1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/crypto/weakcrypto/source/pbe/pbeset.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,261 @@
1.4 +/*
1.5 +* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +#include <e32std.h>
1.23 +#include <random.h>
1.24 +#include <pbedata.h>
1.25 +#include "pkcs5kdf.h"
1.26 +#include "pbencryptor.h"
1.27 +#include "pbe.h"
1.28 +#include <securityerr.h>
1.29 +#include "pbesymmetricfactory.h"
1.30 +
1.31 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword)
1.32 + {
1.33 + CPBEncryptSet* self = NewLC(aPassword);
1.34 + CleanupStack::Pop();
1.35 + return self;
1.36 + }
1.37 +
1.38 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword)
1.39 + {
1.40 + CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
1.41 + CleanupStack::PushL(self);
1.42 + self->ConstructL(aPassword.Password());
1.43 + return self;
1.44 + }
1.45 +
1.46 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
1.47 + const TPBECipher aCipher)
1.48 + {
1.49 + CPBEncryptSet* self = NewLC(aPassword, aCipher);
1.50 + CleanupStack::Pop();
1.51 + return self;
1.52 + }
1.53 +
1.54 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
1.55 + const TPBECipher aCipher)
1.56 + {
1.57 + CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
1.58 + CleanupStack::PushL(self);
1.59 + self->ConstructL(aPassword.Password(), aCipher);
1.60 + return self;
1.61 + }
1.62 +
1.63 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
1.64 + const CPBEncryptParms& aParms)
1.65 + {
1.66 + CPBEncryptSet* self = NewLC(aPassword, aParms);
1.67 + CleanupStack::Pop();
1.68 + return self;
1.69 + }
1.70 +
1.71 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
1.72 + const CPBEncryptParms& aParms)
1.73 + {
1.74 + CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
1.75 + CleanupStack::PushL(self);
1.76 + self->ConstructL(aPassword.Password(), aParms);
1.77 + return self;
1.78 + }
1.79 +
1.80 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData,
1.81 + const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
1.82 + {
1.83 + CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword);
1.84 + CleanupStack::Pop();
1.85 + return self;
1.86 + }
1.87 +
1.88 +EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData,
1.89 + const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
1.90 + {
1.91 + CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
1.92 + CleanupStack::PushL(self);
1.93 + self->ConstructL(aData, aEncryptedKey, aPassword);
1.94 + return self;
1.95 + }
1.96 +
1.97 +void CPBEncryptSet::ConstructL(const TDesC8& aPassword)
1.98 + {
1.99 + CPBEncryptElement::ConstructL(aPassword);
1.100 + ConstructMasterKeyL();
1.101 + }
1.102 +
1.103 +void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
1.104 + const TPBECipher aCipher)
1.105 + {
1.106 + CPBEncryptElement::ConstructL(aPassword, aCipher);
1.107 + ConstructMasterKeyL();
1.108 + }
1.109 +
1.110 +void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
1.111 + const CPBEncryptParms& aParms)
1.112 + {
1.113 + CPBEncryptElement::ConstructL(aPassword, aParms);
1.114 + ConstructMasterKeyL();
1.115 + }
1.116 +
1.117 +void CPBEncryptSet::ConstructMasterKeyL(void)
1.118 + {
1.119 + TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256);
1.120 + TRandom::RandomL(masterKey);
1.121 + iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256);
1.122 + EncryptMasterKeyL(masterKey);
1.123 + }
1.124 +
1.125 +void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData,
1.126 + const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword)
1.127 + {
1.128 + CPBEncryptElement::ConstructL(aData, aPassword);
1.129 + iEncryptedMasterKey = aEncryptedMasterKey.AllocL();
1.130 + }
1.131 +
1.132 +EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword)
1.133 + {
1.134 + //1) Decrypt master key with old encrypt key
1.135 + TBuf8<KPBEMaxCipherKeyBytes> masterKey;
1.136 + DecryptMasterKeyL(masterKey);
1.137 +
1.138 + //2) create new encrypt parms
1.139 +
1.140 + TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes);
1.141 + TRandom::RandomL(authSalt);
1.142 +
1.143 + //3) create a totally new CPBEncryptionData representing the new password
1.144 + CPBEncryptionData* newData = CPBEncryptionData::NewL(
1.145 + aNewPassword.Password(), authSalt, iData->EncryptParms());
1.146 +
1.147 + delete iData;
1.148 + iData = newData;
1.149 +
1.150 + // regenerate the password using a maximum length salt.
1.151 + CPBEncryptParms& epNonConst =
1.152 + const_cast<CPBEncryptParms&>(iData->EncryptParms());
1.153 + epNonConst.ResizeSaltL(KPBEMaxSaltBytes);
1.154 +
1.155 + TPtr8 iEncryptKeyBuf(iEncryptKey->Des());
1.156 + iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher()));
1.157 +
1.158 + iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf);
1.159 +
1.160 + //4) Encrypt master key with new encrypt key
1.161 + EncryptMasterKeyL(masterKey);
1.162 + }
1.163 +
1.164 +EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const
1.165 + {
1.166 + return *iEncryptedMasterKey;
1.167 + }
1.168 +
1.169 +CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const
1.170 + {
1.171 + CPBEncryptor* encryptor = NewEncryptL();
1.172 + CleanupStack::PushL(encryptor);
1.173 + return encryptor;
1.174 + }
1.175 +
1.176 +CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const
1.177 + {
1.178 + TBuf8<KPBEMaxCipherKeyBytes> masterKey;
1.179 + DecryptMasterKeyL(masterKey);
1.180 +
1.181 + CPBEncryptor* encryptor = 0;
1.182 + //make sure the masterkey we pass is exactly the right length for the cipher
1.183 + encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(),
1.184 + masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
1.185 + return encryptor;
1.186 + }
1.187 +
1.188 +CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const
1.189 + {
1.190 + CPBDecryptor* decryptor = NewDecryptL();
1.191 + CleanupStack::PushL(decryptor);
1.192 + return decryptor;
1.193 + }
1.194 +
1.195 +CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const
1.196 + {
1.197 + TBuf8<KPBEMaxCipherKeyBytes> masterKey;
1.198 + DecryptMasterKeyL(masterKey);
1.199 +
1.200 + CPBDecryptor* decryptor = 0;
1.201 + //make sure the masterkey we pass is exactly the right length for the cipher
1.202 + decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(),
1.203 + masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
1.204 + return decryptor;
1.205 + }
1.206 +
1.207 +void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const
1.208 + {
1.209 + CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC(
1.210 + iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
1.211 + aMasterKey.SetLength(0);
1.212 + decryptor->Process(*iEncryptedMasterKey, aMasterKey);
1.213 + CleanupStack::PopAndDestroy(decryptor);
1.214 + }
1.215 +
1.216 +void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey)
1.217 + {
1.218 + CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC(
1.219 + iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
1.220 + TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des());
1.221 + encryptedMasterKeyBuf.SetLength(0);
1.222 + encryptor->Process(aMasterKey, encryptedMasterKeyBuf);
1.223 + CleanupStack::PopAndDestroy(encryptor);
1.224 + }
1.225 +
1.226 +CPBEncryptSet::CPBEncryptSet()
1.227 + {
1.228 + }
1.229 +
1.230 +CPBEncryptSet::~CPBEncryptSet()
1.231 + {
1.232 + delete iEncryptedMasterKey;
1.233 + }
1.234 +
1.235 +// Warning: This function is only valid BEFORE you call NewEncryptL
1.236 +// After creating the cipher, ask it about itself, not me!
1.237 +// This is _very_ dodgy as I assume all sorts of things about the encryptor.
1.238 +// 1) That it uses SSLv3 or similar style padding
1.239 +// 2) That it stores the IV for that stream at the front.
1.240 +// This is here for specific application that requires this and aren't able to
1.241 +// actually construct the cipher and ask it. In almost all other cases you
1.242 +// should construct the cipher and ask it.
1.243 +TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const
1.244 + {
1.245 + TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
1.246 + TUint padding = blocksize - aPlaintextLength % blocksize;
1.247 + //totallength = blocksize of iv hidden at beginning + inputLength + padding
1.248 + return blocksize + aPlaintextLength + padding;
1.249 + }
1.250 +
1.251 +// Warning: This function is only valid BEFORE you call NewDecryptL
1.252 +// After creating the cipher, ask it about itself, not me!
1.253 +TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const
1.254 + {
1.255 + /*It's impossible to determine anything about how much padding will be
1.256 + * removed. So we'll return a max length that is longer than will ever
1.257 + * happen by at most a blocksize - 1.
1.258 + */
1.259 + //In all cases SSLv3 padding has at least one byte of padding.
1.260 + TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
1.261 + //totallength = inputlength - iv hidden at beginning - 1 byte of padding
1.262 + return aCiphertextLength - blocksize - 1;
1.263 + }
1.264 +