+++ /dev/null
-/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved.
- *
- * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT
- * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE
- * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE
- * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE,
- * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL
- * EXPOSE YOU TO LIABILITY.
- ***************************************************************************
- *
- * CipherFileDES.c - DES-related cipherfile support
- *
- * Revision History
- * ----------------
- * 24 Jun 97 at Apple
- * Fixed memory leaks via sigData
- * 18 Feb 97 at Apple
- * Split off from feeCipherFile.c
- */
-
-#include "ckconfig.h"
-
-#if CRYPTKIT_CIPHERFILE_ENABLE
-
-#include "Crypt.h"
-#include "CipherFileDES.h"
-#include "falloc.h"
-#include "feeDebug.h"
-#include <string.h>
-
-/*
- * These functions are only called from feeCipherFile.c.
- */
-feeReturn createRandDES(feePubKey sendPrivKey, // for sig only
- feePubKey recvPubKey,
- const unsigned char *plainText,
- unsigned plainTextLen,
- int genSig, // 1 ==> generate signature
- unsigned userData, // for caller's convenience
- feeCipherFile *cipherFile) // RETURNED if successful
-{
- feeRand frand = NULL;
- feeReturn frtn;
- unsigned char desKey[FEE_DES_MIN_STATE_SIZE];
- unsigned char *encrDesKey = NULL; // FEED encrypted desKey
- unsigned encrDesKeyLen;
- feeDES des = NULL;
- feeFEEDExp feed = NULL;
- unsigned char *cipherText = NULL;
- unsigned cipherTextLen;
- unsigned char *sigData = NULL;
- unsigned sigDataLen = 0;
- feeCipherFile cfile = NULL;
- unsigned char *pubKeyString = NULL; // of sendPrivKey
- unsigned pubKeyStringLen = 0;
-
- if(recvPubKey == NULL) {
- return FR_BadPubKey;
- }
-
- /*
- * Cons up random DES key and a feeDES object with it
- */
- frand = feeRandAlloc();
- if(frand == NULL) {
- frtn = FR_Internal;
- goto out;
- }
- feeRandBytes(frand, desKey, FEE_DES_MIN_STATE_SIZE);
- des = feeDESNewWithState(desKey, FEE_DES_MIN_STATE_SIZE);
- if(des == NULL) {
- frtn = FR_Internal;
- goto out;
- }
-
- /*
- * Encrypt the DES key via FEEDExp
- */
- feed = feeFEEDExpNewWithPubKey(recvPubKey, NULL, NULL);
- if(feed == NULL) {
- frtn = FR_BadPubKey;
- goto out;
- }
- frtn = feeFEEDExpEncrypt(feed,
- desKey,
- FEE_DES_MIN_STATE_SIZE,
- &encrDesKey,
- &encrDesKeyLen);
- if(frtn) {
- goto out;
- }
-
- /*
- * Encrypt the plaintext via DES
- */
- frtn = feeDESEncrypt(des,
- plainText,
- plainTextLen,
- &cipherText,
- &cipherTextLen);
- if(frtn) {
- goto out;
- }
-
- if(genSig) {
- /*
- * We generate signature on ciphertext by convention.
- */
- if(sendPrivKey == NULL) {
- frtn = FR_BadPubKey;
- goto out;
- }
- frtn = feePubKeyCreateSignature(sendPrivKey,
- cipherText,
- cipherTextLen,
- &sigData,
- &sigDataLen);
- if(frtn) {
- goto out;
- }
- /*
- * Sender's public key string
- */
- frtn = feePubKeyCreateKeyString(sendPrivKey,
- (char **)&pubKeyString,
- &pubKeyStringLen);
- if(frtn) {
- /*
- * Huh?
- */
- frtn = FR_BadPubKey;
- goto out;
- }
- }
-
- /*
- * Cons up a cipherfile
- */
- cfile = feeCFileNewFromCipherText(CFE_RandDES,
- cipherText,
- cipherTextLen,
- pubKeyString,
- pubKeyStringLen,
- encrDesKey,
- encrDesKeyLen,
- sigData,
- sigDataLen,
- userData);
- if(cfile == NULL) {
- frtn = FR_Internal;
- goto out;
- }
-
-out:
- /* free alloc'd stuff */
-
- if(cipherText) {
- ffree(cipherText);
- }
- if(feed) {
- feeFEEDExpFree(feed);
- }
- if(frand) {
- feeRandFree(frand);
- }
- if(des) {
- feeDESFree(des);
- }
- if(sigData) {
- ffree(sigData);
- }
- if(encrDesKey) {
- ffree(encrDesKey);
- }
- if(pubKeyString) {
- ffree(pubKeyString);
- }
- memset(desKey, 0, FEE_DES_MIN_STATE_SIZE);
- *cipherFile = cfile;
- return frtn;
-
-}
-
-feeReturn decryptRandDES(feeCipherFile cipherFile,
- feePubKey recvPrivKey,
- feePubKey sendPubKey, // optional
- unsigned char **plainText, // RETURNED
- unsigned *plainTextLen, // RETURNED
- feeSigStatus *sigStatus) // RETURNED
-{
- feeReturn frtn = FR_Success;
- unsigned char *cipherText = NULL;
- unsigned cipherTextLen;
- feeFEEDExp feed = NULL; // to decrypt desKey
- feeDES des = NULL; // to decrypt cipherText
- unsigned char *desKey;
- unsigned desKeyLen;
- unsigned char *encrDesKey = NULL; // FEED encrypted desKey
- unsigned encrDesKeyLen;
- unsigned char *sigData = NULL;
- unsigned sigDataLen;
- unsigned char *sendPubKeyStr = NULL;
- unsigned sendPubKeyStrLen = 0;
- feePubKey parsedSendPubKey = NULL;
-
- if(feeCFileEncrType(cipherFile) != CFE_RandDES) {
- frtn = FR_Internal;
- goto out;
- }
-
- /*
- * Get ciphertext and encrypted DES key from cipherFile
- */
- cipherText = feeCFileCipherText(cipherFile, &cipherTextLen);
- if(cipherText == NULL) {
- frtn = FR_BadCipherFile;
- goto out;
- }
- encrDesKey = feeCFileOtherKeyData(cipherFile, &encrDesKeyLen);
- if(encrDesKey == NULL) {
- frtn = FR_BadCipherFile;
- goto out;
- }
-
- /*
- * FEED decrypt to get DES key
- */
- feed = feeFEEDExpNewWithPubKey(recvPrivKey, NULL, NULL);
- if(feed == NULL) {
- frtn = FR_BadPubKey;
- goto out;
- }
- frtn = feeFEEDExpDecrypt(feed,
- encrDesKey,
- encrDesKeyLen,
- &desKey,
- &desKeyLen);
- if(frtn) {
- goto out;
- }
-
- /*
- * Now DES decrypt the ciphertext
- */
- if(desKeyLen != FEE_DES_MIN_STATE_SIZE) {
- frtn = FR_BadCipherFile;
- goto out;
- }
- des = feeDESNewWithState(desKey, desKeyLen);
- if(des == NULL) {
- frtn = FR_Internal;
- goto out;
- }
- frtn = feeDESDecrypt(des,
- cipherText,
- cipherTextLen,
- plainText,
- plainTextLen);
- if(frtn) {
- goto out;
- }
-
- sigData = feeCFileSigData(cipherFile, &sigDataLen);
- if(sigData) {
- feeReturn sigFrtn;
-
- if(sendPubKey == NULL) {
- /*
- * Obtain sender's public key from cipherfile
- */
- sendPubKeyStr = feeCFileSendPubKeyData(cipherFile,
- &sendPubKeyStrLen);
- if(sendPubKeyStr == NULL) {
- /*
- * Hmm..shouldn't really happen, but let's
- * press on.
- */
- *sigStatus = SS_PresentNoKey;
- goto out;
- }
- parsedSendPubKey = feePubKeyAlloc();
- frtn = feePubKeyInitFromKeyString(parsedSendPubKey,
- (char *)sendPubKeyStr, sendPubKeyStrLen);
- if(frtn) {
- dbgLog(("parseRandDES: bad sendPubKeyStr\n"));
- *sigStatus = SS_PresentNoKey;
- goto out;
- }
- sendPubKey = parsedSendPubKey;
- }
- sigFrtn = feePubKeyVerifySignature(sendPubKey,
- cipherText,
- cipherTextLen,
- sigData,
- sigDataLen);
- switch(sigFrtn) {
- case FR_Success:
- *sigStatus = SS_PresentValid;
- break;
- default:
- *sigStatus = SS_PresentInvalid;
- break;
- }
- }
- else {
- *sigStatus = SS_NotPresent;
- }
-out:
- if(cipherText) {
- ffree(cipherText);
- }
- if(feed) {
- feeFEEDExpFree(feed);
- }
- if(des) {
- feeDESFree(des);
- }
- if(desKey) {
- memset(desKey, 0, desKeyLen);
- ffree(desKey);
- }
- if(encrDesKey) {
- ffree(encrDesKey);
- }
- if(sigData) {
- ffree(sigData);
- }
- if(parsedSendPubKey) {
- feePubKeyFree(parsedSendPubKey);
- }
- if(sendPubKeyStr) {
- ffree(sendPubKeyStr);
- }
- return frtn;
-}
-
-feeReturn createPubDES(feePubKey sendPrivKey, // required
- feePubKey recvPubKey,
- const unsigned char *plainText,
- unsigned plainTextLen,
- int genSig, // 1 ==> generate signature
- unsigned userData, // for caller's convenience
- feeCipherFile *cipherFile) // RETURNED if successful
-{
- feeRand frand = NULL;
- feeReturn frtn;
- unsigned char *desKey;
- unsigned desKeyLen;
- feeDES des = NULL;
- unsigned char *cipherText = NULL;
- unsigned cipherTextLen;
- unsigned char *sigData = NULL;
- unsigned sigDataLen = 0;
- feeCipherFile cfile = NULL;
- unsigned char *pubKeyString = NULL;
- unsigned pubKeyStringLen;
-
- if((sendPrivKey == NULL) || (recvPubKey == NULL)) {
- return FR_BadPubKey;
- }
-
- /*
- * Get the public string version of sendPrivKey for embedding in
- * cipherfile
- */
- frtn = feePubKeyCreateKeyString(sendPrivKey,
- (char **)&pubKeyString,
- &pubKeyStringLen);
- if(frtn) {
- goto out;
- }
-
- /*
- * Obtain DES key via key exchange and get a feeDES object with it
- */
- frtn = feePubKeyCreatePad(sendPrivKey,
- recvPubKey,
- &desKey,
- &desKeyLen);
- if(frtn) {
- goto out;
- }
- des = feeDESNewWithState(desKey, desKeyLen);
- if(des == NULL) {
- frtn = FR_Internal;
- goto out;
- }
-
- /*
- * Encrypt the plaintext via DES
- */
- frtn = feeDESEncrypt(des,
- plainText,
- plainTextLen,
- &cipherText,
- &cipherTextLen);
- if(frtn) {
- goto out;
- }
-
- if(genSig) {
- /*
- * We generate signature on ciphertext by convention.
- */
- frtn = feePubKeyCreateSignature(sendPrivKey,
- cipherText,
- cipherTextLen,
- &sigData,
- &sigDataLen);
- if(frtn) {
- goto out;
- }
- }
-
- /*
- * Cons up a cipherfile
- */
- cfile = feeCFileNewFromCipherText(CFE_PublicDES,
- cipherText,
- cipherTextLen,
- pubKeyString,
- pubKeyStringLen,
- NULL, // otherKey
- 0,
- sigData,
- sigDataLen,
- userData);
- if(cfile == NULL) {
- frtn = FR_Internal;
- goto out;
- }
-
-out:
- /* free alloc'd stuff */
-
- if(cipherText) {
- ffree(cipherText);
- }
- if(frand) {
- feeRandFree(frand);
- }
- if(des) {
- feeDESFree(des);
- }
- if(desKey) {
- ffree(desKey);
- }
- if(sigData) {
- ffree(sigData);
- }
- if(pubKeyString) {
- ffree(pubKeyString);
- }
- *cipherFile = cfile;
- return frtn;
-
-}
-
-feeReturn decryptPubDES(feeCipherFile cipherFile,
- feePubKey recvPrivKey,
- feePubKey sendPubKey,
- unsigned char **plainText, // RETURNED
- unsigned *plainTextLen, // RETURNED
- feeSigStatus *sigStatus) // RETURNED
-{
- feeReturn frtn = FR_Success;
- unsigned char *cipherText = NULL;
- unsigned cipherTextLen;
- feeDES des = NULL; // to decrypt cipherText
- unsigned char *desKey;
- unsigned desKeyLen;
- unsigned char *sigData = NULL;
- unsigned sigDataLen;
- unsigned char *pubKeyString = NULL;
- unsigned pubKeyStringLen;
- feePubKey decryptPubKey = NULL; // from cipherfile
-
- if(feeCFileEncrType(cipherFile) != CFE_PublicDES) {
- frtn = FR_Internal;
- goto out;
- }
-
- /*
- * Get ciphertext and sender's public key from cipherFile
- */
- cipherText = feeCFileCipherText(cipherFile, &cipherTextLen);
- if(cipherText == NULL) {
- frtn = FR_BadCipherFile;
- goto out;
- }
- pubKeyString = feeCFileSendPubKeyData(cipherFile, &pubKeyStringLen);
- if(pubKeyString == NULL) {
- frtn = FR_BadCipherFile;
- goto out;
- }
- decryptPubKey = feePubKeyAlloc();
- frtn = feePubKeyInitFromKeyString(decryptPubKey,
- (char *)pubKeyString,
- pubKeyStringLen);
- if(frtn) {
- goto out;
- }
-
- /*
- * key exchange to get DES key
- */
- frtn = feePubKeyCreatePad(recvPrivKey,
- decryptPubKey,
- &desKey,
- &desKeyLen);
- if(frtn) {
- goto out;
- }
-
- /*
- * Now DES decrypt the ciphertext
- */
- if(desKeyLen < FEE_DES_MIN_STATE_SIZE) {
- frtn = FR_BadCipherFile;
- goto out;
- }
- des = feeDESNewWithState(desKey, desKeyLen);
- if(des == NULL) {
- frtn = FR_Internal;
- goto out;
- }
- frtn = feeDESDecrypt(des,
- cipherText,
- cipherTextLen,
- plainText,
- plainTextLen);
- if(frtn) {
- goto out;
- }
-
- sigData = feeCFileSigData(cipherFile, &sigDataLen);
- if(sigData) {
- feeReturn sigFrtn;
-
- if(sendPubKey == NULL) {
- /*
- * Use key embedded in cipherfile
- */
- sendPubKey = decryptPubKey;
- }
- sigFrtn = feePubKeyVerifySignature(sendPubKey,
- cipherText,
- cipherTextLen,
- sigData,
- sigDataLen);
- switch(sigFrtn) {
- case FR_Success:
- *sigStatus = SS_PresentValid;
- break;
- default:
- *sigStatus = SS_PresentInvalid;
- break;
- }
- }
- else {
- *sigStatus = SS_NotPresent;
- }
-out:
- if(cipherText) {
- ffree(cipherText);
- }
- if(des) {
- feeDESFree(des);
- }
- if(desKey) {
- ffree(desKey);
- }
- if(pubKeyString) {
- ffree(pubKeyString);
- }
- if(sigData) {
- ffree(sigData);
- }
- if(decryptPubKey) {
- feePubKeyFree(decryptPubKey);
- }
- return frtn;
-}
-
-#endif /* CRYPTKIT_CIPHERFILE_ENABLE */
-
projects / apple / security.git / blobdiff