static
int mySSLPrivKeyRSA_decrypt(void *key, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen)
{
SecKeyRef keyRef = key;
return SecKeyDecrypt(keyRef, kSecPaddingPKCS1, ciphertext, ciphertextLen, plaintext, plaintextLen);
}
/* Test basic add delete update copy matching stuff. */
static void tests(SecKeyDescriptor *descriptor)
{
const uint8_t *keyData = (const uint8_t *)"abc";
CFIndex keyDataLength = 3;
SecKeyEncoding encoding = kSecKeyEncodingRaw;
ok(customKey = SecKeyCreate(kCFAllocatorDefault,
descriptor, keyData, keyDataLength, encoding),
"create custom key");
is(customKey, initedCustomKey, "CustomKeyInit got the right key");
SecPadding padding = kSecPaddingPKCS1;
const uint8_t *src = (const uint8_t *)"defgh";
size_t srcLen = 5;
uint8_t dst[5];
size_t dstLen = 5;
ok_status(SecKeyDecrypt(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyDecrypt");
ok_status(SecKeyEncrypt(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyEncrypt");
ok_status(SecKeyRawSign(customKey, padding, src, srcLen, dst, &dstLen),
"SecKeyRawSign");
ok_status(SecKeyRawVerify(customKey, padding, src, srcLen, dst, dstLen),
"SecKeyRawVerify");
is(SecKeyGetSize(customKey, kSecKeyKeySizeInBits), (size_t)5*8, "SecKeyGetSize");
CFDictionaryRef attrDict = NULL;
ok(attrDict = SecKeyCopyAttributeDictionary(customKey),
"SecKeyCopyAttributeDictionary");
CFReleaseNull(attrDict);
CFDataRef pubdata = NULL;
ok(SecKeyCopyPublicBytes(customKey, &pubdata) != 0, "SecKeyCopyPublicBytes");
CFReleaseNull(pubdata);
CFDataRef wrapped;
wrapped = _SecKeyCopyWrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL);
ok(wrapped == NULL, "_SecKeyCopyWrapKey");
CFReleaseNull(wrapped);
wrapped = _SecKeyCopyUnwrapKey(customKey, kSecKeyWrapPublicKeyPGP, pubdata, NULL, NULL, NULL);
ok(wrapped == NULL, "_SecKeyCopyUnwrapKey");
CFReleaseNull(wrapped);
//ok(SecKeyGeneratePair(customKey, ), "SecKeyGeneratePair");
ok(SecKeyGetTypeID() != 0, "SecKeyGetTypeID works");
if (customKey) {
CFRelease(customKey);
customKey = NULL;
}
}
OSStatus sslRsaDecrypt(
SSLContext *ctx,
SSLPrivKey *privKey,
const uint32_t padding,
const uint8_t *cipherText,
size_t cipherTextLen,
uint8_t *plainText, // mallocd by caller; RETURNED
size_t plainTextLen, // available
size_t *actualBytes) // RETURNED
{
#if 0
gi_uint16 giPlainTextLen = plainTextLen;
RSAStatus rsaStatus;
assert(actualBytes != NULL);
rsaStatus = RSA_Decrypt(&privKey->rsaKey,
RP_PKCS1,
cipherText,
cipherTextLen,
plainText,
&giPlainTextLen);
*actualBytes = giPlainTextLen;
return rsaStatus ? rsaStatusToSSL(rsaStatus) : noErr;
#else
size_t ptlen = plainTextLen;
assert(actualBytes != NULL);
OSStatus status = SecKeyDecrypt(SECKEYREF(privKey), padding,
cipherText, cipherTextLen, plainText, &ptlen);
*actualBytes = ptlen;
if (status) {
sslErrorLog("sslRsaDecrypt: SecKeyDecrypt failed (error %d)\n", status);
}
return status;
#endif
}
size_t crypt_apple_private_decrypt(void* encrypted_data, size_t encrypted_data_size, void* data, size_t data_size) {
SecKeyRef privateKey = _crypt_get_private_key();
size_t len = 0;
if (privateKey != NULL) {
len = data_size;
OSStatus err = SecKeyDecrypt(privateKey, kSecPaddingOAEP, encrypted_data, encrypted_data_size, data, &len);
if (err != noErr)
len = 0;
CFRelease(privateKey);
}
return len;
}
