1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/crypto/weakcryptospi/source/padding/padding.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,374 @@
1.4 +/*
1.5 +* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +#include <e32base.h>
1.23 +#include <random.h>
1.24 +#include <padding.h>
1.25 +#include <securityerr.h>
1.26 +#include <cryptopanic.h>
1.27 +
1.28 +#include "paddingshim.h"
1.29 +
1.30 +/* CPadding */
1.31 +CPadding::CPadding(void) : iBlockBytes(-1)
1.32 + {
1.33 + }
1.34 +
1.35 +EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
1.36 + {
1.37 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
1.38 + }
1.39 +
1.40 +EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
1.41 + {
1.42 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
1.43 + iBlockBytes = aBlockBytes;
1.44 + }
1.45 +
1.46 +EXPORT_C TInt CPadding::BlockSize(void) const
1.47 + {
1.48 + return iBlockBytes;
1.49 + }
1.50 +
1.51 +EXPORT_C TInt CPadding::MaxPaddedLength(TInt /*aInputBytes*/) const
1.52 + {
1.53 + return BlockSize();
1.54 + }
1.55 +
1.56 +EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
1.57 + {
1.58 + return aInputBytes - MinPaddingLength();
1.59 + }
1.60 +
1.61 +EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
1.62 + {
1.63 + // Check that the input is small enough to fit inside one padded block
1.64 + // Won't leave if input text is equal to blocksize. Let DoPadL handle such situations
1.65 + if(aInput.Length() > BlockSize() - MinPaddingLength()
1.66 + && aInput.Length() != BlockSize())
1.67 + User::Leave(KErrArgument);
1.68 +
1.69 + // Check that the output descriptor supplied is large enough to store the result
1.70 + if(aOutput.MaxLength() < MaxPaddedLength(aInput.Length()))
1.71 + User::Leave(KErrOverflow);
1.72 +
1.73 + // Call the virtual function, implemented by derived classes
1.74 + DoPadL(aInput, aOutput);
1.75 + }
1.76 +
1.77 +TInt CPadding::GetExtension(TUint aExtensionId, TAny*& a0, TAny* a1)
1.78 + {
1.79 + return Extension_(aExtensionId, a0, a1);
1.80 + }
1.81 +
1.82 +/* CPaddingNone */
1.83 +EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
1.84 + {
1.85 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
1.86 + return CPaddingNoneShim::NewL(aBlockBytes);
1.87 + }
1.88 +
1.89 +EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
1.90 + {
1.91 + CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
1.92 + CleanupStack::PushL(self);
1.93 + return self;
1.94 + }
1.95 +
1.96 +EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
1.97 + {
1.98 + }
1.99 +
1.100 +void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.101 + {
1.102 + aOutput.Append(aInput);
1.103 + }
1.104 +
1.105 +void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.106 + {
1.107 + __ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.108 + aOutput.Append(aInput);
1.109 + }
1.110 +
1.111 +TInt CPaddingNone::MinPaddingLength(void) const
1.112 + {
1.113 + return 0;
1.114 + }
1.115 +
1.116 +TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
1.117 + {
1.118 + return aInputSize;
1.119 + }
1.120 +
1.121 +/* CPaddingSSLv3 */
1.122 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
1.123 + {
1.124 + __ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
1.125 + return CPaddingSSLv3Shim::NewL(aBlockBytes);
1.126 + }
1.127 +
1.128 +EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
1.129 + {
1.130 + CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
1.131 + CleanupStack::PushL(self);
1.132 + return self;
1.133 + }
1.134 +
1.135 +EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
1.136 + {
1.137 + }
1.138 +
1.139 +void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.140 + {
1.141 + TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
1.142 + aOutput.Append(aInput);
1.143 + aOutput.SetLength(aOutput.Length()+paddingBytes);
1.144 + for (TInt i=1;i<=paddingBytes;i++)
1.145 + {
1.146 + aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
1.147 + }
1.148 + }
1.149 +
1.150 +void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.151 + {
1.152 + TInt paddingLen = aInput[aInput.Length()-1] + 1;
1.153 +
1.154 + if (paddingLen > aInput.Length())
1.155 + {
1.156 + User::Leave(KErrInvalidPadding);
1.157 + }
1.158 +
1.159 + TInt outlen = aInput.Length() - paddingLen;
1.160 +
1.161 + __ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.162 +
1.163 + aOutput.Append(aInput.Left(outlen));
1.164 + }
1.165 +
1.166 +TInt CPaddingSSLv3::MinPaddingLength(void) const
1.167 + {
1.168 + //if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
1.169 + return 1;
1.170 + }
1.171 +
1.172 +TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
1.173 + {
1.174 + TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
1.175 + return padBytes + aInputBytes;
1.176 + }
1.177 +
1.178 +/* CPaddingPKCS1Signature */
1.179 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
1.180 + {
1.181 + return CPaddingPKCS1SignatureShim::NewL(aBlockBytes);
1.182 + }
1.183 +
1.184 +EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
1.185 + {
1.186 + CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
1.187 + CleanupStack::PushL(self);
1.188 + return self;
1.189 + }
1.190 +
1.191 +EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
1.192 + : CPadding(aBlockBytes)
1.193 + {
1.194 + }
1.195 +
1.196 +void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.197 + {
1.198 + aOutput.SetLength(BlockSize());
1.199 + TInt i;
1.200 + TInt j;
1.201 + aOutput[0]=0;
1.202 + TInt startOfData=BlockSize()-aInput.Length();
1.203 + // PKCS1 also specifies a block type 0 for private key operations but
1.204 + // does not recommend its use. This block type (0) is compatible with
1.205 + // unpadded data though so you can create PKCS1 type 0 blocks using
1.206 + // CPaddingNone.
1.207 + aOutput[1]=1; // Block type 1 (private key operation)
1.208 + for (i=2;i<(startOfData-1);i++)
1.209 + {
1.210 + aOutput[i]=0xff;
1.211 + }
1.212 + j=0;
1.213 + aOutput[startOfData-1]=0; // separator
1.214 + for (i=startOfData;i<BlockSize();i++,j++)
1.215 + {
1.216 + aOutput[i]=aInput[j];
1.217 + }
1.218 + }
1.219 +
1.220 +void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.221 + {
1.222 + // erm, oops, this is not quite as simplistic as it first looks...
1.223 + // our integer class will strip any leading zeros so we might actually
1.224 + // get some real data that starts out looking like padding but isn't
1.225 + // really
1.226 +
1.227 + TInt inputLen = aInput.Length();
1.228 + if (inputLen <=0 )
1.229 + User::Leave(KErrInvalidPadding); // Invalid padding data
1.230 +
1.231 + // Leading zero may have been stripped off by integer class
1.232 + TInt dataStart=0;
1.233 + if (aInput[dataStart] == 0)
1.234 + {
1.235 + ++dataStart;
1.236 + }
1.237 +
1.238 + if (dataStart < inputLen && aInput[dataStart]) // might be mode one or mode zero,
1.239 + {
1.240 + ++dataStart;
1.241 + while (dataStart < inputLen && aInput[dataStart] == 0xff)
1.242 + {
1.243 + ++dataStart;
1.244 + }
1.245 +
1.246 + if (dataStart == inputLen || aInput[dataStart]) // this would mean theres no zero between 0x01ff and data...so its not mode one
1.247 + dataStart=0; // mode zero, start from begining of data
1.248 + else
1.249 + ++dataStart;
1.250 + }
1.251 + else // We've definitely got a mode zero
1.252 + { // or broken data, assume mode zero
1.253 + dataStart=0;
1.254 + }
1.255 +
1.256 + TInt len=inputLen-dataStart;
1.257 +
1.258 + __ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.259 +
1.260 + aOutput.SetLength(len);
1.261 + TInt i=0;
1.262 + while (dataStart<inputLen)
1.263 + {
1.264 + aOutput[i++]=aInput[dataStart++];
1.265 + }
1.266 + }
1.267 +
1.268 +TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
1.269 + {
1.270 + return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
1.271 + }
1.272 +
1.273 +/* CPaddingPKCS1Encryption */
1.274 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
1.275 + TInt aBlockBytes)
1.276 + {
1.277 + return CPaddingPKCS1EncryptionShim::NewL(aBlockBytes);
1.278 + }
1.279 +
1.280 +EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
1.281 + TInt aBlockBytes)
1.282 + {
1.283 + CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
1.284 + CleanupStack::PushL(self);
1.285 + return self;
1.286 + }
1.287 +
1.288 +EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
1.289 + : CPadding(aBlockBytes)
1.290 + {
1.291 + }
1.292 +
1.293 +void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
1.294 + {
1.295 + aOutput.SetLength(BlockSize());
1.296 +
1.297 + aOutput[0]=0;
1.298 + TInt startOfData=BlockSize()-aInput.Length();
1.299 + aOutput[1]=2; // Block type 2 (public key operation)
1.300 + TBuf8<256> rnd(256);
1.301 + TRAPD(err, GenerateRandomBytesL(rnd));
1.302 + if((err != KErrNone) && (err != KErrNotSecure))
1.303 + User::Leave(err);
1.304 +
1.305 + TInt i = 2;
1.306 + TInt j = 0;
1.307 + for (; i<(startOfData-1);)
1.308 + {
1.309 + if (rnd[j])
1.310 + {
1.311 + aOutput[i++]=rnd[j];
1.312 + }
1.313 + if (++j==256)
1.314 + {
1.315 + TRAP(err, GenerateRandomBytesL(rnd));
1.316 + if((err != KErrNone) && (err != KErrNotSecure))
1.317 + User::Leave(err);
1.318 + j=0;
1.319 + }
1.320 + }
1.321 +
1.322 + j=0;
1.323 + aOutput[startOfData-1]=0; // separator
1.324 + for (i=startOfData;i<BlockSize();i++,j++)
1.325 + {
1.326 + aOutput[i]=aInput[j];
1.327 + }
1.328 + }
1.329 +
1.330 +void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
1.331 + {
1.332 + TInt inputLen = aInput.Length();
1.333 + if (inputLen <= 0)
1.334 + User::Leave(KErrInvalidPadding); // Invalid padding data
1.335 +
1.336 + // Leading zero may have been stripped off by integer class
1.337 + TInt dataStart=0;
1.338 + if (aInput[dataStart] == 0)
1.339 + {
1.340 + ++dataStart;
1.341 + }
1.342 +
1.343 + // expecting mode 2 padding, otherwise broken
1.344 + if (dataStart == inputLen || aInput[dataStart] != 2)
1.345 + {
1.346 + User::Leave(KErrInvalidPadding);
1.347 + }
1.348 + ++dataStart;
1.349 +
1.350 + // skip random non zero bytes
1.351 + while (dataStart < inputLen && aInput[dataStart])
1.352 + {
1.353 + ++dataStart;
1.354 + }
1.355 +
1.356 + // expecting zero separator
1.357 + if (dataStart == inputLen || aInput[dataStart] != 0)
1.358 + {
1.359 + User::Leave(KErrInvalidPadding);
1.360 + }
1.361 + ++dataStart;
1.362 +
1.363 + TInt len = inputLen - dataStart;
1.364 + __ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
1.365 +
1.366 + aOutput.SetLength(len);
1.367 + TInt i=0;
1.368 + while (dataStart<inputLen)
1.369 + {
1.370 + aOutput[i++]=aInput[dataStart++];
1.371 + }
1.372 + }
1.373 +
1.374 +TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
1.375 + {
1.376 + return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
1.377 + }