Library for aes/gcm/nopadding

Question

Library for aes/gcm/nopadding

marinofaggiana opened this issue 7 years ago · comments

Hi, thanks for your work, I wand decrypt a file from Android with aes/gcm/nopadding , the library CCCryptorGCM is perfect but is not public ... how call your library? I don't have the

NSData *aad = [@"AdditionalAuthenticatedData" dataUsingEncoding:NSUTF8StringEncoding];
:

I have only Data, ckey and cIv [16]

CCCryptorStatus cryptStatus = CCCryptorGCM(operation,
kCCAlgorithmAES128,
cKey,
kCCKeySizeAES128,
cIv,
kCCBlockSizeAES128,
nil,
0,
contentData.bytes,
contentData.length,
operationBytes,
tag.bytes,
&tagLength);

Thanks a lot

Marino Faggiana · Answer 1 · Thu Oct 05 2017 00:10:52 GMT+0800 (China Standard Time)

I have add your library on my proj but xcode9 ... is iOS compatible ?

Undefined symbols for architecture x86_64:
"OBJC_CLASS$_IAGAesGcm", referenced from:
objc-class-ref in NCClientEncryption.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

Can you help me ?

Enrique de la Torre · Answer 2 · Mon Oct 09 2017 00:30:22 GMT+0800 (China Standard Time)

Hi @marinofaggiana, glad to hear that your are using this code.

About your first comment, the additional authenticated data corresponds to the sixth and seventh parameter in CCCryptorGCM (starting on 0): nil (additional authenticated data buffer) & 0 (additional authenticated data length). As far as I can tell, this means you should pass an empty NSData instance to the corresponding method in AesGcm library.

Now, about the second comment, how did you add the library to your project? I mean, are you using CocoaPods in your project to manage 3-party libraries? If that is the case, did you add this library as an extra pod? If not, what did you do to add the code to your project?

Enrique de la Torre · Answer 3 · Mon Oct 09 2017 00:34:51 GMT+0800 (China Standard Time)

BTW, I just pushed a few more commits to the repo ... and yes, the library is iOS compatible, what is more, although it should work too in macOS, I have only tested it in iOS. To end, I am also using Xcode 9.0.

Marino Faggiana · Answer 4 · Mon Oct 09 2017 04:39:32 GMT+0800 (China Standard Time)

Thanks @indisoluble for your answer, I don't use cocoapods, I have inserted :

https://github.com/indisoluble/AesGcm/tree/master/AesGcm/Classes

on a new directory in my project, but I have (hope) found the issue ... another question for test I want decrypted a file, why u use IAGCipheredData *cipheredData and not NSData ?

How I convert NSData to IAGCipheredData ?

Thanks a lot for your help

Enrique de la Torre · Answer 5 · Mon Oct 09 2017 05:47:51 GMT+0800 (China Standard Time)

Good to know you found the problem. If you have a suggestion about how to improve this library, please let me know here or, if you have the time, create a new issue.

About IAGCipheredData, the reason why I use this custom class instead of a NSData instance is because the result of ciphering plain data with AesGcm is not only the ciphered data but also an authentication tag which is necessary to decipher the encrypted data later on. Have I had the possibility to return a struct in a method like in Swift, I would have done so but we do not have this option in ObjC, so I opted for this custom class.

Now, to build your own IAGCipheredData instances, please have a look to IAGAesGcmTest.m, there are plenty of example there you can use.

Hope this info will be helpful.

Marino Faggiana · Answer 6 · Mon Oct 09 2017 05:53:45 GMT+0800 (China Standard Time)

Hi @indisoluble I have this :

key = "bGzWfQBj2lE4ZnysDWwsIg==" for kCCBlockSizeAES128
iv = "rTBECYNekKF+a1HR7z32/Q==" for kCCBlockSizeAES128

NSData *contentData (data encrypted from file)

this is the code :



NSData *keyData = [[NSData alloc] initWithBase64EncodedString:@"bGzWfQBj2lE4Znys" options:0];
NSData *initVectorData = [[NSData alloc] initWithBase64EncodedString:@"rTBECYNekKF+a1HR" options:0];

// setup contentData
    char cContentData[contentData.length];
    bzero(cContentData, sizeof(cContentData));
    [contentData getBytes:cContentData length:contentData.length];
    
    // tag
    NSMutableData *tag = [NSMutableData dataWithLength:kCCBlockSizeAES128];
    size_t tagLength = kCCBlockSizeAES128;
    
    IAGCipheredData *cipheredData = [[IAGCipheredData alloc] initWithCipheredBuffer:cContentData cipheredBufferLength:contentData.length authenticationTag:(__bridge const void * _Nonnull)(tag) authenticationTagLength:tagLength];
    
    NSData *plainData = [IAGAesGcm plainDataByAuthenticatedDecryptingCipheredData:cipheredData
                                                  withAdditionalAuthenticatedData:[@"" dataUsingEncoding:NSUTF8StringEncoding]
                                                             initializationVector:initVectorData
                                                                              key:keyData
                                                                            error:&error];

But return nil ... where is the issue ?

thanks a lot

Enrique de la Torre · Answer 7 · Mon Oct 09 2017 06:08:10 GMT+0800 (China Standard Time)

The error code reported in variable error is 2 which corresponds to enum value IAGErrorCodeAuthenticationTagsNotIdentical. What this means is that the authentication tag used to build cipheredData is not the same authentication tag returned when the data was ciphered in the first place.

Ignored the paragraph above, I let it there only because it is informative. I can not reproduce your problem because I do not know the content of variable contentData. Anyway, all the error codes directly generated by this library are listed in IAGError.h, enum IAGErrorCode. Please have a look and, at least, let me know which error code you get when you launch your test.

P.D.: I noticed that the keyData as well as the initVectorData are built with base64 strings while the additional authentication data is a UTF8 empty string.

Enrique de la Torre · Answer 8 · Tue Oct 10 2017 05:22:28 GMT+0800 (China Standard Time)

Hi @marinofaggiana, is it working now?

Anyway, I think I did not explain myself right when I made the last comment about the strings used to initialise keyData, initVectorData & the additional authentication data. I was wondering if the different formats of each of them: base64 & UTF8, was intentional or just a slip; I might be wrong but I think that usually all the strings are of the same type.

Also, in my first comment I said:

About your first comment, the additional authenticated data corresponds to the sixth and seventh parameter in CCCryptorGCM (starting on 0): nil (additional authenticated data buffer) & 0 (additional authenticated data length). As far as I can tell, this means you should pass an empty NSData instance to the corresponding method in AesGcm library.

What I meant by that was that the additional authentication data should be: NSData *additionalAuthenticationData = [NSData data];.

Carrying on with this, I just noticed a few things in the code you copied above:

You pointed that: key = "bGzWfQBj2lE4ZnysDWwsIg==" & iv = "rTBECYNekKF+a1HR7z32/Q==", however in the code we read: key = "bGzWfQBj2lE4Znys" & iv = "rTBECYNekKF+a1HR"
The variable tag is an empty NSMutableData instance, that is unlikely to work
And the tagLength should be of type IAGAuthenticationTagLength which defines the accepted authentication tag lengths: IAGAuthenticationTagLength128, IAGAuthenticationTagLength120, IAGAuthenticationTagLength112, IAGAuthenticationTagLength104 & IAGAuthenticationTagLength96

Enrique de la Torre · Answer 9 · Tue Oct 10 2017 05:25:06 GMT+0800 (China Standard Time)

If you are still having problems, consider creating a GitHub Gist that we can use to see share some code and better reproduce the issue.
On the other hand, if everything is OK now, let me know so I can close the issue.

Marino Faggiana · Answer 10 · Wed Oct 18 2017 19:13:32 GMT+0800 (China Standard Time)

Hi @indisoluble sorry for the delay, I have develop a wrapper with openSSL, thanks a lot for you availability.