The AES key input to CCCrypt in encrypt/decrypt in SecretStore.m is incorrect

[rijswijk]

In the methods encrypt and decrypt of SecretStore.m the secret belonging to a tiqr identity is encrypted/decrypted using a key that is derived from the PIN code. The execution flow now goes like this (during authentication):

• User enters PIN
• secretForPIN on SecretStore is invoked
• in secretForPIN, keyForPIN is invoked; this method derives a 256-bit AES key from the PIN using a password-based key derivation function (PBKDF); the method outputs the AES key as an ASCII string with a hexadecimal representation of the derived 256-bit AES key
• next, in secretForPIN, decrypt is invoked; this method decrypts the encrypted secret using the key that was derived in the previous step.

There is an error in the encrypt and the decrypt function, however. Rather than re-converting the ASCII string with the hexadecimal representation of the key back to a byte array and using that as the "key" parameter for the call to CCCrypt, the hexadecimal string representation itself is taken. This effectively means that only the first 128 bits of the derived key are used for encryption/decryption, and, even worse, the first 8 bits of that value are set to 0 due to an incorrect invocation of NSString::getCString (see commit #37).

The fix for this is probably quite simple; rather than secretForPIN returning an ASCII string with the hexadecimal representation of the derived key, it should just return the byte array with the key that can then be used directly as input for CCCrypt.

The only problem with fixing this is that existing identities will have to be migrated to using the correct key for encryption/decryption; simply fixing the issue would break existing identities that currently use the incorrect scheme.