--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/libidav/crypto.c Mon Mar 17 18:42:01 2014 +0100 @@ -0,0 +1,267 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright 2013 Olaf Wintermann. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <openssl/rand.h> + +#include <libidav/utils.h> +#include "crypto.h" + +AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) { + AESDecrypter *dec = malloc(sizeof(AESDecrypter)); + dec->stream = stream; + dec->write = write_func; + dec->key = key; + dec->init = 0; + dec->ivpos = 0; + + return dec; +} + +void aes_decrypter_init(AESDecrypter *dec) { + EVP_CIPHER_CTX_init(&dec->ctx); + dec->init = 1; + if(dec->key->type == DAV_KEY_AES128) { + EVP_DecryptInit_ex( + &dec->ctx, + EVP_aes_128_cbc(), + NULL, + dec->key->data, + dec->ivtmp); + } else if(dec->key->type == DAV_KEY_AES256) { + EVP_DecryptInit_ex( + &dec->ctx, + EVP_aes_256_cbc(), + NULL, + dec->key->data, + dec->ivtmp); + } else { + fprintf(stderr, "unknown key type\n"); + exit(-1); + } +} + +size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) { + int len = s*n; + if(!dec->init) { + size_t n = 16 - dec->ivpos; + size_t cp = n > len ? len : n; + memcpy(dec->ivtmp + dec->ivpos, buf, cp); + dec->ivpos += cp; + if(dec->ivpos >= 16) { + aes_decrypter_init(dec); + } + if(len == cp) { + return len; + } else { + buf = (char*)buf + cp; + len -= cp; + } + } + + int outlen = len + 16; + unsigned char *out = malloc(outlen); + EVP_DecryptUpdate(&dec->ctx, out, &len, buf, len); + dec->write(out, 1, len, dec->stream); + free(out); + return (s*n) / s; +} + +void aes_decrypter_close(AESDecrypter *dec) { + void *out = malloc(128); + int len = 0; + EVP_DecryptFinal_ex(&dec->ctx, out, &len); + dec->write(out, 1, len, dec->stream); + free(out); + EVP_CIPHER_CTX_cleanup(&dec->ctx); + free(dec); +} + + +AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func) { + unsigned char *iv = malloc(16); + if(!RAND_bytes(iv, 16)) { + free(iv); + return NULL; + } + + AESEncrypter *enc = malloc(sizeof(AESEncrypter)); + enc->stream = stream; + enc->read = read_func; + enc->tmp = NULL; + enc->tmplen = 0; + enc->tmpoff = 0; + enc->end = 0; + //enc->iv = iv; + enc->iv = iv; + enc->ivlen = 16; + + EVP_CIPHER_CTX_init(&enc->ctx); + if(key->type == DAV_KEY_AES128) { + EVP_EncryptInit_ex(&enc->ctx, EVP_aes_128_cbc(), NULL, key->data, enc->iv); + } else if(key->type == DAV_KEY_AES256) { + EVP_EncryptInit_ex(&enc->ctx, EVP_aes_256_cbc(), NULL, key->data, enc->iv); + } else { + fprintf(stderr, "unknown key type\n"); + exit(-1); + } + return enc; +} + +size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) { + size_t len = s*n; + if(enc->tmp) { + size_t tmp_diff = enc->tmplen - enc->tmpoff; + size_t cp_len = tmp_diff > len ? len : tmp_diff; + memcpy(buf, enc->tmp + enc->tmpoff, cp_len); + enc->tmpoff += cp_len; + if(enc->tmpoff >= enc->tmplen) { + free(enc->tmp); + enc->tmp = NULL; + enc->tmplen = 0; + enc->tmpoff = 0; + } + return cp_len / s; + } + + if(enc->end) { + return 0; + } + + void *in = malloc(len); + size_t in_len = enc->read(in, 1, len, enc->stream); + + unsigned char *out = NULL; + int outlen = 0; + size_t ivl = enc->ivlen; + if(in_len != 0) { + outlen = len + 16; + out = malloc(outlen + ivl); + if(enc->iv) { + memcpy(out, enc->iv, ivl); + } + EVP_EncryptUpdate(&enc->ctx, out + ivl, &outlen, in, in_len); + free(in); + } else { + out = malloc(16); + EVP_EncryptFinal_ex(&enc->ctx, out, &outlen); + enc->end = 1; + } + enc->tmp = (char*)out; + enc->tmplen = outlen + ivl; + enc->tmpoff = 0; + + if(enc->iv) { + enc->iv = NULL; + enc->ivlen = 0; + } + + return aes_read(buf, s, n, enc); +} + +void aes_encrypter_close(AESEncrypter *enc) { + if(enc->tmp) { + free(enc->tmp); + } + EVP_CIPHER_CTX_cleanup(&enc->ctx); + free(enc); +} + + +char* aes_encrypt(char *in, DavKey *key) { + char *iv = malloc(16); + if(!RAND_bytes(iv, 16)) { + free(iv); + return NULL; + } + + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + if(key->type == DAV_KEY_AES128) { + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->data, iv); + } else if(key->type == DAV_KEY_AES256) { + EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->data, iv); + } else { + return NULL; + } + + int len = strlen(in); + int buflen = len + 64; + char *buf = calloc(1, buflen); + memcpy(buf, iv, 16); + + int l = buflen - 16; + EVP_EncryptUpdate(&ctx, buf + 16, &l, in, len); + + int f = 0; + EVP_EncryptFinal_ex(&ctx, buf + 16 + l, &f); + char *out = util_base64encode(buf, 16 + l + f); + free(buf); + return out; +} + +char* aes_decrypt(char *in, DavKey *key) { + int len; + char *buf = util_base64decode_len(in, &len); + + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + if(key->type == DAV_KEY_AES128) { + EVP_DecryptInit_ex( + &ctx, + EVP_aes_128_cbc(), + NULL, + key->data, + buf); + } else if(key->type == DAV_KEY_AES256) { + EVP_DecryptInit_ex( + &ctx, + EVP_aes_256_cbc(), + NULL, + key->data, + buf); + } else { + return NULL; + } + + char *out = malloc(len + 1); + int outlen = len; + char *in_buf = buf + 16; + int inlen = len - 16; + int f = 0; + + + + EVP_DecryptUpdate(&ctx, out, &outlen, in_buf, inlen); + EVP_DecryptFinal_ex(&ctx, out + outlen, &f); + out[outlen + f] = '\0'; + free(buf); + return out; +}