AES/CBC/PKCS7Padding 암복호화

까먹을까봐 기록. 결론은 구글링해서 얻은 결과 + 삽질.

Security.framework 를 사용. 아래 헤더 불러오기 등등.

#import <CommonCrypto/CommonCryptor.h>

CBC가 아니고 ECB모드 일 경우는 아래와 같이 수정을 하면 된다. 

iv를 사용하면 CBC 모드가 된다. 

kCCOptionECBMode + kCCOptionPKCS7Padding

Java에서는 PKCS5Padding 을 사용하는데 암복호화를 해보니 같은 데이터가 나오니까 같을지도...

- (NSData *)AES128EncryptWithKey:(NSData *)key theData:(NSData *)Data {

    

    // 'key' should be 16 bytes for AES128, will be null-padded otherwise

    char keyPtr[kCCKeySizeAES128+1]; // room for terminator (unused) 

    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    

    // fetch key data

    [key getBytes:keyPtr];

    NSUInteger dataLength = [Data length];

    

    //See the doc: For block ciphers, the output size will always be less than or

    //equal to the input size plus the size of one block.

    //That's why we need to add the size of one block here

    size_t bufferSize = dataLength + kCCBlockSizeAES128;

    void *buffer = malloc(bufferSize);

    

    size_t numBytesEncrypted = 0;

    

    char ivPtr[16];

    [_iv getBytes:ivPtr];

    

    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,

                                          kCCAlgorithmAES128,

                                          kCCOptionPKCS7Padding,

                                          keyPtr,

                                          kCCKeySizeAES128,

                                          ivPtr, /* initialization vector (optional) */

                                          [Data bytes],

                                          dataLength, /* input */

                                          buffer,

                                          bufferSize, /* output */

                                          &numBytesEncrypted);

    

    if (cryptStatus == kCCSuccess) {

        //the returned NSData takes ownership of the buffer and will free it on deallocation

        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];

    }

    

    free(buffer); //free the buffer;

    return nil;

}

- (NSData *)AES128DecryptWithKey:(NSData *)key theData:(NSData *)Data {

    // 'key' should be 16 bytes for AES128, will be null-padded otherwise

    char keyPtr[kCCKeySizeAES128+1]; // room for terminator (unused) 

    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    

    // fetch key data

    [key getBytes:keyPtr];

    

    NSUInteger dataLength = [Data length];

    

    //See the doc: For block ciphers, the output size will always be less than or

    //equal to the input size plus the size of one block.

    //That's why we need to add the size of one block here

    size_t bufferSize = dataLength + kCCBlockSizeAES128;

    void *buffer = malloc(bufferSize);

    

    char ivPtr[16];

    [_iv getBytes:ivPtr];

        

    size_t numBytesDecrypted = 0;

    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,

                                          kCCAlgorithmAES128,

                                          kCCOptionPKCS7Padding,

                                          keyPtr, kCCKeySizeAES128, 

                                          ivPtr /* initialization vector (optional) */,

                                          [_decData bytes], dataLength, /* input */

                                          buffer, bufferSize, /* output */

                                          &numBytesDecrypted);

    

    if (cryptStatus == kCCSuccess) {

        //the returned NSData takes ownership of the buffer and will free it on deallocation

        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];

    }

    

    free(buffer); //free the buffer;

    return nil;

}