1e41f4b71Sopenharmony_ci# Encryption and Decryption with an SM4 Symmetric Key (CBC Mode) (C/C++) 2e41f4b71Sopenharmony_ci 3e41f4b71Sopenharmony_ci 4e41f4b71Sopenharmony_ciFor details about the algorithm specifications, see [SM4](crypto-sym-encrypt-decrypt-spec.md#sm4). 5e41f4b71Sopenharmony_ci 6e41f4b71Sopenharmony_ci## Adding the Dynamic Library in the CMake Script 7e41f4b71Sopenharmony_ci```txt 8e41f4b71Sopenharmony_ci target_link_libraries(entry PUBLIC libohcrypto.so) 9e41f4b71Sopenharmony_ci``` 10e41f4b71Sopenharmony_ci 11e41f4b71Sopenharmony_ci**Encryption** 12e41f4b71Sopenharmony_ci 13e41f4b71Sopenharmony_ci 14e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymKeyGenerator_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_create) and [OH_CryptoSymKeyGenerator_Generate](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_generate) to generate a 128-bit SM4 symmetric key (**OH_CryptoSymKey**). 15e41f4b71Sopenharmony_ci 16e41f4b71Sopenharmony_ci In addition to the example in this topic, [SM4](crypto-sym-key-generation-conversion-spec.md#sm4) and [Randomly Generating a Symmetric Key](crypto-generate-sym-key-randomly-ndk.md) may help you better understand how to generate an SM4 symmetric key. Note that the input parameters in the reference documents may be different from those in the example below. 17e41f4b71Sopenharmony_ci 18e41f4b71Sopenharmony_ci2. Use [OH_CryptoSymCipher_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_create) with the string parameter **'SM4_128|CBC|PKCS7'** to create a **Cipher** instance. The key type is **SM4_128**, block cipher mode is **CBC**, and the padding mode is **PKCS7**. 19e41f4b71Sopenharmony_ci 20e41f4b71Sopenharmony_ci3. Use [OH_CryptoSymCipherParams_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_create) to create a symmetric cipher parameter instance, and use [OH_CryptoSymCipherParams_SetParams](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_setparam) to set cipher parameters. 21e41f4b71Sopenharmony_ci 22e41f4b71Sopenharmony_ci4. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) to initialize the **Cipher** instance. Specifically, set **mode** to **CRYPTO_ENCRYPT_MODE**, and specify the key for encryption (**OH_CryptoSymKey**) and the encryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the CBC mode. 23e41f4b71Sopenharmony_ci 24e41f4b71Sopenharmony_ci5. Use [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) to update the data (plaintext) to be encrypted. 25e41f4b71Sopenharmony_ci 26e41f4b71Sopenharmony_ci - If a small amount of data is to be encrypted, you can use **OH_CryptoSymCipher_Final()** immediately after **OH_CryptoSymCipher_Init()**. 27e41f4b71Sopenharmony_ci - If a large amount of data is to be encrypted, you can call **OH_CryptoSymCipher_Update()** multiple times to pass in the data by segment. 28e41f4b71Sopenharmony_ci 29e41f4b71Sopenharmony_ci6. Use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the ciphertext. 30e41f4b71Sopenharmony_ci 31e41f4b71Sopenharmony_ci - If data has been passed in by **OH_CryptoSymCipher_Update()**, pass in **null** in the **data** parameter of **OH_CryptoSymCipher_Final**. 32e41f4b71Sopenharmony_ci - The output of **OH_CryptoSymCipher_Final** may be **null**. To avoid exceptions, always check whether the result is **null** before accessing specific data. 33e41f4b71Sopenharmony_ci 34e41f4b71Sopenharmony_ci6. Use [OH_CryptoSymKeyGenerator_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_destroy), [OH_CryptoSymCipher_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_destroy), and [OH_CryptoSymCipherParams_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_destroy) to destroy the instances created. 35e41f4b71Sopenharmony_ci 36e41f4b71Sopenharmony_ci 37e41f4b71Sopenharmony_ci**Decryption** 38e41f4b71Sopenharmony_ci 39e41f4b71Sopenharmony_ci 40e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) initializes the **Cipher** instance. Specifically, set **mode** to **CRYPTO_DECRYPT_MODE**, and specify the key for decryption (**OH_CryptoSymKey**) and the decryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the CBC mode. 41e41f4b71Sopenharmony_ci 42e41f4b71Sopenharmony_ci2. Use [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) to update the data (ciphertext) to be decrypted. 43e41f4b71Sopenharmony_ci 44e41f4b71Sopenharmony_ci3. Use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the plaintext. 45e41f4b71Sopenharmony_ci 46e41f4b71Sopenharmony_ci**Example** 47e41f4b71Sopenharmony_ci 48e41f4b71Sopenharmony_ci```c++ 49e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_common.h" 50e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_sym_cipher.h" 51e41f4b71Sopenharmony_ci 52e41f4b71Sopenharmony_cistatic OH_Crypto_ErrCode doTestSm4Cbc() 53e41f4b71Sopenharmony_ci{ 54e41f4b71Sopenharmony_ci OH_CryptoSymKeyGenerator *genCtx = nullptr; 55e41f4b71Sopenharmony_ci OH_CryptoSymCipher *encCtx = nullptr; 56e41f4b71Sopenharmony_ci OH_CryptoSymCipher *decCtx = nullptr; 57e41f4b71Sopenharmony_ci OH_CryptoSymKey *keyCtx = nullptr; 58e41f4b71Sopenharmony_ci OH_CryptoSymCipherParams *params = nullptr; 59e41f4b71Sopenharmony_ci Crypto_DataBlob outUpdate = {.data = nullptr, .len = 0}; 60e41f4b71Sopenharmony_ci Crypto_DataBlob decUpdate = {.data = nullptr, .len = 0}; 61e41f4b71Sopenharmony_ci uint8_t plainText[] = "this is test!"; 62e41f4b71Sopenharmony_ci Crypto_DataBlob msgBlob = {.data = reinterpret_cast<uint8_t *>(plainText), .len = sizeof(plainText)}; 63e41f4b71Sopenharmony_ci uint8_t iv[16] = {0}; 64e41f4b71Sopenharmony_ci Crypto_DataBlob ivBlob = {.data = iv, .len = sizeof(iv)}; 65e41f4b71Sopenharmony_ci // Generate a symmetric key. 66e41f4b71Sopenharmony_ci OH_Crypto_ErrCode ret; 67e41f4b71Sopenharmony_ci ret = OH_CryptoSymKeyGenerator_Create("SM4_128", &genCtx); 68e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 69e41f4b71Sopenharmony_ci goto end; 70e41f4b71Sopenharmony_ci } 71e41f4b71Sopenharmony_ci ret = OH_CryptoSymKeyGenerator_Generate(genCtx, &keyCtx); 72e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 73e41f4b71Sopenharmony_ci goto end; 74e41f4b71Sopenharmony_ci } 75e41f4b71Sopenharmony_ci 76e41f4b71Sopenharmony_ci // Set parameters. 77e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipherParams_Create(¶ms); 78e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 79e41f4b71Sopenharmony_ci goto end; 80e41f4b71Sopenharmony_ci } 81e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_IV_DATABLOB, &ivBlob); 82e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 83e41f4b71Sopenharmony_ci goto end; 84e41f4b71Sopenharmony_ci } 85e41f4b71Sopenharmony_ci 86e41f4b71Sopenharmony_ci // Encrypt data. 87e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Create("SM4_128|CBC|PKCS7", &encCtx); 88e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 89e41f4b71Sopenharmony_ci goto end; 90e41f4b71Sopenharmony_ci } 91e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Init(encCtx, CRYPTO_ENCRYPT_MODE, keyCtx, params); 92e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 93e41f4b71Sopenharmony_ci goto end; 94e41f4b71Sopenharmony_ci } 95e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Final(encCtx, &msgBlob, &outUpdate); 96e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 97e41f4b71Sopenharmony_ci goto end; 98e41f4b71Sopenharmony_ci } 99e41f4b71Sopenharmony_ci 100e41f4b71Sopenharmony_ci // Decrypt data. 101e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Create("SM4_128|CBC|PKCS7", &decCtx); 102e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 103e41f4b71Sopenharmony_ci goto end; 104e41f4b71Sopenharmony_ci } 105e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Init(decCtx, CRYPTO_DECRYPT_MODE, keyCtx, params); 106e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 107e41f4b71Sopenharmony_ci goto end; 108e41f4b71Sopenharmony_ci } 109e41f4b71Sopenharmony_ci ret = OH_CryptoSymCipher_Final(decCtx, &outUpdate, &decUpdate); 110e41f4b71Sopenharmony_ci if (ret != CRYPTO_SUCCESS) { 111e41f4b71Sopenharmony_ci goto end; 112e41f4b71Sopenharmony_ci } 113e41f4b71Sopenharmony_ci 114e41f4b71Sopenharmony_ci // Release resources. 115e41f4b71Sopenharmony_ciend: 116e41f4b71Sopenharmony_ci OH_CryptoSymCipherParams_Destroy(params); 117e41f4b71Sopenharmony_ci OH_CryptoSymCipher_Destroy(encCtx); 118e41f4b71Sopenharmony_ci OH_CryptoSymCipher_Destroy(decCtx); 119e41f4b71Sopenharmony_ci OH_CryptoSymKeyGenerator_Destroy(genCtx); 120e41f4b71Sopenharmony_ci OH_CryptoSymKey_Destroy(keyCtx); 121e41f4b71Sopenharmony_ci OH_Crypto_FreeDataBlob(&outUpdate); 122e41f4b71Sopenharmony_ci OH_Crypto_FreeDataBlob(&decUpdate); 123e41f4b71Sopenharmony_ci return ret; 124e41f4b71Sopenharmony_ci} 125e41f4b71Sopenharmony_ci``` 126