1# 使用AES对称密钥(CCM模式)加解密(ArkTS) 2 3<!--Kit: Crypto Architecture Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10查看[对称密钥加解密算法规格:AES](crypto-sym-encrypt-decrypt-spec.md#aes)。 11 12**加密** 13 141. 调用[cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator)、[SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1),生成密钥算法为AES、密钥长度为128位的对称密钥(SymKey)。 15 16 如何生成AES对称密钥,开发者可参考下文示例,并结合[对称密钥生成和转换规格:AES](crypto-sym-key-generation-conversion-spec.md#aes)和[随机生成对称密钥](crypto-generate-sym-key-randomly.md)进行理解,参考文档与当前示例可能存在入参差异,请注意区分。 17 182. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'AES128|CCM',创建对称密钥为AES128、分组模式为CCM的Cipher实例,用于执行加密操作。 19 203. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定密钥(SymKey)和CCM模式对应的加密参数(CcmParamsSpec),初始化加密Cipher实例。 21 224. 调用[Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1),更新数据(明文)。 23 24 当前单次update没有长度限制,开发者可以根据数据量决定如何调用update。 25 26 > **说明:** 27 > CCM模式不支持分段加解密。 28 295. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1)获取加密后的数据。 30 - 由于已通过update传入数据,此处传入null。 31 - doFinal输出结果可能为null,访问具体数据前,需先判断结果是否为null,以避免异常。 32 336. 读取[CcmParamsSpec.authTag](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#ccmparamsspec)作为解密的认证信息。 34 35 在CCM模式下,算法库目前仅支持12字节的authTag,用于解密时的初始化认证信息。示例中的authTag为12字节。 36 37**解密** 38 391. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'AES128|CCM',创建对称密钥为AES128、分组模式为CCM的Cipher实例,用于完成解密操作。 40 412. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定密钥(SymKey)和CCM模式对应的解密参数(CcmParamsSpec),初始化解密Cipher实例。 42 433. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取解密后的数据。 44 45- 异步方法示例: 46 47 ```ts 48 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 49 import { buffer } from '@kit.ArkTS'; 50 51 function genCcmParamsSpec() { 52 let rand: cryptoFramework.Random = cryptoFramework.createRandom(); 53 let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7); 54 let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8); 55 let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes 56 let dataTag = new Uint8Array(arr); 57 let tagBlob: cryptoFramework.DataBlob = { 58 data: dataTag 59 }; 60 // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。 61 let ccmParamsSpec: cryptoFramework.CcmParamsSpec = { 62 iv: ivBlob, 63 aad: aadBlob, 64 authTag: tagBlob, 65 algName: "CcmParamsSpec" 66 }; 67 return ccmParamsSpec; 68 } 69 let ccmParams = genCcmParamsSpec(); 70 71 // 加密消息。 72 async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) { 73 let cipher = cryptoFramework.createCipher('AES128|CCM'); 74 await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams); 75 let encryptUpdate = await cipher.update(plainText); 76 // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。 77 ccmParams.authTag = await cipher.doFinal(null); 78 return encryptUpdate; 79 } 80 // 解密消息。 81 async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) { 82 let decoder = cryptoFramework.createCipher('AES128|CCM'); 83 await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams); 84 let decryptUpdate = await decoder.doFinal(cipherText); 85 return decryptUpdate; 86 } 87 async function genSymKeyByData(symKeyData: Uint8Array) { 88 let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 89 let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128'); 90 let symKey = await aesGenerator.convertKey(symKeyBlob); 91 console.info('convertKey success'); 92 return symKey; 93 } 94 async function main() { 95 let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]); 96 let symKey = await genSymKeyByData(keyData); 97 let message = "This is a test"; 98 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 99 let encryptText = await encryptMessagePromise(symKey, plainText); 100 let decryptText = await decryptMessagePromise(symKey, encryptText); 101 if (plainText.data.toString() === decryptText.data.toString()) { 102 console.info('decrypt ok'); 103 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 104 } else { 105 console.error('decrypt failed'); 106 } 107 } 108 ``` 109 110- 同步方法示例: 111 112 ```ts 113 import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 114 import { buffer } from '@kit.ArkTS'; 115 116 117 function genCcmParamsSpec() { 118 let rand: cryptoFramework.Random = cryptoFramework.createRandom(); 119 let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7); 120 let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8); 121 let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes 122 let dataTag = new Uint8Array(arr); 123 let tagBlob: cryptoFramework.DataBlob = { 124 data: dataTag 125 }; 126 // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中。 127 let ccmParamsSpec: cryptoFramework.CcmParamsSpec = { 128 iv: ivBlob, 129 aad: aadBlob, 130 authTag: tagBlob, 131 algName: "CcmParamsSpec" 132 }; 133 return ccmParamsSpec; 134 } 135 136 let ccmParams = genCcmParamsSpec(); 137 138 // 加密消息。 139 function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) { 140 let cipher = cryptoFramework.createCipher('AES128|CCM'); 141 cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams); 142 let encryptUpdate = cipher.updateSync(plainText); 143 // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。 144 ccmParams.authTag = cipher.doFinalSync(null); 145 return encryptUpdate; 146 } 147 // 解密消息。 148 function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) { 149 let decoder = cryptoFramework.createCipher('AES128|CCM'); 150 decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams); 151 let decryptUpdate = decoder.doFinalSync(cipherText); 152 return decryptUpdate; 153 } 154 function genSymKeyByData(symKeyData: Uint8Array) { 155 let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData }; 156 let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128'); 157 let symKey = aesGenerator.convertKeySync(symKeyBlob); 158 console.info('convertKeySync success'); 159 return symKey; 160 } 161 function main() { 162 let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]); 163 let symKey = genSymKeyByData(keyData); 164 let message = "This is a test"; 165 let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) }; 166 let encryptText = encryptMessage(symKey, plainText); 167 let decryptText = decryptMessage(symKey, encryptText); 168 if (plainText.data.toString() === decryptText.data.toString()) { 169 console.info('decrypt ok'); 170 console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8')); 171 } else { 172 console.error('decrypt failed'); 173 } 174 } 175 ```