os/security/crypto/weakcryptospi/source/padding/padding.cpp
changeset 0 bde4ae8d615e
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/os/security/crypto/weakcryptospi/source/padding/padding.cpp	Fri Jun 15 03:10:57 2012 +0200
     1.3 @@ -0,0 +1,374 @@
     1.4 +/*
     1.5 +* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
     1.6 +* All rights reserved.
     1.7 +* This component and the accompanying materials are made available
     1.8 +* under the terms of the License "Eclipse Public License v1.0"
     1.9 +* which accompanies this distribution, and is available
    1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
    1.11 +*
    1.12 +* Initial Contributors:
    1.13 +* Nokia Corporation - initial contribution.
    1.14 +*
    1.15 +* Contributors:
    1.16 +*
    1.17 +* Description: 
    1.18 +*
    1.19 +*/
    1.20 +
    1.21 +
    1.22 +#include <e32base.h>
    1.23 +#include <random.h>
    1.24 +#include <padding.h>
    1.25 +#include <securityerr.h>
    1.26 +#include <cryptopanic.h>
    1.27 +
    1.28 +#include "paddingshim.h"
    1.29 +
    1.30 +/* CPadding */
    1.31 +CPadding::CPadding(void) : iBlockBytes(-1)
    1.32 +	{
    1.33 +	}
    1.34 +
    1.35 +EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
    1.36 +	{
    1.37 +	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
    1.38 +	}
    1.39 +
    1.40 +EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
    1.41 +	{
    1.42 +	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
    1.43 +	iBlockBytes = aBlockBytes;
    1.44 +	}
    1.45 +
    1.46 +EXPORT_C TInt CPadding::BlockSize(void) const
    1.47 +	{
    1.48 +	return iBlockBytes;
    1.49 +	}
    1.50 +
    1.51 +EXPORT_C TInt CPadding::MaxPaddedLength(TInt /*aInputBytes*/) const
    1.52 +	{
    1.53 +	return BlockSize();
    1.54 +	}
    1.55 +
    1.56 +EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
    1.57 +	{
    1.58 +	return aInputBytes - MinPaddingLength();
    1.59 +	}
    1.60 +
    1.61 +EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
    1.62 +	{
    1.63 +	// Check that the input is small enough to fit inside one padded block
    1.64 +	// Won't leave if input text is equal to blocksize. Let DoPadL handle such situations
    1.65 +	if(aInput.Length() > BlockSize() - MinPaddingLength()
    1.66 +			&& aInput.Length() != BlockSize()) 	
    1.67 +		User::Leave(KErrArgument);
    1.68 +	
    1.69 +	// Check that the output descriptor supplied is large enough to store the result
    1.70 +	if(aOutput.MaxLength() < MaxPaddedLength(aInput.Length())) 	
    1.71 +		User::Leave(KErrOverflow);
    1.72 +
    1.73 +	// Call the virtual function, implemented by derived classes
    1.74 +	DoPadL(aInput, aOutput);
    1.75 +	}
    1.76 +
    1.77 +TInt CPadding::GetExtension(TUint aExtensionId, TAny*& a0, TAny* a1)
    1.78 +	{
    1.79 +	return Extension_(aExtensionId, a0, a1);
    1.80 +	}
    1.81 +
    1.82 +/* CPaddingNone */
    1.83 +EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
    1.84 +	{
    1.85 +	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
    1.86 +	return CPaddingNoneShim::NewL(aBlockBytes);
    1.87 +	}
    1.88 +
    1.89 +EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
    1.90 +	{
    1.91 +	CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
    1.92 +	CleanupStack::PushL(self);
    1.93 +	return self;
    1.94 +	}
    1.95 +
    1.96 +EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
    1.97 +	{
    1.98 +	}
    1.99 +
   1.100 +void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
   1.101 +	{
   1.102 +	aOutput.Append(aInput);
   1.103 +	}
   1.104 +
   1.105 +void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
   1.106 +	{
   1.107 +	__ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
   1.108 +	aOutput.Append(aInput);
   1.109 +	}
   1.110 +
   1.111 +TInt CPaddingNone::MinPaddingLength(void) const
   1.112 +	{
   1.113 +	return 0;
   1.114 +	}
   1.115 +
   1.116 +TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
   1.117 +	{
   1.118 +	return aInputSize;
   1.119 +	}
   1.120 +
   1.121 +/* CPaddingSSLv3 */
   1.122 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
   1.123 +	{
   1.124 +	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
   1.125 +	return CPaddingSSLv3Shim::NewL(aBlockBytes);	
   1.126 +	}
   1.127 +
   1.128 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
   1.129 +	{
   1.130 +	CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
   1.131 +	CleanupStack::PushL(self);
   1.132 +	return self;
   1.133 +	}
   1.134 +
   1.135 +EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
   1.136 +	{
   1.137 +	}
   1.138 +
   1.139 +void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
   1.140 +	{
   1.141 +	TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
   1.142 +	aOutput.Append(aInput);
   1.143 +	aOutput.SetLength(aOutput.Length()+paddingBytes);
   1.144 +	for (TInt i=1;i<=paddingBytes;i++)
   1.145 +		{
   1.146 +		aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
   1.147 +		}
   1.148 +	}
   1.149 +
   1.150 +void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
   1.151 +	{
   1.152 +	TInt paddingLen = aInput[aInput.Length()-1] + 1;
   1.153 +
   1.154 +	if (paddingLen > aInput.Length())
   1.155 +		{
   1.156 +		User::Leave(KErrInvalidPadding);
   1.157 +		}
   1.158 +
   1.159 +	TInt outlen = aInput.Length() - paddingLen;
   1.160 +
   1.161 +	__ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
   1.162 +
   1.163 +	aOutput.Append(aInput.Left(outlen));
   1.164 +	}
   1.165 +
   1.166 +TInt CPaddingSSLv3::MinPaddingLength(void) const
   1.167 +	{
   1.168 +	//if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
   1.169 +	return 1;
   1.170 +	}
   1.171 +
   1.172 +TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
   1.173 +	{
   1.174 +	TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
   1.175 +	return padBytes + aInputBytes;
   1.176 +	}
   1.177 +
   1.178 +/* CPaddingPKCS1Signature */
   1.179 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
   1.180 +	{
   1.181 +	return CPaddingPKCS1SignatureShim::NewL(aBlockBytes);
   1.182 +	}
   1.183 +
   1.184 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
   1.185 +	{
   1.186 +	CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
   1.187 +	CleanupStack::PushL(self);
   1.188 +	return self;
   1.189 +	}
   1.190 +
   1.191 +EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
   1.192 +	: CPadding(aBlockBytes)
   1.193 +	{
   1.194 +	}
   1.195 +
   1.196 +void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
   1.197 +	{
   1.198 +	aOutput.SetLength(BlockSize());
   1.199 +	TInt i;
   1.200 +	TInt j;
   1.201 +	aOutput[0]=0;
   1.202 +	TInt startOfData=BlockSize()-aInput.Length();
   1.203 +	// PKCS1 also specifies a block type 0 for private key operations but
   1.204 +	// does not recommend its use. This block type (0) is compatible with 
   1.205 +	// unpadded data though so you can create PKCS1 type 0 blocks using 
   1.206 +	// CPaddingNone.
   1.207 +	aOutput[1]=1;				// Block type 1 (private key operation)
   1.208 +	for (i=2;i<(startOfData-1);i++)
   1.209 +		{
   1.210 +		aOutput[i]=0xff;
   1.211 +		}
   1.212 +	j=0;
   1.213 +	aOutput[startOfData-1]=0;				// separator
   1.214 +	for (i=startOfData;i<BlockSize();i++,j++)
   1.215 +		{
   1.216 +		aOutput[i]=aInput[j];
   1.217 +		}
   1.218 +	}
   1.219 +	
   1.220 +void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
   1.221 +	{
   1.222 +	// erm, oops, this is not quite as simplistic as it first looks...
   1.223 +	// our integer class will strip any leading zeros so we might actually
   1.224 +	// get some real data that starts out looking like padding but isn't 
   1.225 +	// really
   1.226 +	
   1.227 +	TInt inputLen = aInput.Length();
   1.228 +	if (inputLen <=0 )				
   1.229 +		User::Leave(KErrInvalidPadding);	//	Invalid padding data
   1.230 +
   1.231 +	// Leading zero may have been stripped off by integer class
   1.232 +	TInt dataStart=0;
   1.233 +	if (aInput[dataStart] == 0)
   1.234 +		{
   1.235 +		++dataStart;
   1.236 +		}
   1.237 +
   1.238 +	if (dataStart < inputLen && aInput[dataStart])		//	might be mode one or mode zero,
   1.239 +		{
   1.240 +		++dataStart;
   1.241 +		while (dataStart < inputLen && aInput[dataStart] == 0xff)
   1.242 +			{
   1.243 +			++dataStart;
   1.244 +			}
   1.245 +		
   1.246 +		if (dataStart == inputLen || aInput[dataStart])	//	this would mean theres no zero between 0x01ff and data...so its not mode one
   1.247 +			dataStart=0;			//	mode zero, start from begining of data
   1.248 +		else
   1.249 +			++dataStart;
   1.250 +		}
   1.251 +	else							//	We've definitely got a mode zero 
   1.252 +		{							//	or broken data, assume mode zero
   1.253 +		dataStart=0;		
   1.254 +		}
   1.255 +
   1.256 +	TInt len=inputLen-dataStart;
   1.257 +
   1.258 +	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
   1.259 +
   1.260 +	aOutput.SetLength(len);
   1.261 +	TInt i=0;
   1.262 +	while (dataStart<inputLen)
   1.263 +		{
   1.264 +		aOutput[i++]=aInput[dataStart++];
   1.265 +		}
   1.266 +	}
   1.267 +
   1.268 +TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
   1.269 +	{
   1.270 +	return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
   1.271 +	}
   1.272 +
   1.273 +/* CPaddingPKCS1Encryption */
   1.274 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
   1.275 +	TInt aBlockBytes)
   1.276 +	{
   1.277 +	return CPaddingPKCS1EncryptionShim::NewL(aBlockBytes);
   1.278 +	}
   1.279 +
   1.280 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
   1.281 +	TInt aBlockBytes)
   1.282 +	{
   1.283 +	CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
   1.284 +	CleanupStack::PushL(self);
   1.285 +	return self;
   1.286 +	}
   1.287 +
   1.288 +EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
   1.289 +	: CPadding(aBlockBytes)
   1.290 +	{
   1.291 +	}
   1.292 +
   1.293 +void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
   1.294 +	{
   1.295 +	aOutput.SetLength(BlockSize());
   1.296 +	
   1.297 +	aOutput[0]=0;
   1.298 +	TInt startOfData=BlockSize()-aInput.Length();
   1.299 +	aOutput[1]=2;				// Block type 2 (public key operation)
   1.300 +	TBuf8<256> rnd(256);
   1.301 +	TRAPD(err, GenerateRandomBytesL(rnd));
   1.302 +	if((err != KErrNone) && (err != KErrNotSecure))
   1.303 +	    User::Leave(err);
   1.304 +
   1.305 +	TInt i = 2;
   1.306 +	TInt j = 0;
   1.307 +	for (; i<(startOfData-1);)
   1.308 +		{
   1.309 +		if (rnd[j])
   1.310 +			{
   1.311 +			aOutput[i++]=rnd[j];
   1.312 +			}
   1.313 +		if (++j==256)
   1.314 +			{
   1.315 +			TRAP(err, GenerateRandomBytesL(rnd));
   1.316 +			if((err != KErrNone) && (err != KErrNotSecure))
   1.317 +				User::Leave(err);
   1.318 +			j=0;
   1.319 +			}
   1.320 +		}
   1.321 +
   1.322 +	j=0;
   1.323 +	aOutput[startOfData-1]=0;				// separator
   1.324 +	for (i=startOfData;i<BlockSize();i++,j++)
   1.325 +		{
   1.326 +		aOutput[i]=aInput[j];
   1.327 +		}
   1.328 +	}
   1.329 +	
   1.330 +void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
   1.331 +	{
   1.332 +	TInt inputLen = aInput.Length();
   1.333 +	if (inputLen <= 0)				
   1.334 +		User::Leave(KErrInvalidPadding);	//	Invalid padding data
   1.335 +
   1.336 +	// Leading zero may have been stripped off by integer class
   1.337 +	TInt dataStart=0;
   1.338 +	if (aInput[dataStart] == 0)
   1.339 +		{
   1.340 +		++dataStart;
   1.341 +		}
   1.342 +	
   1.343 +	// expecting mode 2 padding, otherwise broken
   1.344 +	if (dataStart == inputLen || aInput[dataStart] != 2)	
   1.345 +		{
   1.346 +		User::Leave(KErrInvalidPadding);
   1.347 +		}
   1.348 +	++dataStart;
   1.349 +
   1.350 +	// skip random non zero bytes
   1.351 +	while (dataStart < inputLen && aInput[dataStart])
   1.352 +		{
   1.353 +		++dataStart;
   1.354 +		}
   1.355 +
   1.356 +	// expecting zero separator
   1.357 +	if (dataStart == inputLen || aInput[dataStart] != 0)
   1.358 +		{
   1.359 +		User::Leave(KErrInvalidPadding);		
   1.360 +		}
   1.361 +	++dataStart;
   1.362 +
   1.363 +	TInt len = inputLen - dataStart;
   1.364 +	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
   1.365 +
   1.366 +	aOutput.SetLength(len);
   1.367 +	TInt i=0;
   1.368 +	while (dataStart<inputLen)
   1.369 +		{
   1.370 +		aOutput[i++]=aInput[dataStart++];
   1.371 +		}
   1.372 +	}
   1.373 +
   1.374 +TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
   1.375 +	{
   1.376 +	return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
   1.377 +	}