0

The below swift code works to decrypt encrypted values from my encrypters on Dart, Android and Javascript.

The problem is that that the key derivation takes way too long (~15-20 seconds). This uses CryptoSwift. I realize that a release build would reduce it a lot, but not enough.

Is there a better way to generate the PBKDF2 key? PBKDF2 key derivation is suitably fast on my other platforms @ 10,000+ iterations.

import CryptoSwift

func decryptGCM (cipherTextEnc:String, masterPass:String) -> String {
    do {
        let cipherEncComps = cipherTextEnc.components(separatedBy: "-")
        //      GET ENCRYPTED VALS
        let ivString = cipherEncComps[0]
        print (ivString)
        let saltString = cipherEncComps[1]
        print (saltString)
        let cipherTextString = cipherEncComps[2]
        print (cipherTextString)
        
        //      CREATE SALT (Decode Base64 to UTF8)
        let salt = [UInt8](base64: saltString)
        
        //      CREATE IV (Decode Base64 to UTF8)
        let iv = [UInt8](base64: ivString)
        
        //      CREATE decodedCipherString (Decode Base64 to UTF8)
        let cipherData = [UInt8](base64: cipherTextString)
        
        //      CREATE KEY & DECRYPT
        let password: [UInt8] = Array(masterPass.utf8)
        /* Generate a key from a `password`. Optional if you already have a key */
        
        let key = try PKCS5.PBKDF2(
            password: password,
            salt: salt,
            iterations: 10000,
            keyLength: 32, /* AES-256 */
            variant: .sha256
        ).calculate()
        
        print ("key generated")
        let gcm = GCM(iv: iv, mode: .combined)
        let aes = try AES(key: key, blockMode: gcm, padding: .noPadding)
        let cipherTextBytes = try aes.decrypt(cipherData)
        let cipherText = String(decoding: cipherTextBytes, as: UTF8.self)
        print ("cipherTextGenerated")
        return cipherText
    } catch {
        print("CAUGHT!")
        let errorString = "error in key derivation"
        return errorString
    }
}
metamonkey
  • 427
  • 7
  • 33
  • On what system does it take 15-20 seconds? – Robert Aug 26 '21 at 09:39
  • 2
    Don't use a PureSwift implementation, you [need to go native](https://stackoverflow.com/q/40336819/589259). If it is the PBKDF2 that takes so much time you need to update the title of the question. – Maarten Bodewes Aug 26 '21 at 10:57
  • Noted. Changed the title and wording to be more specific. I left in the rest of the code to be complete, but if preferable I can remove all but the PBKDF2 code. – metamonkey Aug 26 '21 at 14:18
  • iPhone8 S launched with "build and run the current scheme" from XCode. – metamonkey Aug 26 '21 at 14:19
  • @MaartenBodewes I have tried to implement common crypto and cannot understand the data types those functions are supposed to be. I keep getting a "type of expression is ambiguous without more context" error. – metamonkey Aug 26 '21 at 22:41
  • Uh, I'm not sure that still fits in the org. question: you can always ask a new one as I may not be the expert on that library. Note: for some reason I have a lot of unanswered comments in my SO inbox suddenly, sorry about the delay. – Maarten Bodewes Sep 10 '21 at 21:48
  • I ended up using your suggestion. Thanks. – metamonkey Sep 11 '21 at 23:11

0 Answers0