libidav/crypto.c

Fri, 15 Nov 2019 18:07:11 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Fri, 15 Nov 2019 18:07:11 +0100
changeset 679
0d352b79363a
parent 625
e1a85fbf68f9
child 688
d405d2ac78e6
permissions
-rw-r--r--

fix some versioning related bugs and add tests

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright 2018 Olaf Wintermann. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *   1. Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *
 *   2. Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include "utils.h"

#include "crypto.h"

/* -------------------- OpenSSL Crypto Functions -------------------- */
#ifdef DAV_USE_OPENSSL

#if OPENSSL_VERSION_NUMBER < 0x10000000L

static EVP_CIPHER_CTX* create_evp_cipher_ctx() {
    EVP_CIPHER_CTX *ctx = malloc(sizeof(EVP_CIPHER_CTX));
    EVP_CIPHER_CTX_init(ctx);
    return ctx;
}

static void free_evp_cipher_ctx(EVP_CIPHER_CTX *ctx) {
    EVP_CIPHER_CTX_cleanup(ctx);
    free(ctx);
}

#define EVP_CIPHER_CTX_new() create_evp_cipher_ctx()
#define EVP_CIPHER_CTX_free(ctx) free_evp_cipher_ctx(ctx)

#endif

int dav_rand_bytes(unsigned char *buf, size_t len) {
    return !RAND_bytes(buf, len);
}

AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
    AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
    SHA256_Init(&dec->sha256);
    dec->stream = stream;
    dec->write = write_func;
    dec->key = key;
    dec->init = 0;
    dec->ivpos = 0;
    
    return dec;
}

void aes_decrypter_init(AESDecrypter *dec) {
    //EVP_CIPHER_CTX_init(&dec->ctx);
    dec->ctx = EVP_CIPHER_CTX_new();
    dec->init = 1;
    if(dec->key->type == DAV_KEY_AES128) {
        EVP_DecryptInit_ex(
                dec->ctx,
                EVP_aes_128_cbc(),
                NULL,
                dec->key->data,
                dec->ivtmp);
    } else if(dec->key->type == DAV_KEY_AES256) {
        EVP_DecryptInit_ex(
                dec->ctx,
                EVP_aes_256_cbc(),
                NULL,
                dec->key->data,
                dec->ivtmp);
    } else {
        fprintf(stderr, "unknown key type\n");
        exit(-1);
    }
}

size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
    int len = s*n;
    if(!dec->init) {
        size_t n = 16 - dec->ivpos;
        size_t cp = n > len ? len : n;
        memcpy(dec->ivtmp + dec->ivpos, buf, cp);
        dec->ivpos += cp;
        if(dec->ivpos >= 16) {
            aes_decrypter_init(dec);
        }
        if(len == cp) {
            return len;
        } else {
            buf = (char*)buf + cp;
            len -= cp;
        }
    }
    
    int outlen = len + 16;
    unsigned char *out = malloc(outlen);
    EVP_DecryptUpdate(dec->ctx, out, &outlen, buf, len);
    ssize_t wlen = dec->write(out, 1, outlen, dec->stream);
    SHA256_Update(&dec->sha256, out, wlen);
    free(out);
    return (s*n) / s;
}

void aes_decrypter_shutdown(AESDecrypter *dec) {
    if(dec->init) {
        void *out = malloc(128);
        int len = 0;
        EVP_DecryptFinal_ex(dec->ctx, out, &len);
        dec->write(out, 1, len, dec->stream);
        SHA256_Update(&dec->sha256, out, len);
        free(out);
        //EVP_CIPHER_CTX_cleanup(&dec->ctx);
        EVP_CIPHER_CTX_free(dec->ctx);
    }
}

void aes_decrypter_close(AESDecrypter *dec) {
    free(dec);
}


AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) {
    unsigned char *iv = malloc(16);
    if(!RAND_bytes(iv, 16)) {
        free(iv);
        return NULL;
    }
    
    AESEncrypter *enc = malloc(sizeof(AESEncrypter));
    SHA256_Init(&enc->sha256);
    enc->stream = stream;
    enc->read = read_func;
    enc->seek = seek_func;
    enc->tmp = NULL;
    enc->tmplen = 0;
    enc->tmpoff = 0;
    enc->end = 0;
    enc->iv = iv;
    enc->ivlen = 16;
    
    //EVP_CIPHER_CTX_init(&enc->ctx);
    enc->ctx = EVP_CIPHER_CTX_new();
    if(key->type == DAV_KEY_AES128) {
        EVP_EncryptInit_ex(enc->ctx, EVP_aes_128_cbc(), NULL, key->data, enc->iv);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_EncryptInit_ex(enc->ctx, EVP_aes_256_cbc(), NULL, key->data, enc->iv);
    } else {
        fprintf(stderr, "unknown key type\n");
        exit(-1);
    }
    return enc;
}

size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
    size_t len = s*n;
    if(enc->tmp) {
        size_t tmp_diff = enc->tmplen - enc->tmpoff;
        size_t cp_len = tmp_diff > len ? len : tmp_diff;
        memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
        enc->tmpoff += cp_len;
        if(enc->tmpoff >= enc->tmplen) {
            free(enc->tmp);
            enc->tmp = NULL;
            enc->tmplen = 0;
            enc->tmpoff = 0;
        }
        return cp_len / s;
    }
    
    if(enc->end) {
        return 0;
    }
    
    void *in = malloc(len);
    size_t in_len = enc->read(in, 1, len, enc->stream);
    
    SHA256_Update(&enc->sha256, in, in_len);
    
    unsigned char *out = NULL;
    int outlen = 0;
    size_t ivl = enc->ivlen;
    if(in_len != 0) {
        outlen = len + 32;
        out = malloc(outlen + ivl);
        if(ivl > 0) {
            memcpy(out, enc->iv, ivl);
        }
        EVP_EncryptUpdate(enc->ctx, out + ivl, &outlen, in, in_len);
        if(in_len != len) {
            int newoutlen = 16;
            EVP_EncryptFinal_ex(enc->ctx, out + ivl + outlen, &newoutlen);
            outlen += newoutlen;
            enc->end = 1;
        }
    } else {
        out = malloc(16);
        EVP_EncryptFinal_ex(enc->ctx, out, &outlen);
        enc->end = 1;
    }
    enc->tmp = (char*)out;
    enc->tmplen = outlen + ivl;
    enc->tmpoff = 0;
    
    if(enc->ivlen > 0) {
        enc->ivlen = 0;
    }
    
    free(in);
    
    return aes_read(buf, s, n, enc);
}

void aes_encrypter_close(AESEncrypter *enc) {
    if(enc->tmp) {
        free(enc->tmp);
    }
    if(enc->iv) {
        free(enc->iv);
    }
    //EVP_CIPHER_CTX_cleanup(&enc->ctx);
    EVP_CIPHER_CTX_free(enc->ctx);
    free(enc);
}

int aes_encrypter_reset(AESEncrypter  *enc, curl_off_t offset, int origin) {
    if(origin != SEEK_SET || offset != 0 || !enc->seek) {
        return CURL_SEEKFUNC_CANTSEEK;
    }
    
    enc->ivlen = 16;
    if(enc->seek(enc->stream, 0, SEEK_SET) != 0) {
        return CURL_SEEKFUNC_FAIL;
    }
    return CURL_SEEKFUNC_OK;
}


char* aes_encrypt(const char *in, size_t len, DavKey *key) {
    unsigned char iv[16];
    if(!RAND_bytes(iv, 16)) {
        return NULL;
    }
    
    //EVP_CIPHER_CTX ctx;
    //EVP_CIPHER_CTX_init(&ctx);
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    if(key->type == DAV_KEY_AES128) {
        EVP_EncryptInit_ex(
                ctx,
                EVP_aes_128_cbc(),
                NULL,
                (unsigned char*)key->data,
                iv);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_EncryptInit_ex(
                ctx,
                EVP_aes_256_cbc(),
                NULL,
                (unsigned char*)key->data,
                iv);
    } else {
        //EVP_CIPHER_CTX_cleanup(&ctx);
        EVP_CIPHER_CTX_free(ctx);
        return NULL;
    }
    
    //int len = strlen(in);
    int buflen = len + 64;
    unsigned char *buf = calloc(1, buflen);
    memcpy(buf, iv, 16);
    
    int l = buflen - 16;
    EVP_EncryptUpdate(ctx, buf + 16, &l, (unsigned char*)in, len);
    
    int f = 0;
    EVP_EncryptFinal_ex(ctx, buf + 16 + l, &f);
    char *out = util_base64encode((char*)buf, 16 + l + f);
    free(buf);
    EVP_CIPHER_CTX_free(ctx);
    //EVP_CIPHER_CTX_cleanup(&ctx);
    
    return out;
}

char* aes_decrypt(const char *in, size_t *length, DavKey *key) {
    int len;
    unsigned char *buf = (unsigned char*)util_base64decode_len(in, &len);
    
    //EVP_CIPHER_CTX ctx;
    //EVP_CIPHER_CTX_init(&ctx);
    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
    if(key->type == DAV_KEY_AES128) {
        EVP_DecryptInit_ex(
                ctx,
                EVP_aes_128_cbc(),
                NULL,
                key->data,
                buf);
    } else if(key->type == DAV_KEY_AES256) {
        EVP_DecryptInit_ex(
                ctx,
                EVP_aes_256_cbc(),
                NULL,
                key->data,
                buf);
    } else {
        //EVP_CIPHER_CTX_cleanup(&ctx);
        EVP_CIPHER_CTX_free(ctx);
        return NULL;
    }
    
    unsigned char *out = malloc(len + 1);
    int outlen = len;
    unsigned char *in_buf = buf + 16;
    int inlen = len - 16;
    int f = 0; 
    
    EVP_DecryptUpdate(ctx, out, &outlen, in_buf, inlen);
    EVP_DecryptFinal_ex(ctx, out + outlen, &f);
    out[outlen + f] = '\0';
    free(buf);
    //EVP_CIPHER_CTX_cleanup(&ctx);
    EVP_CIPHER_CTX_free(ctx);
    
    *length = outlen + f;
    return (char*)out;
}


void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf){
    SHA256_Final((unsigned char*)buf, sha256);
}

char* dav_create_hash(const char *data, size_t len) {
    unsigned char hash[DAV_SHA256_DIGEST_LENGTH];
    DAV_SHA_CTX ctx;
    SHA256_Init(&ctx);
    SHA256_Update(&ctx, data, len);
    SHA256_Final(hash, &ctx);
    return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH);
}

DAV_SHA_CTX* dav_hash_init(void) {
    DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX));
    SHA256_Init(ctx);
    return ctx;
}

void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) {
    SHA256_Update(ctx, data, len);
}

void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) {
    SHA256_Final(buf, ctx);
    free(ctx);
}

#if OPENSSL_VERSION_NUMBER < 0x10100000L
static int crypto_pw2key_error = 0;
DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
    if(!crypto_pw2key_error) {
        fprintf(stderr, "Error: password key derivation not supported on this platform: openssl to old\n");
        crypto_pw2key_error = 1;
    }
    return 0;
}

#else
DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
    if(!password) {
        return NULL;
    }
    size_t len = strlen(password);
    if(len == 0) {
        return NULL;
    }
    
    // setup key data and length
    unsigned char keydata[32];
    int keylen = 32;
    switch(enc) {
        case DAV_KEY_AES128: keylen = 16; break;
        case DAV_KEY_AES256: keylen = 32; break;
        default: return NULL;
    }
    
    // generate key
    switch(pwfunc) {
        case DAV_PWFUNC_PBKDF2_SHA256: {
            PKCS5_PBKDF2_HMAC(
                    password,
                    len,
                    salt,
                    saltlen,
                    DAV_CRYPTO_ITERATION_COUNT,
                    EVP_sha256(),
                    keylen,
                    keydata);
            break;
        }
        case DAV_PWFUNC_PBKDF2_SHA512: {
            PKCS5_PBKDF2_HMAC(
                    password,
                    len,
                    salt,
                    saltlen,
                    DAV_CRYPTO_ITERATION_COUNT,
                    EVP_sha512(),
                    keylen,
                    keydata);
            break;
        }
        default: return NULL;
    }
    
    // create DavKey with generated data
    DavKey *key = malloc(sizeof(DavKey));
    key->data = malloc(keylen);
    key->length = keylen;
    key->name = NULL;
    key->type = enc;
    memcpy(key->data, keydata, keylen);
    return key;
}
#endif

#endif


/* -------------------- Apple Crypto Functions -------------------- */
#ifdef __APPLE__

#define RANDOM_BUFFER_LENGTH 256
static char randbuf[RANDOM_BUFFER_LENGTH];
static int rbufpos = RANDOM_BUFFER_LENGTH;

int dav_rand_bytes(unsigned char *buf, size_t len) {
    if(len + rbufpos > RANDOM_BUFFER_LENGTH) {
        int devr = open("/dev/urandom", O_RDONLY);
        if(devr == -1) {
            return 1;
        }
        
        if(read(devr, randbuf, RANDOM_BUFFER_LENGTH) < RANDOM_BUFFER_LENGTH) {
            close(devr);
            return 1;
        }
        
        rbufpos = 0;
        if(len > RANDOM_BUFFER_LENGTH) {
            int err = 0;
            if(read(devr, buf, len) < len) {
                err = 1;
            }
            close(devr);
            return err;
        }
        
        close(devr);
    }
    
    char *r = randbuf;
    memcpy(buf, r + rbufpos, len);
    rbufpos += len;
    
    return 0;
}

AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
    AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
    CC_SHA256_Init(&dec->sha256);
    dec->stream = stream;
    dec->write = write_func;
    dec->key = key;
    dec->init = 0;
    dec->ivpos = 0;
    
    return dec;
}


void aes_decrypter_init(AESDecrypter *dec) {
    //EVP_CIPHER_CTX_init(&dec->ctx);
    dec->init = 1;
    
    CCCryptorRef cryptor;
    CCCryptorStatus status;
    if(dec->key->type == DAV_KEY_AES128) {
        status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor);
    } else if(dec->key->type == DAV_KEY_AES256) {
        status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor);
    } else {
        fprintf(stderr, "unknown key type\n");
        exit(-1);
    }
    dec->ctx = cryptor;
}

size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
    int len = s*n;
    if(!dec->init) {
        size_t n = 16 - dec->ivpos;
        size_t cp = n > len ? len : n;
        memcpy(dec->ivtmp + dec->ivpos, buf, cp);
        dec->ivpos += cp;
        if(dec->ivpos >= 16) {
            aes_decrypter_init(dec);
        }
        if(len == cp) {
            return len;
        } else {
            buf = (char*)buf + cp;
            len -= cp;
        }
    }
    
    int outlen = len + 16;
    unsigned char *out = malloc(outlen);
    
    CCCryptorStatus status;
    size_t avail = outlen;
    size_t moved = 0;
    status = CCCryptorUpdate(dec->ctx, buf, len, out, avail, &moved);
    
    ssize_t wlen = dec->write(out, 1, moved, dec->stream);
    CC_SHA256_Update(&dec->sha256, out, wlen);
    free(out);
    return (s*n) / s;
}

void aes_decrypter_shutdown(AESDecrypter *dec) {
    if(dec->init) {
        void *out = malloc(128);
        size_t len = 0;
        //EVP_DecryptFinal_ex(dec->ctx, out, &len);
        CCCryptorFinal(dec->ctx, out, 128, &len);
        
        
        dec->write(out, 1, len, dec->stream);
        CC_SHA256_Update(&dec->sha256, out, len);
        free(out);
        //EVP_CIPHER_CTX_cleanup(&dec->ctx);
        //EVP_CIPHER_CTX_free(dec->ctx);
    }
}

void aes_decrypter_close(AESDecrypter *dec) {
    
}

AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) {
    unsigned char *iv = malloc(16);
    if(dav_rand_bytes(iv, 16)) {
        return NULL;
    }
    
    CCCryptorRef cryptor;
    CCCryptorStatus status;
    if(key->type == DAV_KEY_AES128) {
        status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
    } else if(key->type == DAV_KEY_AES256) {
        status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
    } else {
        free(iv);
        return NULL;
    }
    
    AESEncrypter *enc = malloc(sizeof(AESEncrypter));
    enc->ctx = cryptor;
    CC_SHA256_Init(&enc->sha256);
    enc->stream = stream;
    enc->read = read_func;
    enc->seek = seek_func;
    enc->tmp = NULL;
    enc->tmplen = 0;
    enc->tmpoff = 0;
    enc->end = 0;
    enc->iv = iv;
    enc->ivlen = 16;
    
    return enc;
}

size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
    size_t len = s*n;
    if(enc->tmp) {
        size_t tmp_diff = enc->tmplen - enc->tmpoff;
        size_t cp_len = tmp_diff > len ? len : tmp_diff;
        memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
        enc->tmpoff += cp_len;
        if(enc->tmpoff >= enc->tmplen) {
            free(enc->tmp);
            enc->tmp = NULL;
            enc->tmplen = 0;
            enc->tmpoff = 0;
        }
        return cp_len / s;
    }
    
    if(enc->end) {
        return 0;
    }
    
    void *in = malloc(len);
    size_t in_len = enc->read(in, 1, len, enc->stream);
    
    CC_SHA256_Update(&enc->sha256, in, in_len);
    
    unsigned char *out = NULL;
    size_t outlen = 0;
    size_t ivl = enc->ivlen;
    if(in_len != 0) {
        outlen = len + 32;
        out = malloc(outlen + ivl);
        if(ivl > 0) {
            memcpy(out, enc->iv, ivl);
        }
        
        CCCryptorStatus status;
        size_t avail = outlen;
        status = CCCryptorUpdate(enc->ctx, in, in_len, out + ivl, avail, &outlen);
        if(in_len != len) {
            size_t newoutlen = 16;
            status = CCCryptorFinal(enc->ctx, out + ivl + outlen, 16, &newoutlen);
            outlen += newoutlen;
            enc->end = 1;
        }
    } else {
        out = malloc(32);
        CCCryptorStatus status;
        size_t avail = outlen;
        status = CCCryptorFinal(enc->ctx, out, 32, &outlen);
        enc->end = 1;
    }
    enc->tmp = (char*)out;
    enc->tmplen = outlen + ivl;
    enc->tmpoff = 0;
    
    if(enc->ivlen > 0) {
        enc->ivlen = 0;
    }
    
    free(in);
    
    return aes_read(buf, s, n, enc);
}

int aes_encrypter_reset(AESEncrypter  *enc, curl_off_t offset, int origin) {
    if(origin != SEEK_SET || offset != 0 || !enc->seek) {
        return CURL_SEEKFUNC_CANTSEEK;
    }
    
    enc->ivlen = 16;
    if(enc->seek(enc->stream, 0, SEEK_SET) != 0) {
        return CURL_SEEKFUNC_FAIL;
    }
    return CURL_SEEKFUNC_OK;
}

void aes_encrypter_close(AESEncrypter *enc) {
    if(enc->tmp) {
        free(enc->tmp);
    }
    if(enc->iv) {
        free(enc->iv);
    }
    // TODO: cleanup cryptor
    free(enc);
}

char* aes_encrypt(const char *in, size_t len, DavKey *key) {
    unsigned char iv[16];
    if(dav_rand_bytes(iv, 16)) {
        return NULL;
    }
    
    CCCryptorRef cryptor;
    CCCryptorStatus status;
    if(key->type == DAV_KEY_AES128) {
        status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
    } else if(key->type == DAV_KEY_AES256) {
        status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
    } else {
        return NULL;
    }
    
    if(status != kCCSuccess) {
        return NULL;
    }
    
    int buflen = len + 64;
    char *buf = calloc(1, buflen);
    memcpy(buf, iv, 16);
    
    int pos = 16;
    size_t avail = buflen - 16;
    size_t moved;
    char *out = buf + 16;
    
    status = CCCryptorUpdate(cryptor, in,
         len, out, avail,
         &moved);
    if(status != kCCSuccess) {
        free(buf);
        return NULL;
    }
    
    pos += moved;
    avail -= moved;
    out += moved;
    
    status = CCCryptorFinal(cryptor, out, avail, &moved);
    if(status != kCCSuccess) {
        free(buf);
        return NULL;
    }
    
    pos += moved;
    
    char *b64enc = util_base64encode(buf, pos);
    free(buf);
    
    return b64enc;
}

char* aes_decrypt(const char *in, size_t *len, DavKey *key) {
    int inlen;
    unsigned char *buf = (unsigned char*)util_base64decode_len(in, &inlen);
    
    CCCryptorRef cryptor;
    CCCryptorStatus status;
    if(key->type == DAV_KEY_AES128) {
        status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor);
    } else if(key->type == DAV_KEY_AES256) {
        status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor);
    } else {
        free(buf);
        return NULL;
    }
    
    if(status != kCCSuccess) {
        free(buf);
        return NULL;
    }
    
    char *out = malloc(inlen + 1);
    size_t outavail = inlen;
    size_t outlen = 0;
    
    unsigned char *inbuf = buf + 16;
    inlen -= 16;
    
    size_t moved = 0;
    status = CCCryptorUpdate(cryptor, inbuf, inlen, out, outavail, &moved);
    if(status != kCCSuccess) {
        free(buf);
        free(out);
        // TODO cryptor
        return NULL;
    }
    
    outlen += moved;
    outavail -= moved;
    
    status = CCCryptorFinal(cryptor, out + outlen, outavail, &moved);
    if(status != kCCSuccess) {
        free(buf);
        free(out);
        // TODO cryptor
        return NULL;
    }
    
    outlen += moved;
    out[outlen] = 0;
    
    *len = outlen;
    return out;
}

void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf) {
    CC_SHA256_Final(buf, sha256);
}

char* dav_create_hash(const char *data, size_t len) {
    unsigned char hash[DAV_SHA256_DIGEST_LENGTH];
    CC_SHA256((const unsigned char*)data, len, hash);
    return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH);
}

DAV_SHA_CTX* dav_hash_init(void) {
    DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX));
    CC_SHA256_Init(ctx);
    return ctx;
}

void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) {
    CC_SHA256_Update(ctx, data, len);
}

void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) {
    CC_SHA256_Final(buf, ctx);
    free(ctx);
}

DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
    if(!password) {
        return NULL;
    }
    size_t len = strlen(password);
    if(len == 0) {
        return NULL;
    }
    
    // setup key data and length
    unsigned char keydata[32];
    int keylen = 32;
    switch(enc) {
        case DAV_KEY_AES128: keylen = 16; break;
        case DAV_KEY_AES256: keylen = 32; break;
        default: return NULL;
    }
    
    // generate key
    switch(pwfunc) {
        case DAV_PWFUNC_PBKDF2_SHA256: {
            int result = CCKeyDerivationPBKDF(
                    kCCPBKDF2,
                    password,
                    len,
                    salt,
                    saltlen,
                    kCCPRFHmacAlgSHA256,
                    DAV_CRYPTO_ITERATION_COUNT,
                    keydata,
                    keylen);
            if(result) {
                return NULL;
            }
            break;
        }
        case DAV_PWFUNC_PBKDF2_SHA512: {
            int result = CCKeyDerivationPBKDF(
                    kCCPBKDF2,
                    password,
                    len,
                    salt,
                    saltlen,
                    kCCPRFHmacAlgSHA512,
                    DAV_CRYPTO_ITERATION_COUNT,
                    keydata,
                    keylen);
            if(result) {
                return NULL;
            }
            break;
        }
        default: return NULL;
    }
    
    // create DavKey with generated data
    DavKey *key = malloc(sizeof(DavKey));
    key->data = malloc(keylen);
    key->length = keylen;
    key->name = NULL;
    key->type = enc;
    memcpy(key->data, keydata, keylen);
    return key;
}

#endif

UcxBuffer* aes_encrypt_buffer(UcxBuffer *in, DavKey *key) {
    UcxBuffer *encbuf = ucx_buffer_new(
            NULL,
            in->size+16,
            UCX_BUFFER_AUTOEXTEND);
    
    AESEncrypter *enc = aes_encrypter_new(
            key,
            in,
            (dav_read_func)ucx_buffer_read,
            NULL);
    if(!enc) {
        ucx_buffer_free(encbuf);
        return NULL;
    }
    
    char buf[1024];
    size_t r;
    while((r = aes_read(buf, 1, 1024, enc)) > 0) {
        ucx_buffer_write(buf, 1, r, encbuf);
    }
    aes_encrypter_close(enc);
    
    encbuf->pos = 0;
    return encbuf;
}

UcxBuffer* aes_decrypt_buffer(UcxBuffer *in, DavKey *key) {
    UcxBuffer *decbuf = ucx_buffer_new(
            NULL,
            in->size,
            UCX_BUFFER_AUTOEXTEND);
    AESDecrypter *dec = aes_decrypter_new(
            key,
            decbuf,
            (dav_write_func)ucx_buffer_write);
    
    aes_write(in->space, 1, in->size, dec);
    aes_decrypter_shutdown(dec);
    aes_decrypter_close(dec);
    decbuf->pos = 0;
    return decbuf;
}

mercurial