Symaptic: os/security/crypto/weakcrypto/source/padding/padding.cpp@260cb5ec6c19 (annotated)

sl@0	1	/*
sl@0	2	* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0	3	* All rights reserved.
sl@0	4	* This component and the accompanying materials are made available
sl@0	5	* under the terms of the License "Eclipse Public License v1.0"
sl@0	6	* which accompanies this distribution, and is available
sl@0	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0	8	*
sl@0	9	* Initial Contributors:
sl@0	10	* Nokia Corporation - initial contribution.
sl@0	11	*
sl@0	12	* Contributors:
sl@0	13	*
sl@0	14	* Description:
sl@0	15	*
sl@0	16	*/
sl@0	17
sl@0	18
sl@0	19	#include <e32base.h>
sl@0	20	#include <random.h>
sl@0	21	#include <padding.h>
sl@0	22	#include <securityerr.h>
sl@0	23	#include <cryptopanic.h>
sl@0	24
sl@0	25	/* CPadding */
sl@0	26	CPadding::CPadding(void) : iBlockBytes(-1)
sl@0	27	{
sl@0	28	}
sl@0	29
sl@0	30	EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
sl@0	31	{
sl@0	32	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
sl@0	33	}
sl@0	34
sl@0	35	EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
sl@0	36	{
sl@0	37	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
sl@0	38	iBlockBytes = aBlockBytes;
sl@0	39	}
sl@0	40
sl@0	41	EXPORT_C TInt CPadding::BlockSize(void) const
sl@0	42	{
sl@0	43	return iBlockBytes;
sl@0	44	}
sl@0	45
sl@0	46	EXPORT_C TInt CPadding::MaxPaddedLength(TInt /aInputBytes/) const
sl@0	47	{
sl@0	48	return BlockSize();
sl@0	49	}
sl@0	50
sl@0	51	EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
sl@0	52	{
sl@0	53	return aInputBytes - MinPaddingLength();
sl@0	54	}
sl@0	55
sl@0	56	EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
sl@0	57	{
sl@0	58	// Check that the input is small enough to fit inside one padded block
sl@0	59	__ASSERT_DEBUG(aInput.Length() <= BlockSize() - MinPaddingLength(),
sl@0	60	User::Panic(KCryptoPanic, ECryptoPanicPadInputTooLarge));
sl@0	61
sl@0	62	// Check that the output descriptor supplied is large enough to store the result
sl@0	63	__ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()),
sl@0	64	User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	65
sl@0	66	// Call the virtual function, implemented by derived classes
sl@0	67	DoPadL(aInput, aOutput);
sl@0	68	}
sl@0	69
sl@0	70	/* CPaddingNone */
sl@0	71	EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
sl@0	72	{
sl@0	73	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
sl@0	74	return new(ELeave)CPaddingNone(aBlockBytes);
sl@0	75	}
sl@0	76
sl@0	77	EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
sl@0	78	{
sl@0	79	CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
sl@0	80	CleanupStack::PushL(self);
sl@0	81	return self;
sl@0	82	}
sl@0	83
sl@0	84	EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
sl@0	85	{
sl@0	86	}
sl@0	87
sl@0	88	void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	89	{
sl@0	90	aOutput.Append(aInput);
sl@0	91	}
sl@0	92
sl@0	93	void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	94	{
sl@0	95	__ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	96	aOutput.Append(aInput);
sl@0	97	}
sl@0	98
sl@0	99	TInt CPaddingNone::MinPaddingLength(void) const
sl@0	100	{
sl@0	101	return 0;
sl@0	102	}
sl@0	103
sl@0	104	TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
sl@0	105	{
sl@0	106	return aInputSize;
sl@0	107	}
sl@0	108
sl@0	109	/* CPaddingSSLv3 */
sl@0	110	EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
sl@0	111	{
sl@0	112	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
sl@0	113	return new(ELeave)CPaddingSSLv3(aBlockBytes);
sl@0	114	}
sl@0	115
sl@0	116	EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
sl@0	117	{
sl@0	118	CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
sl@0	119	CleanupStack::PushL(self);
sl@0	120	return self;
sl@0	121	}
sl@0	122
sl@0	123	EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
sl@0	124	{
sl@0	125	}
sl@0	126
sl@0	127	void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	128	{
sl@0	129	TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
sl@0	130	aOutput.Append(aInput);
sl@0	131	aOutput.SetLength(aOutput.Length()+paddingBytes);
sl@0	132	for (TInt i=1;i<=paddingBytes;i++)
sl@0	133	{
sl@0	134	aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
sl@0	135	}
sl@0	136	}
sl@0	137
sl@0	138	void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	139	{
sl@0	140	TInt paddingLen = aInput[aInput.Length()-1] + 1;
sl@0	141
sl@0	142	if (paddingLen > aInput.Length())
sl@0	143	{
sl@0	144	User::Leave(KErrInvalidPadding);
sl@0	145	}
sl@0	146
sl@0	147	TInt outlen = aInput.Length() - paddingLen;
sl@0	148
sl@0	149	__ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	150
sl@0	151	aOutput.Append(aInput.Left(outlen));
sl@0	152	}
sl@0	153
sl@0	154	TInt CPaddingSSLv3::MinPaddingLength(void) const
sl@0	155	{
sl@0	156	//if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
sl@0	157	return 1;
sl@0	158	}
sl@0	159
sl@0	160	TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
sl@0	161	{
sl@0	162	TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
sl@0	163	return padBytes + aInputBytes;
sl@0	164	}
sl@0	165
sl@0	166	/* CPaddingPKCS1Signature */
sl@0	167	EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
sl@0	168	{
sl@0	169	return new(ELeave)CPaddingPKCS1Signature(aBlockBytes);
sl@0	170	}
sl@0	171
sl@0	172	EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
sl@0	173	{
sl@0	174	CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
sl@0	175	CleanupStack::PushL(self);
sl@0	176	return self;
sl@0	177	}
sl@0	178
sl@0	179	EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
sl@0	180	: CPadding(aBlockBytes)
sl@0	181	{
sl@0	182	}
sl@0	183
sl@0	184	void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	185	{
sl@0	186	aOutput.SetLength(BlockSize());
sl@0	187	TInt i;
sl@0	188	TInt j;
sl@0	189	aOutput[0]=0;
sl@0	190	TInt startOfData=BlockSize()-aInput.Length();
sl@0	191	// PKCS1 also specifies a block type 0 for private key operations but
sl@0	192	// does not recommend its use. This block type (0) is compatible with
sl@0	193	// unpadded data though so you can create PKCS1 type 0 blocks using
sl@0	194	// CPaddingNone.
sl@0	195	aOutput[1]=1; // Block type 1 (private key operation)
sl@0	196	for (i=2;i<(startOfData-1);i++)
sl@0	197	{
sl@0	198	aOutput[i]=0xff;
sl@0	199	}
sl@0	200	j=0;
sl@0	201	aOutput[startOfData-1]=0; // separator
sl@0	202	for (i=startOfData;i<BlockSize();i++,j++)
sl@0	203	{
sl@0	204	aOutput[i]=aInput[j];
sl@0	205	}
sl@0	206	}
sl@0	207
sl@0	208	void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	209	{
sl@0	210	// erm, oops, this is not quite as simplistic as it first looks...
sl@0	211	// our integer class will strip any leading zeros so we might actually
sl@0	212	// get some real data that starts out looking like padding but isn't
sl@0	213	// really
sl@0	214
sl@0	215	TInt inputLen = aInput.Length();
sl@0	216	if (inputLen <=0 )
sl@0	217	User::Leave(KErrInvalidPadding); // Invalid padding data
sl@0	218
sl@0	219	// Leading zero may have been stripped off by integer class
sl@0	220	TInt dataStart=0;
sl@0	221	if (aInput[dataStart] == 0)
sl@0	222	{
sl@0	223	++dataStart;
sl@0	224	}
sl@0	225
sl@0	226	if (dataStart < inputLen && aInput[dataStart]) // might be mode one or mode zero,
sl@0	227	{
sl@0	228	++dataStart;
sl@0	229	while (dataStart < inputLen && aInput[dataStart] == 0xff)
sl@0	230	{
sl@0	231	++dataStart;
sl@0	232	}
sl@0	233
sl@0	234	if (dataStart == inputLen \|\| aInput[dataStart]) // this would mean theres no zero between 0x01ff and data...so its not mode one
sl@0	235	dataStart=0; // mode zero, start from begining of data
sl@0	236	else
sl@0	237	++dataStart;
sl@0	238	}
sl@0	239	else // We've definitely got a mode zero
sl@0	240	{ // or broken data, assume mode zero
sl@0	241	dataStart=0;
sl@0	242	}
sl@0	243
sl@0	244	TInt len=inputLen-dataStart;
sl@0	245
sl@0	246	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	247
sl@0	248	aOutput.SetLength(len);
sl@0	249	TInt i=0;
sl@0	250	while (dataStart<inputLen)
sl@0	251	{
sl@0	252	aOutput[i++]=aInput[dataStart++];
sl@0	253	}
sl@0	254	}
sl@0	255
sl@0	256	TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
sl@0	257	{
sl@0	258	return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
sl@0	259	}
sl@0	260
sl@0	261	/* CPaddingPKCS1Encryption */
sl@0	262	EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
sl@0	263	TInt aBlockBytes)
sl@0	264	{
sl@0	265	return new(ELeave)CPaddingPKCS1Encryption(aBlockBytes);
sl@0	266	}
sl@0	267
sl@0	268	EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
sl@0	269	TInt aBlockBytes)
sl@0	270	{
sl@0	271	CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
sl@0	272	CleanupStack::PushL(self);
sl@0	273	return self;
sl@0	274	}
sl@0	275
sl@0	276	EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
sl@0	277	: CPadding(aBlockBytes)
sl@0	278	{
sl@0	279	}
sl@0	280
sl@0	281	void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	282	{
sl@0	283	aOutput.SetLength(BlockSize());
sl@0	284
sl@0	285	aOutput[0]=0;
sl@0	286	TInt startOfData=BlockSize()-aInput.Length();
sl@0	287	aOutput[1]=2; // Block type 2 (public key operation)
sl@0	288	TBuf8<256> rnd(256);
sl@0	289	GenerateRandomBytesL(rnd);
sl@0	290
sl@0	291	TInt i = 2;
sl@0	292	TInt j = 0;
sl@0	293	for (; i<(startOfData-1);)
sl@0	294	{
sl@0	295	if (rnd[j])
sl@0	296	{
sl@0	297	aOutput[i++]=rnd[j];
sl@0	298	}
sl@0	299	if (++j==256)
sl@0	300	{
sl@0	301	GenerateRandomBytesL(rnd);
sl@0	302	j=0;
sl@0	303	}
sl@0	304	}
sl@0	305
sl@0	306	j=0;
sl@0	307	aOutput[startOfData-1]=0; // separator
sl@0	308	for (i=startOfData;i<BlockSize();i++,j++)
sl@0	309	{
sl@0	310	aOutput[i]=aInput[j];
sl@0	311	}
sl@0	312	}
sl@0	313
sl@0	314	void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	315	{
sl@0	316	TInt inputLen = aInput.Length();
sl@0	317	if (inputLen <= 0)
sl@0	318	User::Leave(KErrInvalidPadding); // Invalid padding data
sl@0	319
sl@0	320	// Leading zero may have been stripped off by integer class
sl@0	321	TInt dataStart=0;
sl@0	322	if (aInput[dataStart] == 0)
sl@0	323	{
sl@0	324	++dataStart;
sl@0	325	}
sl@0	326
sl@0	327	// expecting mode 2 padding, otherwise broken
sl@0	328	if (dataStart == inputLen \|\| aInput[dataStart] != 2)
sl@0	329	{
sl@0	330	User::Leave(KErrInvalidPadding);
sl@0	331	}
sl@0	332	++dataStart;
sl@0	333
sl@0	334	// skip random non zero bytes
sl@0	335	while (dataStart < inputLen && aInput[dataStart])
sl@0	336	{
sl@0	337	++dataStart;
sl@0	338	}
sl@0	339
sl@0	340	// expecting zero separator
sl@0	341	if (dataStart == inputLen \|\| aInput[dataStart] != 0)
sl@0	342	{
sl@0	343	User::Leave(KErrInvalidPadding);
sl@0	344	}
sl@0	345	++dataStart;
sl@0	346
sl@0	347	TInt len = inputLen - dataStart;
sl@0	348	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	349
sl@0	350	aOutput.SetLength(len);
sl@0	351	TInt i=0;
sl@0	352	while (dataStart<inputLen)
sl@0	353	{
sl@0	354	aOutput[i++]=aInput[dataStart++];
sl@0	355	}
sl@0	356	}
sl@0	357
sl@0	358	TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
sl@0	359	{
sl@0	360	return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
sl@0	361	}
sl@0	362

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--