static void _wi_cipher_dealloc(wi_runtime_instance_t *instance) {
wi_cipher_t *cipher = instance;
#ifdef WI_CIPHER_OPENSSL
EVP_CIPHER_CTX_cleanup(&cipher->encrypt_ctx);
EVP_CIPHER_CTX_cleanup(&cipher->decrypt_ctx);
#endif
#ifdef WI_CIPHER_COMMONCRYPTO
CCCryptorRelease(cipher->encrypt_ref);
CCCryptorRelease(cipher->decrypt_ref);
#endif
wi_release(cipher->key);
wi_release(cipher->iv);
}
CCCryptorStatus
CCCryptWithMode(CCOperation op, CCMode mode, CCAlgorithm alg, CCPadding padding, const void *iv,
const void *key, size_t keyLength, const void *tweak, size_t tweakLength,
int numRounds, CCModeOptions options,
const void *dataIn, size_t dataInLength,
void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved)
#ifdef CRYPTORWITHMODE
{
CCCryptorRef cref;
CCCryptorStatus retval;
size_t moved;
if((retval = CCCryptorCreateWithMode(op, mode, alg, padding, iv, key, keyLength, tweak, tweakLength, numRounds, options, &cref)) != kCCSuccess) {
return retval;
}
if((retval = CCCryptorUpdate(cref, dataIn, dataInLength, dataOut, dataOutAvailable, &moved)) != kCCSuccess) {
return retval;
}
dataOut += moved;
dataOutAvailable -= moved;
*dataOutMoved = moved;
if((retval = CCCryptorFinal(cref, dataOut, dataOutAvailable, &moved)) != kCCSuccess) {
return retval;
}
*dataOutMoved += moved;
CCCryptorRelease(cref);
return kCCSuccess;
}
static void AES_Operation(CCOperation operation, void* key, size_t keySize,
FILE *fpInput, FILE *fpOutput)
{
CCCryptorRef cryptorRef;
CCCryptorStatus rc;
rc = CCCryptorCreate(operation, kCCAlgorithmAES128, 0, key, keySize, NULL, &cryptorRef);
assert(rc == kCCSuccess);
char rawData[128/8];
size_t bytesRead;
while((bytesRead = fread(rawData, 1, sizeof(rawData), fpInput)) > 0)
{
char convertedData[128/8];
size_t dataOutMoved;
if(bytesRead < sizeof(rawData))
bzero(&rawData[bytesRead], sizeof(rawData) - bytesRead);
rc = CCCryptorUpdate(cryptorRef, rawData, sizeof(rawData), convertedData, sizeof(convertedData), &dataOutMoved);
assert(rc == kCCSuccess);
//assert(dataOutMoved == sizeof(convertedData));
if(dataOutMoved != sizeof(convertedData))
printf("Data out moved (%d) != converted (%d)\n", dataOutMoved, convertedData);
if(dataOutMoved > 0)
fwrite(convertedData, dataOutMoved, 1, fpOutput);
}
CCCryptorRelease(cryptorRef);
}
void crypt_aes_destroy(crypt_aes_p d) {
CCCryptorRelease(d->cryptor);
free(d);
}
RC4Context::~RC4Context()
{
if (rc4Key != NULL) {
CCCryptorRelease(rc4Key);
}
rc4Key = NULL;
}
void AES_ECB_Final( AES_ECB_Context *inContext )
{
#if( AES_UTILS_USE_COMMON_CRYPTO )
if( inContext->cryptor ) CCCryptorRelease( inContext->cryptor );
#endif
memset( inContext, 0, sizeof( *inContext ) ); // Clear sensitive data.
}
/*
* Standard CSPContext init, called from CSPFullPluginSession::init().
* Reusable, e.g., query followed by en/decrypt.
*/
void DESContext::init(
const Context &context,
bool encrypting)
{
CSSM_SIZE keyLen;
uint8 *keyData = NULL;
/* obtain key from context */
symmetricKeyBits(context, session(), CSSM_ALGID_DES,
encrypting ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT,
keyData, keyLen);
if(keyLen != (DES_KEY_SIZE_BITS_EXTERNAL / 8)) {
CssmError::throwMe(CSSMERR_CSP_INVALID_ATTR_KEY);
}
if (DesInst != NULL)
{
CCCryptorRelease(DesInst);
}
(void) CCCryptorCreateWithMode(0, kCCModeECB, kCCAlgorithmDES, ccDefaultPadding, NULL, keyData, kCCKeySizeDES, NULL, 0, 0, 0, &DesInst);
/* Finally, have BlockCryptor do its setup */
setup(DES_BLOCK_SIZE_BYTES, context);
}
void cipher_context_release(cipher_ctx_t *ctx)
{
if (enc_method >= SALSA20) {
return;
}
#ifdef USE_CRYPTO_APPLECC
cipher_cc_t *cc = &ctx->cc;
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
if (cc->valid == kCCContextValid) {
return;
}
#endif
cipher_evp_t *evp = &ctx->evp;
#if defined(USE_CRYPTO_OPENSSL)
EVP_CIPHER_CTX_cleanup(evp);
#elif defined(USE_CRYPTO_POLARSSL)
// NOTE: cipher_free_ctx deprecated in PolarSSL 1.3.11
cipher_free_ctx(evp);
#elif defined(USE_CRYPTO_MBEDTLS)
// NOTE: cipher_free_ctx deprecated
mbedtls_cipher_free(evp);
#endif
}
void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor)
{
if (cryptor != NULL)
{
CCCryptorRelease(cryptor);
}
}
extern "C" void AppleCryptoNative_CryptorFree(CCCryptorRef cryptor)
{
if (cryptor != nullptr)
{
CCCryptorRelease(cryptor);
}
}
CommonCryptoCipher::~CommonCryptoCipher()
{
if(m_cryptoHandle)
{
CCCryptorRelease(m_cryptoHandle);
}
}
void sln_cryptor_osx_cc_destroy(sln_cryptor_t *enc) {
selene_t *s = enc->s;
CCCryptorRef cryptor = enc->baton;
CCCryptorRelease(cryptor);
sln_free(s, enc);
}
void CastContext::deleteKey()
{
if (mCastKey != NULL) {
CCCryptorRelease(mCastKey);
}
mCastKey = NULL;
mInitFlag = false;
}
void mz_crypt_aes_reset(void *handle)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
if (aes->crypt != NULL)
CCCryptorRelease(aes->crypt);
aes->crypt = NULL;
}
DESContext::~DESContext()
{
if (DesInst != NULL) {
CCCryptorRelease(DesInst);
}
DesInst = NULL;
}
static int
cc_cleanup(EVP_CIPHER_CTX *ctx)
{
struct cc_key *cc = ctx->cipher_data;
if (cc->href)
CCCryptorRelease(cc->href);
return 1;
}
virtual bool decrypt(const byte *iv, const byte *in, byte *out, int size) {
CCCryptorRef cryptor;
CCCryptorCreateWithMode(kCCDecrypt, mode, algorithm, 0, iv, key.data(),
key.size(), NULL, 0, 0, 0, &cryptor);
size_t updateLength = 0;
CCCryptorUpdate(cryptor, in, size, out, size, &updateLength);
CCCryptorRelease(cryptor);
return true;
}
int
decryptFinal(HMACCheck hmacCheck)
{
CCCryptorStatus status;
int rv;
uint8_t hmacDigest[CC_SHA512_DIGEST_LENGTH];
status = CCCryptorFinal(cryptorRef,
compressed, sizeof(compressed), &compressedLen);
if (status != kCCSuccess) {
printf("cryptor update error\n");
return(-1);
}
status = CCCryptorRelease(cryptorRef);
if (status != kCCSuccess) {
printf("cryptor release error\n");
}
if (compressedLen) {
strm.next_in = compressed;
strm.avail_in = (uint)compressedLen;
do {
strm.next_out = bufOut;
strm.avail_out = sizeof(bufOut);
rv = inflate(&strm, Z_FINISH);
if (rv != Z_OK && rv != Z_STREAM_END && rv != Z_BUF_ERROR) {
printf("zlib error\n");
}
bufOutLen = sizeof(bufOut) - strm.avail_out;
if (bufOutLen) {
CCHmacUpdate(&hmacContextPlain, bufOut, bufOutLen);
writer(bufOut, bufOutLen);
}
} while (strm.avail_out == 0);
}
inflateEnd(&strm);
if (hmacCheck == kHmacNoCheck)
return(0);
/* CHECK */
CCHmacFinal(&hmacContext, &hmacDigest);
if (memcmp(header.hmacDigest, hmacDigest, sizeof(hmacDigest)))
printf("CRYPT CORRUPT\n");
CCHmacFinal(&hmacContextPlain, &hmacDigest);
if (memcmp(header.hmacDigestPlain, hmacDigest, sizeof(hmacDigest)))
printf("PLAIN CORRUPT\n");
return(0);
}
int
encryptFinal(void)
{
CCCryptorStatus status;
int rv;
/* finish zlib */
do {
strm.next_out = compressed;
strm.avail_out = sizeof(compressed);
rv = deflate(&strm, Z_FINISH);
if (rv != Z_OK && rv != Z_STREAM_END && rv != Z_BUF_ERROR) {
printf("zlib error %d\n", rv);
}
status = CCCryptorUpdate(cryptorRef,
compressed, sizeof(compressed) - strm.avail_out,
bufOut, sizeof(bufOut), &bufOutLen);
if (status != kCCSuccess) {
printf("cryptor update error\n");
return(-1);
}
if (bufOutLen) {
CCHmacUpdate(&hmacContext, bufOut, bufOutLen);
writer(bufOut, bufOutLen);
}
} while (strm.avail_out == 0);
deflateEnd(&strm);
status = CCCryptorFinal(cryptorRef,
bufOut, sizeof(bufOut), &bufOutLen);
if (status != kCCSuccess) {
printf("cryptor update error: %d\n", status);
}
if (bufOutLen) {
CCHmacUpdate(&hmacContext, bufOut, bufOutLen);
writer(bufOut, bufOutLen);
}
status = CCCryptorRelease(cryptorRef);
if (status != kCCSuccess) {
printf("cryptor release error\n");
}
CCHmacFinal(&hmacContext, &header.hmacDigest);
CCHmacFinal(&hmacContextPlain, &header.hmacDigestPlain);
seeker(0);
writer(&header, sizeof(header));
return(0);
}
int ccmode_gcm_test_one_vector_chained(const struct ccmode_gcm *gcm, const struct ccmode_gcm_vector *v, int dec)
{
if (v->ptlen!=v->ctlen)
return -1;
#ifdef USE_COMMONCRYPTO_GCM
unsigned char temp[v->ptlen];
unsigned char temptag[v->taglen];
CCCryptorStatus st;
size_t taglen = v->taglen;
CCCryptorRef cryptor = NULL;
st = CCCryptorCreateWithMode(dec ? kCCDecrypt : kCCEncrypt, 11 /* kCCModeGCM */, kCCAlgorithmAES128, 0, NULL, v->key, v->keylen, NULL, 0, 0, 0, &cryptor);
st = CCCryptorGCMAddIV(cryptor, v->iv, v->ivlen);
unsigned long i;
#if 0
for (i = 0; i < v->adalen; ++i) {
st = CCCryptorGCMAddADD(cryptor, &v->ada[i], 1);
}
#else
st = CCCryptorGCMAddADD(cryptor, v->ada, v->adalen);
#endif
#if 0
for (i = 0; i < v->ptlen; ++i) {
st = (dec ? CCCryptorGCMDecrypt(cryptor, &v->ct[i], 1, &temp[i])
: CCCryptorGCMEncrypt(cryptor, &v->pt[i], 1, &temp[i]));
}
#else
st = (dec ? CCCryptorGCMDecrypt(cryptor, v->ct, v->ptlen, temp)
: CCCryptorGCMEncrypt(cryptor, v->pt, v->ptlen, temp));
#endif
st = CCCryptorGCMFinal(cryptor, temptag, &taglen);
CCCryptorRelease(cryptor);
#ifdef _INTERNAL_DEBUG_
int r1, r2;
r1 = memcmp(dec ? v->pt : v->ct, temp, v->ptlen);
r2 = memcmp(v->tag, temptag, v->taglen);
if (r1 || r2)
cc_printf("ivlen: %lu adalen: %lu nbytes: %lu taglen: %lu crypt: %d tag: %d\n",
v->ivlen, v->adalen, v->ptlen, v->taglen, r1, r2);
return r1 != 0 ? r1 : r2;
#else
return memcmp(dec ? v->pt : v->ct, temp, v->ptlen) || memcmp(v->tag, temptag, v->taglen);
#endif
#else
if (dec)
return ccmode_gcm_test_one_chained(gcm, v->keylen, v->key, v->ivlen, v->iv, v->adalen, v->ada, v->ptlen, v->ct, v->pt, v->taglen, v->tag);
else
return ccmode_gcm_test_one_chained(gcm, v->keylen, v->key, v->ivlen, v->iv, v->adalen, v->ada, v->ptlen, v->pt, v->ct, v->taglen, v->tag);
#endif
}
void AES_GCM_Final( AES_GCM_Context *inContext )
{
#if( AES_UTILS_HAS_COMMON_CRYPTO_GCM )
if( inContext->cryptor ) CCCryptorRelease( inContext->cryptor );
#elif( AES_UTILS_HAS_GLADMAN_GCM )
gcm_end( &inContext->ctx );
#else
#error "GCM enabled, but no implementation?"
#endif
memset( inContext, 0, sizeof( *inContext ) ); // Clear sensitive data.
}
GAESContext::~GAESContext()
{
if(mAesKey) {
CCCryptorFinal(mAesKey,NULL,0,NULL);
CCCryptorRelease(mAesKey);
mAesKey = NULL;
}
deleteKey();
memset(mRawKey, 0, MAX_AES_KEY_BITS / 8);
mInitFlag = false;
}
void CommonCryptoCipher::Reset()
{
m_failure = false;
m_encryptionMode = false;
m_encDecInitialized = false;
if(m_cryptoHandle)
{
CCCryptorRelease(m_cryptoHandle);
}
m_cryptoHandle = nullptr;
Init();
}
static void transformAES_CBC(CCOperation operation, const CryptoAlgorithmAesCbcParams& parameters, const CryptoKeyAES& key, const CryptoOperationData& data, std::unique_ptr<PromiseWrapper> promise)
{
static_assert(sizeof(parameters.iv) == kCCBlockSizeAES128, "Initialization vector size must be the same as algorithm block size");
size_t keyLengthInBytes = key.key().size();
if (keyLengthInBytes != 16 && keyLengthInBytes != 24 && keyLengthInBytes != 32) {
promise->reject(nullptr);
return;
}
CCCryptorRef cryptor;
#if PLATFORM(IOS) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
CCAlgorithm aesAlgorithm = kCCAlgorithmAES;
#else
CCAlgorithm aesAlgorithm = kCCAlgorithmAES128;
#endif
CCCryptorStatus status = CCCryptorCreate(operation, aesAlgorithm, kCCOptionPKCS7Padding, key.key().data(), keyLengthInBytes, parameters.iv.data(), &cryptor);
if (status) {
promise->reject(nullptr);
return;
}
Vector<uint8_t> result(CCCryptorGetOutputLength(cryptor, data.second, true));
size_t bytesWritten;
status = CCCryptorUpdate(cryptor, data.first, data.second, result.data(), result.size(), &bytesWritten);
if (status) {
promise->reject(nullptr);
return;
}
uint8_t* p = result.data() + bytesWritten;
status = CCCryptorFinal(cryptor, p, result.end() - p, &bytesWritten);
p += bytesWritten;
if (status) {
promise->reject(nullptr);
return;
}
ASSERT(p <= result.end());
result.shrink(p - result.begin());
CCCryptorRelease(cryptor);
promise->fulfill(result);
}
crypto_aes_t *crypto_aes_open (const void *key,
unsigned int key_size,
const void *salt,
unsigned int salt_size)
{
unsigned char ikey[32];
crypto_aes_t *crypto;
/* Allocate Crypto AES Object */
if ((crypto = (crypto_aes_t *) malloc(sizeof(crypto_aes_t))) == NULL)
return(NULL);
if (crypto_aes_key(ikey, crypto->iv, key, key_size, salt, salt_size)) {
free(crypto);
return(NULL);
}
if (pthread_mutex_init(&(crypto->lock), NULL)) {
free(crypto);
return(NULL);
}
/* Initialize Encryption */
if (__aes_cryptor_create(&(crypto->enc), kCCEncrypt, ikey, crypto->iv)) {
pthread_mutex_destroy(&(crypto->lock));
free(crypto);
return(NULL);
}
/* Initialize Decryption */
if (__aes_cryptor_create(&(crypto->dec), kCCDecrypt, ikey, crypto->iv)) {
CCCryptorRelease(crypto->enc);
pthread_mutex_destroy(&(crypto->lock));
free(crypto);
return(NULL);
}
return(crypto);
}
void cipher_context_release(cipher_ctx_t *ctx)
{
#ifdef USE_CRYPTO_APPLECC
cipher_cc_t *cc = &ctx->cc;
if (cc->cryptor != NULL)
{
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
if (cc->valid == kCCContextValid)
{
return;
}
#endif
cipher_evp_t *evp = &ctx->evp;
#if defined(USE_CRYPTO_OPENSSL)
EVP_CIPHER_CTX_cleanup(evp);
#elif defined(USE_CRYPTO_POLARSSL)
cipher_free_ctx(evp);
#endif
}
static int
init_cc_key(int encp, CCAlgorithm alg, CCOptions opts, const void *key,
size_t keylen, const void *iv, CCCryptorRef *ref)
{
CCOperation op = encp ? kCCEncrypt : kCCDecrypt;
CCCryptorStatus ret;
if (*ref) {
if (key == NULL && iv) {
CCCryptorReset(*ref, iv);
return 1;
}
CCCryptorRelease(*ref);
}
if (key) {
ret = CCCryptorCreate(op, alg, opts, key, keylen, iv, ref);
if (ret)
return 0;
}
return 1;
}
void cipher_context_set_iv(cipher_ctx_t *ctx, uint8_t *iv, size_t iv_len,
int enc)
{
const unsigned char *true_key;
if (iv == NULL) {
LOGE("cipher_context_set_iv(): IV is null");
return;
}
if (!enc) {
memcpy(ctx->iv, iv, iv_len);
}
if (enc_method >= SALSA20) {
return;
}
if (enc_method == RC4_MD5) {
unsigned char key_iv[32];
memcpy(key_iv, enc_key, 16);
memcpy(key_iv + 16, iv, 16);
true_key = enc_md5(key_iv, 32, NULL);
iv_len = 0;
} else {
true_key = enc_key;
}
#ifdef USE_CRYPTO_APPLECC
cipher_cc_t *cc = &ctx->cc;
if (cc->valid == kCCContextValid) {
memcpy(cc->iv, iv, iv_len);
memcpy(cc->key, true_key, enc_key_len);
cc->iv_len = iv_len;
cc->key_len = enc_key_len;
cc->encrypt = enc ? kCCEncrypt : kCCDecrypt;
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
CCCryptorStatus ret;
ret = CCCryptorCreateWithMode(
cc->encrypt,
cc->mode,
cc->cipher,
cc->padding,
cc->iv, cc->key, cc->key_len,
NULL, 0, 0, 0,
&cc->cryptor);
if (ret != kCCSuccess) {
if (cc->cryptor != NULL) {
CCCryptorRelease(cc->cryptor);
cc->cryptor = NULL;
}
FATAL("Cannot set CommonCrypto key and IV");
}
return;
}
#endif
cipher_evp_t *evp = &ctx->evp;
if (evp == NULL) {
LOGE("cipher_context_set_iv(): Cipher context is null");
return;
}
#if defined(USE_CRYPTO_OPENSSL)
if (!EVP_CipherInit_ex(evp, NULL, NULL, true_key, iv, enc)) {
EVP_CIPHER_CTX_cleanup(evp);
FATAL("Cannot set key and IV");
}
#elif defined(USE_CRYPTO_POLARSSL)
// XXX: PolarSSL 1.3.11: cipher_free_ctx deprecated, Use cipher_free() instead.
if (cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher key");
}
#if POLARSSL_VERSION_NUMBER >= 0x01030000
if (cipher_set_iv(evp, iv, iv_len) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
if (cipher_reset(evp) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot finalize PolarSSL cipher context");
}
#else
if (cipher_reset(evp, iv) != 0) {
cipher_free_ctx(evp);
FATAL("Cannot set PolarSSL cipher IV");
}
#endif
#elif defined(USE_CRYPTO_MBEDTLS)
if (mbedtls_cipher_setkey(evp, true_key, enc_key_len * 8, enc) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher key");
}
if (mbedtls_cipher_set_iv(evp, iv, iv_len) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot set mbed TLS cipher IV");
}
if (mbedtls_cipher_reset(evp) != 0) {
mbedtls_cipher_free(evp);
FATAL("Cannot finalize mbed TLS cipher context");
}
#endif
#ifdef DEBUG
dump("IV", (char *)iv, iv_len);
#endif
}
/*
* Test harness for CCCryptor with lots of options.
*/
CCCryptorStatus doCCCrypt(
bool forEncrypt,
CCAlgorithm encrAlg,
bool doCbc,
bool doPadding,
const void *keyBytes, size_t keyLen,
const void *iv,
bool randUpdates,
bool inPlace, /* !doPadding only */
size_t ctxSize, /* if nonzero, we allocate ctx */
bool askOutSize,
const uint8_t *inText, size_t inTextLen,
uint8_t **outText, size_t *outTextLen) /* both returned, WE malloc */
{
CCCryptorRef cryptor = NULL;
CCCryptorStatus crtn;
CCOperation op = forEncrypt ? kCCEncrypt : kCCDecrypt;
CCOptions options = 0;
uint8_t *outBuf = NULL; /* mallocd output buffer */
uint8_t *outp; /* running ptr into outBuf */
const uint8 *inp; /* running ptr into inText */
size_t outLen; /* bytes remaining in outBuf */
size_t toMove; /* bytes remaining in inText */
size_t thisMoveOut; /* output from CCCryptUpdate()/CCCryptFinal() */
size_t outBytes; /* total bytes actually produced in outBuf */
char ctx[CC_MAX_CTX_SIZE]; /* for CCCryptorCreateFromData() */
uint8_t *textMarker = NULL; /* 8 bytes of marker here after expected end of
* output */
char *ctxMarker = NULL; /* ditto for caller-provided context */
unsigned dex;
size_t askedOutSize; /* from the lib */
size_t thisOutLen; /* dataOutAvailable we use */
if(ctxSize > CC_MAX_CTX_SIZE) {
printf("***HEY! Adjust CC_MAX_CTX_SIZE!\n");
exit(1);
}
if(!doCbc) {
options |= kCCOptionECBMode;
}
if(doPadding) {
options |= kCCOptionPKCS7Padding;
}
/* just hack this one */
outLen = inTextLen;
if(forEncrypt) {
outLen += MAX_BLOCK_SIZE;
}
outBuf = (uint8_t *)malloc(outLen + MARKER_LENGTH);
memset(outBuf, 0xEE, outLen + MARKER_LENGTH);
/* library should not touch this memory */
textMarker = outBuf + outLen;
memset(textMarker, MARKER_BYTE, MARKER_LENGTH);
/* subsequent errors to errOut: */
if(inPlace) {
memmove(outBuf, inText, inTextLen);
inp = outBuf;
}
else {
inp = inText;
}
if(!randUpdates) {
/* one shot */
if(askOutSize) {
crtn = CCCrypt(op, encrAlg, options,
keyBytes, keyLen, iv,
inp, inTextLen,
outBuf, 0, &askedOutSize);
if(crtn != kCCBufferTooSmall) {
printf("***Did not get kCCBufferTooSmall as expected\n");
printf(" alg %d inTextLen %lu cbc %d padding %d keyLen %lu\n",
(int)encrAlg, (unsigned long)inTextLen, (int)doCbc, (int)doPadding,
(unsigned long)keyLen);
printCCError("CCCrypt", crtn);
crtn = -1;
goto errOut;
}
outLen = askedOutSize;
}
crtn = CCCrypt(op, encrAlg, options,
keyBytes, keyLen, iv,
inp, inTextLen,
outBuf, outLen, &outLen);
if(crtn) {
printCCError("CCCrypt", crtn);
goto errOut;
}
*outText = outBuf;
*outTextLen = outLen;
goto errOut;
}
/* random multi updates */
if(ctxSize) {
size_t ctxSizeCreated;
if(askOutSize) {
crtn = CCCryptorCreateFromData(op, encrAlg, options,
keyBytes, keyLen, iv,
ctx, 0 /* ctxSize */,
&cryptor, &askedOutSize);
if(crtn != kCCBufferTooSmall) {
printf("***Did not get kCCBufferTooSmall as expected\n");
printCCError("CCCryptorCreateFromData", crtn);
crtn = -1;
goto errOut;
}
ctxSize = askedOutSize;
}
crtn = CCCryptorCreateFromData(op, encrAlg, options,
keyBytes, keyLen, iv,
ctx, ctxSize, &cryptor, &ctxSizeCreated);
if(crtn) {
printCCError("CCCryptorCreateFromData", crtn);
return crtn;
}
ctxMarker = ctx + ctxSizeCreated;
memset(ctxMarker, MARKER_BYTE, MARKER_LENGTH);
}
else {
crtn = CCCryptorCreate(op, encrAlg, options,
keyBytes, keyLen, iv,
&cryptor);
if(crtn) {
printCCError("CCCryptorCreate", crtn);
return crtn;
}
}
toMove = inTextLen; /* total to go */
outp = outBuf;
outBytes = 0; /* bytes actually produced in outBuf */
while(toMove) {
uint32 thisMoveIn; /* input to CCryptUpdate() */
thisMoveIn = genRand(1, toMove);
logSize(("###ptext segment len %lu\n", (unsigned long)thisMoveIn));
if(askOutSize) {
thisOutLen = CCCryptorGetOutputLength(cryptor, thisMoveIn, false);
}
else {
thisOutLen = outLen;
}
crtn = CCCryptorUpdate(cryptor, inp, thisMoveIn,
outp, thisOutLen, &thisMoveOut);
if(crtn) {
printCCError("CCCryptorUpdate", crtn);
goto errOut;
}
inp += thisMoveIn;
toMove -= thisMoveIn;
outp += thisMoveOut;
outLen -= thisMoveOut;
outBytes += thisMoveOut;
}
if(doPadding) {
/* Final is not needed if padding is disabled */
if(askOutSize) {
thisOutLen = CCCryptorGetOutputLength(cryptor, 0, true);
}
else {
thisOutLen = outLen;
}
crtn = CCCryptorFinal(cryptor, outp, thisOutLen, &thisMoveOut);
}
else {
thisMoveOut = 0;
crtn = kCCSuccess;
}
if(crtn) {
printCCError("CCCryptorFinal", crtn);
goto errOut;
}
outBytes += thisMoveOut;
*outText = outBuf;
*outTextLen = outBytes;
crtn = kCCSuccess;
for(dex=0; dex<MARKER_LENGTH; dex++) {
if(textMarker[dex] != MARKER_BYTE) {
printf("***lib scribbled on our textMarker memory (op=%s)!\n",
forEncrypt ? "encrypt" : "decrypt");
crtn = (CCCryptorStatus)-1;
}
}
if(ctxSize) {
for(dex=0; dex<MARKER_LENGTH; dex++) {
if(ctxMarker[dex] != MARKER_BYTE) {
printf("***lib scribbled on our ctxMarker memory (op=%s)!\n",
forEncrypt ? "encrypt" : "decrypt");
crtn = (CCCryptorStatus)-1;
}
}
}
errOut:
if(crtn) {
if(outBuf) {
free(outBuf);
}
}
if(cryptor) {
CCCryptorRelease(cryptor);
}
return crtn;
}
U8_EXPORT ssize_t u8_cryptic
(int do_encrypt,const char *cname,
const unsigned char *key,int keylen,
const unsigned char *iv,int ivlen,
u8_block_reader reader,u8_block_writer writer,
void *readstate,void *writestate,
u8_context caller)
{
if (strncasecmp(cname,"rsa",3)==0) {
u8_seterr(_("RSA support NYI"),"u8_cryptic/CommonCrypto",u8_strdup(cname));
return -1;}
else {
CCCryptorRef ctx;
CCOptions options=0;
ssize_t inlen, outlen, totalin=0, totalout=0, retval=0;
unsigned char inbuf[1024], outbuf[1024];
struct U8_CCCIPHER *cipher=get_cipher(cname);
if (cipher) {
size_t blocksize=cipher->cc_blocksize;
ssize_t needivlen=cipher->cc_ivlen;
if (!((keylen<=cipher->cc_keymax)&&(keylen>=cipher->cc_keymin)))
return u8_reterr(u8_BadCryptoKey,
((caller)?(caller):((u8_context)"u8_cryptic")),
u8_mkstring("%d!=[%d,%d](%s)",keylen,
cipher->cc_keymin,cipher->cc_keymax,
cname));
if ((needivlen)&&(ivlen!=needivlen))
return u8_reterr(u8_BadCryptoIV,
((caller)?(caller):(COMMONCRYPTO_CRYPTIC)),
u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname));
if (needivlen==0) iv=NULL;
memset(&ctx,0,sizeof(ctx));
CCCryptorStatus status=CCCryptorCreate
(((do_encrypt)? (kCCEncrypt) : (kCCDecrypt)),
cipher->cc_algorithm,cipher->cc_opts,key,keylen,iv,&ctx);
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
" %s cipher=%s, keylen=%d/[%d,%d], ivlen=%d, blocksize=%d\n",
((do_encrypt)?("encrypt"):("decrypt")),
cname,keylen,cipher->cc_keymin,cipher->cc_keymax,
ivlen,blocksize);
while (1) {
inlen = reader(inbuf,blocksize,readstate);
if (inlen <= 0) {
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"Finished %s(%s) with %ld in, %ld out",
((do_encrypt)?("encrypt"):("decrypt")),cname,
totalin,totalout);
break;}
if ((status=CCCryptorUpdate(ctx,inbuf,inlen,outbuf,1024,&outlen))
!=kCCSuccess) {
CCCryptorRelease(ctx);
return u8_reterr(u8_InternalCryptoError,
((caller)?(caller):((u8_context)"u8_cryptic")),
NULL);}
else {
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"%s(%s) consumed %d/%ld bytes, emitted %d/%ld bytes"
" in=<%v>\n out=<%v>",
((do_encrypt)?("encrypt"):("decrypt")),cname,
inlen,totalin,outlen,totalout+outlen,
inbuf,inlen,outbuf,outlen);
writer(outbuf,outlen,writestate);
totalout=totalout+outlen;}}
if ((status=CCCryptorFinal(ctx,outbuf,1024,&outlen))!=kCCSuccess) {
CCCryptorRelease(ctx);
return u8_reterr(u8_InternalCryptoError,
((caller)?(caller):((u8_context)"u8_cryptic")),
NULL);}
else {
writer(outbuf,outlen,writestate);
u8_log(CRYPTO_LOGLEVEL,COMMONCRYPTO_CRYPTIC,
"%s(%s) done after consuming %ld/%ld bytes, emitting %ld/%ld bytes"
"\n final out=<%v>",
((do_encrypt)?("encrypt"):("decrypt")),cname,
inlen,totalin,outlen,totalout+outlen,
outbuf,outlen);
CCCryptorRelease(ctx);
totalout=totalout+outlen;
return totalout;}}
else return u8_reterr("Unknown cipher",
((caller)?(caller):((u8_context)"u8_cryptic")),
u8_strdup(cname));
}
}
