Whose encryption key is written in the code? (that's you)

The system design , Agreement first .

Most people don't understand the design details of the protocol , More use of existing protocols for application layer design , for example ：

（1） Use HTTP, Design  get/post/cookie  Parameters , as well as json Packet format ;

（2） Use dubbo, Instead of delving into the details of the internal binary header and body ;

in any case , Understand the principles of protocol design , It is very helpful for in-depth understanding of system communication .

One 、 Layered design of protocol
So-called “ agreement ”, It is a rule that both parties abide by , for example ： Divorce agreement , Armistice Agreement . Protocol has syntax 、 semantics 、 Three elements of time sequence ：
（1） grammar , That is, the structure or format of data and control information ;
（2） semantics , That is, what kind of control information needs to be sent , What actions to complete and what responses to make ;
（3） sequential , That is, a detailed description of the sequence of event implementation ;

Voice over ： The following text mainly talks about grammar design .

Protocol design is usually divided into three layers ： application layer agreement 、 Security layer agreement 、 Transport layer agreement .

Let's take a look at how the three-tier protocols should be selected .

Two 、 Application layer protocol design

Application layer protocol selection , There are three kinds of common ： Text protocol 、 Binary protocol 、 streaming XML agreement .

Text protocol

Text agreement means “ Close to human written language expression ” Communication transmission protocol , A typical protocol is HTTP agreement , One HTTP The sample request message of the protocol is as follows ：

GET / HTTP/1.1
User-Agent: curl
Host: musicml.net
Accept: */*

The characteristics of text protocol are ：
（1） Good readability , Easy to debug ;
（2） Good expansibility , Can pass key:value Expand ;
（3） Parsing efficiency is not high , Read in... Line by line , Divide by colon , analysis key and value;
（4） Not binary friendly , Like voice / Video etc. ;

Binary protocol
The binary protocol is binary agreement , Typical is IP agreement , Here are IP An illustration of the protocol ：

Binary protocols generally contain ：

（1） Fixed length Baotou ;

（2） Extensible variable length enclosure ;

（3） Generally, each field has a fixed meaning , With IP Agreement, for example , front 4 individual bit Indicates the protocol version number （Version）;

The binary protocol is characterized by ：

（1） Poor readability , It's hard to debug ;

Voice over ： It usually takes one to log toString() Functions enhance readability .

（2） Poor scalability , If you want to expand the field , The old version of the protocol is incompatible , So when designing, there is usually a Version Field ;
（3） High parsing efficiency , Almost no parsing cost , Each field of the binary stream represents a fixed meaning ;
（4） Binary streams are naturally supported , Like voice / video ;

This is a typical 16 Example of byte binary fixed length packet header ：

//sizeof(cs_header)=16
struct cs_header {
  uint32_t version;
  uint32_t magic_num;
  uint32_t cmd;
  uint32_t len;
  uint8_t data[];
}__attribute__((packed));

among ：

（1） front 4 Byte representation Version number version;

（2） Next 4 Byte representation Magic number magic_num, It is used to solve the problem of data dislocation or packet loss ;

Voice over ： for example , The agreed magic number is 0x01020304, Message received , Magic number matching , It is considered as a normal message , Otherwise, it is considered as a message exception , disconnect .

（3） Next 4 Byte representation Command number command, Different command numbers correspond to different variable length inclusions ;
（4） Last 4 Byte representation Inclusion length length, To determine how many bytes there are in the variable length packet ;

This is an actual binary variable length inclusion ：

message CUserLoginReq {
  optional string username = 1;
  optional string passwd = 2;
}

message CUserLoginResp {
  optional uint64 uid =1;
}

It uses Google Of Protobuf agreement , Easy to see ：

（1） The incoming request message is the user name and password ;

（2） The response package returns the user's uid;

PB Is a very popular binary variable length envelope protocol , Its advantages are ：
（1） Universal , Can generate C++、Java、PHP And other multilingual codes ;

（2） With compression function ;

（3） Binary friendly ;

（4） It has been widely used in industry ;
Voice over ：Google Produce , It must be a boutique. .

streaming XML agreement
streaming XML It seems to be a special case of text agreement , It can also be regarded as a kind of . for example ：xmpp Is a typical streaming XML agreement , Here is xmpp A typical message of the protocol ：

<message

to=’[email protected]’

from=’[email protected]’

type=’chat’

xml : lang=’en’>

<body>Wherefore art thou, Romeo?</body>

</message>

from xml It can be roughly judged in the label that this is a romeo issue juliet Chat messages .

XML The protocol has several features ：
（1） Good readability , Good scalability , This is a XML Characteristics of ;
（2） The cost of parsing is very high , Need to carry out dom Tree analysis ;

（3） The effective data transfer rate is ultra-low , There are a lot of labels ;

（4） Not binary friendly , Like voice / Video etc. ;

3、 ... and 、 Security layer protocol design

Security layer protocol design , Besides using SSL, If it is realized by itself , There are three common schemes .

Voice over ：SSL Key management is a problem .

Fixed key
The server and the client agree on a key , At the same time, an encryption algorithm is agreed （ for example ：AES）, Before each client sends a message , Just use the agreed algorithm , And the agreed key encryption and retransmission , After the server receives the message , Use the agreed algorithm , The agreed key is decrypted .

Voice over ： Low security , Security is based on the professional ethics of programmers .

One person, one secret
Simply speaking , That is, a person's key is fixed , But everyone is different . The common implementation is ：

（1） Fixed encryption algorithm ;

（2） Encryption key use “ A particular attribute of the user ”, Such as user uid、 cell-phone number 、qq Number 、 User password, etc ;

One secret at a time
Dynamic key , One Session One key is more secure , Negotiate keys before each session . The process of key negotiation should go through 2 Random generation of sub asymmetric keys ,1 Random generation of sub symmetric encryption key , The details are not expanded here .

Four 、 Transport layer protocol design
Optional protocols are TCP and UDP, Now it's basically using TCP, With epoll After waiting for Technology , Multiple connections are not a bottleneck , There is no problem with hundreds of thousands of single machine links .

Architect's way - Share technical articles that can be implemented

Related to recommend ：

《 You have to know RPC Kernel details （ Collection ）》

research ：

Your company's security , Is it based on the professional ethics of engineers ？