Clever Geek Handbook

IPhone --- 3DES Encryption returns "wrong" results?

I have serious problems with the CommonCrypto feature. There are two existing applications for BlackBerry and Windows Mobile, both use Triple-DES encryption with ECB mode for communication. The results are the same on both encrypted.

Now I want to implement 3DES encryption in our iPhone app, so I went straight to CommonCrypto: http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-32207/CommonCrypto/CommonCryptor.h

I get some results if I use CBC mode, but they don't match the Java or C # results. Anyway, I want to use ECB mode, but I don't get this working at all - a parameter error appears ...

This is my appeal for the ECB regime ... I split it up a bit:

const void *vplainText;

plainTextBufferSize = [@"Hello World!" length];
bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);

plainText = (const void *) [@"Hello World!" UTF8String];
NSString *key = @"abcdeabcdeabcdeabcdeabcd";

ccStatus = CCCrypt(kCCEncrypt,
     kCCAlgorithm3DES,
     kCCOptionECBMode,
     key,
     kCCKeySize3DES,
     nil, // iv, not used with ECB
     plainText,
     plainTextBufferSize,
     (void *)bufferPtr, // output
     bufferPtrSize,
     &movedBytes);

t is more or less code from here: http://discussions.apple.com/thread.jspa?messageID=9017515 But as mentioned, every time I get a parameter error ...

When I use kCCOptionPKCS7Padding instead of kCCOptionECBMode and set the same initialization vector in C # and my iPhone code, the iPhone gives me different results. Is there any error getting my output from bufferPtr? I am currently getting encrypted things this way:

NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];
result = [[NSString alloc] initWithData:myData encoding:NSISOLatin1StringEncoding];

I seem to have almost tried every setting twice, different encodings, etc ... where is my mistake?

+2


source to share


3 answers


Can you submit a bug report?

One of the best ways to fix this stuff I've found is to take the known input, known key, and known output (" test vectors ") and compare the bytes of the expected output with the observed output.

What you are doing here is probably not a very good way to test the result:



NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];
result = [[NSString alloc] initWithData:myData encoding:NSISOLatin1StringEncoding];

How do you know that encrypted binary data can be interpreted using an encoding NSISOLatin1StringEncoding

?

Instead, compare bytes directly (via [myData description]

or the like) or translate the output to hex or base64 .

+1


source


I believe the problem is that kCCOptionSEBMode is not enough. You also need to fill in (since this is a block cipher). If you pass both (i.e. KCCOptionPKCS7Padding | kCCOptionECBMode) it will work.



+1


source


I realize this is an old question, but for reference, I think your key shouldn't be passed as an NSString. Instead, the key must be converted from hex to byte array. This hexToBytes NSString extension should provide what you need by doing the following:

[[key hexToBytes] bytes]

The key must be twice as long as the specified one (48 characters in hex, that is, 24 bytes).

0


source






More articles:


All Articles