TakeScoop · Jianhaos · Dec 18, 2024
diff --git a/Source/ClearMessage.swift b/Source/ClearMessage.swift
@@ -50,49 +50,16 @@ public class ClearMessage: Message {
     ///
     /// - Parameters:
     ///   - key: Public key to encrypt the clear message with
-    ///   - padding: Padding to use during the encryption
+    ///   - algorithm: Algorithm to use during the encryption
     /// - Returns: Encrypted message
     /// - Throws: SwiftyRSAError
-    public func encrypted(with key: PublicKey, padding: Padding) throws -> EncryptedMessage {
-
-        let blockSize = SecKeyGetBlockSize(key.reference)
-
-        var maxChunkSize: Int
-        switch padding {
-        case []:
-            maxChunkSize = blockSize
-        case .OAEP:
-            maxChunkSize = blockSize - 42
-        default:
-            maxChunkSize = blockSize - 11
-        }
-
-        var decryptedDataAsArray = [UInt8](repeating: 0, count: data.count)
-        (data as NSData).getBytes(&decryptedDataAsArray, length: data.count)
-
-        var encryptedDataBytes = [UInt8](repeating: 0, count: 0)
-        var idx = 0
-        while idx < decryptedDataAsArray.count {
-
-            let idxEnd = min(idx + maxChunkSize, decryptedDataAsArray.count)
-            let chunkData = [UInt8](decryptedDataAsArray[idx..<idxEnd])
-
-            var encryptedDataBuffer = [UInt8](repeating: 0, count: blockSize)
-            var encryptedDataLength = blockSize
-
-            let status = SecKeyEncrypt(key.reference, padding, chunkData, chunkData.count, &encryptedDataBuffer, &encryptedDataLength)
-
-            guard status == noErr else {
-                throw SwiftyRSAError.chunkEncryptFailed(index: idx)
-            }
-
-            encryptedDataBytes += encryptedDataBuffer
-
-            idx += maxChunkSize
+    public func encrypted(with key: PublicKey, algorithm: Algorithm) throws -> EncryptedMessage {
+        var error: Unmanaged<CFError>?
+        let encryptedData = SecKeyCreateEncryptedData(key.reference, algorithm, data as CFData, &error)
+        guard let encryptedData else {
+            throw SwiftyRSAError.encryptFailed(error: error?.takeRetainedValue())
         }
-
-        let encryptedData = Data(bytes: encryptedDataBytes, count: encryptedDataBytes.count)
-        return EncryptedMessage(data: encryptedData)
+        return EncryptedMessage(data: encryptedData as Data)
     }
 
     /// Signs a clear message using a private key.
@@ -105,29 +72,12 @@ public class ClearMessage: Message {
     /// - Returns: Signature of the clear message after signing it with the specified digest type.
     /// - Throws: SwiftyRSAError
     public func signed(with key: PrivateKey, digestType: Signature.DigestType) throws -> Signature {
-
-        let digest = self.digest(digestType: digestType)
-        let blockSize = SecKeyGetBlockSize(key.reference)
-        let maxChunkSize = blockSize - 11
-
-        guard digest.count <= maxChunkSize else {
-            throw SwiftyRSAError.invalidDigestSize(digestSize: digest.count, maxChunkSize: maxChunkSize)
-        }
-
-        var digestBytes = [UInt8](repeating: 0, count: digest.count)
-        (digest as NSData).getBytes(&digestBytes, length: digest.count)
-
-        var signatureBytes = [UInt8](repeating: 0, count: blockSize)
-        var signatureDataLength = blockSize
-
-        let status = SecKeyRawSign(key.reference, digestType.padding, digestBytes, digestBytes.count, &signatureBytes, &signatureDataLength)
-
-        guard status == noErr else {
-            throw SwiftyRSAError.signatureCreateFailed(status: status)
+        var error: Unmanaged<CFError>?
+        let signatureData = SecKeyCreateSignature(key.reference, digestType.algorithm, digest(digestType: digestType) as CFData, &error)
+        guard let signatureData else {
+            throw SwiftyRSAError.signatureCreateFailed(error: error?.takeRetainedValue())
         }
-
-        let signatureData = Data(bytes: signatureBytes, count: signatureBytes.count)
-        return Signature(data: signatureData)
+        return Signature(data: signatureData as Data)
     }
 
     /// Verifies the signature of a clear message.
@@ -139,23 +89,11 @@ public class ClearMessage: Message {
     /// - Returns: Result of the verification
     /// - Throws: SwiftyRSAError
     public func verify(with key: PublicKey, signature: Signature, digestType: Signature.DigestType) throws -> Bool {
-
-        let digest = self.digest(digestType: digestType)
-        var digestBytes = [UInt8](repeating: 0, count: digest.count)
-        (digest as NSData).getBytes(&digestBytes, length: digest.count)
-
-        var signatureBytes = [UInt8](repeating: 0, count: signature.data.count)
-        (signature.data as NSData).getBytes(&signatureBytes, length: signature.data.count)
-
-        let status = SecKeyRawVerify(key.reference, digestType.padding, digestBytes, digestBytes.count, signatureBytes, signatureBytes.count)
-
-        if status == errSecSuccess {
-            return true
-        } else if status == -9809 {
-            return false
-        } else {
-            throw SwiftyRSAError.signatureVerifyFailed(status: status)
+        var error: Unmanaged<CFError>?
+        guard error == nil else {
+            throw SwiftyRSAError.signatureVerifyFailed(error: error?.takeRetainedValue())
         }
+        return SecKeyVerifySignature(key.reference, digestType.algorithm, digest(digestType: digestType) as CFData, signature.data as CFData, &error)
     }
 
     func digest(digestType: Signature.DigestType) -> Data {

diff --git a/Source/EncryptedMessage.swift b/Source/EncryptedMessage.swift
@@ -24,36 +24,15 @@ public class EncryptedMessage: Message {
     ///
     /// - Parameters:
     ///   - key: Private key to decrypt the mssage with
-    ///   - padding: Padding to use during the decryption
+    ///   - algorithm: Algorithm to use during the decryption
     /// - Returns: Clear message
     /// - Throws: SwiftyRSAError
-    public func decrypted(with key: PrivateKey, padding: Padding) throws -> ClearMessage {
-        let blockSize = SecKeyGetBlockSize(key.reference)
-
-        var encryptedDataAsArray = [UInt8](repeating: 0, count: data.count)
-        (data as NSData).getBytes(&encryptedDataAsArray, length: data.count)
-
-        var decryptedDataBytes = [UInt8](repeating: 0, count: 0)
-        var idx = 0
-        while idx < encryptedDataAsArray.count {
-
-            let idxEnd = min(idx + blockSize, encryptedDataAsArray.count)
-            let chunkData = [UInt8](encryptedDataAsArray[idx..<idxEnd])
-
-            var decryptedDataBuffer = [UInt8](repeating: 0, count: blockSize)
-            var decryptedDataLength = blockSize
-
-            let status = SecKeyDecrypt(key.reference, padding, chunkData, idxEnd-idx, &decryptedDataBuffer, &decryptedDataLength)
-            guard status == noErr else {
-                throw SwiftyRSAError.chunkDecryptFailed(index: idx)
-            }
-
-            decryptedDataBytes += [UInt8](decryptedDataBuffer[0..<decryptedDataLength])
-
-            idx += blockSize
+    public func decrypted(with key: PrivateKey, algorithm: Algorithm) throws -> ClearMessage {
+        var error: Unmanaged<CFError>?
+        let decryptedData = SecKeyCreateDecryptedData(key.reference, algorithm, data as CFData, &error)
+        guard let decryptedData else {
+            throw SwiftyRSAError.decryptFailed(error: error?.takeRetainedValue())
         }
-
-        let decryptedData = Data(bytes: decryptedDataBytes, count: decryptedDataBytes.count)
-        return ClearMessage(data: decryptedData)
+        return ClearMessage(data: decryptedData as Data)
     }
 }
diff --git a/Source/Signature.swift b/Source/Signature.swift
@@ -17,13 +17,13 @@ public class Signature {
         case sha384
         case sha512
 
-        var padding: Padding {
+        var algorithm: Algorithm {
             switch self {
-            case .sha1: return .PKCS1SHA1
-            case .sha224: return .PKCS1SHA224
-            case .sha256: return .PKCS1SHA256
-            case .sha384: return .PKCS1SHA384
-            case .sha512: return .PKCS1SHA512
+            case .sha1: return .rsaSignatureDigestPKCS1v15SHA1
+            case .sha224: return .rsaSignatureDigestPKCS1v15SHA224
+            case .sha256: return .rsaSignatureDigestPKCS1v15SHA256
+            case .sha384: return .rsaSignatureDigestPKCS1v15SHA384
+            case .sha512: return .rsaSignatureDigestPKCS1v15SHA512
             }
         }
     }

diff --git a/Source/SwiftyRSA+ObjC.swift b/Source/SwiftyRSA+ObjC.swift
@@ -210,8 +210,8 @@ public class _objc_ClearMessage: NSObject, Message, ObjcBridgeable { // swiftlin
         return try swiftValue.string(encoding: encoding)
     }
 
-    @objc public func encrypted(with key: _objc_PublicKey, padding: Padding) throws -> _objc_EncryptedMessage {
-        let encryptedMessage = try swiftValue.encrypted(with: key.swiftValue, padding: padding)
+    @objc public func encrypted(with key: _objc_PublicKey, algorithm: Algorithm) throws -> _objc_EncryptedMessage {
+        let encryptedMessage = try swiftValue.encrypted(with: key.swiftValue, algorithm: algorithm)
         return _objc_EncryptedMessage(swiftValue: encryptedMessage)
     }
 
@@ -253,8 +253,8 @@ public class _objc_EncryptedMessage: NSObject, Message, ObjcBridgeable { // swif
         self.swiftValue = try EncryptedMessage(base64Encoded: base64String)
     }
 
-    @objc public func decrypted(with key: _objc_PrivateKey, padding: Padding) throws -> _objc_ClearMessage {
-        let clearMessage = try swiftValue.decrypted(with: key.swiftValue, padding: padding)
+    @objc public func decrypted(with key: _objc_PrivateKey, algorithm: Algorithm) throws -> _objc_ClearMessage {
+        let clearMessage = try swiftValue.decrypted(with: key.swiftValue, algorithm: algorithm)
         return _objc_ClearMessage(swiftValue: clearMessage)
     }
 }

diff --git a/Source/SwiftyRSA.swift b/Source/SwiftyRSA.swift
@@ -10,7 +10,7 @@
 import Foundation
 import Security
 
-public typealias Padding = SecPadding
+public typealias Algorithm = SecKeyAlgorithm
 
 public enum SwiftyRSA {
 

diff --git a/Source/SwiftyRSAError.swift b/Source/SwiftyRSAError.swift
@@ -22,13 +22,13 @@ public enum SwiftyRSAError: Error {
     case invalidAsn1RootNode
     case invalidAsn1Structure
     case invalidBase64String
-    case chunkDecryptFailed(index: Int)
-    case chunkEncryptFailed(index: Int)
+    case decryptFailed(error: CFError?)
+    case encryptFailed(error: CFError?)
     case stringToDataConversionFailed
     case dataToStringConversionFailed
     case invalidDigestSize(digestSize: Int, maxChunkSize: Int)
-    case signatureCreateFailed(status: OSStatus)
-    case signatureVerifyFailed(status: OSStatus)
+    case signatureCreateFailed(error: CFError?)
+    case signatureVerifyFailed(error: CFError?)
     case pemFileNotFound(name: String)
     case derFileNotFound(name: String)
     case notAPublicKey
@@ -61,20 +61,20 @@ extension SwiftyRSAError: LocalizedError {
             return "Couldn't parse the provided key because it has an unexpected ASN1 structure"
         case .invalidBase64String:
             return "The provided string is not a valid Base 64 string"
-        case .chunkDecryptFailed(let index):
-            return "Couldn't decrypt chunk at index \(index)"
-        case .chunkEncryptFailed(let index):
-            return "Couldn't encrypt chunk at index \(index)"
+        case .decryptFailed(let error):
+            return "Couldn't decrypt data: CFError \(String(describing: error))"
+        case .encryptFailed(let error):
+            return "Couldn't encrypt data: CFError \(String(describing: error))"
         case .stringToDataConversionFailed:
             return "Couldn't convert string to data using specified encoding"
         case .dataToStringConversionFailed:
             return "Couldn't convert data to string representation"
         case .invalidDigestSize(let digestSize, let maxChunkSize):
             return "Provided digest type produces a size (\(digestSize)) that is bigger than the maximum chunk size \(maxChunkSize) of the RSA key"
-        case .signatureCreateFailed(let status):
-            return "Couldn't sign provided data: OSStatus \(status)"
-        case .signatureVerifyFailed(let status):
-            return "Couldn't verify signature of the provided data: OSStatus \(status)"
+        case .signatureCreateFailed(let error):
+            return "Couldn't sign provided data: CFError \(String(describing: error))"
+        case .signatureVerifyFailed(let error):
+            return "Couldn't verify signature of the provided data: CFError \(String(describing: error))"
         case .pemFileNotFound(let name):
             return "Couldn't find a PEM file named '\(name)'"
         case .derFileNotFound(let name):