3

In my project I got to implement AES 128 CBC Encryption. I am using Category and is based on NSData. This is my encryption code :

- (NSData*)AES128Decrypt
{
    char ivPtr[kCCKeySizeAES128 + 1];
    bzero(ivPtr, sizeof(ivPtr));

    // fetch iv data
    [iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];


    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES128 + 1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];


    NSUInteger dataLength = [self length];   // dataLength = 19

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize           = dataLength + kCCBlockSizeAES128;
    void* buffer                = malloc(bufferSize);

    size_t numBytesDecrypted    = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, 0,
                                          keyPtr, kCCKeySizeAES128,
                                          ivPtr,
                                          [self bytes], dataLength, 
                                          buffer, bufferSize, 
                                          &numBytesDecrypted);  // buffer = 0 & numBytesDecrypted = 0

    if (cryptStatus == kCCSuccess)
    {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytes:buffer length:numBytesDecrypted] ;  // returns 0
    }

    free(buffer); //free the buffer;
    return nil;
}

And this is how I am calling it from my view class :

- (void) testActuallyEncrypting :(NSString*) hexString {
    NSLog(@"String to Encrypt : %@", hexString); // prints test12

    @try {
    //Convert NSString to NSData
    NSData *data = [self dataFromHexString:hexString];  // [hexString dataUsingEncoding:NSUTF8StringEncoding];  //
    // // Prepare the NSDAta obj to store the encrypted pswd
    NSData *encryptedData = [NSData dataWithBytes:[data bytes] length:[data length]];  // 6bytes
    NSData *decryptedData = [encryptedData AES128Decrypt];  // 0bytes
    NSString *decryptedString = [NSString stringWithUTF8String:[decryptedData bytes]];  // NULL Exception
    NSLog(@"Decrypted String : %@", decryptedString);

    decryptedString = [self addPaddingToString:decryptedString];
    decryptedData = [NSData dataWithBytes:[decryptedString UTF8String] length:[[decryptedString dataUsingEncoding:NSUTF8StringEncoding] length]];
    encryptedData = [decryptedData AES128Encrypt];
    if (encryptedData!=nil)
    {
        NSString *encryptedHexString = [self hexStringFromData:encryptedData];
        NSLog(@"Encrypted HexString : %@",encryptedHexString);

     }
    }@catch (NSException *ex) {
        NSLog(@"Exception : %@", ex);
    }
}

I am passing "test12" string to be encrypted. On calling AES128Decrypt, decryptedData is 0, due to which the next line decryptedString throws Null exception - Exception : *** +[NSString stringWithUTF8String:]: NULL cString.

Can anyone help me know why the decryptedData is null. Where am I going wrong in the AES128Decrypt method ?

Please help me. I am stuck on this from last 2 days. Searched on this a lot on internet, but couldn't get any solution to get thru it. Any help is highly appreciated. Thanks.

UPDATE :- Added @Zaph's method in my class and am calling it. 

NSLog(@"String to Encrypt : %@", hexString);
NSString *iv = @"fedcba9876543210";
NSString *key = @"0123456789abcdef";

// Convert str to encrypt, iv & key from NSString to NSData
NSData *dataIn = [hexString dataUsingEncoding:NSUTF8StringEncoding];
NSData *ivData = [iv dataUsingEncoding:NSUTF8StringEncoding];
NSData *symKey = [key dataUsingEncoding:NSUTF8StringEncoding];
NSError *error;

NSData *result = [LoginViewController doCipher:dataIn iv:ivData key:symKey context:kCCEncrypt error:&error]; // result = 16bytes

if (result != nil) {
    // Convert result to satring
    NSString *resultStr = [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];
    NSLog(@"Encrypted Str = %@", resultStr );  // Encrypted Str = (null)  ????

Why the converted string is null ? Any help please. Thanks

Tvd
  • 4,463
  • 18
  • 79
  • 125
  • 2
    Do not use `@try` and `@catch` except to catch programming errors. In Objective-C they are **not** control structures. – zaph May 13 '14 at 23:53
  • I found that converting NSData to NSString - encoding with NSUTF8StringEncoding returns null. I tried using NSASCIIStringEncoding, it returns value. But the string value and data value are different. They both should be same nah ? – Tvd May 14 '14 at 08:53
  • Not all data is also valid UTR-8. For a string representation of data a common convention is to use Base64 encoding. Instead of `NSString *resultStr = [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];` use base64 encoding: `NSString *resultBase64Str = [result base64EncodedStringWithOptions:0];` If you use `NSASCIIStringEncoding` you will get non-displayable characters, probably not what you want. – zaph May 14 '14 at 11:06

1 Answers1

4

There is no need to make the crypto so complicated, here is a basic encrypt/decrypt method. The iv and key must be the correct length. The value context is either kCCEncrypt or kCCDecrypt.

+ (NSData *)doCipher:(NSData *)dataIn
                  iv:(NSData *)iv
                 key:(NSData *)symmetricKey
             context:(CCOperation)encryptOrDecrypt
               error:(NSError **)error
{
    CCCryptorStatus ccStatus   = kCCSuccess;
    size_t          cryptBytes = 0;
    NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];

    ccStatus = CCCrypt( encryptOrDecrypt,
                       kCCAlgorithmAES128,
                       kCCOptionPKCS7Padding,
                       symmetricKey.bytes, 
                       kCCKeySizeAES128,
                       iv.bytes,
                       dataIn.bytes,
                       dataIn.length,
                       dataOut.mutableBytes,
                       dataOut.length,
                       &cryptBytes);

    if (ccStatus == kCCSuccess) {
        dataOut.length = cryptBytes;
    }
    else {
        if (error) {
            *error = [NSError errorWithDomain:@"kEncryptionError"
                                         code:ccStatus
                                     userInfo:nil];
        }
        dataOut = nil;
    }

    return dataOut;
}
zaph
  • 111,848
  • 21
  • 189
  • 228
  • Thanks for the above code. I added it in my viewController class. Pass the iv, key, str in NSData form (iv & key of 16 bytes) and call the method - NSData *result = [LoginViewController doCipher:dataIn iv:ivData key:symKey context:kCCEncrypt error:&error]; BUT I get result of 16bytes, when I convert it to NSString its null. Can you pls check the above code -have added this under update. error is also nil - so no error. Why the string is null ? Can you please help find that. – Tvd May 14 '14 at 07:58
  • On getting result, I convert it to string (it works thru NSASCIIStringEncoding only. Then I tried to convert back the string to nsdata. I get different values for 3 of them. Shouldn't they 3 be the same or at least both nsdata. No doubt on decrypting the result and converting to string I get original string passed and it's working. But would like to know this for knowledge and am curious to know the same. Thanks. – Tvd May 14 '14 at 09:13
  • In your code, you have used kCCOptionPKCS7Padding, I think that will be for PKCS implementation. I got to use CBC. Any special setting /parameter value for CBC ?? – Tvd May 14 '14 at 09:18
  • 1
    The `kCCOptionPKCS7Padding` option is for AES. It is needed if the input clear data can have lengths that are not an exact multiple of the block size. – zaph May 14 '14 at 10:48
  • 2
    Not all data is a valid UTF-8 string. The usual solution is to use base64 encoding, that is convert the encrypted data into a base64 string. The above code provides encryption/decryption for data, specifically `NSData`, that is what encryption does, data encryption. If some other format is desired that needs to be done pre and post encryption/decryption, that is just format conversion. – zaph May 14 '14 at 10:50
  • Thanks a lot for this support and guidance. Thank you. – Tvd May 14 '14 at 14:38