用于AES加密解密的任何可可源代码？

Question

我正在寻找一些关于AES加密的可可代码，我做了一些谷歌搜索。我发现这个非常有用的链接 - http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html。所以我试了一下，但对我没有用。

任何人都可以建议我一些有用的链接或源代码，可以帮助我在我的示例应用程序中实现它。

Answer 1

AES128加密在CommonCrypto框架中的iPhone上可用。相关函数位于CommonCryptor.h头文件中。

您可以创建一个像这么cryptor：

// Assume key and keylength exist 
CCCryptorRef cryptor; 
if(kCCSuccess != CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, 0, key, keyLength, NULL, &cryptor)) 
    ; //handle error 

// Repeatedly call CCCryptorUpdate to encrypt the data 

CCCryptorRelease(cryptor); 

它的问题和你正在寻找AES的示例实现的链接似乎。我不会推荐这个 - 使用Apple的实现！

它看起来像http://pastie.org/297563.txt也可以帮助你，但我没有测试过它。

Answer 2

我使用NSData上的一个简单类别，它使用内置的CommonCrypto框架来执行AES 256位加密。我在Mac上使用它，但它也应该在iPhone上正常工作：

#import <CommonCrypto/CommonCryptor.h> 
@implementation NSData (AESAdditions) 
- (NSData*)AES256EncryptWithKey:(NSString*)key { 
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    NSUInteger dataLength = [self length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize   = dataLength + kCCBlockSizeAES128; 
    void* buffer    = malloc(bufferSize); 

    size_t numBytesEncrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, 
              keyPtr, kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [self bytes], dataLength, /* input */ 
              buffer, bufferSize, /* output */ 
              &numBytesEncrypted); 

    if (cryptStatus == kCCSuccess) 
    { 
     //the returned NSData takes ownership of the buffer and will free it on deallocation 
     return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; 
    } 

    free(buffer); //free the buffer; 
    return nil; 
} 

- (NSData*)AES256DecryptWithKey:(NSString*)key { 
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    NSUInteger dataLength = [self length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize   = dataLength + kCCBlockSizeAES128; 
    void* buffer    = malloc(bufferSize); 

    size_t numBytesDecrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, 
              keyPtr, kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [self bytes], dataLength, /* input */ 
              buffer, bufferSize, /* output */ 
              &numBytesDecrypted); 

    if (cryptStatus == kCCSuccess) 
    { 
     //the returned NSData takes ownership of the buffer and will free it on deallocation 
     return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; 
    } 

    free(buffer); //free the buffer; 
    return nil; 
} 
@end 

Answer 3

感谢您的大类扩展。我发现的一件事情是 - 当您使用CCCrypt的算法强于64位时，您需要符合BIS出口法规。有关更多详细信息，请参阅iTunes Connect FAQ。即使你使用Apple的inbuild加密API，你也需要获得BIS的批准。

有关于之前这个话题上SF的讨论（在SSL使用的上下文中）：

Using SSL in an iPhone App - Export Compliance

问候 克里斯

Answer 4

所有的例子，我发现，我没有工作，所以我改变了上面的解决方案。这一个适用于我，并使用Google-Lib的Base64的东西：

+ (NSData *)AES256DecryptWithKey:(NSString *)key data:(NSData*)data encryptOrDecrypt:(CCOperation)encryptOrDecrypt { 

    // 'key' should be 32 bytes for AES256, will be null-padded otherwise 
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused) 
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding) 

    // fetch key data 
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; 

    if (encryptOrDecrypt == kCCDecrypt) 
    { 
     data = [GTMBase64 decodeData:data]; 
    } 

     NSUInteger dataLength = [data length]; 

    //See the doc: For block ciphers, the output size will always be less than or 
    //equal to the input size plus the size of one block. 
    //That's why we need to add the size of one block here 
    size_t bufferSize = dataLength + kCCBlockSizeAES128; 

    void *buffer = malloc(bufferSize); 

    size_t numBytesDecrypted = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(encryptOrDecrypt, 
              kCCAlgorithmAES128, 
              kCCOptionPKCS7Padding, 
              keyPtr, 
              kCCKeySizeAES256, 
              NULL /* initialization vector (optional) */, 
              [data bytes], dataLength, /* input */ 
              buffer,  bufferSize, /* output */ 
              &numBytesDecrypted); 

    if (cryptStatus != kCCSuccess){ 
     NSLog(@"ERROR WITH FILE ENCRYPTION/DECRYPTION"); 
     return nil; 
    } 

    NSData *result; 

    if (encryptOrDecrypt == kCCDecrypt) 
    { 
     result = [NSData dataWithBytes:(const void *)buffer length:(NSUInteger)numBytesDecrypted]; 
    } 
    else 
    { 
     NSData *myData = [NSData dataWithBytes:(const void *)buffer length:(NSUInteger)numBytesDecrypted]; 
     result = [GTMBase64 encodeData:myData]; 
    } 

    free(buffer); //free the buffer; 
    return result; 
}