static CFDataRef
encryptString(SecKeyRef wrapKey, CFDataRef iv, CFStringRef str)
{
CFDataRef retval = NULL;
CFErrorRef error = NULL;
CFDataRef inputString = CFStringCreateExternalRepresentation(kCFAllocatorDefault, str, kCFStringEncodingMacRoman, 0xff);
SecTransformRef encryptTrans = SecEncryptTransformCreate(wrapKey, &error);
if(error == NULL) {
SecTransformRef group = SecTransformCreateGroupTransform();
SecTransformSetAttribute(encryptTrans, kSecEncryptionMode, kSecModeCBCKey, &error);
if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecPaddingKey, kSecPaddingPKCS7Key, &error);
if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecTransformInputAttributeName, inputString, &error);
if(error == NULL) SecTransformSetAttribute(encryptTrans, kSecIVKey, iv, &error);
SecTransformRef encodeTrans = SecEncodeTransformCreate(kSecBase64Encoding, &error);
SecTransformConnectTransforms(encryptTrans, kSecTransformOutputAttributeName, encodeTrans, kSecTransformInputAttributeName, group, &error);
CFRelease(encodeTrans);
CFRelease(encryptTrans);
if(error == NULL) retval = SecTransformExecute(group, &error);
if(error != NULL) secDebug(ASL_LEVEL_ERR, "Failed to encrypt recovery password\n", NULL);
CFRelease(group);
}
return retval;
}
extern "C" int32_t AppleCryptoNative_RsaEncryptPkcs(
SecKeyRef publicKey, uint8_t* pbData, int32_t cbData, CFDataRef* pEncryptedOut, CFErrorRef* pErrorOut)
{
if (pEncryptedOut != nullptr)
*pEncryptedOut = nullptr;
if (pErrorOut != nullptr)
*pErrorOut = nullptr;
if (publicKey == nullptr || pbData == nullptr || cbData < 0 || pEncryptedOut == nullptr || pErrorOut == nullptr)
{
return kErrorBadInput;
}
int32_t ret = kErrorSeeError;
SecTransformRef encryptor = SecEncryptTransformCreate(publicKey, pErrorOut);
if (encryptor != nullptr)
{
if (*pErrorOut == nullptr)
{
ret = ExecuteCFDataTransform(encryptor, pbData, cbData, pEncryptedOut, pErrorOut);
}
CFRelease(encryptor);
}
return ret;
}
