OSStatus AES_CBCFrame_Update( AES_CBCFrame_Context *inContext, const void *inSrc, size_t inSrcLen, void *inDst )
{
OSStatus err;
const uint8_t * src;
const uint8_t * end;
uint8_t * dst;
size_t len;
src = (const uint8_t *) inSrc;
end = src + inSrcLen;
dst = (uint8_t *) inDst;
// Process whole blocks.
len = inSrcLen & ~( (size_t)( kAES_CBCFrame_Size - 1 ) );
if( len > 0 )
{
#if( AES_UTILS_USE_COMMON_CRYPTO )
err = CCCryptorReset( inContext->cryptor, inContext->iv );
require_noerr( err, exit );
err = CCCryptorUpdate( inContext->cryptor, src, len, dst, len, &len );
require_noerr( err, exit );
#elif( AES_UTILS_USE_GLADMAN_AES )
uint8_t iv[ kAES_CBCFrame_Size ];
memcpy( iv, inContext->iv, kAES_CBCFrame_Size ); // Use local copy so original IV is not changed.
if( inContext->encrypt ) aes_cbc_encrypt( src, dst, (int) len, iv, &inContext->ctx.encrypt );
else aes_cbc_decrypt( src, dst, (int) len, iv, &inContext->ctx.decrypt );
#elif( AES_UTILS_USE_USSL )
uint8_t iv[ kAES_CBCFrame_Size ];
memcpy( iv, inContext->iv, kAES_CBCFrame_Size ); // Use local copy so original IV is not changed.
if( inContext->encrypt ) aes_crypt_cbc( &inContext->ctx, AES_ENCRYPT, len, iv, (unsigned char *) src, dst );
else aes_crypt_cbc( &inContext->ctx, AES_DECRYPT, len, iv, (unsigned char *) src, dst );
#else
uint8_t iv[ kAES_CBCFrame_Size ];
memcpy( iv, inContext->iv, kAES_CBCFrame_Size ); // Use local copy so original IV is not changed.
AES_cbc_encrypt( src, dst, (unsigned long) len, &inContext->key, iv, inContext->mode );
#endif
src += len;
dst += len;
}
// The remaining bytes are just copied unencrypted.
while( src != end ) *dst++ = *src++;
err = kNoErr;
#if( AES_UTILS_USE_COMMON_CRYPTO )
exit:
#endif
return( err );
}
static int
aes_ctr_encrypt_counter(archive_crypto_ctx *ctx)
{
CCCryptorRef ref = ctx->ctx;
CCCryptorStatus r;
r = CCCryptorReset(ref, NULL);
if (r != kCCSuccess)
return -1;
r = CCCryptorUpdate(ref, ctx->nonce, AES_BLOCK_SIZE, ctx->encr_buf,
AES_BLOCK_SIZE, NULL);
return (r == kCCSuccess)? 0: -1;
}
static int __aes_process (crypto_aes_t *crypto,
CCCryptorRef cryptor,
const void *src,
unsigned int src_size,
void *dst,
unsigned int *dst_size)
{
size_t out_avail;
size_t used = 0;
uint8_t *outp;
size_t moved;
pthread_mutex_lock(&(crypto->lock));
outp = (uint8_t *)dst;
out_avail = src_size + 16;
if (CCCryptorUpdate(cryptor, src, src_size, outp, out_avail, &moved)) {
pthread_mutex_unlock(&(crypto->lock));
CCCryptorReset(cryptor, crypto->iv);
return(-2);
}
outp += moved;
used += moved;
out_avail -= moved;
if (CCCryptorFinal(cryptor, outp, out_avail, &moved)) {
pthread_mutex_unlock(&(crypto->lock));
CCCryptorReset(cryptor, crypto->iv);
return(-3);
}
used += moved;
if (dst_size != NULL)
*dst_size = used;
CCCryptorReset(cryptor, crypto->iv);
pthread_mutex_unlock(&(crypto->lock));
return(0);
}
extern "C" int AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pccStatus)
{
if (pccStatus == nullptr)
return -1;
*pccStatus = 0;
if (cryptor == nullptr)
return -1;
CCStatus status = CCCryptorReset(cryptor, pbIv);
*pccStatus = status;
return status == kCCSuccess;
}
int32_t AppleCryptoNative_CryptorReset(CCCryptorRef cryptor, const uint8_t* pbIv, int32_t* pccStatus)
{
if (pccStatus == NULL)
return -1;
*pccStatus = 0;
if (cryptor == NULL)
return -1;
// 10.13 Beta reports an error when resetting ECB, which is the only mode which has a null IV.
if (pbIv == NULL)
return 1;
CCStatus status = CCCryptorReset(cryptor, pbIv);
*pccStatus = status;
return status == kCCSuccess;
}
static int
init_cc_key(int encp, CCAlgorithm alg, CCOptions opts, const void *key,
size_t keylen, const void *iv, CCCryptorRef *ref)
{
CCOperation op = encp ? kCCEncrypt : kCCDecrypt;
CCCryptorStatus ret;
if (*ref) {
if (key == NULL && iv) {
CCCryptorReset(*ref, iv);
return 1;
}
CCCryptorRelease(*ref);
}
if (key) {
ret = CCCryptorCreate(op, alg, opts, key, keylen, iv, ref);
if (ret)
return 0;
}
return 1;
}
wi_integer_t wi_cipher_decrypt_bytes(wi_cipher_t *cipher, const void *encrypted_buffer, wi_uinteger_t encrypted_length, void *decrypted_buffer) {
#ifdef WI_CIPHER_OPENSSL
int decrypted_length, padded_length;
if(EVP_DecryptUpdate(&cipher->decrypt_ctx, decrypted_buffer, &decrypted_length, encrypted_buffer, encrypted_length) != 1) {
wi_error_set_openssl_error();
return -1;
}
if(EVP_DecryptFinal_ex(&cipher->decrypt_ctx, decrypted_buffer + decrypted_length, &padded_length) != 1) {
wi_error_set_openssl_error();
return -1;
}
if(EVP_DecryptInit_ex(&cipher->decrypt_ctx, NULL, NULL, NULL, NULL) != 1) {
wi_error_set_openssl_error();
return -1;
}
return decrypted_length + padded_length;
#endif
#ifdef WI_CIPHER_COMMONCRYPTO
CCCryptorStatus status;
size_t available_length, decrypted_length, padded_length;
available_length = wi_cipher_block_size(cipher) + encrypted_length;
status = CCCryptorUpdate(cipher->decrypt_ref,
encrypted_buffer,
encrypted_length,
decrypted_buffer,
available_length,
&decrypted_length);
if(status != kCCSuccess) {
wi_error_set_commoncrypto_error(status);
return -1;
}
status = CCCryptorFinal(cipher->decrypt_ref,
decrypted_buffer + decrypted_length,
available_length - decrypted_length,
&padded_length);
if(status != kCCSuccess) {
wi_error_set_commoncrypto_error(status);
return -1;
}
status = CCCryptorReset(cipher->decrypt_ref, cipher->iv ? wi_data_bytes(cipher->iv) : NULL);
if(status != kCCSuccess) {
wi_error_set_commoncrypto_error(status);
return -1;
}
return decrypted_length + padded_length;
#endif
}
OSStatus
AES_CBCFrame_Update2(
AES_CBCFrame_Context * inContext,
const void * inSrc1,
size_t inLen1,
const void * inSrc2,
size_t inLen2,
void * inDst )
{
const uint8_t * src1 = (const uint8_t *) inSrc1;
const uint8_t * end1 = src1 + inLen1;
const uint8_t * src2 = (const uint8_t *) inSrc2;
const uint8_t * end2 = src2 + inLen2;
uint8_t * dst = (uint8_t *) inDst;
OSStatus err;
size_t len;
size_t i;
#if( !AES_UTILS_USE_COMMON_CRYPTO )
uint8_t iv[ kAES_CBCFrame_Size ];
#endif
#if( AES_UTILS_USE_COMMON_CRYPTO )
if( ( inLen1 + inLen2 ) >= kAES_CBCFrame_Size )
{
err = CCCryptorReset( inContext->cryptor, inContext->iv );
require_noerr( err, exit );
}
#else
memcpy( iv, inContext->iv, kAES_CBCFrame_Size ); // Use local copy so original IV is not changed.
#endif
// Process all whole blocks from buffer 1.
len = inLen1 & ~( (size_t)( kAES_CBCFrame_Size - 1 ) );
if( len > 0 )
{
#if( AES_UTILS_USE_COMMON_CRYPTO )
err = CCCryptorUpdate( inContext->cryptor, src1, len, dst, len, &len );
require_noerr( err, exit );
#elif( AES_UTILS_USE_GLADMAN_AES )
if( inContext->encrypt ) aes_cbc_encrypt( src1, dst, (int) len, iv, &inContext->ctx.encrypt );
else aes_cbc_decrypt( src1, dst, (int) len, iv, &inContext->ctx.decrypt );
#elif( AES_UTILS_USE_USSL )
if( inContext->encrypt ) aes_crypt_cbc( &inContext->ctx, AES_ENCRYPT, len, iv, (unsigned char *) src1, dst );
else aes_crypt_cbc( &inContext->ctx, AES_DECRYPT, len, iv, (unsigned char *) src1, dst );
#else
AES_cbc_encrypt( src1, dst, (unsigned long) len, &inContext->key, iv, inContext->mode );
#endif
src1 += len;
dst += len;
}
// If there are any partial block bytes in buffer 1 and enough bytes in buffer 2 to fill a
// block then combine them into a temporary buffer and encrypt it.
if( ( src1 != end1 ) && ( ( ( end1 - src1 ) + ( end2 - src2 ) ) >= kAES_CBCFrame_Size ) )
{
uint8_t buf[ kAES_CBCFrame_Size ];
for( i = 0; src1 != end1; ++i )
{
buf[ i ] = *src1++;
}
for( ; ( i < kAES_CBCFrame_Size ) && ( src2 != end2 ); ++i )
{
buf[ i ] = *src2++;
}
#if( AES_UTILS_USE_COMMON_CRYPTO )
err = CCCryptorUpdate( inContext->cryptor, buf, i, dst, i, &i );
require_noerr( err, exit );
#elif( AES_UTILS_USE_GLADMAN_AES )
if( inContext->encrypt ) aes_cbc_encrypt( buf, dst, (int) i, iv, &inContext->ctx.encrypt );
else aes_cbc_decrypt( buf, dst, (int) i, iv, &inContext->ctx.decrypt );
#elif( AES_UTILS_USE_USSL )
if( inContext->encrypt ) aes_crypt_cbc( &inContext->ctx, AES_ENCRYPT, i, iv, buf, dst );
else aes_crypt_cbc( &inContext->ctx, AES_DECRYPT, i, iv, buf, dst );
#else
AES_cbc_encrypt( buf, dst, (unsigned long) i, &inContext->key, iv, inContext->mode );
#endif
dst += i;
}
// Process any remaining whole blocks in buffer 2.
len = ( (size_t)( end2 - src2 ) ) & ~( (size_t)( kAES_CBCFrame_Size - 1 ) );
if( len > 0 )
{
#if( AES_UTILS_USE_COMMON_CRYPTO )
err = CCCryptorUpdate( inContext->cryptor, src2, len, dst, len, &len );
require_noerr( err, exit );
#elif( AES_UTILS_USE_GLADMAN_AES )
if( inContext->encrypt ) aes_cbc_encrypt( src2, dst, (int) len, iv, &inContext->ctx.encrypt );
else aes_cbc_decrypt( src2, dst, (int) len, iv, &inContext->ctx.decrypt );
#elif( AES_UTILS_USE_USSL )
if( inContext->encrypt ) aes_crypt_cbc( &inContext->ctx, AES_ENCRYPT, len, iv, (unsigned char *) src2, dst );
else aes_crypt_cbc( &inContext->ctx, AES_DECRYPT, len, iv, (unsigned char *) src2, dst );
#else
AES_cbc_encrypt( src2, dst, (unsigned long) len, &inContext->key, iv, inContext->mode );
#endif
src2 += len;
dst += len;
}
// Any remaining bytes are just copied unencrypted.
while( src1 != end1 ) *dst++ = *src1++;
while( src2 != end2 ) *dst++ = *src2++;
err = kNoErr;
#if( AES_UTILS_USE_COMMON_CRYPTO )
exit:
#endif
return( err );
}
