Symaptic: os/security/crypto/weakcryptospi/source/padding/padding.cpp@bde4ae8d615e (annotated)

sl@0	1	/*
sl@0	2	* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0	3	* All rights reserved.
sl@0	4	* This component and the accompanying materials are made available
sl@0	5	* under the terms of the License "Eclipse Public License v1.0"
sl@0	6	* which accompanies this distribution, and is available
sl@0	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0	8	*
sl@0	9	* Initial Contributors:
sl@0	10	* Nokia Corporation - initial contribution.
sl@0	11	*
sl@0	12	* Contributors:
sl@0	13	*
sl@0	14	* Description:
sl@0	15	*
sl@0	16	*/
sl@0	17
sl@0	18
sl@0	19	#include <e32base.h>
sl@0	20	#include <random.h>
sl@0	21	#include <padding.h>
sl@0	22	#include <securityerr.h>
sl@0	23	#include <cryptopanic.h>
sl@0	24
sl@0	25	#include "paddingshim.h"
sl@0	26
sl@0	27	/* CPadding */
sl@0	28	CPadding::CPadding(void) : iBlockBytes(-1)
sl@0	29	{
sl@0	30	}
sl@0	31
sl@0	32	EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
sl@0	33	{
sl@0	34	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
sl@0	35	}
sl@0	36
sl@0	37	EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
sl@0	38	{
sl@0	39	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
sl@0	40	iBlockBytes = aBlockBytes;
sl@0	41	}
sl@0	42
sl@0	43	EXPORT_C TInt CPadding::BlockSize(void) const
sl@0	44	{
sl@0	45	return iBlockBytes;
sl@0	46	}
sl@0	47
sl@0	48	EXPORT_C TInt CPadding::MaxPaddedLength(TInt /aInputBytes/) const
sl@0	49	{
sl@0	50	return BlockSize();
sl@0	51	}
sl@0	52
sl@0	53	EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
sl@0	54	{
sl@0	55	return aInputBytes - MinPaddingLength();
sl@0	56	}
sl@0	57
sl@0	58	EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
sl@0	59	{
sl@0	60	// Check that the input is small enough to fit inside one padded block
sl@0	61	// Won't leave if input text is equal to blocksize. Let DoPadL handle such situations
sl@0	62	if(aInput.Length() > BlockSize() - MinPaddingLength()
sl@0	63	&& aInput.Length() != BlockSize())
sl@0	64	User::Leave(KErrArgument);
sl@0	65
sl@0	66	// Check that the output descriptor supplied is large enough to store the result
sl@0	67	if(aOutput.MaxLength() < MaxPaddedLength(aInput.Length()))
sl@0	68	User::Leave(KErrOverflow);
sl@0	69
sl@0	70	// Call the virtual function, implemented by derived classes
sl@0	71	DoPadL(aInput, aOutput);
sl@0	72	}
sl@0	73
sl@0	74	TInt CPadding::GetExtension(TUint aExtensionId, TAny& a0, TAny a1)
sl@0	75	{
sl@0	76	return Extension_(aExtensionId, a0, a1);
sl@0	77	}
sl@0	78
sl@0	79	/* CPaddingNone */
sl@0	80	EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
sl@0	81	{
sl@0	82	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
sl@0	83	return CPaddingNoneShim::NewL(aBlockBytes);
sl@0	84	}
sl@0	85
sl@0	86	EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
sl@0	87	{
sl@0	88	CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
sl@0	89	CleanupStack::PushL(self);
sl@0	90	return self;
sl@0	91	}
sl@0	92
sl@0	93	EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
sl@0	94	{
sl@0	95	}
sl@0	96
sl@0	97	void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	98	{
sl@0	99	aOutput.Append(aInput);
sl@0	100	}
sl@0	101
sl@0	102	void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	103	{
sl@0	104	__ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	105	aOutput.Append(aInput);
sl@0	106	}
sl@0	107
sl@0	108	TInt CPaddingNone::MinPaddingLength(void) const
sl@0	109	{
sl@0	110	return 0;
sl@0	111	}
sl@0	112
sl@0	113	TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
sl@0	114	{
sl@0	115	return aInputSize;
sl@0	116	}
sl@0	117
sl@0	118	/* CPaddingSSLv3 */
sl@0	119	EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
sl@0	120	{
sl@0	121	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
sl@0	122	return CPaddingSSLv3Shim::NewL(aBlockBytes);
sl@0	123	}
sl@0	124
sl@0	125	EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
sl@0	126	{
sl@0	127	CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
sl@0	128	CleanupStack::PushL(self);
sl@0	129	return self;
sl@0	130	}
sl@0	131
sl@0	132	EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
sl@0	133	{
sl@0	134	}
sl@0	135
sl@0	136	void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	137	{
sl@0	138	TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
sl@0	139	aOutput.Append(aInput);
sl@0	140	aOutput.SetLength(aOutput.Length()+paddingBytes);
sl@0	141	for (TInt i=1;i<=paddingBytes;i++)
sl@0	142	{
sl@0	143	aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
sl@0	144	}
sl@0	145	}
sl@0	146
sl@0	147	void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	148	{
sl@0	149	TInt paddingLen = aInput[aInput.Length()-1] + 1;
sl@0	150
sl@0	151	if (paddingLen > aInput.Length())
sl@0	152	{
sl@0	153	User::Leave(KErrInvalidPadding);
sl@0	154	}
sl@0	155
sl@0	156	TInt outlen = aInput.Length() - paddingLen;
sl@0	157
sl@0	158	__ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	159
sl@0	160	aOutput.Append(aInput.Left(outlen));
sl@0	161	}
sl@0	162
sl@0	163	TInt CPaddingSSLv3::MinPaddingLength(void) const
sl@0	164	{
sl@0	165	//if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
sl@0	166	return 1;
sl@0	167	}
sl@0	168
sl@0	169	TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
sl@0	170	{
sl@0	171	TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
sl@0	172	return padBytes + aInputBytes;
sl@0	173	}
sl@0	174
sl@0	175	/* CPaddingPKCS1Signature */
sl@0	176	EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
sl@0	177	{
sl@0	178	return CPaddingPKCS1SignatureShim::NewL(aBlockBytes);
sl@0	179	}
sl@0	180
sl@0	181	EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
sl@0	182	{
sl@0	183	CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
sl@0	184	CleanupStack::PushL(self);
sl@0	185	return self;
sl@0	186	}
sl@0	187
sl@0	188	EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
sl@0	189	: CPadding(aBlockBytes)
sl@0	190	{
sl@0	191	}
sl@0	192
sl@0	193	void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	194	{
sl@0	195	aOutput.SetLength(BlockSize());
sl@0	196	TInt i;
sl@0	197	TInt j;
sl@0	198	aOutput[0]=0;
sl@0	199	TInt startOfData=BlockSize()-aInput.Length();
sl@0	200	// PKCS1 also specifies a block type 0 for private key operations but
sl@0	201	// does not recommend its use. This block type (0) is compatible with
sl@0	202	// unpadded data though so you can create PKCS1 type 0 blocks using
sl@0	203	// CPaddingNone.
sl@0	204	aOutput[1]=1; // Block type 1 (private key operation)
sl@0	205	for (i=2;i<(startOfData-1);i++)
sl@0	206	{
sl@0	207	aOutput[i]=0xff;
sl@0	208	}
sl@0	209	j=0;
sl@0	210	aOutput[startOfData-1]=0; // separator
sl@0	211	for (i=startOfData;i<BlockSize();i++,j++)
sl@0	212	{
sl@0	213	aOutput[i]=aInput[j];
sl@0	214	}
sl@0	215	}
sl@0	216
sl@0	217	void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	218	{
sl@0	219	// erm, oops, this is not quite as simplistic as it first looks...
sl@0	220	// our integer class will strip any leading zeros so we might actually
sl@0	221	// get some real data that starts out looking like padding but isn't
sl@0	222	// really
sl@0	223
sl@0	224	TInt inputLen = aInput.Length();
sl@0	225	if (inputLen <=0 )
sl@0	226	User::Leave(KErrInvalidPadding); // Invalid padding data
sl@0	227
sl@0	228	// Leading zero may have been stripped off by integer class
sl@0	229	TInt dataStart=0;
sl@0	230	if (aInput[dataStart] == 0)
sl@0	231	{
sl@0	232	++dataStart;
sl@0	233	}
sl@0	234
sl@0	235	if (dataStart < inputLen && aInput[dataStart]) // might be mode one or mode zero,
sl@0	236	{
sl@0	237	++dataStart;
sl@0	238	while (dataStart < inputLen && aInput[dataStart] == 0xff)
sl@0	239	{
sl@0	240	++dataStart;
sl@0	241	}
sl@0	242
sl@0	243	if (dataStart == inputLen \|\| aInput[dataStart]) // this would mean theres no zero between 0x01ff and data...so its not mode one
sl@0	244	dataStart=0; // mode zero, start from begining of data
sl@0	245	else
sl@0	246	++dataStart;
sl@0	247	}
sl@0	248	else // We've definitely got a mode zero
sl@0	249	{ // or broken data, assume mode zero
sl@0	250	dataStart=0;
sl@0	251	}
sl@0	252
sl@0	253	TInt len=inputLen-dataStart;
sl@0	254
sl@0	255	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	256
sl@0	257	aOutput.SetLength(len);
sl@0	258	TInt i=0;
sl@0	259	while (dataStart<inputLen)
sl@0	260	{
sl@0	261	aOutput[i++]=aInput[dataStart++];
sl@0	262	}
sl@0	263	}
sl@0	264
sl@0	265	TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
sl@0	266	{
sl@0	267	return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
sl@0	268	}
sl@0	269
sl@0	270	/* CPaddingPKCS1Encryption */
sl@0	271	EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
sl@0	272	TInt aBlockBytes)
sl@0	273	{
sl@0	274	return CPaddingPKCS1EncryptionShim::NewL(aBlockBytes);
sl@0	275	}
sl@0	276
sl@0	277	EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
sl@0	278	TInt aBlockBytes)
sl@0	279	{
sl@0	280	CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
sl@0	281	CleanupStack::PushL(self);
sl@0	282	return self;
sl@0	283	}
sl@0	284
sl@0	285	EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
sl@0	286	: CPadding(aBlockBytes)
sl@0	287	{
sl@0	288	}
sl@0	289
sl@0	290	void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	291	{
sl@0	292	aOutput.SetLength(BlockSize());
sl@0	293
sl@0	294	aOutput[0]=0;
sl@0	295	TInt startOfData=BlockSize()-aInput.Length();
sl@0	296	aOutput[1]=2; // Block type 2 (public key operation)
sl@0	297	TBuf8<256> rnd(256);
sl@0	298	TRAPD(err, GenerateRandomBytesL(rnd));
sl@0	299	if((err != KErrNone) && (err != KErrNotSecure))
sl@0	300	User::Leave(err);
sl@0	301
sl@0	302	TInt i = 2;
sl@0	303	TInt j = 0;
sl@0	304	for (; i<(startOfData-1);)
sl@0	305	{
sl@0	306	if (rnd[j])
sl@0	307	{
sl@0	308	aOutput[i++]=rnd[j];
sl@0	309	}
sl@0	310	if (++j==256)
sl@0	311	{
sl@0	312	TRAP(err, GenerateRandomBytesL(rnd));
sl@0	313	if((err != KErrNone) && (err != KErrNotSecure))
sl@0	314	User::Leave(err);
sl@0	315	j=0;
sl@0	316	}
sl@0	317	}
sl@0	318
sl@0	319	j=0;
sl@0	320	aOutput[startOfData-1]=0; // separator
sl@0	321	for (i=startOfData;i<BlockSize();i++,j++)
sl@0	322	{
sl@0	323	aOutput[i]=aInput[j];
sl@0	324	}
sl@0	325	}
sl@0	326
sl@0	327	void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
sl@0	328	{
sl@0	329	TInt inputLen = aInput.Length();
sl@0	330	if (inputLen <= 0)
sl@0	331	User::Leave(KErrInvalidPadding); // Invalid padding data
sl@0	332
sl@0	333	// Leading zero may have been stripped off by integer class
sl@0	334	TInt dataStart=0;
sl@0	335	if (aInput[dataStart] == 0)
sl@0	336	{
sl@0	337	++dataStart;
sl@0	338	}
sl@0	339
sl@0	340	// expecting mode 2 padding, otherwise broken
sl@0	341	if (dataStart == inputLen \|\| aInput[dataStart] != 2)
sl@0	342	{
sl@0	343	User::Leave(KErrInvalidPadding);
sl@0	344	}
sl@0	345	++dataStart;
sl@0	346
sl@0	347	// skip random non zero bytes
sl@0	348	while (dataStart < inputLen && aInput[dataStart])
sl@0	349	{
sl@0	350	++dataStart;
sl@0	351	}
sl@0	352
sl@0	353	// expecting zero separator
sl@0	354	if (dataStart == inputLen \|\| aInput[dataStart] != 0)
sl@0	355	{
sl@0	356	User::Leave(KErrInvalidPadding);
sl@0	357	}
sl@0	358	++dataStart;
sl@0	359
sl@0	360	TInt len = inputLen - dataStart;
sl@0	361	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	362
sl@0	363	aOutput.SetLength(len);
sl@0	364	TInt i=0;
sl@0	365	while (dataStart<inputLen)
sl@0	366	{
sl@0	367	aOutput[i++]=aInput[dataStart++];
sl@0	368	}
sl@0	369	}
sl@0	370
sl@0	371	TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
sl@0	372	{
sl@0	373	return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
sl@0	374	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--