- (NSData *)aes128Gcm_DencryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    if (self.length < 16) {
        // self 需要是 加密数据+tag 的组合
        return nil;
    }
    
    // 取后16位作为tag
    NSData *tagData = [self subdataWithRange:(NSRange){self.length - 16, 16}];
    // 前面是真正加密的数据
    NSData *contentData = [self subdataWithRange:(NSRange){0, self.length - 16}];
    
    char *gcm_ct = [contentData bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ptBytes = (unsigned char * )malloc(self.length);

    int declen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_DecryptInit(ctx, EVP_aes_128_gcm(), NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit EVP_aes_128_gcm() failed."];
        return nil;
    }
    
    EVP_CIPHER_CTX_set_padding(ctx, 0);
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, [tagData bytes])) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_TAG Dencrypt failed."];
        return nil;
    }
    
    if (!EVP_DecryptInit(ctx, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Dencrypt set key and iv failed."];
        return nil;
    }
    
    if (!EVP_DecryptUpdate(ctx, ptBytes, &declen, gcm_ct, [contentData length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Dencrypt failed."];
        return nil;
    }
    
    // 得到解密数据
    NSMutableData *ptgcmData = [NSMutableData dataWithCapacity:0];
    [ptgcmData appendBytes:ptBytes length:declen];
    
    if (!EVP_DecryptFinal(ctx,  [ptgcmData bytes] + declen, &declen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal tag failed"];
        return nil;
    }
    
    EVP_CIPHER_CTX_free(ctx);
    
    return ptgcmData;
}

- (NSData *)aes128Gcm_EncryptWithKey:(NSData *)key_data iv:(NSData *)iv_data error:(NSError **)error {
    
    char *gcm_ct = [self bytes];
    char *gcm_iv = [iv_data bytes];
    char *gcm_key = [key_data bytes];
    unsigned char * ctBytes = (unsigned char * )malloc(self.length);

    NSMutableData *engcmData = [[NSMutableData alloc] initWithCapacity:self.length];

    unsigned char tag[16];
    int enclen = 0;
    
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    
    if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL)) {
        *error = [self errorWithDescription:@"EVP_EncryptInit_ex EVP_aes_128_gcm() failed."];
        return nil;
    }
    
    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, [iv_data length], NULL)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl EVP_CTRL_GCM_SET_IVLEN Encryp failed."];
        return nil;
    }
    
    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv)) {
        *error = [self errorWithDescription:@"EVP_DecryptInit Encryp set key and iv failed."];
        return nil;
    }
    
    if (!EVP_EncryptUpdate(ctx, ctBytes, &enclen, (const unsigned char *)[self bytes], [self length])) {
        *error = [self errorWithDescription:@"EVP_DecryptUpdate Encrypt data failed."];
        return nil;
    }
    // 得到加密数据
    [engcmData appendBytes:ctBytes length:enclen];
    
    if (!EVP_EncryptFinal (ctx, [engcmData bytes] + enclen, &enclen)) {
        *error = [self errorWithDescription:@"EVP_DecryptFinal Encrypt failed"];
        return nil;
    }

    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag)) {
        *error = [self errorWithDescription:@"EVP_CIPHER_CTX_ctrl get tag failed"];
        return nil;
    }
    // 得到 tag
    [engcmData appendBytes:tag length:16];

    EVP_CIPHER_CTX_free(ctx);
    return engcmData;
}