static CFDataRef encryptString(SecKeyRef wrapKey, CFDataRef iv, CFStringRef str) { CFDataRef retval = NULL; CFErrorRef error = NULL; CFDataRef inputString = CFStringCreateExternalRepresentation(kCFAllocatorDefault, str, kCFStringEncodingMacRoman, 0xff); SecTransformRef encryptTrans = SecEncryptTransformCreate(wrapKey, &error); if(error == NULL) { SecTransformRef group = SecTransformCreateGroupTransform(); SecTransformSetAttribute(encryptTrans, kSecEncryptionMode, kSecModeCBCKey, &error); if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecPaddingKey, kSecPaddingPKCS7Key, &error); if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecTransformInputAttributeName, inputString, &error); if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecIVKey, iv, &error); SecTransformRef encodeTrans = SecEncodeTransformCreate(kSecBase64Encoding, &error); SecTransformConnectTransforms(encryptTrans, kSecTransformOutputAttributeName, encodeTrans, kSecTransformInputAttributeName, group, &error); CFRelease(encodeTrans); CFRelease(encryptTrans); if(error == NULL) retval = SecTransformExecute(group, &error); if(error != NULL) secDebug(ASL_LEVEL_ERR, "Failed to encrypt recovery password\n", NULL); CFRelease(group); } return retval; }
extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs( SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut) { if (pEncryptedOut != nullptr) *pEncryptedOut = nullptr; if (pErrorOut != nullptr) *pErrorOut = nullptr; if (publicKey == nullptr || pbData == nullptr || cbData < 0 || pEncryptedOut == nullptr || pErrorOut == nullptr) { return kErrorBadInput; } int32_t ret = kErrorSeeError; SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut); if (encryptor != nullptr) { if (*pErrorOut == nullptr) { ret = ExecuteCFDataTransform(encryptor, pbData, cbData, pEncryptedOut, pErrorOut); } CFRelease(encryptor); } return ret; }