为什么SecKeyEncrypt会为超过246字节的输入字符串返回paramErr(-50)？

Question

为什么SecKeyEncrypt会为超过246字节的输入字符串返回paramErr(-50)？

我使用SecKeyEncryptJSON格式的字符串作为输入.如果传递SecKeyEncrypt一个小于246的plainTextLength,它就可以工作.如果我传给它的长度为246或更长,则失败并返回值:paramErr (-50).

它可能是字符串本身的问题.我可能发送的一个例子SecKeyEncrypt是:

{"handle":"music-list","sym_key":"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALeaEO7ZrjgOFGLBzBHZtQuzH2GNDYMLWP+fIFNu5Y+59C6HECY+jt0yOXXom2mzp/WYYI/9G+Ig8OD6YiKv2nMCAwEAAQ==","app_id":"xgfdt.LibraryTestApp","api_key":"7e080f74de3625b90dd293fc8be560a5cdfafc08"}

第245个字符为'0'.

在此工作之间切换的唯一输入是plainTextLength.SecKeyGetBlockSize()正在向我返回256,所以任何长达256个字符的输入都应该有效.

这是我的加密方法:

+ (NSData*)encrypt:(NSString*)data usingPublicKeyWithTag:(NSString*)tag
{

    OSStatus status = noErr;

    size_t cipherBufferSize;
    uint8_t *cipherBuffer;

    // [cipherBufferSize]
    size_t dataSize = 246;//[data lengthOfBytesUsingEncoding:NSUTF8StringEncoding];
    const uint8_t* textData = [[data dataUsingEncoding:NSUTF8StringEncoding] bytes];

    SecKeyRef publicKey = [Encryption copyPublicKeyForTag:tag];

    NSAssert(publicKey, @"The public key being referenced by tag must have been stored in the keychain before attempting to encrypt data using it!");

    //  Allocate a buffer

    cipherBufferSize = SecKeyGetBlockSize(publicKey);
    // this value will not get modified, whereas cipherBufferSize may.
    const size_t fullCipherBufferSize = cipherBufferSize;
    cipherBuffer = malloc(cipherBufferSize);

    NSMutableData* accumulatedEncryptedData = [NSMutableData dataWithCapacity:0];

    //  Error handling

    for (int ii = 0; ii*fullCipherBufferSize < dataSize; ii++) {
        const uint8_t* dataToEncrypt = (textData+(ii*fullCipherBufferSize));
        const size_t subsize = (((ii+1)*fullCipherBufferSize) > dataSize) ? fullCipherBufferSize-(((ii+1)*fullCipherBufferSize) - dataSize) : fullCipherBufferSize;

        // Encrypt using the public key.
        status = SecKeyEncrypt(    publicKey,
                               kSecPaddingPKCS1,
                               dataToEncrypt,
                               subsize,
                               cipherBuffer,
                               &cipherBufferSize
                               );

        [accumulatedEncryptedData appendBytes:cipherBuffer length:cipherBufferSize];
    }

    if (publicKey) CFRelease(publicKey);

    free(cipherBuffer);

    return accumulatedEncryptedData;
}

Answer 1

Lil*_*ard 9

从文档:

plainTextLen
plainText缓冲区中数据的长度(以字节为单位).它必须小于或等于SecKeyGetBlockSize函数返回的值.执行PKCS1填充时,可加密的最大数据长度比SecKeyGetBlockSize函数返回的值小11个字节(secKeyGetBlockSize() - 11).

(强调我的)

您正在使用PKCS1填充.因此,如果块大小为256,则一次最多只能加密245个字节.

归档时间：	12 年，10 月前
查看次数：	1954 次
最近记录：	12 年，10 月前