0

I am trying to encrypt a string with AES in both IOS with CCCrypt and in Python with Crypto. However I seem to get different results. Anyone has any ideas why?

I am trying to use 256 bit AES with null IV and CBC.

Python code:

key = 'verysecretkey1111111111111111111'

IV = 16 * '\x00'    
mode = AES.MODE_CBC
cipher = AES.new(key, AES.MODE_CBC, IV)

y='aaaabbbbccccdddd'
length = 16 - (len(y) % 16)
y += chr(length)*length

encoded = cipher.encrypt(y)
print base64.b64encode(encoded)

The result is gyL9jv7bTgLz8xZQx/GLYNVnVrrwo6pLsc5Ew4Vl8Uk=

Objective C code

char keyPtr[kCCKeySizeAES256 ];
bzero( keyPtr, sizeof( keyPtr ) );

// fetch key data
[key getCString:keyPtr maxLength:sizeof( keyPtr  encoding:NSUTF8StringEncoding];

NSUInteger dataLength = [self length];


size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );

size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128,   kCCOptionPKCS7Padding,
                                      keyPtr, kCCKeySizeAES256,
                                      NULL /* initialization vector (optional) */,
                                      [self bytes], dataLength, /* input */
                                      buffer, bufferSize, /* output */
                                      &numBytesEncrypted );

The result is DskVKDMGxFWLGSYszL/mEersVv9zq9PK9bPIV5UgLbs=

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
sopor
  • 46
  • 7
  • This is not the full code you have here. How do you provide the key and data in Obj-C? – Artjom B. Sep 16 '15 at 17:36
  • Is it possible that you're using different IV's? I'm not quite a cryptographer, but it does seem like you may be using a sequence of NULL bytes as your IV in the Python code (you might want None?) and in the ObjC code you're literally passing in NULL -- how does CCCrypt deal with that? I'm also not sure what the mode of operation is supposed to be in the ObjC code. It's CBC in the Python code, so that might also affect it. – Ragora Sep 16 '15 at 18:18
  • Common Crypto uses nulls for the iv it the iv is specified as NULL (0x00). The string to be encrypted is not shown since the method is an extension, sadly that was not mentioned not was the class of the extension now was the method of Base64 encoding the `CCCrypt` output. Extensions seem to be used because they are "Shiny" and "Shiny"attracts developers, who knew. – zaph Sep 16 '15 at 18:36

1 Answers1

1

There is a problem with calling the Objective-C method and given incomplete code understanding that error is difficult.

This statement in the Question is definitely incorrect:

[key getCString:keyPtr maxLength:sizeof( keyPtr  encoding:NSUTF8StringEncoding];

There are two problems:
1. A missing closing parenthesis to sizeof.
2. Space must be reserved for the trailing null a "C" string requires: 

char keyPtr[kCCKeySizeAES256+1];  
bzero( keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSASCIIStringEncoding];

Note that the method getCString: returns status but is not checked, if it has been there error would have been apparent. Error status is a developer's best friend.

But as seen in the code below there is a simpler way to handle the key.

Here a an example with a result matching the Python code"

NSString *key  = @"verysecretkey1111111111111111111";
NSString *data = @"aaaabbbbccccdddd";

NSData *dataIn  = [data dataUsingEncoding:NSUTF8StringEncoding];
NSData *keyData = [key  dataUsingEncoding:NSUTF8StringEncoding];

CCCryptorStatus ccStatus   = kCCSuccess;
size_t          cryptBytes = 0;
NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];

ccStatus = CCCrypt( kCCEncrypt,
                   kCCAlgorithmAES128,
                   kCCOptionPKCS7Padding,
                   keyData.bytes, kCCKeySizeAES256,
                   NULL,
                   dataIn.bytes, dataIn.length,
                   dataOut.mutableBytes, dataOut.length,
                   &cryptBytes);

if (ccStatus != kCCSuccess) {
    NSLog(@"CCCrypt status: %d", ccStatus);
}
dataOut.length = cryptBytes;

NSString *objcEncrypted = [dataOut base64EncodedStringWithOptions:0];
NSLog(@"objcEncrypted: %@", objcEncrypted);

Output:

objcEncrypted: gyL9jv7bTgLz8xZQx/GLYNVnVrrwo6pLsc5Ew4Vl8Uk=

zaph
  • 111,848
  • 21
  • 189
  • 228