只需为 IV 生成随机字节:
int ivLength = kCCBlockSizeAES128;
NSMutableData *ivData = [NSMutableData dataWithLength:kCCBlockSizeAES128];
SecRandomCopyBytes(kSecRandomDefault, ivLength, ivData.mutableBytes);
这将产生适合的数据CCCrypt
,只需使用ivData.bytes
.
ivData 的用法示例:
ccStatus = CCCrypt(
...
ivData.bytes,
...
);
在加密时生成随机 IV 并将其作为加密数据前缀传递以进行解密的完整示例:
+ (NSData *)aesCBCEncrypt:(NSData *)data
key:(NSData *)key
error:(NSError **)error
{
if (key.length != 16 && key.length != 24 && key.length != 32) {
*error = [NSError errorWithDomain:@"keyLengthError" code:-1 userInfo:nil];
return nil;
}
CCCryptorStatus ccStatus = kCCSuccess;
int ivLength = kCCBlockSizeAES128;
size_t cryptBytes = 0;
NSMutableData *dataOut = [NSMutableData dataWithLength:ivLength + data.length + kCCBlockSizeAES128];
int status = SecRandomCopyBytes(kSecRandomDefault, ivLength, dataOut.mutableBytes);
if (status != 0) {
*error = [NSError errorWithDomain:@"ivError" code:status userInfo:nil];
return nil;
}
ccStatus = CCCrypt(kCCEncrypt,
kCCAlgorithmAES,
kCCOptionPKCS7Padding,
key.bytes, key.length,
dataOut.bytes,
data.bytes, data.length,
dataOut.mutableBytes + ivLength, dataOut.length,
&cryptBytes);
if (ccStatus == kCCSuccess) {
dataOut.length = cryptBytes + ivLength;
}
else {
if (error) {
*error = [NSError errorWithDomain:@"kEncryptionError" code:ccStatus userInfo:nil];
}
dataOut = nil;
}
return dataOut;
}
+ (NSData *)aesCBCDecrypt:(NSData *)data
key:(NSData *)key
error:(NSError **)error
{
if (key.length != 16 && key.length != 24 && key.length != 32) {
*error = [NSError errorWithDomain:@"keyLengthError" code:-1 userInfo:nil];
return nil;
}
CCCryptorStatus ccStatus = kCCSuccess;
int ivLength = kCCBlockSizeAES128;
size_t clearBytes = 0;
NSMutableData *dataOut = [NSMutableData dataWithLength:data.length - ivLength];
ccStatus = CCCrypt(kCCDecrypt,
kCCAlgorithmAES,
kCCOptionPKCS7Padding,
key.bytes, key.length,
data.bytes,
data.bytes + ivLength, data.length - ivLength,
dataOut.mutableBytes, dataOut.length,
&clearBytes);
if (ccStatus == kCCSuccess) {
dataOut.length = clearBytes;
}
else {
if (error) {
*error = [NSError errorWithDomain:@"kEncryptionError" code:ccStatus userInfo:nil];
}
dataOut = nil;
}
return dataOut;
}
Test:
NSError *error;
NSData *key = [@"Bad example key " dataUsingEncoding:NSUTF8StringEncoding];
NSData *clear = [@"Test Input" dataUsingEncoding:NSUTF8StringEncoding];
NSData *encrypted = [Crypto aesCBCEncrypt:clear
key:key
error:&error];
NSData *decrypted = [Crypto aesCBCDecrypt:encrypted
key:key
error:&error];
NSLog(@"key: %@", key);
NSLog(@"clear: %@", clear);
NSLog(@"encrypted: %@", encrypted);
NSLog(@"decrypted: %@", decrypted);
Output:
key: 42616420 6578616d 706c6520 6b657920
clear: 54657374 20496e70 7574
encrypted: 44f02b5e 40bf5031 01cc55fd cad80a77 790b9d05 5a6c8de7 6c949191 d3ba57de
decrypted: 54657374 20496e70 7574