User Profile

Posts

Posts

Post marked as solved
3 Replies
823 Views

Is Decrypt transform only able to decrypt data created from the Encrypt transform?

I am working with data encrypted outside of the SecurityFramework, from another platform using Go libs.I am able to decrypt this on Win10 using the BCRYPT lib, but on Mac I am failing.When I run the decrypt transform on data that is AES256 CBC encrypted, I receive an error on line 36 below""CSSMERR_CSP_INVALID_DATA" UserInfo={NSDescription=CSSMERR_CSP_INVALID_DATA}"Can the Decrypt transform in the Security Framework only decrypt data created from the Encrypt transform in the Security Framework?All the examples that I found use cipher data that was created within the macOS frameworks. // ------------------ CREATE input data ------------------ cfEncryptedData = CFDataCreate( kCFAllocatorDefault, (const UInt8*)externalBinaryData, externalBinaryDataSize); // ------------------ CREATE key object from data ------------------ cfParameters = CFDictionaryCreateMutable( kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(cfParameters, kSecAttrKeyType, kSecAttrKeyTypeAES); int keySizeInBits = kSecAES256; cfKeySizeInBits = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keySizeInBits); CFDictionarySetValue(cfParameters, kSecAttrKeySizeInBits, cfKeySizeInBits); cfAesKey = CFDataCreate( kCFAllocatorDefault, (const UInt8*)aes_key, aes_keySize); secAesBlob = SecKeyCreateFromData(cfParameters, cfAesKey, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } // ------------------ CREATE decryption transform ------------------ secDecryptTransform = SecDecryptTransformCreate(secAesBlob, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } SecTransformSetAttribute(secDecryptTransform, kSecTransformInputAttributeName, cfEncryptedData, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } // ------------------ SET attributes ------------------ SecTransformSetAttribute( secDecryptTransform, kSecInputIsAttributeName, kSecInputIsRaw, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } SecTransformSetAttribute( secDecryptTransform, kSecEncryptionMode, kSecModeCBCKey, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } cfIV = CFDataCreate( kCFAllocatorDefault, (const UInt8*)iv, 16); SecTransformSetAttribute( secDecryptTransform, kSecIVKey, cfIV, &error); if (error) { CFShow(error); ret = -1; goto cleanup; } // ------------------ RUN decryption transform ------------------ cfDecryptedData = (CFDataRef)SecTransformExecute(secDecryptTransform, &error); if (error) { CFShow(error); ret = -1; goto cleanup; }
Posted
by mwilga.
Last updated
.