Search code examples
javaiphoneobjective-cencryption3des

3DES encryption in iPhone app always produces different result from 3DES encryption in Java

I have to encrypt a string in my iPhone app. The encryption scheme is 3DES/CBC/PKCS5 padding and I have to convert in objective-c this Java code:

public class MessageEncrypt {

public String encryptString(String message, String seckey) throws Exception{
    byte[] encData = encrypt(message, seckey);

    return this.getHexString(encData, "");
}

public String decryptString(String message, String seckey) throws Exception{
    return decrypt(this.getBArray(message), seckey);
}

private byte[] encrypt(String message, String seckey) throws Exception {
    final MessageDigest md = MessageDigest.getInstance("md5");
    final byte[] digestOfPassword = md.digest(seckey.getBytes("utf-8"));
    final byte[] keyBytes = acopyof(digestOfPassword, 24);
    for (int j = 0, k = 16; j < 8;) {
        keyBytes[k++] = keyBytes[j++];
    }

    final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
    final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
    final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key, iv);

    final byte[] plainTextBytes = message.getBytes("utf-8");
    final byte[] cipherText = cipher.doFinal(plainTextBytes);
    // final String encodedCipherText = new sun.misc.BASE64Encoder()
    // .encode(cipherText);

    return cipherText;
}

private String decrypt(byte[] message, String seckey) throws Exception {
    final MessageDigest md = MessageDigest.getInstance("md5");
    final byte[] digestOfPassword = md.digest(seckey.getBytes("utf-8"));
    final byte[] keyBytes = acopyof(digestOfPassword, 24);
    for (int j = 0, k = 16; j < 8;) {
        keyBytes[k++] = keyBytes[j++];
    }

    final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
    final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
    final Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
    decipher.init(Cipher.DECRYPT_MODE, key, iv);

    final byte[] plainText = decipher.doFinal(message);

    return new String(plainText, "UTF-8");
}

private String getHexString(byte[] barray, String delim) {
    StringBuffer buffer = new StringBuffer();


    for (int i = 0; i < barray.length; i++) {
        int ii = barray[i] & 0xFF;
        String bInt = Integer.toHexString(ii);
        if (ii < 16) {
            bInt = "0" + bInt.toUpperCase();
        }
        buffer.append(bInt);
        if (i < barray.length - 1) {
            buffer.append(delim);
        }
    }

    return buffer.toString().toUpperCase();
}

private byte[] getBArray(String bString) {
    byte[] retBytes;

    if (bString.length() % 2 != 0) {
        return new byte[0];
    }
    retBytes = new byte[bString.length() / 2];

    for (int i = 0; i < bString.length() / 2; i++) {
        retBytes[i] = (byte) ((Character.digit(bString.charAt(2 * i), 16) << 4) + Character.digit(bString.charAt(2 * i + 1), 16));
    }
    return retBytes;
}

public static byte[] acopyof(byte[] orig, int newlength){
    byte[] copya = new byte[newlength];
    for(int i=0;i< orig.length;i++){
        copya[i]=orig[i];
    }
    for(int i=orig.length;i<newlength;i++){
        copya[i]=0x0;
    }
    return copya;
}

}

I made this objective-c method to match those specs:

+(NSString*)doCipher:(NSString*)sTextIn:(CCOperation)encryptOrDecrypt {

// const void *vplainText; // size_t plainTextBufferSize;

NSMutableData *dTextIn;

if (encryptOrDecrypt == kCCDecrypt)
{



}
else
{

    dTextIn = [[sTextIn dataUsingEncoding: NSASCIIStringEncoding]mutableCopy];

}

NSLog(@"************** Init encrypting **********************************");

NSLog(@"This is data to encrypt %@",dTextIn);

CCCryptorStatus ccStatus;
uint8_t *bufferPtr = NULL;
size_t bufferPtrSize = 0;
size_t movedBytes = 0;
//  uint8_t ivkCCBlockSize3DES;

bufferPtrSize = ([dTextIn length] + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t));
memset((void *)bufferPtr, 0x00, bufferPtrSize);



// Initialization vector; in this case 8 bytes.

uint8_t iv[kCCBlockSize3DES];
memset((void *) iv, 0x8, (size_t) sizeof(iv));



UserAndPassword *userPass = [[UserAndPassword alloc]init];

NSString *userPassword = userPass.password;

NSLog(@"This is my password %@",userPassword);

NSString *key = [userPassword MD5String];

NSLog(@"This is MD5 key %@",key);


NSMutableData *_keyData = [[key dataUsingEncoding:NSASCIIStringEncoding]mutableCopy];

unsigned char *bytePtr = (unsigned char *)[_keyData bytes];

NSLog(@"Bytes of key are %s ", bytePtr);

NSLog(@"******** This is my key length %d *******",[_keyData length]);

[_keyData setLength:24];

 unsigned char *bytePtr1 = (unsigned char *)[_keyData bytes];

 NSLog(@"******** Bytes of key are %s ************", bytePtr1);

 NSLog(@"*********  This is key length %d ***********",[_keyData length]);



ccStatus = CCCrypt(encryptOrDecrypt, // CCoperation op
                   kCCAlgorithm3DES, // CCAlgorithm alg
                   kCCOptionPKCS7Padding, // CCOptions
                   [_keyData bytes], // const void *key
                   kCCKeySize3DES, // 3DES key size length 24 bit
                   iv,  //const void *iv,
                   [dTextIn bytes], // const void *dataIn  
                   [dTextIn length], // size_t dataInLength
                   (void *)bufferPtr, // void *dataOut
                   bufferPtrSize, // size_t dataOutAvailable
                   &movedBytes); // size_t *dataOutMoved

if (ccStatus == kCCParamError) return @"PARAM ERROR";
else if (ccStatus == kCCBufferTooSmall) return @"BUFFER TOO SMALL";
else if (ccStatus == kCCMemoryFailure) return @"MEMORY FAILURE";
else if (ccStatus == kCCAlignmentError) return @"ALIGNMENT";
else if (ccStatus == kCCDecodeError) return @"DECODE ERROR";
else if (ccStatus == kCCUnimplemented) return @"UNIMPLEMENTED";


NSString *result;

if (encryptOrDecrypt == kCCDecrypt)
{

    // result = [[NSString alloc] initWithData: [NSData dataWithBytes:(const void *)bufferPtr length:[(NSUInteger)movedBytes] encoding:NSASCIIStringEncoding]];
    result = [[[NSString alloc] initWithData:[NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes] encoding:NSUTF8StringEncoding] autorelease];
}
else
{
    NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];

    NSLog(@"This is my encrypted bytes %@", myData);

    result = [NSString dataToHex:myData];

    NSLog(@"This is my encrypted string %@", result);

    NSLog(@"********************** Encryption is finished ************");

}
return result;

}

I didn't manage to match the 3DES encryption obtained with Java code and I don't understand which is the problem.

Thank you in advance, Pier

Solution

  • The Java version is using an IV of 0s, while the Objective-C version uses 8s.

    Deriving a key from a password using one round of MD5 and no salt is not secure. Use a key derivation algorithm like PBKDF2.