2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4 * Copyright 2018 Olaf Wintermann. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26 * POSSIBILITY OF SUCH DAMAGE.
38 /* -------------------- OpenSSL Crypto Functions -------------------- */
39 #ifdef DAV_USE_OPENSSL
41 #if OPENSSL_VERSION_NUMBER < 0x10000000L
43 static EVP_CIPHER_CTX* create_evp_cipher_ctx() {
44 EVP_CIPHER_CTX *ctx = malloc(sizeof(EVP_CIPHER_CTX));
45 EVP_CIPHER_CTX_init(ctx);
49 static void free_evp_cipher_ctx(EVP_CIPHER_CTX *ctx) {
50 EVP_CIPHER_CTX_cleanup(ctx);
54 #define EVP_CIPHER_CTX_new() create_evp_cipher_ctx()
55 #define EVP_CIPHER_CTX_free(ctx) free_evp_cipher_ctx(ctx)
59 int dav_rand_bytes(unsigned char *buf, size_t len) {
60 return !RAND_bytes(buf, len);
63 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
64 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
65 SHA256_Init(&dec->sha256);
67 dec->write = write_func;
75 void aes_decrypter_init(AESDecrypter *dec) {
76 //EVP_CIPHER_CTX_init(&dec->ctx);
77 dec->ctx = EVP_CIPHER_CTX_new();
79 if(dec->key->type == DAV_KEY_AES128) {
86 } else if(dec->key->type == DAV_KEY_AES256) {
94 fprintf(stderr, "unknown key type\n");
99 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
102 size_t n = 16 - dec->ivpos;
103 size_t cp = n > len ? len : n;
104 memcpy(dec->ivtmp + dec->ivpos, buf, cp);
106 if(dec->ivpos >= 16) {
107 aes_decrypter_init(dec);
112 buf = (char*)buf + cp;
117 int outlen = len + 16;
118 unsigned char *out = malloc(outlen);
119 EVP_DecryptUpdate(dec->ctx, out, &outlen, buf, len);
120 ssize_t wlen = dec->write(out, 1, outlen, dec->stream);
121 SHA256_Update(&dec->sha256, out, wlen);
126 void aes_decrypter_shutdown(AESDecrypter *dec) {
128 void *out = malloc(128);
130 EVP_DecryptFinal_ex(dec->ctx, out, &len);
131 dec->write(out, 1, len, dec->stream);
132 SHA256_Update(&dec->sha256, out, len);
134 //EVP_CIPHER_CTX_cleanup(&dec->ctx);
135 EVP_CIPHER_CTX_free(dec->ctx);
139 void aes_decrypter_close(AESDecrypter *dec) {
144 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) {
145 unsigned char *iv = malloc(16);
146 if(!RAND_bytes(iv, 16)) {
151 AESEncrypter *enc = malloc(sizeof(AESEncrypter));
152 SHA256_Init(&enc->sha256);
153 enc->stream = stream;
154 enc->read = read_func;
155 enc->seek = seek_func;
163 //EVP_CIPHER_CTX_init(&enc->ctx);
164 enc->ctx = EVP_CIPHER_CTX_new();
165 if(key->type == DAV_KEY_AES128) {
166 EVP_EncryptInit_ex(enc->ctx, EVP_aes_128_cbc(), NULL, key->data, enc->iv);
167 } else if(key->type == DAV_KEY_AES256) {
168 EVP_EncryptInit_ex(enc->ctx, EVP_aes_256_cbc(), NULL, key->data, enc->iv);
170 fprintf(stderr, "unknown key type\n");
176 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
179 size_t tmp_diff = enc->tmplen - enc->tmpoff;
180 size_t cp_len = tmp_diff > len ? len : tmp_diff;
181 memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
182 enc->tmpoff += cp_len;
183 if(enc->tmpoff >= enc->tmplen) {
196 void *in = malloc(len);
197 size_t in_len = enc->read(in, 1, len, enc->stream);
199 SHA256_Update(&enc->sha256, in, in_len);
201 unsigned char *out = NULL;
203 size_t ivl = enc->ivlen;
206 out = malloc(outlen + ivl);
208 memcpy(out, enc->iv, ivl);
210 EVP_EncryptUpdate(enc->ctx, out + ivl, &outlen, in, in_len);
213 EVP_EncryptFinal_ex(enc->ctx, out + ivl + outlen, &newoutlen);
219 EVP_EncryptFinal_ex(enc->ctx, out, &outlen);
222 enc->tmp = (char*)out;
223 enc->tmplen = outlen + ivl;
232 return aes_read(buf, s, n, enc);
235 void aes_encrypter_close(AESEncrypter *enc) {
242 //EVP_CIPHER_CTX_cleanup(&enc->ctx);
243 EVP_CIPHER_CTX_free(enc->ctx);
247 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) {
248 if(origin != SEEK_SET || offset != 0 || !enc->seek) {
249 return CURL_SEEKFUNC_CANTSEEK;
253 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) {
254 return CURL_SEEKFUNC_FAIL;
256 return CURL_SEEKFUNC_OK;
260 char* aes_encrypt(const char *in, size_t len, DavKey *key) {
261 unsigned char iv[16];
262 if(!RAND_bytes(iv, 16)) {
266 //EVP_CIPHER_CTX ctx;
267 //EVP_CIPHER_CTX_init(&ctx);
268 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
269 if(key->type == DAV_KEY_AES128) {
274 (unsigned char*)key->data,
276 } else if(key->type == DAV_KEY_AES256) {
281 (unsigned char*)key->data,
284 //EVP_CIPHER_CTX_cleanup(&ctx);
285 EVP_CIPHER_CTX_free(ctx);
289 //int len = strlen(in);
290 int buflen = len + 64;
291 unsigned char *buf = calloc(1, buflen);
295 EVP_EncryptUpdate(ctx, buf + 16, &l, (unsigned char*)in, len);
298 EVP_EncryptFinal_ex(ctx, buf + 16 + l, &f);
299 char *out = util_base64encode((char*)buf, 16 + l + f);
301 EVP_CIPHER_CTX_free(ctx);
302 //EVP_CIPHER_CTX_cleanup(&ctx);
307 char* aes_decrypt(const char *in, size_t *length, DavKey *key) {
309 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &len);
311 //EVP_CIPHER_CTX ctx;
312 //EVP_CIPHER_CTX_init(&ctx);
313 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
314 if(key->type == DAV_KEY_AES128) {
321 } else if(key->type == DAV_KEY_AES256) {
329 //EVP_CIPHER_CTX_cleanup(&ctx);
330 EVP_CIPHER_CTX_free(ctx);
334 unsigned char *out = malloc(len + 1);
336 unsigned char *in_buf = buf + 16;
337 int inlen = len - 16;
340 EVP_DecryptUpdate(ctx, out, &outlen, in_buf, inlen);
341 EVP_DecryptFinal_ex(ctx, out + outlen, &f);
342 out[outlen + f] = '\0';
344 //EVP_CIPHER_CTX_cleanup(&ctx);
345 EVP_CIPHER_CTX_free(ctx);
347 *length = outlen + f;
352 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf){
353 SHA256_Final((unsigned char*)buf, sha256);
356 char* dav_create_hash(const char *data, size_t len) {
357 unsigned char hash[DAV_SHA256_DIGEST_LENGTH];
360 SHA256_Update(&ctx, data, len);
361 SHA256_Final(hash, &ctx);
362 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH);
365 DAV_SHA_CTX* dav_hash_init(void) {
366 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX));
371 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) {
372 SHA256_Update(ctx, data, len);
375 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) {
376 SHA256_Final(buf, ctx);
380 #if OPENSSL_VERSION_NUMBER < 0x10100000L
381 static int crypto_pw2key_error = 0;
382 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
383 if(!crypto_pw2key_error) {
384 fprintf(stderr, "Error: password key derivation not supported on this platform: openssl to old\n");
385 crypto_pw2key_error = 1;
391 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
395 size_t len = strlen(password);
400 // setup key data and length
401 unsigned char keydata[32];
404 case DAV_KEY_AES128: keylen = 16; break;
405 case DAV_KEY_AES256: keylen = 32; break;
406 default: return NULL;
411 case DAV_PWFUNC_PBKDF2_SHA256: {
417 DAV_CRYPTO_ITERATION_COUNT,
423 case DAV_PWFUNC_PBKDF2_SHA512: {
429 DAV_CRYPTO_ITERATION_COUNT,
435 default: return NULL;
438 // create DavKey with generated data
439 DavKey *key = malloc(sizeof(DavKey));
440 key->data = malloc(keylen);
441 key->length = keylen;
444 memcpy(key->data, keydata, keylen);
452 /* -------------------- Apple Crypto Functions -------------------- */
453 #ifdef DAV_CRYPTO_COMMON_CRYPTO
455 #define RANDOM_BUFFER_LENGTH 256
456 static char randbuf[RANDOM_BUFFER_LENGTH];
457 static int rbufpos = RANDOM_BUFFER_LENGTH;
459 int dav_rand_bytes(unsigned char *buf, size_t len) {
460 if(len + rbufpos > RANDOM_BUFFER_LENGTH) {
461 int devr = open("/dev/urandom", O_RDONLY);
466 if(read(devr, randbuf, RANDOM_BUFFER_LENGTH) < RANDOM_BUFFER_LENGTH) {
472 if(len > RANDOM_BUFFER_LENGTH) {
474 if(read(devr, buf, len) < len) {
485 memcpy(buf, r + rbufpos, len);
491 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
492 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
493 CC_SHA256_Init(&dec->sha256);
494 dec->stream = stream;
495 dec->write = write_func;
504 void aes_decrypter_init(AESDecrypter *dec) {
505 //EVP_CIPHER_CTX_init(&dec->ctx);
508 CCCryptorRef cryptor;
509 CCCryptorStatus status;
510 if(dec->key->type == DAV_KEY_AES128) {
511 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor);
512 } else if(dec->key->type == DAV_KEY_AES256) {
513 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, dec->key->data, dec->key->length, dec->ivtmp, &cryptor);
515 fprintf(stderr, "unknown key type\n");
521 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
524 size_t n = 16 - dec->ivpos;
525 size_t cp = n > len ? len : n;
526 memcpy(dec->ivtmp + dec->ivpos, buf, cp);
528 if(dec->ivpos >= 16) {
529 aes_decrypter_init(dec);
534 buf = (char*)buf + cp;
539 int outlen = len + 16;
540 unsigned char *out = malloc(outlen);
542 CCCryptorStatus status;
543 size_t avail = outlen;
545 status = CCCryptorUpdate(dec->ctx, buf, len, out, avail, &moved);
547 ssize_t wlen = dec->write(out, 1, moved, dec->stream);
548 CC_SHA256_Update(&dec->sha256, out, wlen);
553 void aes_decrypter_shutdown(AESDecrypter *dec) {
555 void *out = malloc(128);
557 //EVP_DecryptFinal_ex(dec->ctx, out, &len);
558 CCCryptorFinal(dec->ctx, out, 128, &len);
561 dec->write(out, 1, len, dec->stream);
562 CC_SHA256_Update(&dec->sha256, out, len);
564 //EVP_CIPHER_CTX_cleanup(&dec->ctx);
565 //EVP_CIPHER_CTX_free(dec->ctx);
569 void aes_decrypter_close(AESDecrypter *dec) {
573 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) {
574 unsigned char *iv = malloc(16);
575 if(dav_rand_bytes(iv, 16)) {
579 CCCryptorRef cryptor;
580 CCCryptorStatus status;
581 if(key->type == DAV_KEY_AES128) {
582 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
583 } else if(key->type == DAV_KEY_AES256) {
584 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
590 AESEncrypter *enc = malloc(sizeof(AESEncrypter));
592 CC_SHA256_Init(&enc->sha256);
593 enc->stream = stream;
594 enc->read = read_func;
595 enc->seek = seek_func;
606 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
609 size_t tmp_diff = enc->tmplen - enc->tmpoff;
610 size_t cp_len = tmp_diff > len ? len : tmp_diff;
611 memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
612 enc->tmpoff += cp_len;
613 if(enc->tmpoff >= enc->tmplen) {
626 void *in = malloc(len);
627 size_t in_len = enc->read(in, 1, len, enc->stream);
629 CC_SHA256_Update(&enc->sha256, in, in_len);
631 unsigned char *out = NULL;
633 size_t ivl = enc->ivlen;
636 out = malloc(outlen + ivl);
638 memcpy(out, enc->iv, ivl);
641 CCCryptorStatus status;
642 size_t avail = outlen;
643 status = CCCryptorUpdate(enc->ctx, in, in_len, out + ivl, avail, &outlen);
645 size_t newoutlen = 16;
646 status = CCCryptorFinal(enc->ctx, out + ivl + outlen, 16, &newoutlen);
652 CCCryptorStatus status;
653 size_t avail = outlen;
654 status = CCCryptorFinal(enc->ctx, out, 32, &outlen);
657 enc->tmp = (char*)out;
658 enc->tmplen = outlen + ivl;
667 return aes_read(buf, s, n, enc);
670 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) {
671 if(origin != SEEK_SET || offset != 0 || !enc->seek) {
672 return CURL_SEEKFUNC_CANTSEEK;
676 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) {
677 return CURL_SEEKFUNC_FAIL;
679 return CURL_SEEKFUNC_OK;
682 void aes_encrypter_close(AESEncrypter *enc) {
689 // TODO: cleanup cryptor
693 char* aes_encrypt(const char *in, size_t len, DavKey *key) {
694 unsigned char iv[16];
695 if(dav_rand_bytes(iv, 16)) {
699 CCCryptorRef cryptor;
700 CCCryptorStatus status;
701 if(key->type == DAV_KEY_AES128) {
702 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
703 } else if(key->type == DAV_KEY_AES256) {
704 status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, iv, &cryptor);
709 if(status != kCCSuccess) {
713 int buflen = len + 64;
714 char *buf = calloc(1, buflen);
718 size_t avail = buflen - 16;
720 char *out = buf + 16;
722 status = CCCryptorUpdate(cryptor, in,
725 if(status != kCCSuccess) {
734 status = CCCryptorFinal(cryptor, out, avail, &moved);
735 if(status != kCCSuccess) {
742 char *b64enc = util_base64encode(buf, pos);
748 char* aes_decrypt(const char *in, size_t *len, DavKey *key) {
750 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &inlen);
752 CCCryptorRef cryptor;
753 CCCryptorStatus status;
754 if(key->type == DAV_KEY_AES128) {
755 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor);
756 } else if(key->type == DAV_KEY_AES256) {
757 status = CCCryptorCreate(kCCDecrypt, kCCAlgorithmAES, kCCOptionPKCS7Padding, key->data, key->length, buf, &cryptor);
763 if(status != kCCSuccess) {
768 char *out = malloc(inlen + 1);
769 size_t outavail = inlen;
772 unsigned char *inbuf = buf + 16;
776 status = CCCryptorUpdate(cryptor, inbuf, inlen, out, outavail, &moved);
777 if(status != kCCSuccess) {
787 status = CCCryptorFinal(cryptor, out + outlen, outavail, &moved);
788 if(status != kCCSuccess) {
802 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf) {
803 CC_SHA256_Final(buf, sha256);
806 char* dav_create_hash(const char *data, size_t len) {
807 unsigned char hash[DAV_SHA256_DIGEST_LENGTH];
808 CC_SHA256((const unsigned char*)data, len, hash);
809 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH);
812 DAV_SHA_CTX* dav_hash_init(void) {
813 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX));
818 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) {
819 CC_SHA256_Update(ctx, data, len);
822 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) {
823 CC_SHA256_Final(buf, ctx);
827 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
831 size_t len = strlen(password);
836 // setup key data and length
837 unsigned char keydata[32];
840 case DAV_KEY_AES128: keylen = 16; break;
841 case DAV_KEY_AES256: keylen = 32; break;
842 default: return NULL;
847 case DAV_PWFUNC_PBKDF2_SHA256: {
848 int result = CCKeyDerivationPBKDF(
855 DAV_CRYPTO_ITERATION_COUNT,
863 case DAV_PWFUNC_PBKDF2_SHA512: {
864 int result = CCKeyDerivationPBKDF(
871 DAV_CRYPTO_ITERATION_COUNT,
879 default: return NULL;
882 // create DavKey with generated data
883 DavKey *key = malloc(sizeof(DavKey));
884 key->data = malloc(keylen);
885 key->length = keylen;
888 memcpy(key->data, keydata, keylen);
894 /* -------------------- Windows Crypto Functions -------------------- */
895 #ifdef DAV_CRYPTO_CNG
897 static void cng_cleanup(BCRYPT_ALG_HANDLE hAesAlg, BCRYPT_KEY_HANDLE hKey, BCRYPT_HASH_HANDLE hHash, void *pbObject) {
899 BCryptCloseAlgorithmProvider(hAesAlg,0);
902 BCryptDestroyKey(hKey);
905 BCryptDestroyHash(hHash);
912 static int cng_init_key(BCRYPT_ALG_HANDLE *alg, BCRYPT_KEY_HANDLE *key, void **keyobj, DavKey *aesKey) {
913 BCRYPT_ALG_HANDLE hAesAlg = NULL;
914 BCRYPT_KEY_HANDLE hKey = NULL;
916 void *pbKeyObject = NULL;
917 ULONG keyObjectLength = 0;
921 // check DavKey and get AES key length
926 ULONG aesKeyLength = 0;
927 if(aesKey->type == DAV_KEY_AES128) {
929 } else if(aesKey->type == DAV_KEY_AES256) {
932 if(aesKeyLength > aesKey->length || !aesKey->data) {
937 // initialize BCrypt stuff
938 if(BCryptOpenAlgorithmProvider(&hAesAlg, BCRYPT_AES_ALGORITHM, NULL, 0)) {
939 fprintf(stderr, "Error: BCryptOpenAlgorithmProvider failed\n");
943 if(BCryptGetProperty(hAesAlg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&keyObjectLength, sizeof(DWORD), &result, 0)) {
944 fprintf(stderr, "Error: BCrypt: Cannot get BCRYPT_OBJECT_LENGTH\n");
945 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject);
949 if(BCryptSetProperty(hAesAlg, BCRYPT_CHAINING_MODE, (PBYTE)BCRYPT_CHAIN_MODE_CBC, sizeof(BCRYPT_CHAIN_MODE_CBC), 0)) {
950 fprintf(stderr, "Error: BCrypt: Cannot set CBC mode\n");
951 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject);
955 pbKeyObject = calloc(1, keyObjectLength);
957 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject);
962 if(BCryptGenerateSymmetricKey(hAesAlg, &hKey, pbKeyObject, keyObjectLength, aesKey->data, aesKeyLength, 0)) {
963 fprintf(stderr, "Error: BCrypt: Cannot set key\n");
964 cng_cleanup(hAesAlg, hKey, NULL, pbKeyObject);
970 *keyobj = pbKeyObject;
975 static int cng_hash_init(WinBCryptSHACTX *ctx) {
976 if(BCryptOpenAlgorithmProvider(&ctx->hAlg, BCRYPT_SHA256_ALGORITHM, NULL, 0)) {
977 fprintf(stderr, "Error: BCryptOpenAlgorithmProvider failed\n");
983 if(BCryptGetProperty(ctx->hAlg, BCRYPT_OBJECT_LENGTH, (PBYTE)&hashObjectLen, sizeof(DWORD), &result, 0)) {
984 cng_cleanup(ctx->hAlg, NULL, NULL, NULL);
988 ctx->pbHashObject = calloc(1, hashObjectLen);
990 if(BCryptCreateHash(ctx->hAlg, &ctx->hHash, ctx->pbHashObject, hashObjectLen, NULL, 0, 0)) {
991 cng_cleanup(ctx->hAlg, NULL, ctx->hHash, ctx->pbHashObject);
999 int dav_rand_bytes(unsigned char *buf, size_t len) {
1000 if(BCryptGenRandom(NULL, (unsigned char*)buf, (ULONG)len, BCRYPT_USE_SYSTEM_PREFERRED_RNG)) {
1006 AESDecrypter* aes_decrypter_new(DavKey *key, void *stream, dav_write_func write_func) {
1007 AESDecrypter *dec = calloc(1, sizeof(AESDecrypter));
1011 if(cng_hash_init(&dec->sha256)) {
1016 dec->stream = stream;
1017 dec->write = write_func;
1025 static void aes_decrypter_init(AESDecrypter *dec) {
1026 if(cng_init_key(&dec->ctx.hAlg, &dec->ctx.hKey, &dec->ctx.pbKeyObject, dec->key)) {
1027 fprintf(stderr, "Error: cng_init_key failed\n");
1031 memcpy(dec->ctx.pbIV, dec->ivtmp, 16);
1034 size_t aes_write(const void *buf, size_t s, size_t n, AESDecrypter *dec) {
1039 size_t n = 16 - dec->ivpos;
1040 size_t cp = n > len ? len : n;
1041 memcpy(dec->ivtmp + dec->ivpos, buf, cp);
1043 if(dec->ivpos >= 16) {
1044 aes_decrypter_init(dec);
1049 buf = (char*)buf + cp;
1054 // the cipher text must be a multiply of 16
1055 // remaining bytes are stored in ctx.buf and must be added to cibuf
1057 size_t cbufalloc = len + 64;
1059 char *cbuf = malloc(cbufalloc);
1061 // add previous remaining bytes
1062 if(dec->ctx.buflen > 0) {
1063 memcpy(cbuf, dec->ctx.buf, dec->ctx.buflen);
1064 clen = dec->ctx.buflen;
1066 // add current bytes
1067 memcpy(cbuf + clen, buf, len);
1070 // check if the message fits the blocksize
1071 int remaining = clen % 16;
1072 if(remaining == 0) {
1073 // decrypt last block next time, or in aes_decrypter_shutdown
1074 // this makes sure, that shutdown always decrypts the last block
1075 // with BCRYPT_BLOCK_PADDING flag
1079 // add remaining bytes to ctx.buf for the next aes_write run
1081 memcpy(dec->ctx.buf, cbuf + clen, remaining);
1082 dec->ctx.buflen = remaining;
1084 // ready to decrypt the message
1085 ULONG outlen = clen + 32;
1086 unsigned char *out = malloc(outlen);
1091 ULONG status = BCryptDecrypt(dec->ctx.hKey, cbuf, clen, NULL, dec->ctx.pbIV, 16, out, outlen, &enc_len, 0);
1093 fprintf(stderr, "Error: BCryptDecrypt failed: 0x%X\n", status);
1101 // write decrypted data to the output stream and update the hash
1102 dec->write(out, 1, outlen, dec->stream);
1103 BCryptHashData(dec->sha256.hHash, out, outlen, 0);
1111 void aes_decrypter_shutdown(AESDecrypter *dec) {
1112 if(dec->init && dec->ctx.buflen > 0) {
1115 if(BCryptDecrypt(dec->ctx.hKey, dec->ctx.buf, dec->ctx.buflen, NULL, dec->ctx.pbIV, 16, out, outlen, &outlen, BCRYPT_BLOCK_PADDING)) {
1116 fprintf(stderr, "Error: BCryptDecrypt failed\n");
1119 dec->write(out, 1, outlen, dec->stream);
1120 BCryptHashData(dec->sha256.hHash, out, outlen, 0);
1124 void aes_decrypter_close(AESDecrypter *dec) {
1125 cng_cleanup(dec->ctx.hAlg, dec->ctx.hKey, NULL, dec->ctx.pbKeyObject);
1126 cng_cleanup(dec->sha256.hAlg, NULL, dec->sha256.hHash, dec->sha256.pbHashObject);
1130 AESEncrypter* aes_encrypter_new(DavKey *key, void *stream, dav_read_func read_func, dav_seek_func seek_func) {
1131 unsigned char *iv = malloc(16);
1132 if(dav_rand_bytes(iv, 16)) {
1137 AESEncrypter *enc = calloc(1, sizeof(AESEncrypter));
1138 if(cng_hash_init(&enc->sha256)) {
1144 enc->stream = stream;
1145 enc->read = read_func;
1146 enc->seek = seek_func;
1154 if(cng_init_key(&enc->ctx.hAlg, &enc->ctx.hKey, &enc->ctx.pbKeyObject, key)) {
1155 fprintf(stderr, "Error: cng_init_key failed\n");
1159 enc->ctx.buflen = 0;
1160 memcpy(enc->ctx.pbIV, iv, 16);
1165 size_t aes_read(void *buf, size_t s, size_t n, AESEncrypter *enc) {
1170 // the temp buffer contains bytes that are already encrypted, but
1171 // the last aes_read had not enough read buffer space
1173 // in case we have a tmp buf, we just return this
1174 size_t tmp_diff = enc->tmplen - enc->tmpoff;
1175 size_t cp_len = tmp_diff > len ? len : tmp_diff;
1176 memcpy(buf, enc->tmp + enc->tmpoff, cp_len);
1177 enc->tmpoff += cp_len;
1178 if(enc->tmpoff >= enc->tmplen) {
1187 if(enc->ivlen < 16) {
1188 size_t copy_iv_len = 16 - enc->ivlen;
1189 copy_iv_len = len > copy_iv_len ? copy_iv_len : len;
1191 memcpy(buf, enc->iv, copy_iv_len);
1194 nread = copy_iv_len;
1196 enc->ivlen += copy_iv_len;
1199 return copy_iv_len / s;
1207 size_t remaining = len % 16;
1211 len -= 16; // optimization for avoiding tmp buffer usage
1214 size_t inalloc = len;
1216 unsigned char *in = malloc(inalloc);
1218 // fill the input buffer
1219 while(inlen < inalloc) {
1220 size_t r = enc->read(in + inlen, 1, inalloc - inlen, enc->stream);
1233 BCryptHashData(enc->sha256.hHash, in, inlen, 0);
1235 // create output buffer
1236 ULONG outalloc = inlen + 16;
1238 char *out = malloc(outalloc);
1242 if(inlen % 16 != 0) {
1246 flags = BCRYPT_BLOCK_PADDING;
1248 if(BCryptEncrypt(enc->ctx.hKey, in, inlen, NULL, enc->ctx.pbIV, 16, out, outalloc, &outlen, flags)) {
1249 fprintf(stderr, "Error: BCryptEncrypt failed\n");
1252 // check if the output fits in buf, if not, save the remaining bytes in tmp
1254 size_t tmplen = outlen - len;
1255 char *tmp = malloc(tmplen);
1256 memcpy(tmp, out+len, tmplen);
1259 enc->tmplen = tmplen;
1265 // fill read buffer and return
1266 memcpy(buf, out, outlen);
1275 void aes_encrypter_close(AESEncrypter *enc) {
1279 int aes_encrypter_reset(AESEncrypter *enc, curl_off_t offset, int origin) {
1280 if(origin != SEEK_SET || offset != 0 || !enc->seek) {
1281 return CURL_SEEKFUNC_CANTSEEK;
1285 memcpy(enc->ctx.pbIV, enc->iv, 16);
1286 if(enc->seek(enc->stream, 0, SEEK_SET) != 0) {
1287 return CURL_SEEKFUNC_FAIL;
1289 return CURL_SEEKFUNC_OK;
1292 char* aes_encrypt(const char *in, size_t len, DavKey *key) {
1295 if(dav_rand_bytes(iv, 16)) {
1299 // initialize bcrypt stuff
1300 BCRYPT_ALG_HANDLE hAlg = NULL;
1301 BCRYPT_KEY_HANDLE hKey = NULL;
1302 void *pbKeyObject = NULL;
1303 if(cng_init_key(&hAlg, &hKey, &pbKeyObject, key)) {
1307 // create output buffer
1308 ULONG outlen = len + 128;
1309 char *out = malloc(outlen);
1311 // the output must start with the IV
1312 memcpy(out, iv, 16);
1313 char *encbuf = out + 16;
1314 ULONG enclen = outlen - 16;
1315 ULONG encoutlen = 0;
1318 if(BCryptEncrypt(hKey, (PUCHAR)in, len, NULL, (PUCHAR)iv, 16, encbuf, enclen, &encoutlen, BCRYPT_BLOCK_PADDING)) {
1319 fprintf(stderr, "Error: BCryptEncrypt failed\n");
1320 cng_cleanup(hAlg, hKey, NULL, pbKeyObject);
1325 outlen = encoutlen + 16; // length of encrypted data + 16 bytes IV
1328 char *outstr = util_base64encode(out, outlen);
1330 cng_cleanup(hAlg, hKey, NULL, pbKeyObject);
1336 char* aes_decrypt(const char *in, size_t *len, DavKey *key) {
1337 BCRYPT_ALG_HANDLE hAlg = NULL;
1338 BCRYPT_KEY_HANDLE hKey = NULL;
1339 void *pbKeyObject = NULL;
1340 if(cng_init_key(&hAlg, &hKey, &pbKeyObject, key)) {
1345 unsigned char *buf = (unsigned char*)util_base64decode_len(in, &inlen);
1346 if(inlen < 16 || !buf) {
1347 cng_cleanup(hAlg, hKey, NULL, pbKeyObject);
1354 // encrypted data starts with IV
1356 memcpy(iv, buf, 16);
1359 char *data = buf + 16; // encrypted data starts after IV
1360 size_t datalen = inlen - 16;
1362 // create output buffer
1363 ULONG outlen = inlen;
1364 char *out = malloc(outlen + 1);
1367 if(BCryptDecrypt(hKey, data, datalen, NULL, iv, 16, out, outlen, &outlen, BCRYPT_BLOCK_PADDING)) {
1368 cng_cleanup(hAlg, hKey, NULL, pbKeyObject);
1374 // decrypt finished, return
1376 *len = (size_t)outlen;
1380 void dav_get_hash(DAV_SHA_CTX *sha256, unsigned char *buf) {
1381 BCryptFinishHash(sha256->hHash, buf, DAV_SHA256_DIGEST_LENGTH, 0);
1385 char* dav_create_hash(const char *data, size_t len) {
1386 unsigned char hash[DAV_SHA256_DIGEST_LENGTH];
1387 DAV_SHA_CTX *ctx = dav_hash_init();
1389 dav_hash_update(ctx, data, len);
1390 dav_hash_final(ctx, hash);
1392 return util_hexstr(hash, DAV_SHA256_DIGEST_LENGTH);
1395 DAV_SHA_CTX* dav_hash_init(void) {
1396 DAV_SHA_CTX *ctx = malloc(sizeof(DAV_SHA_CTX));
1400 if(cng_hash_init(ctx)) {
1407 void dav_hash_update(DAV_SHA_CTX *ctx, const char *data, size_t len) {
1408 BCryptHashData(ctx->hHash, (PUCHAR)data, len, 0);
1411 void dav_hash_final(DAV_SHA_CTX *ctx, unsigned char *buf) {
1412 BCryptFinishHash(ctx->hHash, (PUCHAR)buf, DAV_SHA256_DIGEST_LENGTH, 0);
1415 cng_cleanup(ctx->hAlg, NULL, ctx->hHash, ctx->pbHashObject);
1419 DavKey* dav_pw2key(const char *password, const unsigned char *salt, int saltlen, int pwfunc, int enc) {
1423 size_t len = strlen(password);
1428 // setup key data and length
1429 unsigned char keydata[128];
1432 case DAV_KEY_AES128: keylen = 16; break;
1433 case DAV_KEY_AES256: keylen = 32; break;
1434 default: return NULL;
1439 case DAV_PWFUNC_PBKDF2_SHA256: algid = BCRYPT_SHA256_ALGORITHM; break;
1440 case DAV_PWFUNC_PBKDF2_SHA512: algid = BCRYPT_SHA512_ALGORITHM; break;
1441 default: return NULL;
1444 // open algorithm provider
1445 BCRYPT_ALG_HANDLE hAlg;
1446 ULONG status = BCryptOpenAlgorithmProvider(&hAlg, algid, NULL, BCRYPT_ALG_HANDLE_HMAC_FLAG);
1448 fprintf(stderr, "Error: dav_pw2key: BCryptOpenAlgorithmProvider failed: 0x%X\n", (unsigned int)status);
1453 status = BCryptDeriveKeyPBKDF2(
1459 DAV_CRYPTO_ITERATION_COUNT,
1464 BCryptCloseAlgorithmProvider(hAlg,0);
1467 fprintf(stderr, "Error: dav_pw2key: BCryptDeriveKeyPBKDF2 failed: 0x%X\n", (unsigned int)status);
1471 // create DavKey with generated data
1472 DavKey *key = malloc(sizeof(DavKey));
1473 key->data = malloc(keylen);
1474 key->length = keylen;
1477 memcpy(key->data, keydata, keylen);
1484 UcxBuffer* aes_encrypt_buffer(UcxBuffer *in, DavKey *key) {
1485 UcxBuffer *encbuf = ucx_buffer_new(
1488 UCX_BUFFER_AUTOEXTEND);
1490 AESEncrypter *enc = aes_encrypter_new(
1493 (dav_read_func)ucx_buffer_read,
1496 ucx_buffer_free(encbuf);
1502 while((r = aes_read(buf, 1, 1024, enc)) > 0) {
1503 ucx_buffer_write(buf, 1, r, encbuf);
1505 aes_encrypter_close(enc);
1511 UcxBuffer* aes_decrypt_buffer(UcxBuffer *in, DavKey *key) {
1512 UcxBuffer *decbuf = ucx_buffer_new(
1515 UCX_BUFFER_AUTOEXTEND);
1516 AESDecrypter *dec = aes_decrypter_new(
1519 (dav_write_func)ucx_buffer_write);
1521 aes_write(in->space, 1, in->size, dec);
1522 aes_decrypter_shutdown(dec);
1523 aes_decrypter_close(dec);