libidav/crypto.c

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2016 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/rand.h>

#include <libidav/utils.h>
#include "crypto.h"

AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
    AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
    SHA256_Init(&dec->sha256);
    dec->stream = stream;
    dec->write = write_func;
    dec->key = key;
    dec->init = 0;
    dec->ivpos = 0;
    
    return dec;
}

void aes_decrypter_init(AESDecrypter *dec) {
    EVP_CIPHER_CTX_init(&dec->ctx);
    dec->init = 1;
    if(dec->key->type == DAV_KEY_AES128) {
        EVP_DecryptInit_ex(
                &dec->ctx,
                EVP_aes_128_cbc(),
                NULL,
                dec->key->data,
                dec->ivtmp);
    } else if(dec->key->type == DAV_KEY_AES256) {
        EVP_DecryptInit_ex(
                &dec->ctx,
                EVP_aes_256_cbc(),
                NULL,
                dec->key->data,
                dec->ivtmp);
    } else {
        fprintf(stderr, "unknown key type\n");
        exit(-1);
    }
}

size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
    int len = s*n;
    if(!dec->init) {
        size_t n = 16 - dec->ivpos;
        size_t cp = n > len ? len : n;
        memcpy(dec->ivtmp + dec->ivpos, buf, cp);
        dec->ivpos += cp;
        if(dec->ivpos >= 16) {
            aes_decrypter_init(dec);
        }
        if(len == cp) {
            return len;
        } else {
            buf = (char*)buf + cp;
            len -= cp;
        }
    }
    
    int outlen = len + 16;
    unsigned char *out = malloc(outlen);
    EVP_DecryptUpdate(&dec->ctx, out, &len, buf, len);
    ssize_t wlen = dec->write(out, 1, len, dec->stream);
    SHA256_Update(&dec->sha256, out, wlen);
    free(out);
    return (s*n) / s;
}

void aes_decrypter_shutdown(AESDecrypter *dec) {
    if(dec->init) {
        void *out = malloc(128);
        int len = 0;
        EVP_DecryptFinal_ex(&dec->ctx, out, &len);
        dec->write(out, 1, len, dec->stream);
        SHA256_Update(&dec->sha256, out, len);
        free(out);
        EVP_CIPHER_CTX_cleanup(&dec->ctx);
    }
}

void aes_decrypter_close(AESDecrypter *dec) {
    free(dec);
}


AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func) {
    unsigned char *iv = malloc(16);
    if(!RAND_bytes(iv, 16)) {
        free(iv);
        return NULL;
    }
    
    AESEncrypter *enc = malloc(sizeof(AESEncrypter));
    SHA256_Init(&enc->sha256);
    enc->stream = stream;
    enc->read = read_func;
    enc->tmp = NULL;
    enc->tmplen = 0;
    enc->tmpoff = 0;
    enc->end = 0;
    enc->iv = iv;
    enc->ivlen = 16;
    
    EVP_CIPHER_CTX_init(&enc->ctx);
    if(key->type == DAV_KEY_AES128) {
        EVP_EncryptInit_ex(&enc->ctx, EVP_aes_128_cbc(), NULL, key->data, enc->iv);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_EncryptInit_ex(&enc->ctx, EVP_aes_256_cbc(), NULL, key->data, enc->iv);
    } else {
        fprintf(stderr, "unknown key type\n");
        exit(-1);
    }
    return enc;
}

size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
    size_t len = s*n;
    if(enc->tmp) {
        size_t tmp_diff = enc->tmplen - enc->tmpoff;
        size_t cp_len = tmp_diff > len ? len : tmp_diff;
        memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
        enc->tmpoff += cp_len;
        if(enc->tmpoff >= enc->tmplen) {
            free(enc->tmp);
            enc->tmp = NULL;
            enc->tmplen = 0;
            enc->tmpoff = 0;
        }
        return cp_len / s;
    }
    
    if(enc->end) {
        return 0;
    }
    
    void *in = malloc(len);
    size_t in_len = enc->read(in, 1, len, enc->stream);
    
    SHA256_Update(&enc->sha256, in, in_len);
    
    unsigned char *out = NULL;
    int outlen = 0;
    size_t ivl = enc->ivlen;
    if(in_len != 0) {
        outlen = len + 16;
        out = malloc(outlen + ivl);
        if(enc->iv) {
            memcpy(out, enc->iv, ivl);
        }
        EVP_EncryptUpdate(&enc->ctx, out + ivl, &outlen, in, in_len);
        free(in);
    } else {
        out = malloc(16);
        EVP_EncryptFinal_ex(&enc->ctx, out, &outlen);
        enc->end = 1;
        free(in);
    }
    enc->tmp = (char*)out;
    enc->tmplen = outlen + ivl;
    enc->tmpoff = 0;
    
    if(enc->iv) {
        free(enc->iv);
        enc->iv = NULL;
        enc->ivlen = 0;
    }
    
    return aes_read(buf, s, n, enc);
}

void aes_encrypter_close(AESEncrypter *enc) {
    if(enc->tmp) {
        free(enc->tmp);
    }
    if(enc->iv) {
        free(enc->iv);
    }
    EVP_CIPHER_CTX_cleanup(&enc->ctx);
    free(enc);
}


char* aes_encrypt(char *in, size_t len, DavKey *key) {
    unsigned char iv[16];
    if(!RAND_bytes(iv, 16)) {
        return NULL;
    }
    
    EVP_CIPHER_CTX ctx;
    EVP_CIPHER_CTX_init(&ctx);
    if(key->type == DAV_KEY_AES128) {
        EVP_EncryptInit_ex(
                &ctx,
                EVP_aes_128_cbc(),
                NULL,
                (unsigned char*)key->data,
                iv);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_EncryptInit_ex(
                &ctx,
                EVP_aes_256_cbc(),
                NULL,
                (unsigned char*)key->data,
                iv);
    } else {
        EVP_CIPHER_CTX_cleanup(&ctx);
        return NULL;
    }
    
    //int len = strlen(in);
    int buflen = len + 64;
    unsigned char *buf = calloc(1, buflen);
    memcpy(buf, iv, 16);
    
    int l = buflen - 16;
    EVP_EncryptUpdate(&ctx, buf + 16, &l, (unsigned char*)in, len);
    
    int f = 0;
    EVP_EncryptFinal_ex(&ctx, buf + 16 + l, &f);
    char *out = util_base64encode((char*)buf, 16 + l + f);
    free(buf);
    EVP_CIPHER_CTX_cleanup(&ctx);
    
    return out;
}

char* aes_decrypt(char *in, size_t *length, DavKey *key) {
    int len;
    unsigned char *buf = (unsigned char*)util_base64decode_len(in, &len);
    
    EVP_CIPHER_CTX ctx;
    EVP_CIPHER_CTX_init(&ctx);
    if(key->type == DAV_KEY_AES128) {
        EVP_DecryptInit_ex(
                &ctx,
                EVP_aes_128_cbc(),
                NULL,
                key->data,
                buf);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_DecryptInit_ex(
                &ctx,
                EVP_aes_256_cbc(),
                NULL,
                key->data,
                buf);
    } else {
        EVP_CIPHER_CTX_cleanup(&ctx);
        return NULL;
    }
    
    unsigned char *out = malloc(len + 1);
    int outlen = len;
    unsigned char *in_buf = buf + 16;
    int inlen = len - 16;
    int f = 0; 
    
    EVP_DecryptUpdate(&ctx, out, &outlen, in_buf, inlen);
    EVP_DecryptFinal_ex(&ctx, out + outlen, &f);
    out[outlen + f] = '\0';
    free(buf);
    EVP_CIPHER_CTX_cleanup(&ctx);
    
    *length = outlen + f;
    return (char*)out;
}


void dav_get_hash(SHA256_CTX *sha256, unsigned char *buf) {
    SHA256_Final((unsigned char*)buf, sha256);
}