I am working with data encrypted outside of the SecurityFramework, from another platform using Go libs.
I am able to decrypt this on Win10 using the BCRYPT lib, but on Mac I am failing.
When I run the decrypt transform on data that is AES256 CBC encrypted, I receive an error on line 36 below
""CSSMERR_CSP_INVALID_DATA" UserInfo={NSDescription=CSSMERR_CSP_INVALID_DATA}"
Can the Decrypt transform in the Security Framework only decrypt data created from the Encrypt transform in the Security Framework?
All the examples that I found use cipher data that was created within the macOS frameworks.
// ------------------ CREATE input data ------------------
cfEncryptedData = CFDataCreate( kCFAllocatorDefault, (const UInt8*)externalBinaryData, externalBinaryDataSize);
// ------------------ CREATE key object from data ------------------
cfParameters = CFDictionaryCreateMutable( kCFAllocatorDefault, 0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
CFDictionarySetValue(cfParameters, kSecAttrKeyType, kSecAttrKeyTypeAES);
int keySizeInBits = kSecAES256;
cfKeySizeInBits = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keySizeInBits);
CFDictionarySetValue(cfParameters, kSecAttrKeySizeInBits, cfKeySizeInBits);
cfAesKey = CFDataCreate( kCFAllocatorDefault, (const UInt8*)aes_key, aes_keySize);
secAesBlob = SecKeyCreateFromData(cfParameters, cfAesKey, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
// ------------------ CREATE decryption transform ------------------
secDecryptTransform = SecDecryptTransformCreate(secAesBlob, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
SecTransformSetAttribute(secDecryptTransform, kSecTransformInputAttributeName, cfEncryptedData, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
// ------------------ SET attributes ------------------
SecTransformSetAttribute( secDecryptTransform, kSecInputIsAttributeName, kSecInputIsRaw, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
SecTransformSetAttribute( secDecryptTransform, kSecEncryptionMode, kSecModeCBCKey, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
cfIV = CFDataCreate( kCFAllocatorDefault, (const UInt8*)iv, 16);
SecTransformSetAttribute( secDecryptTransform, kSecIVKey, cfIV, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }
// ------------------ RUN decryption transform ------------------
cfDecryptedData = (CFDataRef)SecTransformExecute(secDecryptTransform, &error);
if (error) { CFShow(error); ret = -1; goto cleanup; }