3 Replies
      Latest reply on Jan 10, 2020 9:21 AM by mwilga
      mwilga Level 1 Level 1 (0 points)

        I am working with data encrypted outside of the SecurityFramework, from another platform using Go libs.

        I am able to decrypt this on Win10 using the BCRYPT lib, but on Mac I am failing.

         

        When I run the decrypt transform on data that is AES256 CBC encrypted, I receive an error on line 36 below

        ""CSSMERR_CSP_INVALID_DATA" UserInfo={NSDescription=CSSMERR_CSP_INVALID_DATA}"

         

        Can the Decrypt transform in the Security Framework only decrypt data created from the Encrypt transform in the Security Framework?

        All the examples that I found use cipher data that was created within the macOS frameworks.

         

            // ------------------ CREATE input data ------------------
            cfEncryptedData = CFDataCreate( kCFAllocatorDefault, (const UInt8*)externalBinaryData, externalBinaryDataSize);
        
            // ------------------ CREATE key object from data ------------------
            cfParameters = CFDictionaryCreateMutable( kCFAllocatorDefault, 0,
                                                    &kCFTypeDictionaryKeyCallBacks,
                                                    &kCFTypeDictionaryValueCallBacks);
            
            CFDictionarySetValue(cfParameters, kSecAttrKeyType, kSecAttrKeyTypeAES);
        
            int keySizeInBits = kSecAES256;
            cfKeySizeInBits = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keySizeInBits);
            CFDictionarySetValue(cfParameters, kSecAttrKeySizeInBits, cfKeySizeInBits);
            
            cfAesKey = CFDataCreate( kCFAllocatorDefault, (const UInt8*)aes_key, aes_keySize);
            secAesBlob = SecKeyCreateFromData(cfParameters, cfAesKey, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
        
            // ------------------ CREATE decryption transform ------------------
            secDecryptTransform = SecDecryptTransformCreate(secAesBlob, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
            SecTransformSetAttribute(secDecryptTransform, kSecTransformInputAttributeName, cfEncryptedData, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
        
            // ------------------ SET attributes ------------------
            SecTransformSetAttribute( secDecryptTransform, kSecInputIsAttributeName, kSecInputIsRaw, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
            SecTransformSetAttribute( secDecryptTransform, kSecEncryptionMode, kSecModeCBCKey, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
            cfIV = CFDataCreate( kCFAllocatorDefault, (const UInt8*)iv, 16);
            SecTransformSetAttribute( secDecryptTransform, kSecIVKey, cfIV, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }
        
            // ------------------ RUN decryption transform ------------------
            cfDecryptedData = (CFDataRef)SecTransformExecute(secDecryptTransform, &error);
            if (error) { CFShow(error); ret = -1; goto cleanup; }