首页
学习
活动
专区
圈层
工具
发布
首页
学习
活动
专区
圈层
工具
MCP广场
社区首页 >问答首页 >使用密码解密大文件时内存不足异常

使用密码解密大文件时内存不足异常
EN

Stack Overflow用户
提问于 2020-05-14 08:19:22
回答 2查看 1.1K关注 0票数 4

我试图使用javax.crypto下的类和文件流实现一个加密/解密程序,以便输入/输出。为了限制内存的使用,我使用-Xmx256m参数运行。

它可以很好地与加密和解密较小的文件。但是,当解密一个巨大的文件(1G的大小)时,就会出现内存不足的异常:

代码语言:javascript
运行
复制
java.lang.OutOfMemoryError: Java heap space
    at java.util.Arrays.copyOf(Arrays.java:3236)
    at java.io.ByteArrayOutputStream.grow(ByteArrayOutputStream.java:118)
    at java.io.ByteArrayOutputStream.ensureCapacity(ByteArrayOutputStream.java:93)
    at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:153)
    at com.sun.crypto.provider.GaloisCounterMode.decrypt(GaloisCounterMode.java:505)
    at com.sun.crypto.provider.CipherCore.update(CipherCore.java:782)
    at com.sun.crypto.provider.CipherCore.update(CipherCore.java:667)
    at com.sun.crypto.provider.AESCipher.engineUpdate(AESCipher.java:380)
    at javax.crypto.Cipher.update(Cipher.java:1831)
    at javax.crypto.CipherOutputStream.write(CipherOutputStream.java:166)

以下是解密代码:

代码语言:javascript
运行
复制
private final int _readSize = 0x10000;//64k

...

GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(gcmTagSize, iv);
Key keySpec = new SecretKeySpec(key, keyParts[0]);
Cipher decCipher = Cipher.getInstance("AES/GCM/PKCS5Padding");

decCipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);

try (InputStream fileInStream = Files.newInputStream(inputEncryptedFile);
    OutputStream fileOutStream = Files.newOutputStream(outputDecryptedFile)) {
    try (CipherOutputStream cipherOutputStream = new CipherOutputStream(fileOutStream, decCipher)) {
        long count = 0L;
        byte[] buffer = new byte[_readSize];

        int n;
        for (; (n = fileInStream.read(buffer)) != -1; count += (long) n) {
            cipherOutputStream.write(buffer, 0, n);
        }
    }
}

像gcmTagSize和iv这样的关键参数是从密钥文件中读取的,它可以很好地处理较小的文件,比如一些大小约为50M的文件。

据我所知,每次只有64k的数据被传递来解密时,为什么堆内存会耗尽呢?我怎么才能避免这种情况?

编辑:

实际上,我尝试过以4k作为缓冲区大小,但同样的例外都失败了。

编辑2:

通过更多的测试,它可以处理的最大文件大小大约是堆大小的1/4。例如,如果设置-Xmx256m,大于64M的文件将无法解密。

EN

回答 2

Stack Overflow用户

回答已采纳

发布于 2020-05-14 22:15:21

坏消息是: IMHO错误是由在原生中的AES GCM-模式的错误实现造成的。即使你能让它正常工作,你也会发现一个大文件(1GB左右)的解密需要花费很多时间(也许几个小时?)。但是有一些的好消息,:您可以/应该使用BouncyCastle作为解密任务的服务提供者,这样解密就能工作,而且速度更快。

下面的完整示例将创建一个1GB大小的示例文件,用BouncyCastle对其进行加密,然后对其进行解密。最后,有一个文件比较显示,普通和解密的文件内容是相等的,文件将被删除。您需要在设备上临时占用超过3GB的空闲空间才能运行此示例.

使用64 KB的缓冲区,我使用以下数据运行这个示例:

用于加密的毫秒: 14295 +解密: 16249

1 KB的缓冲区在加密方面稍微慢一点,但在解密任务上则慢得多:

用于加密的毫秒: 15250 +解密: 21952

关于您的密码的最后一句话--“AES/GCM/PKCS5Padd”在某些实现中并不存在,而且“可用”,但真正使用的算法是"AES/GCM/NoPadding“(更多细节请参见PKCS5Padding可以采用AES/GCM模式吗? )。

代码语言:javascript
运行
复制
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.*;
import java.nio.file.Files;
import java.security.*;
import java.util.Arrays;

public class GcmTestBouncyCastle {
    public static void main(String[] args) throws IOException, NoSuchPaddingException, InvalidAlgorithmParameterException,
            NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidKeyException {
        System.out.println("Encryption & Decryption with BouncyCastle AES-GCM-Mode");
        System.out.println("https://stackoverflow.com/questions/61792534/out-of-memory-exception-when-decrypt-large-file-using-cipher");
        // you need bouncy castle, get version 1.65 here:
        // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.65
        Security.addProvider(new BouncyCastleProvider());
        // setup files
        // filenames
        String filenamePlain = "plain.dat";
        String filenameEncrypt = "encrypt.dat";
        String filenameDecrypt = "decrypt.dat";
        // generate a testfile of 1024 byte | 1 gb
        //createFileWithDefinedLength(filenamePlain, 1024);
        createFileWithDefinedLength(filenamePlain, 1024 * 1024 * 1024); // 1 gb
        // time measurement
        long startMilli = 0;
        long encryptionMilli = 0;
        long decryptionMilli = 0;
        // generate nonce/iv
        int GCM_NONCE_LENGTH = 12; // for a nonce of 96 bit length
        int GCM_TAG_LENGTH = 16;
        int GCM_KEY_LENGTH = 32; // 32 = 256 bit keylength, 16 = 128 bit keylength
        SecureRandom r = new SecureRandom();
        byte[] nonce = new byte[GCM_NONCE_LENGTH];
        r.nextBytes(nonce);
        // key should be generated as random byte[]
        byte[] key = new byte[GCM_KEY_LENGTH];
        r.nextBytes(key);
        // encrypt file
        startMilli = System.currentTimeMillis();
        encryptWithGcmBc(filenamePlain, filenameEncrypt, key, nonce, GCM_TAG_LENGTH);
        encryptionMilli = System.currentTimeMillis() - startMilli;
        startMilli = System.currentTimeMillis();
        decryptWithGcmBc(filenameEncrypt, filenameDecrypt, key, nonce, GCM_TAG_LENGTH);
        decryptionMilli = System.currentTimeMillis() - startMilli;
        // check that plain and decrypted files are equal
        System.out.println("SHA256-file compare " + filenamePlain + " | " + filenameDecrypt + " : "
                + Arrays.equals(sha256File(filenamePlain), sha256File(filenameDecrypt)));
        System.out.println("Milliseconds for Encryption: " + encryptionMilli + " | Decryption: " + decryptionMilli);
        // clean up with files
        Files.deleteIfExists(new File(filenamePlain).toPath());
        Files.deleteIfExists(new File(filenameEncrypt).toPath());
        Files.deleteIfExists(new File(filenameDecrypt).toPath());
    }

    public static void encryptWithGcmBc(String filenamePlain, String filenameEnc, byte[] key, byte[] nonce, int gcm_tag_length)
            throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
        GCMParameterSpec gcmSpec = new GCMParameterSpec(gcm_tag_length * 8, nonce);
        cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmSpec);

        try (FileInputStream fis = new FileInputStream(filenamePlain);
             BufferedInputStream in = new BufferedInputStream(fis);
             FileOutputStream out = new FileOutputStream(filenameEnc);
             BufferedOutputStream bos = new BufferedOutputStream(out)) {
            //byte[] ibuf = new byte[1024];
            byte[] ibuf = new byte[0x10000]; // = 65536
            int len;
            while ((len = in.read(ibuf)) != -1) {
                byte[] obuf = cipher.update(ibuf, 0, len);
                if (obuf != null)
                    bos.write(obuf);
            }
            byte[] obuf = cipher.doFinal();
            if (obuf != null)
                bos.write(obuf);
        }
    }

    public static void decryptWithGcmBc(String filenameEnc, String filenameDec, byte[] key, byte[] nonce, int gcm_tag_length)
            throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException,
            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException {
        try (FileInputStream in = new FileInputStream(filenameEnc);
             FileOutputStream out = new FileOutputStream(filenameDec)) {
            //byte[] ibuf = new byte[1024];
            byte[] ibuf = new byte[0x10000]; // = 65536
            int len;
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
            SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
            GCMParameterSpec gcmSpec = new GCMParameterSpec(gcm_tag_length * 8, nonce);
            cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmSpec);
            while ((len = in.read(ibuf)) != -1) {
                byte[] obuf = cipher.update(ibuf, 0, len);
                if (obuf != null)
                    out.write(obuf);
            }
            byte[] obuf = cipher.doFinal();
            if (obuf != null)
                out.write(obuf);
        }
    }

    // just for creating a large file within seconds
    private static void createFileWithDefinedLength(String filenameString, long sizeLong) throws IOException {
        RandomAccessFile raf = new RandomAccessFile(filenameString, "rw");
        try {
            raf.setLength(sizeLong);
        } finally {
            raf.close();
        }
    }

    // just for file comparing
    public static byte[] sha256File(String filenameString) throws IOException, NoSuchAlgorithmException {
        byte[] buffer = new byte[8192];
        int count;
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(filenameString));
        while ((count = bis.read(buffer)) > 0) {
            md.update(buffer, 0, count);
        }
        bis.close();
        return md.digest();
    }
}
票数 3
EN

Stack Overflow用户

发布于 2020-05-14 13:30:25

这似乎是实施GCM模式的一个问题。我不确定你能不能-绕开它。

如果您查看堆栈跟踪:

代码语言:javascript
运行
复制
java.lang.OutOfMemoryError: Java heap space
    at java.util.Arrays.copyOf(Arrays.java:3236)
    at java.io.ByteArrayOutputStream.grow(ByteArrayOutputStream.java:118)
    at java.io.ByteArrayOutputStream.ensureCapacity(ByteArrayOutputStream.java:93)
    at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:153)
    at com.sun.crypto.provider.GaloisCounterMode.decrypt(GaloisCounterMode.java:505)

ByteArrayOutputStream内部写入GaloisCounterMode时,内存不足的错误正在发生.您使用FileOutputStream,所以要么没有显示正确的代码,要么在内部使用这个ByteArrayStream

如果您查看GaloisCounterMode的来源,您将看到它定义了一个内部ByteArrayOutputStream (它实际上定义了两个,但我认为这就是问题所在):

代码语言:javascript
运行
复制
    // buffer for storing input in decryption, not used for encryption
    private ByteArrayOutputStream ibuffer = null;

然后,稍后,它将字节写入该流。注意代码注释。

代码语言:javascript
运行
复制
    int decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
        processAAD();

        if (len > 0) {
            // store internally until decryptFinal is called because
            // spec mentioned that only return recovered data after tag
            // is successfully verified
            ibuffer.write(in, inOfs, len);
        }
        return 0;
    }

该缓冲区在decryptFinal()之前不会重置。

编辑:看看这个CSx的答案,看起来GCM需要缓冲整个流。这将是一个非常糟糕的选择,如果您有较大的文件和内存不足。

我认为您最好的解决方案是切换到CBC模式。

票数 5
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/61792534

复制
相关文章

相似问题

领券
问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档