diff -r 527d0fde484e -r de23f8881e9f libidav/resource.c
--- a/libidav/resource.c	Sun Mar 06 15:19:50 2016 +0100
+++ b/libidav/resource.c	Mon Mar 14 11:54:55 2016 +0100
@@ -584,9 +584,9 @@
                     0);
             
             // get sha256 hash
-            char sha[SHA256_DIGEST_LENGTH];
+            unsigned char sha[SHA256_DIGEST_LENGTH];
             dav_get_hash(&enc->sha256, sha);
-            char *enc_hash = aes_encrypt(sha, SHA256_DIGEST_LENGTH, sn->key);
+            char *enc_hash = aes_encrypt((char*)sha, SHA256_DIGEST_LENGTH, sn->key);
             
             aes_encrypter_close(enc);
             if(buf) {
@@ -682,10 +682,12 @@
     
     char *hash = NULL;
     if(dec) {
+        aes_decrypter_shutdown(dec); // get final bytes
+        
         // get hash
-        char sha[SHA256_DIGEST_LENGTH];
+        unsigned char sha[SHA256_DIGEST_LENGTH];
         dav_get_hash(&dec->sha256, sha);
-        hash = util_hexstr((unsigned char*)sha, 32);
+        hash = util_hexstr(sha, 32);
         
         aes_decrypter_close(dec);
     }
@@ -923,6 +925,54 @@
     return dav_cp_mv_url(res, url, false, override);
 }
 
+char* dav_lock(DavResource *res) {
+    DavSession *sn = res->session;
+    CURL *handle = sn->handle;
+    util_set_url(sn, dav_resource_get_href(res));
+    
+    UcxBuffer *request = create_lock_request();
+    UcxBuffer *response = ucx_buffer_new(NULL, 512, UCX_BUFFER_AUTOEXTEND);
+    CURLcode ret = do_lock_request(handle, request, response);
+    
+    //printf("\nlock\n");
+    //printf("%.*s\n\n", request->size, request->space);
+    //printf("%.*s\n\n", response->size, response->space);
+    
+    long status = 0;
+    curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &status);
+    if(ret == CURLE_OK && (status >= 200 && status < 300)) {
+        LockDiscovery lock;
+        if(parse_lock_response(sn, response, &lock)) {
+            sn->error = DAV_ERROR;
+            return NULL;
+        }
+        
+        free(lock.timeout);
+        return lock.locktoken;
+    } else {
+        dav_session_set_error(sn, ret, status);
+        return NULL;
+    }
+}
+
+int dav_unlock(DavResource *res, char *locktoken) {
+    DavSession *sn = res->session;
+    CURL *handle = sn->handle;
+    util_set_url(sn, dav_resource_get_href(res));
+    
+    CURLcode ret = do_unlock_request(handle, locktoken);
+    long status = 0;
+    curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &status);
+    if(ret == CURLE_OK && (status >= 200 && status < 300)) {
+        return 0;
+    } else {
+        dav_session_set_error(sn, ret, status);
+        return 1;
+    }
+    
+    return 0;
+}
+
 
 int resource_add_crypto_info(DavSession *sn, char *href, char *name, char *hash) {
     if(!DAV_IS_ENCRYPTED(sn)) {