All geek questions in one place

Bad practices in the sample code example for doCipher code: key: context: padding method

According to this article http://blog.gdssecurity.com/labs/2013/3/5/retrieving-crypto-keys-via-ios-runtime-hooking.html

The Apples sample example for doCipher has “bad practices: key: context: padding method http://developer.apple.com/library/ios/#samplecode/CryptoExercise/Listings/Classes_SecKeyWrapper_m.html . The following code snippet shows what it will use static IV of 16 bytes 0x0s.

// Initialization vector; dummy in this case 0's. uint8_t iv[kChosenCipherBlockSize]; memset((void *) iv, 0x0, (size_t) sizeof(iv));

Why is it really bad for a layman and how to fix it?

I only understand that this code can be intercepted to intercept the symmetric key. But I do not understand why and how to prevent this.

+4
source share
2 answers

The code provided in this message is unsafe because it does not comply with the rule regarding initialization vectors, which are random values. Note that the engineer who wrote it commented:

 //... dummy in this case 0's.

True fixed size initialization vectors (or IVs, as the blog calls them) will never allocate a buffer that will be passed crypto functions with the same value again and again, instead they will randomize the data contained in the buffer each time so that its location cannot be deduced if you look at the sample code provided by the author. Just cut out the memset() call, and this block of memory will be filled with garbage at runtime. If you want technical information, write your own version of memset() , which generates pseudo-random data to overwrite the memory of this local one.

+4
source

In Classes_SecKeyWrapper.m we see that the initialization vector (IV) is used when calling CCCryptorCreate, which by default uses the cipher block (CBC) (as described in CommonCryptor.h ).

CBC XOR mode of each block with the following before encryption and ensures that two identical blocks do not give the same result. Since the first block does not have a previous block for XORed, you need to create a block called the “initialization vector”. This randomizes the output of the first block and reduces the likelihood of a second attack or selected-ciphertext attack .

In CBC mode, the initialization vector must be random and unique for each CCCryptorCreate call and must be used with a cipher and a decoder code (so you need to send it by message to someone who wants to decrypt the result),

Apple sample code is commented out using dummy in this case 0's . The dummy replaces the real thing, so I believe that the original writer knew about this problem and simply decided to create a simplified example on purpose.

+3
source

Source: https://habr.com/ru/post/1481550/

More articles:


All Articles