Encryption and Decryption with an SM4 Symmetric Key (GCM Mode) (C/C++)

For details about the algorithm specifications, see SM4.

Adding the Dynamic Library in the CMake Script

target_link_libraries(entry PUBLIC libohcrypto.so)

Encryption

1. Call OH_CryptoSymKeyGenerator_Create and OH_CryptoSymKeyGenerator_Generate to generate a 128-bit SM4 symmetric key (OH_CryptoSymKey).

In addition to the example in this topic, SM4 and Randomly Generating a Symmetric Key may help you better understand how to generate an SM4 symmetric key. Note that the input parameters in the reference documents may be different from those in the example below.

1. Call OH_CryptoSymCipher_Create with the string parameter ‘SM4_128|GCM|PKCS7’ to create a Cipher instance for encryption. The key type is SM4_128, block cipher mode is GCM, and the padding mode is PKCS7.

2. Call OH_CryptoSymCipherParams_Create to create a symmetric cipher parameter instance, and call OH_CryptoSymCipherParams_SetParam to set cipher parameters.

3. Call OH_CryptoSymCipher_Init to initialize the Cipher instance. Specifically, set mode to CRYPTO_ENCRYPT_MODE, and specify the key for encryption (OH_CryptoSymKey) and the encryption parameter instance (OH_CryptoSymCipherParams) corresponding to the GCM mode.

4. Call OH_CryptoSymCipher_Update to update the data (plaintext) to be encrypted.

Currently, the amount of data to be passed in by a single OH_CryptoSymCipher_Update() is not limited. You can determine how to pass in data based on the data volume.

• If a small amount of data is to be encrypted, you can use OH_CryptoSymCipher_Final() immediately after OH_CryptoSymCipher_Init().

• If a large amount of data is to be encrypted, you can call OH_CryptoSymCipher_Update() multiple times to pass in the data by segment.

• Call OH_CryptoSymCipher_Final to generate the ciphertext.

  • If data has been passed in by OH_CryptoSymCipher_Update(), pass in null in the data parameter of OH_CryptoSymCipher_Final.
  • The output of OH_CryptoSymCipher_Final may be null. To avoid exceptions, always check whether the result is null before accessing specific data.

• Call OH_CryptoSymCipherParams_Create to create a Params instance, and call OH_CryptoSymCipherParams_SetParam to set authTag as the authentication information for decryption. In GCM mode, extract the last 16 bytes from the encrypted data as the authentication information for initializing the Cipher instance in decryption. In the example, authTag is of 16 bytes.

• Call OH_CryptoSymKeyGenerator_Destroy, OH_CryptoSymCipher_Destroy, and OH_CryptoSymCipherParams_Destroy to destroy the instances created.

Decryption

1. Call OH_CryptoSymCipher_Create with the string parameter ‘SM4_128|GCM|PKCS7’ to create a Cipher instance for decryption. The key type is SM4_128, block cipher mode is GCM, and the padding mode is PKCS7.

2. Call OH_CryptoSymCipher_Init initializes the Cipher instance. Specifically, set mode to CRYPTO_DECRYPT_MODE, and specify the key for decryption (OH_CryptoSymKey) and the decryption parameter instance (OH_CryptoSymCipherParams) corresponding to the GCM mode.

3. Call OH_CryptoSymCipher_Update to update the data (ciphertext) to be decrypted.

4. Call OH_CryptoSymCipher_Final to generate the plaintext.

Example

#include "CryptoArchitectureKit/crypto_common.h"
#include "CryptoArchitectureKit/crypto_sym_cipher.h"
#include <string.h>

static OH_Crypto_ErrCode doTestSm4Gcm()
{
    OH_CryptoSymKeyGenerator *genCtx = nullptr;
    OH_CryptoSymCipher *encCtx = nullptr;
    OH_CryptoSymCipher *decCtx = nullptr;
    OH_CryptoSymKey *keyCtx = nullptr;
    OH_CryptoSymCipherParams *params = nullptr;

    Crypto_DataBlob outUpdate = {.data = nullptr, .len = 0};
    Crypto_DataBlob decUpdate = {.data = nullptr, .len = 0};

    uint8_t aad[8] = {1, 2, 3, 4, 5, 6, 7, 8};
    uint8_t tag[16] = {0};
    uint8_t iv[12] = {1, 2, 4, 12, 3, 4, 2, 3, 3, 2, 0, 4}; // iv is generated from an array of secure random numbers.
    Crypto_DataBlob ivData = {.data = iv, .len = sizeof(iv)};
    Crypto_DataBlob aadData = {.data = aad, .len = sizeof(aad)};
    Crypto_DataBlob tagData = {.data = tag, .len = sizeof(tag)};
    Crypto_DataBlob tagOutPut = {.data = nullptr, .len = 0};
    char *plainText = const_cast<char *>("this is test!");
    Crypto_DataBlob msgBlob = {.data = (uint8_t *)(plainText), .len = strlen(plainText)};
    // Generate a symmetric key.
    OH_Crypto_ErrCode ret;
    ret = OH_CryptoSymKeyGenerator_Create("SM4_128", &genCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymKeyGenerator_Generate(genCtx, &keyCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Set parameters.
    ret = OH_CryptoSymCipherParams_Create(&params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_IV_DATABLOB, &ivData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_AAD_DATABLOB, &aadData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Encrypt the message.
    ret = OH_CryptoSymCipher_Create("SM4_128|GCM|PKCS7", &encCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Init(encCtx, CRYPTO_ENCRYPT_MODE, keyCtx, params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Update(encCtx, &msgBlob, &outUpdate);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Final(encCtx, nullptr, &tagOutPut);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Decrypt the message.
    ret = OH_CryptoSymCipher_Create("SM4_128|GCM|PKCS7", &decCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagOutPut);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Init(decCtx, CRYPTO_DECRYPT_MODE, keyCtx, params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Final(decCtx, &outUpdate, &decUpdate);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Release the resources.
end:
    OH_CryptoSymCipherParams_Destroy(params);
    OH_CryptoSymCipher_Destroy(encCtx);
    OH_CryptoSymCipher_Destroy(decCtx);
    OH_CryptoSymKeyGenerator_Destroy(genCtx);
    OH_CryptoSymKey_Destroy(keyCtx);
    OH_Crypto_FreeDataBlob(&outUpdate);
    OH_Crypto_FreeDataBlob(&decUpdate);
    OH_Crypto_FreeDataBlob(&tagOutPut);
    return ret;
}

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Crypto Architecture Kit

harmony 鸿蒙Encryption and Decryption with a 3DES Symmetric Key (ECB Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with a 3DES Symmetric Key (ECB Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CBC Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CBC Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CCM Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CCM Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (ECB Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (ECB Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption by Segment with an AES Symmetric Key (GCM Mode) (C/C++)