AES128 Encryption CBC/NoPadding Objective-C

Question

We need to encrypt a request using AES128 in Android and IOS and then send that encrypted message in the backend server written in Java.

Our Android encryption code is like below:

Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);

where keyspec and ivspec is random bytes generated.

In Objective-C, this is how we do the encryption.

NSString* iv = @"a12bc1256b4de9a0";
NSData* ivData = [iv dataUsingEncoding:NSUTF8StringEncoding]; 


NSMutableData* cipherData = [NSMutableData dataWithLength:data.length+kCCBlockSizeAES128];

CCCryptorStatus result = CCCrypt(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, keyData.bytes, keyData.length, ivData.bytes, data.bytes, data.length, cipherData.mutableBytes, cipherData
                                     .length, &outLength);

The problem with this is that when we compare the encrypted byte of thee Java program and Objective-C, they are not the same. I understand that the CCOption parameter in Objective-C should be CBC but that is not in the enum list of the CommonCrypto library. When we set it 0, the encrypted byte only return a series of zeros.

Please suggest other alternatives on how to do the AES 128 encryption in Objective-C using AES/CBC/NOPadding Algorithm.

Answer 1

You've requested padding: kCCOptionPKCS7Padding. That's not the same thing as Java's NoPadding. Remove the padding option. (You can use 0 to mean "no options.")

It's also unclear whether every other part of your encryption it the same. You didn't include the key generation or IV in the Java code.

(Note that if you get the exact same bytes out of an encryption algorithm for the same message, then you're using the encryption algorithm in an insecure way. Secure encryption constructions will generate a different cipher text for every encryption. I understand that your server may be using this kind of insecure approach; it's a very common mistake. But it is insecure.)