4

I have the following code for encrypting the request i am sending to my server. The decoding on the server is done by .NET and on the iPhone, I am using the security framework with the following code. 

- (NSString*) doCipher:(NSString*)plainText:(CCOperation)encryptOrDecrypt {

const void *vplainText;
size_t plainTextBufferSize;

if (encryptOrDecrypt == kCCDecrypt)
{
    NSData *EncryptData = [[NSData alloc] initWithBase64EncodedString:plainText];
    plainTextBufferSize = [EncryptData length];
    vplainText = [EncryptData bytes];
}
else
{
    plainTextBufferSize = [plainText length];
    vplainText = (const void *) [plainText UTF8String];
}

CCCryptorStatus ccStatus;
uint8_t *bufferPtr = NULL;
size_t bufferPtrSize = 0;
size_t movedBytes = 0;
// uint8_t iv[kCCBlockSize3DES];

uint8_t iv[kCCBlockSize3DES];
memset((void *) iv, 0x0, (size_t) sizeof(iv));

bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t));
memset((void *)bufferPtr, 0x0, bufferPtrSize);
// memset((void *) iv, 0x0, (size_t) sizeof(iv));

NSString *key = @"D3v3lop_4pp13_f0r_M4z4Y4";
const void *vkey = (const void *) [key UTF8String];

ccStatus = CCCrypt(encryptOrDecrypt,
                   kCCAlgorithm3DES,
                   kCCOptionPKCS7Padding,
                   vkey, //"123456789012345678901234", //key
                   kCCKeySize3DES,
                   iv, //"init Vec", //iv,
                   vplainText, //"Your Name", //plainText,
                   plainTextBufferSize,
                   (void *)bufferPtr,
                   bufferPtrSize,
                   &movedBytes);
if (ccStatus == kCCSuccess) NSLog(@"SUCCESS");
else if (ccStatus == kCCParamError) return @"PARAM ERROR";
else if (ccStatus == kCCBufferTooSmall) return @"BUFFER TOO SMALL";
else if (ccStatus == kCCMemoryFailure) return @"MEMORY FAILURE";
else if (ccStatus == kCCAlignmentError) return @"ALIGNMENT";
else if (ccStatus == kCCDecodeError) return @"DECODE ERROR";
else if (ccStatus == kCCUnimplemented) return @"UNIMPLEMENTED";

NSString *result;

if (encryptOrDecrypt == kCCDecrypt)
{
    result = [[ [NSString alloc] initWithData: [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes] encoding:NSASCIIStringEncoding] autorelease];
}
else
{
    NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];
    result = [myData base64Encoding];   
}    
return result;
}

The encryption on the server and the iPhone give the same result when the encrypted string is less than 8 characters! after that, it gives different results. I am a total beginner with this, is there any hint on where to look?

Adhamox
  • 397
  • 10
  • 19

1 Answers1

0

Yes, your cipher modes and/or padding are different. Make sure you are using the same mode on both the server and client. For instance, in most cases CBC mode with PKCS#7 padding is a good choice.

Is there any particular reason you are using 3DES? It is significantly slower than AES (with slightly worse properties).

Yann Ramin
  • 32,895
  • 3
  • 59
  • 82
  • Thanks for the quick answer. I am adapting the app for the already built server API. I read somewhere here on stackoverflow that PKCS5 and PKCS7 are the same. The server is using PKCS5. can this be the reason? – Adhamox Aug 25 '11 at 16:58
  • 1
    PKCS5 and PKCS7 are effectively the same, it is just that PKCS5 has only been defined for up to 64 bit blocks while PKCS7 is defined for up to 128 bit blocks. Otherwise they are identical. – rossum Aug 25 '11 at 17:10
  • @Adhamox: Perhaps try CTR or (shudder) ECB mode to interoperate? – Yann Ramin Aug 26 '11 at 01:22
  • You are right to shudder at ECB mode, avoid it if at all possible. CBC or CTR are much superior and much more secure. – rossum Aug 27 '11 at 21:48