Skip to content
This repository has been archived by the owner on Feb 23, 2021. It is now read-only.

Fix bug decryptor "RNCryptorError error 2" in ios, when encryptor in Android #13

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

hoanghiephui
Copy link

In Android when you want to encrypt the text, you have to use SCHEMA_3 for encryption. Decryptor in Swift cannot identify the Schema Version of Base 64 encoded string.

@getsadzeg
Copy link
Contributor

getsadzeg commented Oct 28, 2016

Did you test this?

P.S I just found out that RNCryptor-php uses SCHEME 3 as default SCHEME_VERSION.

@hoanghiephui
Copy link
Author

Right, I've tested, and it works fine

@ceonelson
Copy link

Any chance of getting this merged in and a version bump for gradle soon? My PHP code is working fine decrypting when I use JNcryptor (AES256JNCryptor().encryptData), but i've spent 5 frustrating hours trying to get RNCryptor working to no success then found this PR and imagine it will probably work instantly.

I tried dling @hoanghiephui branch and including that, but even after installing NDK I'm at an error I can't get past to build it (being 3am doesn't help I'm sure).

Thanks so much for y'alls help!

@TGIO
Copy link
Owner

TGIO commented Nov 4, 2016

will merge/bump on this weekends.

@ceonelson
Copy link

Thanks so much!

@TGIO
Copy link
Owner

TGIO commented Nov 6, 2016

@hoanghiephui whats the point of having same configuration SCHEMA_2 naming it SCHEMA_3 and using it?

@TGIO
Copy link
Owner

TGIO commented Nov 6, 2016

@ceonelson what is your problem exactly ?

@rnapier
Copy link

rnapier commented Nov 6, 2016

In order to interoperate with other implementations of RNCryptor, you must to use Schema 3. No implementation of RNCryptor should try to implement Schema 2 without understanding the history of Schema 2. It is identical to Schema 3 except that the ObjC implementation of Schema 2 (and only the ObjC implementation) incorrectly computed keys for passwords that included multibyte characters. The schema was bumped in order to distinguish which KDF was used. See RNCryptor/RNCryptor#77.

Except for cases where you need to decrypt files that were encrypted in 2012 or 2013 by RNCryptor 2.0 or 2.1, it is generally best to avoid schema 2 entirely. It should definitely never be written. Schema 3 has been in place since 2013 and is the schema almost all implementations use exclusively. Schemas 0 and 1 are a pain because they used CTR rather than CBC, so most implementations skip them, and they haven't been used since 2012.

@TGIO
Copy link
Owner

TGIO commented Nov 6, 2016

@rnapier seems i have to change source of this port. I am using CPP atmm which doesn't have schema 3 implemented. Any suggestions for new source ?

@ceonelson
Copy link

@TGIO I'm not able to decrypt the files encrypted with RNCryptorNative using the RNCryptor-PHP library (but files from JNCryptor work fine, but is so slow on phone) :(

@rnapier do you know if the PHP library has a way to decrypt using SCHEMA_2? It seems like it should auto detect the version based on this line but i can't get RNCryptorNative to work but JNCryptor will.

@ceonelson
Copy link

@TGIO from what I can tell the only difference between SCHEMA_2 and SCHEMA_3 is that SCHEMA_3 fixes the SCHEMA_2 bug of calculating the password length before the password has been converted to UTF8. Is that correct @rnapier ?

It seems the CPP source you're using doesn't mess with password string encoding, so @hoanghiephui fix of bumping the version # should make it compatible with the other libraries.

@hoanghiephui are you able to test if a file encrypted with your PR can be decrypted with the PHP library? If not, can you send me a link to an encrypted test JPEG file I can use to verify?

Thanks!

@TGIO
Copy link
Owner

TGIO commented Nov 6, 2016

@ceonelson can u pull @hoanghiephui -s branch and test it for your scenario?

@TGIO
Copy link
Owner

TGIO commented Nov 6, 2016

or just join gitter and i will assist you

@ceonelson
Copy link

@TGIO i tried to do that earlier but got an error, let me retry now and i'll see you on the IM shortly, thanks!

@rnapier
Copy link

rnapier commented Nov 7, 2016

@ceonelson The PHP implementation is one of the most hard-core for all the schemas. Yes, it handles Schema 2 (it even correctly implements the ObjC version's bug). It goes all the way back to Schema 0.

@rnapier
Copy link

rnapier commented Nov 7, 2016

@TGIO I'm in the process of rewriting the C++ implementation, specifically to make this (Android native) implementation a bit easier. That said, the only change that should be necessary to make it work is to change the value from 2 to 3. I believe the code analysis from @ceonelson is correct.

@ceonelson
Copy link

@rnapier That's what I thought as I saw all their definitions in there, and it looked like it had decrypted some of the previous files but I wasn't able to get a valid JPG to display from it. It looks like the raw data here is being converted to UTF8 before being encrypted, so I'm not sure if that is messing with the JPG data somehow. I'm working now on doing some tests with text files to see what is encryption vs encoding issue, will report back.

@ceonelson
Copy link

@rnapier @TGIO so this is working with a simple text string, but won't with a JPG image (or I imagine anything other than basic text).

I think this is because JNCryptor and RNCryptor both use byte arrays, whereas the C++ implementation is using a String.

The input string in RNCryptorNative is being converted to UTF so it can be passed to the C++ library, but that has issues.

TL;DR: @rnapier can you please include an encrypt function on a byte array in your C++ rewrite? :D Then we can use that from android and all will be right with the world!

Thanks!

@hoanghiephui
Copy link
Author

hoanghiephui commented Nov 7, 2016

@rnapier
Copy link

rnapier commented Nov 7, 2016

JPEG data is not valid UTF-8 data. You cannot convert directly between them. In C++, a "string" does not necessarily mean "character data," and it absolutely does not mean UTF-8 data (I haven't studied the C++ implementation closely enough to see whether it assumes that it is character data; it may).

But yes, a byte array is definitely the right thing to be passing in.

Note that RNCryptor has extensive test vectors to ensure that you're encrypting correctly. GenVectorTests shows an example of how to use the Ruby parsing library to automatically generate test code for Swift. I am currently working on a similar test vector generator for C++ (that's my first step before actually implementing it). Even without an automated system, you can use the test vectors to make sure you're able to decrypt known good data.

@ceonelson
Copy link

@hoanghiephui thanks for the post, but I only need to encrypt on Android, and the encrypt JNI but also the RNCryptor-cpp and more importantly underlying crypto library use strings for that instead of byte array :/

@rnapier
Copy link

rnapier commented Nov 7, 2016

The underlying library just has an option of using strings. That's a wrapper in top of calls that take byte* and a length.

@ceonelson
Copy link

Yeah in cryptopp\filters.h line1247 there is StringSource(const byte *string, size_t length, bool pumpAll, BufferedTransformation *attachment = NULL) which i assumed could be used to make it work, but don't know enough about JNI/C++ to figure out how to go about implementing it :/

It looks like they have a dedicated ArraySource and ArraySink that is based off that constructor

@Senemix29
Copy link

Hi, did you guys have some roadmap to solve this ?
I open an issue a few hours ago, and ai didn't know there are this pull request that solves the same problem that i'm having.

@gte941y
Copy link

gte941y commented Sep 19, 2017

I'm also having this same problem. Is there a plan to merge this fork back into the mainline?

Great work on the library, thanks for sharing!

@SaravanakumarB
Copy link

SaravanakumarB commented Jan 9, 2018

@hoanghiephui Hai, I am Saravanakumar.In My project, i am facing issue in encryption and decryption between android and ios. The encrypted data from android cant be decrypted in ios. I saw your pull request with that issue fixed. How to add your fork to my project?

@hoanghiephui
Copy link
Author

@SaravanakumarB You just add module from my branch instead of "compile 'com.github.tgio:rncryptor-native:0.0.9' "

@TGIO
Copy link
Owner

TGIO commented Jan 12, 2018

@hoanghiephui does your branch work 100%? if so please let me see test results and i'll gladly accept pr.

@jenlai1345
Copy link

jenlai1345 commented Jan 20, 2018

@hoanghiephui
Hi,
I think I found your branch at:
https://github.com/hoanghiephui/RNCryptorNative

Can you please help me of including it in my gradle file?
currently I have compile 'com.github.tgio:rncryptor-native:0.0.9'
I can't seem to just replace it with the URL.

I'm facing exactly the same problem - Android encrypted msg cannot be decrypted in IOS.

Greatly appreciated it!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants