• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用AES对称密钥(CCM模式)加解密(ArkTS)
2
3对应的算法规格请查看[对称密钥加解密算法规格:AES](crypto-sym-encrypt-decrypt-spec.md#aes)。
4
5**加密**
6
71. 调用[cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator)、[SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1),生成密钥算法为AES、密钥长度为128位的对称密钥(SymKey)。
8
9   如何生成AES对称密钥,开发者可参考下文示例,并结合[对称密钥生成和转换规格:AES](crypto-sym-key-generation-conversion-spec.md#aes)和[随机生成对称密钥](crypto-generate-sym-key-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
10
112. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'AES128|CCM',创建对称密钥类型为AES128、分组模式为CCM的Cipher实例,用于完成加密操作。
12
133. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(SymKey)和CCM模式对应的加密参数(CcmParamsSpec),初始化加密Cipher实例。
14
154. 调用[Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1),更新数据(明文)。
16
17   当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。
18
19   > **说明:**
20   > CCM模式不支持分段加解密。
21
225. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取加密后的数据。
23   - 由于已使用update传入数据,此处data传入null。
24   - doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
25
266. 读取[CcmParamsSpec.authTag](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#ccmparamsspec)作为解密的认证信息。
27
28    在CCM模式下,算法库当前只支持12字节的authTag,作为解密时初始化的认证信息。示例中authTag恰好为12字节。
29
30**解密**
31
321. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'AES128|CCM',创建对称密钥类型为AES128、分组模式为CCM的Cipher实例,用于完成解密操作。
33
342. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(SymKey)和CCM模式对应的解密参数(CcmParamsSpec),初始化解密Cipher实例。
35
363. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取解密后的数据。
37
38- 异步方法示例:
39
40  ```ts
41  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
42  import { buffer } from '@kit.ArkTS';
43
44  function genCcmParamsSpec() {
45    let rand: cryptoFramework.Random = cryptoFramework.createRandom();
46    let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7);
47    let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8);
48    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes
49    let dataTag = new Uint8Array(arr);
50    let tagBlob: cryptoFramework.DataBlob = {
51      data: dataTag
52    };
53    // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。
54    let ccmParamsSpec: cryptoFramework.CcmParamsSpec = {
55      iv: ivBlob,
56      aad: aadBlob,
57      authTag: tagBlob,
58      algName: "CcmParamsSpec"
59    };
60    return ccmParamsSpec;
61  }
62  let ccmParams = genCcmParamsSpec();
63
64  // 加密消息。
65  async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
66    let cipher = cryptoFramework.createCipher('AES128|CCM');
67    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams);
68    let encryptUpdate = await cipher.update(plainText);
69    // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。
70    ccmParams.authTag = await cipher.doFinal(null);
71    return encryptUpdate;
72  }
73  // 解密消息。
74  async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
75    let decoder = cryptoFramework.createCipher('AES128|CCM');
76    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams);
77    let decryptUpdate = await decoder.doFinal(cipherText);
78    return decryptUpdate;
79  }
80  async function genSymKeyByData(symKeyData: Uint8Array) {
81    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
82    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
83    let symKey = await aesGenerator.convertKey(symKeyBlob);
84    console.info('convertKey success');
85    return symKey;
86  }
87  async function main() {
88    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
89    let symKey = await genSymKeyByData(keyData);
90    let message = "This is a test";
91    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
92    let encryptText = await encryptMessagePromise(symKey, plainText);
93    let decryptText = await decryptMessagePromise(symKey, encryptText);
94    if (plainText.data.toString() === decryptText.data.toString()) {
95      console.info('decrypt ok');
96      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
97    } else {
98      console.error('decrypt failed');
99    }
100  }
101  ```
102
103- 同步方法示例:
104
105  ```ts
106  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
107  import { buffer } from '@kit.ArkTS';
108
109
110  function genCcmParamsSpec() {
111    let rand: cryptoFramework.Random = cryptoFramework.createRandom();
112    let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7);
113    let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8);
114    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes
115    let dataTag = new Uint8Array(arr);
116    let tagBlob: cryptoFramework.DataBlob = {
117      data: dataTag
118    };
119    // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。
120    let ccmParamsSpec: cryptoFramework.CcmParamsSpec = {
121      iv: ivBlob,
122      aad: aadBlob,
123      authTag: tagBlob,
124      algName: "CcmParamsSpec"
125    };
126    return ccmParamsSpec;
127  }
128
129  let ccmParams = genCcmParamsSpec();
130
131  // 加密消息。
132  function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
133    let cipher = cryptoFramework.createCipher('AES128|CCM');
134    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams);
135    let encryptUpdate = cipher.updateSync(plainText);
136    // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。
137    ccmParams.authTag = cipher.doFinalSync(null);
138    return encryptUpdate;
139  }
140  // 解密消息。
141  function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
142    let decoder = cryptoFramework.createCipher('AES128|CCM');
143    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams);
144    let decryptUpdate = decoder.doFinalSync(cipherText);
145    return decryptUpdate;
146  }
147  function genSymKeyByData(symKeyData: Uint8Array) {
148    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
149    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
150    let symKey = aesGenerator.convertKeySync(symKeyBlob);
151    console.info('convertKeySync success');
152    return symKey;
153  }
154  function main() {
155    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
156    let symKey = genSymKeyByData(keyData);
157    let message = "This is a test";
158    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
159    let encryptText = encryptMessage(symKey, plainText);
160    let decryptText = decryptMessage(symKey, encryptText);
161    if (plainText.data.toString() === decryptText.data.toString()) {
162      console.info('decrypt ok');
163      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
164    } else {
165      console.error('decrypt failed');
166    }
167  }
168  ```