Symaptic: os/security/crypto/weakcryptospi/test/tplugins/src/symmetriccipherimpl.cpp@bde4ae8d615e (annotated)

sl@0	1	/*
sl@0	2	* Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies).
sl@0	3	* All rights reserved.
sl@0	4	* This component and the accompanying materials are made available
sl@0	5	* under the terms of the License "Eclipse Public License v1.0"
sl@0	6	* which accompanies this distribution, and is available
sl@0	7	* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0	8	*
sl@0	9	* Initial Contributors:
sl@0	10	* Nokia Corporation - initial contribution.
sl@0	11	*
sl@0	12	* Contributors:
sl@0	13	*
sl@0	14	* Description:
sl@0	15	*
sl@0	16	*/
sl@0	17
sl@0	18
sl@0	19	#include "symmetriccipherimpl.h"
sl@0	20
sl@0	21	#include <e32def.h>
sl@0	22	#include <cryptostrength.h>
sl@0	23	#include <cryptospi/cryptospidef.h>
sl@0	24	#include <cryptospi/keys.h>
sl@0	25	#include <cryptospi/plugincharacteristics.h>
sl@0	26	#include "pluginconfig.h"
sl@0	27	#include <cryptopanic.h>
sl@0	28	#include <securityerr.h>
sl@0	29	#include "../../../source/common/inlines.h"
sl@0	30
sl@0	31	using namespace SoftwareCrypto;
sl@0	32
sl@0	33	//
sl@0	34	// Implementation of Symmetric Cipher class
sl@0	35	//
sl@0	36	CSymmetricCipherImpl::CSymmetricCipherImpl()
sl@0	37	{
sl@0	38	}
sl@0	39
sl@0	40	void CSymmetricCipherImpl::ConstructL(const CKey& aKey)
sl@0	41	{
sl@0	42	DoSetKeyL(aKey);
sl@0	43	}
sl@0	44
sl@0	45	void CSymmetricCipherImpl::SecureDelete(HBufC8*& aBuffer)
sl@0	46	{
sl@0	47	if (aBuffer)
sl@0	48	{
sl@0	49	aBuffer->Des().FillZ();
sl@0	50	}
sl@0	51	delete aBuffer;
sl@0	52	aBuffer = 0;
sl@0	53	}
sl@0	54
sl@0	55	CSymmetricCipherImpl::~CSymmetricCipherImpl()
sl@0	56	{
sl@0	57	SecureDelete(iKey);
sl@0	58	}
sl@0	59
sl@0	60	void CSymmetricCipherImpl::Close()
sl@0	61	{
sl@0	62	delete this;
sl@0	63	}
sl@0	64
sl@0	65	TAny* CSymmetricCipherImpl::GetExtension(TUid /aExtensionId/)
sl@0	66	{
sl@0	67	return 0;
sl@0	68	}
sl@0	69
sl@0	70	void CSymmetricCipherImpl::GetCharacteristicsL(const TAny*& aPluginCharacteristics)
sl@0	71	{
sl@0	72	TInt numCiphers = sizeof(KSymmetricCipherCharacteristics)/sizeof(TSymmetricCipherCharacteristics*);
sl@0	73	TInt32 implUid = ImplementationUid().iUid;
sl@0	74	for (TInt i = 0; i < numCiphers; ++i)
sl@0	75	{
sl@0	76	if (KSymmetricCipherCharacteristics[i]->cmn.iImplementationUID == implUid)
sl@0	77	{
sl@0	78	aPluginCharacteristics = KSymmetricCipherCharacteristics[i];
sl@0	79	break;
sl@0	80	}
sl@0	81	}
sl@0	82	}
sl@0	83
sl@0	84	TInt CSymmetricCipherImpl::GetKeyStrength() const
sl@0	85	{
sl@0	86	return BytesToBits(iKey->Length());
sl@0	87	}
sl@0	88
sl@0	89	HBufC8* CSymmetricCipherImpl::ExtractKeyDataLC(const CKey& aKey) const
sl@0	90	{
sl@0	91	const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid);
sl@0	92	return keyContent.AllocLC();
sl@0	93	}
sl@0	94
sl@0	95	TInt CSymmetricCipherImpl::KeySize() const
sl@0	96	{
sl@0	97	// return key size in BITS
sl@0	98	return BytesToBits(iKeyBytes);
sl@0	99	}
sl@0	100
sl@0	101	void CSymmetricCipherImpl::DoSetKeyL(const CKey& aKey)
sl@0	102	{
sl@0	103	HBufC8* key = ExtractKeyDataLC(aKey);
sl@0	104	TInt keyLength(key->Length());
sl@0	105
sl@0	106	TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyLength));
sl@0	107	if (! IsValidKeyLength(keyLength))
sl@0	108	{
sl@0	109	CleanupStack::PopAndDestroy(key);
sl@0	110	User::Leave(KErrNotSupported);
sl@0	111	}
sl@0	112
sl@0	113	SecureDelete(iKey);
sl@0	114	CleanupStack::Pop(key);
sl@0	115	iKey = key;
sl@0	116	iKeyBytes = keyLength;
sl@0	117	}
sl@0	118
sl@0	119	//
sl@0	120	// Implementation of Symmetric Stream Cipher
sl@0	121	//
sl@0	122	CSymmetricStreamCipherImpl::CSymmetricStreamCipherImpl()
sl@0	123	{
sl@0	124	}
sl@0	125
sl@0	126	CSymmetricStreamCipherImpl::~CSymmetricStreamCipherImpl()
sl@0	127	{
sl@0	128	}
sl@0	129
sl@0	130	void CSymmetricStreamCipherImpl::SetKeyL(const CKey& aKey)
sl@0	131	{
sl@0	132	DoSetKeyL(aKey);
sl@0	133	TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
sl@0	134	Reset();
sl@0	135	}
sl@0	136
sl@0	137	void CSymmetricStreamCipherImpl::ConstructL(const CKey& aKey)
sl@0	138	{
sl@0	139	CSymmetricCipherImpl::ConstructL(aKey);
sl@0	140	}
sl@0	141
sl@0	142	TInt CSymmetricStreamCipherImpl::BlockSize() const
sl@0	143	{
sl@0	144	// return block size in BITS
sl@0	145	return 8;
sl@0	146	}
sl@0	147
sl@0	148	void CSymmetricStreamCipherImpl::SetOperationModeL(TUid /aOperationMode/)
sl@0	149	{
sl@0	150	User::Leave(KErrNotSupported);
sl@0	151	}
sl@0	152
sl@0	153	void CSymmetricStreamCipherImpl::SetCryptoModeL(TUid /aCryptoMode/)
sl@0	154	{
sl@0	155	// Call the reset method.
sl@0	156	Reset();
sl@0	157	}
sl@0	158
sl@0	159	void CSymmetricStreamCipherImpl::SetPaddingModeL(TUid /aPaddingMode/)
sl@0	160	{
sl@0	161	User::Leave(KErrNotSupported);
sl@0	162	}
sl@0	163
sl@0	164	void CSymmetricStreamCipherImpl::SetIvL(const TDesC8& /aIv/)
sl@0	165	{
sl@0	166	User::Leave(KErrNotSupported);
sl@0	167	}
sl@0	168
sl@0	169	TInt CSymmetricStreamCipherImpl::MaxOutputLength(TInt aInputLength) const
sl@0	170	{
sl@0	171	return aInputLength;
sl@0	172	}
sl@0	173
sl@0	174	TInt CSymmetricStreamCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
sl@0	175	{
sl@0	176	return aInputLength;
sl@0	177	}
sl@0	178
sl@0	179	void CSymmetricStreamCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
sl@0	180	{
sl@0	181	TInt outputIndex = aOutput.Size();
sl@0	182
sl@0	183	// aOutput may already have outputIndex bytes of data in it
sl@0	184	// check there will still be enough space to process the result
sl@0	185	__ASSERT_DEBUG(aOutput.MaxLength() - outputIndex >= MaxOutputLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0	186
sl@0	187	aOutput.Append(aInput);
sl@0	188
sl@0	189	TPtr8 transformBuf((TUint8*)(aOutput.Ptr()) + outputIndex, aInput.Size(),
sl@0	190	aInput.Size());
sl@0	191	DoProcess(transformBuf);
sl@0	192	}
sl@0	193
sl@0	194	void CSymmetricStreamCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
sl@0	195	{
sl@0	196	ProcessL(aInput, aOutput);
sl@0	197	}
sl@0	198
sl@0	199	//
sl@0	200	// Implementation of Symmetric Block Cipher
sl@0	201	//
sl@0	202	CSymmetricBlockCipherImpl::CSymmetricBlockCipherImpl(
sl@0	203	TUint8 aBlockBytes,
sl@0	204	TUid aCryptoMode,
sl@0	205	TUid aOperationMode,
sl@0	206	TUid aPaddingMode) :
sl@0	207	iBlockBytes(aBlockBytes),
sl@0	208	iCryptoMode(aCryptoMode),
sl@0	209	iOperationMode(aOperationMode),
sl@0	210	iPaddingMode(aPaddingMode)
sl@0	211	{
sl@0	212	}
sl@0	213
sl@0	214	CSymmetricBlockCipherImpl::~CSymmetricBlockCipherImpl()
sl@0	215	{
sl@0	216	delete iPadding;
sl@0	217	delete iCbcRegister;
sl@0	218	delete iCurrentCipherText;
sl@0	219	iIv.Close();
sl@0	220	iInputStore.Close();
sl@0	221	iPaddingBlock.Close();
sl@0	222	}
sl@0	223
sl@0	224
sl@0	225	void CSymmetricBlockCipherImpl::ConstructL(const CKey& aKey)
sl@0	226	{
sl@0	227	CSymmetricCipherImpl::ConstructL(aKey);
sl@0	228	DoSetOperationModeL(iOperationMode);
sl@0	229	DoSetCryptoModeL(iCryptoMode);
sl@0	230	DoSetPaddingModeL(iPaddingMode);
sl@0	231
sl@0	232	iInputStore.ReAllocL(iBlockBytes);
sl@0	233	iPaddingBlock.ReAllocL(iBlockBytes);
sl@0	234
sl@0	235	iCbcRegister = new(ELeave) TUint32[iBlockBytes/4];
sl@0	236	iCbcRegisterPtr = reinterpret_cast<TUint8*>(iCbcRegister);
sl@0	237
sl@0	238	iCurrentCipherText = new(ELeave) TUint32[iBlockBytes/4];
sl@0	239	iCurrentCipherTextPtr = reinterpret_cast<TUint8*>(iCurrentCipherText);
sl@0	240	}
sl@0	241
sl@0	242	void CSymmetricBlockCipherImpl::Reset()
sl@0	243	{
sl@0	244	iInputStore.Zero();
sl@0	245	iPaddingBlock.Zero();
sl@0	246
sl@0	247	if (iOperationMode.iUid == KOperationModeCBC)
sl@0	248	{
sl@0	249	// only copy the IV if it is already set
sl@0	250	if (iIv.MaxLength() > 0)
sl@0	251	{
sl@0	252	Mem::Copy(iCbcRegisterPtr, &iIv[0], iBlockBytes);
sl@0	253	}
sl@0	254	}
sl@0	255	}
sl@0	256
sl@0	257	void CSymmetricBlockCipherImpl::SetKeyL(const CKey& aKey)
sl@0	258	{
sl@0	259	DoSetKeyL(aKey);
sl@0	260	TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
sl@0	261	SetKeySchedule();
sl@0	262	Reset();
sl@0	263	}
sl@0	264
sl@0	265	void CSymmetricBlockCipherImpl::SetOperationModeL(TUid aOperationMode)
sl@0	266	{
sl@0	267	DoSetOperationModeL(aOperationMode);
sl@0	268	Reset();
sl@0	269	}
sl@0	270
sl@0	271	void CSymmetricBlockCipherImpl::SetCryptoModeL(TUid aCryptoMode)
sl@0	272	{
sl@0	273	DoSetCryptoModeL(aCryptoMode);
sl@0	274	SetKeySchedule();
sl@0	275	Reset();
sl@0	276	}
sl@0	277
sl@0	278	void CSymmetricBlockCipherImpl::SetPaddingModeL(TUid aPaddingMode)
sl@0	279	{
sl@0	280	DoSetPaddingModeL(aPaddingMode);
sl@0	281	Reset();
sl@0	282	}
sl@0	283
sl@0	284	void CSymmetricBlockCipherImpl::SetIvL(const TDesC8& aIv)
sl@0	285	{
sl@0	286	if (iOperationMode.iUid != KOperationModeCBC)
sl@0	287	{
sl@0	288	User::Leave(KErrNotSupported);
sl@0	289	}
sl@0	290	DoSetIvL(aIv);
sl@0	291	Reset();
sl@0	292	}
sl@0	293
sl@0	294	void CSymmetricBlockCipherImpl::DoSetOperationModeL(TUid aOperationMode)
sl@0	295	{
sl@0	296	switch (aOperationMode.iUid)
sl@0	297	{
sl@0	298	case KOperationModeNone:
sl@0	299	case KOperationModeECB:
sl@0	300	case KOperationModeCBC:
sl@0	301	break;
sl@0	302	default:
sl@0	303	User::Leave(KErrNotSupported);
sl@0	304	}
sl@0	305	iOperationMode = aOperationMode;
sl@0	306	}
sl@0	307
sl@0	308	void CSymmetricBlockCipherImpl::DoSetCryptoModeL(TUid aCryptoMode)
sl@0	309	{
sl@0	310	switch (aCryptoMode.iUid)
sl@0	311	{
sl@0	312	case KCryptoModeEncrypt:
sl@0	313	case KCryptoModeDecrypt:
sl@0	314	break;
sl@0	315	default:
sl@0	316	User::Leave(KErrNotSupported);
sl@0	317	}
sl@0	318	iCryptoMode = aCryptoMode;
sl@0	319	}
sl@0	320
sl@0	321	void CSymmetricBlockCipherImpl::DoSetPaddingModeL(TUid aPaddingMode)
sl@0	322	{
sl@0	323	CPadding* padding(0);
sl@0	324	switch (aPaddingMode.iUid)
sl@0	325	{
sl@0	326	case KPaddingModeNone:
sl@0	327	padding = CPaddingNone::NewL(iBlockBytes);
sl@0	328	break;
sl@0	329	case KPaddingModeSSLv3:
sl@0	330	padding = CPaddingSSLv3::NewL(iBlockBytes);
sl@0	331	break;
sl@0	332	case KPaddingModePKCS7:
sl@0	333	padding = CPaddingPKCS7::NewL(iBlockBytes);
sl@0	334	break;
sl@0	335	default:
sl@0	336	User::Leave(KErrNotSupported);
sl@0	337	}
sl@0	338	delete iPadding;
sl@0	339	iPadding = padding;
sl@0	340	iPaddingMode = aPaddingMode;
sl@0	341	}
sl@0	342
sl@0	343	void CSymmetricBlockCipherImpl::DoSetIvL(const TDesC8& aIv)
sl@0	344	{
sl@0	345	iIv.ReAllocL(iBlockBytes);
sl@0	346	iIv.SetLength(iBlockBytes);
sl@0	347
sl@0	348	iIv.Zero();
sl@0	349	if (aIv.Length() != iBlockBytes)
sl@0	350	{
sl@0	351	User::Leave(KErrArgument);
sl@0	352	}
sl@0	353	iIv = aIv;
sl@0	354	}
sl@0	355
sl@0	356	TInt CSymmetricBlockCipherImpl::BlockSize() const
sl@0	357	{
sl@0	358	// return block size in BITS
sl@0	359	return BytesToBits(iBlockBytes);
sl@0	360	}
sl@0	361
sl@0	362	TInt CSymmetricBlockCipherImpl::MaxOutputLength(TInt aInputLength) const
sl@0	363	{
sl@0	364	// The maximum output length required for Process is equal to the
sl@0	365	// size of the number of whole input blocks available.
sl@0	366	//
sl@0	367	// The block bytes is a power of two so we can use this to avoid
sl@0	368	// doing a real mod operation
sl@0	369	TUint inputStoreLength(iInputStore.Length());
sl@0	370	TInt rem = (aInputLength + inputStoreLength) & (iBlockBytes - 1);
sl@0	371	return (aInputLength + inputStoreLength - rem);
sl@0	372	}
sl@0	373
sl@0	374	TInt CSymmetricBlockCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
sl@0	375	{
sl@0	376	if (iCryptoMode.iUid == KCryptoModeEncrypt)
sl@0	377	{
sl@0	378	return iPadding->MaxPaddedLength(iInputStore.Length() + aInputLength);
sl@0	379	}
sl@0	380	else
sl@0	381	{
sl@0	382	return iPadding->MaxUnPaddedLength(aInputLength + iInputStore.Size());
sl@0	383	}
sl@0	384	}
sl@0	385
sl@0	386	void CSymmetricBlockCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
sl@0	387	{
sl@0	388	// if we're running in CBC mode then we must have an IV set before we can
sl@0	389	// do any processing ie call SetIvL() before this method
sl@0	390	if (iOperationMode.iUid == KOperationModeCBC)
sl@0	391	{
sl@0	392	if (iIv.MaxLength() == 0)
sl@0	393	{
sl@0	394	User::Leave(KErrNotSupported);
sl@0	395	}
sl@0	396	}
sl@0	397
sl@0	398	TInt inputLength(aInput.Length());
sl@0	399	TInt inputStoreLength(iInputStore.Length());
sl@0	400
sl@0	401	if (MaxOutputLength(inputLength) > aOutput.MaxLength())
sl@0	402	{
sl@0	403	User::Leave(KErrOverflow);
sl@0	404	}
sl@0	405
sl@0	406	TUint8 blockSizeLog = CryptoLog2(iBlockBytes);
sl@0	407	TInt wholeBlocks = (inputLength + inputStoreLength) >> blockSizeLog;
sl@0	408	TInt wholeBlocksSize = wholeBlocks << blockSizeLog;
sl@0	409
sl@0	410	if (wholeBlocks)
sl@0	411	{
sl@0	412	TInt outputLength(aOutput.Length());
sl@0	413
sl@0	414	if (inputStoreLength > 0)
sl@0	415	{
sl@0	416	aOutput.Append(iInputStore);
sl@0	417	iInputStore.Zero();
sl@0	418	}
sl@0	419	aOutput.Append(aInput.Left(wholeBlocksSize - inputStoreLength));
sl@0	420	Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks);
sl@0	421	}
sl@0	422
sl@0	423	TInt remainingBytes = inputLength + inputStoreLength - wholeBlocksSize;
sl@0	424	if (remainingBytes > 0)
sl@0	425	{
sl@0	426	iInputStore.Append(aInput.Right(remainingBytes));
sl@0	427	}
sl@0	428	}
sl@0	429
sl@0	430	void CSymmetricBlockCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
sl@0	431	{
sl@0	432	// if we're running in CBC mode then we must have an IV set before we can
sl@0	433	// do any processing ie call SetIvL() before this method
sl@0	434	if (iOperationMode.iUid == KOperationModeCBC)
sl@0	435	{
sl@0	436	if (iIv.MaxLength() == 0)
sl@0	437	{
sl@0	438	User::Leave(KErrNotSupported);
sl@0	439	}
sl@0	440	}
sl@0	441
sl@0	442	if (iCryptoMode.iUid == KCryptoModeEncrypt)
sl@0	443	{
sl@0	444	return DoProcessFinalEncryptL(aInput, aOutput);
sl@0	445	}
sl@0	446	else
sl@0	447	{
sl@0	448	return DoProcessFinalDecryptL(aInput, aOutput);
sl@0	449	}
sl@0	450	}
sl@0	451
sl@0	452	void CSymmetricBlockCipherImpl::DoProcessFinalEncryptL(const TDesC8& aInput, TDes8& aOutput)
sl@0	453	{
sl@0	454	if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
sl@0	455	{
sl@0	456	User::Leave(KErrOverflow);
sl@0	457	}
sl@0	458
sl@0	459	// process everything up to the last (possibly empty block)
sl@0	460	TInt outputStartIndex = aOutput.Length();
sl@0	461	ProcessL(aInput, aOutput);
sl@0	462
sl@0	463	// pad the plaintext
sl@0	464	iPadding->PadL(iInputStore, iPaddingBlock);
sl@0	465
sl@0	466	// if padding required
sl@0	467	if (iPaddingBlock.Length() > 0)
sl@0	468	{
sl@0	469	iInputStore.Zero();
sl@0	470
sl@0	471	// make sure the output is a multiple of the block size
sl@0	472	User::LeaveIfError(((aOutput.Length() - outputStartIndex + iPaddingBlock.Length()) % iBlockBytes) == 0 ? KErrNone : KErrInvalidPadding);
sl@0	473
sl@0	474	outputStartIndex = aOutput.Length();
sl@0	475	aOutput.Append(iPaddingBlock);
sl@0	476	iPaddingBlock.Zero();
sl@0	477	TransformEncrypt(const_cast<TUint8*>(aOutput.Ptr()) + outputStartIndex, 1);
sl@0	478	}
sl@0	479	}
sl@0	480
sl@0	481	void CSymmetricBlockCipherImpl::DoProcessFinalDecryptL(const TDesC8& aInput, TDes8& aOutput)
sl@0	482	{
sl@0	483	if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
sl@0	484	{
sl@0	485	User::Leave(KErrOverflow);
sl@0	486	}
sl@0	487
sl@0	488	// Input length (including inputstore) must be a multiple of the
sl@0	489	// block size in length
sl@0	490	if ((aInput.Length() + iInputStore.Length()) & (iBlockBytes - 1))
sl@0	491	{
sl@0	492	User::Leave(KErrArgument);
sl@0	493	}
sl@0	494
sl@0	495	TInt bytesProcessed(0);
sl@0	496	if(aInput.Length() > iBlockBytes)
sl@0	497	{
sl@0	498	// the last block lies entirely within aInput so decrypt everything up
sl@0	499	// to this point.
sl@0	500	bytesProcessed = aInput.Length() - iBlockBytes;
sl@0	501	ProcessL(aInput.Left(bytesProcessed), aOutput);
sl@0	502	ASSERT(iInputStore.Length()==0); // all the blocks should have been decrypted
sl@0	503	}
sl@0	504	else
sl@0	505	{
sl@0	506	// if the input is less than one block in length then this + input
sl@0	507	// store should combine to give exactly one block of data
sl@0	508	ASSERT((iInputStore.Length() + aInput.Length()) == iBlockBytes);
sl@0	509	}
sl@0	510
sl@0	511	// now contains the final ciphertext block
sl@0	512	iInputStore.Append(aInput.Right(aInput.Length() - bytesProcessed));
sl@0	513
sl@0	514	// Decrypt the last _padding_ blocksize into a new buffer
sl@0	515	TransformDecrypt(const_cast<TUint8*>(iInputStore.Ptr()), 1);
sl@0	516
sl@0	517	// Unpad the last block and append to output
sl@0	518	iPadding->UnPadL(iInputStore, aOutput);
sl@0	519
sl@0	520	iPaddingBlock.Zero();
sl@0	521	iInputStore.Zero();
sl@0	522	}
sl@0	523
sl@0	524

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--