Fix bug decryptor "RNCryptorError error 2" in ios, when encryptor in Android

[hoanghiephui]

In Android when you want to encrypt the text, you have to use SCHEMA_3 for encryption. Decryptor in Swift cannot identify the Schema Version of Base 64 encoded string.

[getsadzeg]

Did you test this?

P.S I just found out that RNCryptor-php uses SCHEME 3 as default SCHEME_VERSION.

[hoanghiephui]

Right, I've tested, and it works fine

[ceonelson]

Any chance of getting this merged in and a version bump for gradle soon? My PHP code is working fine decrypting when I use JNcryptor (AES256JNCryptor().encryptData), but i've spent 5 frustrating hours trying to get RNCryptor working to no success then found this PR and imagine it will probably work instantly.

I tried dling @hoanghiephui branch and including that, but even after installing NDK I'm at an error I can't get past to build it (being 3am doesn't help I'm sure).

Thanks so much for y'alls help!

[TGIO]

will merge/bump on this weekends.

[ceonelson]

Thanks so much!

[TGIO]

@hoanghiephui whats the point of having same configuration SCHEMA_2 naming it SCHEMA_3 and using it?

[TGIO]

@ceonelson what is your problem exactly ?

[rnapier]

In order to interoperate with other implementations of RNCryptor, you must to use Schema 3. No implementation of RNCryptor should try to implement Schema 2 without understanding the history of Schema 2. It is identical to Schema 3 except that the ObjC implementation of Schema 2 (and only the ObjC implementation) incorrectly computed keys for passwords that included multibyte characters. The schema was bumped in order to distinguish which KDF was used. See https://github.com/RNCryptor/RNCryptor/issues/77.

Except for cases where you need to decrypt files that were encrypted in 2012 or 2013 by RNCryptor 2.0 or 2.1, it is generally best to avoid schema 2 entirely. It should definitely never be written. Schema 3 has been in place since 2013 and is the schema almost all implementations use exclusively. Schemas 0 and 1 are a pain because they used CTR rather than CBC, so most implementations skip them, and they haven't been used since 2012.

[TGIO]

@rnapier seems i have to change source of this port. I am using CPP atmm which doesn't have schema 3 implemented. Any suggestions for new source ?

[ceonelson]

@TGIO I'm not able to decrypt the files encrypted with RNCryptorNative using the RNCryptor-PHP library (but files from JNCryptor work fine, but is so slow on phone) :(

@rnapier do you know if the PHP library has a way to decrypt using SCHEMA_2? It seems like it should auto detect the version based on this line but i can't get RNCryptorNative to work but JNCryptor will.

[ceonelson]

@TGIO from what I can tell the only difference between SCHEMA_2 and SCHEMA_3 is that SCHEMA_3 fixes the SCHEMA_2 bug of calculating the password length before the password has been converted to UTF8. Is that correct @rnapier ?

It seems the CPP source you're using doesn't mess with password string encoding, so @hoanghiephui fix of bumping the version # should make it compatible with the other libraries.

@hoanghiephui are you able to test if a file encrypted with your PR can be decrypted with the PHP library? If not, can you send me a link to an encrypted test JPEG file I can use to verify?

Thanks!

[TGIO]

@ceonelson can u pull @hoanghiephui -s branch and test it for your scenario?

[TGIO]

or just join gitter and i will assist you

[ceonelson]

@tgio i tried to do that earlier but got an error, let me retry now and i'll see you on the IM shortly, thanks!

[rnapier]

@ceonelson The PHP implementation is one of the most hard-core for all the schemas. Yes, it handles Schema 2 (it even correctly implements the ObjC version's bug). It goes all the way back to Schema 0.

[rnapier]

@TGIO I'm in the process of rewriting the C++ implementation, specifically to make this (Android native) implementation a bit easier. That said, the only change that should be necessary to make it work is to change the value from 2 to 3. I believe the code analysis from @ceonelson is correct.

[ceonelson]

@rnapier That's what I thought as I saw all their definitions in there, and it looked like it had decrypted some of the previous files but I wasn't able to get a valid JPG to display from it. It looks like the raw data here is being converted to UTF8 before being encrypted, so I'm not sure if that is messing with the JPG data somehow. I'm working now on doing some tests with text files to see what is encryption vs encoding issue, will report back.

[ceonelson]

@rnapier @TGIO so this is working with a simple text string, but won't with a JPG image (or I imagine anything other than basic text).

I think this is because JNCryptor and RNCryptor both use byte arrays, whereas the C++ implementation is using a String.

The input string in RNCryptorNative is being converted to UTF so it can be passed to the C++ library, but that has issues.

TL;DR: @rnapier can you please include an encrypt function on a byte array in your C++ rewrite? :D Then we can use that from android and all will be right with the world!

Thanks!

[hoanghiephui]

@ceonelson I think you should use byte array You can try:

https://github.com/hoanghiephui/RNCryptorNative/commit/7229ebeb7e3fd20c7375e16c8b9280d0d7880171

[rnapier]

JPEG data is not valid UTF-8 data. You cannot convert directly between them. In C++, a "string" does not necessarily mean "character data," and it absolutely does not mean UTF-8 data (I haven't studied the C++ implementation closely enough to see whether it assumes that it is character data; it may).

But yes, a byte array is definitely the right thing to be passing in.

Note that RNCryptor has extensive test vectors to ensure that you're encrypting correctly. GenVectorTests shows an example of how to use the Ruby parsing library to automatically generate test code for Swift. I am currently working on a similar test vector generator for C++ (that's my first step before actually implementing it). Even without an automated system, you can use the test vectors to make sure you're able to decrypt known good data.

[ceonelson]

@hoanghiephui thanks for the post, but I only need to encrypt on Android, and the encrypt JNI but also the RNCryptor-cpp and more importantly underlying crypto library use strings for that instead of byte array :/

[rnapier]

The underlying library just has an option of using strings. That's a wrapper in top of calls that take byte* and a length.

[ceonelson]

Yeah in cryptopp\filters.h line1247 there is StringSource(const byte *string, size_t length, bool pumpAll, BufferedTransformation *attachment = NULL) which i assumed could be used to make it work, but don't know enough about JNI/C++ to figure out how to go about implementing it :/

It looks like they have a dedicated ArraySource and ArraySink that is based off that constructor

[Senemix29]

Hi, did you guys have some roadmap to solve this ? I open an issue a few hours ago, and ai didn't know there are this pull request that solves the same problem that i'm having.

[gte941y]

I'm also having this same problem. Is there a plan to merge this fork back into the mainline?

Great work on the library, thanks for sharing!

[SaravanakumarB]

@hoanghiephui Hai, I am Saravanakumar.In My project, i am facing issue in encryption and decryption between android and ios. The encrypted data from android cant be decrypted in ios. I saw your pull request with that issue fixed. How to add your fork to my project?

[hoanghiephui]

@SaravanakumarB You just add module from my branch instead of "compile 'com.github.tgio:rncryptor-native:0.0.9' "

[TGIO]

@hoanghiephui does your branch work 100%? if so please let me see test results and i'll gladly accept pr.

[jenlai1345]

@hoanghiephui Hi, I think I found your branch at: https://github.com/hoanghiephui/RNCryptorNative

Can you please help me of including it in my gradle file? currently I have compile 'com.github.tgio:rncryptor-native:0.0.9' I can't seem to just replace it with the URL.

I'm facing exactly the same problem - Android encrypted msg cannot be decrypted in IOS.

Greatly appreciated it!