3

Well im trying to encrypt an string in objective c extending NSData with this method: 


 @implementation NSData (AES128)


    

  • (NSData *)AES128Encrypt {
char keyPtr[kCCKeySizeAES128] = {'\xe1','\xaa','\x9c','\x61','\x46','\x74','\x44','\x56','\xf0','\xe5','\x47','\x46','\x86','\xdc','\x95','\x77'};
    


    NSUInteger dataLength = [self length];
    


    size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
    


    size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,kCCAlgorithmAES128,kCCOptionPKCS7Padding,keyPtr,kCCKeySizeAES128,NULL /* initialization vector (optional) /,[self bytes], dataLength, / input /buffer, bufferSize, / output */
        &numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
    


    free(buffer); //free the buffer;
return nil;
}
    • 

  • (NSData *)AES128Decrypt {
char keyPtr[kCCKeySizeAES128] = {'\xe1','\xaa','\x9c','\x61','\x46','\x74','\x44','\x56','\xf0','\xe5','\x47','\x46','\x86','\xdc','\x95','\x77'};
    


    NSUInteger dataLength = [self length];
    


    //See the doc: For block ciphers, the output size will always be less than or 
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
    


    size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus=CCCrypt(kCCDecrypt,kCCAlgorithmAES128,kCCOptionPKCS7Padding,keyPtr, kCCKeySizeAES128,NULL /* initialization vector (optional) /,[self bytes], dataLength, / input /buffer, bufferSize, / output */&numBytesDecrypted);
    


    if (cryptStatus == kCCSuccess) {
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
    


    free(buffer); //free the buffer;
return nil;
}
    • 




@end

then i call it here: 


NSString *strData = @"My string";


NSData *objNSData = [NSData dataWithData:[strData dataUsingEncoding: NSUTF8StringEncoding]];



NSLog(@"encrypted: %@",[objNSData description]);

If I just use it in objective c, it works fine. But when i try to send it to a java server it doesn't work.

My cipher data seems like this:

86fcf0fa9e3dff93dc8918ffd02ee203 12de0bf8c8ba300456293c4240296c0d

and if I try to cipher it in java using also AES with the same key, i get this:

86fcf0fa9e3dff93dc8918ffd02ee203 8388f173da143c6aeeb90e554259c83c

its weird because the first half its the same.

Someone knows why this can be happening? thanks.

JonLOo
  • 4,929
  • 1
  • 19
  • 27

1 Answers1

9

I've never done any Objective-C programming, but I'm almost positive that you're using AES in different modes in your code. You need to make sure these are consistent. The default is probably Cipher Block Chaining (CBC) mode. Make sure you set this option in your Java code.

By the way, CBC mode should have a randomized Initialization Vector (IV) rather than NULL (which I assume uses all zeros). This too would need to be consistent across both.

I'm obliged to give standard disclaimer with cryptography that it's usually much safer to use a higher level protocol that handles this stuff for you like SSL/TLS for data in transit and something like Keyczar for data at rest. Getting crypto right is really hard and a tiny error (like picking a bad mode) can totally destroy the security of the system.

Jeff Moser
  • 19,727
  • 6
  • 65
  • 85
  • 2
    man I love you :) actually the problem was i was passing just the kCCOptionPKCS7Padding option to the CCCrypt function where i have to pass kCCOptionPKCS7Padding | kCCOptionECBMode option anyway thanks, your answer saved my day :) – JonLOo Sep 28 '10 at 11:54
  • You're welcome. Keep in mind that as I mentioned before, you really shouldn't use ECB mode. If at all possible use something like CBC. See Act 3, Scene 21 of http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html (direct link: http://4.bp.blogspot.com/_Zfbv3mHcYrc/SrfI0ckVcMI/AAAAAAAABss/wUh6hWmtNaU/s1600-h/aes_act_3_scene_21_modes_1100.png ) – Jeff Moser Sep 28 '10 at 12:15
  • the problem is that ECB mode seems to be the only way supported in obj-c – JonLOo Sep 28 '10 at 14:11
  • According to http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-36064/CommonCrypto/CommonCryptor.h , the default (if you don't specify a mode) is CBC. I'd use that. "kCCOptionPKCS7Padding" is fine to use as well. Just make sure you do the same on the Java side. Additionally, you should be using a randomized initialization vector (the Java side will need to know this too) – Jeff Moser Sep 28 '10 at 15:27