1cdf63a70SMartin Matuska /*- 2cdf63a70SMartin Matuska * Copyright (c) 2014 Michihiro NAKAJIMA 3cdf63a70SMartin Matuska * All rights reserved. 4cdf63a70SMartin Matuska * 5cdf63a70SMartin Matuska * Redistribution and use in source and binary forms, with or without 6cdf63a70SMartin Matuska * modification, are permitted provided that the following conditions 7cdf63a70SMartin Matuska * are met: 8cdf63a70SMartin Matuska * 1. Redistributions of source code must retain the above copyright 9cdf63a70SMartin Matuska * notice, this list of conditions and the following disclaimer. 10cdf63a70SMartin Matuska * 2. Redistributions in binary form must reproduce the above copyright 11cdf63a70SMartin Matuska * notice, this list of conditions and the following disclaimer in the 12cdf63a70SMartin Matuska * documentation and/or other materials provided with the distribution. 13cdf63a70SMartin Matuska * 14cdf63a70SMartin Matuska * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15cdf63a70SMartin Matuska * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16cdf63a70SMartin Matuska * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17cdf63a70SMartin Matuska * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18cdf63a70SMartin Matuska * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19cdf63a70SMartin Matuska * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20cdf63a70SMartin Matuska * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21cdf63a70SMartin Matuska * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22cdf63a70SMartin Matuska * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23cdf63a70SMartin Matuska * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24cdf63a70SMartin Matuska */ 25cdf63a70SMartin Matuska 26cdf63a70SMartin Matuska #ifndef ARCHIVE_CRYPTOR_PRIVATE_H_INCLUDED 27cdf63a70SMartin Matuska #define ARCHIVE_CRYPTOR_PRIVATE_H_INCLUDED 28cdf63a70SMartin Matuska 29f9762417SMartin Matuska #ifndef __LIBARCHIVE_BUILD 30f9762417SMartin Matuska #error This header is only to be used internally to libarchive. 31f9762417SMartin Matuska #endif 32cdf63a70SMartin Matuska /* 33cdf63a70SMartin Matuska * On systems that do not support any recognized crypto libraries, 34cdf63a70SMartin Matuska * the archive_cryptor.c file will normally define no usable symbols. 35cdf63a70SMartin Matuska * 36cdf63a70SMartin Matuska * But some compilers and linkers choke on empty object files, so 37cdf63a70SMartin Matuska * define a public symbol that will always exist. This could 38cdf63a70SMartin Matuska * be removed someday if this file gains another always-present 39cdf63a70SMartin Matuska * symbol definition. 40cdf63a70SMartin Matuska */ 41cdf63a70SMartin Matuska int __libarchive_cryptor_build_hack(void); 42cdf63a70SMartin Matuska 43cdf63a70SMartin Matuska #ifdef __APPLE__ 44cdf63a70SMartin Matuska # include <AvailabilityMacros.h> 45cdf63a70SMartin Matuska # if MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 46cdf63a70SMartin Matuska # define ARCHIVE_CRYPTOR_USE_Apple_CommonCrypto 47cdf63a70SMartin Matuska # endif 48cdf63a70SMartin Matuska #endif 49cdf63a70SMartin Matuska 50cdf63a70SMartin Matuska #ifdef ARCHIVE_CRYPTOR_USE_Apple_CommonCrypto 51cdf63a70SMartin Matuska #include <CommonCrypto/CommonCryptor.h> 52cdf63a70SMartin Matuska #include <CommonCrypto/CommonKeyDerivation.h> 53cdf63a70SMartin Matuska #define AES_BLOCK_SIZE 16 54cdf63a70SMartin Matuska #define AES_MAX_KEY_SIZE kCCKeySizeAES256 55cdf63a70SMartin Matuska 56cdf63a70SMartin Matuska typedef struct { 57cdf63a70SMartin Matuska CCCryptorRef ctx; 58cdf63a70SMartin Matuska uint8_t key[AES_MAX_KEY_SIZE]; 59cdf63a70SMartin Matuska unsigned key_len; 60cdf63a70SMartin Matuska uint8_t nonce[AES_BLOCK_SIZE]; 61cdf63a70SMartin Matuska uint8_t encr_buf[AES_BLOCK_SIZE]; 62cdf63a70SMartin Matuska unsigned encr_pos; 63cdf63a70SMartin Matuska } archive_crypto_ctx; 64cdf63a70SMartin Matuska 65cdf63a70SMartin Matuska #elif defined(_WIN32) && !defined(__CYGWIN__) && defined(HAVE_BCRYPT_H) 66a758cabbSMartin Matuska #include <bcrypt.h> 67cdf63a70SMartin Matuska 68cdf63a70SMartin Matuska /* Common in other bcrypt implementations, but missing from VS2008. */ 69cdf63a70SMartin Matuska #ifndef BCRYPT_SUCCESS 70cdf63a70SMartin Matuska #define BCRYPT_SUCCESS(r) ((NTSTATUS)(r) == STATUS_SUCCESS) 71cdf63a70SMartin Matuska #endif 72cdf63a70SMartin Matuska 73cdf63a70SMartin Matuska #define AES_MAX_KEY_SIZE 32 74cdf63a70SMartin Matuska #define AES_BLOCK_SIZE 16 75cdf63a70SMartin Matuska typedef struct { 76cdf63a70SMartin Matuska BCRYPT_ALG_HANDLE hAlg; 77cdf63a70SMartin Matuska BCRYPT_KEY_HANDLE hKey; 78cdf63a70SMartin Matuska PBYTE keyObj; 79cdf63a70SMartin Matuska DWORD keyObj_len; 80cdf63a70SMartin Matuska uint8_t nonce[AES_BLOCK_SIZE]; 81cdf63a70SMartin Matuska uint8_t encr_buf[AES_BLOCK_SIZE]; 82cdf63a70SMartin Matuska unsigned encr_pos; 83cdf63a70SMartin Matuska } archive_crypto_ctx; 84cdf63a70SMartin Matuska 855ee98676SMartin Matuska #elif defined(HAVE_LIBMBEDCRYPTO) && defined(HAVE_MBEDTLS_AES_H) 865ee98676SMartin Matuska #include <mbedtls/aes.h> 875ee98676SMartin Matuska #include <mbedtls/md.h> 885ee98676SMartin Matuska #include <mbedtls/pkcs5.h> 895ee98676SMartin Matuska 905ee98676SMartin Matuska #define AES_MAX_KEY_SIZE 32 915ee98676SMartin Matuska #define AES_BLOCK_SIZE 16 925ee98676SMartin Matuska 935ee98676SMartin Matuska typedef struct { 945ee98676SMartin Matuska mbedtls_aes_context ctx; 955ee98676SMartin Matuska uint8_t key[AES_MAX_KEY_SIZE]; 965ee98676SMartin Matuska unsigned key_len; 975ee98676SMartin Matuska uint8_t nonce[AES_BLOCK_SIZE]; 985ee98676SMartin Matuska uint8_t encr_buf[AES_BLOCK_SIZE]; 995ee98676SMartin Matuska unsigned encr_pos; 1005ee98676SMartin Matuska } archive_crypto_ctx; 1015ee98676SMartin Matuska 102cdf63a70SMartin Matuska #elif defined(HAVE_LIBNETTLE) && defined(HAVE_NETTLE_AES_H) 103cdf63a70SMartin Matuska #if defined(HAVE_NETTLE_PBKDF2_H) 104cdf63a70SMartin Matuska #include <nettle/pbkdf2.h> 105cdf63a70SMartin Matuska #endif 106cdf63a70SMartin Matuska #include <nettle/aes.h> 107*c3afd20fSMartin Matuska #include <nettle/version.h> 108cdf63a70SMartin Matuska 109cdf63a70SMartin Matuska typedef struct { 110*c3afd20fSMartin Matuska #if NETTLE_VERSION_MAJOR < 3 111cdf63a70SMartin Matuska struct aes_ctx ctx; 112*c3afd20fSMartin Matuska #else 113*c3afd20fSMartin Matuska union { 114*c3afd20fSMartin Matuska struct aes128_ctx c128; 115*c3afd20fSMartin Matuska struct aes192_ctx c192; 116*c3afd20fSMartin Matuska struct aes256_ctx c256; 117*c3afd20fSMartin Matuska } ctx; 118*c3afd20fSMartin Matuska #endif 119cdf63a70SMartin Matuska uint8_t key[AES_MAX_KEY_SIZE]; 120cdf63a70SMartin Matuska unsigned key_len; 121cdf63a70SMartin Matuska uint8_t nonce[AES_BLOCK_SIZE]; 122cdf63a70SMartin Matuska uint8_t encr_buf[AES_BLOCK_SIZE]; 123cdf63a70SMartin Matuska unsigned encr_pos; 124cdf63a70SMartin Matuska } archive_crypto_ctx; 125cdf63a70SMartin Matuska 126cdf63a70SMartin Matuska #elif defined(HAVE_LIBCRYPTO) 1276a414569SMartin Matuska #include "archive_openssl_evp_private.h" 128cdf63a70SMartin Matuska #define AES_BLOCK_SIZE 16 129cdf63a70SMartin Matuska #define AES_MAX_KEY_SIZE 32 130cdf63a70SMartin Matuska 131cdf63a70SMartin Matuska typedef struct { 1326a414569SMartin Matuska EVP_CIPHER_CTX *ctx; 133cdf63a70SMartin Matuska const EVP_CIPHER *type; 134cdf63a70SMartin Matuska uint8_t key[AES_MAX_KEY_SIZE]; 135cdf63a70SMartin Matuska unsigned key_len; 136cdf63a70SMartin Matuska uint8_t nonce[AES_BLOCK_SIZE]; 137cdf63a70SMartin Matuska uint8_t encr_buf[AES_BLOCK_SIZE]; 138cdf63a70SMartin Matuska unsigned encr_pos; 139cdf63a70SMartin Matuska } archive_crypto_ctx; 140cdf63a70SMartin Matuska 141cdf63a70SMartin Matuska #else 142cdf63a70SMartin Matuska 143cdf63a70SMartin Matuska #define AES_BLOCK_SIZE 16 144cdf63a70SMartin Matuska #define AES_MAX_KEY_SIZE 32 145cdf63a70SMartin Matuska typedef int archive_crypto_ctx; 146cdf63a70SMartin Matuska 147cdf63a70SMartin Matuska #endif 148cdf63a70SMartin Matuska 149cdf63a70SMartin Matuska /* defines */ 150cdf63a70SMartin Matuska #define archive_pbkdf2_sha1(pw, pw_len, salt, salt_len, rounds, dk, dk_len)\ 151cdf63a70SMartin Matuska __archive_cryptor.pbkdf2sha1(pw, pw_len, salt, salt_len, rounds, dk, dk_len) 152cdf63a70SMartin Matuska 153cdf63a70SMartin Matuska #define archive_decrypto_aes_ctr_init(ctx, key, key_len) \ 154cdf63a70SMartin Matuska __archive_cryptor.decrypto_aes_ctr_init(ctx, key, key_len) 155cdf63a70SMartin Matuska #define archive_decrypto_aes_ctr_update(ctx, in, in_len, out, out_len) \ 156cdf63a70SMartin Matuska __archive_cryptor.decrypto_aes_ctr_update(ctx, in, in_len, out, out_len) 157cdf63a70SMartin Matuska #define archive_decrypto_aes_ctr_release(ctx) \ 158cdf63a70SMartin Matuska __archive_cryptor.decrypto_aes_ctr_release(ctx) 159cdf63a70SMartin Matuska 160cdf63a70SMartin Matuska #define archive_encrypto_aes_ctr_init(ctx, key, key_len) \ 161cdf63a70SMartin Matuska __archive_cryptor.encrypto_aes_ctr_init(ctx, key, key_len) 162cdf63a70SMartin Matuska #define archive_encrypto_aes_ctr_update(ctx, in, in_len, out, out_len) \ 163cdf63a70SMartin Matuska __archive_cryptor.encrypto_aes_ctr_update(ctx, in, in_len, out, out_len) 164cdf63a70SMartin Matuska #define archive_encrypto_aes_ctr_release(ctx) \ 165cdf63a70SMartin Matuska __archive_cryptor.encrypto_aes_ctr_release(ctx) 166cdf63a70SMartin Matuska 167cdf63a70SMartin Matuska /* Minimal interface to cryptographic functionality for internal use in 168cdf63a70SMartin Matuska * libarchive */ 169cdf63a70SMartin Matuska struct archive_cryptor 170cdf63a70SMartin Matuska { 171cdf63a70SMartin Matuska /* PKCS5 PBKDF2 HMAC-SHA1 */ 172cdf63a70SMartin Matuska int (*pbkdf2sha1)(const char *pw, size_t pw_len, const uint8_t *salt, 173cdf63a70SMartin Matuska size_t salt_len, unsigned rounds, uint8_t *derived_key, 174cdf63a70SMartin Matuska size_t derived_key_len); 175cdf63a70SMartin Matuska /* AES CTR mode(little endian version) */ 176cdf63a70SMartin Matuska int (*decrypto_aes_ctr_init)(archive_crypto_ctx *, const uint8_t *, size_t); 177cdf63a70SMartin Matuska int (*decrypto_aes_ctr_update)(archive_crypto_ctx *, const uint8_t *, 178cdf63a70SMartin Matuska size_t, uint8_t *, size_t *); 179cdf63a70SMartin Matuska int (*decrypto_aes_ctr_release)(archive_crypto_ctx *); 180cdf63a70SMartin Matuska int (*encrypto_aes_ctr_init)(archive_crypto_ctx *, const uint8_t *, size_t); 181cdf63a70SMartin Matuska int (*encrypto_aes_ctr_update)(archive_crypto_ctx *, const uint8_t *, 182cdf63a70SMartin Matuska size_t, uint8_t *, size_t *); 183cdf63a70SMartin Matuska int (*encrypto_aes_ctr_release)(archive_crypto_ctx *); 184cdf63a70SMartin Matuska }; 185cdf63a70SMartin Matuska 186cdf63a70SMartin Matuska extern const struct archive_cryptor __archive_cryptor; 187cdf63a70SMartin Matuska 188cdf63a70SMartin Matuska #endif 189