Library for aes/gcm/nopadding
marinofaggiana opened this issue · comments
Hi, thanks for your work, I wand decrypt a file from Android with aes/gcm/nopadding , the library CCCryptorGCM is perfect but is not public ... how call your library? I don't have the
NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding];
:
I have only Data, ckey and cIv [16]
CCCryptorStatus cryptStatus = CCCryptorGCM(operation,
kCCAlgorithmAES128,
cKey,
kCCKeySizeAES128,
cIv,
kCCBlockSizeAES128,
nil,
0,
contentData.bytes,
contentData.length,
operationBytes,
tag.bytes,
&tagLength);
Thanks a lot
I have add your library on my proj but xcode9 ... is iOS compatible ?
Undefined symbols for architecture x86_64:
"OBJC_CLASS$_IAGAesGcm", referenced from:
objc-class-ref in NCClientEncryption.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Can you help me ?
Hi @marinofaggiana, glad to hear that your are using this code.
About your first comment, the additional authenticated data corresponds to the sixth and seventh parameter in CCCryptorGCM
(starting on 0): nil
(additional authenticated data buffer) & 0
(additional authenticated data length). As far as I can tell, this means you should pass an empty NSData instance to the corresponding method in AesGcm library.
Now, about the second comment, how did you add the library to your project? I mean, are you using CocoaPods in your project to manage 3-party libraries? If that is the case, did you add this library as an extra pod? If not, what did you do to add the code to your project?
BTW, I just pushed a few more commits to the repo ... and yes, the library is iOS compatible, what is more, although it should work too in macOS, I have only tested it in iOS. To end, I am also using Xcode 9.0.
Thanks @indisoluble for your answer, I don't use cocoapods, I have inserted :
https://github.com/indisoluble/AesGcm/tree/master/AesGcm/Classes
on a new directory in my project, but I have (hope) found the issue ... another question for test I want decrypted a file, why u use IAGCipheredData *cipheredData and not NSData ?
How I convert NSData to IAGCipheredData ?
Thanks a lot for your help
Good to know you found the problem. If you have a suggestion about how to improve this library, please let me know here or, if you have the time, create a new issue.
About IAGCipheredData
, the reason why I use this custom class instead of a NSData
instance is because the result of ciphering plain data with AesGcm is not only the ciphered data but also an authentication tag which is necessary to decipher the encrypted data later on. Have I had the possibility to return a struct
in a method like in Swift, I would have done so but we do not have this option in ObjC, so I opted for this custom class.
Now, to build your own IAGCipheredData
instances, please have a look to IAGAesGcmTest.m, there are plenty of example there you can use.
Hope this info will be helpful.
Hi @indisoluble I have this :
key = "bGzWfQBj2lE4ZnysDWwsIg==" for kCCBlockSizeAES128
iv = "rTBECYNekKF+a1HR7z32/Q==" for kCCBlockSizeAES128
NSData *contentData (data encrypted from file)
this is the code :
NSData *keyData = [[NSData alloc] initWithBase64EncodedString:@"bGzWfQBj2lE4Znys" options:0];
NSData *initVectorData = [[NSData alloc] initWithBase64EncodedString:@"rTBECYNekKF+a1HR" options:0];
// setup contentData
char cContentData[contentData.length];
bzero(cContentData, sizeof(cContentData));
[contentData getBytes:cContentData length:contentData.length];
// tag
NSMutableData *tag = [NSMutableData dataWithLength:kCCBlockSizeAES128];
size_t tagLength = kCCBlockSizeAES128;
IAGCipheredData *cipheredData = [[IAGCipheredData alloc] initWithCipheredBuffer:cContentData cipheredBufferLength:contentData.length authenticationTag:(__bridge const void * _Nonnull)(tag) authenticationTagLength:tagLength];
NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData
withAdditionalAuthenticatedData:[@"" dataUsingEncoding:NSUTF8StringEncoding]
initializationVector:initVectorData
key:keyData
error:&error];
But return nil ... where is the issue ?
thanks a lot
The error code reported in variable error
is 2 which corresponds to enum value IAGErrorCodeAuthenticationTagsNotIdentical. What this means is that the authentication tag used to build cipheredData
is not the same authentication tag returned when the data was ciphered in the first place.
Ignored the paragraph above, I let it there only because it is informative. I can not reproduce your problem because I do not know the content of variable contentData
. Anyway, all the error codes directly generated by this library are listed in IAGError.h, enum IAGErrorCode. Please have a look and, at least, let me know which error code you get when you launch your test.
P.D.: I noticed that the keyData
as well as the initVectorData
are built with base64 strings while the additional authentication data is a UTF8 empty string.
Hi @marinofaggiana, is it working now?
Anyway, I think I did not explain myself right when I made the last comment about the strings used to initialise keyData
, initVectorData
& the additional authentication data. I was wondering if the different formats of each of them: base64 & UTF8, was intentional or just a slip; I might be wrong but I think that usually all the strings are of the same type.
Also, in my first comment I said:
About your first comment, the additional authenticated data corresponds to the sixth and seventh parameter in CCCryptorGCM (starting on 0): nil (additional authenticated data buffer) & 0 (additional authenticated data length). As far as I can tell, this means you should pass an empty NSData instance to the corresponding method in AesGcm library.
What I meant by that was that the additional authentication data should be: NSData *additionalAuthenticationData = [NSData data];
.
Carrying on with this, I just noticed a few things in the code you copied above:
- You pointed that: key = "bGzWfQBj2lE4ZnysDWwsIg==" & iv = "rTBECYNekKF+a1HR7z32/Q==", however in the code we read: key = "bGzWfQBj2lE4Znys" & iv = "rTBECYNekKF+a1HR"
- The variable
tag
is an emptyNSMutableData
instance, that is unlikely to work - And the
tagLength
should be of typeIAGAuthenticationTagLength
which defines the accepted authentication tag lengths:IAGAuthenticationTagLength128
,IAGAuthenticationTagLength120
,IAGAuthenticationTagLength112
,IAGAuthenticationTagLength104
&IAGAuthenticationTagLength96
If you are still having problems, consider creating a GitHub Gist that we can use to see share some code and better reproduce the issue.
On the other hand, if everything is OK now, let me know so I can close the issue.
Hi @indisoluble sorry for the delay, I have develop a wrapper with openSSL, thanks a lot for you availability.