Android:AEAD 密码的 CipherStream-API 速度不可接受 [英] Android: CipherStream-API for AEAD Ciphers inacceptable slow

问题描述

我们有一个 android 应用程序，它通过 HTTP-Streams 解密和加密大型(最大 100MB)文件.

We are having an android app which a decrypting and encrypting large (up to 100MB) files over HTTP-Streams.

因此，我们使用 CipherInputStreams 和 CipherOutputStreams，这对于 AES/CBC/PKCS7Padding 来说效果很好.我们最近切换到 AES/GCM/NoPadding.现在，对于大约 50MB 以上的文件，加密和解密速度慢得让人无法接受.

Therefore, we are using CipherInputStreams and CipherOutputStreams which works fine for AES/CBC/PKCS7Padding. We recently switched to AES/GCM/NoPadding. Now the encryption and decryption is inacceptable slow for files over roughly 50MB.

调试到 android 源代码，发现问题:https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#112

Debugging into the android source code, reveals the issues: https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#112

此方法具有字节缓冲区oBuffer"，它被重新分配并增加了 512 位，直到它可以容纳整个消息(参见行:https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#121)

This method has byte buffer "oBuffer" which is reallocated and increased by 512bits until it can hold the whole message (see line: https://android.googlesource.com/platform/libcore/+/master/ojluni/src/main/java/javax/crypto/CipherInputStream.java#121)

我知道有关此方法的注释，其中指出在 AEAD 密码中必须缓冲整个消息.这是一个问题，因为我们无法将整个消息保存到内存缓冲区中.另一个问题是 oBuffer 会不断重新分配.

I am aware of the note over this method which stated that in AEAD ciphers the whole message has to be buffered. This is one issue, because we cannot hold the whole message into a memory buffer. Another issue is that the oBuffer is constantly reallocated.

是否有任何解决方案可以将 GCM 与流式 API 结合使用?

Is there any solution for using GCM with a streaming API?

推荐答案

将文件拆分为部分并链接是您的解决方案.

Splitting the file into the parts and chaining is a solution for you.

假设您将文件分成 n 部分.使用 AES-GCM 对它们中的每一个进行加密，并添加以下内容.加密前各部分前缀如下；

Assume that you divide the file into n parts. Encrypt each of them with AES-GCM with the following additions. Prefix each part before encryption as follows;

tag_0 = ''
for i from 1 to n
    ciphertextBlock_i, tag_i = AES-GCM( i:n || tag_i-1 || plaintextBlock_i)

• 在每个部件前加上部件号 i:n
• 在除第一个部分之外的每个部分加上前一部分的身份验证标记.

有了这些，你现在有一个可以在解密后控制的链.您可以检测、添加、删除.订单在您的控制之下，即使没有订单您也可以发送.但是，您需要检查前缀.

With these, you have now a chain that can be controlled after decryption. You can detect, additions, deletions. The order is under your control, you can send even without the order. However, you need to check the prefix.

你也可以

• 添加零件尺寸，并
• 如果您担心重放攻击，也可以添加加密时间.

这篇关于Android:AEAD 密码的 CipherStream-API 速度不可接受的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！