AES Decryption has different behavior in iOS 7 than iOS 8/9
The following method returns different results when run on iOS 7 than on iOS 8/9.
+ (NSData *)decryptData:(NSData *)data key:(NSData *)key iv:(NSData *)iv;
{
NSData *result = nil;
// setup key
unsigned char cKey[FBENCRYPT_KEY_SIZE];
bzero(cKey, sizeof(cKey));
[key getBytes:cKey length:FBENCRYPT_KEY_SIZE];
// setup iv
char cIv[FBENCRYPT_BLOCK_SIZE];
bzero(cIv, FBENCRYPT_BLOCK_SIZE);
if (iv) {
[iv getBytes:cIv length:FBENCRYPT_BLOCK_SIZE];
}
// setup output buffer
size_t bufferSize = [data length] + FBENCRYPT_BLOCK_SIZE;
void *buffer = malloc(bufferSize);
// do decrypt
size_t decryptedSize = 0;
CCCryptorStatus cryptStatus =
CCCrypt(kCCDecrypt, FBENCRYPT_ALGORITHM, kCCOptionPKCS7Padding, cKey,
FBENCRYPT_KEY_SIZE, cIv, [data bytes], [data length], buffer,
bufferSize, &decryptedSize);
if (cryptStatus == kCCSuccess) {
result = [NSData dataWithBytesNoCopy:buffer length:decryptedSize];
} else {
free(buffer);
NSLog(@"[ERROR] failed to decrypt| CCCryptoStatus: %d", cryptStatus);
}
return result;
}
Encryption works on iOS 7/8/9. But the result of decrypting nil on iOS 7.
decryptedSize
equals 0 after execution. Elements buffer
remain 0.
Some definitions
#define FBENCRYPT_ALGORITHM kCCAlgorithmAES128
#define FBENCRYPT_BLOCK_SIZE kCCBlockSizeAES128
#define FBENCRYPT_KEY_SIZE kCCKeySizeAES256
I have read answers to similar questions CCCrypt()
on SO. Tried the following:
- Increase
cKey
length by 1 - Extend the length
cKey
toFBENCRYPT_KEY_SIZE * 2 + 1
- Set the first byte
cKey
to 0 (some say iOS 6 does this when getting the key bytes from the NSString)
None of the above works.
I come back with some sample data when the method is called.
Three parameters passed to decryptData
:
- Details:
ea1e6896 b5731f40 1d560a18 f0729fa6
, - :
17c76e90 9a6fef8d b1fd45fa 2de18db0 d2236264 db6c8a60 125599ec 2dfb5614
, 256 bit for AES256 - iv:,
41463531 38453234 44333835 42463636
16-byte which is the same block size
Expected output (and actual output on iOS8 / 9) 248e51af 66bf85d3 00003ab6 fe3c0000
.
source to share
Guess quickly, because there is little information:
The data was encrypted using another plugin, which is PKCS # 7 (or PKCS # 5). mcrypt()
, while pop was written by some bozos and uses non-standard zero padding, which is insecure and won't work if the last byte of data is 0x00.
For more information on transferring PKCs # 7 see this SO answer .
Earlier versions CCCrypt
will return an error if the padding was clearly incorrect, this was a security bug that was later fixed. IIRC iOS7 was the last version to report bad padding as a bug.
source to share