1# 使用AES对称密钥(CCM模式)加解密(ArkTS)
2
3
4对应的算法规格请查看[对称密钥加解密算法规格:AES](crypto-sym-encrypt-decrypt-spec.md#aes)。
5
6
7**加密**
8
9
101. 调用[cryptoFramework.createSymKeyGenerator](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatesymkeygenerator)、[SymKeyGenerator.generateSymKey](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#generatesymkey-1),生成密钥算法为AES、密钥长度为128位的对称密钥(SymKey)。
11
12   如何生成AES对称密钥,开发者可参考下文示例,并结合[对称密钥生成和转换规格:AES](crypto-sym-key-generation-conversion-spec.md#aes)和[随机生成对称密钥](crypto-generate-sym-key-randomly.md)理解,参考文档与当前示例可能存在入参差异,请在阅读时注意区分。
13
142. 调用[cryptoFramework.createCipher](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreatecipher),指定字符串参数'AES128|CCM',创建对称密钥类型为AES128、分组模式为CCM的Cipher实例,用于完成加解密操作。
15
163. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为加密(CryptoMode.ENCRYPT_MODE),指定加密密钥(SymKey)和CCM模式对应的加密参数(CcmParamsSpec),初始化加密Cipher实例。
17
184. 调用[Cipher.update](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#update-1),更新数据(明文)。
19
20   当前单次update长度没有限制,开发者可以根据数据量判断如何调用update。
21
22   > **说明:**
23   > CCM模式不支持分段加解密。
24
255. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取加密后的数据。
26   - 由于已使用update传入数据,此处data传入null。
27   - doFinal输出结果可能为null,在访问具体数据前,需要先判断结果是否为null,避免产生异常。
28
296. 读取[CcmParamsSpec.authTag](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#ccmparamsspec)作为解密的认证信息。
30
31    在CCM模式下,需要从加密后的数据中取出末尾12字节,作为解密时初始化的认证信息。示例中authTag恰好为12字节。
32
33
34**解密**
35
36
371. 调用[Cipher.init](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-1),设置模式为解密(CryptoMode.DECRYPT_MODE),指定解密密钥(SymKey)和CCM模式对应的解密参数(CcmParamsSpec),初始化解密Cipher实例。
38
392. 调用[Cipher.doFinal](../../reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#dofinal-1),获取解密后的数据。
40
41
42- 异步方法示例:
43
44  ```ts
45  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
46  import { buffer } from '@kit.ArkTS';
47
48  function genCcmParamsSpec() {
49    let rand: cryptoFramework.Random = cryptoFramework.createRandom();
50    let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7);
51    let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8);
52    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes
53    let dataTag = new Uint8Array(arr);
54    let tagBlob: cryptoFramework.DataBlob = {
55      data: dataTag
56    };
57    // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中
58    let ccmParamsSpec: cryptoFramework.CcmParamsSpec = {
59      iv: ivBlob,
60      aad: aadBlob,
61      authTag: tagBlob,
62      algName: "CcmParamsSpec"
63    };
64    return ccmParamsSpec;
65  }
66  let ccmParams = genCcmParamsSpec();
67
68  // 加密消息
69  async function encryptMessagePromise(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
70    let cipher = cryptoFramework.createCipher('AES128|CCM');
71    await cipher.init(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams);
72    let encryptUpdate = await cipher.update(plainText);
73    // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。
74    ccmParams.authTag = await cipher.doFinal(null);
75    return encryptUpdate;
76  }
77  // 解密消息
78  async function decryptMessagePromise(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
79    let decoder = cryptoFramework.createCipher('AES128|CCM');
80    await decoder.init(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams);
81    let decryptUpdate = await decoder.doFinal(cipherText);
82    return decryptUpdate;
83  }
84  async function genSymKeyByData(symKeyData: Uint8Array) {
85    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
86    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
87    let symKey = await aesGenerator.convertKey(symKeyBlob);
88    console.info('convertKey success');
89    return symKey;
90  }
91  async function main() {
92    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
93    let symKey = await genSymKeyByData(keyData);
94    let message = "This is a test";
95    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
96    let encryptText = await encryptMessagePromise(symKey, plainText);
97    let decryptText = await decryptMessagePromise(symKey, encryptText);
98    if (plainText.data.toString() === decryptText.data.toString()) {
99      console.info('decrypt ok');
100      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
101    } else {
102      console.error('decrypt failed');
103    }
104  }
105  ```
106
107- 同步方法示例:
108
109  ```ts
110  import { cryptoFramework } from '@kit.CryptoArchitectureKit';
111  import { buffer } from '@kit.ArkTS';
112
113
114  function genCcmParamsSpec() {
115    let rand: cryptoFramework.Random = cryptoFramework.createRandom();
116    let ivBlob: cryptoFramework.DataBlob = rand.generateRandomSync(7);
117    let aadBlob: cryptoFramework.DataBlob = rand.generateRandomSync(8);
118    let arr = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; // 12 bytes
119    let dataTag = new Uint8Array(arr);
120    let tagBlob: cryptoFramework.DataBlob = {
121      data: dataTag
122    };
123    // CCM的authTag在加密时从doFinal结果中获取,在解密时填入init函数的params参数中
124    let ccmParamsSpec: cryptoFramework.CcmParamsSpec = {
125      iv: ivBlob,
126      aad: aadBlob,
127      authTag: tagBlob,
128      algName: "CcmParamsSpec"
129    };
130    return ccmParamsSpec;
131  }
132
133  let ccmParams = genCcmParamsSpec();
134
135  // 加密消息
136  function encryptMessage(symKey: cryptoFramework.SymKey, plainText: cryptoFramework.DataBlob) {
137    let cipher = cryptoFramework.createCipher('AES128|CCM');
138    cipher.initSync(cryptoFramework.CryptoMode.ENCRYPT_MODE, symKey, ccmParams);
139    let encryptUpdate = cipher.updateSync(plainText);
140    // ccm模式加密doFinal时传入空,获得tag数据,并更新至ccmParams对象中。
141    ccmParams.authTag = cipher.doFinalSync(null);
142    return encryptUpdate;
143  }
144  // 解密消息
145  function decryptMessage(symKey: cryptoFramework.SymKey, cipherText: cryptoFramework.DataBlob) {
146    let decoder = cryptoFramework.createCipher('AES128|CCM');
147    decoder.initSync(cryptoFramework.CryptoMode.DECRYPT_MODE, symKey, ccmParams);
148    let decryptUpdate = decoder.doFinalSync(cipherText);
149    return decryptUpdate;
150  }
151  function genSymKeyByData(symKeyData: Uint8Array) {
152    let symKeyBlob: cryptoFramework.DataBlob = { data: symKeyData };
153    let aesGenerator = cryptoFramework.createSymKeyGenerator('AES128');
154    let symKey = aesGenerator.convertKeySync(symKeyBlob);
155    console.info('convertKeySync success');
156    return symKey;
157  }
158  function main() {
159    let keyData = new Uint8Array([83, 217, 231, 76, 28, 113, 23, 219, 250, 71, 209, 210, 205, 97, 32, 159]);
160    let symKey = genSymKeyByData(keyData);
161    let message = "This is a test";
162    let plainText: cryptoFramework.DataBlob = { data: new Uint8Array(buffer.from(message, 'utf-8').buffer) };
163    let encryptText = encryptMessage(symKey, plainText);
164    let decryptText = decryptMessage(symKey, encryptText);
165    if (plainText.data.toString() === decryptText.data.toString()) {
166      console.info('decrypt ok');
167      console.info('decrypt plainText: ' + buffer.from(decryptText.data).toString('utf-8'));
168    } else {
169      console.error('decrypt failed');
170    }
171  }
172  ```