3DES encryption in iPhone app always produces different result from 3DES encryption in Java

Question

I have to encrypt a string in my iPhone app. The encryption scheme is 3DES/CBC/PKCS5 padding and I have to convert in objective-c this Java code:

public class MessageEncrypt {

public String encryptString(String message, String seckey) throws Exception{
    byte[] encData = encrypt(message, seckey);

    return this.getHexString(encData, "");
}

public String decryptString(String message, String seckey) throws Exception{
    return decrypt(this.getBArray(message), seckey);
}

private byte[] encrypt(String message, String seckey) throws Exception {
    final MessageDigest md = MessageDigest.getInstance("md5");
    final byte[] digestOfPassword = md.digest(seckey.getBytes("utf-8"));
    final byte[] keyBytes = acopyof(digestOfPassword, 24);
    for (int j = 0, k = 16; j < 8;) {
        keyBytes[k++] = keyBytes[j++];
    }

    final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
    final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
    final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key, iv);

    final byte[] plainTextBytes = message.getBytes("utf-8");
    final byte[] cipherText = cipher.doFinal(plainTextBytes);
    // final String encodedCipherText = new sun.misc.BASE64Encoder()
    // .encode(cipherText);

    return cipherText;
}

private String decrypt(byte[] message, String seckey) throws Exception {
    final MessageDigest md = MessageDigest.getInstance("md5");
    final byte[] digestOfPassword = md.digest(seckey.getBytes("utf-8"));
    final byte[] keyBytes = acopyof(digestOfPassword, 24);
    for (int j = 0, k = 16; j < 8;) {
        keyBytes[k++] = keyBytes[j++];
    }

    final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
    final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
    final Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
    decipher.init(Cipher.DECRYPT_MODE, key, iv);

    final byte[] plainText = decipher.doFinal(message);

    return new String(plainText, "UTF-8");
}

private String getHexString(byte[] barray, String delim) {
    StringBuffer buffer = new StringBuffer();


    for (int i = 0; i < barray.length; i++) {
        int ii = barray[i] & 0xFF;
        String bInt = Integer.toHexString(ii);
        if (ii < 16) {
            bInt = "0" + bInt.toUpperCase();
        }
        buffer.append(bInt);
        if (i < barray.length - 1) {
            buffer.append(delim);
        }
    }

    return buffer.toString().toUpperCase();
}

private byte[] getBArray(String bString) {
    byte[] retBytes;

    if (bString.length() % 2 != 0) {
        return new byte[0];
    }
    retBytes = new byte[bString.length() / 2];

    for (int i = 0; i < bString.length() / 2; i++) {
        retBytes[i] = (byte) ((Character.digit(bString.charAt(2 * i), 16) << 4) + Character.digit(bString.charAt(2 * i + 1), 16));
    }
    return retBytes;
}

public static byte[] acopyof(byte[] orig, int newlength){
    byte[] copya = new byte[newlength];
    for(int i=0;i< orig.length;i++){
        copya[i]=orig[i];
    }
    for(int i=orig.length;i<newlength;i++){
        copya[i]=0x0;
    }
    return copya;
}

}

I made this objective-c method to match those specs:

+(NSString*)doCipher:(NSString*)sTextIn:(CCOperation)encryptOrDecrypt {

// const void *vplainText; // size_t plainTextBufferSize;

NSMutableData *dTextIn;

if (encryptOrDecrypt == kCCDecrypt)
{



}
else
{

    dTextIn = [[sTextIn dataUsingEncoding: NSASCIIStringEncoding]mutableCopy];

}

NSLog(@"************** Init encrypting **********************************");

NSLog(@"This is data to encrypt %@",dTextIn);

CCCryptorStatus ccStatus;
uint8_t *bufferPtr = NULL;
size_t bufferPtrSize = 0;
size_t movedBytes = 0;
//  uint8_t ivkCCBlockSize3DES;

bufferPtrSize = ([dTextIn length] + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t));
memset((void *)bufferPtr, 0x00, bufferPtrSize);



// Initialization vector; in this case 8 bytes.

uint8_t iv[kCCBlockSize3DES];
memset((void *) iv, 0x8, (size_t) sizeof(iv));



UserAndPassword *userPass = [[UserAndPassword alloc]init];

NSString *userPassword = userPass.password;

NSLog(@"This is my password %@",userPassword);

NSString *key = [userPassword MD5String];

NSLog(@"This is MD5 key %@",key);


NSMutableData *_keyData = [[key dataUsingEncoding:NSASCIIStringEncoding]mutableCopy];

unsigned char *bytePtr = (unsigned char *)[_keyData bytes];

NSLog(@"Bytes of key are %s ", bytePtr);

NSLog(@"******** This is my key length %d *******",[_keyData length]);

[_keyData setLength:24];

 unsigned char *bytePtr1 = (unsigned char *)[_keyData bytes];

 NSLog(@"******** Bytes of key are %s ************", bytePtr1);

 NSLog(@"*********  This is key length %d ***********",[_keyData length]);



ccStatus = CCCrypt(encryptOrDecrypt, // CCoperation op
                   kCCAlgorithm3DES, // CCAlgorithm alg
                   kCCOptionPKCS7Padding, // CCOptions
                   [_keyData bytes], // const void *key
                   kCCKeySize3DES, // 3DES key size length 24 bit
                   iv,  //const void *iv,
                   [dTextIn bytes], // const void *dataIn  
                   [dTextIn length], // size_t dataInLength
                   (void *)bufferPtr, // void *dataOut
                   bufferPtrSize, // size_t dataOutAvailable
                   &movedBytes); // size_t *dataOutMoved

if (ccStatus == kCCParamError) return @"PARAM ERROR";
else if (ccStatus == kCCBufferTooSmall) return @"BUFFER TOO SMALL";
else if (ccStatus == kCCMemoryFailure) return @"MEMORY FAILURE";
else if (ccStatus == kCCAlignmentError) return @"ALIGNMENT";
else if (ccStatus == kCCDecodeError) return @"DECODE ERROR";
else if (ccStatus == kCCUnimplemented) return @"UNIMPLEMENTED";


NSString *result;

if (encryptOrDecrypt == kCCDecrypt)
{

    // result = [[NSString alloc] initWithData: [NSData dataWithBytes:(const void *)bufferPtr length:[(NSUInteger)movedBytes] encoding:NSASCIIStringEncoding]];
    result = [[[NSString alloc] initWithData:[NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes] encoding:NSUTF8StringEncoding] autorelease];
}
else
{
    NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];

    NSLog(@"This is my encrypted bytes %@", myData);

    result = [NSString dataToHex:myData];

    NSLog(@"This is my encrypted string %@", result);

    NSLog(@"********************** Encryption is finished ************");

}
return result;

}

I didn't manage to match the 3DES encryption obtained with Java code and I don't understand which is the problem.

Thank you in advance, Pier

Answer 1

The Java version is using an IV of 0s, while the Objective-C version uses 8s.

Deriving a key from a password using one round of MD5 and no salt is not secure. Use a key derivation algorithm like PBKDF2.

Answer 2

I haven't looked through all your code, but the first thing that jumps out is that the character encoding schemes for your input strings are different. In your Java algorithm you are encoding all strings as UTF-8, but in your ObjC algorithm you encoded the strings as ASCII, which is a potential problem for anything but the simplest of input strings.

Answer 3

It looks like you have a character encoding problem. Your Objective-C code is based on ASCII (8 bit) characters but you need to switch (16 bit) UNICODE character decoding while parsing Java Strings into bytes. On the other hand, It may be a good idea to consider byte ordering in your arrays depending on the CPU architecture you are working on (Little or Big Endianness).