AES 128 GCM目标C osx(AES 128 GCM objective C osx)

AES 128 GCM目标C osx(AES 128 GCM objective C osx)

我试图在目标c中加密/解密AES-128 GCM格式的字符串。 我到处寻找但似乎无法找到有效的解决方案。

I am trying to encrypt/decrypt a string in an AES-128 GCM format in objective c. I have looked everywhere but can't seem to find a working solution.

最满意答案

不久前我遇到了类似的问题，我能找到的最佳答案就是这个问题 。 总而言之，iOS有一些功能可以做你想要的，但它们是私有的。

因此，在Apple决定发布这些功能之前，我选择开发自己的库，目前存储在GitHub中并可在CocoaPods中使用 。

您描述的案例可以通过以下方式实现：

#import <CommonCrypto/CommonCrypto.h> #import "IAGAesGcm.h" // For the case you describe, the key length is 128 bits (16 bytes) u_char keyBytes[kCCKeySizeAES128] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10}; NSData *key = [NSData dataWithBytes:keyBytes length:sizeof(keyBytes)]; // GCM recommends a IV size of 96 bits (12 bytes), but you are free // to use other sizes u_char ivBytes[12] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C}; NSData *iv = [NSData dataWithBytes:ivBytes length:sizeof(ivBytes)]; NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding]; // Authenticated Encryption Function NSData *expectedPlainData = [@"PlainData" dataUsingEncoding:NSUTF8StringEncoding]; // The returned ciphered data is a simple class with 2 properties: the actual encrypted data and the authentication tag. // The authentication tag can have multiple sizes and it is up to you to set one, in this case the size is 128 bits // (16 bytes) IAGCipheredData *cipheredData = [IAGAesGcm cipheredDataByAuthenticatedEncryptingPlainData:expectedPlainData withAdditionalAuthenticatedData:aad authenticationTagLength:IAGAuthenticationTagLength128 initializationVector:iv key:key error:nil]; // Authenticated Decryption Function NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData withAdditionalAuthenticatedData:aad initializationVector:iv key:key error:nil]; XCTAssertEqualObjects(expectedPlainData, plainData);

希望这段代码有任何帮助。

为了结束（并且感谢zaph提到这个），我还没有对这段代码进行任何基准测试，所以假设它很慢 。 我打算用它来解密JWE字符串中的令牌，并且只是不时，我不推荐任何比这要求更多的东西。

问候。

Not so long ago I had a similar problem and the best answer I could find was this one. To sum up, iOS has some functions to do what you want but they are private.

So, until Apple decides to release these functions, I opted for developing my own library, currently stored in GitHub and available in CocoaPods.

The case you describe could be implemented this way:

#import <CommonCrypto/CommonCrypto.h> #import "IAGAesGcm.h" // For the case you describe, the key length is 128 bits (16 bytes) u_char keyBytes[kCCKeySizeAES128] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10}; NSData *key = [NSData dataWithBytes:keyBytes length:sizeof(keyBytes)]; // GCM recommends a IV size of 96 bits (12 bytes), but you are free // to use other sizes u_char ivBytes[12] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C}; NSData *iv = [NSData dataWithBytes:ivBytes length:sizeof(ivBytes)]; NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding]; // Authenticated Encryption Function NSData *expectedPlainData = [@"PlainData" dataUsingEncoding:NSUTF8StringEncoding]; // The returned ciphered data is a simple class with 2 properties: the actual encrypted data and the authentication tag. // The authentication tag can have multiple sizes and it is up to you to set one, in this case the size is 128 bits // (16 bytes) IAGCipheredData *cipheredData = [IAGAesGcm cipheredDataByAuthenticatedEncryptingPlainData:expectedPlainData withAdditionalAuthenticatedData:aad authenticationTagLength:IAGAuthenticationTagLength128 initializationVector:iv key:key error:nil]; // Authenticated Decryption Function NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData withAdditionalAuthenticatedData:aad initializationVector:iv key:key error:nil]; XCTAssertEqualObjects(expectedPlainData, plainData);

Hope this code is of any help.

To end (and thanks zaph for mentioning this), I have not performed any benchmarking of this code, so assume that it is slow. I intend to use it to decipher tokens in a JWE string and only from time to time, I do not recommend anything more requiring than that.

Regards.