• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# 使用SM4对称密钥(GCM模式)加解密(ArkTS)
2
3对应的算法规格请查看[对称密钥加解密算法规格:SM4](crypto-sym-encrypt-decrypt-spec.md#sm4)。
4
5**加密**
6
71. 调用[cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator)、[SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1),生成密钥算法为SM4、密钥长度为128位的对称密钥(SymKey)。
8
9   如何生成SM4对称密钥,开发者可参考下文示例,并结合[对称密钥生成和转换规格:SM4](crypto-sym-key-generation-conversion-spec.md#sm4)和[随机生成对称密钥](crypto-generate-sym-key-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
10
112. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'SM4_128|GCM|PKCS7',创建对称密钥类型为SM4_128、分组模式为GCM、填充模式为PKCS7的Cipher实例,用于完成加密操作。
12
133. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(SymKey)和GCM模式对应的加密参数(GcmParamsSpec),初始化加密Cipher实例。
14
154. 调用[Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1),更新数据(明文)。
16
17   当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。
18
19   - 当数据量较小时,可以在init完成后直接调用doFinal。
20   - 当数据量较大时,可以多次调用update,即[分段加解密](crypto-sm4-sym-encrypt-decrypt-gcm-by-segment.md)。
21
225. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取加密后的数据。
23   - 由于已使用update传入数据,此处data传入null。
24   - doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
25
266. 读取[GcmParamsSpec](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#gcmparamsspec).authTag作为解密的认证信息。
27   在GCM模式下,需要从加密后的数据中取出末尾16字节,作为解密时初始化的认证信息。示例中authTag恰好为16字节。
28
29**解密**
30
311. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'SM4_128|GCM|PKCS7',创建对称密钥类型为SM4_128、分组模式为GCM、填充模式为PKCS7的Cipher实例,用于完成解密操作。
32
332. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(SymKey)和GCM模式对应的解密参数(GcmParamsSpec),初始化解密Cipher实例。
34
353. 调用[Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1),更新数据(密文)。
36
374. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取解密后的数据。
38
39- 异步方法示例:
40
41  ```ts
42  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
43  import { buffer } from '@kit.ArkTS';
44
45  function generateRandom(len: number) {
46    let rand = cryptoFramework.createRandom();
47    let generateRandSync = rand.generateRandomSync(len);
48    return generateRandSync;
49  }
50
51  function genGcmParamsSpec() {
52    let ivBlob = generateRandom(12); // 12 bytes
53    let arr = [1, 2, 3, 4, 5, 6, 7, 8]; // 8 bytes
54    let dataAad = new Uint8Array(arr);
55    let aadBlob: cryptoFramework.DataBlob = { data: dataAad };
56    arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 16 bytes
57    let dataTag = new Uint8Array(arr);
58    let tagBlob: cryptoFramework.DataBlob = {
59      data: dataTag
60    };
61    // GCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。
62    let gcmParamsSpec: cryptoFramework.GcmParamsSpec = {
63      iv: ivBlob,
64      aad: aadBlob,
65      authTag: tagBlob,
66      algName: "GcmParamsSpec"
67    };
68    return gcmParamsSpec;
69  }
70
71  let gcmParams = genGcmParamsSpec();
72
73  // 加密消息。
74  async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
75    let cipher = cryptoFramework.createCipher('SM4_128|GCM|PKCS7');
76    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, gcmParams);
77    let encryptUpdate = await cipher.update(plainText);
78    // gcm模式加密doFinal时传入空,获得tag数据,并更新至gcmParams对象中。
79    gcmParams.authTag = await cipher.doFinal(null);
80    return encryptUpdate;
81  }
82  // 解密消息。
83  async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
84    let decoder = cryptoFramework.createCipher('SM4_128|GCM|PKCS7');
85    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, gcmParams);
86    let decryptUpdate = await decoder.update(cipherText);
87    // gcm模式解密doFinal时传入空,验证init时传入的tag数据,如果验证失败会抛出异常。
88    let decryptData = await decoder.doFinal(null);
89    if (decryptData === null) {
90      console.info('GCM decrypt success, decryptData is null');
91    }
92    return decryptUpdate;
93  }
94  async function genSymKeyByData(symKeyData: Uint8Array) {
95    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
96    let sm4Generator = cryptoFramework.createSymKeyGenerator('SM4_128');
97    let symKey = await sm4Generator.convertKey(symKeyBlob);
98    console.info('convertKey success');
99    return symKey;
100  }
101  async function main() {
102    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
103    let symKey = await genSymKeyByData(keyData);
104    let message = "This is a test";
105    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
106    let encryptText = await encryptMessagePromise(symKey, plainText);
107    let decryptText = await decryptMessagePromise(symKey, encryptText);
108    if (plainText.data.toString() === decryptText.data.toString()) {
109      console.info('decrypt ok');
110      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
111    } else {
112      console.error('decrypt failed');
113    }
114  }
115  ```
116
117- 同步方法示例:
118
119  ```ts
120  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
121  import { buffer } from '@kit.ArkTS';
122
123  function generateRandom(len: number) {
124    let rand = cryptoFramework.createRandom();
125    let generateRandSync = rand.generateRandomSync(len);
126    return generateRandSync;
127  }
128
129  function genGcmParamsSpec() {
130    let ivBlob = generateRandom(12); // 12 bytes
131    let arr = [1, 2, 3, 4, 5, 6, 7, 8]; // 8 bytes
132    let dataAad = new Uint8Array(arr);
133    let aadBlob: cryptoFramework.DataBlob = { data: dataAad };
134    arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 16 bytes
135    let dataTag = new Uint8Array(arr);
136    let tagBlob: cryptoFramework.DataBlob = {
137      data: dataTag
138    };
139    // GCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。
140    let gcmParamsSpec: cryptoFramework.GcmParamsSpec = {
141      iv: ivBlob,
142      aad: aadBlob,
143      authTag: tagBlob,
144      algName: "GcmParamsSpec"
145    };
146    return gcmParamsSpec;
147  }
148
149  let gcmParams = genGcmParamsSpec();
150
151  // 加密消息。
152  function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
153    let cipher = cryptoFramework.createCipher('SM4_128|GCM|PKCS7');
154    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, gcmParams);
155    let encryptUpdate = cipher.updateSync(plainText);
156    // gcm模式加密doFinal时传入空,获得tag数据,并更新至gcmParams对象中。
157    gcmParams.authTag = cipher.doFinalSync(null);
158    return encryptUpdate;
159  }
160  // 解密消息。
161  function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
162    let decoder = cryptoFramework.createCipher('SM4_128|GCM|PKCS7');
163    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, gcmParams);
164    let decryptUpdate = decoder.updateSync(cipherText);
165    // gcm模式解密doFinal时传入空,验证init时传入的tag数据,如果验证失败会抛出异常。
166    let decryptData = decoder.doFinalSync(null);
167    if (decryptData === null) {
168      console.info('GCM decrypt success, decryptData is null');
169    }
170    return decryptUpdate;
171  }
172  function genSymKeyByData(symKeyData: Uint8Array) {
173    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
174    let sm4Generator = cryptoFramework.createSymKeyGenerator('SM4_128');
175    let symKey = sm4Generator.convertKeySync(symKeyBlob);
176    console.info('convertKeySync success');
177    return symKey;
178  }
179  function main() {
180    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
181    let symKey = genSymKeyByData(keyData);
182    let message = "This is a test";
183    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
184    let encryptText = encryptMessage(symKey, plainText);
185    let decryptText = decryptMessage(symKey, encryptText);
186    if (plainText.data.toString() === decryptText.data.toString()) {
187      console.info('decrypt ok');
188      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
189    } else {
190      console.error('decrypt failed');
191    }
192  }
193  ```