My iOS application creates a key using AES encryption and send it with all the APIs , and it is being decrypted at the server end, now after the update of OS 13.4 the key created from the device(not the simulator) is in incorrect and the following error is thrown by the server : "Padding is invalid and cannot be removed."
It is working perfectly in the devices below 13.4 OS version , we are using CommonCrypto to encrypt the key at our end , following are the details :
let ivData = "passpharse".data(using:String.Encoding.utf8)!
let cryptLength = size_t(data.count + kCCBlockSizeAES128)
var cryptData = Data(count:cryptLength
let keyLength = size_t(kCCKeySizeAES128)
let options = CCOptions(kCCOptionPKCS7Padding)
var numBytesEncrypted :size_t = 0
The surprising part is that the key is being correctly generated for some API calls although same method is used for key generation.
Users with iOS - OS less than 13.4 are not facing any issue, If anyone have came across the same situation please guide.
thanks in advance.
After much research I made it work on all the versions. if in the above code “passphrase” is shorted than 16 bytes, it uses whatever's in-memory past the end. It seems like improper use of the CommonCrypto APIs was the issue here. Really don’t know why this worked before, but maybe we got lucky with the memory layout but the issues above need to be remedied before this will function as expected.