(Objective-C) Duplicate PHP's openssl_encrypt and openssl_random_pseudo_bytes

Demonstrates how to duplicate PHP's openssl_encrypt function. (https://www.php.net/manual/en/function.openssl-encrypt.php)

For more information, see https://www.php.net/manual/en/function.openssl-encrypt.php

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoCrypt2.h>
#import <NSString.h>
#import <CkoBinData.h>

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Duplicates thw following PHP script:

// $text = "This is a test";
// $passphrase = "my password";
// $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length("AES-256-CBC"));
// $crypted = base64_encode($iv.openssl_encrypt($text, "AES-256-CBC", $passphrase, OPENSSL_RAW_DATA, $iv));
// echo $crypted;

BOOL success;
CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];

NSString *text = @"This is a test";
NSString *passphrase = @"my password";

// AES is a block cipher.  The IV size for any block cipher is the size of the block, which is defined by the encryption algorithm. 
// For AES, the block size is always 16 bytes, regardless of key size (i.e. 128-bits, 192-bits, or 256-bits).
// Therefore, generate 16 random bytes for the IV.
crypt.EncodingMode = @"base64";
NSString *ivBase64 = [crypt GenRandomBytesENC: [NSNumber numberWithInt: 16]];

NSLog(@"%@%@",@"Generated IV = ",ivBase64);

// Because we're doing AES-256-CBC, the key length must be 256-bits (i.e. 32 bytes).
// Given that our passphrase is a us-ascii string that can be shorter or longer than 32-bytes, we need to 
// somehow transform the passphrase to a 32-byte secret key.  We need to know what openssl_encrypt does.
// Here's the answer from the openssl_encrypt documentation:
// 
// "If the passphrase is shorter than expected, it is silently padded with NUL characters; 
// if the passphrase is longer than expected, it is silently truncated."

// OK.... so let's pad or shorten to get a 32-byte key.
CkoBinData *bdKey = [[CkoBinData alloc] init];
[bdKey AppendString: passphrase charset: @"utf-8"];

int sz = [bdKey.NumBytes intValue];
if (sz > 32) {
    [bdKey RemoveChunk: [NSNumber numberWithInt: 32] numBytes: [NSNumber numberWithInt: (sz - 32)]];
}
else {
    [bdKey Clear];
    [bdKey AppendPadded: passphrase charset: @"utf-8" padWithSpace: NO fieldLen: [NSNumber numberWithInt: 32]];
}

// Setup for encryption.
crypt.CryptAlgorithm = @"aes";
crypt.KeyLength = [NSNumber numberWithInt:256];
[crypt SetEncodedIV: ivBase64 encoding: @"base64"];
[crypt SetEncodedKey: [bdKey GetEncoded: @"base64"] encoding: @"base64"];

// Encrypt and base64 encode.
NSString *cipherText64 = [crypt EncryptStringENC: text];

// The PHP code fragment above returns the base64 encoded bytes of the IV and the encrypted text.
// So let's do that..
CkoBinData *bd = [[CkoBinData alloc] init];
[bd AppendEncoded: ivBase64 encoding: @"base64"];
[bd AppendEncoded: cipherText64 encoding: @"base64"];
NSString *result = [bd GetEncoded: @"base64"];

NSLog(@"%@%@",@"result = ",result);

// Sample output:
// dN0vS1O0cWi5BbLAAY+NTf7bs3S27xzPf11RkG47sjs=

// Now let's decrypt from the output...

// Setup for decryption.
crypt.CryptAlgorithm = @"aes";
crypt.KeyLength = [NSNumber numberWithInt:256];
[crypt SetEncodedKey: [bdKey GetEncoded: @"base64"] encoding: @"base64"];

CkoBinData *bdResult = [[CkoBinData alloc] init];
[bdResult AppendEncoded: result encoding: @"base64"];
[crypt SetEncodedIV: [bdResult GetEncodedChunk: [NSNumber numberWithInt: 0] numBytes: [NSNumber numberWithInt: 16] encoding: @"base64"] encoding: @"base64"];

// Remove the IV (first 16 bytes) from the result.
[bdResult RemoveChunk: [NSNumber numberWithInt: 0] numBytes: [NSNumber numberWithInt: 16]];
success = [crypt DecryptBd: bdResult];
NSString *originalText = [bdResult GetString: @"utf-8"];

NSLog(@"%@%@",@"original text = ",originalText);