|
1 /* |
|
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
3 * |
|
4 * Copyright 2018 Olaf Wintermann. All rights reserved. |
|
5 * |
|
6 * Redistribution and use in source and binary forms, with or without |
|
7 * modification, are permitted provided that the following conditions are met: |
|
8 * |
|
9 * 1. Redistributions of source code must retain the above copyright |
|
10 * notice, this list of conditions and the following disclaimer. |
|
11 * |
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
13 * notice, this list of conditions and the following disclaimer in the |
|
14 * documentation and/or other materials provided with the distribution. |
|
15 * |
|
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
|
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE |
|
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
26 * POSSIBILITY OF SUCH DAMAGE. |
|
27 */ |
|
28 |
|
29 #include <stdio.h> |
|
30 #include <stdlib.h> |
|
31 #include <string.h> |
|
32 #include <fcntl.h> |
|
33 |
|
34 #ifndef _WIN32 |
|
35 #include <unistd.h> |
|
36 #endif |
|
37 |
|
38 #include "utils.h" |
|
39 |
|
40 #include "crypto.h" |
|
41 |
|
42 /* -------------------- OpenSSL Crypto Functions -------------------- */ |
|
43 #ifdef DAV_USE_OPENSSL |
|
44 |
|
45 #if OPENSSL_VERSION_NUMBER < 0x10000000L |
|
46 |
|
47 static EVP_CIPHER_CTX* create_evp_cipher_ctx() { |
|
48 EVP_CIPHER_CTX *ctx = malloc(sizeof(EVP_CIPHER_CTX)); |
|
49 EVP_CIPHER_CTX_init(ctx); |
|
50 return ctx; |
|
51 } |
|
52 |
|
53 static void free_evp_cipher_ctx(EVP_CIPHER_CTX *ctx) { |
|
54 EVP_CIPHER_CTX_cleanup(ctx); |
|
55 free(ctx); |
|
56 } |
|
57 |
|
58 #define EVP_CIPHER_CTX_new() create_evp_cipher_ctx() |
|
59 #define EVP_CIPHER_CTX_free(ctx) free_evp_cipher_ctx(ctx) |
|
60 |
|
61 #endif |
|
62 |
|
63 int dav_rand_bytes(unsigned char *buf, size_t len) { |
|
64 return !RAND_bytes(buf, len); |
|
65 } |
|
66 |
|
67 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) { |
|
68 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter)); |
|
69 SHA256_Init(&dec->sha256); |
|
70 dec->stream = stream; |
|
71 dec->write = write_func; |
|
72 dec->key = key; |
|
73 dec->init = 0; |
|
74 dec->ivpos = 0; |
|
75 |
|
76 return dec; |
|
77 } |
|
78 |
|
79 void aes_decrypter_init(AESDecrypter *dec) { |
|
80 //EVP_CIPHER_CTX_init(&dec->ctx); |
|
81 dec->ctx = EVP_CIPHER_CTX_new(); |
|
82 dec->init = 1; |
|
83 if(dec->key->type == DAV_KEY_AES128) { |
|
84 EVP_DecryptInit_ex( |
|
85 dec->ctx, |
|
86 EVP_aes_128_cbc(), |
|
87 NULL, |
|
88 dec->key->data, |
|
89 dec->ivtmp); |
|
90 } else if(dec->key->type == DAV_KEY_AES256) { |
|
91 EVP_DecryptInit_ex( |
|
92 dec->ctx, |
|
93 EVP_aes_256_cbc(), |
|
94 NULL, |
|
95 dec->key->data, |
|
96 dec->ivtmp); |
|
97 } else { |
|
98 fprintf(stderr, "unknown key type\n"); |
|
99 exit(-1); |
|
100 } |
|
101 } |
|
102 |
|
103 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) { |
|
104 int len = s*n; |
|
105 if(!dec->init) { |
|
106 size_t n = 16 - dec->ivpos; |
|
107 size_t cp = n > len ? len : n; |
|
108 memcpy(dec->ivtmp + dec->ivpos, buf, cp); |
|
109 dec->ivpos += cp; |
|
110 if(dec->ivpos >= 16) { |
|
111 aes_decrypter_init(dec); |
|
112 } |
|
113 if(len == cp) { |
|
114 return len; |
|
115 } else { |
|
116 buf = (char*)buf + cp; |
|
117 len -= cp; |
|
118 } |
|
119 } |
|
120 |
|
121 int outlen = len + 16; |
|
122 unsigned char *out = malloc(outlen); |
|
123 EVP_DecryptUpdate(dec->ctx, out, &outlen, buf, len); |
|
124 ssize_t wlen = dec->write(out, 1, outlen, dec->stream); |
|
125 SHA256_Update(&dec->sha256, out, wlen); |
|
126 free(out); |
|
127 return (s*n) / s; |
|
128 } |
|
129 |
|
130 void aes_decrypter_shutdown(AESDecrypter *dec) { |
|
131 if(dec->init) { |
|
132 void *out = malloc(128); |
|
133 int len = 0; |
|
134 EVP_DecryptFinal_ex(dec->ctx, out, &len); |
|
135 dec->write(out, 1, len, dec->stream); |
|
136 SHA256_Update(&dec->sha256, out, len); |
|
137 free(out); |
|
138 //EVP_CIPHER_CTX_cleanup(&dec->ctx); |
|
139 EVP_CIPHER_CTX_free(dec->ctx); |
|
140 } |
|
141 } |
|
142 |
|
143 void aes_decrypter_close(AESDecrypter *dec) { |
|
144 free(dec); |
|
145 } |
|
146 |
|
147 |
|
148 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) { |
|
149 unsigned char *iv = malloc(16); |
|
150 if(!RAND_bytes(iv, 16)) { |
|
151 free(iv); |
|
152 return NULL; |
|
153 } |
|
154 |
|
155 AESEncrypter *enc = malloc(sizeof(AESEncrypter)); |
|
156 SHA256_Init(&enc->sha256); |
|
157 enc->stream = stream; |
|
158 enc->read = read_func; |
|
159 enc->seek = seek_func; |
|
160 enc->tmp = NULL; |
|
161 enc->tmplen = 0; |
|
162 enc->tmpoff = 0; |
|
163 enc->end = 0; |
|
164 enc->iv = iv; |
|
165 enc->ivlen = 16; |
|
166 |
|
167 //EVP_CIPHER_CTX_init(&enc->ctx); |
|
168 enc->ctx = EVP_CIPHER_CTX_new(); |
|
169 if(key->type == DAV_KEY_AES128) { |
|
170 EVP_EncryptInit_ex(enc->ctx, EVP_aes_128_cbc(), NULL, key->data, enc->iv); |
|
171 } else if(key->type == DAV_KEY_AES256) { |
|
172 EVP_EncryptInit_ex(enc->ctx, EVP_aes_256_cbc(), NULL, key->data, enc->iv); |
|
173 } else { |
|
174 fprintf(stderr, "unknown key type\n"); |
|
175 exit(-1); |
|
176 } |
|
177 return enc; |
|
178 } |
|
179 |
|
180 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) { |
|
181 size_t len = s*n; |
|
182 if(enc->tmp) { |
|
183 size_t tmp_diff = enc->tmplen - enc->tmpoff; |
|
184 size_t cp_len = tmp_diff > len ? len : tmp_diff; |
|
185 memcpy(buf, enc->tmp + enc->tmpoff, cp_len); |
|
186 enc->tmpoff += cp_len; |
|
187 if(enc->tmpoff >= enc->tmplen) { |
|
188 free(enc->tmp); |
|
189 enc->tmp = NULL; |
|
190 enc->tmplen = 0; |
|
191 enc->tmpoff = 0; |
|
192 } |
|
193 return cp_len / s; |
|
194 } |
|
195 |
|
196 if(enc->end) { |
|
197 return 0; |
|
198 } |
|
199 |
|
200 void *in = malloc(len); |
|
201 size_t in_len = enc->read(in, 1, len, enc->stream); |
|
202 |
|
203 SHA256_Update(&enc->sha256, in, in_len); |
|
204 |
|
205 unsigned char *out = NULL; |
|
206 int outlen = 0; |
|
207 size_t ivl = enc->ivlen; |
|
208 if(in_len != 0) { |
|
209 outlen = len + 32; |
|
210 out = malloc(outlen + ivl); |
|
211 if(ivl > 0) { |
|
212 memcpy(out, enc->iv, ivl); |
|
213 } |
|
214 EVP_EncryptUpdate(enc->ctx, out + ivl, &outlen, in, in_len); |
|
215 // I think we don't need this |
|
216 /* |
|
217 if(in_len != len) { |
|
218 int newoutlen = 16; |
|
219 EVP_EncryptFinal_ex(enc->ctx, out + ivl + outlen, &newoutlen); |
|
220 outlen += newoutlen; |
|
221 enc->end = 1; |
|
222 } |
|
223 */ |
|
224 } else { |
|
225 out = malloc(16); |
|
226 EVP_EncryptFinal_ex(enc->ctx, out, &outlen); |
|
227 enc->end = 1; |
|
228 } |
|
229 enc->tmp = (char*)out; |
|
230 enc->tmplen = outlen + ivl; |
|
231 enc->tmpoff = 0; |
|
232 |
|
233 if(enc->ivlen > 0) { |
|
234 enc->ivlen = 0; |
|
235 } |
|
236 |
|
237 free(in); |
|
238 |
|
239 return aes_read(buf, s, n, enc); |
|
240 } |
|
241 |
|
242 void aes_encrypter_close(AESEncrypter *enc) { |
|
243 if(enc->tmp) { |
|
244 free(enc->tmp); |
|
245 } |
|
246 if(enc->iv) { |
|
247 free(enc->iv); |
|
248 } |
|
249 //EVP_CIPHER_CTX_cleanup(&enc->ctx); |
|
250 EVP_CIPHER_CTX_free(enc->ctx); |
|
251 free(enc); |
|
252 } |
|
253 |
|
254 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) { |
|
255 if(origin != SEEK_SET || offset != 0 || !enc->seek) { |
|
256 return CURL_SEEKFUNC_CANTSEEK; |
|
257 } |
|
258 |
|
259 enc->ivlen = 16; |
|
260 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) { |
|
261 return CURL_SEEKFUNC_FAIL; |
|
262 } |
|
263 return CURL_SEEKFUNC_OK; |
|
264 } |
|
265 |
|
266 |
|
267 char* aes_encrypt(const char *in, size_t len, DavKey *key) { |
|
268 unsigned char iv[16]; |
|
269 if(!RAND_bytes(iv, 16)) { |
|
270 return NULL; |
|
271 } |
|
272 |
|
273 //EVP_CIPHER_CTX ctx; |
|
274 //EVP_CIPHER_CTX_init(&ctx); |
|
275 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
|
276 if(key->type == DAV_KEY_AES128) { |
|
277 EVP_EncryptInit_ex( |
|
278 ctx, |
|
279 EVP_aes_128_cbc(), |
|
280 NULL, |
|
281 (unsigned char*)key->data, |
|
282 iv); |
|
283 } else if(key->type == DAV_KEY_AES256) { |
|
284 EVP_EncryptInit_ex( |
|
285 ctx, |
|
286 EVP_aes_256_cbc(), |
|
287 NULL, |
|
288 (unsigned char*)key->data, |
|
289 iv); |
|
290 } else { |
|
291 //EVP_CIPHER_CTX_cleanup(&ctx); |
|
292 EVP_CIPHER_CTX_free(ctx); |
|
293 return NULL; |
|
294 } |
|
295 |
|
296 //int len = strlen(in); |
|
297 int buflen = len + 64; |
|
298 unsigned char *buf = calloc(1, buflen); |
|
299 memcpy(buf, iv, 16); |
|
300 |
|
301 int l = buflen - 16; |
|
302 EVP_EncryptUpdate(ctx, buf + 16, &l, (unsigned char*)in, len); |
|
303 |
|
304 int f = 0; |
|
305 EVP_EncryptFinal_ex(ctx, buf + 16 + l, &f); |
|
306 char *out = util_base64encode((char*)buf, 16 + l + f); |
|
307 free(buf); |
|
308 EVP_CIPHER_CTX_free(ctx); |
|
309 //EVP_CIPHER_CTX_cleanup(&ctx); |
|
310 |
|
311 return out; |
|
312 } |
|
313 |
|
314 char* aes_decrypt(const char *in, size_t *length, DavKey *key) { |
|
315 int len; |
|
316 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &len); |
|
317 |
|
318 //EVP_CIPHER_CTX ctx; |
|
319 //EVP_CIPHER_CTX_init(&ctx); |
|
320 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); |
|
321 if(key->type == DAV_KEY_AES128) { |
|
322 EVP_DecryptInit_ex( |
|
323 ctx, |
|
324 EVP_aes_128_cbc(), |
|
325 NULL, |
|
326 key->data, |
|
327 buf); |
|
328 } else if(key->type == DAV_KEY_AES256) { |
|
329 EVP_DecryptInit_ex( |
|
330 ctx, |
|
331 EVP_aes_256_cbc(), |
|
332 NULL, |
|
333 key->data, |
|
334 buf); |
|
335 } else { |
|
336 //EVP_CIPHER_CTX_cleanup(&ctx); |
|
337 EVP_CIPHER_CTX_free(ctx); |
|
338 return NULL; |
|
339 } |
|
340 |
|
341 unsigned char *out = malloc(len + 1); |
|
342 int outlen = len; |
|
343 unsigned char *in_buf = buf + 16; |
|
344 int inlen = len - 16; |
|
345 int f = 0; |
|
346 |
|
347 EVP_DecryptUpdate(ctx, out, &outlen, in_buf, inlen); |
|
348 EVP_DecryptFinal_ex(ctx, out + outlen, &f); |
|
349 out[outlen + f] = '\0'; |
|
350 free(buf); |
|
351 //EVP_CIPHER_CTX_cleanup(&ctx); |
|
352 EVP_CIPHER_CTX_free(ctx); |
|
353 |
|
354 *length = outlen + f; |
|
355 return (char*)out; |
|
356 } |
|
357 |
|
358 |
|
359 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf){ |
|
360 SHA256_Final((unsigned char*)buf, sha256); |
|
361 } |
|
362 |
|
363 char* dav_create_hash(const char *data, size_t len) { |
|
364 unsigned char hash[DAV_SHA256_DIGEST_LENGTH]; |
|
365 DAV_SHA_CTX ctx; |
|
366 SHA256_Init(&ctx); |
|
367 SHA256_Update(&ctx, data, len); |
|
368 SHA256_Final(hash, &ctx); |
|
369 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH); |
|
370 } |
|
371 |
|
372 DAV_SHA_CTX* dav_hash_init(void) { |
|
373 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX)); |
|
374 SHA256_Init(ctx); |
|
375 return ctx; |
|
376 } |
|
377 |
|
378 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) { |
|
379 SHA256_Update(ctx, data, len); |
|
380 } |
|
381 |
|
382 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) { |
|
383 SHA256_Final(buf, ctx); |
|
384 free(ctx); |
|
385 } |
|
386 |
|
387 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
|
388 static int crypto_pw2key_error = 0; |
|
389 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) { |
|
390 if(!crypto_pw2key_error) { |
|
391 fprintf(stderr, "Error: password key derivation not supported on this platform: openssl to old\n"); |
|
392 crypto_pw2key_error = 1; |
|
393 } |
|
394 return 0; |
|
395 } |
|
396 |
|
397 #else |
|
398 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) { |
|
399 if(!password) { |
|
400 return NULL; |
|
401 } |
|
402 size_t len = strlen(password); |
|
403 if(len == 0) { |
|
404 return NULL; |
|
405 } |
|
406 |
|
407 // setup key data and length |
|
408 unsigned char keydata[32]; |
|
409 int keylen = 32; |
|
410 switch(enc) { |
|
411 case DAV_KEY_AES128: keylen = 16; break; |
|
412 case DAV_KEY_AES256: keylen = 32; break; |
|
413 default: return NULL; |
|
414 } |
|
415 |
|
416 // generate key |
|
417 switch(pwfunc) { |
|
418 case DAV_PWFUNC_PBKDF2_SHA256: { |
|
419 PKCS5_PBKDF2_HMAC( |
|
420 password, |
|
421 len, |
|
422 salt, |
|
423 saltlen, |
|
424 DAV_CRYPTO_ITERATION_COUNT, |
|
425 EVP_sha256(), |
|
426 keylen, |
|
427 keydata); |
|
428 break; |
|
429 } |
|
430 case DAV_PWFUNC_PBKDF2_SHA512: { |
|
431 PKCS5_PBKDF2_HMAC( |
|
432 password, |
|
433 len, |
|
434 salt, |
|
435 saltlen, |
|
436 DAV_CRYPTO_ITERATION_COUNT, |
|
437 EVP_sha512(), |
|
438 keylen, |
|
439 keydata); |
|
440 break; |
|
441 } |
|
442 default: return NULL; |
|
443 } |
|
444 |
|
445 // create DavKey with generated data |
|
446 DavKey *key = malloc(sizeof(DavKey)); |
|
447 key->data = malloc(keylen); |
|
448 key->length = keylen; |
|
449 key->name = NULL; |
|
450 key->type = enc; |
|
451 memcpy(key->data, keydata, keylen); |
|
452 return key; |
|
453 } |
|
454 #endif |
|
455 |
|
456 #endif |
|
457 |
|
458 |
|
459 /* -------------------- Apple Crypto Functions -------------------- */ |
|
460 #ifdef DAV_CRYPTO_COMMON_CRYPTO |
|
461 |
|
462 #define RANDOM_BUFFER_LENGTH 256 |
|
463 static char randbuf[RANDOM_BUFFER_LENGTH]; |
|
464 static int rbufpos = RANDOM_BUFFER_LENGTH; |
|
465 |
|
466 int dav_rand_bytes(unsigned char *buf, size_t len) { |
|
467 if(len + rbufpos > RANDOM_BUFFER_LENGTH) { |
|
468 int devr = open("/dev/urandom", O_RDONLY); |
|
469 if(devr == -1) { |
|
470 return 1; |
|
471 } |
|
472 |
|
473 if(read(devr, randbuf, RANDOM_BUFFER_LENGTH) < RANDOM_BUFFER_LENGTH) { |
|
474 close(devr); |
|
475 return 1; |
|
476 } |
|
477 |
|
478 rbufpos = 0; |
|
479 if(len > RANDOM_BUFFER_LENGTH) { |
|
480 int err = 0; |
|
481 if(read(devr, buf, len) < len) { |
|
482 err = 1; |
|
483 } |
|
484 close(devr); |
|
485 return err; |
|
486 } |
|
487 |
|
488 close(devr); |
|
489 } |
|
490 |
|
491 char *r = randbuf; |
|
492 memcpy(buf, r + rbufpos, len); |
|
493 rbufpos += len; |
|
494 |
|
495 return 0; |
|
496 } |
|
497 |
|
498 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) { |
|
499 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter)); |
|
500 CC_SHA256_Init(&dec->sha256); |
|
501 dec->stream = stream; |
|
502 dec->write = write_func; |
|
503 dec->key = key; |
|
504 dec->init = 0; |
|
505 dec->ivpos = 0; |
|
506 |
|
507 return dec; |
|
508 } |
|
509 |
|
510 |
|
511 void aes_decrypter_init(AESDecrypter *dec) { |
|
512 //EVP_CIPHER_CTX_init(&dec->ctx); |
|
513 dec->init = 1; |
|
514 |
|
515 CCCryptorRef cryptor; |
|
516 CCCryptorStatus status; |
|
517 if(dec->key->type == DAV_KEY_AES128) { |
|
518 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor); |
|
519 } else if(dec->key->type == DAV_KEY_AES256) { |
|
520 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor); |
|
521 } else { |
|
522 fprintf(stderr, "unknown key type\n"); |
|
523 exit(-1); |
|
524 } |
|
525 dec->ctx = cryptor; |
|
526 } |
|
527 |
|
528 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) { |
|
529 int len = s*n; |
|
530 if(!dec->init) { |
|
531 size_t n = 16 - dec->ivpos; |
|
532 size_t cp = n > len ? len : n; |
|
533 memcpy(dec->ivtmp + dec->ivpos, buf, cp); |
|
534 dec->ivpos += cp; |
|
535 if(dec->ivpos >= 16) { |
|
536 aes_decrypter_init(dec); |
|
537 } |
|
538 if(len == cp) { |
|
539 return len; |
|
540 } else { |
|
541 buf = (char*)buf + cp; |
|
542 len -= cp; |
|
543 } |
|
544 } |
|
545 |
|
546 int outlen = len + 16; |
|
547 unsigned char *out = malloc(outlen); |
|
548 |
|
549 CCCryptorStatus status; |
|
550 size_t avail = outlen; |
|
551 size_t moved = 0; |
|
552 status = CCCryptorUpdate(dec->ctx, buf, len, out, avail, &moved); |
|
553 |
|
554 ssize_t wlen = dec->write(out, 1, moved, dec->stream); |
|
555 CC_SHA256_Update(&dec->sha256, out, wlen); |
|
556 free(out); |
|
557 return (s*n) / s; |
|
558 } |
|
559 |
|
560 void aes_decrypter_shutdown(AESDecrypter *dec) { |
|
561 if(dec->init) { |
|
562 void *out = malloc(128); |
|
563 size_t len = 0; |
|
564 //EVP_DecryptFinal_ex(dec->ctx, out, &len); |
|
565 CCCryptorFinal(dec->ctx, out, 128, &len); |
|
566 |
|
567 |
|
568 dec->write(out, 1, len, dec->stream); |
|
569 CC_SHA256_Update(&dec->sha256, out, len); |
|
570 free(out); |
|
571 //EVP_CIPHER_CTX_cleanup(&dec->ctx); |
|
572 //EVP_CIPHER_CTX_free(dec->ctx); |
|
573 } |
|
574 } |
|
575 |
|
576 void aes_decrypter_close(AESDecrypter *dec) { |
|
577 |
|
578 } |
|
579 |
|
580 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) { |
|
581 unsigned char *iv = malloc(16); |
|
582 if(dav_rand_bytes(iv, 16)) { |
|
583 return NULL; |
|
584 } |
|
585 |
|
586 CCCryptorRef cryptor; |
|
587 CCCryptorStatus status; |
|
588 if(key->type == DAV_KEY_AES128) { |
|
589 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor); |
|
590 } else if(key->type == DAV_KEY_AES256) { |
|
591 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor); |
|
592 } else { |
|
593 free(iv); |
|
594 return NULL; |
|
595 } |
|
596 |
|
597 AESEncrypter *enc = malloc(sizeof(AESEncrypter)); |
|
598 enc->ctx = cryptor; |
|
599 CC_SHA256_Init(&enc->sha256); |
|
600 enc->stream = stream; |
|
601 enc->read = read_func; |
|
602 enc->seek = seek_func; |
|
603 enc->tmp = NULL; |
|
604 enc->tmplen = 0; |
|
605 enc->tmpoff = 0; |
|
606 enc->end = 0; |
|
607 enc->iv = iv; |
|
608 enc->ivlen = 16; |
|
609 |
|
610 return enc; |
|
611 } |
|
612 |
|
613 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) { |
|
614 size_t len = s*n; |
|
615 if(enc->tmp) { |
|
616 size_t tmp_diff = enc->tmplen - enc->tmpoff; |
|
617 size_t cp_len = tmp_diff > len ? len : tmp_diff; |
|
618 memcpy(buf, enc->tmp + enc->tmpoff, cp_len); |
|
619 enc->tmpoff += cp_len; |
|
620 if(enc->tmpoff >= enc->tmplen) { |
|
621 free(enc->tmp); |
|
622 enc->tmp = NULL; |
|
623 enc->tmplen = 0; |
|
624 enc->tmpoff = 0; |
|
625 } |
|
626 return cp_len / s; |
|
627 } |
|
628 |
|
629 if(enc->end) { |
|
630 return 0; |
|
631 } |
|
632 |
|
633 void *in = malloc(len); |
|
634 size_t in_len = enc->read(in, 1, len, enc->stream); |
|
635 |
|
636 CC_SHA256_Update(&enc->sha256, in, in_len); |
|
637 |
|
638 unsigned char *out = NULL; |
|
639 size_t outlen = 0; |
|
640 size_t ivl = enc->ivlen; |
|
641 if(in_len != 0) { |
|
642 outlen = len + 32; |
|
643 out = malloc(outlen + ivl); |
|
644 if(ivl > 0) { |
|
645 memcpy(out, enc->iv, ivl); |
|
646 } |
|
647 |
|
648 CCCryptorStatus status; |
|
649 size_t avail = outlen; |
|
650 status = CCCryptorUpdate(enc->ctx, in, in_len, out + ivl, avail, &outlen); |
|
651 // TODO: check if this still works |
|
652 /* |
|
653 if(in_len != len) { |
|
654 size_t newoutlen = 16; |
|
655 status = CCCryptorFinal(enc->ctx, out + ivl + outlen, 16, &newoutlen); |
|
656 outlen += newoutlen; |
|
657 enc->end = 1; |
|
658 } |
|
659 */ |
|
660 } else { |
|
661 out = malloc(32); |
|
662 CCCryptorStatus status; |
|
663 size_t avail = outlen; |
|
664 status = CCCryptorFinal(enc->ctx, out, 32, &outlen); |
|
665 enc->end = 1; |
|
666 } |
|
667 enc->tmp = (char*)out; |
|
668 enc->tmplen = outlen + ivl; |
|
669 enc->tmpoff = 0; |
|
670 |
|
671 if(enc->ivlen > 0) { |
|
672 enc->ivlen = 0; |
|
673 } |
|
674 |
|
675 free(in); |
|
676 |
|
677 return aes_read(buf, s, n, enc); |
|
678 } |
|
679 |
|
680 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) { |
|
681 if(origin != SEEK_SET || offset != 0 || !enc->seek) { |
|
682 return CURL_SEEKFUNC_CANTSEEK; |
|
683 } |
|
684 |
|
685 enc->ivlen = 16; |
|
686 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) { |
|
687 return CURL_SEEKFUNC_FAIL; |
|
688 } |
|
689 return CURL_SEEKFUNC_OK; |
|
690 } |
|
691 |
|
692 void aes_encrypter_close(AESEncrypter *enc) { |
|
693 if(enc->tmp) { |
|
694 free(enc->tmp); |
|
695 } |
|
696 if(enc->iv) { |
|
697 free(enc->iv); |
|
698 } |
|
699 // TODO: cleanup cryptor |
|
700 free(enc); |
|
701 } |
|
702 |
|
703 char* aes_encrypt(const char *in, size_t len, DavKey *key) { |
|
704 unsigned char iv[16]; |
|
705 if(dav_rand_bytes(iv, 16)) { |
|
706 return NULL; |
|
707 } |
|
708 |
|
709 CCCryptorRef cryptor; |
|
710 CCCryptorStatus status; |
|
711 if(key->type == DAV_KEY_AES128) { |
|
712 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor); |
|
713 } else if(key->type == DAV_KEY_AES256) { |
|
714 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor); |
|
715 } else { |
|
716 return NULL; |
|
717 } |
|
718 |
|
719 if(status != kCCSuccess) { |
|
720 return NULL; |
|
721 } |
|
722 |
|
723 int buflen = len + 64; |
|
724 char *buf = calloc(1, buflen); |
|
725 memcpy(buf, iv, 16); |
|
726 |
|
727 int pos = 16; |
|
728 size_t avail = buflen - 16; |
|
729 size_t moved; |
|
730 char *out = buf + 16; |
|
731 |
|
732 status = CCCryptorUpdate(cryptor, in, |
|
733 len, out, avail, |
|
734 &moved); |
|
735 if(status != kCCSuccess) { |
|
736 free(buf); |
|
737 return NULL; |
|
738 } |
|
739 |
|
740 pos += moved; |
|
741 avail -= moved; |
|
742 out += moved; |
|
743 |
|
744 status = CCCryptorFinal(cryptor, out, avail, &moved); |
|
745 if(status != kCCSuccess) { |
|
746 free(buf); |
|
747 return NULL; |
|
748 } |
|
749 |
|
750 pos += moved; |
|
751 |
|
752 char *b64enc = util_base64encode(buf, pos); |
|
753 free(buf); |
|
754 |
|
755 return b64enc; |
|
756 } |
|
757 |
|
758 char* aes_decrypt(const char *in, size_t *len, DavKey *key) { |
|
759 int inlen; |
|
760 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &inlen); |
|
761 |
|
762 CCCryptorRef cryptor; |
|
763 CCCryptorStatus status; |
|
764 if(key->type == DAV_KEY_AES128) { |
|
765 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor); |
|
766 } else if(key->type == DAV_KEY_AES256) { |
|
767 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor); |
|
768 } else { |
|
769 free(buf); |
|
770 return NULL; |
|
771 } |
|
772 |
|
773 if(status != kCCSuccess) { |
|
774 free(buf); |
|
775 return NULL; |
|
776 } |
|
777 |
|
778 char *out = malloc(inlen + 1); |
|
779 size_t outavail = inlen; |
|
780 size_t outlen = 0; |
|
781 |
|
782 unsigned char *inbuf = buf + 16; |
|
783 inlen -= 16; |
|
784 |
|
785 size_t moved = 0; |
|
786 status = CCCryptorUpdate(cryptor, inbuf, inlen, out, outavail, &moved); |
|
787 if(status != kCCSuccess) { |
|
788 free(buf); |
|
789 free(out); |
|
790 // TODO cryptor |
|
791 return NULL; |
|
792 } |
|
793 |
|
794 outlen += moved; |
|
795 outavail -= moved; |
|
796 |
|
797 status = CCCryptorFinal(cryptor, out + outlen, outavail, &moved); |
|
798 if(status != kCCSuccess) { |
|
799 free(buf); |
|
800 free(out); |
|
801 // TODO cryptor |
|
802 return NULL; |
|
803 } |
|
804 |
|
805 outlen += moved; |
|
806 out[outlen] = 0; |
|
807 |
|
808 *len = outlen; |
|
809 return out; |
|
810 } |
|
811 |
|
812 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf) { |
|
813 CC_SHA256_Final(buf, sha256); |
|
814 } |
|
815 |
|
816 char* dav_create_hash(const char *data, size_t len) { |
|
817 unsigned char hash[DAV_SHA256_DIGEST_LENGTH]; |
|
818 CC_SHA256((const unsigned char*)data, len, hash); |
|
819 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH); |
|
820 } |
|
821 |
|
822 DAV_SHA_CTX* dav_hash_init(void) { |
|
823 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX)); |
|
824 CC_SHA256_Init(ctx); |
|
825 return ctx; |
|
826 } |
|
827 |
|
828 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) { |
|
829 CC_SHA256_Update(ctx, data, len); |
|
830 } |
|
831 |
|
832 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) { |
|
833 CC_SHA256_Final(buf, ctx); |
|
834 free(ctx); |
|
835 } |
|
836 |
|
837 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) { |
|
838 if(!password) { |
|
839 return NULL; |
|
840 } |
|
841 size_t len = strlen(password); |
|
842 if(len == 0) { |
|
843 return NULL; |
|
844 } |
|
845 |
|
846 // setup key data and length |
|
847 unsigned char keydata[32]; |
|
848 int keylen = 32; |
|
849 switch(enc) { |
|
850 case DAV_KEY_AES128: keylen = 16; break; |
|
851 case DAV_KEY_AES256: keylen = 32; break; |
|
852 default: return NULL; |
|
853 } |
|
854 |
|
855 // generate key |
|
856 switch(pwfunc) { |
|
857 case DAV_PWFUNC_PBKDF2_SHA256: { |
|
858 int result = CCKeyDerivationPBKDF( |
|
859 kCCPBKDF2, |
|
860 password, |
|
861 len, |
|
862 salt, |
|
863 saltlen, |
|
864 kCCPRFHmacAlgSHA256, |
|
865 DAV_CRYPTO_ITERATION_COUNT, |
|
866 keydata, |
|
867 keylen); |
|
868 if(result) { |
|
869 return NULL; |
|
870 } |
|
871 break; |
|
872 } |
|
873 case DAV_PWFUNC_PBKDF2_SHA512: { |
|
874 int result = CCKeyDerivationPBKDF( |
|
875 kCCPBKDF2, |
|
876 password, |
|
877 len, |
|
878 salt, |
|
879 saltlen, |
|
880 kCCPRFHmacAlgSHA512, |
|
881 DAV_CRYPTO_ITERATION_COUNT, |
|
882 keydata, |
|
883 keylen); |
|
884 if(result) { |
|
885 return NULL; |
|
886 } |
|
887 break; |
|
888 } |
|
889 default: return NULL; |
|
890 } |
|
891 |
|
892 // create DavKey with generated data |
|
893 DavKey *key = malloc(sizeof(DavKey)); |
|
894 key->data = malloc(keylen); |
|
895 key->length = keylen; |
|
896 key->name = NULL; |
|
897 key->type = enc; |
|
898 memcpy(key->data, keydata, keylen); |
|
899 return key; |
|
900 } |
|
901 |
|
902 #endif |
|
903 |
|
904 /* -------------------- Windows Crypto Functions -------------------- */ |
|
905 #ifdef DAV_CRYPTO_CNG |
|
906 |
|
907 static void cng_cleanup(BCRYPT_ALG_HANDLE hAesAlg, BCRYPT_KEY_HANDLE hKey, BCRYPT_HASH_HANDLE hHash, void *pbObject) { |
|
908 if(hAesAlg) { |
|
909 BCryptCloseAlgorithmProvider(hAesAlg,0); |
|
910 } |
|
911 if(hKey) { |
|
912 BCryptDestroyKey(hKey); |
|
913 } |
|
914 if(hHash) { |
|
915 BCryptDestroyHash(hHash); |
|
916 } |
|
917 if(pbObject) { |
|
918 free(pbObject); |
|
919 } |
|
920 } |
|
921 |
|
922 static int cng_init_key(BCRYPT_ALG_HANDLE *alg, BCRYPT_KEY_HANDLE *key, void **keyobj, DavKey *aesKey) { |
|
923 BCRYPT_ALG_HANDLE hAesAlg = NULL; |
|
924 BCRYPT_KEY_HANDLE hKey = NULL; |
|
925 |
|
926 void *pbKeyObject = NULL; |
|
927 ULONG keyObjectLength = 0; |
|
928 |
|
929 ULONG result = 0; |
|
930 |
|
931 // check DavKey and get AES key length |
|
932 if(!aesKey) { |
|
933 return 1; |
|
934 } |
|
935 |
|
936 ULONG aesKeyLength = 0; |
|
937 if(aesKey->type == DAV_KEY_AES128) { |
|
938 aesKeyLength = 16; |
|
939 } else if(aesKey->type == DAV_KEY_AES256) { |
|
940 aesKeyLength = 32; |
|
941 } |
|
942 if(aesKeyLength > aesKey->length || !aesKey->data) { |
|
943 // invalid DavKey |
|
944 return 1; |
|
945 } |
|
946 |
|
947 // initialize BCrypt stuff |
|
948 if(BCryptOpenAlgorithmProvider(&hAesAlg, BCRYPT_AES_ALGORITHM, NULL, 0)) { |
|
949 fprintf(stderr, "Error: BCryptOpenAlgorithmProvider failed\n"); |
|
950 return 1; |
|
951 } |
|
952 |
|
953 if(BCryptGetProperty(hAesAlg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&keyObjectLength, sizeof(DWORD), &result, 0)) { |
|
954 fprintf(stderr, "Error: BCrypt: Cannot get BCRYPT_OBJECT_LENGTH\n"); |
|
955 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject); |
|
956 return 1; |
|
957 } |
|
958 |
|
959 if(BCryptSetProperty(hAesAlg, BCRYPT_CHAINING_MODE, (PBYTE)BCRYPT_CHAIN_MODE_CBC, sizeof(BCRYPT_CHAIN_MODE_CBC), 0)) { |
|
960 fprintf(stderr, "Error: BCrypt: Cannot set CBC mode\n"); |
|
961 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject); |
|
962 return 1; |
|
963 } |
|
964 |
|
965 pbKeyObject = calloc(1, keyObjectLength); |
|
966 if(!pbKeyObject) { |
|
967 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject); |
|
968 return 1; |
|
969 } |
|
970 |
|
971 // init key |
|
972 if(BCryptGenerateSymmetricKey(hAesAlg, &hKey, pbKeyObject, keyObjectLength, aesKey->data, aesKeyLength, 0)) { |
|
973 fprintf(stderr, "Error: BCrypt: Cannot set key\n"); |
|
974 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject); |
|
975 return 1; |
|
976 } |
|
977 |
|
978 *alg = hAesAlg; |
|
979 *key = hKey; |
|
980 *keyobj = pbKeyObject; |
|
981 |
|
982 return 0; |
|
983 } |
|
984 |
|
985 static int cng_hash_init(WinBCryptSHACTX *ctx) { |
|
986 if(BCryptOpenAlgorithmProvider(&ctx->hAlg, BCRYPT_SHA256_ALGORITHM, NULL, 0)) { |
|
987 fprintf(stderr, "Error: BCryptOpenAlgorithmProvider failed\n"); |
|
988 return 1; |
|
989 } |
|
990 |
|
991 ULONG hashObjectLen; |
|
992 ULONG result; |
|
993 if(BCryptGetProperty(ctx->hAlg, BCRYPT_OBJECT_LENGTH, (PBYTE)&hashObjectLen, sizeof(DWORD), &result, 0)) { |
|
994 cng_cleanup(ctx->hAlg, NULL, NULL, NULL); |
|
995 return 1; |
|
996 } |
|
997 |
|
998 ctx->pbHashObject = calloc(1, hashObjectLen); |
|
999 |
|
1000 if(BCryptCreateHash(ctx->hAlg, &ctx->hHash, ctx->pbHashObject, hashObjectLen, NULL, 0, 0)) { |
|
1001 cng_cleanup(ctx->hAlg, NULL, ctx->hHash, ctx->pbHashObject); |
|
1002 return 1; |
|
1003 } |
|
1004 |
|
1005 return 0; |
|
1006 } |
|
1007 |
|
1008 |
|
1009 int dav_rand_bytes(unsigned char *buf, size_t len) { |
|
1010 if(BCryptGenRandom(NULL, (unsigned char*)buf, (ULONG)len, BCRYPT_USE_SYSTEM_PREFERRED_RNG)) { |
|
1011 return 1; |
|
1012 } |
|
1013 return 0; |
|
1014 } |
|
1015 |
|
1016 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) { |
|
1017 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter)); |
|
1018 if(!dec) { |
|
1019 return NULL; |
|
1020 } |
|
1021 if(cng_hash_init(&dec->sha256)) { |
|
1022 free(dec); |
|
1023 return NULL; |
|
1024 } |
|
1025 |
|
1026 dec->stream = stream; |
|
1027 dec->write = write_func; |
|
1028 dec->key = key; |
|
1029 dec->init = 0; |
|
1030 dec->ivpos = 0; |
|
1031 |
|
1032 return dec; |
|
1033 } |
|
1034 |
|
1035 static void aes_decrypter_init(AESDecrypter *dec) { |
|
1036 if(cng_init_key(&dec->ctx.hAlg, &dec->ctx.hKey, &dec->ctx.pbKeyObject, dec->key)) { |
|
1037 fprintf(stderr, "Error: cng_init_key failed\n"); |
|
1038 exit(-1); |
|
1039 } |
|
1040 // copy iv |
|
1041 memcpy(dec->ctx.pbIV, dec->ivtmp, 16); |
|
1042 } |
|
1043 |
|
1044 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) { |
|
1045 int len = s*n; |
|
1046 if(!dec->init) { |
|
1047 dec->init = 1; |
|
1048 |
|
1049 size_t n = 16 - dec->ivpos; |
|
1050 size_t cp = n > len ? len : n; |
|
1051 memcpy(dec->ivtmp + dec->ivpos, buf, cp); |
|
1052 dec->ivpos += cp; |
|
1053 if(dec->ivpos >= 16) { |
|
1054 aes_decrypter_init(dec); |
|
1055 } |
|
1056 if(len == cp) { |
|
1057 return len; |
|
1058 } else { |
|
1059 buf = (char*)buf + cp; |
|
1060 len -= cp; |
|
1061 } |
|
1062 } |
|
1063 |
|
1064 // the cipher text must be a multiply of 16 |
|
1065 // remaining bytes are stored in ctx.buf and must be added to cibuf |
|
1066 // the next time |
|
1067 size_t cbufalloc = len + 64; |
|
1068 ULONG clen = 0; |
|
1069 char *cbuf = malloc(cbufalloc); |
|
1070 |
|
1071 // add previous remaining bytes |
|
1072 if(dec->ctx.buflen > 0) { |
|
1073 memcpy(cbuf, dec->ctx.buf, dec->ctx.buflen); |
|
1074 clen = dec->ctx.buflen; |
|
1075 } |
|
1076 // add current bytes |
|
1077 memcpy(cbuf + clen, buf, len); |
|
1078 clen += len; |
|
1079 |
|
1080 // check if the message fits the blocksize |
|
1081 int remaining = clen % 16; |
|
1082 if(remaining == 0) { |
|
1083 // decrypt last block next time, or in aes_decrypter_shutdown |
|
1084 // this makes sure, that shutdown always decrypts the last block |
|
1085 // with BCRYPT_BLOCK_PADDING flag |
|
1086 remaining = 16; |
|
1087 } |
|
1088 |
|
1089 // add remaining bytes to ctx.buf for the next aes_write run |
|
1090 clen -= remaining; |
|
1091 memcpy(dec->ctx.buf, cbuf + clen, remaining); |
|
1092 dec->ctx.buflen = remaining; |
|
1093 |
|
1094 // ready to decrypt the message |
|
1095 ULONG outlen = clen + 32; |
|
1096 |
|
1097 // decrypt |
|
1098 if(clen > 0) { |
|
1099 unsigned char* out = malloc(outlen); |
|
1100 |
|
1101 ULONG enc_len = 0; |
|
1102 ULONG status = BCryptDecrypt(dec->ctx.hKey, cbuf, clen, NULL, dec->ctx.pbIV, 16, out, outlen, &enc_len, 0); |
|
1103 if(status > 0) { |
|
1104 fprintf(stderr, "Error: BCryptDecrypt failed: 0x%X\n", status); |
|
1105 free(out); |
|
1106 free(cbuf); |
|
1107 return 0; |
|
1108 } |
|
1109 outlen = enc_len; |
|
1110 |
|
1111 // write decrypted data to the output stream and update the hash |
|
1112 dec->write(out, 1, outlen, dec->stream); |
|
1113 BCryptHashData(dec->sha256.hHash, out, outlen, 0); |
|
1114 |
|
1115 free(out); |
|
1116 } |
|
1117 |
|
1118 free(cbuf); |
|
1119 |
|
1120 return (s*n) / s; |
|
1121 } |
|
1122 |
|
1123 void aes_decrypter_shutdown(AESDecrypter *dec) { |
|
1124 if(dec->init && dec->ctx.buflen > 0) { |
|
1125 ULONG outlen = 64; |
|
1126 char out[64]; |
|
1127 if(BCryptDecrypt(dec->ctx.hKey, dec->ctx.buf, dec->ctx.buflen, NULL, dec->ctx.pbIV, 16, out, outlen, &outlen, BCRYPT_BLOCK_PADDING)) { |
|
1128 fprintf(stderr, "Error: BCryptDecrypt failed\n"); |
|
1129 return; |
|
1130 } |
|
1131 dec->write(out, 1, outlen, dec->stream); |
|
1132 BCryptHashData(dec->sha256.hHash, out, outlen, 0); |
|
1133 } |
|
1134 } |
|
1135 |
|
1136 void aes_decrypter_close(AESDecrypter *dec) { |
|
1137 cng_cleanup(dec->ctx.hAlg, dec->ctx.hKey, NULL, dec->ctx.pbKeyObject); |
|
1138 cng_cleanup(dec->sha256.hAlg, NULL, dec->sha256.hHash, dec->sha256.pbHashObject); |
|
1139 free(dec); |
|
1140 } |
|
1141 |
|
1142 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) { |
|
1143 unsigned char *iv = malloc(16); |
|
1144 if(dav_rand_bytes(iv, 16)) { |
|
1145 free(iv); |
|
1146 return NULL; |
|
1147 } |
|
1148 |
|
1149 AESEncrypter *enc = calloc(1, sizeof(AESEncrypter)); |
|
1150 if(cng_hash_init(&enc->sha256)) { |
|
1151 free(iv); |
|
1152 free(enc); |
|
1153 return NULL; |
|
1154 } |
|
1155 |
|
1156 enc->stream = stream; |
|
1157 enc->read = read_func; |
|
1158 enc->seek = seek_func; |
|
1159 enc->tmp = NULL; |
|
1160 enc->tmplen = 0; |
|
1161 enc->tmpoff = 0; |
|
1162 enc->end = 0; |
|
1163 enc->iv = iv; |
|
1164 enc->ivlen = 0; |
|
1165 |
|
1166 if(cng_init_key(&enc->ctx.hAlg, &enc->ctx.hKey, &enc->ctx.pbKeyObject, key)) { |
|
1167 fprintf(stderr, "Error: cng_init_key failed\n"); |
|
1168 exit(-1); |
|
1169 } |
|
1170 |
|
1171 enc->ctx.buflen = 0; |
|
1172 memcpy(enc->ctx.pbIV, iv, 16); |
|
1173 |
|
1174 return enc; |
|
1175 } |
|
1176 |
|
1177 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) { |
|
1178 size_t len = s*n; |
|
1179 size_t nread = 0; |
|
1180 |
|
1181 if(enc->tmp) { |
|
1182 // the temp buffer contains bytes that are already encrypted, but |
|
1183 // the last aes_read had not enough read buffer space |
|
1184 |
|
1185 // in case we have a tmp buf, we just return this |
|
1186 size_t tmp_diff = enc->tmplen - enc->tmpoff; |
|
1187 size_t cp_len = tmp_diff > len ? len : tmp_diff; |
|
1188 memcpy(buf, enc->tmp + enc->tmpoff, cp_len); |
|
1189 enc->tmpoff += cp_len; |
|
1190 if(enc->tmpoff >= enc->tmplen) { |
|
1191 free(enc->tmp); |
|
1192 enc->tmp = NULL; |
|
1193 enc->tmplen = 0; |
|
1194 enc->tmpoff = 0; |
|
1195 } |
|
1196 return cp_len / s; |
|
1197 } |
|
1198 |
|
1199 if(enc->ivlen < 16) { |
|
1200 size_t copy_iv_len = 16 - enc->ivlen; |
|
1201 copy_iv_len = len > copy_iv_len ? copy_iv_len : len; |
|
1202 |
|
1203 memcpy(buf, enc->iv, copy_iv_len); |
|
1204 (char*)buf += copy_iv_len; |
|
1205 len -= copy_iv_len; |
|
1206 nread = copy_iv_len; |
|
1207 |
|
1208 enc->ivlen += copy_iv_len; |
|
1209 |
|
1210 if(len == 0) { |
|
1211 return copy_iv_len / s; |
|
1212 } |
|
1213 } |
|
1214 |
|
1215 if(enc->end) { |
|
1216 return 0; |
|
1217 } |
|
1218 |
|
1219 size_t remaining = len % 16; |
|
1220 len -= remaining; |
|
1221 |
|
1222 if(len > 256) { |
|
1223 len -= 16; // optimization for avoiding tmp buffer usage |
|
1224 } |
|
1225 |
|
1226 size_t inalloc = len; |
|
1227 ULONG inlen = 0; |
|
1228 unsigned char *in = malloc(inalloc); |
|
1229 |
|
1230 // fill the input buffer |
|
1231 while(inlen < inalloc) { |
|
1232 size_t r = enc->read(in + inlen, 1, inalloc - inlen, enc->stream); |
|
1233 if(r == 0) { |
|
1234 enc->end = 1; |
|
1235 break; |
|
1236 } |
|
1237 inlen += r; |
|
1238 } |
|
1239 |
|
1240 if(inlen == 0) { |
|
1241 return nread / s; |
|
1242 } |
|
1243 |
|
1244 // hash read data |
|
1245 BCryptHashData(enc->sha256.hHash, in, inlen, 0); |
|
1246 |
|
1247 // create output buffer |
|
1248 ULONG outalloc = inlen + 16; |
|
1249 ULONG outlen = 0; |
|
1250 char *out = malloc(outalloc); |
|
1251 |
|
1252 // encrypt |
|
1253 int flags = 0; |
|
1254 if(inlen % 16 != 0) { |
|
1255 enc->end = 1; |
|
1256 } |
|
1257 if(enc->end) { |
|
1258 flags = BCRYPT_BLOCK_PADDING; |
|
1259 } |
|
1260 if(BCryptEncrypt(enc->ctx.hKey, in, inlen, NULL, enc->ctx.pbIV, 16, out, outalloc, &outlen, flags)) { |
|
1261 fprintf(stderr, "Error: BCryptEncrypt failed\n"); |
|
1262 } |
|
1263 |
|
1264 // check if the output fits in buf, if not, save the remaining bytes in tmp |
|
1265 if(outlen > len) { |
|
1266 size_t tmplen = outlen - len; |
|
1267 char *tmp = malloc(tmplen); |
|
1268 memcpy(tmp, out+len, tmplen); |
|
1269 |
|
1270 enc->tmp = tmp; |
|
1271 enc->tmplen = tmplen; |
|
1272 enc->tmpoff = 0; |
|
1273 |
|
1274 outlen = len; |
|
1275 } |
|
1276 |
|
1277 // fill read buffer and return |
|
1278 memcpy(buf, out, outlen); |
|
1279 nread += outlen; |
|
1280 |
|
1281 free(in); |
|
1282 free(out); |
|
1283 |
|
1284 return nread / s; |
|
1285 } |
|
1286 |
|
1287 void aes_encrypter_close(AESEncrypter *enc) { |
|
1288 enc->end = 1; |
|
1289 } |
|
1290 |
|
1291 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) { |
|
1292 if(origin != SEEK_SET || offset != 0 || !enc->seek) { |
|
1293 return CURL_SEEKFUNC_CANTSEEK; |
|
1294 } |
|
1295 |
|
1296 enc->ivlen = 0; |
|
1297 memcpy(enc->ctx.pbIV, enc->iv, 16); |
|
1298 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) { |
|
1299 return CURL_SEEKFUNC_FAIL; |
|
1300 } |
|
1301 return CURL_SEEKFUNC_OK; |
|
1302 } |
|
1303 |
|
1304 char* aes_encrypt(const char *in, size_t len, DavKey *key) { |
|
1305 // create random IV |
|
1306 char iv[16]; |
|
1307 if(dav_rand_bytes(iv, 16)) { |
|
1308 return NULL; |
|
1309 } |
|
1310 |
|
1311 // initialize bcrypt stuff |
|
1312 BCRYPT_ALG_HANDLE hAlg = NULL; |
|
1313 BCRYPT_KEY_HANDLE hKey = NULL; |
|
1314 void *pbKeyObject = NULL; |
|
1315 if(cng_init_key(&hAlg, &hKey, &pbKeyObject, key)) { |
|
1316 return NULL; |
|
1317 } |
|
1318 |
|
1319 // create output buffer |
|
1320 ULONG outlen = len + 128; |
|
1321 char *out = malloc(outlen); |
|
1322 |
|
1323 // the output must start with the IV |
|
1324 memcpy(out, iv, 16); |
|
1325 char *encbuf = out + 16; |
|
1326 ULONG enclen = outlen - 16; |
|
1327 ULONG encoutlen = 0; |
|
1328 |
|
1329 // encrypt |
|
1330 if(BCryptEncrypt(hKey, (PUCHAR)in, len, NULL, (PUCHAR)iv, 16, encbuf, enclen, &encoutlen, BCRYPT_BLOCK_PADDING)) { |
|
1331 fprintf(stderr, "Error: BCryptEncrypt failed\n"); |
|
1332 cng_cleanup(hAlg, hKey, NULL, pbKeyObject); |
|
1333 free(out); |
|
1334 return NULL; |
|
1335 } |
|
1336 |
|
1337 outlen = encoutlen + 16; // length of encrypted data + 16 bytes IV |
|
1338 |
|
1339 // base64 encode |
|
1340 char *outstr = util_base64encode(out, outlen); |
|
1341 |
|
1342 cng_cleanup(hAlg, hKey, NULL, pbKeyObject); |
|
1343 free(out); |
|
1344 |
|
1345 return outstr; |
|
1346 } |
|
1347 |
|
1348 char* aes_decrypt(const char *in, size_t *len, DavKey *key) { |
|
1349 BCRYPT_ALG_HANDLE hAlg = NULL; |
|
1350 BCRYPT_KEY_HANDLE hKey = NULL; |
|
1351 void *pbKeyObject = NULL; |
|
1352 if(cng_init_key(&hAlg, &hKey, &pbKeyObject, key)) { |
|
1353 return NULL; |
|
1354 } |
|
1355 |
|
1356 int inlen; |
|
1357 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &inlen); |
|
1358 if(inlen < 16 || !buf) { |
|
1359 cng_cleanup(hAlg, hKey, NULL, pbKeyObject); |
|
1360 if(buf) { |
|
1361 free(buf); |
|
1362 } |
|
1363 return NULL; |
|
1364 } |
|
1365 |
|
1366 // encrypted data starts with IV |
|
1367 char iv[16]; |
|
1368 memcpy(iv, buf, 16); |
|
1369 |
|
1370 // decrypt data |
|
1371 char *data = buf + 16; // encrypted data starts after IV |
|
1372 size_t datalen = inlen - 16; |
|
1373 |
|
1374 // create output buffer |
|
1375 ULONG outlen = inlen; |
|
1376 char *out = malloc(outlen + 1); |
|
1377 |
|
1378 // decrypt |
|
1379 if(BCryptDecrypt(hKey, data, datalen, NULL, iv, 16, out, outlen, &outlen, BCRYPT_BLOCK_PADDING)) { |
|
1380 cng_cleanup(hAlg, hKey, NULL, pbKeyObject); |
|
1381 free(out); |
|
1382 free(buf); |
|
1383 return NULL; |
|
1384 } |
|
1385 |
|
1386 // decrypt finished, return |
|
1387 out[outlen] = 0; |
|
1388 *len = (size_t)outlen; |
|
1389 return out; |
|
1390 } |
|
1391 |
|
1392 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf) { |
|
1393 BCryptFinishHash(sha256->hHash, buf, DAV_SHA256_DIGEST_LENGTH, 0); |
|
1394 } |
|
1395 |
|
1396 |
|
1397 char* dav_create_hash(const char *data, size_t len) { |
|
1398 unsigned char hash[DAV_SHA256_DIGEST_LENGTH]; |
|
1399 DAV_SHA_CTX *ctx = dav_hash_init(); |
|
1400 if(ctx) { |
|
1401 dav_hash_update(ctx, data, len); |
|
1402 dav_hash_final(ctx, hash); |
|
1403 } |
|
1404 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH); |
|
1405 } |
|
1406 |
|
1407 DAV_SHA_CTX* dav_hash_init(void) { |
|
1408 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX)); |
|
1409 if(!ctx) { |
|
1410 return NULL; |
|
1411 } |
|
1412 if(cng_hash_init(ctx)) { |
|
1413 free(ctx); |
|
1414 return NULL; |
|
1415 } |
|
1416 return ctx; |
|
1417 } |
|
1418 |
|
1419 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) { |
|
1420 BCryptHashData(ctx->hHash, (PUCHAR)data, len, 0); |
|
1421 } |
|
1422 |
|
1423 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) { |
|
1424 BCryptFinishHash(ctx->hHash, (PUCHAR)buf, DAV_SHA256_DIGEST_LENGTH, 0); |
|
1425 |
|
1426 // cleanup |
|
1427 cng_cleanup(ctx->hAlg, NULL, ctx->hHash, ctx->pbHashObject); |
|
1428 free(ctx); |
|
1429 } |
|
1430 |
|
1431 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) { |
|
1432 if(!password) { |
|
1433 return NULL; |
|
1434 } |
|
1435 size_t len = strlen(password); |
|
1436 if(len == 0) { |
|
1437 return NULL; |
|
1438 } |
|
1439 |
|
1440 // setup key data and length |
|
1441 unsigned char keydata[128]; |
|
1442 int keylen = 32; |
|
1443 switch(enc) { |
|
1444 case DAV_KEY_AES128: keylen = 16; break; |
|
1445 case DAV_KEY_AES256: keylen = 32; break; |
|
1446 default: return NULL; |
|
1447 } |
|
1448 |
|
1449 LPCWSTR algid; |
|
1450 switch(pwfunc) { |
|
1451 case DAV_PWFUNC_PBKDF2_SHA256: algid = BCRYPT_SHA256_ALGORITHM; break; |
|
1452 case DAV_PWFUNC_PBKDF2_SHA512: algid = BCRYPT_SHA512_ALGORITHM; break; |
|
1453 default: return NULL; |
|
1454 } |
|
1455 |
|
1456 // open algorithm provider |
|
1457 BCRYPT_ALG_HANDLE hAlg; |
|
1458 ULONG status = BCryptOpenAlgorithmProvider(&hAlg, algid, NULL, BCRYPT_ALG_HANDLE_HMAC_FLAG); |
|
1459 if(status > 0) { |
|
1460 fprintf(stderr, "Error: dav_pw2key: BCryptOpenAlgorithmProvider failed: 0x%X\n", (unsigned int)status); |
|
1461 return NULL; |
|
1462 } |
|
1463 |
|
1464 // derive key |
|
1465 status = BCryptDeriveKeyPBKDF2( |
|
1466 hAlg, |
|
1467 (PUCHAR)password, |
|
1468 len, |
|
1469 (PUCHAR)salt, |
|
1470 saltlen, |
|
1471 DAV_CRYPTO_ITERATION_COUNT, |
|
1472 keydata, |
|
1473 128, |
|
1474 0); |
|
1475 |
|
1476 BCryptCloseAlgorithmProvider(hAlg,0); |
|
1477 |
|
1478 if(status) { |
|
1479 fprintf(stderr, "Error: dav_pw2key: BCryptDeriveKeyPBKDF2 failed: 0x%X\n", (unsigned int)status); |
|
1480 return NULL; |
|
1481 } |
|
1482 |
|
1483 // create DavKey with generated data |
|
1484 DavKey *key = malloc(sizeof(DavKey)); |
|
1485 key->data = malloc(keylen); |
|
1486 key->length = keylen; |
|
1487 key->name = NULL; |
|
1488 key->type = enc; |
|
1489 memcpy(key->data, keydata, keylen); |
|
1490 return key; |
|
1491 } |
|
1492 #endif |
|
1493 |
|
1494 |
|
1495 |
|
1496 CxBuffer* aes_encrypt_buffer(CxBuffer *in, DavKey *key) { |
|
1497 CxBuffer *encbuf = cxBufferCreate(NULL, in->size, cxDefaultAllocator, CX_BUFFER_FREE_CONTENTS|CX_BUFFER_AUTO_EXTEND); |
|
1498 if(!encbuf) { |
|
1499 return NULL; |
|
1500 } |
|
1501 |
|
1502 AESEncrypter *enc = aes_encrypter_new( |
|
1503 key, |
|
1504 in, |
|
1505 (dav_read_func)cxBufferRead, |
|
1506 NULL); |
|
1507 if(!enc) { |
|
1508 cxBufferFree(encbuf); |
|
1509 return NULL; |
|
1510 } |
|
1511 |
|
1512 char buf[1024]; |
|
1513 size_t r; |
|
1514 while((r = aes_read(buf, 1, 1024, enc)) > 0) { |
|
1515 cxBufferWrite(buf, 1, r, encbuf); |
|
1516 } |
|
1517 aes_encrypter_close(enc); |
|
1518 |
|
1519 encbuf->pos = 0; |
|
1520 return encbuf; |
|
1521 } |
|
1522 |
|
1523 CxBuffer* aes_decrypt_buffer(CxBuffer *in, DavKey *key) { |
|
1524 CxBuffer *decbuf = cxBufferCreate(NULL, in->size, cxDefaultAllocator, CX_BUFFER_FREE_CONTENTS|CX_BUFFER_AUTO_EXTEND); |
|
1525 if(!decbuf) { |
|
1526 return NULL; |
|
1527 } |
|
1528 AESDecrypter *dec = aes_decrypter_new( |
|
1529 key, |
|
1530 decbuf, |
|
1531 (dav_write_func)cxBufferWrite); |
|
1532 if(!dec) { |
|
1533 cxBufferFree(decbuf); |
|
1534 return NULL; |
|
1535 } |
|
1536 |
|
1537 aes_write(in->space, 1, in->size, dec); |
|
1538 aes_decrypter_shutdown(dec); |
|
1539 aes_decrypter_close(dec); |
|
1540 decbuf->pos = 0; |
|
1541 return decbuf; |
|
1542 } |