1、问题描述

今天发现对大文件进行加解密时，IAGAesGcm这个开源框架会崩溃。大概是内存溢出了，并且在github的issue，有人提及，作者说不再维护，并推荐使用苹果的新AES加密框架。但此框架只支持iOS13以上，公司要求12以上都要支持。故需要解决。

2、解决方案

网上已有成熟的解决方案，使用openssl库，且可以支持iOS 所有版本系统，且代码不需要做兼容，因为是c++的库，性能也非常好。具体见这些链接。

1、openssl iOS版库地址
https://github.com/x2on/OpenSSL-for-iPhone

2、如何生成库和导入工程
https://www.jianshu.com/p/7aa9841c4eba

3、封装AES256.GCM加解密类
参考
https://www.jianshu.com/p/aab89293378a

如下是我的封装
1.NSData+AES_GCM.h

//
//  NSData+AES_GCM.h
//  encore
//
//  Created by lishi on 2024/3/6.
//

#import <Foundation/Foundation.h>


NS_ASSUME_NONNULL_BEGIN



@interface NSData (AES_GCM)

- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;

- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;

@end

NS_ASSUME_NONNULL_END

2.NSData+AES_GCM.m

//
//  NSData+AES_GCM.m
//  encore
//
//  Created by lishi on 2024/3/6.
//

#import "NSData+AES_GCM.h"
#import "evp.h"
#import "opensslv.h"

@implementation NSData (AES_GCM)

- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    if (self.length < 16) {
        // self 需要是 加密数据+tag 的组合
        return nil;
    }
    
    // 取后16位作为tag
    NSData *tagData = [self subdataWithRange:(NSRange){self.length - 16, 16}];
    // 前面是真正加密的数据
    NSData *contentData = [self subdataWithRange:(NSRange){0, self.length - 16}];
    
    char *gcm_ct = [contentData bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ptBytes = (unsigned char * )malloc(self.length);

    int declen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_DecryptInit(ctx, EVP_aes_256_gcm(), NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit EVP_aes_256_gcm() failed."];
        return nil;
    }
    
    EVP_CIPHER_CTX_set_padding(ctx, 0);
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, [tagData bytes])) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_TAG Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_DecryptInit(ctx, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Dencrypt set key and iv failed."];
        return nil;
    }
    
    if (!EVP_DecryptUpdate(ctx, ptBytes, &declen, gcm_ct, [contentData length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Dencrypt failed."];
        return nil;
    }
    
    // 得到解密数据
    NSMutableData *ptgcmData = [NSMutableData dataWithCapacity:0];
    [ptgcmData appendBytes:ptBytes length:declen];
    
    if (!EVP_DecryptFinal(ctx,  [ptgcmData bytes] + declen, &declen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal tag failed"];
        return nil;
    }
    
    EVP_CIPHER_CTX_free(ctx);
    
    return ptgcmData;
}

- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    
    char *gcm_ct = [self bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ctBytes = (unsigned char * )malloc(self.length);

    NSMutableData *engcmData = [[NSMutableData alloc] initWithCapacity:self.length];

    unsigned char tag[16];
    int enclen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_EncryptInit_ex EVP_aes_256_gcm() failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Encryp failed."];
        return nil;
    }
    
    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Encryp set key and iv failed."];
        return nil;
    }
    
    if (!EVP_EncryptUpdate(ctx, ctBytes, &enclen, (const unsigned char *)[self bytes], [self length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Encrypt data failed."];
        return nil;
    }
    // 拼接 iv 数据
    [engcmData appendBytes:gcm_iv length:12];
    
    // 拼接加密数据
    [engcmData appendBytes:ctBytes length:enclen];
    
    if (!EVP_EncryptFinal (ctx, [engcmData bytes] + enclen, &enclen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal Encrypt failed"];
        return nil;
    }

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl get tag failed"];
        return nil;
    }
    // 拼接 tag
    [engcmData appendBytes:tag length:16];

    EVP_CIPHER_CTX_free(ctx);
    return engcmData;
}


-(NSError *)errorWithDescription:(NSString *)errorinfo{
    NSString *domain = @"com.chbank.aes_gcm";
    NSInteger code = -101;
    NSDictionary *userInfo = @{
        NSLocalizedDescriptionKey: errorinfo,
        NSLocalizedFailureReasonErrorKey: errorinfo,
        NSLocalizedRecoverySuggestionErrorKey: @"aes gcm failed,check class NSData+AES_GCM"
    };
    NSError *error = [NSError errorWithDomain:domain code:code userInfo:userInfo];
    return error;
}

@end

测试

NSString *testStr = @"今天去吃老乡鸡";
NSData *testStrData = [testStr dataUsingEncoding:NSUTF8StringEncoding];

NSData *keyData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle]pathForResource:@"publickText" ofType:@"log"]];

#define IV_Lenght 12
#define TAG_Lenght 16

// 加密 注意后的数据结构为  iv（12位） + 加密数据 + tag（16位）
NSMutableData *ivData = [[NSMutableData alloc]initWithLength:IV_Lenght];
SecRandomCopyBytes(kSecRandomDefault, IV_Lenght, ivData.mutableBytes);
NSData *encrypedData = [testStrData aes256Gcm_EncryptWithKey:key iv:ivData error:error];
NSString *encrypedStr = [encrypedData base64EncodedStringWithOptions:0];
NSLog(@"加密后Str：%@",encrypedStr);

// 解密 注意解密前的数据结构为  iv（12位） + 加密数据 + tag（16位）
NSMutableData *data = [[NSMutableData alloc]initWithBase64EncodedString: encrypedStr options:0];
NSData *ivData = [data subdataWithRange:NSMakeRange(0, IV_Lenght)];
NSData *cipheredPlusTagData = [data subdataWithRange:NSMakeRange(IV_Lenght, data.length - IV_Lenght)];
NSData *decrypedData = [cipheredPlusTagData aes256Gcm_DencryptWithKey:key iv:ivData error:error];
NSString *decrypedStr  = [[NSString alloc] initWithData:decryptedData encoding:4];
NSLog(@"解密后Str：%@", decrypedStr);