How to send NSData as key and IV for CCCrypt

1
votes

I need to AES128 encrypt a 16 byte block of data using a key and an IV to a 16 byte AES block.

Every CCCrypt example I've seen takes in (NSString *) for key and IV. My Key and IV are NSData 16 bytes. I've converted the NSData into hex strings but the result is not correct. I get an AES block of 32 bytes when I do it that way.

So my question is, what do I have to do to get NSData to be read into CCCrypt as a const void * ?

- (NSData *)AES128Operation:(CCOperation)operation key:(NSString *)key iv:(NSString *)iv theData:(NSData *)theData
{
    char keyPtr[kCCKeySizeAES128 + 1];
    bzero(keyPtr, sizeof(keyPtr));
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    char ivPtr[kCCBlockSizeAES128 + 1];
    bzero(ivPtr, sizeof(ivPtr));
    if (iv) {
        [iv getCString:ivPtr maxLength:sizeof(ivPtr) encoding:NSUTF8StringEncoding];
    }

    NSUInteger dataLength = [theData length];
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(operation,
                                          kCCAlgorithmAES128,
                                          kCCOptionECBMode,
                                          keyPtr,
                                          kCCBlockSizeAES128,
                                          ivPtr,
                                          [theData bytes],
                                          dataLength,
                                          buffer,
                                          bufferSize,
                                          &numBytesEncrypted);


    if (cryptStatus == kCCSuccess) {
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }
    free(buffer);
    return nil;
}
1
iosobjective-cencryptionaes
You are specifying PKCS7 Padding. PKCS7 adds at least 1 byte of padding, so encrypting 16 bytes will push you into 2 blocks of 16 bytes = 32 byte of encrypted data.Ebbe M. Pedersen
Thanks. Sorry I just put that in to test. I did get 16 bytes out when the padding wasn't there. I'm asking how to convert 16 byte NSData to be the const void * input for ivPtr and keyPtr.Scott
ECB mode does not use an IV, perhaps you need CBC mode which is the default.zaph
Thanks @zaph. I've read a lot abut this including your helpful answers to many others. If CBC is the default AND I don't want padding, how do you specify no options to options?Scott
Just specify 0 for CBC and no padding.zaph

1 Answers

1
votes
+ (NSData *)AES128:(NSData *)dataIn
         operation:(CCOperation)operation  // kCC Encrypt, Decrypt
               key:(NSData *)key
           options:(CCOptions)options      // kCCOption PKCS7Padding, ECBMode,
                iv:(NSData *)iv
             error:(NSError **)error
{
    CCCryptorStatus ccStatus   = kCCSuccess;
    size_t          cryptBytes = 0;
    NSMutableData  *dataOut    = [NSMutableData dataWithLength:dataIn.length + kCCBlockSizeAES128];

    ccStatus = CCCrypt( operation,
                       kCCAlgorithmAES,
                       options,
                       key.bytes, key.length,
                       iv.bytes,
                       dataIn.bytes, dataIn.length,
                       dataOut.mutableBytes, dataOut.length,
                       &cryptBytes);

    if (ccStatus == kCCSuccess) {
        dataOut.length = cryptBytes;
    }
    else {
        if (error) {
            *error = [NSError errorWithDomain:@"kEncryptionError"
                                         code:ccStatus
                                     userInfo:nil];
        }
        dataOut = nil;
    }

    return dataOut;
}