CCCrypt difference between iOS5 and iOS6

Question

I have got a decryption/encryption method using CCCrypt() which worked really well on iOS5. Now I am working with the iOS6 SDK and never changed my code, but it seems that something is broken. I can still encrypt a string with a key and decrypt it, but if I use another key to decrypt the same string, the CCCryptStatus coming back from CCCrypt() is still 0(kCCSuccess) - even when the decryption fails, because after that my NSData isn't filled. On iOS5 I got the error message -4303 which I could handle then. Any ideas what can be wrong now?

My Code:

char keyPtr[kCCKeySizeAES256+1]; 
bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

// fetch key data
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

if (encryptOrDecrypt == kCCDecrypt)
{
    data = [GTMBase64 decodeData:data];
}

NSUInteger dataLength = [data length];

size_t bufferSize = dataLength + kCCBlockSizeAES128;

void *buffer = malloc(bufferSize);

size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(encryptOrDecrypt,
                                      kCCAlgorithmAES128,
                                      kCCOptionPKCS7Padding,
                                      keyPtr,
                                      kCCKeySizeAES256,
                                      NULL ,
                                      [data bytes], dataLength, 
                                      buffer,       bufferSize, 
                                      &numBytesDecrypted);

if (cryptStatus != kCCSuccess){
    // do something, but cryptStatus is always 0!
}

EDIT: Tested it on iPad Simulator 5. When I make a decryption with another key the status I receive is -4303. Only in ios6 the status coming back is 0.

Answer 1

I'm not an expert i encryption, but I have the same problem and figured a workaround maybe it will be fine until some will find a real solution.

all I did is to figure which iOS is running and for 6+ i'm changing the CCCrypt call to no padding (0 is for no padding, 1 is the enum for kCCOptionPKCS7Padding)

float version = [[UIDevice currentDevice].systemVersion floatValue];
if (version >= 6)
{
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, 0,
                                          keyPtr, kCCKeySizeAES128,
                                          ivPtr,
                                          [self bytes], dataLength,
                                          buffer, bufferSize, 
                                          &numBytesDecrypted );


    if( cryptStatus == kCCSuccess )
    {
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }

    free( buffer ); 
    return nil;
}
else
{
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, 1,
                                          keyPtr, kCCKeySizeAES128,
                                          ivPtr,
                                          [self bytes], dataLength,
                                          buffer, bufferSize, 
                                          &numBytesDecrypted );
    if( cryptStatus == kCCSuccess )
    {
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }

    free( buffer );
    return nil;
}