用於AES加密解密的任何可可源代碼？

Question

我正在尋找一些關於AES加密的可可代碼，我做了一些谷歌搜索。我發現這個非常有用的鏈接 - http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html。所以我試了一下，但對我沒有用。

任何人都可以建議我一些有用的鏈接或源代碼，可以幫助我在我的示例應用程序中實現它。

Answer 1

AES128加密在CommonCrypto框架中的iPhone上可用。相關函數位於CommonCryptor.h頭文件中。

您可以創建一個像這麼cryptor：

// Assume key and keylength exist 
CCCryptorRef cryptor; 
if(kCCSuccess != CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, 0, key, keyLength, NULL, &cryptor)) 
    ; //handle error 

// Repeatedly call CCCryptorUpdate to encrypt the data 

CCCryptorRelease(cryptor); 

它的問題和你正在尋找AES的示例實現的鏈接似乎。我不會推薦這個 - 使用Apple的實現！

它看起來像http://pastie.org/297563.txt也可以幫助你，但我沒有測試過它。

Answer 2

我使用NSData上的一個簡單類別，它使用內置的CommonCrypto框架來執行AES 256位加密。我在Mac上使用它，但它也應該在iPhone上正常工作：

#import <CommonCrypto/CommonCryptor.h> 
@implementation NSData (AESAdditions) 
- (NSData*)AES256EncryptWithKey:(NSString*)key { 
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    NSUInteger dataLength = [self length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize   = dataLength + kCCBlockSizeAES128; 
    void* buffer    = malloc(bufferSize); 

    size_t numBytesEncrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, 
              keyPtr, kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [self bytes], dataLength, /* input */ 
              buffer, bufferSize, /* output */ 
              &numBytesEncrypted); 

    if (cryptStatus == kCCSuccess) 
    { 
     //the returned NSData takes ownership of the buffer and will free it on deallocation 
     return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; 
    } 

    free(buffer); //free the buffer; 
    return nil; 
} 

- (NSData*)AES256DecryptWithKey:(NSString*)key { 
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    NSUInteger dataLength = [self length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize   = dataLength + kCCBlockSizeAES128; 
    void* buffer    = malloc(bufferSize); 

    size_t numBytesDecrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, 
              keyPtr, kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [self bytes], dataLength, /* input */ 
              buffer, bufferSize, /* output */ 
              &numBytesDecrypted); 

    if (cryptStatus == kCCSuccess) 
    { 
     //the returned NSData takes ownership of the buffer and will free it on deallocation 
     return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; 
    } 

    free(buffer); //free the buffer; 
    return nil; 
} 
@end 

Answer 3

感謝您的大類擴展。我發現的一件事情是 - 當您使用CCCrypt的算法強於64位時，您需要符合BIS出口法規。有關更多詳細信息，請參閱iTunes Connect FAQ。即使你使用Apple的inbuild加密API，你也需要獲得BIS的批准。

有關於之前這個話題上SF的討論（在SSL使用的上下文中）：

Using SSL in an iPhone App - Export Compliance

問候 克里斯

Answer 4

所有的例子，我發現，我沒有工作，所以我改變了上面的解決方案。這一個適用於我，並使用Google-Lib的Base64的東西：

+ (NSData *)AES256DecryptWithKey:(NSString *)key data:(NSData*)data encryptOrDecrypt:(CCOperation)encryptOrDecrypt { 

    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    if (encryptOrDecrypt == kCCDecrypt) 
    { 
     data = [GTMBase64 decodeData:data]; 
    } 

     NSUInteger dataLength = [data length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize = dataLength + kCCBlockSizeAES128; 

    void *buffer = malloc(bufferSize); 

    size_t numBytesDecrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(encryptOrDecrypt, 
              kCCAlgorithmAES128, 
              kCCOptionPKCS7Padding, 
              keyPtr, 
              kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [data bytes], dataLength, /* input */ 
              buffer,  bufferSize, /* output */ 
              &numBytesDecrypted); 

    if (cryptStatus != kCCSuccess){ 
     NSLog(@"ERROR WITH FILE ENCRYPTION/DECRYPTION"); 
     return nil; 
    } 

    NSData *result; 

    if (encryptOrDecrypt == kCCDecrypt) 
    { 
     result = [NSData dataWithBytes:(const void *)buffer length:(NSUInteger)numBytesDecrypted]; 
    } 
    else 
    { 
     NSData *myData = [NSData dataWithBytes:(const void *)buffer length:(NSUInteger)numBytesDecrypted]; 
     result = [GTMBase64 encodeData:myData]; 
    } 

    free(buffer); //free the buffer; 
    return result; 
}