Android : Validating in objective c Password encypted in Java using PBKDF2WithHmacSHA1 algorithm

on Wednesday, August 13, 2014


Userpath: One registered in my android app, then decided to login in through the iphone app.


Server sends me Encrypted Password and I need to compare with the one user have just entered in the password field.


Here is Java method which encrypts the string:



public static String encrypt(String password)  {
        int iterations = 1000;
        char[] chars = password.toCharArray();
        byte[] salt = getSalt().getBytes();

        PBEKeySpec spec = new PBEKeySpec(chars, salt, iterations, 256);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        byte[] hash = skf.generateSecret(spec).getEncoded();
        return toHex(hash) + ":" + toHex(salt) + ":" + iterations;
}


What I have so far:



- (BOOL)isPasswordValid 
{
  //here is encrypted string @"password"; ':' separates it into 
  //3 parts:@"password", @"salt", @"iteration";

  NSString * testPassword = @"90bd42e6f15ccd2d3ec3386d031758898bb7bc08f476a3d7afe6fe1cfbc372e6:5b42406231323062343030:1000";

  NSString * saltString = @"5b42406231323062343030";
  NSString * storedPasswordString = @"90bd42e6f15ccd2d3ec3386d031758898bb7bc08f476a3d7afe6fe1cfbc372e6";

  NSData * hashData = [storedPasswordString dataFromHexString]; 

  unsigned char out[256];

  //converting saltstring into char array
  //
  NSMutableArray * saltArray = [NSMutableArray array];
  for (NSInteger idx = 0; idx < saltString.length; idx++) {
   [saltArray addObject:[NSString stringWithFormat:@"%C", [saltString characterAtIndex:idx]]];
  }

  unsigned char * buffer = (unsigned char *)calloc([saltArray count],
                                              sizeof(unsigned char));

  for (int i = 0; i < [saltArray count]; i++)
    buffer[i] = (char)[saltArray objectAtIndex:i];

  PKCS5_PBKDF2_HMAC_SHA1("password", strlen("password"), buffer, sizeof(buffer), ITERATION, 256, out);

  NSMutableString * hashTestString = [NSMutableString new];
  for (NSInteger idx = 0; idx < sizeof(out); idx++) {
    [hashTestString appendString:[NSString stringWithFormat:@"%02x", out[idx]]];
  }

  NSData * hashDataTest = [hashTestString dataFromHexString];

  const char *hashBytes = [hashData bytes];
  const char *hashBytesTest = [hashDataTest bytes];

  int diff = hashData.length ^ hashDataTest.length;
  for (int i = 0; i < hashData.length && i < hashDataTest.length; i++) {
    diff |= hashBytes[i] ^ hashBytesTest[i];
  }

  free(buffer);
  return diff == 0;
}


Method PKCS5_PBKDF2_HMAC_SHA1 Unfortunately, it always returns -1 for test case.