--- /dev/null
+/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * CipherFileFEED.c - FEED and FEEDExp related cipherfile support
+ *
+ * Revision History
+ * ----------------
+ * 24 Jun 97 at Apple
+ * Fixed memory leaks via sigData
+ * 18 Feb 97 at Apple
+ * Split off from feeCipherFile.c
+ */
+
+#include "ckconfig.h"
+
+#if CRYPTKIT_CIPHERFILE_ENABLE
+
+#include "Crypt.h"
+#include "CipherFileFEED.h"
+#include "falloc.h"
+#include "feeDebug.h"
+
+feeReturn createFEED(feePubKey sendPrivKey, // required
+ feePubKey recvPubKey,
+ const unsigned char *plainText,
+ unsigned plainTextLen,
+ int genSig, // 1 ==> generate signature
+ unsigned userData, // for caller's convenience
+ feeCipherFile *cipherFile) // RETURNED if successful
+{
+ feeReturn frtn;
+ feeFEED feed = NULL;
+ unsigned char *cipherText = NULL;
+ unsigned cipherTextLen;
+ unsigned char *sigData = NULL;
+ unsigned sigDataLen = 0;
+ feeCipherFile cfile = NULL;
+ unsigned char *pubKeyString = NULL; // of sendPrivKey
+ unsigned pubKeyStringLen = 0;
+
+ if((sendPrivKey == NULL) || (recvPubKey == NULL)) {
+ return FR_BadPubKey;
+ }
+
+ /*
+ * FEED encrypt plaintext
+ */
+ feed = feeFEEDNewWithPubKey(sendPrivKey, recvPubKey, FF_ENCRYPT, NULL, NULL);
+ if(feed == NULL) {
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+ frtn = feeFEEDEncrypt(feed,
+ plainText,
+ plainTextLen,
+ &cipherText,
+ &cipherTextLen);
+ if(frtn) {
+ goto out;
+ }
+
+ /*
+ * Sender's public key string
+ */
+ frtn = feePubKeyCreateKeyString(sendPrivKey,
+ (char **)&pubKeyString,
+ &pubKeyStringLen);
+ if(frtn) {
+ /*
+ * Huh?
+ */
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+
+ if(genSig) {
+ /*
+ * We generate signature on ciphertext by convention.
+ */
+ frtn = feePubKeyCreateSignature(sendPrivKey,
+ cipherText,
+ cipherTextLen,
+ &sigData,
+ &sigDataLen);
+ if(frtn) {
+ goto out;
+ }
+ }
+
+ /*
+ * Cons up a cipherfile
+ */
+ cfile = feeCFileNewFromCipherText(CFE_FEED,
+ cipherText,
+ cipherTextLen,
+ pubKeyString,
+ pubKeyStringLen,
+ NULL,
+ 0,
+ sigData,
+ sigDataLen,
+ userData);
+ if(cfile == NULL) {
+ frtn = FR_Internal;
+ goto out;
+ }
+
+out:
+ /* free alloc'd stuff */
+
+ if(cipherText) {
+ ffree(cipherText);
+ }
+ if(feed) {
+ feeFEEDFree(feed);
+ }
+ if(pubKeyString) {
+ ffree(pubKeyString);
+ }
+ if(sigData) {
+ ffree(sigData);
+ }
+ *cipherFile = cfile;
+ return frtn;
+
+}
+
+feeReturn decryptFEED(feeCipherFile cipherFile,
+ feePubKey recvPrivKey,
+ feePubKey sendPubKey, // optional
+ unsigned char **plainText, // RETURNED
+ unsigned *plainTextLen, // RETURNED
+ feeSigStatus *sigStatus) // RETURNED
+{
+ feeReturn frtn = FR_Success;
+ unsigned char *cipherText = NULL;
+ unsigned cipherTextLen;
+ feeFEED feed = NULL;
+ unsigned char *sigData = NULL;
+ unsigned sigDataLen;
+ unsigned char *sendPubKeyStr = NULL;
+ unsigned sendPubKeyStrLen = 0;
+ feePubKey parsedSendPubKey = NULL;
+
+ if(feeCFileEncrType(cipherFile) != CFE_FEED) {
+ frtn = FR_Internal;
+ goto out;
+ }
+//printf("decryptFEED\n");
+//printf("privKey:\n"); printPubKey(recvPrivKey);
+//printf("pubKey:\n"); printPubKey(sendPubKey);
+ /*
+ * Get ciphertext and sender's public key from cipherFile
+ */
+ cipherText = feeCFileCipherText(cipherFile, &cipherTextLen);
+ if(cipherText == NULL) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+ sendPubKeyStr = feeCFileSendPubKeyData(cipherFile, &sendPubKeyStrLen);
+ if(sendPubKeyStr == NULL) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+ parsedSendPubKey = feePubKeyAlloc();
+ frtn = feePubKeyInitFromKeyString(parsedSendPubKey,
+ (char *)sendPubKeyStr,
+ sendPubKeyStrLen);
+ if(frtn) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+//printf("parsedSendPubKey:\n"); printPubKey(parsedSendPubKey);
+
+ /*
+ * FEED decrypt
+ */
+ feed = feeFEEDNewWithPubKey(recvPrivKey, parsedSendPubKey, FF_DECRYPT, NULL, NULL);
+ if(feed == NULL) {
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+ frtn = feeFEEDDecrypt(feed,
+ cipherText,
+ cipherTextLen,
+ plainText,
+ plainTextLen);
+ if(frtn) {
+ goto out;
+ }
+
+ sigData = feeCFileSigData(cipherFile, &sigDataLen);
+ if(sigData) {
+ feeReturn sigFrtn;
+
+ if(sendPubKey == NULL) {
+ /*
+ * use embedded sender's public key
+ */
+ sendPubKey = parsedSendPubKey;
+ }
+ sigFrtn = feePubKeyVerifySignature(sendPubKey,
+ cipherText,
+ cipherTextLen,
+ sigData,
+ sigDataLen);
+ switch(sigFrtn) {
+ case FR_Success:
+ *sigStatus = SS_PresentValid;
+ break;
+ default:
+ *sigStatus = SS_PresentInvalid;
+ break;
+ }
+ }
+ else {
+ *sigStatus = SS_NotPresent;
+ }
+out:
+ if(cipherText) {
+ ffree(cipherText);
+ }
+ if(feed) {
+ feeFEEDFree(feed);
+ }
+ if(sigData) {
+ ffree(sigData);
+ }
+ if(parsedSendPubKey) {
+ feePubKeyFree(parsedSendPubKey);
+ }
+ if(sendPubKeyStr) {
+ ffree(sendPubKeyStr);
+ }
+ return frtn;
+}
+
+feeReturn createFEEDExp(feePubKey sendPrivKey, // for sig only
+ feePubKey recvPubKey,
+ const unsigned char *plainText,
+ unsigned plainTextLen,
+ int genSig, // 1 ==> generate signature
+ unsigned userData, // for caller's convenience
+ feeCipherFile *cipherFile) // RETURNED if successful
+{
+ feeReturn frtn;
+ feeFEEDExp feed = NULL;
+ unsigned char *cipherText = NULL;
+ unsigned cipherTextLen;
+ unsigned char *sigData = NULL;
+ unsigned sigDataLen = 0;
+ feeCipherFile cfile = NULL;
+ unsigned char *pubKeyString = NULL; // of sendPrivKey, for sig
+ unsigned pubKeyStringLen = 0;
+
+ if(recvPubKey == NULL) {
+ return FR_BadPubKey;
+ }
+
+ /*
+ * FEEDExp encrypt plaintext
+ */
+ feed = feeFEEDExpNewWithPubKey(recvPubKey, NULL, NULL);
+ if(feed == NULL) {
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+ frtn = feeFEEDExpEncrypt(feed,
+ plainText,
+ plainTextLen,
+ &cipherText,
+ &cipherTextLen);
+ if(frtn) {
+ goto out;
+ }
+
+ if(genSig) {
+ if(sendPrivKey == NULL) {
+ frtn = FR_IllegalArg;
+ goto out;
+ }
+ /*
+ * We generate signature on ciphertext by convention.
+ */
+ frtn = feePubKeyCreateSignature(sendPrivKey,
+ cipherText,
+ cipherTextLen,
+ &sigData,
+ &sigDataLen);
+ if(frtn) {
+ goto out;
+ }
+ /*
+ * Sender's public key string
+ */
+ frtn = feePubKeyCreateKeyString(sendPrivKey,
+ (char **)&pubKeyString,
+ &pubKeyStringLen);
+ if(frtn) {
+ /*
+ * Huh?
+ */
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+ }
+
+ /*
+ * Cons up a cipherfile
+ */
+ cfile = feeCFileNewFromCipherText(CFE_FEEDExp,
+ cipherText,
+ cipherTextLen,
+ pubKeyString,
+ pubKeyStringLen,
+ NULL,
+ 0,
+ sigData,
+ sigDataLen,
+ userData);
+ if(cfile == NULL) {
+ frtn = FR_Internal;
+ goto out;
+ }
+
+out:
+ /* free alloc'd stuff */
+
+ if(cipherText) {
+ ffree(cipherText);
+ }
+ if(feed) {
+ feeFEEDExpFree(feed);
+ }
+ if(sigData) {
+ ffree(sigData);
+ }
+ if(pubKeyString) {
+ ffree(pubKeyString);
+ }
+ *cipherFile = cfile;
+ return frtn;
+
+}
+
+feeReturn decryptFEEDExp(feeCipherFile cipherFile,
+ feePubKey recvPrivKey,
+ feePubKey sendPubKey, // optional
+ unsigned char **plainText, // RETURNED
+ unsigned *plainTextLen, // RETURNED
+ feeSigStatus *sigStatus) // RETURNED
+{
+ feeReturn frtn = FR_Success;
+ unsigned char *cipherText = NULL;
+ unsigned cipherTextLen;
+ feeFEEDExp feed = NULL;
+ unsigned char *sigData = NULL;
+ unsigned sigDataLen;
+ unsigned char *sendPubKeyStr = NULL;
+ unsigned sendPubKeyStrLen = 0;
+ feePubKey parsedSendPubKey = NULL;
+
+ if(feeCFileEncrType(cipherFile) != CFE_FEEDExp) {
+ frtn = FR_Internal;
+ goto out;
+ }
+
+ /*
+ * Get ciphertext from cipherFile
+ */
+ cipherText = feeCFileCipherText(cipherFile, &cipherTextLen);
+ if(cipherText == NULL) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+
+ /*
+ * FEEDExp decrypt
+ */
+ feed = feeFEEDExpNewWithPubKey(recvPrivKey, NULL, NULL);
+ if(feed == NULL) {
+ frtn = FR_BadPubKey;
+ goto out;
+ }
+ frtn = feeFEEDExpDecrypt(feed,
+ cipherText,
+ cipherTextLen,
+ plainText,
+ plainTextLen);
+ if(frtn) {
+ goto out;
+ }
+
+ sigData = feeCFileSigData(cipherFile, &sigDataLen);
+ if(sigData) {
+ feeReturn sigFrtn;
+
+ if(sendPubKey == NULL) {
+ /*
+ * use embedded sender's public key
+ */
+ sendPubKeyStr = feeCFileSendPubKeyData(cipherFile,
+ &sendPubKeyStrLen);
+ if(sendPubKeyStr == NULL) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+ parsedSendPubKey = feePubKeyAlloc();
+ frtn = feePubKeyInitFromKeyString(parsedSendPubKey,
+ (char *)sendPubKeyStr, sendPubKeyStrLen);
+ if(frtn) {
+ frtn = FR_BadCipherFile;
+ goto out;
+ }
+ sendPubKey = parsedSendPubKey;
+ }
+ sigFrtn = feePubKeyVerifySignature(sendPubKey,
+ cipherText,
+ cipherTextLen,
+ sigData,
+ sigDataLen);
+ switch(sigFrtn) {
+ case FR_Success:
+ *sigStatus = SS_PresentValid;
+ break;
+ default:
+ *sigStatus = SS_PresentInvalid;
+ break;
+ }
+ }
+ else {
+ *sigStatus = SS_NotPresent;
+ }
+out:
+ if(cipherText) {
+ ffree(cipherText);
+ }
+ if(feed) {
+ feeFEEDExpFree(feed);
+ }
+ if(sigData) {
+ ffree(sigData);
+ }
+ if(parsedSendPubKey) {
+ feePubKeyFree(parsedSendPubKey);
+ }
+ if(sendPubKeyStr) {
+ ffree(sendPubKeyStr);
+ }
+ return frtn;
+}
+
+#endif /* CRYPTKIT_CIPHERFILE_ENABLE */
projects / apple / security.git / blobdiff