Whose encryption key is hardcoded in the code?

System design, protocol first.

Most people do not understand the design details of the protocol, and tend to use existing protocols for application layer design, such as:

• Use HTTP, design get/post/cookie parameters, and json package format;
• Use dubbo without delving into the details of the internal binary header and body;

In any case, understanding the principles of protocol design is very helpful for a deep understanding of system communication.

1. Layered design of the protocol

The so-called "agreement" is a rule that both parties abide by, such as a divorce agreement or a ceasefire agreement. An agreement has three elements: syntax, semantics, and timing:

• Syntax, which is the structure or format of data and control information;
• Semantics, i.e. what control information needs to be sent, what actions need to be completed, and what responses need to be made;
• Timing, which is a detailed description of the order in which events occur;

Voice-over: The following text mainly talks about grammar design.

Protocol design is usually divided into three layers: application layer protocol, security layer protocol, and transport layer protocol.

Let’s take a look at how to select the protocols for these three layers.

2. Application layer protocol design

There are three common application layer protocol selections: text protocol, binary protocol, and streaming XML protocol.

(1) Text Agreement

A text protocol refers to a communication transmission protocol that is "close to human written language expression". A typical protocol is the HTTP protocol. An example of an HTTP protocol request message is as follows:

 GET / HTTP / 1.1
 User - Agent : curl
 Host : musicml . net
 Accept : * /*

The characteristics of the text protocol are:

• Good readability and easy debugging;
• Good scalability, can be expanded through key:value;
• The parsing efficiency is not high. It reads in line by line, splits by colon, and parses the key and value.
• Not friendly to binary, such as voice/video;

(2) Binary protocol

A binary protocol is a binary protocol, typically the IP protocol. The following is a diagram of the IP protocol:

Binary protocols generally include: Generally include:

• Fixed length toe cap;
• Expandable variable-length package;
• Generally, each field has a fixed meaning. Taking the IP protocol as an example, the first 4 bits represent the protocol version number (Version);

The characteristics of the binary protocol are:

• Poor readability and difficult to debug; Voice-over: Logging generally requires a toString() function to enhance readability.
• The extensibility is not good. If you want to expand the field, the old version of the protocol will be incompatible, so there is usually a Version field in the design;
• The parsing efficiency is extremely high, with almost no parsing cost, and each field in the binary stream represents a fixed meaning;
• Native support for binary streams, such as voice/video;

This is an example of a typical 16-byte binary fixed-length header:

 //sizeof(cs_header)=16
 struct cs_header {
 uint32_t version ;
 uint32_t magic_num ;
 uint32_t cmd ;
 uint32_t len ;
 uint8_t data [];
 } __attribute__ (( packed ));

in:

(1) The first 4 bytes represent the version number;

(2) The next 4 bytes represent the magic number magic_num, which is used to solve the problem of data misalignment or packet loss;

Voice-over: For example, the magic number is agreed to be 0x01020304. If the received message matches the magic number, it is considered to be a normal message. Otherwise, it is considered to be an abnormal message and the connection is disconnected.

(3) The next 4 bytes represent the command number. Different command numbers correspond to different variable-length packets.

(4) The last 4 bytes represent the length of the packet body, which determines how many bytes the variable-length packet body has;

This is an actual binary variable-length package body:

 message CUserLoginReq {
 optional string username = 1 ;
 optional string passwd = 2 ;
 }

 message CUserLoginResp {
 optional uint64 uid = 1 ;
 }

It uses Google's Protobuf protocol, which is easy to see:

• The request message contains the username and password.
• The response packet returns the user's uid;

PB is a very popular binary variable-length packet protocol with the following advantages:

• Universal, can generate C++, Java, PHP and other multi-language codes;
• Comes with compression function;
• Binary-friendly;
• It has been widely used in industry; Voice-over: Products produced by Google must be of high quality.

Streaming XML protocol Streaming XML seems to be a special case of text protocol, and can also be regarded as a separate category. For example, xmpp is a typical streaming XML protocol. The following is a typical message of the xmpp protocol:

 < message
 to = ' [email protected] ' ​
 from = ' [email protected] ' ​
 type = 'chat'
 xml : lang = 'en' >
 < body > Wherefore art thou , Romeo ? < /body>
 </message> ​

From the XML tags, we can roughly judge that this is a chat message sent by Romeo to Juliet.

The XML protocol has several characteristics:

• Good readability and extensibility are the characteristics of XML;
• The parsing cost is very high and DOM tree analysis is required;
• The effective data transfer rate is extremely low with a large number of tags;
• Not friendly to binary, such as voice/video;

3. Security layer protocol design

In addition to using SSL, there are three common solutions for implementing the security layer protocol by yourself.

Voiceover: SSL key management is a problem.

(1) Fixed key

The server and the client agree on a key and an encryption algorithm (for example, AES). Each time before the client sends a message, it uses the agreed algorithm and key to encrypt and transmit it. After the server receives the message, it uses the agreed algorithm and key to decrypt it.

Voice-over: Security is low, and security is based on the professional ethics of programmers.

(2) One person, one password

In simple terms, a person's key is fixed, but different for each person. Common implementation methods are:

• Fixed encryption algorithm;
• The encryption key uses "a special attribute of the user", such as user uid, mobile phone number, qq number, user password, etc.

(3) One-time pad

That is, dynamic keys, one session one key, which is more secure, and keys are negotiated before each session. The key negotiation process requires two random asymmetric key generation and one random symmetric encryption key generation. The specific details are not expanded here.

4. Transport layer protocol design

The optional protocols are TCP and UDP. TCP is basically used now. With the advent of technologies such as epoll, multiple connections are no longer a bottleneck, and there is no problem with hundreds of thousands of connections on a single machine.