Nik*_*nov 5 cocoa-touch rsa objective-c ios
我正在尝试使用SecKeyEncrypt函数使用PKCS1填充实现RSA加密.
代码如下:
NSData *encryptText(NSString *text, SecKeyRef publicKey)
{
NSCParameterAssert(text.length > 0);
NSCParameterAssert(publicKey != NULL);
NSData *dataToEncrypt = [text dataUsingEncoding:NSUTF8StringEncoding];
const uint8_t *bytesToEncrypt = dataToEncrypt.bytes;
size_t cipherBufferSize = SecKeyGetBlockSize(publicKey);
NSCAssert(cipherBufferSize > 11, @"block size is too small: %zd", cipherBufferSize);
const size_t inputBlockSize = cipherBufferSize - 11; // since we'll use PKCS1 padding
uint8_t *cipherBuffer = (uint8_t *) malloc(sizeof(uint8_t) * cipherBufferSize);
NSMutableData *accumulator = [[NSMutableData alloc] init];
@try {
for (size_t block = 0; block * inputBlockSize < dataToEncrypt.length; block++) {
size_t blockOffset = block * inputBlockSize;
const uint8_t *chunkToEncrypt = (bytesToEncrypt + block * inputBlockSize);
const size_t remainingSize = dataToEncrypt.length - blockOffset;
const size_t subsize = remainingSize < inputBlockSize ? remainingSize : inputBlockSize;
size_t actualOutputSize = cipherBufferSize;
OSStatus status = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, chunkToEncrypt, subsize, cipherBuffer, &actualOutputSize);
if (status != noErr) {
NSLog(@"Cannot encrypt data, last SecKeyEncrypt status: %ld", status);
return nil;
}
[accumulator appendBytes:cipherBuffer length:actualOutputSize];
}
return [accumulator copy];
}
@finally {
free(cipherBuffer);
}
}
它在iOS 6上运行完美,但在iOS 5上失败,SecKeyEncrypt返回-50(errSecParam).如果我将11改为12,它将适用于iOS 5 inputBlockSize = cipherBufferSize - 11.Apple doc说SecKeyGetBlockSize() - 11如果使用PKCS1填充,输入块长度应该小于或等于.但在iOS 5上它肯定需要更短的输入.
根据文档,我的密钥块大小为64,因此输入块最大长度为53.在iOS 5上只有52或更少可以使用.
这段代码出了什么问题?或者是iOS 5 Security.framework错误?
UPD:问题仅使用512位密钥重现.尝试使用生成的1024位密钥,代码适用于iOS 511
相关Apple文档:http://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/Reference/reference.html#//apple_ref/c/func/SecKeyEncrypt