1e41f4b71Sopenharmony_ci# Encryption and Decryption with an SM4 Symmetric Key (GCM Mode) (C/C++)
2e41f4b71Sopenharmony_ci
3e41f4b71Sopenharmony_ci
4e41f4b71Sopenharmony_ciFor details about the algorithm specifications, see [SM4](crypto-sym-encrypt-decrypt-spec.md#sm4).
5e41f4b71Sopenharmony_ci
6e41f4b71Sopenharmony_ci
7e41f4b71Sopenharmony_ci## Adding the Dynamic Library in the CMake Script
8e41f4b71Sopenharmony_ci```txt
9e41f4b71Sopenharmony_ci   target_link_libraries(entry PUBLIC libohcrypto.so)
10e41f4b71Sopenharmony_ci```
11e41f4b71Sopenharmony_ci
12e41f4b71Sopenharmony_ci**Encryption**
13e41f4b71Sopenharmony_ci
14e41f4b71Sopenharmony_ci
15e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymKeyGenerator_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_create) and [OH_CryptoSymKeyGenerator_Generate](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_generate) to generate a 128-bit SM4 symmetric key (**OH_CryptoSymKey**).
16e41f4b71Sopenharmony_ci   
17e41f4b71Sopenharmony_ci   In addition to the example in this topic, [SM4](crypto-sym-key-generation-conversion-spec.md#sm4) and [Randomly Generating a Symmetric Key](crypto-generate-sym-key-randomly.md) may help you better understand how to generate an SM4 symmetric key. Note that the input parameters in the reference documents may be different from those in the example below.
18e41f4b71Sopenharmony_ci
19e41f4b71Sopenharmony_ci2. Use [OH_CryptoSymCipher_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_create) with the string parameter **'SM4_128|GCM|PKCS7'** to create a **Cipher** instance. The key type is **SM4_128**, block cipher mode is **GCM**, and the padding mode is **PKCS7**.
20e41f4b71Sopenharmony_ci
21e41f4b71Sopenharmony_ci3. Use [OH_CryptoSymCipherParams_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_create) to create a symmetric cipher parameter instance, and use [OH_CryptoSymCipherParams_SetParams](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_setparam) to set cipher parameters.
22e41f4b71Sopenharmony_ci
23e41f4b71Sopenharmony_ci4. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) to initialize the **Cipher** instance. Specifically, set **mode** to **CRYPTO_ENCRYPT_MODE**, and specify the key for encryption (**OH_CryptoSymKey**) and the encryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the GCM mode.
24e41f4b71Sopenharmony_ci
25e41f4b71Sopenharmony_ci5. Use [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) to update the data (plaintext) to be encrypted.
26e41f4b71Sopenharmony_ci   
27e41f4b71Sopenharmony_ci   Currently, the amount of data to be passed in by a single **OH_CryptoSymCipher_Update()** is not limited. You can determine how to pass in data based on the data volume.
28e41f4b71Sopenharmony_ci
29e41f4b71Sopenharmony_ci   - If a small amount of data is to be encrypted, you can use **OH_CryptoSymCipher_Final()** immediately after **OH_CryptoSymCipher_Init()**.
30e41f4b71Sopenharmony_ci   - If a large amount of data is to be encrypted, you can call **OH_CryptoSymCipher_Update()** multiple times to pass in the data by segment.
31e41f4b71Sopenharmony_ci
32e41f4b71Sopenharmony_ci6. Use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the ciphertext.
33e41f4b71Sopenharmony_ci   - If data has been passed in by **OH_CryptoSymCipher_Update()**, pass in **null** in the **data** parameter of **OH_CryptoSymCipher_Final**.
34e41f4b71Sopenharmony_ci   - The output of **OH_CryptoSymCipher_Final** may be **null**. To avoid exceptions, always check whether the result is **null** before accessing specific data.
35e41f4b71Sopenharmony_ci
36e41f4b71Sopenharmony_ci7. Use [OH_CryptoSymCipherParams_Create](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_create) to create a **Params** instance, and use [OH_CryptoSymCipherParams_SetParam](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_setparam) to set **authTag** as the authentication information for decryption. In GCM mode, extract the last 16 bytes from the encrypted data as the authentication information for initializing the **Cipher** instance in decryption. In the example, **authTag** is of 16 bytes.
37e41f4b71Sopenharmony_ci
38e41f4b71Sopenharmony_ci8. Use [OH_CryptoSymKeyGenerator_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_key_api.md#oh_cryptosymkeygenerator_destroy), [OH_CryptoSymCipher_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_destroy), and [OH_CryptoSymCipherParams_Destroy](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipherparams_destroy) to destroy the instances created.
39e41f4b71Sopenharmony_ci
40e41f4b71Sopenharmony_ci
41e41f4b71Sopenharmony_ci**Decryption**
42e41f4b71Sopenharmony_ci
43e41f4b71Sopenharmony_ci
44e41f4b71Sopenharmony_ci1. Use [OH_CryptoSymCipher_Init](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_init) initializes the **Cipher** instance. Specifically, set **mode** to **CRYPTO_DECRYPT_MODE**, and specify the key for decryption (**OH_CryptoSymKey**) and the decryption parameter instance (**OH_CryptoSymCipherParams**) corresponding to the GCM mode.
45e41f4b71Sopenharmony_ci
46e41f4b71Sopenharmony_ci2. Use [OH_CryptoSymCipher_Update](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_update) to update the data (ciphertext) to be decrypted.
47e41f4b71Sopenharmony_ci
48e41f4b71Sopenharmony_ci3. Use [OH_CryptoSymCipher_Final](../../reference/apis-crypto-architecture-kit/_crypto_sym_cipher_api.md#oh_cryptosymcipher_final) to generate the plaintext.
49e41f4b71Sopenharmony_ci
50e41f4b71Sopenharmony_ci
51e41f4b71Sopenharmony_ci**Example**
52e41f4b71Sopenharmony_ci
53e41f4b71Sopenharmony_ci```c++
54e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_common.h"
55e41f4b71Sopenharmony_ci#include "CryptoArchitectureKit/crypto_sym_cipher.h"
56e41f4b71Sopenharmony_ci
57e41f4b71Sopenharmony_cistatic OH_Crypto_ErrCode doTestSm4Gcm()
58e41f4b71Sopenharmony_ci{
59e41f4b71Sopenharmony_ci    OH_CryptoSymKeyGenerator *genCtx = nullptr;
60e41f4b71Sopenharmony_ci    OH_CryptoSymCipher *encCtx = nullptr;
61e41f4b71Sopenharmony_ci    OH_CryptoSymCipher *decCtx = nullptr;
62e41f4b71Sopenharmony_ci    OH_CryptoSymKey *keyCtx = nullptr;
63e41f4b71Sopenharmony_ci    OH_CryptoSymCipherParams *params = nullptr;
64e41f4b71Sopenharmony_ci
65e41f4b71Sopenharmony_ci    Crypto_DataBlob outUpdate = {.data = nullptr, .len = 0};
66e41f4b71Sopenharmony_ci    Crypto_DataBlob decUpdate = {.data = nullptr, .len = 0};
67e41f4b71Sopenharmony_ci
68e41f4b71Sopenharmony_ci    uint8_t aad[8] = {0};
69e41f4b71Sopenharmony_ci    uint8_t tag[16] = {0};
70e41f4b71Sopenharmony_ci    uint8_t iv[12] = {0};
71e41f4b71Sopenharmony_ci    Crypto_DataBlob ivData = {.data = iv, .len = sizeof(iv)};
72e41f4b71Sopenharmony_ci    Crypto_DataBlob aadData = {.data = aad, .len = sizeof(aad)};
73e41f4b71Sopenharmony_ci    Crypto_DataBlob tagData = {.data = tag, .len = sizeof(tag)};
74e41f4b71Sopenharmony_ci    Crypto_DataBlob tagOutPut = {.data = nullptr, .len = 0};
75e41f4b71Sopenharmony_ci    uint8_t plainText[] = "this is test!";
76e41f4b71Sopenharmony_ci    Crypto_DataBlob msgBlob = {.data = reinterpret_cast<uint8_t *>(plainText), .len = 13};
77e41f4b71Sopenharmony_ci
78e41f4b71Sopenharmony_ci    // Generate a symmetric key.
79e41f4b71Sopenharmony_ci    OH_Crypto_ErrCode ret;
80e41f4b71Sopenharmony_ci    ret = OH_CryptoSymKeyGenerator_Create("SM4_128", &genCtx);
81e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
82e41f4b71Sopenharmony_ci        goto end;
83e41f4b71Sopenharmony_ci    }
84e41f4b71Sopenharmony_ci    ret = OH_CryptoSymKeyGenerator_Generate(genCtx, &keyCtx);
85e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
86e41f4b71Sopenharmony_ci        goto end;
87e41f4b71Sopenharmony_ci    }
88e41f4b71Sopenharmony_ci
89e41f4b71Sopenharmony_ci    // Set parameters.
90e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_Create(&params);
91e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
92e41f4b71Sopenharmony_ci        goto end;
93e41f4b71Sopenharmony_ci    }
94e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_IV_DATABLOB, &ivData);
95e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
96e41f4b71Sopenharmony_ci        goto end;
97e41f4b71Sopenharmony_ci    }
98e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_AAD_DATABLOB, &aadData);
99e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
100e41f4b71Sopenharmony_ci        goto end;
101e41f4b71Sopenharmony_ci    }
102e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagData);
103e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
104e41f4b71Sopenharmony_ci        goto end;
105e41f4b71Sopenharmony_ci    }
106e41f4b71Sopenharmony_ci
107e41f4b71Sopenharmony_ci    // Encrypt data.
108e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Create("SM4_128|GCM|PKCS7", &encCtx);
109e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
110e41f4b71Sopenharmony_ci        goto end;
111e41f4b71Sopenharmony_ci    }
112e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Init(encCtx, CRYPTO_ENCRYPT_MODE, keyCtx, params);
113e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
114e41f4b71Sopenharmony_ci        goto end;
115e41f4b71Sopenharmony_ci    }
116e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Update(encCtx, &msgBlob, &outUpdate);
117e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
118e41f4b71Sopenharmony_ci        goto end;
119e41f4b71Sopenharmony_ci    }
120e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Final(encCtx, nullptr, &tagOutPut);
121e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
122e41f4b71Sopenharmony_ci        goto end;
123e41f4b71Sopenharmony_ci    }
124e41f4b71Sopenharmony_ci
125e41f4b71Sopenharmony_ci    // Decrypt data.
126e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Create("SM4_128|GCM|PKCS7", &decCtx);
127e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
128e41f4b71Sopenharmony_ci        goto end;
129e41f4b71Sopenharmony_ci    }
130e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipherParams_SetParam(params, CRYPTO_TAG_DATABLOB, &tagOutPut);
131e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
132e41f4b71Sopenharmony_ci        goto end;
133e41f4b71Sopenharmony_ci    }
134e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Init(decCtx, CRYPTO_DECRYPT_MODE, keyCtx, params);
135e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
136e41f4b71Sopenharmony_ci        goto end;
137e41f4b71Sopenharmony_ci    }
138e41f4b71Sopenharmony_ci    ret = OH_CryptoSymCipher_Final(decCtx, &outUpdate, &decUpdate);
139e41f4b71Sopenharmony_ci    if (ret != CRYPTO_SUCCESS) {
140e41f4b71Sopenharmony_ci        goto end;
141e41f4b71Sopenharmony_ci    }
142e41f4b71Sopenharmony_ci
143e41f4b71Sopenharmony_ci    // Release resources.
144e41f4b71Sopenharmony_ciend:
145e41f4b71Sopenharmony_ci    OH_CryptoSymCipherParams_Destroy(params);
146e41f4b71Sopenharmony_ci    OH_CryptoSymCipher_Destroy(encCtx);
147e41f4b71Sopenharmony_ci    OH_CryptoSymCipher_Destroy(decCtx);
148e41f4b71Sopenharmony_ci    OH_CryptoSymKeyGenerator_Destroy(genCtx);
149e41f4b71Sopenharmony_ci    OH_CryptoSymKey_Destroy(keyCtx);
150e41f4b71Sopenharmony_ci    OH_Crypto_FreeDataBlob(&outUpdate);
151e41f4b71Sopenharmony_ci    OH_Crypto_FreeDataBlob(&decUpdate);
152e41f4b71Sopenharmony_ci    OH_Crypto_FreeDataBlob(&tagOutPut);
153e41f4b71Sopenharmony_ci    return ret;
154e41f4b71Sopenharmony_ci}
155e41f4b71Sopenharmony_ci```
156