static CFStringRef decryptString(SecKeyRef wrapKey, CFDataRef iv, CFDataRef wrappedPassword) { CFStringRef retval = NULL; CFDataRef retData = NULL; CFErrorRef error = NULL; SecTransformRef decryptTrans = SecDecryptTransformCreate(wrapKey, &error); if(error == NULL) { SecTransformRef group = SecTransformCreateGroupTransform(); SecTransformRef decodeTrans = SecDecodeTransformCreate(kSecBase64Encoding, &error); if(error == NULL) SecTransformSetAttribute(decodeTrans, kSecTransformInputAttributeName, wrappedPassword, &error); if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecEncryptionMode, kSecModeCBCKey, &error); if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecPaddingKey, kSecPaddingPKCS7Key, &error); if(error == NULL) SecTransformSetAttribute(decryptTrans, kSecIVKey, iv, &error); SecTransformConnectTransforms(decodeTrans, kSecTransformOutputAttributeName, decryptTrans, kSecTransformInputAttributeName, group, &error); CFRelease(decodeTrans); CFRelease(decryptTrans); if(error == NULL) retData = SecTransformExecute(group, &error); if(error == NULL) retval = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, retData, kCFStringEncodingMacRoman); else secDebug(ASL_LEVEL_ERR, "Failed to decrypt recovery password\n", NULL); CFRelease(group); } return retval; }
extern "C" int32_t AppleCryptoNative_RsaDecryptOaep(SecKeyRef privateKey, uint8_t* pbData, int32_t cbData, PAL_HashAlgorithm mfgAlgorithm, CFDataRef* pDecryptedOut, CFErrorRef* pErrorOut) { if (pDecryptedOut != nullptr) *pDecryptedOut = nullptr; if (pErrorOut != nullptr) *pErrorOut = nullptr; if (privateKey == nullptr || pbData == nullptr || cbData < 0 || pDecryptedOut == nullptr || pErrorOut == nullptr) { return kErrorBadInput; } int32_t ret = kErrorSeeError; SecTransformRef decryptor = SecDecryptTransformCreate(privateKey, pErrorOut); if (decryptor != nullptr) { if (*pErrorOut == nullptr) { ret = ExecuteOaepTransform(decryptor, pbData, cbData, mfgAlgorithm, pDecryptedOut, pErrorOut); } CFRelease(decryptor); } return ret; }