StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POBase64 issue in NSMutableURLRequest POST message?
text
Body
copied!<p>I'm having communcation issues between my app and the server. I'm using RNCryptor to encrypt a message, which I then base64 encode and transfer to the server in the request. This is done in both the DATA header, and within the http body as post data. I think I'm making a mistake in how I'm converting & transferring the base64 encoded message via POST. </p> <p>If I receive the encrypted message via the header, it decrypts perfectly fine, every single time. However, if I take the message via the POST data, I'm getting varying results. Most of the time, it fails, else it partially decrypts (first few letters), with 1 in 20 or so successful decryptions.</p> <p>The objective-c code is:</p> <pre><code>- (NSString *)sendEncryptedTestMessage:(NSString *)address{ NSString* messageContent = @"Hello my name is Bob."; NSError * error = nil; NSString* responseString2 = nil; NSData* postData = [RNEncryptor encryptData:[messageContent dataUsingEncoding:NSUTF8StringEncoding] withSettings:kRNCryptorAES256Settings password:@"123456" error:&error]; NSString* messageServer = [NSString base64forData:postData]; NSString* postMessage = [@"message=" stringByAppendingString:messageServer]; postData = [postMessage dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES]; // problem here I think NSString* postLength = [NSString stringWithFormat:@"%ld",(unsigned long)[postData length]]; NSURL* URLToRequest = [NSURL URLWithString:address]; NSMutableURLRequest* semisystem = [[[NSMutableURLRequest alloc] initWithURL:URLToRequest] autorelease]; [semisystem setHTTPMethod:@"POST"]; [semisystem setHTTPBody:postData]; [semisystem setValue:postLength forHTTPHeaderField:@"Content-Length"]; [semisystem setValue:self.activationURL forHTTPHeaderField:@"EncryptionKey"]; [semisystem setValue:messageServer forHTTPHeaderField:@"data"]; NSURLResponse* response; NSData* data = [NSURLConnection sendSynchronousRequest:semisystem returningResponse:&response error:&error]; responseString2 = [NSString stringWithFormat:@"%.*s", (int)[data length], [data bytes]]; return responseString2; } </code></pre> <p>PHP code:</p> <pre><code>function decrypt2($b64_data,$password) { // back to binary //$bin_data = mb_convert_encoding($b64_data, "UTF-8", "BASE64"); $bin_data = base64_decode($b64_data); // extract salt $salt = substr($bin_data, 2, 8); // extract HMAC salt $hmac_salt = substr($bin_data, 10, 8); // extract IV $iv = substr($bin_data, 18, 16); // extract data $data = substr($bin_data, 34, strlen($bin_data) - 34 - 32); $dataWithoutHMAC = chr(2).chr(1).$salt.$hmac_salt.$iv.$data; // extract HMAC $hmac = substr($bin_data, strlen($bin_data) - 32); // make HMAC key $hmac_key = pbkdf2('SHA1', $password, $hmac_salt, 10000, 32, true); // make HMAC hash $hmac_hash = hash_hmac('sha256', $dataWithoutHMAC , $hmac_key, true); // check if HMAC hash matches HMAC if($hmac_hash != $hmac) { echo "HMAC mismatch".$nl.$nl.$nl; // return false; } // make data key $key = pbkdf2('SHA1', $password, $salt, 10000, 32, true); // decrypt $ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv); return $ret; } $passkey = "123456"; $messageBase64 = $_POST['message'];// THIS barely works $messageBase64 = $_SERVER['HTTP_DATA'];// THIS WORKS $message = decrypt2($messageBase64,$passkey); </code></pre> <p>Many thanks in advance!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload