2

First I want to say that I have really tried to solve this by myself and read a lot of stuff (like this Objective-C version of PHP mcrypt_encrypt and this How to Decrypt a PHP Script in Objective-C / ios)

I'm really stuck for hours. I have to implement a server API in iOS (as does my colleague next to me on Android). The server people told us we have to send an encrypted password, which they will decrypt with mcrypt_decrypt. They sent us the code they use to test the encryption/ decryption, here is their encryption part:

function fnEncrypt($sValue, $sSecretKey)
{

    $ivsize =  mcrypt_get_iv_size(
                        MCRYPT_RIJNDAEL_256, 
                        MCRYPT_MODE_ECB
                    );

    $iv = mcrypt_create_iv($ivsize, MCRYPT_RAND);

    $encrypted = mcrypt_encrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey, $sValue, 
                MCRYPT_MODE_ECB,
                $iv);

    $encoded = base64_encode($encrypted);

    $trimmed = rtrim($encoded, "\0");

    return $trimmed;
}

$prepared = fnEncrypt("somePassword","someKey");

echo $prepared; // => 42bbd9ZPMVFmm7Z9RfLb3zOrCpxnmwhl4gYRSb9WxY8=

Now we are both trying to implement the encryption, but I will concentrate on the iOS part. Here is where I'm now:

NSString* key = @"someKey";
    NSString* pw = @"somePassword";

    NSData *data = [pw dataUsingEncoding:NSUTF8StringEncoding];

    char keyPtr[kCCKeySizeAES256];
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSString *iv = @"12345678123456781234567812345678"; // Static
    char ivPtr[kCCKeySizeAES256];
    [iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [data length];

    size_t bufferSize           = dataLength + kCCBlockSizeAES128;
    void* buffer                = malloc(bufferSize);
    size_t numBytesEncrypted    = 0;

    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
                                          kCCAlgorithmAES,
                                          kCCOptionECBMode|kCCOptionPKCS7Padding,
                                          keyPtr,
                                          kCCKeySizeAES256,
                                          ivPtr /* initialization vector (optional) */,
                                          [data bytes],
                                          dataLength, /* input */
                                          buffer,
                                          bufferSize, /* output */
                                          &numBytesEncrypted);

    if (cryptStatus == kCCSuccess)
    {

        NSData* resultData = [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
        NSString* resultString = [resultData base64EncodedStringWithOptions:0];

        NSLog(@"resultString %@", resultString); // => 2rj7sDEoGtwDGPgae1BC1A==

        free(buffer);
        return resultString;
    }

    free(buffer);
    return nil;

Whatever I do, the result is never the same. I came across an answer where someone said, that different results in encoding may be ok, but in this case, the server gives me an error, saying that the password is not right. Which means that the decryption also leads to different results.

Does someone see any error in these lines of frustration?

EDIT: If I set everything to 128, in PHP MCRYPT_RIJNDAEL_256 to MCRYPT_RIJNDAEL_128 and in Objective C kCCKeySizeAES256 to kCCKeySizeAES128, I can encrypt with Objective C and decrypt successfully with my own PHP script. In that case the encryptet strings still don't look the same, but they have the same length. I assume that the padding on the Objective C side, will append bytes to key and password, until they are 16 byte long. But using kCCKeySizeAES256, both values still seem to be appended to 16 bytes, not 32 (speculation!!!). Maybe this is the cause. I still would be glad for some help!

Community
  • 1
  • 1
benjamin.ludwig
  • 1,575
  • 18
  • 28
  • 2
    Why do you expect 32 bytes? AES has a 16 byte block size. This is independent of the key size which is what changes when you go from AES128 to AES256. – mikeazo Jul 10 '14 at 17:28
  • 2
    Also, you should talk to the server people and find out why they are using ECB. There are a few times when using ECB can be okay, but for the most part it is a bad idea. See [here](http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/) for how this made Adobe's practices even worse. – mikeazo Jul 10 '14 at 17:31

2 Answers2

2

MCRYPT_RIJNDAEL_256 is not AES. This algorithm of mcrypt indicates Rijndael with a block size of 256 bits. The key size is determined by the amount of bytes within the key (it's rounded up to the nearest key size in PHP using right padding with 00 valued bytes, and is cut if it exceeds 256 bits). Note that PHP uses zero padding. You should however use PKCS#7 padding, there should be few implementations of that out there (e.g. in the comments of mcrypt_encrypt).

To use AES-256, use MCRYPT_RIJNDAEL_128 with a key of 32 bytes. You won't find many implementations of Rijndael with 256 bit block size. It does not add much security and it is not standardized (by NIST, anyway).

The usual caveats apply with crypto. If the IV, the key, the plaintext (character) encoding or ciphertext encoding differs by one bit, you may get a rather different output. Test each input/output vector explicitly by printing out the hexadecimal notation of the bytes.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Some information on [PHP AES Encryption](http://www.chilkatsoft.com/p/php_aes.asp). – zaph Jul 12 '14 at 02:03
1

In addition, you getCString:maxLength:encoding needs a buffer size one bigger than the string you intend to store, as it will add the NUL byte for you. Just put a +1 in the keyPtr and ivPtr declarations.

Chris Cogdon
  • 7,481
  • 5
  • 38
  • 30