implementing PBEKeySpec encryption into IOS

Question

This is my java code. Now I want to implement same functionality in Objective-C.

int dkLen = 16;
int rounds = 1000;
PBEKeySpec keySpec = new PBEKeySpec(hashKey.toCharArray(),salt.getBytes(), rounds, dkLen * 8);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return factory.generateSecret(keySpec).getEncoded();

This is my iOS implementation

- (void)getHashKey {
      NSString *hash_key=@"MY_HASHKEY";
      NSString *saltKey = @"MY_SALTKEY";

      int dkLen = 16;
      NSData *keyData = [hash_key dataUsingEncoding:NSUTF8StringEncoding];
      NSData *salt    = [saltKey dataUsingEncoding:NSUTF8StringEncoding];
      uint    rounds  = 1000;
      uint    keySize = kCCKeySizeAES128;

      NSMutableData *derivedKey = [NSMutableData dataWithLength:keySize];

      CCKeyDerivationPBKDF(kCCPBKDF2,               // algorithm
                           keyData.bytes,           // password
                           keyData.length,          // passwordLength
                           salt.bytes,              // salt
                           salt.length,             // saltLen
                           kCCPRFHmacAlgSHA1,       // PRF
                           rounds,                  // rounds
                           derivedKey.mutableBytes, // derivedKey
                           dkLen*8);                // derivedKeyLen

       NSString *myString = [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];
       NSLog(@"derivedKey: %@", myString);
}

Is there any problem with algorithm which i am using in iOS

Answer 1

Use the Common Crypto CCKeyDerivationPBKDF function with the option kCCPRFHmacAlgSHA1.

Note PBEKeySpec keyLength is in bits, CCKeyDerivationPBKDF derivedKeyLen is in bytes.

For a more detailed answer provide all input (hashKey, salt) and the output in hex dump format plus the number of rounds, output length in bytes.

See this SO answer for sample code.

Update for revised question code:

CCKeyDerivationPBKDF returns 8-bit data bytes that is essentially not characters and many are not printable even if forced into NSASCIIStringEncoding. Forcing to NSASCIIStringEncoding even if there is no error returned is incorrect and non-useful. Instead either use the returned NSData or convert to Base64 or HexASCII encoding.

Change

NSString *myString =    [[NSString alloc] initWithData:derivedKey encoding:NSASCIIStringEncoding];

Output: A´Öº÷"ùïó

to

NSString * myString = [derivedKey base64EncodedStringWithOptions:0];

Output: QbTWgbr3FSL57/MfBQAz4A==

Note: 1000 rounds is generally considered insufficient, something in the 10,000 to 100,000 range should be used.

Timings on an iPhone 6S:

rounds  seconds
1000    0.003  
10000   0.032  
100000  0.309  
1000000 3.047