I have an encrypted data stream (AES 128, CBC, PKCS7) that I'm trying to decrypt as it arrives. Occasionally I'll get a packet of length 334, which I then try to decrypt. When I do this on an iPhone 5, it returns kCCBufferTooSmall (which is expected for non-mod 16 data). However, when I have the same thing on an iPhone 3GS it returns kCCSuccess and gives me a partially decrypted stream (the last ten bytes or so of the 333 it gives me are bogus - null terminators and random data).
Both devices are iOS 6.1.2. The app is built with base SDK set to latest SDK (6.1) with a deployment target of iOS 5.0.
I created the following test case which also exhibits this problem:
+ (void)decryptionTest {
NSData *data = [NSMutableData dataWithLength:334]; // 334 % 16 = 14
NSData *key = [NSMutableData dataWithLength:kCCKeySizeAES128];
NSData *iv = [NSMutableData dataWithLength:kCCBlockSizeAES128];
size_t outLength = 0;
NSMutableData *cipherData = [NSMutableData dataWithLength:data.length];
CCCryptorStatus result = CCCrypt(kCCDecrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
key.bytes,
key.length,
iv.bytes,
data.bytes,
data.length,
cipherData.mutableBytes,
cipherData.length,
&outLength);
NSLog(@"result = %d", result);
}
Why am I getting kCCSuccess when it should be failing due to not matching the block size?
