+/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * byteRep.c - FEE portable byte representation support
+ *
+ * Revision History
+ * ----------------
+ * 10/06/98 ap
+ * Changed to compile with C++.
+ * 18 Apr 98 at Apple
+ * Mods for variable size giantDigit.
+ * 20 Jan 98 at Apple
+ * Added curve param fields for CURVE_PARAM_VERSION 2.
+ * 17 Jul 97 at Apple
+ * Added signature routines.
+ * 9 Jan 97 at NeXT
+ * Split off from utilities.c
+ */
+
+#include "byteRep.h"
+#include "feeTypes.h"
+#include "curveParams.h"
+#include "giantIntegers.h"
+#include "elliptic.h"
+#include "falloc.h"
+#include "ckutilities.h"
+#include "feeDebug.h"
+#include <stdlib.h>
+
+#ifndef NULL
+#define NULL ((void *)0)
+#endif /* NULL */
+
+/*
+ * Support for portable bytestream representation of keys and signatures.
+ * Platform and endianness independent; format shared with JavaFEE
+ * implementation.
+ */
+
+/*
+ * Some handy macros.
+ */
+#define ENC_BYTE(n, b, bytes) \
+ *b++ = n; \
+ bytes++;
+
+#define ENC_INT(n, b, bytes, i) \
+ i = intToByteRep(n, b); \
+ bytes += i; \
+ b += i;
+
+#define ENC_GIANT(g, b, bytes, i) \
+ i = giantToByteRep(g, b); \
+ bytes += i; \
+ b += i;
+
+#define DEC_BYTE(n, b, blen, bytes) \
+ n = *b++; \
+ bytes++; \
+ blen--;
+
+#define DEC_INT(n, b, blen, bytes) \
+ n = byteRepToInt(b); \
+ b += sizeof(int); \
+ bytes += sizeof(int); \
+ blen -= gLen;
+
+#define DEC_GIANT(g, b, blen, glen, bytes, out) \
+ g = byteRepToGiant(b, blen, &glen); \
+ if(g == NULL) { \
+ goto out; \
+ } \
+ b += glen; \
+ bytes += glen; \
+ blen -= gLen;
+
+
+
+
+/*
+ * The routines which convert various types to byte reps return the number
+ * of bytes written to the output stream.
+ */
+int intToByteRep(int i, unsigned char *buf)
+{
+ *buf++ = (unsigned char)((i >> 24) & 0xff);
+ *buf++ = (unsigned char)((i >> 16) & 0xff);
+ *buf++ = (unsigned char)((i >> 8) & 0xff);
+ *buf = (unsigned char)(i & 0xff);
+ return 4;
+}
+
+int shortToByteRep(short s, unsigned char *buf)
+{
+ *buf++ = (unsigned char)((s >> 8) & 0xff);
+ *buf = (unsigned char)(s & 0xff);
+ return 2;
+}
+
+/*
+ * 7 Apr 1998 : leading int is now the number of bytes in the giant's
+ * giantDigits array. This value is signed.
+ */
+int giantToByteRep(giant g, unsigned char *buf)
+{
+ int numBytes = g->sign * GIANT_BYTES_PER_DIGIT;
+ unsigned aNumBytes = abs(numBytes);
+
+ CKASSERT(g != NULL);
+ intToByteRep(numBytes, buf);
+ buf += sizeof(int);
+ serializeGiant(g, buf, aNumBytes);
+ return (sizeof(int) + aNumBytes);
+}
+
+int keyToByteRep(key k, unsigned char *buf)
+{
+ int numBytes = 0;
+ int i;
+
+ CKASSERT(k != NULL);
+ ENC_GIANT(k->x, buf, numBytes, i);
+
+ /* only write y for plus curve */
+ if(k->twist == CURVE_PLUS) {
+ CKASSERT(k->y != NULL);
+ ENC_GIANT(k->y, buf, numBytes, i);
+ }
+ return numBytes;
+}
+
+#define CURVE_PARAM_VERSION 3
+#define CURVE_PARAM_VERSION_MIN 3
+
+int curveParamsToByteRep(curveParams *cp, unsigned char *buf)
+{
+ int numBytes = 0;
+ int i;
+
+ CKASSERT(cp != NULL);
+ ENC_INT(CURVE_PARAM_VERSION, buf, numBytes, i);
+ ENC_INT(CURVE_PARAM_VERSION_MIN, buf, numBytes, i);
+ ENC_BYTE(cp->primeType, buf, numBytes);
+ ENC_BYTE(cp->curveType, buf, numBytes);
+ ENC_INT(cp->q, buf, numBytes, i);
+ ENC_INT(cp->k, buf, numBytes, i);
+ ENC_INT(cp->m, buf, numBytes, i);
+ ENC_INT(0, buf, numBytes, i); // spare
+
+ ENC_GIANT(cp->a, buf, numBytes, i);
+ ENC_GIANT(cp->b, buf, numBytes, i);
+ ENC_GIANT(cp->c, buf, numBytes, i);
+ ENC_GIANT(cp->x1Plus, buf, numBytes, i);
+ ENC_GIANT(cp->x1Minus, buf, numBytes, i);
+ ENC_GIANT(cp->cOrderPlus, buf, numBytes, i);
+ ENC_GIANT(cp->cOrderMinus, buf, numBytes, i);
+ ENC_GIANT(cp->x1OrderPlus, buf, numBytes, i);
+ ENC_GIANT(cp->x1OrderMinus, buf, numBytes, i);
+ if(cp->primeType == FPT_General) {
+ ENC_GIANT(cp->basePrime, buf, numBytes, i);
+ }
+ return numBytes;
+}
+
+int sigToByteRep(int magic,
+ int version,
+ int minVersion,
+ giant g0,
+ giant g1,
+ unsigned char *buf)
+{
+ int numBytes = 0;
+ int i;
+
+ ENC_INT(magic, buf, numBytes, i);
+ ENC_INT(version, buf, numBytes, i);
+ ENC_INT(minVersion, buf, numBytes, i);
+ ENC_INT(0, buf, numBytes, i); // spare
+ ENC_GIANT(g0, buf, numBytes, i);
+ ENC_GIANT(g1, buf, numBytes, i);
+
+ return numBytes;
+}
+
+
+/*
+ * return the size of various data types' byte representations.
+ */
+int lengthOfByteRepGiant(giant g)
+{
+ CKASSERT(g != NULL);
+ return sizeof(int) + (GIANT_BYTES_PER_DIGIT * abs(g->sign));
+}
+
+int lengthOfByteRepKey(key k)
+{
+ int len = lengthOfByteRepGiant(k->x);
+
+ CKASSERT(k != NULL);
+ if(k->twist == CURVE_PLUS) {
+ CKASSERT(k->y != NULL);
+ len += lengthOfByteRepGiant(k->y);
+ }
+ return len;
+}
+
+int lengthOfByteRepCurveParams(curveParams *cp)
+{
+ int length;
+
+ CKASSERT(cp != NULL);
+ length = (6 * sizeof(int)) + // ver, minVers, q, k, m, spare
+ 2 + // primeType + curveType
+ lengthOfByteRepGiant(cp->a) +
+ lengthOfByteRepGiant(cp->b) +
+ lengthOfByteRepGiant(cp->c) +
+ lengthOfByteRepGiant(cp->x1Plus) +
+ lengthOfByteRepGiant(cp->x1Minus) +
+ lengthOfByteRepGiant(cp->cOrderPlus) +
+ lengthOfByteRepGiant(cp->cOrderMinus) +
+ lengthOfByteRepGiant(cp->x1OrderPlus) +
+ lengthOfByteRepGiant(cp->x1OrderMinus);
+ if(cp->primeType == FPT_General) {
+ length += lengthOfByteRepGiant(cp->basePrime);
+ }
+ return length;
+}
+
+int lengthOfByteRepSig(giant g0,
+ giant g1)
+{
+ int length = (4 * sizeof(int)) + // magic, version, minVersion,
+ // spare
+ lengthOfByteRepGiant(g0) +
+ lengthOfByteRepGiant(g1);
+ return length;
+}
+
+/*
+ * Routine to cons up various types from a byte rep stream.
+ */
+int byteRepToInt(const unsigned char *buf) {
+ int result;
+
+ result = (((int)buf[0] << 24) & 0xff000000) |
+ (((int)buf[1] << 16) & 0x00ff0000) |
+ (((int)buf[2] << 8) & 0xff00) |
+ (((int)buf[3]) & 0xff);
+ return result;
+}
+
+unsigned short byteRepToShort(const unsigned char *buf) {
+ unsigned short result;
+
+ result = (((unsigned short)buf[0] << 8) & 0xff00) |
+ (((unsigned short)buf[1]) & 0xff);
+ return result;
+}
+
+/*
+ * Probably need byteRepToShortArray...
+ */
+
+/*
+ * byte rep stream to giant. Returns NULL on error; returns number of bytes
+ * of *buf snarfed in *giantLen if successful.
+ *
+ * 7 Apr 1998 : leading int is now the number of bytes in the giant's
+ * giantDigits array. This value is signed.
+ */
+giant byteRepToGiant(const unsigned char *buf,
+ unsigned bufLen,
+ unsigned *giantLen)
+{
+ giant g;
+ int numDigits;
+ int numBytes; // signed!
+ unsigned aNumBytes;
+
+ if(bufLen < sizeof(int)) {
+ return (giant)NULL;
+ }
+ numBytes = byteRepToInt(buf);
+ aNumBytes = abs(numBytes);
+ numDigits = BYTES_TO_GIANT_DIGITS(aNumBytes);
+ buf += sizeof(int);
+ bufLen -= sizeof(int);
+ if(numDigits > MAX_DIGITS) {
+ return (giant)NULL;
+ }
+
+ if(bufLen < aNumBytes) {
+ return (giant)NULL;
+ }
+
+ /* 9 Apr 1998 - sign = 0 means no following n[] bytes in the
+ * byteRep. We do need to alloc one digit, in this case, though...
+ * Note that the giantstruct has one implicit digit in n[].
+ */
+ if(aNumBytes == 0) {
+ g = (giant)fmalloc(sizeof(giantstruct));
+ g->capacity = 1;
+ }
+ else {
+ g = (giant)fmalloc(sizeof(giantstruct) +
+ aNumBytes - GIANT_BYTES_PER_DIGIT);
+ g->capacity = numDigits;
+ }
+ deserializeGiant(buf, g, aNumBytes);
+
+ /* deserializeGiant always cooks up positive giant; sign is
+ * properly trimmed to handle trailing (M.S.) zeroes. */
+ if(numBytes < 0) {
+ g->sign = -g->sign;
+ }
+ *giantLen = sizeof(int) + aNumBytes;
+ return g;
+
+}
+
+/*
+ * Convert a byte stream (and some other parameters) into a
+ * keystruct.
+ * Returns NULL on error; returns number of bytes of *buf snarfed in
+ * *keyLen if successful.
+ */
+key byteRepToKey(const unsigned char *buf,
+ unsigned bufLen,
+ int twist,
+ curveParams *cp,
+ unsigned *keyLen) // returned
+{
+ key k;
+ giant x;
+ giant y;
+ unsigned gLen;
+ unsigned totalLen;
+
+ x = byteRepToGiant(buf, bufLen, &gLen);
+ if(x == NULL) {
+ return NULL;
+ }
+ bufLen -= gLen;
+ buf += gLen;
+ totalLen = gLen;
+ if(twist == CURVE_PLUS) {
+ /* this also contains y */
+ y = byteRepToGiant(buf, bufLen, &gLen);
+ if(y == NULL) {
+ freeGiant(x);
+ return NULL;
+ }
+ totalLen += gLen;
+ }
+ else {
+ /* minus curve, y is not used */
+ y = newGiant(1);
+ int_to_giant(0, y);
+ }
+ k = (key)fmalloc(sizeof(keystruct));
+ k->twist = twist;
+ k->cp = cp;
+ k->x = x;
+ k->y = y;
+ *keyLen = totalLen;
+ return k;
+}
+
+curveParams *byteRepToCurveParams(const unsigned char *buf,
+ unsigned bufLen,
+ unsigned *cpLen)
+{
+ curveParams *cp;
+ unsigned gLen = 0;
+ int version;
+ int minVersion;
+ int spare;
+ int bytes = 0;
+
+ if(bufLen < (5 * sizeof(int))) { // ver, minVers, q, k, spare
+ return NULL;
+ }
+ cp = newCurveParams();
+
+ DEC_INT(version, buf, bufLen, bytes);
+ DEC_INT(minVersion, buf, bufLen, bytes);
+ if(minVersion > CURVE_PARAM_VERSION) {
+ /*
+ * Can't parse this; things have changed too much between
+ * this version of the code and the time this curveParams
+ * was written.
+ */
+ goto abort;
+ }
+
+ DEC_BYTE(cp->primeType, buf, bufLen, bytes);
+ DEC_BYTE(cp->curveType, buf, bufLen, bytes);
+ DEC_INT(cp->q, buf, bufLen, bytes);
+ DEC_INT(cp->k, buf, bufLen, bytes);
+ DEC_INT(cp->m, buf, bufLen, bytes);
+ DEC_INT(spare, buf, bufLen, bytes);
+
+ DEC_GIANT(cp->a, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->b, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->c, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->x1Plus, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->x1Minus, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->cOrderPlus, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->cOrderMinus, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->x1OrderPlus, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(cp->x1OrderMinus, buf, bufLen, gLen, bytes, abort);
+
+ /*
+ * basePrime only present in byte rep for PT_GENERAL
+ */
+ if(cp->primeType == FPT_General) {
+ DEC_GIANT(cp->basePrime, buf, bufLen, gLen, bytes, abort);
+ }
+
+ /* remaining fields inferred */
+ curveParamsInferFields(cp);
+ allocRecipGiants(cp);
+
+ *cpLen = bytes;
+ return cp;
+
+abort:
+ freeCurveParams(cp);
+ return NULL;
+}
+
+/*
+ * Returns 0 if bad format, e.g., if minVersion of sig is > than codeVersion.
+ */
+int byteRepToSig(const unsigned char *buf,
+ unsigned bufLen,
+ int codeVersion,
+ int *sigMagic, // RETURNED
+ int *sigVersion, // RETURNED
+ int *sigMinVersion, // RETURNED
+ giant *g0, // alloc'd & RETURNED
+ giant *g1) // alloc'd & RETURNED
+{
+ unsigned gLen = 0;
+ int spare;
+ int bytes = 0;
+
+ if(bufLen < (4 * sizeof(int))) { // magic, version, minVersion,
+ // spare
+ return 0;
+ }
+ DEC_INT(*sigMagic, buf, bufLen, bytes);
+ DEC_INT(*sigVersion, buf, bufLen, bytes);
+ DEC_INT(*sigMinVersion, buf, bufLen, bytes);
+ if(*sigMinVersion > codeVersion) {
+ return 0;
+ }
+ DEC_INT(spare, buf, bufLen, bytes);
+ // deleted 2/20/01 DEC_INT(*signerLen, buf, bufLen, bytes);
+ // deleted 2/20/01 *signer = byteRepToUnichars(buf, *signerLen);
+ // deleted 2/20/01 buf += (2 * *signerLen);
+ // deleted 2/20/01 bufLen -= (2 * *signerLen);
+ DEC_GIANT(*g0, buf, bufLen, gLen, bytes, abort);
+ DEC_GIANT(*g1, buf, bufLen, gLen, bytes, abort);
+
+ return 1;
+abort:
+ return 0;
+}
projects / apple / security.git / blobdiff