状态.
在第 2 行,是否应该在我加密的每个数据包上重新设置 IV?还是我只设置一次 IV,然后让它一直持续下去?
At line 2, should the IV be re-set at every packet I'm encrypting? Or do I set the IV just once, and then let it continue forever?
没有.您设置了一次 IV,然后就忘记了.这是上下文对象为密码管理的状态的一部分.
No. You set the IV once and then forget about it. That's part of the state the context object manages for the cipher.
如果我正在加密 UDP 数据包,其中数据包很容易丢失或无序接收怎么办:我认为 CBC 无法正常工作是否正确...
What if I'm encrypting UDP packets, where a packet can easily go missing or be received out-of-order: am I correct in thinking CBC wont work...
如果您使用的是 UDP,则由您来检测此类问题.您可能最终会重新发明 TCP.
If you are using UDP, its up to you to detect these sorts of problems. You'll probably end up reinventing TCP.
仅靠加密通常是不够的.您还需要确保真实性和完整性.您不会对不真实的数据进行操作.这就是让 SST/TLS 和 SSH 陷入困境的原因.
Encryption alone is usually not enough. You also need to ensure authenticity and integrity. You don't operate on data that's not authentic. That's what keeps getting SST/TLS and SSH in trouble.
例如,这是撰写关于认证加密的开创性论文的人关于 IPSec、SSL/TLS 和 SSH 权衡 SSL/TLS 使用的 Authenticate-Then-Encrypt (EtA) 方案:最后一次调用:(TLS 和 DTLS 的加密然后 MAC)到提议的标准:
For example, here's the guy who wrote the seminal paper on authenticated encryption with respect to IPSec, SSL/TLS and SSH weighing in on the Authenticate-Then-Encrypt (EtA) scheme used by SSL/TLS: Last Call: (Encrypt-then-MAC for TLS and DTLS) to Proposed Standard:
我 2001 年论文中的技术结果是正确的,但结论是关于 SSL/TLS 是错误的.我认为 TLS 使用的是新的 IVs 并且MAC是在编码的明文上计算的,即Encode-Mac-Encrypt,而 TLS 正在执行 Mac-Encode-Encrypt正是我的理论示例显示的是不安全的.
The technical results in my 2001 paper are correct but the conclusion regarding SSL/TLS is wrong. I assumed that TLS was using fresh IVs and that the MAC was computed on the encoded plaintext, i.e. Encode-Mac-Encrypt while TLS is doing Mac-Encode-Encrypt which is exactly what my theoretical example shows is insecure.
为了真实性,您应该放弃 CBC 模式并切换到 GCM 模式.GCM 是一种经过身份验证的加密模式,它将机密性和真实性合二为一,因此您不必将原语(如 AES/CBC 与 HMAC)结合起来.
For authenticity, you should forgo CBC mode and switch to GCM mode. GCM is an authenticated encryption mode, and it combines confidentiality and authenticity into one mode so you don't have to combine primitives (like AES/CBC with an HMAC).
或者这是我需要在我发送的每个数据包开始时重置 IV 的地方?
or is this where I need to reset the IV at the start of every packet I send out?
不,您设置了一次 IV,然后就忘记了.
No, you set the IV once and then forget about it.
问题来自所有这些例子,我不确定每次加密/解密需要做什么,以及我应该在启动时只做一次.
The problem is from all these examples, I'm not sure what needs to be done at every encryption/decryption, and what I should only do once on startup.
- 创建一次:
EVP_CIPHER_CTX - 调用一次进行设置:
EVP_CipherInit - 根据需要多次调用:
EVP_CipherUpdate - 调用一次以进行清理:
EVP_CipherFinal
OpenSSL wiki 有很多使用EVP_* 接口的示例.请参阅 EVP 对称加密和解密、EVP 认证加密和解密 和 EVP 签名和验证.
The OpenSSL wiki has quite a few examples of using the EVP_* interfaces. See EVP Symmetric Encryption and Decryption, EVP Authenticated Encryption and Decryption and EVP Signing and Verifying.
所有示例都使用相同的模式:Init、Update 和 Final.无论是加密还是散列都没有关系.
All the examples use the same pattern: Init, Update and then Final. It does not matter if its encryption or hashing.
相关:您应该对此感兴趣:EVP Authenticated Encryption and Decryption.其示例代码来自 OpenSSL wiki.
Related: this should be of interest to you: EVP Authenticated Encryption and Decryption. Its sample code from the OpenSSL wiki.
相关:您可以找到 Viega、Messier 和 Chandra 的 网络安全与 OpenSSL 在线.您可能会考虑寻找副本并熟悉其中的一些概念.
Related: you can find copies of Viega, Messier and Chandra's Network Security with OpenSSL online. You might consider hunting down a copy and getting familiar with some of its concepts.
这篇关于我需要多个 EVP_CIPHER_CTX 结构吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
