CCCryptorStatus
CCCryptWithMode(CCOperation op, CCMode mode, CCAlgorithm alg, CCPadding padding, const void *iv,
const void *key, size_t keyLength, const void *tweak, size_t tweakLength,
int numRounds, CCModeOptions options,
const void *dataIn, size_t dataInLength,
void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved)
#ifdef CRYPTORWITHMODE
{
CCCryptorRef cref;
CCCryptorStatus retval;
size_t moved;
if((retval = CCCryptorCreateWithMode(op, mode, alg, padding, iv, key, keyLength, tweak, tweakLength, numRounds, options, &cref)) != kCCSuccess) {
return retval;
}
if((retval = CCCryptorUpdate(cref, dataIn, dataInLength, dataOut, dataOutAvailable, &moved)) != kCCSuccess) {
return retval;
}
dataOut += moved;
dataOutAvailable -= moved;
*dataOutMoved = moved;
if((retval = CCCryptorFinal(cref, dataOut, dataOutAvailable, &moved)) != kCCSuccess) {
return retval;
}
*dataOutMoved += moved;
CCCryptorRelease(cref);
return kCCSuccess;
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void DESContext::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_DES,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if(keyLen != (DES_KEY_SIZE_BITS_EXTERNAL / 8)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
if (DesInst != NULL)
{
CCCryptorRelease(DesInst);
}
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmDES, ccDefaultPadding, NULL, keyData, kCCKeySizeDES, NULL, 0, 0, 0, &DesInst);
/* Finally, have BlockCryptor do its setup */
setup(DES_BLOCK_SIZE_BYTES, context);
}
virtual bool decrypt(const byte *iv, const byte *in, byte *out, int size) {
CCCryptorRef cryptor;
CCCryptorCreateWithMode(kCCDecrypt, mode, algorithm, 0, iv, key.data(),
key.size(), NULL, 0, 0, 0, &cryptor);
size_t updateLength = 0;
CCCryptorUpdate(cryptor, in, size, out, size, &updateLength);
CCCryptorRelease(cryptor);
return true;
}
int ccmode_gcm_test_one_vector_chained(const struct ccmode_gcm *gcm, const struct ccmode_gcm_vector *v, int dec)
{
if (v->ptlen!=v->ctlen)
return -1;
#ifdef USE_COMMONCRYPTO_GCM
unsigned char temp[v->ptlen];
unsigned char temptag[v->taglen];
CCCryptorStatus st;
size_t taglen = v->taglen;
CCCryptorRef cryptor = NULL;
st = CCCryptorCreateWithMode(dec ? kCCDecrypt : kCCEncrypt, 11 /* kCCModeGCM */, kCCAlgorithmAES128, 0, NULL, v->key, v->keylen, NULL, 0, 0, 0, &cryptor);
st = CCCryptorGCMAddIV(cryptor, v->iv, v->ivlen);
unsigned long i;
#if 0
for (i = 0; i < v->adalen; ++i) {
st = CCCryptorGCMAddADD(cryptor, &v->ada[i], 1);
}
#else
st = CCCryptorGCMAddADD(cryptor, v->ada, v->adalen);
#endif
#if 0
for (i = 0; i < v->ptlen; ++i) {
st = (dec ? CCCryptorGCMDecrypt(cryptor, &v->ct[i], 1, &temp[i])
: CCCryptorGCMEncrypt(cryptor, &v->pt[i], 1, &temp[i]));
}
#else
st = (dec ? CCCryptorGCMDecrypt(cryptor, v->ct, v->ptlen, temp)
: CCCryptorGCMEncrypt(cryptor, v->pt, v->ptlen, temp));
#endif
st = CCCryptorGCMFinal(cryptor, temptag, &taglen);
CCCryptorRelease(cryptor);
#ifdef _INTERNAL_DEBUG_
int r1, r2;
r1 = memcmp(dec ? v->pt : v->ct, temp, v->ptlen);
r2 = memcmp(v->tag, temptag, v->taglen);
if (r1 || r2)
cc_printf("ivlen: %lu adalen: %lu nbytes: %lu taglen: %lu crypt: %d tag: %d\n",
v->ivlen, v->adalen, v->ptlen, v->taglen, r1, r2);
return r1 != 0 ? r1 : r2;
#else
return memcmp(dec ? v->pt : v->ct, temp, v->ptlen) || memcmp(v->tag, temptag, v->taglen);
#endif
#else
if (dec)
return ccmode_gcm_test_one_chained(gcm, v->keylen, v->key, v->ivlen, v->iv, v->adalen, v->ada, v->ptlen, v->ct, v->pt, v->taglen, v->tag);
else
return ccmode_gcm_test_one_chained(gcm, v->keylen, v->key, v->ivlen, v->iv, v->adalen, v->ada, v->ptlen, v->pt, v->ct, v->taglen, v->tag);
#endif
}
void AES_CTR_Cipher_CommonCrypto::InitDecryptor_Internal()
{
CCCryptorStatus status = CCCryptorCreateWithMode(kCCDecrypt, kCCModeCTR, kCCAlgorithmAES, ccNoPadding,
m_initializationVector.GetUnderlyingData(), m_key.GetUnderlyingData(), m_key.GetLength(),
nullptr, 0, 0, kCCModeOptionCTR_BE, &m_cryptoHandle);
if (status != kCCSuccess)
{
m_failure = true;
AWS_LOGSTREAM_ERROR(CTR_CC_LOG_TAG, "Error while initializing AES 256 CTR in Encryption mode. Status code: " << status);
}
}
static int
aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
{
CCCryptorStatus r;
ctx->key_len = key_len;
memcpy(ctx->key, key, key_len);
memset(ctx->nonce, 0, sizeof(ctx->nonce));
ctx->encr_pos = AES_BLOCK_SIZE;
r = CCCryptorCreateWithMode(kCCEncrypt, kCCModeECB, kCCAlgorithmAES,
ccNoPadding, NULL, key, key_len, NULL, 0, 0, 0, &ctx->ctx);
return (r == kCCSuccess)? 0: -1;
}
int32_t AppleCryptoNative_CryptorCreate(PAL_SymmetricOperation operation,
PAL_SymmetricAlgorithm algorithm,
PAL_ChainingMode chainingMode,
PAL_PaddingMode paddingMode,
const uint8_t* pbKey,
int32_t cbKey,
const uint8_t* pbIv,
PAL_SymmetricOptions options,
CCCryptorRef* ppCryptorOut,
int32_t* pccStatus)
{
if (pccStatus == NULL)
return -1;
*pccStatus = 0;
if (pbKey == NULL || cbKey < 1 || ppCryptorOut == NULL)
return -1;
if (pbIv == NULL && chainingMode != PAL_ChainingModeECB)
return -1;
// Ensure we aren't passing through things we don't understand
assert(operation == PAL_OperationEncrypt || operation == PAL_OperationDecrypt);
assert(algorithm == PAL_AlgorithmAES || algorithm == PAL_AlgorithmDES || algorithm == PAL_Algorithm3DES ||
algorithm == PAL_AlgorithmRC2);
assert(chainingMode == PAL_ChainingModeECB || chainingMode == PAL_ChainingModeCBC);
assert(paddingMode == PAL_PaddingModeNone || paddingMode == PAL_PaddingModePkcs7);
assert(options == 0);
CCStatus status = CCCryptorCreateWithMode(operation,
chainingMode,
algorithm,
paddingMode,
pbIv,
pbKey,
(size_t)cbKey,
/* tweak is not supported */ NULL,
0,
/* numRounds is not supported */ 0,
options,
ppCryptorOut);
*pccStatus = status;
return status == kCCSuccess;
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void CastContext::init(
const Context &context,
bool encrypting)
{
if(mInitFlag && !opStarted()) {
return;
}
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
bool sameKeySize = false;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_CAST,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < kCCKeySizeMinCAST) || (keyLen > kCCKeySizeMaxCAST)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Delete existing key if key size changed
*/
if(mRawKeySize == keyLen) {
sameKeySize = true;
}
else {
deleteKey();
}
/* init key only if key size or key bits have changed */
if(!sameKeySize || memcmp(mRawKey, keyData, mRawKeySize)) {
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmCAST, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mCastKey);
/* save this raw key data */
memmove(mRawKey, keyData, keyLen);
mRawKeySize = (uint32)keyLen;
}
/* Finally, have BlockCryptor do its setup */
setup(kCCBlockSizeCAST, context);
mInitFlag = true;
}
int Crypto::CipherOpen(Cipher x, CipherAlgo algo, bool dir, const StringPiece &key, const StringPiece &IV, int, int) {
bool ctr = false, ecb = false;
auto c = FromVoid<CCCipher*>(x);
switch((c->algo = size_t(algo.get()))) {
case CCCipherAlgo::AES128_CTR: c->ccalgo = kCCAlgorithmAES; ctr = true; break;
case CCCipherAlgo::AES128_CBC: c->ccalgo = kCCAlgorithmAES; break;
case CCCipherAlgo::AES256_CBC: c->ccalgo = kCCAlgorithmAES; break;
case CCCipherAlgo::TripDES_CBC: c->ccalgo = kCCAlgorithm3DES; break;
case CCCipherAlgo::DES_CBC: c->ccalgo = kCCAlgorithmDES; break;
case CCCipherAlgo::DES_ECB: c->ccalgo = kCCAlgorithmDES; ecb = true; break;
case CCCipherAlgo::Blowfish_CBC: c->ccalgo = kCCAlgorithmBlowfish; break;
case CCCipherAlgo::RC4: c->ccalgo = kCCAlgorithmRC4; break;
default: return -1;
}
int mode = (size_t(algo.get()) == CCCipherAlgo::RC4) ? kCCModeRC4 :
(ctr ? kCCModeCTR : (ecb ? kCCModeECB : kCCModeCBC));
return CCCryptorCreateWithMode
(dir ? kCCEncrypt : kCCDecrypt, mode, c->ccalgo, 0, IV.data(), key.data(), key.size(), 0, 0, 0,
(ctr ? kCCModeOptionCTR_BE : 0), &c->ctx) == kCCSuccess;
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void RC4Context::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_RC4,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if((keyLen < kCCKeySizeMinRC4) || (keyLen > kCCKeySizeMaxRC4)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/* All other context attributes ignored */
/* init the low-level state */
(void) CCCryptorCreateWithMode(0, kCCModeRC4, kCCAlgorithmRC4, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &rc4Key);
}
OSStatus
AES_GCM_Init(
AES_GCM_Context * inContext,
const uint8_t inKey[ kAES_CGM_Size ],
const uint8_t inNonce[ kAES_CGM_Size ] )
{
OSStatus err;
#if( AES_UTILS_HAS_COMMON_CRYPTO_GCM )
err = CCCryptorCreateWithMode( kCCEncrypt, kCCModeGCM, kCCAlgorithmAES128, ccNoPadding, NULL,
inKey, kAES_CGM_Size, NULL, 0, 0, 0, &inContext->cryptor );
require_noerr( err, exit );
#elif( AES_UTILS_HAS_GLADMAN_GCM )
err = gcm_init_and_key( inKey, kAES_CGM_Size, &inContext->ctx );
require_noerr( err, exit );
#else
#error "GCM enabled, but no implementation?"
#endif
if( inNonce ) memcpy( inContext->nonce, inNonce, kAES_CGM_Size );
exit:
return( err );
}
void cipher_context_set_iv(cipher_ctx_t *ctx, uint8_t *iv, size_t iv_len,
int enc)
{
const unsigned char *true_key;
if (iv == NULL) {
LOGE("cipher_context_set_iv(): IV is null");
return;
}
if (!enc) {
memcpy(ctx->iv, iv, iv_len);
}
if (enc_method >= SALSA20) {
return;
}
if (enc_method == RC4_MD5) {
unsigned char key_iv[32];
memcpy(key_iv, enc_key, 16);
memcpy(key_iv + 16, iv, 16);
true_key = enc_md5(key_iv, 32, NULL);
iv_len = 0;
} else {
true_key = enc_key;
}
#ifdef USE_CRYPTO_APPLECC
cipher_cc_t *cc = &ctx->cc;
if (cc->valid == kCCContextValid) {
memcpy(cc->iv, iv, iv_len);
memcpy(cc->key, true_key, enc_key_len);
cc->iv_len = iv_len;
cc->key_len = enc_key_len;
cc->encrypt = enc ? kCCEncrypt : kCCDecrypt;
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
CCCryptorStatus ret;
ret = CCCryptorCreateWithMode(
cc->encrypt,
cc->mode,
cc->cipher,
cc->padding,
cc->iv, cc->key, cc->key_len,
NULL, 0, 0, 0,
&cc->cryptor);
if (ret != kCCSuccess) {
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
FATAL("Cannot set CommonCrypto key and IV");
}
return;
}
#endif
cipher_evp_t *evp = &ctx->evp;
if (evp == NULL) {
LOGE("cipher_context_set_iv(): Cipher context is null");
return;
}
#if defined(USE_CRYPTO_OPENSSL)
if (!EVP_CipherInit_ex(evp, NULL, NULL, true_key, iv, enc)) {
EVP_CIPHER_CTX_cleanup(evp);
FATAL("Cannot set key and IV");
}
#elif defined(USE_CRYPTO_POLARSSL)
// XXX: PolarSSL 1.3.11: cipher_free_ctx deprecated, Use cipher_free() instead.
if (cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher key");
}
#if POLARSSL_VERSION_NUMBER >= 0x01030000
if (cipher_set_iv(evp, iv, iv_len) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
if (cipher_reset(evp) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot finalize PolarSSL cipher context");
}
#else
if (cipher_reset(evp, iv) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
#endif
#elif defined(USE_CRYPTO_MBEDTLS)
if (mbedtls_cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_set_iv(evp, iv, iv_len) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher IV");
}
if (mbedtls_cipher_reset(evp) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot finalize mbed TLS cipher context");
}
#endif
#ifdef DEBUG
dump("IV", (char *)iv, iv_len);
#endif
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt. Even reusable after context
* changed (i.e., new IV in Encrypted File System).
*/
void GAESContext::init(
const Context &context,
bool encrypting)
{
if(mInitFlag && !opStarted()) {
return;
}
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
bool sameKeySize = false;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_AES,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
switch(keyLen) {
case kCCKeySizeAES128:
case kCCKeySizeAES192:
case kCCKeySizeAES256:
break;
default:
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
/*
* Delete existing key if key size changed
*/
if(mRawKeySize == keyLen) {
sameKeySize = true;
}
else {
deleteKey();
}
/*
* Init key only if key size or key bits have changed, or
* we're doing a different operation than the previous key
* was scheduled for.
*/
if(!sameKeySize || (mWasEncrypting != encrypting) ||
memcmp(mRawKey, keyData, mRawKeySize)) {
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmAES128, ccDefaultPadding, NULL, keyData, keyLen, NULL, 0, 0, 0, &mAesKey);
/* save this raw key data */
memmove(mRawKey, keyData, keyLen);
mRawKeySize = keyLen;
mWasEncrypting = encrypting;
}
/* we handle CBC, and hence the IV, ourselves */
CSSM_ENCRYPT_MODE cssmMode = context.getInt(CSSM_ATTRIBUTE_MODE);
switch (cssmMode) {
/* no mode attr --> 0 == CSSM_ALGMODE_NONE, not currently supported */
case CSSM_ALGMODE_CBCPadIV8:
case CSSM_ALGMODE_CBC_IV8:
{
CssmData *iv = context.get<CssmData>(CSSM_ATTRIBUTE_INIT_VECTOR);
if(iv == NULL) {
CssmError::throwMe(CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR);
}
if(iv->Length != kCCBlockSizeAES128) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR);
}
}
break;
default:
break;
}
/* Finally, have BlockCryptor do its setup */
setup(GLADMAN_BLOCK_SIZE_BYTES, context);
mInitFlag = true;
}
