我使用OpenSSL C API加密数据流,使用16字节ivs加密AES / GCM。该流被分成几个块,需要使用相同的密钥但不同的iv加密。到目前为止,我有以下流程(伪代码):
for all data chunks:
iv = newIv()
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
我正在考虑通过重用对象来提高性能,理想情况如下:
EVP_CIPHER_CTX_new
EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
for all data chunks:
iv = newIv()
EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
EVP_EncryptUpdate
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG...
EVP_CIPHER_CTX_free
这种方法有什么问题吗?如何解密呢?