--- /dev/null
+/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
+ * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
+ * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
+ * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
+ * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
+ * EXPOSE YOU TO LIABILITY.
+ ***************************************************************************
+ *
+ * FeeFEEDExp.c - generic FEED encryption object, 2:1 expansion
+ *
+ * Revision History
+ * ----------------
+ * 10/06/98 ap
+ * Changed to compile with C++.
+ * 20 Jan 1998 at Apple
+ * Mods for primeType == PT_GENERAL case.
+ * 12 Jun 1997 at Apple
+ * Was curveOrderJustify(), is lesserX1OrderJustify()
+ * 03 Mar 1997 at Apple
+ * Trimmed plainBlockSize by one byte if q mod 8 = 0
+ * 03 Feb 97 at NeXT
+ * Renamed to feeFEEDExp.c
+ * Justified random xaux to [2, minimumX1Order]
+ * Added feeFEEDExpCipherTextSize()
+ * 15 Jan 97 at NeXT
+ * Cleaned up which_curve/index code to use CURVE_MINUS/CURVE_PLUS
+ * 28 Aug 96 at NeXT
+ * Created from Blaine Garst's NSFEECryptor.m.
+ */
+
+#include "ckconfig.h"
+
+#if CRYPTKIT_ASYMMETRIC_ENABLE
+
+#include "feeTypes.h"
+#include "feeFEEDExp.h"
+#include "feePublicKey.h"
+#include "feePublicKeyPrivate.h"
+#include "elliptic.h"
+#include "falloc.h"
+#include "feeRandom.h"
+#include "ckutilities.h"
+#include "feeFunctions.h"
+#include "platform.h"
+#include "feeDebug.h"
+#include <stdlib.h>
+
+#define FEED_DEBUG 0
+
+#define PRINT_GIANT(g) printGiant(g)
+
+/*
+ * Format of clue byte. Currently just one bit.
+ */
+#define CLUE_ELL_ADD_SIGN 0x01
+#define CLUE_ELL_ADD_SIGN_PLUS 0x01
+#define CLUE_ELL_ADD_SIGN_MINUS 0x00
+
+/*
+ * Private data.
+ */
+typedef struct {
+ key plus;
+ key minus;
+ unsigned plainBlockSize; /* plaintext block size */
+ unsigned cipherBlockSize;/* ciphertext block size */
+ curveParams *cp;
+ giant gPriv; /* private data, only for decrypt */
+ /* one of the follow two is valid for encrypt */
+ feeRand rand; /* only created for encrypt */
+ feeRandFcn randFcn;
+ void *randRef;
+
+ /*
+ * temporary variables used for encrypt/decrypt. The values in these
+ * is not needed to be kept from block to block; we just
+ * alloc them once per lifetime of a feeFEED object as an optimization.
+ */
+ giant xp; /* plaintext */
+ giant xc; /* clue = r(P1?) */
+ giant xq; /* r(pubB?) or priB?(xc) */
+ giant xm; /* ciphertext */
+ giant xaux; /* scratch */
+ unsigned char *randData; /* only created for encrypt */
+} feedInst;
+
+/*
+ * "zero residue" indicator.
+ */
+#define RESID_ZERO 0xff
+
+/*
+ * Alloc and init a feeFEEDExp object associated with specified feePubKey.
+ */
+feeFEEDExp feeFEEDExpNewWithPubKey(
+ feePubKey pubKey,
+ feeRandFcn randFcn, // optional
+ void *randRef)
+{
+ feedInst *finst = (feedInst *) fmalloc(sizeof(feedInst));
+ giant privGiant;
+
+ finst->cp = curveParamsCopy(feePubKeyCurveParams(pubKey));
+ finst->plus = new_public_with_key(feePubKeyPlusCurve(pubKey),
+ finst->cp);
+ finst->minus = new_public_with_key(feePubKeyMinusCurve(pubKey),
+ finst->cp);
+
+ /*
+ * These might yield NULL data; we can only encrypt in that case.
+ */
+ privGiant = feePubKeyPrivData(pubKey);
+ if(privGiant) {
+ finst->gPriv = newGiant(finst->cp->maxDigits);
+ gtog(privGiant, finst->gPriv);
+ }
+ else {
+ finst->gPriv = NULL;
+ }
+
+ /*
+ * Conservative, rounding down, on plaintext blocks since we don't
+ * want to split bytes.
+ */
+ if(finst->cp->primeType == FPT_General) {
+ unsigned blen = bitlen(finst->cp->basePrime);
+
+ finst->plainBlockSize = blen / 8;
+ if((blen % 8) == 0) {
+ /*
+ * round down some more...
+ */
+ finst->plainBlockSize--;
+ }
+ }
+ else {
+ finst->plainBlockSize = finst->cp->q / 8;
+ if(((finst->cp->q & 0x7) == 0) && (finst->cp->k > 0)) {
+ /*
+ * Special case, with q mod 8 == 0. Here we have to trim back
+ * the plainBlockSize by one byte.
+ */
+ finst->plainBlockSize--;
+ }
+ }
+
+ /*
+ * One block of ciphertext - two giants (with implied sign) and a
+ * parity byte
+ */
+ finst->cipherBlockSize = (2 * finst->cp->minBytes) + 1;
+
+ finst->xp = newGiant(finst->cp->maxDigits);
+ finst->xc = newGiant(finst->cp->maxDigits);
+ finst->xq = newGiant(finst->cp->maxDigits);
+ finst->xm = newGiant(finst->cp->maxDigits);
+ finst->xaux = newGiant(finst->cp->maxDigits);
+ finst->rand = NULL;
+ finst->randData = NULL;
+ finst->randFcn = randFcn;
+ finst->randRef = randRef;
+ return finst;
+}
+
+void feeFEEDExpFree(feeFEEDExp feed)
+{
+ feedInst *finst = (feedInst *) feed;
+
+ free_key(finst->plus);
+ free_key(finst->minus);
+ freeGiant(finst->xc);
+ clearGiant(finst->xp); freeGiant(finst->xp);
+ clearGiant(finst->xq); freeGiant(finst->xq);
+ freeGiant(finst->xm);
+ clearGiant(finst->xaux); freeGiant(finst->xaux);
+ if(finst->gPriv) {
+ clearGiant(finst->gPriv);
+ freeGiant(finst->gPriv);
+ }
+ if(finst->rand) {
+ feeRandFree(finst->rand);
+ }
+ if(finst->randData) {
+ ffree(finst->randData);
+ }
+ if(finst->cp) {
+ freeCurveParams(finst->cp);
+ }
+ ffree(finst);
+}
+
+unsigned feeFEEDExpPlainBlockSize(feeFEEDExp feed)
+{
+ feedInst *finst = (feedInst *) feed;
+
+ return finst->plainBlockSize;
+}
+
+unsigned feeFEEDExpCipherBlockSize(feeFEEDExp feed)
+{
+ feedInst *finst = (feedInst *) feed;
+
+ return finst->cipherBlockSize;
+}
+
+unsigned feeFEEDExpCipherBufSize(feeFEEDExp feed)
+{
+ feedInst *finst = (feedInst *) feed;
+
+ return 2 * finst->cipherBlockSize;
+}
+
+/*
+ * Return the size of ciphertext to hold specified size of plaintext.
+ */
+unsigned feeFEEDExpCipherTextSize(feeFEEDExp feed, unsigned plainTextSize)
+{
+ /*
+ * Normal case is one block of ciphertext for each block of
+ * plaintext. Add one cipherBlock if
+ * plainTextSize % plainBlockSize == 0.
+ */
+ feedInst *finst = (feedInst *) feed;
+ unsigned blocks = (plainTextSize + finst->plainBlockSize - 1) /
+ finst->plainBlockSize;
+
+ if((plainTextSize % finst->plainBlockSize) == 0) {
+ blocks++;
+ }
+ return blocks * finst->cipherBlockSize;
+}
+
+/*
+ * Return the size of plaintext to hold specified size of decrypted ciphertext.
+ */
+unsigned feeFEEDExpPlainTextSize(feeFEEDExp feed, unsigned cipherTextSize)
+{
+ feedInst *finst = (feedInst *) feed;
+ unsigned blocks = (cipherTextSize + finst->cipherBlockSize - 1) /
+ finst->cipherBlockSize;
+
+ return blocks * finst->plainBlockSize;
+}
+
+/*
+ * Encrypt a block or less of data. Caller malloc's cipherText.
+ */
+feeReturn feeFEEDExpEncryptBlock(feeFEEDExp feed,
+ const unsigned char *plainText,
+ unsigned plainTextLen,
+ unsigned char *cipherText,
+ unsigned *cipherTextLen, // RETURNED
+ int finalBlock)
+{
+ feedInst *finst = (feedInst *) feed;
+ int index; /* which curve (+/- 1) */
+ char g = 0; /* parity, which_curve bits in ciphertext */
+ key B;
+ unsigned char *ptext; /* for final block */
+ unsigned ctextLen;
+ feeReturn frtn = FR_Success;
+ giant x1;
+ unsigned randLen;
+ curveParams *cp = finst->cp;
+
+ if(plainTextLen > finst->plainBlockSize) {
+ return FR_IllegalArg;
+ }
+ else if ((plainTextLen < finst->plainBlockSize) && !finalBlock) {
+ return FR_IllegalArg;
+ }
+
+ /*
+ * Init only on first encrypt
+ */
+ if((finst->randFcn == NULL) && (finst->rand == NULL)) {
+ finst->rand = feeRandAlloc();
+ }
+ if(finst->randData == NULL) {
+ finst->randData = (unsigned char*) fmalloc(finst->cp->minBytes);
+ }
+
+ /*
+ * plaintext as giant xp
+ */
+ if(finalBlock) {
+ ptext = (unsigned char*) fmalloc(finst->plainBlockSize);
+ bzero(ptext, finst->plainBlockSize);
+ if(plainTextLen) {
+ /*
+ * 0 for empty block with resid length 0
+ */
+ bcopy(plainText, ptext, plainTextLen);
+ }
+ if(plainTextLen < finst->plainBlockSize) {
+ if(plainTextLen == 0) {
+ /*
+ * Special case - can't actually write zero here;
+ * it screws up deserializing the giant during
+ * decrypt
+ */
+ ptext[finst->plainBlockSize - 1] = RESID_ZERO;
+ }
+ else {
+ ptext[finst->plainBlockSize - 1] = plainTextLen;
+ }
+ #if FEED_DEBUG
+ printf("encrypt: resid 0x%x\n", ptext[finst->plainBlockSize - 1]);
+ #endif
+ }
+ /*
+ * else handle evenly aligned case below...
+ */
+ deserializeGiant(ptext, finst->xp, finst->plainBlockSize);
+ ffree(ptext);
+ }
+ else {
+ deserializeGiant(plainText, finst->xp, plainTextLen);
+ }
+ #if FEED_DEBUG
+ printf("encrypt:\n");
+ printf(" xp : "); PRINT_GIANT(finst->xp);
+ #endif // FEED_DEBUG
+
+ /*
+ * pick curve B? that data lies upon
+ */
+ index = which_curve(finst->xp, finst->cp);
+ if(index == CURVE_PLUS) {
+ B = finst->plus;
+ x1 = finst->cp->x1Plus;
+ }
+ else {
+ B = finst->minus;
+ x1 = finst->cp->x1Minus;
+ }
+ #if FEED_DEBUG
+ printf(" which_curve: %s\n",
+ (index == CURVE_PLUS) ? "CURVE_PLUS" : "CURVE_MINUS");
+ #endif
+
+ /*
+ * random number as giant xaux
+ */
+ randLen = cp->minBytes;
+ if(finst->randFcn != NULL) {
+ finst->randFcn(finst->randRef, finst->randData, randLen);
+ }
+ else {
+ feeRandBytes(finst->rand, finst->randData, randLen);
+ }
+ deserializeGiant(finst->randData, finst->xaux, randLen);
+
+ #if FEE_DEBUG
+ if(isZero(finst->xaux)) {
+ printf("feeFEEDExpEncryptBlock: random xaux = 0!\n");
+ }
+ #endif // FEE_DEBUG
+ /*
+ * Justify random # to be in [2, minimumX1Order].
+ */
+ lesserX1OrderJustify(finst->xaux, cp);
+ #if FEED_DEBUG
+ printf(" xaux: "); PRINT_GIANT(finst->xaux);
+ #endif // FEED_DEBUG
+
+ gtog(B->x, finst->xq); // xq = pubB?
+ elliptic_simple(finst->xq, finst->xaux, cp);
+ // xq = r(pubB?)
+ #if FEED_DEBUG
+ printf(" r(pubB?): "); PRINT_GIANT(finst->xq);
+ #endif
+ elliptic_add(finst->xp, finst->xq, finst->xm, cp, SIGN_PLUS);
+ // xm = data + r(pubB?)
+ gtog(x1, finst->xc);
+ elliptic_simple(finst->xc, finst->xaux, cp);
+ // xc = r(P1?)
+ elliptic_add(finst->xm, finst->xq, finst->xaux, cp, SIGN_PLUS);
+ // xaux = xm + xq (for curve +1)
+ // = (data + r(pubB?)) + r(pubB?)
+ if(gcompg(finst->xaux, finst->xp) == 0) {
+ g |= CLUE_ELL_ADD_SIGN_PLUS;
+ }
+ else {
+ g |= CLUE_ELL_ADD_SIGN_MINUS;
+ #if FEED_DEBUG
+ /* this better be true.... */
+ elliptic_add(finst->xm, finst->xq, finst->xaux, cp, SIGN_MINUS);
+ if(gcompg(finst->xaux, finst->xp)) {
+ printf("*******elliptic_add(xm, xq, -1) != xp! *************\n");
+ printf(" xq : "); PRINT_GIANT(finst->xq);
+ printf(" ell_add(xm, xq, -1) : "); PRINT_GIANT(finst->xaux);
+ }
+ #endif
+ } // g = (xaux == data) ? add : subtract
+
+ /*
+ * Ciphertext = (xm, xc, g)
+ */
+ serializeGiant(finst->xm, cipherText, cp->minBytes);
+ cipherText += cp->minBytes;
+ serializeGiant(finst->xc, cipherText, cp->minBytes);
+ cipherText += cp->minBytes;
+ *cipherText++ = g;
+ ctextLen = finst->cipherBlockSize;
+ #if FEED_DEBUG
+ printf(" xm : "); PRINT_GIANT(finst->xm);
+ printf(" xc : "); PRINT_GIANT(finst->xc);
+ printf(" g : %d\n", g);
+ #endif // FEED_DEBUG
+ if(finalBlock && (plainTextLen == finst->plainBlockSize)) {
+ /*
+ * Special case: finalBlock true, plainTextLen == blockSize.
+ * In this case we generate one more block of ciphertext,
+ * with a resid length of zero.
+ */
+ unsigned moreCipher; // additional cipherLen
+
+ #if FEED_DEBUG
+ printf("encrypt: one more empty block\n");
+ #endif
+ frtn = feeFEEDExpEncryptBlock(feed,
+ NULL, // plainText not used
+ 0, // resid
+ cipherText, // append...
+ &moreCipher,
+ 1);
+ if(frtn == FR_Success) {
+ ctextLen += moreCipher;
+ }
+ }
+
+ *cipherTextLen = ctextLen;
+ return frtn;
+}
+
+/*
+ * Decrypt (exactly) a block of data. Caller malloc's plainText. Always
+ * generates feeFEEDExpPlainBlockSize of plaintext, unless finalBlock is
+ * non-zero (in which case feeFEEDExpPlainBlockSize or less bytes of
+ * plainText are generated).
+ */
+feeReturn feeFEEDExpDecryptBlock(feeFEEDExp feed,
+ const unsigned char *cipherText,
+ unsigned cipherTextLen,
+ unsigned char *plainText,
+ unsigned *plainTextLen, // RETURNED
+ int finalBlock)
+{
+ feedInst *finst = (feedInst *) feed;
+ char g;
+ int s;
+ feeReturn frtn = FR_Success;
+ curveParams *cp = finst->cp;
+
+ if(finst->gPriv == NULL) {
+ /*
+ * Can't decrypt without private data
+ */
+ return FR_BadPubKey;
+ }
+
+ /*
+ * grab xm, xc, and g from cipherText
+ */
+ deserializeGiant(cipherText, finst->xm, finst->cp->minBytes);
+ cipherText += finst->cp->minBytes;
+ deserializeGiant(cipherText, finst->xc, finst->cp->minBytes);
+ cipherText += finst->cp->minBytes;
+ g = *cipherText;
+ #if FEED_DEBUG
+ printf("decrypt g=%d\n", g);
+ printf(" privKey : "); PRINT_GIANT(finst->gPriv);
+ printf(" xm : "); PRINT_GIANT(finst->xm);
+ printf(" xc : "); PRINT_GIANT(finst->xc);
+ #endif // FEED_DEBUG
+
+ if((g & CLUE_ELL_ADD_SIGN) == CLUE_ELL_ADD_SIGN_PLUS) {
+ s = SIGN_PLUS;
+ }
+ else {
+ s = SIGN_MINUS;
+ }
+
+ /*
+ * xc = r(P1?)
+ * xc := r(P1?)(pri) = xq
+ * xp = data + r(priB+) +/- pri(rB?)
+ */
+ elliptic_simple(finst->xc, finst->gPriv, cp);
+ #if FEED_DEBUG
+ printf(" xc1 : "); PRINT_GIANT(finst->xc);
+ #endif
+ elliptic_add(finst->xm, finst->xc, finst->xp, cp, s);
+
+ /*
+ * plaintext in xp
+ */
+ #if FEED_DEBUG
+ printf(" xp : "); PRINT_GIANT(finst->xp);
+ #endif // FEED_DEBUG
+
+ if(finalBlock) {
+ /*
+ * Snag data from xp in order to find out how much to move to
+ * *plainText
+ */
+ unsigned char *ptext = (unsigned char*) fmalloc(finst->plainBlockSize);
+
+ serializeGiant(finst->xp, ptext, finst->plainBlockSize);
+ *plainTextLen = ptext[finst->plainBlockSize - 1];
+ #if FEED_DEBUG
+ printf("decrypt: resid 0x%x\n", *plainTextLen);
+ #endif
+ if(*plainTextLen == RESID_ZERO) {
+ *plainTextLen = 0;
+ }
+ else if(*plainTextLen > (finst->plainBlockSize - 1)) {
+ dbgLog(("feeFEEDExpDecryptBlock: ptext overflow!\n"));
+ frtn = FR_BadCipherText;
+ }
+ else {
+ bcopy(ptext, plainText, *plainTextLen);
+ }
+ ffree(ptext);
+ }
+ else {
+ *plainTextLen = finst->plainBlockSize;
+ serializeGiant(finst->xp, plainText, *plainTextLen);
+ }
+ return frtn;
+}
+
+/*
+ * Convenience routines to encrypt & decrypt multi-block data.
+ */
+feeReturn feeFEEDExpEncrypt(feeFEEDExp feed,
+ const unsigned char *plainText,
+ unsigned plainTextLen,
+ unsigned char **cipherText, // malloc'd and RETURNED
+ unsigned *cipherTextLen) // RETURNED
+{
+ const unsigned char *ptext; // per block
+ unsigned ptextLen; // total to go
+ unsigned thisPtextLen; // per block
+ unsigned char *ctext; // per block
+ unsigned ctextLen; // per block
+ unsigned char *ctextResult; // to return
+ unsigned ctextResultLen;
+ unsigned char *ctextPtr;
+ unsigned ctextLenTotal; // running total
+ feeReturn frtn;
+ int finalBlock;
+ unsigned numBlocks;
+ unsigned plainBlockSize;
+
+ if(plainTextLen == 0) {
+ dbgLog(("feeFEEDExpDecrypt: NULL plainText\n"));
+ return FR_IllegalArg;
+ }
+
+ ptext = plainText;
+ ptextLen = plainTextLen;
+ ctext = (unsigned char*) fmalloc(feeFEEDExpCipherBufSize(feed));
+ plainBlockSize = feeFEEDExpPlainBlockSize(feed);
+ numBlocks = (plainTextLen + plainBlockSize - 1)/plainBlockSize;
+ ctextResultLen = (numBlocks + 1) * feeFEEDExpCipherBlockSize(feed);
+ ctextResult = (unsigned char*) fmalloc(ctextResultLen);
+ ctextPtr = ctextResult;
+ ctextLenTotal = 0;
+
+ while(1) {
+ if(ptextLen <= plainBlockSize) {
+ finalBlock = 1;
+ thisPtextLen = ptextLen;
+ }
+ else {
+ finalBlock = 0;
+ thisPtextLen = plainBlockSize;
+ }
+ frtn = feeFEEDExpEncryptBlock(feed,
+ ptext,
+ thisPtextLen,
+ ctext,
+ &ctextLen,
+ finalBlock);
+ if(frtn) {
+ dbgLog(("feeFEEDExpEncrypt: encrypt error: %s\n",
+ feeReturnString(frtn)));
+ break;
+ }
+ if(ctextLen == 0) {
+ dbgLog(("feeFEEDExpEncrypt: null ciphertext\n"));
+ frtn = FR_Internal;
+ break;
+ }
+ bcopy(ctext, ctextPtr, ctextLen);
+ ctextLenTotal += ctextLen;
+ if(ctextLenTotal > ctextResultLen) {
+ dbgLog(("feeFEEDExpEncrypt: ciphertext overflow\n"));
+ frtn = FR_Internal;
+ break;
+ }
+ if(finalBlock) {
+ break;
+ }
+ ctextPtr += ctextLen;
+ ptext += thisPtextLen;
+ ptextLen -= thisPtextLen;
+ }
+
+ ffree(ctext);
+ if(frtn) {
+ ffree(ctextResult);
+ *cipherText = NULL;
+ *cipherTextLen = 0;
+ }
+ else {
+ *cipherText = ctextResult;
+ *cipherTextLen = ctextLenTotal;
+ #if FEE_DEBUG
+ if(feeFEEDExpCipherTextSize(feed, plainTextLen) !=
+ ctextLenTotal) {
+ printf("feeFEEDExpEncrypt: feeFEEDCipherTextSize "
+ "error!\n");
+ printf("ptext %d exp ctext %d actual ctext %d\n",
+ plainTextLen,
+ feeFEEDExpCipherTextSize(feed, plainTextLen),
+ ctextLenTotal);
+ }
+ #endif // FEE_DEBUG
+ }
+ return frtn;
+
+}
+
+feeReturn feeFEEDExpDecrypt(feeFEEDExp feed,
+ const unsigned char *cipherText,
+ unsigned cipherTextLen,
+ unsigned char **plainText, // malloc'd and RETURNED
+ unsigned *plainTextLen) // RETURNED
+{
+ const unsigned char *ctext;
+ unsigned ctextLen; // total to go
+ unsigned char *ptext; // per block
+ unsigned ptextLen; // per block
+ unsigned char *ptextResult; // to return
+ unsigned char *ptextPtr;
+ unsigned ptextLenTotal; // running total
+ feeReturn frtn = FR_Success;
+ int finalBlock;
+ unsigned numBlocks;
+ unsigned plainBlockSize =
+ feeFEEDExpPlainBlockSize(feed);
+ unsigned cipherBlockSize =
+ feeFEEDExpCipherBlockSize(feed);
+
+ if(cipherTextLen % cipherBlockSize) {
+ dbgLog(("feeFEEDExpDecrypt: unaligned cipherText\n"));
+ return FR_BadCipherText;
+ }
+ if(cipherTextLen == 0) {
+ dbgLog(("feeFEEDExpDecrypt: NULL cipherText\n"));
+ return FR_BadCipherText;
+ }
+
+ ptext = (unsigned char*) fmalloc(plainBlockSize);
+ ctext = cipherText;
+ ctextLen = cipherTextLen;
+ numBlocks = cipherTextLen / cipherBlockSize;
+ ptextResult = (unsigned char*) fmalloc(plainBlockSize * numBlocks);
+ ptextPtr = ptextResult;
+ ptextLenTotal = 0;
+
+ while(ctextLen) {
+ if(ctextLen == cipherBlockSize) {
+ finalBlock = 1;
+ }
+ else {
+ finalBlock = 0;
+ }
+ frtn = feeFEEDExpDecryptBlock(feed,
+ ctext,
+ cipherBlockSize,
+ ptext,
+ &ptextLen,
+ finalBlock);
+ if(frtn) {
+ dbgLog(("feeFEEDExpDecryptBlock: %s\n",
+ feeReturnString(frtn)));
+ break;
+ }
+ if(ptextLen == 0) {
+ /*
+ * Normal termination case for
+ * plainTextLen % plainBlockSize == 0
+ */
+ if(!finalBlock) {
+ dbgLog(("feeFEEDExpDecrypt: decrypt sync"
+ " error!\n"));
+ frtn = FR_BadCipherText;
+ }
+ break;
+ }
+ else if(ptextLen > plainBlockSize) {
+ dbgLog(("feeFEEDExpDecrypt: ptext overflow!\n"));
+ frtn = FR_Internal;
+ break;
+ }
+ else {
+ bcopy(ptext, ptextPtr, ptextLen);
+ ptextPtr += ptextLen;
+ ptextLenTotal += ptextLen;
+ }
+ ctext += cipherBlockSize;
+ ctextLen -= cipherBlockSize;
+ }
+
+ ffree(ptext);
+ if(frtn) {
+ ffree(ptextResult);
+ *plainText = NULL;
+ *plainTextLen = 0;
+ }
+ else {
+ *plainText = ptextResult;
+ *plainTextLen = ptextLenTotal;
+ }
+ return frtn;
+
+}
+
+#endif /* CRYPTKIT_ASYMMETRIC_ENABLE */
projects / apple / security.git / blobdiff