1、问题描述
今天发现对大文件进行加解密时,IAGAesGcm这个开源框架会崩溃。大概是内存溢出了,并且在github的issue,有人提及,作者说不再维护,并推荐使用苹果的新AES加密框架。但此框架只支持iOS13以上,公司要求12以上都要支持。故需要解决。
2、解决方案
网上已有成熟的解决方案,使用openssl库,且可以支持iOS 所有版本系统,且代码不需要做兼容,因为是c++的库,性能也非常好。具体见这些链接。
1、openssl iOS版库地址
https://github.com/x2on/OpenSSL-for-iPhone
2、如何生成库和导入工程
https://www.jianshu.com/p/7aa9841c4eba
3、封装AES256.GCM加解密类
参考
https://www.jianshu.com/p/aab89293378a
如下是我的封装
1.NSData+AES_GCM.h
//
// NSData+AES_GCM.h
// encore
//
// Created by lishi on 2024/3/6.
//
#import <Foundation/Foundation.h>
NS_ASSUME_NONNULL_BEGIN
@interface NSData (AES_GCM)
- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;
- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;
@end
NS_ASSUME_NONNULL_END
2.NSData+AES_GCM.m
//
// NSData+AES_GCM.m
// encore
//
// Created by lishi on 2024/3/6.
//
#import "NSData+AES_GCM.h"
#import "evp.h"
#import "opensslv.h"
@implementation NSData (AES_GCM)
- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
if (self.length < 16) {
// self 需要是 加密数据+tag 的组合
return nil;
}
// 取后16位作为tag
NSData *tagData = [self subdataWithRange:(NSRange){self.length - 16, 16}];
// 前面是真正加密的数据
NSData *contentData = [self subdataWithRange:(NSRange){0, self.length - 16}];
char *gcm_ct = [contentData bytes];
char *gcm_iv = [iv_data bytes];
char *gcm_key = [key_data bytes];
unsigned char * ptBytes = (unsigned char * )malloc(self.length);
int declen = 0;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (!EVP_DecryptInit(ctx, EVP_aes_256_gcm(), NULL, NULL)) {
*error = [self errorWithDescription:@"EVP_DecryptInit EVP_aes_256_gcm() failed."];
return nil;
}
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
*error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Dencrypt failed."];
return nil;
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, [tagData bytes])) {
*error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_TAG Dencrypt failed."];
return nil;
}
if (!EVP_DecryptInit(ctx, NULL, gcm_key, gcm_iv)) {
*error = [self errorWithDescription:@"EVP_DecryptInit Dencrypt set key and iv failed."];
return nil;
}
if (!EVP_DecryptUpdate(ctx, ptBytes, &declen, gcm_ct, [contentData length])) {
*error = [self errorWithDescription:@"EVP_DecryptUpdate Dencrypt failed."];
return nil;
}
// 得到解密数据
NSMutableData *ptgcmData = [NSMutableData dataWithCapacity:0];
[ptgcmData appendBytes:ptBytes length:declen];
if (!EVP_DecryptFinal(ctx, [ptgcmData bytes] + declen, &declen)) {
*error = [self errorWithDescription:@"EVP_DecryptFinal tag failed"];
return nil;
}
EVP_CIPHER_CTX_free(ctx);
return ptgcmData;
}
- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
char *gcm_ct = [self bytes];
char *gcm_iv = [iv_data bytes];
char *gcm_key = [key_data bytes];
unsigned char * ctBytes = (unsigned char * )malloc(self.length);
NSMutableData *engcmData = [[NSMutableData alloc] initWithCapacity:self.length];
unsigned char tag[16];
int enclen = 0;
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
*error = [self errorWithDescription:@"EVP_EncryptInit_ex EVP_aes_256_gcm() failed."];
return nil;
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
*error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Encryp failed."];
return nil;
}
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv)) {
*error = [self errorWithDescription:@"EVP_DecryptInit Encryp set key and iv failed."];
return nil;
}
if (!EVP_EncryptUpdate(ctx, ctBytes, &enclen, (const unsigned char *)[self bytes], [self length])) {
*error = [self errorWithDescription:@"EVP_DecryptUpdate Encrypt data failed."];
return nil;
}
// 拼接 iv 数据
[engcmData appendBytes:gcm_iv length:12];
// 拼接加密数据
[engcmData appendBytes:ctBytes length:enclen];
if (!EVP_EncryptFinal (ctx, [engcmData bytes] + enclen, &enclen)) {
*error = [self errorWithDescription:@"EVP_DecryptFinal Encrypt failed"];
return nil;
}
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
*error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl get tag failed"];
return nil;
}
// 拼接 tag
[engcmData appendBytes:tag length:16];
EVP_CIPHER_CTX_free(ctx);
return engcmData;
}
-(NSError *)errorWithDescription:(NSString *)errorinfo{
NSString *domain = @"com.chbank.aes_gcm";
NSInteger code = -101;
NSDictionary *userInfo = @{
NSLocalizedDescriptionKey: errorinfo,
NSLocalizedFailureReasonErrorKey: errorinfo,
NSLocalizedRecoverySuggestionErrorKey: @"aes gcm failed,check class NSData+AES_GCM"
};
NSError *error = [NSError errorWithDomain:domain code:code userInfo:userInfo];
return error;
}
@end
测试
NSString *testStr = @"今天去吃老乡鸡";
NSData *testStrData = [testStr dataUsingEncoding:NSUTF8StringEncoding];
NSData *keyData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle]pathForResource:@"publickText" ofType:@"log"]];
#define IV_Lenght 12
#define TAG_Lenght 16
// 加密 注意后的数据结构为 iv(12位) + 加密数据 + tag(16位)
NSMutableData *ivData = [[NSMutableData alloc]initWithLength:IV_Lenght];
SecRandomCopyBytes(kSecRandomDefault, IV_Lenght, ivData.mutableBytes);
NSData *encrypedData = [testStrData aes256Gcm_EncryptWithKey:key iv:ivData error:error];
NSString *encrypedStr = [encrypedData base64EncodedStringWithOptions:0];
NSLog(@"加密后Str:%@",encrypedStr);
// 解密 注意解密前的数据结构为 iv(12位) + 加密数据 + tag(16位)
NSMutableData *data = [[NSMutableData alloc]initWithBase64EncodedString: encrypedStr options:0];
NSData *ivData = [data subdataWithRange:NSMakeRange(0, IV_Lenght)];
NSData *cipheredPlusTagData = [data subdataWithRange:NSMakeRange(IV_Lenght, data.length - IV_Lenght)];
NSData *decrypedData = [cipheredPlusTagData aes256Gcm_DencryptWithKey:key iv:ivData error:error];
NSString *decrypedStr = [[NSString alloc] initWithData:decryptedData encoding:4];
NSLog(@"解密后Str:%@", decrypedStr);