Encryption and Decryption with an AES Symmetric Key (GCM Mode) (C/C++)

For details about the algorithm specifications, see AES.

Adding the Dynamic Library in the CMake Script

target_link_libraries(entry PUBLIC libohcrypto.so)

How to Develop

Creating an Object

Call OH_CryptoSymKeyGenerator_Create and OH_CryptoSymKeyGenerator_Generate to generate a 128-bit AES symmetric key (OH_CryptoSymKey).

In addition to the example in this topic, AES and Randomly Generating a Symmetric Key may help you better understand how to generate an AES symmetric key. Note that the input parameters in the reference documents may be different from those in the example below.

Encrypting a Message

1. Call OH_CryptoSymCipher_Create with the string parameter ‘AES128|GCM|PKCS7’ to create a Cipher instance for encryption. The key type is AES128, block cipher mode is GCM, and the padding mode is PKCS7.

2. Call OH_CryptoSymCipherParams_Create to create a symmetric cipher parameter instance, and call OH_CryptoSymCipherParams_SetParam to set cipher parameters.

3. Call OH_CryptoSymCipher_Init to initialize the Cipher instance. Specifically, set mode to CRYPTO_ENCRYPT_MODE, and specify the key for encryption (OH_CryptoSymKey) and the encryption parameter instance (OH_CryptoSymCipherParams) corresponding to the GCM mode.

4. Call OH_CryptoSymCipher_Update to update the data (plaintext) to be encrypted.

Currently, the amount of data to be passed in by a single OH_CryptoSymCipher_Update is not limited. You can determine how to pass in data based on the data volume.

• If a small amount of data is to be encrypted, you can use OH_CryptoSymCipher_Final() immediately after OH_CryptoSymCipher_Init().

• If a large amount of data is to be encrypted, you can call OH_CryptoSymCipher_Update() multiple times to pass in the data by segment.

• Call OH_CryptoSymCipher_Final to generate the ciphertext.

  • If data has been passed in by OH_CryptoSymCipher_Update(), pass in null in the data parameter of OH_CryptoSymCipher_Final.
  • The output of OH_CryptoSymCipher_Final may be null. To avoid exceptions, always check whether the result is null before accessing specific data.

NOTE
If GCM mode is used, authTag returned by OH_CryptoSymCipher_Final() will be used to initialize the authentication information during decryption and needs to be saved. In GCM mode, authTag must be of 16 bytes. It is used as the authentication information during decryption. In the following example, authTag is of 16 bytes.

Decrypting a Message

1. Call OH_CryptoSymCipher_Create with the string parameter ‘AES128|GCM|PKCS7’ to create a Cipher instance for decryption. The key type is AES128, block cipher mode is GCM, and the padding mode is PKCS7.

2. Call OH_CryptoSymCipherParams_SetParam to set authTag as the authentication information for decryption.

3. Call OH_CryptoSymCipher_Init to initialize the Cipher instance. Specifically, set mode to CRYPTO_DECRYPT_MODE, and specify the key for decryption (OH_CryptoSymKey) and the decryption parameter instance (OH_CryptoSymCipherParams) corresponding to the GCM mode.

4. Call OH_CryptoSymCipher_Update to update the data (ciphertext) to be decrypted.

5. Call OH_CryptoSymCipher_Final to generate the plaintext.

Destroying Objects

Call OH_CryptoSymKeyGenerator_Destroy, OH_CryptoSymCipher_Destroy, and OH_CryptoSymCipherParams_Destroy to destroy the instances created.

Example

#include "CryptoArchitectureKit/crypto_common.h"
#include "CryptoArchitectureKit/crypto_sym_cipher.h"
#include <string.h>

static OH_Crypto_ErrCode doTestAesGcm()
{
    OH_CryptoSymKeyGenerator *genCtx = nullptr;
    OH_CryptoSymCipher *encCtx = nullptr;
    OH_CryptoSymCipher *decCtx = nullptr;
    OH_CryptoSymKey *keyCtx = nullptr;
    OH_CryptoSymCipherParams *params = nullptr;

    Crypto_DataBlob encData = {.data = nullptr, .len = 0};
    Crypto_DataBlob decData = {.data = nullptr, .len = 0};

    uint8_t aad[8] = {1, 2, 3, 4, 5, 6, 7, 8};
    uint8_t tag[16] = {0};
    uint8_t iv[12] = {1, 2, 4, 12, 3, 4, 2, 3, 3, 2, 0, 4}; // iv is generated from an array of secure random numbers.
    Crypto_DataBlob ivData = {.data = iv, .len = sizeof(iv)};
    Crypto_DataBlob aadData = {.data = aad, .len = sizeof(aad)};
    Crypto_DataBlob tagData = {.data = tag, .len = sizeof(tag)};
    Crypto_DataBlob tagOutPut = {.data = nullptr, .len = 0};
    char *plainText = const_cast<char *>("this is test!");
    Crypto_DataBlob msgBlob = {.data = (uint8_t *)(plainText), .len = strlen(plainText)};

    // Generate a symmetric key.
    OH_Crypto_ErrCode ret;
    ret = OH_CryptoSymKeyGenerator_Create("AES128", &genCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymKeyGenerator_Generate(genCtx, &keyCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Set parameters.
    ret = OH_CryptoSymCipherParams_Create(&params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_IV_DATABLOB, &ivData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_AAD_DATABLOB, &aadData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Encrypt the message.
    ret = OH_CryptoSymCipher_Create("AES128|GCM|PKCS7", &encCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Init(encCtx, CRYPTO_ENCRYPT_MODE, keyCtx, params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Update(encCtx, &msgBlob, &encData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Final(encCtx, nullptr, &tagOutPut);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

    // Decrypt the message.
    ret = OH_CryptoSymCipher_Create("AES128|GCM|PKCS7", &decCtx);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagOutPut);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Init(decCtx, CRYPTO_DECRYPT_MODE, keyCtx, params);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Update(decCtx, &encData, &decData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }
    ret = OH_CryptoSymCipher_Final(decCtx, nullptr, &decData);
    if (ret != CRYPTO_SUCCESS) {
        goto end;
    }

end:
    OH_CryptoSymCipherParams_Destroy(params);
    OH_CryptoSymCipher_Destroy(encCtx);
    OH_CryptoSymCipher_Destroy(decCtx);
    OH_CryptoSymKeyGenerator_Destroy(genCtx);
    OH_CryptoSymKey_Destroy(keyCtx);
    OH_Crypto_FreeDataBlob(&encData);
    OH_Crypto_FreeDataBlob(&decData);
    OH_Crypto_FreeDataBlob(&tagOutPut);
    return ret;
}

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Crypto Architecture Kit

harmony 鸿蒙Encryption and Decryption with a 3DES Symmetric Key (ECB Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with a 3DES Symmetric Key (ECB Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CBC Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CBC Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CCM Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (CCM Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (ECB Mode) (C/C++)

harmony 鸿蒙Encryption and Decryption with an AES Symmetric Key (ECB Mode) (ArkTS)

harmony 鸿蒙Encryption and Decryption by Segment with an AES Symmetric Key (GCM Mode) (C/C++)