static int mySSLPrivKeyRSA_decrypt(void *key, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen) { SecKeyRef keyRef = key; return SecKeyDecrypt(keyRef, kSecPaddingPKCS1, ciphertext, ciphertextLen, plaintext, plaintextLen); }
/* Test basic add delete update copy matching stuff. */ static void tests(SecKeyDescriptor *descriptor) { const uint8_t *keyData = (const uint8_t *)"abc"; CFIndex keyDataLength = 3; SecKeyEncoding encoding = kSecKeyEncodingRaw; ok(customKey = SecKeyCreate(kCFAllocatorDefault, descriptor, keyData, keyDataLength, encoding), "create custom key"); is(customKey, initedCustomKey, "CustomKeyInit got the right key"); SecPadding padding = kSecPaddingPKCS1; const uint8_t *src = (const uint8_t *)"defgh"; size_t srcLen = 5; uint8_t dst[5]; size_t dstLen = 5; ok_status(SecKeyDecrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyDecrypt"); ok_status(SecKeyEncrypt(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyEncrypt"); ok_status(SecKeyRawSign(customKey, padding, src, srcLen, dst, &dstLen), "SecKeyRawSign"); ok_status(SecKeyRawVerify(customKey, padding, src, srcLen, dst, dstLen), "SecKeyRawVerify"); is(SecKeyGetSize(customKey, kSecKeyKeySizeInBits), (size_t)5*8, "SecKeyGetSize"); CFDictionaryRef attrDict = NULL; ok(attrDict = SecKeyCopyAttributeDictionary(customKey), "SecKeyCopyAttributeDictionary"); CFReleaseNull(attrDict); CFDataRef pubdata = NULL; ok(SecKeyCopyPublicBytes(customKey, &pubdata) != 0, "SecKeyCopyPublicBytes"); CFReleaseNull(pubdata); CFDataRef wrapped; wrapped = _SecKeyCopyWrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyWrapKey"); CFReleaseNull(wrapped); wrapped = _SecKeyCopyUnwrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL); ok(wrapped == NULL, "_SecKeyCopyUnwrapKey"); CFReleaseNull(wrapped); //ok(SecKeyGeneratePair(customKey, ), "SecKeyGeneratePair"); ok(SecKeyGetTypeID() != 0, "SecKeyGetTypeID works"); if (customKey) { CFRelease(customKey); customKey = NULL; } }
OSStatus sslRsaDecrypt( SSLContext *ctx, SSLPrivKey *privKey, const uint32_t padding, const uint8_t *cipherText, size_t cipherTextLen, uint8_t *plainText, // mallocd by caller; RETURNED size_t plainTextLen, // available size_t *actualBytes) // RETURNED { #if 0 gi_uint16 giPlainTextLen = plainTextLen; RSAStatus rsaStatus; assert(actualBytes != NULL); rsaStatus = RSA_Decrypt(&privKey->rsaKey, RP_PKCS1, cipherText, cipherTextLen, plainText, &giPlainTextLen); *actualBytes = giPlainTextLen; return rsaStatus ? rsaStatusToSSL(rsaStatus) : noErr; #else size_t ptlen = plainTextLen; assert(actualBytes != NULL); OSStatus status = SecKeyDecrypt(SECKEYREF(privKey), padding, cipherText, cipherTextLen, plainText, &ptlen); *actualBytes = ptlen; if (status) { sslErrorLog("sslRsaDecrypt: SecKeyDecrypt failed (error %d)\n", status); } return status; #endif }
size_t crypt_apple_private_decrypt(void* encrypted_data, size_t encrypted_data_size, void* data, size_t data_size) { SecKeyRef privateKey = _crypt_get_private_key(); size_t len = 0; if (privateKey != NULL) { len = data_size; OSStatus err = SecKeyDecrypt(privateKey, kSecPaddingOAEP, encrypted_data, encrypted_data_size, data, &len); if (err != noErr) len = 0; CFRelease(privateKey); } return len; }