4

I'm building an app that will communicate with a server (php), and this communication (probably will be with json) i want to encrypt. After a lot of searching and reading i found the AESCrypt-Objc project. While testing the encryption (i'm using a web tool AES Encryption test) i found that in the encryption result i'm missing 16 byte of data. Here's the example i'm using In the AES project:

String to be encrypted: "The quick brown fox jumped over the lazy dog". Password: "12345678901234561234567890123456"

The result:

<7eda336b 82f3e279 ae7638fe cccfffc6 5fbef8da 6df76d97 67d8cfa8 5bce2ae9>

My Code:

self.strnToBeEnc = @"The quick brown fox jumped over the lazy dog";
self.appKey      = @"12345678901234561234567890123456";
NSData *data2    = [self.strnToBeEnc dataUsingEncoding:NSUTF8StringEncoding];
NSLog(@"%@", data2); 
NSData *s2 = [data2 AES256EncryptedDataUsingKey:self.appKey error:nil]; 
NSLog(@"%@", s2);

WEB Tool:

Same string and password

The result:

<7eda336b 82f3e279 ae7638fe cccfffc6 5fbef8da 6df76d97 67d8cfa8 5bce2ae9 ca2ed34a 48f85af2 909654d5 b0de0fb7>

As you can see i'm missing some bytes...:) I've tried adding to the buffer in the algorithm, but with no success.

Any advice? Thanks

(if the question is not Detailed enough please let me know)

YYfim
  • 1,402
  • 1
  • 9
  • 24
  • What code are you using, or have you tried? It looks as if you are somehow NOT either encrypting the last 128 bit block of the data, or simply not displaying it. The input is 352 bits, which means that with padding, your output should be no less than 3 x 128 bit AES blocks long! – trumpetlicks Mar 28 '14 at 18:31
  • I'm using the AES256EncryptedDataUsingKey:error:error; method in NSData+CommonCrypto.h – YYfim Mar 28 '14 at 18:33
  • self.strnToBeEnc = @"The quick brown fox jumped over the lazy dog"; self.appKey = @"12345678901234561234567890123456"; NSData *data2 = [self.strnToBeEnc dataUsingEncoding:NSASCIIStringEncoding]; NSLog(@"%@", data2); NSData *s2 = [data2 AES256EncryptedDataUsingKey:self.appKey error:nil]; NSLog(@"%@", s2); – YYfim Mar 28 '14 at 18:37
  • Just creating the strings, converting to data, encrypting the data, and NSLog the result – YYfim Mar 28 '14 at 18:38
  • Just out of curiosity, I see everybody on the web using `NSUTF8StringEncoding` instead of `NSASCIIStringEncoding`. What does that give you? – trumpetlicks Mar 28 '14 at 19:01
  • Nothing extra, it puts-out the same result. Just wanted to check if it changes.. – YYfim Mar 28 '14 at 19:04
  • OK, so i think i have managed to narrow it down to what i think is the problem. When i'm doing the conversion To a NSData object (before the encryption) i'm encoding it with NSUTF8StringEncoding. The problem is that I'm losing data that way...any ideas? – YYfim Mar 28 '14 at 19:44

1 Answers1

2

I know you were trying to avoid this but I think you might need to spend some time in the source code of AESCrypt-Objc as I suspect it is somehow not encrypting the last block.

Step into the code and see if you actually get to the CCCryptorFinal call, and note its results. This can be found in the AESCrypt-ObjC/NSData+CommonCrypto.m _runCryptor:result: . Another thing to look into is the default padding type they are using which appears to be kCCOptionPKCS7Padding this will also have an effect on your ending bytes.

Do your testing first with non-arbitrary length bytes that are multiples of the AES block size, then once you have validated that move on to the variable length ones you have here.

dtrotzjr
  • 928
  • 5
  • 18
  • Hey dtrotzjr, i did a step by step in the algorithm (in _runCrypto:result: ) and the only thing i could find that is unusual is in the CCCryptorFinal method where the bufused variable get the value of: 0, one more thing i've managed to get the correct byte size in the output (when using 'kCCOptionECBMode | kCCOptionPKCS7Padding' instead of just 'kCCOptionPKCS7Padding') but the last 16 bytes are not equal to the result in the test tool. new result: <7eda336b 82f3e279 ae7638fe cccfffc6 5fbef8da 6df76d97 67d8cfa8 5bce2ae9 650c76c7 ea3ca6c6 5d3c90b2 34e86c63> – YYfim Mar 29 '14 at 08:40
  • 1
    If you want to validate AES you need to understand AES, spend some time reading about AES and understand what all these variables (block chaining mode, padding, etc) mean, then figure out exactly what the `AESCrypt-Objc` uses and what your AES Encryption test uses and make sure all the parameters are the same. Then start with a data size that is an AES single block size, then move up to data sizes that are multiples of the block size then use data that is of an arbitrary length. Otherwise you are going to go mad trying to figure out what is wrong. – dtrotzjr Mar 30 '14 at 21:01