1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/crypto/weakcrypto/source/padding/padding.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,362 @@
1.4 +/*
1.5 +* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +#include <e32base.h>
1.23 +#include <random.h>
1.24 +#include <padding.h>
1.25 +#include <securityerr.h>
1.26 +#include <cryptopanic.h>
1.27 +
1.28 +/* CPadding */
1.29 +CPadding::CPadding(void) : iBlockBytes(-1)
1.30 + {
1.31 + }
1.32 +
1.33 +EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
1.34 + {
1.35 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
1.36 + }
1.37 +
1.38 +EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
1.39 + {
1.40 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
1.41 + iBlockBytes = aBlockBytes;
1.42 + }
1.43 +
1.44 +EXPORT_C TInt CPadding::BlockSize(void) const
1.45 + {
1.46 + return iBlockBytes;
1.47 + }
1.48 +
1.49 +EXPORT_C TInt CPadding::MaxPaddedLength(TInt /*aInputBytes*/) const
1.50 + {
1.51 + return BlockSize();
1.52 + }
1.53 +
1.54 +EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
1.55 + {
1.56 + return aInputBytes - MinPaddingLength();
1.57 + }
1.58 +
1.59 +EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
1.60 + {
1.61 + // Check that the input is small enough to fit inside one padded block
1.62 + __ASSERT_DEBUG(aInput.Length() <= BlockSize() - MinPaddingLength(),
1.63 + User::Panic(KCryptoPanic, ECryptoPanicPadInputTooLarge));
1.64 +
1.65 + // Check that the output descriptor supplied is large enough to store the result
1.66 + __ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()),
1.67 + User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.68 +
1.69 + // Call the virtual function, implemented by derived classes
1.70 + DoPadL(aInput, aOutput);
1.71 + }
1.72 +
1.73 +/* CPaddingNone */
1.74 +EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
1.75 + {
1.76 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
1.77 + return new(ELeave)CPaddingNone(aBlockBytes);
1.78 + }
1.79 +
1.80 +EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
1.81 + {
1.82 + CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
1.83 + CleanupStack::PushL(self);
1.84 + return self;
1.85 + }
1.86 +
1.87 +EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
1.88 + {
1.89 + }
1.90 +
1.91 +void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.92 + {
1.93 + aOutput.Append(aInput);
1.94 + }
1.95 +
1.96 +void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.97 + {
1.98 + __ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.99 + aOutput.Append(aInput);
1.100 + }
1.101 +
1.102 +TInt CPaddingNone::MinPaddingLength(void) const
1.103 + {
1.104 + return 0;
1.105 + }
1.106 +
1.107 +TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
1.108 + {
1.109 + return aInputSize;
1.110 + }
1.111 +
1.112 +/* CPaddingSSLv3 */
1.113 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
1.114 + {
1.115 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
1.116 + return new(ELeave)CPaddingSSLv3(aBlockBytes);
1.117 + }
1.118 +
1.119 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
1.120 + {
1.121 + CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
1.122 + CleanupStack::PushL(self);
1.123 + return self;
1.124 + }
1.125 +
1.126 +EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
1.127 + {
1.128 + }
1.129 +
1.130 +void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.131 + {
1.132 + TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
1.133 + aOutput.Append(aInput);
1.134 + aOutput.SetLength(aOutput.Length()+paddingBytes);
1.135 + for (TInt i=1;i<=paddingBytes;i++)
1.136 + {
1.137 + aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
1.138 + }
1.139 + }
1.140 +
1.141 +void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.142 + {
1.143 + TInt paddingLen = aInput[aInput.Length()-1] + 1;
1.144 +
1.145 + if (paddingLen > aInput.Length())
1.146 + {
1.147 + User::Leave(KErrInvalidPadding);
1.148 + }
1.149 +
1.150 + TInt outlen = aInput.Length() - paddingLen;
1.151 +
1.152 + __ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.153 +
1.154 + aOutput.Append(aInput.Left(outlen));
1.155 + }
1.156 +
1.157 +TInt CPaddingSSLv3::MinPaddingLength(void) const
1.158 + {
1.159 + //if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
1.160 + return 1;
1.161 + }
1.162 +
1.163 +TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
1.164 + {
1.165 + TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
1.166 + return padBytes + aInputBytes;
1.167 + }
1.168 +
1.169 +/* CPaddingPKCS1Signature */
1.170 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
1.171 + {
1.172 + return new(ELeave)CPaddingPKCS1Signature(aBlockBytes);
1.173 + }
1.174 +
1.175 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
1.176 + {
1.177 + CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
1.178 + CleanupStack::PushL(self);
1.179 + return self;
1.180 + }
1.181 +
1.182 +EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
1.183 + : CPadding(aBlockBytes)
1.184 + {
1.185 + }
1.186 +
1.187 +void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.188 + {
1.189 + aOutput.SetLength(BlockSize());
1.190 + TInt i;
1.191 + TInt j;
1.192 + aOutput[0]=0;
1.193 + TInt startOfData=BlockSize()-aInput.Length();
1.194 + // PKCS1 also specifies a block type 0 for private key operations but
1.195 + // does not recommend its use. This block type (0) is compatible with
1.196 + // unpadded data though so you can create PKCS1 type 0 blocks using
1.197 + // CPaddingNone.
1.198 + aOutput[1]=1; // Block type 1 (private key operation)
1.199 + for (i=2;i<(startOfData-1);i++)
1.200 + {
1.201 + aOutput[i]=0xff;
1.202 + }
1.203 + j=0;
1.204 + aOutput[startOfData-1]=0; // separator
1.205 + for (i=startOfData;i<BlockSize();i++,j++)
1.206 + {
1.207 + aOutput[i]=aInput[j];
1.208 + }
1.209 + }
1.210 +
1.211 +void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.212 + {
1.213 + // erm, oops, this is not quite as simplistic as it first looks...
1.214 + // our integer class will strip any leading zeros so we might actually
1.215 + // get some real data that starts out looking like padding but isn't
1.216 + // really
1.217 +
1.218 + TInt inputLen = aInput.Length();
1.219 + if (inputLen <=0 )
1.220 + User::Leave(KErrInvalidPadding); // Invalid padding data
1.221 +
1.222 + // Leading zero may have been stripped off by integer class
1.223 + TInt dataStart=0;
1.224 + if (aInput[dataStart] == 0)
1.225 + {
1.226 + ++dataStart;
1.227 + }
1.228 +
1.229 + if (dataStart < inputLen && aInput[dataStart]) // might be mode one or mode zero,
1.230 + {
1.231 + ++dataStart;
1.232 + while (dataStart < inputLen && aInput[dataStart] == 0xff)
1.233 + {
1.234 + ++dataStart;
1.235 + }
1.236 +
1.237 + if (dataStart == inputLen || aInput[dataStart]) // this would mean theres no zero between 0x01ff and data...so its not mode one
1.238 + dataStart=0; // mode zero, start from begining of data
1.239 + else
1.240 + ++dataStart;
1.241 + }
1.242 + else // We've definitely got a mode zero
1.243 + { // or broken data, assume mode zero
1.244 + dataStart=0;
1.245 + }
1.246 +
1.247 + TInt len=inputLen-dataStart;
1.248 +
1.249 + __ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.250 +
1.251 + aOutput.SetLength(len);
1.252 + TInt i=0;
1.253 + while (dataStart<inputLen)
1.254 + {
1.255 + aOutput[i++]=aInput[dataStart++];
1.256 + }
1.257 + }
1.258 +
1.259 +TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
1.260 + {
1.261 + return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
1.262 + }
1.263 +
1.264 +/* CPaddingPKCS1Encryption */
1.265 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
1.266 + TInt aBlockBytes)
1.267 + {
1.268 + return new(ELeave)CPaddingPKCS1Encryption(aBlockBytes);
1.269 + }
1.270 +
1.271 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
1.272 + TInt aBlockBytes)
1.273 + {
1.274 + CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
1.275 + CleanupStack::PushL(self);
1.276 + return self;
1.277 + }
1.278 +
1.279 +EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
1.280 + : CPadding(aBlockBytes)
1.281 + {
1.282 + }
1.283 +
1.284 +void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.285 + {
1.286 + aOutput.SetLength(BlockSize());
1.287 +
1.288 + aOutput[0]=0;
1.289 + TInt startOfData=BlockSize()-aInput.Length();
1.290 + aOutput[1]=2; // Block type 2 (public key operation)
1.291 + TBuf8<256> rnd(256);
1.292 + GenerateRandomBytesL(rnd);
1.293 +
1.294 + TInt i = 2;
1.295 + TInt j = 0;
1.296 + for (; i<(startOfData-1);)
1.297 + {
1.298 + if (rnd[j])
1.299 + {
1.300 + aOutput[i++]=rnd[j];
1.301 + }
1.302 + if (++j==256)
1.303 + {
1.304 + GenerateRandomBytesL(rnd);
1.305 + j=0;
1.306 + }
1.307 + }
1.308 +
1.309 + j=0;
1.310 + aOutput[startOfData-1]=0; // separator
1.311 + for (i=startOfData;i<BlockSize();i++,j++)
1.312 + {
1.313 + aOutput[i]=aInput[j];
1.314 + }
1.315 + }
1.316 +
1.317 +void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.318 + {
1.319 + TInt inputLen = aInput.Length();
1.320 + if (inputLen <= 0)
1.321 + User::Leave(KErrInvalidPadding); // Invalid padding data
1.322 +
1.323 + // Leading zero may have been stripped off by integer class
1.324 + TInt dataStart=0;
1.325 + if (aInput[dataStart] == 0)
1.326 + {
1.327 + ++dataStart;
1.328 + }
1.329 +
1.330 + // expecting mode 2 padding, otherwise broken
1.331 + if (dataStart == inputLen || aInput[dataStart] != 2)
1.332 + {
1.333 + User::Leave(KErrInvalidPadding);
1.334 + }
1.335 + ++dataStart;
1.336 +
1.337 + // skip random non zero bytes
1.338 + while (dataStart < inputLen && aInput[dataStart])
1.339 + {
1.340 + ++dataStart;
1.341 + }
1.342 +
1.343 + // expecting zero separator
1.344 + if (dataStart == inputLen || aInput[dataStart] != 0)
1.345 + {
1.346 + User::Leave(KErrInvalidPadding);
1.347 + }
1.348 + ++dataStart;
1.349 +
1.350 + TInt len = inputLen - dataStart;
1.351 + __ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.352 +
1.353 + aOutput.SetLength(len);
1.354 + TInt i=0;
1.355 + while (dataStart<inputLen)
1.356 + {
1.357 + aOutput[i++]=aInput[dataStart++];
1.358 + }
1.359 + }
1.360 +
1.361 +TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
1.362 + {
1.363 + return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
1.364 + }
1.365 +