iOS 解決 IAGAesGcm 框架崩潰問題解決

1、問題描述

今天發(fā)現(xiàn)對大文件進行加解密時,IAGAesGcm這個開源框架會崩潰。大概是內存溢出了,并且在github的issue,有人提及,作者說不再維護,并推薦使用蘋果的新AES加密框架。但此框架只支持iOS13以上,公司要求12以上都要支持。故需要解決。

2、解決方案

網上已有成熟的解決方案,使用openssl庫,且可以支持iOS 所有版本系統(tǒng),且代碼不需要做兼容,因為是c++的庫,性能也非常好。具體見這些鏈接。

1、openssl iOS版庫地址
https://github.com/x2on/OpenSSL-for-iPhone

2、如何生成庫和導入工程
http://www.itdecent.cn/p/7aa9841c4eba

3、封裝AES256.GCM加解密類
參考
http://www.itdecent.cn/p/aab89293378a

如下是我的封裝
1.NSData+AES_GCM.h

//
//  NSData+AES_GCM.h
//  encore
//
//  Created by lishi on 2024/3/6.
//

#import <Foundation/Foundation.h>


NS_ASSUME_NONNULL_BEGIN



@interface NSData (AES_GCM)

- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;

- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error;

@end

NS_ASSUME_NONNULL_END

2.NSData+AES_GCM.m

//
//  NSData+AES_GCM.m
//  encore
//
//  Created by lishi on 2024/3/6.
//

#import "NSData+AES_GCM.h"
#import "evp.h"
#import "opensslv.h"

@implementation NSData (AES_GCM)

- (NSData *)aes256Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    if (self.length < 16) {
        // self 需要是 加密數據+tag 的組合
        return nil;
    }
    
    // 取后16位作為tag
    NSData *tagData = [self subdataWithRange:(NSRange){self.length - 16, 16}];
    // 前面是真正加密的數據
    NSData *contentData = [self subdataWithRange:(NSRange){0, self.length - 16}];
    
    char *gcm_ct = [contentData bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ptBytes = (unsigned char * )malloc(self.length);

    int declen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_DecryptInit(ctx, EVP_aes_256_gcm(), NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit EVP_aes_256_gcm() failed."];
        return nil;
    }
    
    EVP_CIPHER_CTX_set_padding(ctx, 0);
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, [tagData bytes])) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_TAG Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_DecryptInit(ctx, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Dencrypt set key and iv failed."];
        return nil;
    }
    
    if (!EVP_DecryptUpdate(ctx, ptBytes, &declen, gcm_ct, [contentData length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Dencrypt failed."];
        return nil;
    }
    
    // 得到解密數據
    NSMutableData *ptgcmData = [NSMutableData dataWithCapacity:0];
    [ptgcmData appendBytes:ptBytes length:declen];
    
    if (!EVP_DecryptFinal(ctx,  [ptgcmData bytes] + declen, &declen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal tag failed"];
        return nil;
    }
    
    EVP_CIPHER_CTX_free(ctx);
    
    return ptgcmData;
}

- (NSData *)aes256Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    
    char *gcm_ct = [self bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ctBytes = (unsigned char * )malloc(self.length);

    NSMutableData *engcmData = [[NSMutableData alloc] initWithCapacity:self.length];

    unsigned char tag[16];
    int enclen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_EncryptInit_ex EVP_aes_256_gcm() failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Encryp failed."];
        return nil;
    }
    
    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Encryp set key and iv failed."];
        return nil;
    }
    
    if (!EVP_EncryptUpdate(ctx, ctBytes, &enclen, (const unsigned char *)[self bytes], [self length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Encrypt data failed."];
        return nil;
    }
    // 拼接 iv 數據
    [engcmData appendBytes:gcm_iv length:12];
    
    // 拼接加密數據
    [engcmData appendBytes:ctBytes length:enclen];
    
    if (!EVP_EncryptFinal (ctx, [engcmData bytes] + enclen, &enclen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal Encrypt failed"];
        return nil;
    }

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl get tag failed"];
        return nil;
    }
    // 拼接 tag
    [engcmData appendBytes:tag length:16];

    EVP_CIPHER_CTX_free(ctx);
    return engcmData;
}


-(NSError *)errorWithDescription:(NSString *)errorinfo{
    NSString *domain = @"com.chbank.aes_gcm";
    NSInteger code = -101;
    NSDictionary *userInfo = @{
        NSLocalizedDescriptionKey: errorinfo,
        NSLocalizedFailureReasonErrorKey: errorinfo,
        NSLocalizedRecoverySuggestionErrorKey: @"aes gcm failed,check class NSData+AES_GCM"
    };
    NSError *error = [NSError errorWithDomain:domain code:code userInfo:userInfo];
    return error;
}

@end

測試

NSString *testStr = @"今天去吃老鄉(xiāng)雞";
NSData *testStrData = [testStr dataUsingEncoding:NSUTF8StringEncoding];

NSData *keyData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle]pathForResource:@"publickText" ofType:@"log"]];

#define IV_Lenght 12
#define TAG_Lenght 16

// 加密 注意后的數據結構為  iv(12位) + 加密數據 + tag(16位)
NSMutableData *ivData = [[NSMutableData alloc]initWithLength:IV_Lenght];
SecRandomCopyBytes(kSecRandomDefault, IV_Lenght, ivData.mutableBytes);
NSData *encrypedData = [testStrData aes256Gcm_EncryptWithKey:key iv:ivData error:error];
NSString *encrypedStr = [encrypedData base64EncodedStringWithOptions:0];
NSLog(@"加密后Str:%@",encrypedStr);

// 解密 注意解密前的數據結構為  iv(12位) + 加密數據 + tag(16位)
NSMutableData *data = [[NSMutableData alloc]initWithBase64EncodedString: encrypedStr options:0];
NSData *ivData = [data subdataWithRange:NSMakeRange(0, IV_Lenght)];
NSData *cipheredPlusTagData = [data subdataWithRange:NSMakeRange(IV_Lenght, data.length - IV_Lenght)];
NSData *decrypedData = [cipheredPlusTagData aes256Gcm_DencryptWithKey:key iv:ivData error:error];
NSString *decrypedStr  = [[NSString alloc] initWithData:decryptedData encoding:4];
NSLog(@"解密后Str:%@", decrypedStr);
?著作權歸作者所有,轉載或內容合作請聯(lián)系作者
【社區(qū)內容提示】社區(qū)部分內容疑似由AI輔助生成,瀏覽時請結合常識與多方信息審慎甄別。
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發(fā)布,文章內容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關閱讀更多精彩內容

友情鏈接更多精彩內容