Objective c RSA with OAEP padding sha256 prior ios 10

Question

I am working on an encryption method in the iPhone with the RSA encryption method, so far i could achieve getting the encryption string with this method, the string is successfully decrypted by the server.

SecKeyRef keyRef = [self addPublicKey:pubKey];

SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA256;

if (!keyRef) {
    return nil;
}

BOOL canEncrypt =  SecKeyIsAlgorithmSupported(keyRef, kSecKeyOperationTypeEncrypt, algorithm);

if (canEncrypt) {
    CFErrorRef error = NULL;
    NSData *encryptedData = (NSData *)CFBridgingRelease(
                                                        SecKeyCreateEncryptedData(keyRef, algorithm, (__bridge CFDataRef) content, &error)
    );

    if (encryptedData) {
        return encryptedData;
    }else{
        NSError *err = CFBridgingRelease(error);
        NSLog(@"Ocurrió un error %@", err.localizedDescription);
        return nil;
    }
}

This method works for ios 10 and newer, what i need is to know how to set the algorithm in prior ios versions, my code is the following

SecKeyRef keyRef = [self addPublicKey:pubKey];
if (!keyRef) {
    return nil;
}

size_t cipherBufferSize = SecKeyGetBlockSize(keyRef);
uint8_t *cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t));
memset((void *)cipherBuffer, 0*0, cipherBufferSize);

NSData *plainTextBytes = content;
size_t blockSize = cipherBufferSize - 11;
size_t blockCount = (size_t)ceil([plainTextBytes length] / (double)blockSize);

NSMutableData *encryptedData = [NSMutableData dataWithCapacity:0];

for (int i=0; i<blockCount; i++) {

    int bufferSize = (int)MIN(blockSize,[plainTextBytes length] - i * blockSize);
    NSData *buffer = [plainTextBytes subdataWithRange:NSMakeRange(i * blockSize, bufferSize)];
    OSStatus status = SecKeyEncrypt(keyRef,
                                    kSecPaddingOAEP,
                                    (const uint8_t *)[buffer bytes],
                                    [buffer length],
                                    cipherBuffer,
                                    &cipherBufferSize);

    if (status == noErr){
        NSData *encryptedBytes = [NSData dataWithBytes:(const void *)cipherBuffer length:cipherBufferSize];
        [encryptedData appendData:encryptedBytes];

    }else{

        if (cipherBuffer) {
            free(cipherBuffer);
        }
        return nil;
    }
}
if (cipherBuffer) free(cipherBuffer);

So far i can see that in the version of ios 10 you can set the algorithm with this line

SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSAEncryptionOAEPSHA256;

my question is, how do i get that algorithm in the early version of ios, the second code i post can't be decrypted.

Thanks for your help

Answer 1

If you are using OAEP padding with SecKeyEncrypt, you can only use kSecPaddingOAEP, which is SHA1. Unfortunately you cannot use OAEP SHA256 with SecKeyEncrypt.