|
sl@0
|
1 |
/*
|
|
sl@0
|
2 |
* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
sl@0
|
3 |
* All rights reserved.
|
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
sl@0
|
8 |
*
|
|
sl@0
|
9 |
* Initial Contributors:
|
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
|
sl@0
|
11 |
*
|
|
sl@0
|
12 |
* Contributors:
|
|
sl@0
|
13 |
*
|
|
sl@0
|
14 |
* Description:
|
|
sl@0
|
15 |
*
|
|
sl@0
|
16 |
*/
|
|
sl@0
|
17 |
|
|
sl@0
|
18 |
|
|
sl@0
|
19 |
#include "symmetriccipherimpl.h"
|
|
sl@0
|
20 |
|
|
sl@0
|
21 |
#include <e32def.h>
|
|
sl@0
|
22 |
#include <cryptostrength.h>
|
|
sl@0
|
23 |
#include <cryptospi/cryptospidef.h>
|
|
sl@0
|
24 |
#include "keys.h"
|
|
sl@0
|
25 |
#include <cryptopanic.h>
|
|
sl@0
|
26 |
#include <cryptospi/plugincharacteristics.h>
|
|
sl@0
|
27 |
#include "pluginconfig.h"
|
|
sl@0
|
28 |
#include <securityerr.h>
|
|
sl@0
|
29 |
#include "common/inlines.h"
|
|
sl@0
|
30 |
|
|
sl@0
|
31 |
using namespace SoftwareCrypto;
|
|
sl@0
|
32 |
|
|
sl@0
|
33 |
//
|
|
sl@0
|
34 |
// Implementation of Symmetric Cipher class
|
|
sl@0
|
35 |
//
|
|
sl@0
|
36 |
CSymmetricCipherImpl::CSymmetricCipherImpl()
|
|
sl@0
|
37 |
{
|
|
sl@0
|
38 |
}
|
|
sl@0
|
39 |
|
|
sl@0
|
40 |
void CSymmetricCipherImpl::ConstructL(const CKey& aKey)
|
|
sl@0
|
41 |
{
|
|
sl@0
|
42 |
DoSetKeyL(aKey);
|
|
sl@0
|
43 |
}
|
|
sl@0
|
44 |
|
|
sl@0
|
45 |
void CSymmetricCipherImpl::SecureDelete(HBufC8*& aBuffer)
|
|
sl@0
|
46 |
{
|
|
sl@0
|
47 |
if (aBuffer)
|
|
sl@0
|
48 |
{
|
|
sl@0
|
49 |
aBuffer->Des().FillZ();
|
|
sl@0
|
50 |
}
|
|
sl@0
|
51 |
delete aBuffer;
|
|
sl@0
|
52 |
aBuffer = 0;
|
|
sl@0
|
53 |
}
|
|
sl@0
|
54 |
|
|
sl@0
|
55 |
CSymmetricCipherImpl::~CSymmetricCipherImpl()
|
|
sl@0
|
56 |
{
|
|
sl@0
|
57 |
SecureDelete(iKey);
|
|
sl@0
|
58 |
}
|
|
sl@0
|
59 |
|
|
sl@0
|
60 |
void CSymmetricCipherImpl::Close()
|
|
sl@0
|
61 |
{
|
|
sl@0
|
62 |
delete this;
|
|
sl@0
|
63 |
}
|
|
sl@0
|
64 |
|
|
sl@0
|
65 |
TAny* CSymmetricCipherImpl::GetExtension(TUid /*aExtensionId*/)
|
|
sl@0
|
66 |
{
|
|
sl@0
|
67 |
return 0;
|
|
sl@0
|
68 |
}
|
|
sl@0
|
69 |
|
|
sl@0
|
70 |
void CSymmetricCipherImpl::GetCharacteristicsL(const TAny*& aPluginCharacteristics)
|
|
sl@0
|
71 |
{
|
|
sl@0
|
72 |
TInt numCiphers = sizeof(KSymmetricCipherCharacteristics)/sizeof(TSymmetricCipherCharacteristics*);
|
|
sl@0
|
73 |
TInt32 implUid = ImplementationUid().iUid;
|
|
sl@0
|
74 |
for (TInt i = 0; i < numCiphers; ++i)
|
|
sl@0
|
75 |
{
|
|
sl@0
|
76 |
if (KSymmetricCipherCharacteristics[i]->cmn.iImplementationUID == implUid)
|
|
sl@0
|
77 |
{
|
|
sl@0
|
78 |
aPluginCharacteristics = KSymmetricCipherCharacteristics[i];
|
|
sl@0
|
79 |
break;
|
|
sl@0
|
80 |
}
|
|
sl@0
|
81 |
}
|
|
sl@0
|
82 |
}
|
|
sl@0
|
83 |
|
|
sl@0
|
84 |
TInt CSymmetricCipherImpl::GetKeyStrength() const
|
|
sl@0
|
85 |
{
|
|
sl@0
|
86 |
return BytesToBits(iKey->Length());
|
|
sl@0
|
87 |
}
|
|
sl@0
|
88 |
|
|
sl@0
|
89 |
HBufC8* CSymmetricCipherImpl::ExtractKeyDataLC(const CKey& aKey) const
|
|
sl@0
|
90 |
{
|
|
sl@0
|
91 |
const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid);
|
|
sl@0
|
92 |
return keyContent.AllocLC();
|
|
sl@0
|
93 |
}
|
|
sl@0
|
94 |
|
|
sl@0
|
95 |
TInt CSymmetricCipherImpl::KeySize() const
|
|
sl@0
|
96 |
{
|
|
sl@0
|
97 |
// return key size in BITS
|
|
sl@0
|
98 |
return BytesToBits(iKeyBytes);
|
|
sl@0
|
99 |
}
|
|
sl@0
|
100 |
|
|
sl@0
|
101 |
void CSymmetricCipherImpl::DoSetKeyL(const CKey& aKey)
|
|
sl@0
|
102 |
{
|
|
sl@0
|
103 |
HBufC8* key = ExtractKeyDataLC(aKey);
|
|
sl@0
|
104 |
TInt keyLength(key->Length());
|
|
sl@0
|
105 |
|
|
sl@0
|
106 |
TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyLength));
|
|
sl@0
|
107 |
if (! IsValidKeyLength(keyLength))
|
|
sl@0
|
108 |
{
|
|
sl@0
|
109 |
CleanupStack::PopAndDestroy(key);
|
|
sl@0
|
110 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
111 |
}
|
|
sl@0
|
112 |
|
|
sl@0
|
113 |
SecureDelete(iKey);
|
|
sl@0
|
114 |
CleanupStack::Pop(key);
|
|
sl@0
|
115 |
iKey = key;
|
|
sl@0
|
116 |
iKeyBytes = keyLength;
|
|
sl@0
|
117 |
}
|
|
sl@0
|
118 |
|
|
sl@0
|
119 |
//
|
|
sl@0
|
120 |
// Implementation of Symmetric Stream Cipher
|
|
sl@0
|
121 |
//
|
|
sl@0
|
122 |
CSymmetricStreamCipherImpl::CSymmetricStreamCipherImpl()
|
|
sl@0
|
123 |
{
|
|
sl@0
|
124 |
}
|
|
sl@0
|
125 |
|
|
sl@0
|
126 |
CSymmetricStreamCipherImpl::~CSymmetricStreamCipherImpl()
|
|
sl@0
|
127 |
{
|
|
sl@0
|
128 |
}
|
|
sl@0
|
129 |
|
|
sl@0
|
130 |
void CSymmetricStreamCipherImpl::SetKeyL(const CKey& aKey)
|
|
sl@0
|
131 |
{
|
|
sl@0
|
132 |
DoSetKeyL(aKey);
|
|
sl@0
|
133 |
TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
|
|
sl@0
|
134 |
Reset();
|
|
sl@0
|
135 |
}
|
|
sl@0
|
136 |
|
|
sl@0
|
137 |
void CSymmetricStreamCipherImpl::ConstructL(const CKey& aKey)
|
|
sl@0
|
138 |
{
|
|
sl@0
|
139 |
CSymmetricCipherImpl::ConstructL(aKey);
|
|
sl@0
|
140 |
}
|
|
sl@0
|
141 |
|
|
sl@0
|
142 |
TInt CSymmetricStreamCipherImpl::BlockSize() const
|
|
sl@0
|
143 |
{
|
|
sl@0
|
144 |
// return block size in BITS
|
|
sl@0
|
145 |
return BYTE_BITS;
|
|
sl@0
|
146 |
}
|
|
sl@0
|
147 |
|
|
sl@0
|
148 |
void CSymmetricStreamCipherImpl::SetCryptoModeL(TUid /*aCryptoMode*/)
|
|
sl@0
|
149 |
{
|
|
sl@0
|
150 |
// Call the reset method.
|
|
sl@0
|
151 |
Reset();
|
|
sl@0
|
152 |
}
|
|
sl@0
|
153 |
|
|
sl@0
|
154 |
TInt CSymmetricStreamCipherImpl::MaxOutputLength(TInt aInputLength) const
|
|
sl@0
|
155 |
{
|
|
sl@0
|
156 |
return aInputLength;
|
|
sl@0
|
157 |
}
|
|
sl@0
|
158 |
|
|
sl@0
|
159 |
TInt CSymmetricStreamCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
|
|
sl@0
|
160 |
{
|
|
sl@0
|
161 |
return aInputLength;
|
|
sl@0
|
162 |
}
|
|
sl@0
|
163 |
|
|
sl@0
|
164 |
void CSymmetricStreamCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
165 |
{
|
|
sl@0
|
166 |
TInt outputIndex = aOutput.Size();
|
|
sl@0
|
167 |
|
|
sl@0
|
168 |
// aOutput may already have outputIndex bytes of data in it
|
|
sl@0
|
169 |
// check there will still be enough space to process the result
|
|
sl@0
|
170 |
__ASSERT_DEBUG(aOutput.MaxLength() - outputIndex >= MaxOutputLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
|
|
sl@0
|
171 |
|
|
sl@0
|
172 |
aOutput.Append(aInput);
|
|
sl@0
|
173 |
|
|
sl@0
|
174 |
TPtr8 transformBuf((TUint8*)(aOutput.Ptr()) + outputIndex, aInput.Size(),
|
|
sl@0
|
175 |
aInput.Size());
|
|
sl@0
|
176 |
DoProcess(transformBuf);
|
|
sl@0
|
177 |
}
|
|
sl@0
|
178 |
|
|
sl@0
|
179 |
void CSymmetricStreamCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
180 |
{
|
|
sl@0
|
181 |
ProcessL(aInput, aOutput);
|
|
sl@0
|
182 |
}
|
|
sl@0
|
183 |
|
|
sl@0
|
184 |
//
|
|
sl@0
|
185 |
// Implementation of Symmetric Block Cipher
|
|
sl@0
|
186 |
//
|
|
sl@0
|
187 |
CSymmetricBlockCipherImpl::CSymmetricBlockCipherImpl(
|
|
sl@0
|
188 |
TUint8 aBlockBytes,
|
|
sl@0
|
189 |
TUid aCryptoMode,
|
|
sl@0
|
190 |
TUid aOperationMode,
|
|
sl@0
|
191 |
TUid aPaddingMode) :
|
|
sl@0
|
192 |
iBlockBytes(aBlockBytes),
|
|
sl@0
|
193 |
iCryptoMode(aCryptoMode),
|
|
sl@0
|
194 |
iOperationMode(aOperationMode),
|
|
sl@0
|
195 |
iPaddingMode(aPaddingMode),
|
|
sl@0
|
196 |
iBufferedPlaintextPtr(0,0,0),
|
|
sl@0
|
197 |
iCtrUnusedKeystreamPtr(0,0,0)
|
|
sl@0
|
198 |
{
|
|
sl@0
|
199 |
}
|
|
sl@0
|
200 |
|
|
sl@0
|
201 |
CSymmetricBlockCipherImpl::~CSymmetricBlockCipherImpl()
|
|
sl@0
|
202 |
{
|
|
sl@0
|
203 |
delete iPadding;
|
|
sl@0
|
204 |
delete [] iRegister;
|
|
sl@0
|
205 |
delete [] iCurrentCipherText;
|
|
sl@0
|
206 |
delete iBufferedPlaintext;
|
|
sl@0
|
207 |
delete iCtrUnusedKeystream;
|
|
sl@0
|
208 |
iIv.Close();
|
|
sl@0
|
209 |
iInputStore.Close();
|
|
sl@0
|
210 |
iPaddingBlock.Close();
|
|
sl@0
|
211 |
}
|
|
sl@0
|
212 |
|
|
sl@0
|
213 |
|
|
sl@0
|
214 |
void CSymmetricBlockCipherImpl::ConstructL(const CKey& aKey)
|
|
sl@0
|
215 |
{
|
|
sl@0
|
216 |
CSymmetricCipherImpl::ConstructL(aKey);
|
|
sl@0
|
217 |
DoSetOperationModeL(iOperationMode);
|
|
sl@0
|
218 |
DoSetCryptoModeL(iCryptoMode);
|
|
sl@0
|
219 |
DoSetPaddingModeL(iPaddingMode);
|
|
sl@0
|
220 |
|
|
sl@0
|
221 |
iInputStore.ReAllocL(iBlockBytes);
|
|
sl@0
|
222 |
iPaddingBlock.ReAllocL(iBlockBytes);
|
|
sl@0
|
223 |
|
|
sl@0
|
224 |
iRegister = new(ELeave) TUint32[iBlockBytes/4];
|
|
sl@0
|
225 |
iRegisterPtr = reinterpret_cast<TUint8*>(iRegister);
|
|
sl@0
|
226 |
|
|
sl@0
|
227 |
iCurrentCipherText = new(ELeave) TUint32[iBlockBytes/4];
|
|
sl@0
|
228 |
iCurrentCipherTextPtr = reinterpret_cast<TUint8*>(iCurrentCipherText);
|
|
sl@0
|
229 |
|
|
sl@0
|
230 |
iBufferedPlaintext = HBufC8::NewL(iBlockBytes);
|
|
sl@0
|
231 |
iBufferedPlaintextPtr.Set(iBufferedPlaintext->Des());
|
|
sl@0
|
232 |
|
|
sl@0
|
233 |
iCtrUnusedKeystream = HBufC8::NewL(iBlockBytes);
|
|
sl@0
|
234 |
iCtrUnusedKeystreamPtr.Set(iCtrUnusedKeystream->Des());
|
|
sl@0
|
235 |
}
|
|
sl@0
|
236 |
|
|
sl@0
|
237 |
void CSymmetricBlockCipherImpl::Reset()
|
|
sl@0
|
238 |
{
|
|
sl@0
|
239 |
iInputStore.Zero();
|
|
sl@0
|
240 |
iPaddingBlock.Zero();
|
|
sl@0
|
241 |
iCtrUnusedKeystreamPtr.Zero();
|
|
sl@0
|
242 |
|
|
sl@0
|
243 |
if (iOperationMode.iUid == KOperationModeCBC)
|
|
sl@0
|
244 |
{
|
|
sl@0
|
245 |
// only copy the IV if it is already set
|
|
sl@0
|
246 |
if (iIv.MaxLength() > 0)
|
|
sl@0
|
247 |
{
|
|
sl@0
|
248 |
Mem::Copy(iRegisterPtr, &iIv[0], iBlockBytes);
|
|
sl@0
|
249 |
}
|
|
sl@0
|
250 |
}
|
|
sl@0
|
251 |
}
|
|
sl@0
|
252 |
|
|
sl@0
|
253 |
void CSymmetricBlockCipherImpl::SetKeyL(const CKey& aKey)
|
|
sl@0
|
254 |
{
|
|
sl@0
|
255 |
DoSetKeyL(aKey);
|
|
sl@0
|
256 |
TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
|
|
sl@0
|
257 |
SetKeySchedule();
|
|
sl@0
|
258 |
Reset();
|
|
sl@0
|
259 |
}
|
|
sl@0
|
260 |
|
|
sl@0
|
261 |
void CSymmetricBlockCipherImpl::SetOperationModeL(TUid aOperationMode)
|
|
sl@0
|
262 |
{
|
|
sl@0
|
263 |
DoSetOperationModeL(aOperationMode);
|
|
sl@0
|
264 |
Reset();
|
|
sl@0
|
265 |
}
|
|
sl@0
|
266 |
|
|
sl@0
|
267 |
void CSymmetricBlockCipherImpl::SetCryptoModeL(TUid aCryptoMode)
|
|
sl@0
|
268 |
{
|
|
sl@0
|
269 |
DoSetCryptoModeL(aCryptoMode);
|
|
sl@0
|
270 |
SetKeySchedule();
|
|
sl@0
|
271 |
Reset();
|
|
sl@0
|
272 |
}
|
|
sl@0
|
273 |
|
|
sl@0
|
274 |
void CSymmetricBlockCipherImpl::SetPaddingModeL(TUid aPaddingMode)
|
|
sl@0
|
275 |
{
|
|
sl@0
|
276 |
DoSetPaddingModeL(aPaddingMode);
|
|
sl@0
|
277 |
Reset();
|
|
sl@0
|
278 |
}
|
|
sl@0
|
279 |
|
|
sl@0
|
280 |
void CSymmetricBlockCipherImpl::SetIvL(const TDesC8& aIv)
|
|
sl@0
|
281 |
{
|
|
sl@0
|
282 |
if ((iOperationMode.iUid != KOperationModeCBC) && (iOperationMode.iUid != KOperationModeCTR))
|
|
sl@0
|
283 |
{
|
|
sl@0
|
284 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
285 |
}
|
|
sl@0
|
286 |
DoSetIvL(aIv);
|
|
sl@0
|
287 |
Reset();
|
|
sl@0
|
288 |
}
|
|
sl@0
|
289 |
|
|
sl@0
|
290 |
void CSymmetricBlockCipherImpl::DoSetOperationModeL(TUid aOperationMode)
|
|
sl@0
|
291 |
{
|
|
sl@0
|
292 |
switch (aOperationMode.iUid)
|
|
sl@0
|
293 |
{
|
|
sl@0
|
294 |
case KOperationModeNone:
|
|
sl@0
|
295 |
case KOperationModeECB:
|
|
sl@0
|
296 |
case KOperationModeCBC:
|
|
sl@0
|
297 |
break;
|
|
sl@0
|
298 |
case KOperationModeCTR:
|
|
sl@0
|
299 |
SetCryptoModeL(KCryptoModeEncryptUid);
|
|
sl@0
|
300 |
break;
|
|
sl@0
|
301 |
default:
|
|
sl@0
|
302 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
303 |
}
|
|
sl@0
|
304 |
iOperationMode = aOperationMode;
|
|
sl@0
|
305 |
}
|
|
sl@0
|
306 |
|
|
sl@0
|
307 |
void CSymmetricBlockCipherImpl::DoSetCryptoModeL(TUid aCryptoMode)
|
|
sl@0
|
308 |
{
|
|
sl@0
|
309 |
switch (aCryptoMode.iUid)
|
|
sl@0
|
310 |
{
|
|
sl@0
|
311 |
case KCryptoModeEncrypt:
|
|
sl@0
|
312 |
break;
|
|
sl@0
|
313 |
case KCryptoModeDecrypt:
|
|
sl@0
|
314 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
315 |
{
|
|
sl@0
|
316 |
return;
|
|
sl@0
|
317 |
}
|
|
sl@0
|
318 |
break;
|
|
sl@0
|
319 |
default:
|
|
sl@0
|
320 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
321 |
}
|
|
sl@0
|
322 |
iCryptoMode = aCryptoMode;
|
|
sl@0
|
323 |
}
|
|
sl@0
|
324 |
|
|
sl@0
|
325 |
void CSymmetricBlockCipherImpl::DoSetPaddingModeL(TUid aPaddingMode)
|
|
sl@0
|
326 |
{
|
|
sl@0
|
327 |
CPadding* padding(0);
|
|
sl@0
|
328 |
switch (aPaddingMode.iUid)
|
|
sl@0
|
329 |
{
|
|
sl@0
|
330 |
case KPaddingModeNone:
|
|
sl@0
|
331 |
padding = CPaddingNone::NewL(iBlockBytes);
|
|
sl@0
|
332 |
break;
|
|
sl@0
|
333 |
case KPaddingModeSSLv3:
|
|
sl@0
|
334 |
padding = CPaddingSSLv3::NewL(iBlockBytes);
|
|
sl@0
|
335 |
break;
|
|
sl@0
|
336 |
case KPaddingModePKCS7:
|
|
sl@0
|
337 |
padding = CPaddingPKCS7::NewL(iBlockBytes);
|
|
sl@0
|
338 |
break;
|
|
sl@0
|
339 |
default:
|
|
sl@0
|
340 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
341 |
}
|
|
sl@0
|
342 |
delete iPadding;
|
|
sl@0
|
343 |
iPadding = padding;
|
|
sl@0
|
344 |
iPaddingMode = aPaddingMode;
|
|
sl@0
|
345 |
}
|
|
sl@0
|
346 |
|
|
sl@0
|
347 |
void CSymmetricBlockCipherImpl::DoSetIvL(const TDesC8& aIv)
|
|
sl@0
|
348 |
{
|
|
sl@0
|
349 |
iIv.ReAllocL(iBlockBytes);
|
|
sl@0
|
350 |
iIv.SetLength(iBlockBytes);
|
|
sl@0
|
351 |
|
|
sl@0
|
352 |
iIv.Zero();
|
|
sl@0
|
353 |
if (aIv.Length() != iBlockBytes)
|
|
sl@0
|
354 |
{
|
|
sl@0
|
355 |
User::Leave(KErrArgument);
|
|
sl@0
|
356 |
}
|
|
sl@0
|
357 |
iIv = aIv;
|
|
sl@0
|
358 |
Mem::Copy(iRegisterPtr, &iIv[0], iBlockBytes); //for CTR mode
|
|
sl@0
|
359 |
|
|
sl@0
|
360 |
}
|
|
sl@0
|
361 |
|
|
sl@0
|
362 |
TInt CSymmetricBlockCipherImpl::BlockSize() const
|
|
sl@0
|
363 |
{
|
|
sl@0
|
364 |
// return block size in BITS
|
|
sl@0
|
365 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
366 |
{
|
|
sl@0
|
367 |
return 8;
|
|
sl@0
|
368 |
}
|
|
sl@0
|
369 |
else
|
|
sl@0
|
370 |
{
|
|
sl@0
|
371 |
return BytesToBits(iBlockBytes);
|
|
sl@0
|
372 |
}
|
|
sl@0
|
373 |
}
|
|
sl@0
|
374 |
|
|
sl@0
|
375 |
TInt CSymmetricBlockCipherImpl::MaxOutputLength(TInt aInputLength) const
|
|
sl@0
|
376 |
{
|
|
sl@0
|
377 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
378 |
{
|
|
sl@0
|
379 |
return aInputLength;
|
|
sl@0
|
380 |
}
|
|
sl@0
|
381 |
else
|
|
sl@0
|
382 |
{
|
|
sl@0
|
383 |
// The maximum output length required for Process is equal to the
|
|
sl@0
|
384 |
// size of the number of whole input blocks available.
|
|
sl@0
|
385 |
//
|
|
sl@0
|
386 |
// The block bytes is a power of two so we can use this to avoid
|
|
sl@0
|
387 |
// doing a real mod operation
|
|
sl@0
|
388 |
TUint inputStoreLength(iInputStore.Length());
|
|
sl@0
|
389 |
TInt rem = (aInputLength + inputStoreLength) & (iBlockBytes - 1);
|
|
sl@0
|
390 |
return (aInputLength + inputStoreLength - rem);
|
|
sl@0
|
391 |
}
|
|
sl@0
|
392 |
}
|
|
sl@0
|
393 |
|
|
sl@0
|
394 |
TInt CSymmetricBlockCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
|
|
sl@0
|
395 |
{
|
|
sl@0
|
396 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
397 |
{
|
|
sl@0
|
398 |
return aInputLength;
|
|
sl@0
|
399 |
}
|
|
sl@0
|
400 |
else if (iCryptoMode.iUid == KCryptoModeEncrypt)
|
|
sl@0
|
401 |
{
|
|
sl@0
|
402 |
return iPadding->MaxPaddedLength(iInputStore.Length() + aInputLength);
|
|
sl@0
|
403 |
}
|
|
sl@0
|
404 |
else
|
|
sl@0
|
405 |
{
|
|
sl@0
|
406 |
return iPadding->MaxUnPaddedLength(aInputLength + iInputStore.Size());
|
|
sl@0
|
407 |
}
|
|
sl@0
|
408 |
}
|
|
sl@0
|
409 |
|
|
sl@0
|
410 |
void CSymmetricBlockCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
411 |
{
|
|
sl@0
|
412 |
// if we're running in CBC or CTR mode then we must have an IV set before we can
|
|
sl@0
|
413 |
// do any processing ie call SetIvL() before this method
|
|
sl@0
|
414 |
if ((iOperationMode.iUid == KOperationModeCBC) || (iOperationMode.iUid == KOperationModeCTR))
|
|
sl@0
|
415 |
{
|
|
sl@0
|
416 |
if (iIv.MaxLength() == 0)
|
|
sl@0
|
417 |
{
|
|
sl@0
|
418 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
419 |
}
|
|
sl@0
|
420 |
}
|
|
sl@0
|
421 |
|
|
sl@0
|
422 |
TInt inputLength(aInput.Length());
|
|
sl@0
|
423 |
TInt inputStoreLength(iInputStore.Length());
|
|
sl@0
|
424 |
|
|
sl@0
|
425 |
if (MaxOutputLength(inputLength) > aOutput.MaxLength())
|
|
sl@0
|
426 |
{
|
|
sl@0
|
427 |
User::Leave(KErrOverflow);
|
|
sl@0
|
428 |
}
|
|
sl@0
|
429 |
|
|
sl@0
|
430 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
431 |
{
|
|
sl@0
|
432 |
ProcessCtrL(aInput, aOutput);
|
|
sl@0
|
433 |
}
|
|
sl@0
|
434 |
else
|
|
sl@0
|
435 |
{
|
|
sl@0
|
436 |
TUint8 blockSizeLog = CryptoLog2(iBlockBytes);
|
|
sl@0
|
437 |
TInt wholeBlocks = (inputLength + inputStoreLength) >> blockSizeLog;
|
|
sl@0
|
438 |
TInt wholeBlocksSize = wholeBlocks << blockSizeLog;
|
|
sl@0
|
439 |
|
|
sl@0
|
440 |
if (wholeBlocks)
|
|
sl@0
|
441 |
{
|
|
sl@0
|
442 |
TInt outputLength(aOutput.Length());
|
|
sl@0
|
443 |
|
|
sl@0
|
444 |
if (inputStoreLength > 0)
|
|
sl@0
|
445 |
{
|
|
sl@0
|
446 |
aOutput.Append(iInputStore);
|
|
sl@0
|
447 |
iInputStore.Zero();
|
|
sl@0
|
448 |
}
|
|
sl@0
|
449 |
aOutput.Append(aInput.Left(wholeBlocksSize - inputStoreLength));
|
|
sl@0
|
450 |
Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks);
|
|
sl@0
|
451 |
}
|
|
sl@0
|
452 |
|
|
sl@0
|
453 |
TInt remainingBytes = inputLength + inputStoreLength - wholeBlocksSize;
|
|
sl@0
|
454 |
if (remainingBytes > 0)
|
|
sl@0
|
455 |
{
|
|
sl@0
|
456 |
iInputStore.Append(aInput.Right(remainingBytes));
|
|
sl@0
|
457 |
}
|
|
sl@0
|
458 |
}
|
|
sl@0
|
459 |
}
|
|
sl@0
|
460 |
|
|
sl@0
|
461 |
void CSymmetricBlockCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
462 |
{
|
|
sl@0
|
463 |
if (iOperationMode.iUid == KOperationModeCTR)
|
|
sl@0
|
464 |
{
|
|
sl@0
|
465 |
ProcessL(aInput, aOutput);
|
|
sl@0
|
466 |
}
|
|
sl@0
|
467 |
else
|
|
sl@0
|
468 |
{
|
|
sl@0
|
469 |
// if we're running in CBC mode then we must have an IV set before we can
|
|
sl@0
|
470 |
// do any processing ie call SetIvL() before this method
|
|
sl@0
|
471 |
if (iOperationMode.iUid == KOperationModeCBC)
|
|
sl@0
|
472 |
{
|
|
sl@0
|
473 |
if (iIv.MaxLength() == 0)
|
|
sl@0
|
474 |
{
|
|
sl@0
|
475 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
476 |
}
|
|
sl@0
|
477 |
}
|
|
sl@0
|
478 |
|
|
sl@0
|
479 |
if (iCryptoMode.iUid == KCryptoModeEncrypt)
|
|
sl@0
|
480 |
{
|
|
sl@0
|
481 |
return DoProcessFinalEncryptL(aInput, aOutput);
|
|
sl@0
|
482 |
}
|
|
sl@0
|
483 |
else
|
|
sl@0
|
484 |
{
|
|
sl@0
|
485 |
return DoProcessFinalDecryptL(aInput, aOutput);
|
|
sl@0
|
486 |
}
|
|
sl@0
|
487 |
}
|
|
sl@0
|
488 |
}
|
|
sl@0
|
489 |
|
|
sl@0
|
490 |
void CSymmetricBlockCipherImpl::DoProcessFinalEncryptL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
491 |
{
|
|
sl@0
|
492 |
if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
|
|
sl@0
|
493 |
{
|
|
sl@0
|
494 |
User::Leave(KErrOverflow);
|
|
sl@0
|
495 |
}
|
|
sl@0
|
496 |
|
|
sl@0
|
497 |
// process everything up to the last (possibly empty block)
|
|
sl@0
|
498 |
TInt outputStartIndex = aOutput.Length();
|
|
sl@0
|
499 |
ProcessL(aInput, aOutput);
|
|
sl@0
|
500 |
|
|
sl@0
|
501 |
// pad the plaintext
|
|
sl@0
|
502 |
iPadding->PadL(iInputStore, iPaddingBlock);
|
|
sl@0
|
503 |
|
|
sl@0
|
504 |
// if padding required
|
|
sl@0
|
505 |
if (iPaddingBlock.Length() > 0)
|
|
sl@0
|
506 |
{
|
|
sl@0
|
507 |
iInputStore.Zero();
|
|
sl@0
|
508 |
|
|
sl@0
|
509 |
// make sure the output is a multiple of the block size
|
|
sl@0
|
510 |
User::LeaveIfError(((aOutput.Length() - outputStartIndex + iPaddingBlock.Length()) % iBlockBytes) == 0 ? KErrNone : KErrInvalidPadding);
|
|
sl@0
|
511 |
|
|
sl@0
|
512 |
outputStartIndex = aOutput.Length();
|
|
sl@0
|
513 |
aOutput.Append(iPaddingBlock);
|
|
sl@0
|
514 |
iPaddingBlock.Zero();
|
|
sl@0
|
515 |
TransformEncrypt(const_cast<TUint8*>(aOutput.Ptr()) + outputStartIndex, 1);
|
|
sl@0
|
516 |
}
|
|
sl@0
|
517 |
}
|
|
sl@0
|
518 |
|
|
sl@0
|
519 |
void CSymmetricBlockCipherImpl::DoProcessFinalDecryptL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
520 |
{
|
|
sl@0
|
521 |
if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
|
|
sl@0
|
522 |
{
|
|
sl@0
|
523 |
User::Leave(KErrOverflow);
|
|
sl@0
|
524 |
}
|
|
sl@0
|
525 |
|
|
sl@0
|
526 |
// Input length (including inputstore) must be a multiple of the
|
|
sl@0
|
527 |
// block size in length
|
|
sl@0
|
528 |
if ((aInput.Length() + iInputStore.Length()) & (iBlockBytes - 1))
|
|
sl@0
|
529 |
{
|
|
sl@0
|
530 |
User::Leave(KErrArgument);
|
|
sl@0
|
531 |
}
|
|
sl@0
|
532 |
|
|
sl@0
|
533 |
if(aInput.Length() > iBlockBytes)
|
|
sl@0
|
534 |
{
|
|
sl@0
|
535 |
HBufC8* processBuf = HBufC8::NewLC(MaxFinalOutputLength(aInput.Length()));
|
|
sl@0
|
536 |
TPtr8 processPtr = processBuf->Des();
|
|
sl@0
|
537 |
|
|
sl@0
|
538 |
ProcessL(aInput, processPtr);
|
|
sl@0
|
539 |
|
|
sl@0
|
540 |
ASSERT(iInputStore.Length()==0); // all the blocks should have been decrypted
|
|
sl@0
|
541 |
|
|
sl@0
|
542 |
// Unpad processPtr into aOutput
|
|
sl@0
|
543 |
iPadding->UnPadL(processPtr, aOutput);
|
|
sl@0
|
544 |
|
|
sl@0
|
545 |
CleanupStack::PopAndDestroy(processBuf);
|
|
sl@0
|
546 |
}
|
|
sl@0
|
547 |
else
|
|
sl@0
|
548 |
{
|
|
sl@0
|
549 |
// now contains the final ciphertext block
|
|
sl@0
|
550 |
iInputStore.Append(aInput);
|
|
sl@0
|
551 |
|
|
sl@0
|
552 |
// Decrypt the last _padding_ blocksize into a new buffer
|
|
sl@0
|
553 |
TransformDecrypt(const_cast<TUint8*>(iInputStore.Ptr()), 1);
|
|
sl@0
|
554 |
|
|
sl@0
|
555 |
// Unpad the last block and append to output
|
|
sl@0
|
556 |
iPadding->UnPadL(iInputStore, aOutput);
|
|
sl@0
|
557 |
}
|
|
sl@0
|
558 |
|
|
sl@0
|
559 |
iPaddingBlock.Zero();
|
|
sl@0
|
560 |
iInputStore.Zero();
|
|
sl@0
|
561 |
}
|
|
sl@0
|
562 |
|
|
sl@0
|
563 |
|
|
sl@0
|
564 |
/**
|
|
sl@0
|
565 |
CTR mode behaves like a stream cipher, accepting input of any arbitrary length. This results
|
|
sl@0
|
566 |
in a significant body of code that behaves fundamentally differently to the ECB and CBC modes.
|
|
sl@0
|
567 |
ProcessCtrL() is called by ProcessL() when operating in CTR mode, wrapping up all this
|
|
sl@0
|
568 |
functionality into a separate method for clarity.
|
|
sl@0
|
569 |
|
|
sl@0
|
570 |
Encrypting zero-filled bytes will return the keystream since the output of Transformation is simply
|
|
sl@0
|
571 |
the input XORed with the keystream.
|
|
sl@0
|
572 |
|
|
sl@0
|
573 |
See: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
|
|
sl@0
|
574 |
*/
|
|
sl@0
|
575 |
void CSymmetricBlockCipherImpl::ProcessCtrL(const TDesC8& aInput, TDes8& aOutput)
|
|
sl@0
|
576 |
{
|
|
sl@0
|
577 |
TInt inputLength(aInput.Length());
|
|
sl@0
|
578 |
|
|
sl@0
|
579 |
TInt outputLength(aOutput.Length());
|
|
sl@0
|
580 |
TInt amountToXor = Min(iCtrUnusedKeystreamPtr.Length(), inputLength);
|
|
sl@0
|
581 |
|
|
sl@0
|
582 |
// Try applying previously unused key stream bytes.
|
|
sl@0
|
583 |
if (amountToXor > 0)
|
|
sl@0
|
584 |
{
|
|
sl@0
|
585 |
aOutput.Append(aInput.Left(amountToXor));
|
|
sl@0
|
586 |
for (TInt i = 0; i < amountToXor; ++i)
|
|
sl@0
|
587 |
{
|
|
sl@0
|
588 |
aOutput[outputLength + i] ^= iCtrUnusedKeystreamPtr[i];
|
|
sl@0
|
589 |
}
|
|
sl@0
|
590 |
iCtrUnusedKeystreamPtr = iCtrUnusedKeystreamPtr.RightTPtr((iCtrUnusedKeystreamPtr.Length() - amountToXor));
|
|
sl@0
|
591 |
}
|
|
sl@0
|
592 |
|
|
sl@0
|
593 |
TInt amountToEncode = inputLength - amountToXor;
|
|
sl@0
|
594 |
|
|
sl@0
|
595 |
if ((iCtrUnusedKeystreamPtr.Length() == 0) && (amountToEncode > 0))
|
|
sl@0
|
596 |
{
|
|
sl@0
|
597 |
// For each whole block's worth of input, transform it.
|
|
sl@0
|
598 |
TInt wholeBlocks = (amountToEncode) / iBlockBytes;
|
|
sl@0
|
599 |
TInt wholeBlocksSize = wholeBlocks * iBlockBytes;
|
|
sl@0
|
600 |
outputLength = aOutput.Length();
|
|
sl@0
|
601 |
|
|
sl@0
|
602 |
if (wholeBlocks)
|
|
sl@0
|
603 |
{
|
|
sl@0
|
604 |
aOutput.Append(aInput.Mid(amountToXor, wholeBlocksSize));
|
|
sl@0
|
605 |
Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks);
|
|
sl@0
|
606 |
}
|
|
sl@0
|
607 |
|
|
sl@0
|
608 |
// CTR mode can handle arbitrary sized inputs. Here any remaining input data of less than the block size
|
|
sl@0
|
609 |
// is padded with zeros and then transformed. On return this padded section of the block will contain the next
|
|
sl@0
|
610 |
// sequence of keystream, which is copied to iCtrUnusedKeystream for use next time ProcessCtrL() is called.
|
|
sl@0
|
611 |
TInt remainingBytes = amountToEncode - wholeBlocksSize;
|
|
sl@0
|
612 |
iCtrUnusedKeystreamPtr = iCtrUnusedKeystream->Des();
|
|
sl@0
|
613 |
iCtrUnusedKeystreamPtr.SetMax();
|
|
sl@0
|
614 |
iCtrUnusedKeystreamPtr.FillZ();
|
|
sl@0
|
615 |
iCtrUnusedKeystreamPtr.Copy(aInput.Right(remainingBytes));
|
|
sl@0
|
616 |
iCtrUnusedKeystreamPtr.SetLength(iBlockBytes);
|
|
sl@0
|
617 |
|
|
sl@0
|
618 |
Transform(const_cast<TUint8*>(iCtrUnusedKeystreamPtr.Ptr()), 1);
|
|
sl@0
|
619 |
|
|
sl@0
|
620 |
aOutput.Append(iCtrUnusedKeystreamPtr.Left(remainingBytes));
|
|
sl@0
|
621 |
|
|
sl@0
|
622 |
iCtrUnusedKeystreamPtr = iCtrUnusedKeystreamPtr.RightTPtr((iCtrUnusedKeystreamPtr.Length() - remainingBytes));
|
|
sl@0
|
623 |
}
|
|
sl@0
|
624 |
}
|
|
sl@0
|
625 |
|
|
sl@0
|
626 |
|
|
sl@0
|
627 |
|
|
sl@0
|
628 |
// Methods implemented in subclass. No coverage here.
|
|
sl@0
|
629 |
#ifdef _BullseyeCoverage
|
|
sl@0
|
630 |
#pragma suppress_warnings on
|
|
sl@0
|
631 |
#pragma BullseyeCoverage off
|
|
sl@0
|
632 |
#pragma suppress_warnings off
|
|
sl@0
|
633 |
#endif
|
|
sl@0
|
634 |
void CSymmetricStreamCipherImpl::SetOperationModeL(TUid /*aOperationMode*/)
|
|
sl@0
|
635 |
{
|
|
sl@0
|
636 |
// Override in subclass
|
|
sl@0
|
637 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
638 |
}
|
|
sl@0
|
639 |
|
|
sl@0
|
640 |
void CSymmetricStreamCipherImpl::SetPaddingModeL(TUid /*aPaddingMode*/)
|
|
sl@0
|
641 |
{
|
|
sl@0
|
642 |
// Override in subclass
|
|
sl@0
|
643 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
644 |
}
|
|
sl@0
|
645 |
|
|
sl@0
|
646 |
void CSymmetricStreamCipherImpl::SetIvL(const TDesC8& /*aIv*/)
|
|
sl@0
|
647 |
{
|
|
sl@0
|
648 |
// Override in subclass
|
|
sl@0
|
649 |
User::Leave(KErrNotSupported);
|
|
sl@0
|
650 |
}
|