Some PearlCryptUtils fixes.

[FIXED]     PearlCryptUtils: Allocate a result buffer of the correct
            size.
[UPDATED]   Don't use ECB by default, CBC is safer.
[ADDED]     Ability to pass in crypt options.

Pearl-Crypto/PearlCryptUtils.h

@@ -32,7 +32,7 @@
 #define PearlCryptKeySize       kCCKeySizeAES128
 #endif
 #ifndef PearlCryptBlockSize
-#define PearlCryptBlockSize     8
+#define PearlCryptBlockSize     kCCBlockSizeAES128
 #endif
 
 NSString *NSStringFromCCCryptorStatus(CCCryptorStatus status);
@@ -41,21 +41,30 @@ NSString *NSStringFromErrSec(OSStatus status);
 @interface NSString (PearlCryptUtils)
 
 /** Encrypt this plain-text string object with the given key. */
-- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding;
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding;
+
+/** Encrypt this plain-text string object with the given key and options. */
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options;
 
 @end
 
 @interface NSData (PearlCryptUtils)
 
 /** Encrypt this plain-data object using the given key, yielding an encrypted-data object. */
-- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding;
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding;
+
+/** Encrypt this plain-data object using the given key and options, yielding an encrypted-data object. */
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options;
 
 /** Decrypt this encrypted-data object using the given key, yielding a plain-data object. */
-- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding;
+- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding;
+
+/** Decrypt this encrypted-data object using the given key and options, yielding a plain-data object. */
+- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options;
 
 /** Apply a symmetric crypto operation on the data using the given key and options.
  * @return A plain or encrypted object, depending on the operation applied. */
-- (NSData *)doCipher:(CCOperation)encryptOrDecrypt withSymmetricKey:(NSData *)symmetricKey options:(CCOptions *)options;
+- (NSData *)doCipher:(CCOperation)encryptOrDecrypt withSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options;
 
 @end
 

Pearl-Crypto/PearlCryptUtils.m

@@ -82,50 +82,63 @@
 
 @implementation NSString (PearlCryptUtils)
 
-- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding {
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding {
 
-    return [[self dataUsingEncoding:NSUTF8StringEncoding] encryptWithSymmetricKey:symmetricKey usePadding:usePadding];
+    return [[self dataUsingEncoding:NSUTF8StringEncoding] encryptWithSymmetricKey:symmetricKey padding:padding];
+}
+
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options {
+
+    return [[self dataUsingEncoding:NSUTF8StringEncoding] encryptWithSymmetricKey:symmetricKey options:options];
 }
 
 @end
 
 @implementation NSData (PearlCryptUtils)
 
-- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding {
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding {
 
-    CCOptions options = kCCOptionECBMode;
-    if (usePadding)
+    CCOptions options = 0;
+    if (padding)
         options |= kCCOptionPKCS7Padding;
 
-    return [self doCipher:kCCEncrypt withSymmetricKey:symmetricKey options:&options];
+    return [self encryptWithSymmetricKey:symmetricKey options:options];
+}
+
+- (NSData *)encryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options {
+
+    return [self doCipher:kCCEncrypt withSymmetricKey:symmetricKey options:options];
 }
 
-- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey usePadding:(BOOL)usePadding {
+- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey padding:(BOOL)padding {
 
-    CCOptions options = kCCOptionECBMode;
-    if (usePadding)
+    CCOptions options = 0;
+    if (padding)
         options |= kCCOptionPKCS7Padding;
 
-    return [self doCipher:kCCDecrypt withSymmetricKey:symmetricKey options:&options];
+    return [self decryptWithSymmetricKey:symmetricKey options:options];
 }
 
-- (NSData *)doCipher:(CCOperation)encryptOrDecrypt withSymmetricKey:(NSData *)symmetricKey options:(CCOptions *)options {
+- (NSData *)decryptWithSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options {
+
+    return [self doCipher:kCCDecrypt withSymmetricKey:symmetricKey options:options];
+}
+
+- (NSData *)doCipher:(CCOperation)encryptOrDecrypt withSymmetricKey:(NSData *)symmetricKey options:(CCOptions)options {
 
     if (symmetricKey.length != PearlCryptKeySize) {
         err(@"Key size (%d) doesn't match cipher size (%d).", symmetricKey.length, PearlCryptKeySize);
         return nil;
     }
 
-    // Result buffer. (FIXME)
-    void *buffer = calloc(1000, sizeof(uint8_t));
-    size_t movedBytes;
-
     // Encrypt / Decrypt
+    void *buffer = malloc(self.length + PearlCryptBlockSize);
     @try {
-        CCCryptorStatus ccStatus = CCCrypt(encryptOrDecrypt, PearlCryptAlgorithm, *options,
+        size_t movedBytes;
+        CCCryptorStatus ccStatus = CCCrypt(encryptOrDecrypt, PearlCryptAlgorithm, options,
                                            symmetricKey.bytes, symmetricKey.length,
                                            nil, self.bytes, self.length,
-                                           buffer, sizeof(uint8_t) * 1000, &movedBytes);
+                                           buffer, self.length + PearlCryptBlockSize, &movedBytes);
         if (ccStatus != kCCSuccess) {
             err(@"Problem during %@: %@",
                 encryptOrDecrypt == kCCEncrypt? @"encryption": @"decryption", NSStringFromCCCryptorStatus(ccStatus));