os/security/cryptoplugins/cryptospiplugins/source/softwarecrypto/symmetriccipherimpl.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
sl@0
     1
/*
sl@0
     2
* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0
     3
* All rights reserved.
sl@0
     4
* This component and the accompanying materials are made available
sl@0
     5
* under the terms of the License "Eclipse Public License v1.0"
sl@0
     6
* which accompanies this distribution, and is available
sl@0
     7
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0
     8
*
sl@0
     9
* Initial Contributors:
sl@0
    10
* Nokia Corporation - initial contribution.
sl@0
    11
*
sl@0
    12
* Contributors:
sl@0
    13
*
sl@0
    14
* Description: 
sl@0
    15
*
sl@0
    16
*/
sl@0
    17
sl@0
    18
sl@0
    19
#include "symmetriccipherimpl.h"
sl@0
    20
sl@0
    21
#include <e32def.h>
sl@0
    22
#include <cryptostrength.h>
sl@0
    23
#include <cryptospi/cryptospidef.h>
sl@0
    24
#include "keys.h"
sl@0
    25
#include <cryptopanic.h>
sl@0
    26
#include <cryptospi/plugincharacteristics.h>
sl@0
    27
#include "pluginconfig.h"
sl@0
    28
#include <securityerr.h>
sl@0
    29
#include "common/inlines.h"
sl@0
    30
sl@0
    31
using namespace SoftwareCrypto;
sl@0
    32
sl@0
    33
//
sl@0
    34
// Implementation of Symmetric Cipher class
sl@0
    35
//
sl@0
    36
CSymmetricCipherImpl::CSymmetricCipherImpl() 
sl@0
    37
	{
sl@0
    38
	}
sl@0
    39
sl@0
    40
void CSymmetricCipherImpl::ConstructL(const CKey& aKey) 
sl@0
    41
	{
sl@0
    42
	DoSetKeyL(aKey);		
sl@0
    43
	}
sl@0
    44
	
sl@0
    45
void CSymmetricCipherImpl::SecureDelete(HBufC8*& aBuffer)
sl@0
    46
	{
sl@0
    47
	if (aBuffer)
sl@0
    48
		{
sl@0
    49
		aBuffer->Des().FillZ();
sl@0
    50
		}
sl@0
    51
	delete aBuffer;
sl@0
    52
	aBuffer = 0;	
sl@0
    53
	}
sl@0
    54
sl@0
    55
CSymmetricCipherImpl::~CSymmetricCipherImpl()
sl@0
    56
	{			
sl@0
    57
	SecureDelete(iKey);	
sl@0
    58
	}
sl@0
    59
		
sl@0
    60
void CSymmetricCipherImpl::Close()
sl@0
    61
	{
sl@0
    62
	delete this;
sl@0
    63
	}
sl@0
    64
	
sl@0
    65
TAny* CSymmetricCipherImpl::GetExtension(TUid /*aExtensionId*/) 
sl@0
    66
	{
sl@0
    67
	return 0;
sl@0
    68
	}
sl@0
    69
	
sl@0
    70
void CSymmetricCipherImpl::GetCharacteristicsL(const TAny*& aPluginCharacteristics)
sl@0
    71
	{
sl@0
    72
	TInt numCiphers = sizeof(KSymmetricCipherCharacteristics)/sizeof(TSymmetricCipherCharacteristics*);
sl@0
    73
	TInt32 implUid = ImplementationUid().iUid;
sl@0
    74
	for (TInt i = 0; i < numCiphers; ++i)
sl@0
    75
		{
sl@0
    76
		if (KSymmetricCipherCharacteristics[i]->cmn.iImplementationUID == implUid)
sl@0
    77
			{
sl@0
    78
			aPluginCharacteristics = KSymmetricCipherCharacteristics[i];
sl@0
    79
			break;
sl@0
    80
			}
sl@0
    81
		}	
sl@0
    82
	}
sl@0
    83
sl@0
    84
TInt CSymmetricCipherImpl::GetKeyStrength() const
sl@0
    85
	{
sl@0
    86
	return BytesToBits(iKey->Length());
sl@0
    87
	}
sl@0
    88
	
sl@0
    89
HBufC8* CSymmetricCipherImpl::ExtractKeyDataLC(const CKey& aKey) const
sl@0
    90
	{
sl@0
    91
	const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid);
sl@0
    92
	return keyContent.AllocLC();
sl@0
    93
	}
sl@0
    94
sl@0
    95
TInt CSymmetricCipherImpl::KeySize() const
sl@0
    96
	{
sl@0
    97
	// return key size in BITS
sl@0
    98
	return BytesToBits(iKeyBytes);
sl@0
    99
	}
sl@0
   100
sl@0
   101
void CSymmetricCipherImpl::DoSetKeyL(const CKey& aKey)
sl@0
   102
	{
sl@0
   103
	HBufC8* key = ExtractKeyDataLC(aKey);
sl@0
   104
	TInt keyLength(key->Length());
sl@0
   105
	
sl@0
   106
	TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyLength));
sl@0
   107
	if (! IsValidKeyLength(keyLength))
sl@0
   108
		{
sl@0
   109
		CleanupStack::PopAndDestroy(key);
sl@0
   110
		User::Leave(KErrNotSupported);
sl@0
   111
		}
sl@0
   112
	
sl@0
   113
	SecureDelete(iKey);	
sl@0
   114
	CleanupStack::Pop(key);
sl@0
   115
	iKey = key;
sl@0
   116
	iKeyBytes = keyLength;
sl@0
   117
	}	
sl@0
   118
sl@0
   119
//
sl@0
   120
// Implementation of Symmetric Stream Cipher
sl@0
   121
//
sl@0
   122
CSymmetricStreamCipherImpl::CSymmetricStreamCipherImpl()
sl@0
   123
	{
sl@0
   124
	}
sl@0
   125
sl@0
   126
CSymmetricStreamCipherImpl::~CSymmetricStreamCipherImpl()
sl@0
   127
	{
sl@0
   128
	}
sl@0
   129
sl@0
   130
void CSymmetricStreamCipherImpl::SetKeyL(const CKey& aKey)
sl@0
   131
	{
sl@0
   132
	DoSetKeyL(aKey);
sl@0
   133
	TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
sl@0
   134
	Reset();
sl@0
   135
	}	
sl@0
   136
sl@0
   137
void CSymmetricStreamCipherImpl::ConstructL(const CKey& aKey) 
sl@0
   138
	{
sl@0
   139
	CSymmetricCipherImpl::ConstructL(aKey);
sl@0
   140
	}
sl@0
   141
sl@0
   142
TInt CSymmetricStreamCipherImpl::BlockSize() const
sl@0
   143
	{
sl@0
   144
	// return block size in BITS
sl@0
   145
	return BYTE_BITS;
sl@0
   146
	}
sl@0
   147
sl@0
   148
void CSymmetricStreamCipherImpl::SetCryptoModeL(TUid /*aCryptoMode*/)
sl@0
   149
	{
sl@0
   150
	// Call the reset method.
sl@0
   151
	Reset();
sl@0
   152
	}
sl@0
   153
	
sl@0
   154
TInt CSymmetricStreamCipherImpl::MaxOutputLength(TInt aInputLength) const
sl@0
   155
	{
sl@0
   156
	return aInputLength;	
sl@0
   157
	}
sl@0
   158
	
sl@0
   159
TInt CSymmetricStreamCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
sl@0
   160
	{
sl@0
   161
	return aInputLength;	
sl@0
   162
	}
sl@0
   163
	
sl@0
   164
void CSymmetricStreamCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   165
	{
sl@0
   166
	TInt outputIndex = aOutput.Size();
sl@0
   167
sl@0
   168
	// aOutput may already have outputIndex bytes of data in it
sl@0
   169
	// check there will still be enough space to process the result
sl@0
   170
	__ASSERT_DEBUG(aOutput.MaxLength() - outputIndex >= MaxOutputLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
sl@0
   171
sl@0
   172
	aOutput.Append(aInput);
sl@0
   173
sl@0
   174
	TPtr8 transformBuf((TUint8*)(aOutput.Ptr()) + outputIndex, aInput.Size(),
sl@0
   175
		aInput.Size());
sl@0
   176
	DoProcess(transformBuf);
sl@0
   177
	}
sl@0
   178
sl@0
   179
void CSymmetricStreamCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   180
	{
sl@0
   181
	ProcessL(aInput, aOutput);	
sl@0
   182
	}
sl@0
   183
sl@0
   184
//
sl@0
   185
// Implementation of Symmetric Block Cipher
sl@0
   186
//
sl@0
   187
CSymmetricBlockCipherImpl::CSymmetricBlockCipherImpl(
sl@0
   188
	TUint8 aBlockBytes,
sl@0
   189
	TUid aCryptoMode,
sl@0
   190
	TUid aOperationMode,
sl@0
   191
	TUid aPaddingMode) :
sl@0
   192
	iBlockBytes(aBlockBytes),
sl@0
   193
	iCryptoMode(aCryptoMode),
sl@0
   194
	iOperationMode(aOperationMode),
sl@0
   195
	iPaddingMode(aPaddingMode),
sl@0
   196
	iBufferedPlaintextPtr(0,0,0),
sl@0
   197
	iCtrUnusedKeystreamPtr(0,0,0)
sl@0
   198
	{
sl@0
   199
	}
sl@0
   200
sl@0
   201
CSymmetricBlockCipherImpl::~CSymmetricBlockCipherImpl()
sl@0
   202
	{			
sl@0
   203
	delete iPadding;
sl@0
   204
	delete [] iRegister;
sl@0
   205
	delete [] iCurrentCipherText;
sl@0
   206
	delete iBufferedPlaintext;
sl@0
   207
	delete iCtrUnusedKeystream;
sl@0
   208
	iIv.Close();
sl@0
   209
	iInputStore.Close();
sl@0
   210
	iPaddingBlock.Close();	
sl@0
   211
	}
sl@0
   212
sl@0
   213
sl@0
   214
void CSymmetricBlockCipherImpl::ConstructL(const CKey& aKey) 
sl@0
   215
	{
sl@0
   216
	CSymmetricCipherImpl::ConstructL(aKey);
sl@0
   217
	DoSetOperationModeL(iOperationMode);
sl@0
   218
	DoSetCryptoModeL(iCryptoMode);	
sl@0
   219
	DoSetPaddingModeL(iPaddingMode);
sl@0
   220
	
sl@0
   221
	iInputStore.ReAllocL(iBlockBytes);
sl@0
   222
	iPaddingBlock.ReAllocL(iBlockBytes);
sl@0
   223
sl@0
   224
	iRegister = new(ELeave) TUint32[iBlockBytes/4];	
sl@0
   225
	iRegisterPtr = reinterpret_cast<TUint8*>(iRegister);
sl@0
   226
sl@0
   227
	iCurrentCipherText = new(ELeave) TUint32[iBlockBytes/4];	
sl@0
   228
	iCurrentCipherTextPtr = reinterpret_cast<TUint8*>(iCurrentCipherText);
sl@0
   229
	
sl@0
   230
	iBufferedPlaintext = HBufC8::NewL(iBlockBytes);
sl@0
   231
	iBufferedPlaintextPtr.Set(iBufferedPlaintext->Des());
sl@0
   232
	
sl@0
   233
	iCtrUnusedKeystream = HBufC8::NewL(iBlockBytes);
sl@0
   234
	iCtrUnusedKeystreamPtr.Set(iCtrUnusedKeystream->Des());
sl@0
   235
	}
sl@0
   236
sl@0
   237
void CSymmetricBlockCipherImpl::Reset()
sl@0
   238
	{
sl@0
   239
	iInputStore.Zero();
sl@0
   240
	iPaddingBlock.Zero();
sl@0
   241
	iCtrUnusedKeystreamPtr.Zero();
sl@0
   242
	
sl@0
   243
	if (iOperationMode.iUid == KOperationModeCBC)
sl@0
   244
		{
sl@0
   245
		// only copy the IV if it is already set
sl@0
   246
		if (iIv.MaxLength() > 0)
sl@0
   247
			{
sl@0
   248
			Mem::Copy(iRegisterPtr, &iIv[0], iBlockBytes);
sl@0
   249
			}
sl@0
   250
		}
sl@0
   251
	}	
sl@0
   252
sl@0
   253
void CSymmetricBlockCipherImpl::SetKeyL(const CKey& aKey)
sl@0
   254
	{
sl@0
   255
	DoSetKeyL(aKey);
sl@0
   256
	TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength());
sl@0
   257
	SetKeySchedule();
sl@0
   258
	Reset();
sl@0
   259
	}
sl@0
   260
sl@0
   261
void CSymmetricBlockCipherImpl::SetOperationModeL(TUid aOperationMode)
sl@0
   262
	{
sl@0
   263
	DoSetOperationModeL(aOperationMode);
sl@0
   264
	Reset();
sl@0
   265
	}
sl@0
   266
	
sl@0
   267
void CSymmetricBlockCipherImpl::SetCryptoModeL(TUid aCryptoMode)
sl@0
   268
	{
sl@0
   269
	DoSetCryptoModeL(aCryptoMode);
sl@0
   270
	SetKeySchedule();
sl@0
   271
	Reset();
sl@0
   272
	}
sl@0
   273
	
sl@0
   274
void CSymmetricBlockCipherImpl::SetPaddingModeL(TUid aPaddingMode)
sl@0
   275
	{
sl@0
   276
	DoSetPaddingModeL(aPaddingMode);
sl@0
   277
	Reset();
sl@0
   278
	}
sl@0
   279
	
sl@0
   280
void CSymmetricBlockCipherImpl::SetIvL(const TDesC8& aIv)
sl@0
   281
	{
sl@0
   282
	if ((iOperationMode.iUid != KOperationModeCBC) && (iOperationMode.iUid != KOperationModeCTR))
sl@0
   283
		{
sl@0
   284
		User::Leave(KErrNotSupported);
sl@0
   285
		}
sl@0
   286
	DoSetIvL(aIv);
sl@0
   287
	Reset();
sl@0
   288
	}
sl@0
   289
sl@0
   290
void CSymmetricBlockCipherImpl::DoSetOperationModeL(TUid aOperationMode)
sl@0
   291
	{
sl@0
   292
	switch (aOperationMode.iUid)
sl@0
   293
		{
sl@0
   294
		case KOperationModeNone:
sl@0
   295
		case KOperationModeECB:
sl@0
   296
		case KOperationModeCBC:
sl@0
   297
			break;
sl@0
   298
		case KOperationModeCTR:
sl@0
   299
			SetCryptoModeL(KCryptoModeEncryptUid);
sl@0
   300
			break;
sl@0
   301
		default:
sl@0
   302
			User::Leave(KErrNotSupported);
sl@0
   303
		}
sl@0
   304
	iOperationMode = aOperationMode;		
sl@0
   305
	}
sl@0
   306
sl@0
   307
void CSymmetricBlockCipherImpl::DoSetCryptoModeL(TUid aCryptoMode)
sl@0
   308
	{
sl@0
   309
	switch (aCryptoMode.iUid)
sl@0
   310
		{
sl@0
   311
		case KCryptoModeEncrypt:
sl@0
   312
			break;
sl@0
   313
		case KCryptoModeDecrypt:
sl@0
   314
			if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   315
				{
sl@0
   316
				return;
sl@0
   317
				}
sl@0
   318
			break;
sl@0
   319
		default:
sl@0
   320
			User::Leave(KErrNotSupported);
sl@0
   321
		}
sl@0
   322
	iCryptoMode = aCryptoMode;		
sl@0
   323
	}
sl@0
   324
sl@0
   325
void CSymmetricBlockCipherImpl::DoSetPaddingModeL(TUid aPaddingMode)
sl@0
   326
	{
sl@0
   327
	CPadding* padding(0);
sl@0
   328
	switch (aPaddingMode.iUid)
sl@0
   329
		{
sl@0
   330
		case KPaddingModeNone:
sl@0
   331
			padding = CPaddingNone::NewL(iBlockBytes);
sl@0
   332
		break;
sl@0
   333
		case KPaddingModeSSLv3:
sl@0
   334
			padding = CPaddingSSLv3::NewL(iBlockBytes);
sl@0
   335
		break;
sl@0
   336
		case KPaddingModePKCS7:
sl@0
   337
			padding = CPaddingPKCS7::NewL(iBlockBytes);
sl@0
   338
		break;
sl@0
   339
		default:
sl@0
   340
			User::Leave(KErrNotSupported);
sl@0
   341
		}
sl@0
   342
	delete iPadding;
sl@0
   343
	iPadding = padding;
sl@0
   344
	iPaddingMode = aPaddingMode;
sl@0
   345
	}	
sl@0
   346
sl@0
   347
void CSymmetricBlockCipherImpl::DoSetIvL(const TDesC8& aIv)
sl@0
   348
	{
sl@0
   349
	iIv.ReAllocL(iBlockBytes);
sl@0
   350
	iIv.SetLength(iBlockBytes);
sl@0
   351
sl@0
   352
	iIv.Zero();
sl@0
   353
	if (aIv.Length() != iBlockBytes) 
sl@0
   354
		{
sl@0
   355
		User::Leave(KErrArgument);
sl@0
   356
		}
sl@0
   357
	iIv = aIv;
sl@0
   358
	Mem::Copy(iRegisterPtr, &iIv[0], iBlockBytes);	//for CTR mode
sl@0
   359
sl@0
   360
	}	
sl@0
   361
sl@0
   362
TInt CSymmetricBlockCipherImpl::BlockSize() const
sl@0
   363
	{
sl@0
   364
	// return block size in BITS
sl@0
   365
	if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   366
		{
sl@0
   367
		return 8;
sl@0
   368
		}
sl@0
   369
	else
sl@0
   370
		{
sl@0
   371
		return BytesToBits(iBlockBytes);
sl@0
   372
		}
sl@0
   373
	}
sl@0
   374
sl@0
   375
TInt CSymmetricBlockCipherImpl::MaxOutputLength(TInt aInputLength) const
sl@0
   376
	{	
sl@0
   377
	if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   378
		{
sl@0
   379
		return aInputLength;
sl@0
   380
		}
sl@0
   381
	else
sl@0
   382
		{
sl@0
   383
		// The maximum output length required for Process is equal to the
sl@0
   384
		// size of the number of whole input blocks available.
sl@0
   385
		//
sl@0
   386
		// The block bytes is a power of two so we can use this to avoid
sl@0
   387
		// doing a real mod operation
sl@0
   388
		TUint inputStoreLength(iInputStore.Length());
sl@0
   389
		TInt rem = (aInputLength + inputStoreLength) & (iBlockBytes - 1);
sl@0
   390
		return (aInputLength + inputStoreLength - rem);
sl@0
   391
		}
sl@0
   392
	}	
sl@0
   393
sl@0
   394
TInt CSymmetricBlockCipherImpl::MaxFinalOutputLength(TInt aInputLength) const
sl@0
   395
	{
sl@0
   396
	if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   397
		{
sl@0
   398
		return aInputLength;
sl@0
   399
		}
sl@0
   400
	else if (iCryptoMode.iUid == KCryptoModeEncrypt)
sl@0
   401
		{
sl@0
   402
		return iPadding->MaxPaddedLength(iInputStore.Length() + aInputLength);
sl@0
   403
		}
sl@0
   404
	else
sl@0
   405
		{
sl@0
   406
		return iPadding->MaxUnPaddedLength(aInputLength + iInputStore.Size());
sl@0
   407
		}
sl@0
   408
	}
sl@0
   409
sl@0
   410
void CSymmetricBlockCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   411
	{
sl@0
   412
	// if we're running in CBC or CTR mode then we must have an IV set before we can 
sl@0
   413
	// do any processing ie call SetIvL() before this method
sl@0
   414
	if ((iOperationMode.iUid == KOperationModeCBC) || (iOperationMode.iUid == KOperationModeCTR))
sl@0
   415
		{
sl@0
   416
		if (iIv.MaxLength() == 0)
sl@0
   417
			{
sl@0
   418
			User::Leave(KErrNotSupported);
sl@0
   419
			}
sl@0
   420
		}
sl@0
   421
sl@0
   422
	TInt inputLength(aInput.Length());	
sl@0
   423
	TInt inputStoreLength(iInputStore.Length());
sl@0
   424
	
sl@0
   425
	if (MaxOutputLength(inputLength) > aOutput.MaxLength())
sl@0
   426
		{
sl@0
   427
		User::Leave(KErrOverflow);
sl@0
   428
		}	
sl@0
   429
sl@0
   430
	if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   431
		{
sl@0
   432
		ProcessCtrL(aInput, aOutput);
sl@0
   433
		}	
sl@0
   434
	else
sl@0
   435
		{
sl@0
   436
		TUint8 blockSizeLog = CryptoLog2(iBlockBytes);
sl@0
   437
		TInt wholeBlocks = (inputLength + inputStoreLength) >> blockSizeLog; 
sl@0
   438
		TInt wholeBlocksSize = wholeBlocks << blockSizeLog;
sl@0
   439
	
sl@0
   440
		if (wholeBlocks)
sl@0
   441
			{
sl@0
   442
			TInt outputLength(aOutput.Length());
sl@0
   443
sl@0
   444
			if (inputStoreLength > 0)
sl@0
   445
				{
sl@0
   446
				aOutput.Append(iInputStore);
sl@0
   447
				iInputStore.Zero();
sl@0
   448
				}
sl@0
   449
			aOutput.Append(aInput.Left(wholeBlocksSize - inputStoreLength));
sl@0
   450
			Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks);
sl@0
   451
			}
sl@0
   452
		
sl@0
   453
		TInt remainingBytes = inputLength + inputStoreLength - wholeBlocksSize;
sl@0
   454
		if (remainingBytes > 0)
sl@0
   455
			{		
sl@0
   456
			iInputStore.Append(aInput.Right(remainingBytes));
sl@0
   457
			}
sl@0
   458
		}
sl@0
   459
	}
sl@0
   460
		
sl@0
   461
void CSymmetricBlockCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   462
	{
sl@0
   463
	if (iOperationMode.iUid == KOperationModeCTR)
sl@0
   464
		{
sl@0
   465
		ProcessL(aInput, aOutput);
sl@0
   466
		}
sl@0
   467
	else
sl@0
   468
		{
sl@0
   469
		// if we're running in CBC mode then we must have an IV set before we can 
sl@0
   470
		// do any processing ie call SetIvL() before this method
sl@0
   471
		if (iOperationMode.iUid == KOperationModeCBC)
sl@0
   472
			{
sl@0
   473
			if (iIv.MaxLength() == 0)
sl@0
   474
				{
sl@0
   475
				User::Leave(KErrNotSupported);
sl@0
   476
				}
sl@0
   477
			}
sl@0
   478
sl@0
   479
		if (iCryptoMode.iUid == KCryptoModeEncrypt)
sl@0
   480
			{
sl@0
   481
			return DoProcessFinalEncryptL(aInput, aOutput);
sl@0
   482
			}
sl@0
   483
		else
sl@0
   484
			{
sl@0
   485
			return DoProcessFinalDecryptL(aInput, aOutput);
sl@0
   486
			}
sl@0
   487
		}
sl@0
   488
	}
sl@0
   489
sl@0
   490
void CSymmetricBlockCipherImpl::DoProcessFinalEncryptL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   491
	{	
sl@0
   492
	if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
sl@0
   493
		{
sl@0
   494
		User::Leave(KErrOverflow);
sl@0
   495
		}
sl@0
   496
		
sl@0
   497
	// process everything up to the last (possibly empty block)
sl@0
   498
	TInt outputStartIndex = aOutput.Length();
sl@0
   499
	ProcessL(aInput, aOutput);
sl@0
   500
sl@0
   501
	// pad the plaintext
sl@0
   502
	iPadding->PadL(iInputStore, iPaddingBlock);
sl@0
   503
	
sl@0
   504
	// if padding required
sl@0
   505
	if (iPaddingBlock.Length() > 0)
sl@0
   506
		{
sl@0
   507
		iInputStore.Zero();
sl@0
   508
sl@0
   509
		// make sure the output is a multiple of the block size
sl@0
   510
		User::LeaveIfError(((aOutput.Length() - outputStartIndex + iPaddingBlock.Length()) % iBlockBytes) == 0 ? KErrNone : KErrInvalidPadding);
sl@0
   511
sl@0
   512
		outputStartIndex = aOutput.Length();
sl@0
   513
		aOutput.Append(iPaddingBlock);
sl@0
   514
		iPaddingBlock.Zero();
sl@0
   515
		TransformEncrypt(const_cast<TUint8*>(aOutput.Ptr()) + outputStartIndex, 1);		
sl@0
   516
		}
sl@0
   517
	}
sl@0
   518
sl@0
   519
void CSymmetricBlockCipherImpl::DoProcessFinalDecryptL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   520
	{
sl@0
   521
	if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length())
sl@0
   522
		{
sl@0
   523
		User::Leave(KErrOverflow);
sl@0
   524
		}
sl@0
   525
sl@0
   526
	// Input length (including inputstore) must be a multiple of the 
sl@0
   527
	// block size in length
sl@0
   528
	if ((aInput.Length() + iInputStore.Length()) & (iBlockBytes - 1)) 
sl@0
   529
		{
sl@0
   530
		User::Leave(KErrArgument);
sl@0
   531
		}
sl@0
   532
sl@0
   533
	if(aInput.Length() > iBlockBytes)
sl@0
   534
		{
sl@0
   535
		HBufC8* processBuf = HBufC8::NewLC(MaxFinalOutputLength(aInput.Length()));
sl@0
   536
		TPtr8 processPtr = processBuf->Des(); 
sl@0
   537
	
sl@0
   538
		ProcessL(aInput, processPtr);
sl@0
   539
sl@0
   540
		ASSERT(iInputStore.Length()==0); // all the blocks should have been decrypted
sl@0
   541
		
sl@0
   542
		// Unpad processPtr into aOutput
sl@0
   543
		iPadding->UnPadL(processPtr, aOutput);
sl@0
   544
sl@0
   545
		CleanupStack::PopAndDestroy(processBuf);
sl@0
   546
		}
sl@0
   547
	else 
sl@0
   548
		{
sl@0
   549
		// now contains the final ciphertext block
sl@0
   550
		iInputStore.Append(aInput);
sl@0
   551
sl@0
   552
		// Decrypt the last _padding_ blocksize into a new buffer
sl@0
   553
		TransformDecrypt(const_cast<TUint8*>(iInputStore.Ptr()), 1);
sl@0
   554
		
sl@0
   555
		// Unpad the last block and append to output
sl@0
   556
		iPadding->UnPadL(iInputStore, aOutput);
sl@0
   557
		}
sl@0
   558
			
sl@0
   559
	iPaddingBlock.Zero();
sl@0
   560
	iInputStore.Zero();
sl@0
   561
	}
sl@0
   562
sl@0
   563
	
sl@0
   564
/**
sl@0
   565
CTR mode behaves like a stream cipher, accepting input of any arbitrary length. This results 
sl@0
   566
in a significant body of code that behaves fundamentally differently to the ECB and CBC modes. 
sl@0
   567
ProcessCtrL() is called by ProcessL() when operating in CTR mode, wrapping up all this 
sl@0
   568
functionality into a separate method for clarity.
sl@0
   569
sl@0
   570
Encrypting zero-filled bytes will return the keystream since the output of Transformation is simply 
sl@0
   571
the input XORed with the keystream.
sl@0
   572
	
sl@0
   573
See: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
sl@0
   574
*/
sl@0
   575
void CSymmetricBlockCipherImpl::ProcessCtrL(const TDesC8& aInput, TDes8& aOutput)
sl@0
   576
	{
sl@0
   577
	TInt inputLength(aInput.Length());	
sl@0
   578
sl@0
   579
	TInt outputLength(aOutput.Length());
sl@0
   580
	TInt amountToXor = Min(iCtrUnusedKeystreamPtr.Length(), inputLength);
sl@0
   581
sl@0
   582
	// Try applying previously unused key stream bytes.
sl@0
   583
	if (amountToXor > 0)
sl@0
   584
		{
sl@0
   585
		aOutput.Append(aInput.Left(amountToXor));
sl@0
   586
		for (TInt i = 0; i < amountToXor; ++i)
sl@0
   587
			{
sl@0
   588
			aOutput[outputLength + i] ^= iCtrUnusedKeystreamPtr[i];
sl@0
   589
			}
sl@0
   590
		iCtrUnusedKeystreamPtr = iCtrUnusedKeystreamPtr.RightTPtr((iCtrUnusedKeystreamPtr.Length() - amountToXor));	
sl@0
   591
		}
sl@0
   592
		
sl@0
   593
	TInt amountToEncode = inputLength - amountToXor;
sl@0
   594
	
sl@0
   595
	if ((iCtrUnusedKeystreamPtr.Length() == 0) && (amountToEncode > 0))
sl@0
   596
		{
sl@0
   597
		// For each whole block's worth of input, transform it.
sl@0
   598
		TInt wholeBlocks = (amountToEncode) / iBlockBytes; 
sl@0
   599
		TInt wholeBlocksSize = wholeBlocks * iBlockBytes;		
sl@0
   600
		outputLength = aOutput.Length();
sl@0
   601
		
sl@0
   602
		if (wholeBlocks)
sl@0
   603
			{
sl@0
   604
			aOutput.Append(aInput.Mid(amountToXor, wholeBlocksSize));
sl@0
   605
			Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks);
sl@0
   606
			}
sl@0
   607
			
sl@0
   608
		// CTR mode can handle arbitrary sized inputs. Here any remaining input data of less than the block size
sl@0
   609
		// is padded with zeros and then transformed. On return this padded section of the block will contain the next
sl@0
   610
		// sequence of keystream, which is copied to iCtrUnusedKeystream for use next time ProcessCtrL() is called.
sl@0
   611
		TInt remainingBytes = amountToEncode - wholeBlocksSize;
sl@0
   612
		iCtrUnusedKeystreamPtr = iCtrUnusedKeystream->Des();
sl@0
   613
		iCtrUnusedKeystreamPtr.SetMax();
sl@0
   614
		iCtrUnusedKeystreamPtr.FillZ();
sl@0
   615
		iCtrUnusedKeystreamPtr.Copy(aInput.Right(remainingBytes));
sl@0
   616
		iCtrUnusedKeystreamPtr.SetLength(iBlockBytes);	
sl@0
   617
	
sl@0
   618
		Transform(const_cast<TUint8*>(iCtrUnusedKeystreamPtr.Ptr()), 1);
sl@0
   619
	
sl@0
   620
		aOutput.Append(iCtrUnusedKeystreamPtr.Left(remainingBytes));
sl@0
   621
			
sl@0
   622
		iCtrUnusedKeystreamPtr = iCtrUnusedKeystreamPtr.RightTPtr((iCtrUnusedKeystreamPtr.Length() - remainingBytes));	
sl@0
   623
		}
sl@0
   624
	}
sl@0
   625
sl@0
   626
sl@0
   627
sl@0
   628
// Methods implemented in subclass. No coverage here.
sl@0
   629
#ifdef _BullseyeCoverage
sl@0
   630
#pragma suppress_warnings on
sl@0
   631
#pragma BullseyeCoverage off
sl@0
   632
#pragma suppress_warnings off
sl@0
   633
#endif
sl@0
   634
void CSymmetricStreamCipherImpl::SetOperationModeL(TUid /*aOperationMode*/)
sl@0
   635
	{
sl@0
   636
	// Override in subclass
sl@0
   637
	User::Leave(KErrNotSupported);
sl@0
   638
	}
sl@0
   639
	
sl@0
   640
void CSymmetricStreamCipherImpl::SetPaddingModeL(TUid /*aPaddingMode*/)
sl@0
   641
	{
sl@0
   642
	// Override in subclass
sl@0
   643
	User::Leave(KErrNotSupported);
sl@0
   644
	}
sl@0
   645
	
sl@0
   646
void CSymmetricStreamCipherImpl::SetIvL(const TDesC8& /*aIv*/)
sl@0
   647
	{
sl@0
   648
	// Override in subclass
sl@0
   649
	User::Leave(KErrNotSupported);
sl@0
   650
	}