2 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
4 * This component and the accompanying materials are made available
5 * under the terms of the License "Eclipse Public License v1.0"
6 * which accompanies this distribution, and is available
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
9 * Initial Contributors:
10 * Nokia Corporation - initial contribution.
23 #include "pbencryptor.h"
25 #include <securityerr.h>
26 #include "pbesymmetricfactory.h"
28 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword)
30 CPBEncryptSet* self = NewLC(aPassword);
35 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword)
37 CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
38 CleanupStack::PushL(self);
39 self->ConstructL(aPassword.Password());
43 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
44 const TPBECipher aCipher)
46 CPBEncryptSet* self = NewLC(aPassword, aCipher);
51 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
52 const TPBECipher aCipher)
54 CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
55 CleanupStack::PushL(self);
56 self->ConstructL(aPassword.Password(), aCipher);
60 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
61 const CPBEncryptParms& aParms)
63 CPBEncryptSet* self = NewLC(aPassword, aParms);
68 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
69 const CPBEncryptParms& aParms)
71 CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
72 CleanupStack::PushL(self);
73 self->ConstructL(aPassword.Password(), aParms);
77 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData,
78 const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
80 CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword);
85 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData,
86 const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
88 CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
89 CleanupStack::PushL(self);
90 self->ConstructL(aData, aEncryptedKey, aPassword);
94 void CPBEncryptSet::ConstructL(const TDesC8& aPassword)
96 CPBEncryptElement::ConstructL(aPassword);
97 ConstructMasterKeyL();
100 void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
101 const TPBECipher aCipher)
103 CPBEncryptElement::ConstructL(aPassword, aCipher);
104 ConstructMasterKeyL();
107 void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
108 const CPBEncryptParms& aParms)
110 CPBEncryptElement::ConstructL(aPassword, aParms);
111 ConstructMasterKeyL();
114 void CPBEncryptSet::ConstructMasterKeyL(void)
116 TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256);
117 TRandom::RandomL(masterKey);
118 iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256);
119 EncryptMasterKeyL(masterKey);
122 void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData,
123 const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword)
125 CPBEncryptElement::ConstructL(aData, aPassword);
126 iEncryptedMasterKey = aEncryptedMasterKey.AllocL();
129 EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword)
131 //1) Decrypt master key with old encrypt key
132 TBuf8<KPBEMaxCipherKeyBytes> masterKey;
133 DecryptMasterKeyL(masterKey);
135 //2) create new encrypt parms
137 TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes);
138 TRandom::RandomL(authSalt);
140 //3) create a totally new CPBEncryptionData representing the new password
141 CPBEncryptionData* newData = CPBEncryptionData::NewL(
142 aNewPassword.Password(), authSalt, iData->EncryptParms());
147 // regenerate the password using a maximum length salt.
148 CPBEncryptParms& epNonConst =
149 const_cast<CPBEncryptParms&>(iData->EncryptParms());
150 epNonConst.ResizeSaltL(KPBEMaxSaltBytes);
152 TPtr8 iEncryptKeyBuf(iEncryptKey->Des());
153 iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher()));
155 iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf);
157 //4) Encrypt master key with new encrypt key
158 EncryptMasterKeyL(masterKey);
161 EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const
163 return *iEncryptedMasterKey;
166 CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const
168 CPBEncryptor* encryptor = NewEncryptL();
169 CleanupStack::PushL(encryptor);
173 CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const
175 TBuf8<KPBEMaxCipherKeyBytes> masterKey;
176 DecryptMasterKeyL(masterKey);
178 CPBEncryptor* encryptor = 0;
179 //make sure the masterkey we pass is exactly the right length for the cipher
180 encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(),
181 masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
185 CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const
187 CPBDecryptor* decryptor = NewDecryptL();
188 CleanupStack::PushL(decryptor);
192 CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const
194 TBuf8<KPBEMaxCipherKeyBytes> masterKey;
195 DecryptMasterKeyL(masterKey);
197 CPBDecryptor* decryptor = 0;
198 //make sure the masterkey we pass is exactly the right length for the cipher
199 decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(),
200 masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
204 void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const
206 CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC(
207 iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
208 aMasterKey.SetLength(0);
209 decryptor->Process(*iEncryptedMasterKey, aMasterKey);
210 CleanupStack::PopAndDestroy(decryptor);
213 void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey)
215 CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC(
216 iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
217 TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des());
218 encryptedMasterKeyBuf.SetLength(0);
219 encryptor->Process(aMasterKey, encryptedMasterKeyBuf);
220 CleanupStack::PopAndDestroy(encryptor);
223 CPBEncryptSet::CPBEncryptSet()
227 CPBEncryptSet::~CPBEncryptSet()
229 delete iEncryptedMasterKey;
232 // Warning: This function is only valid BEFORE you call NewEncryptL
233 // After creating the cipher, ask it about itself, not me!
234 // This is _very_ dodgy as I assume all sorts of things about the encryptor.
235 // 1) That it uses SSLv3 or similar style padding
236 // 2) That it stores the IV for that stream at the front.
237 // This is here for specific application that requires this and aren't able to
238 // actually construct the cipher and ask it. In almost all other cases you
239 // should construct the cipher and ask it.
240 TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const
242 TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
243 TUint padding = blocksize - aPlaintextLength % blocksize;
244 //totallength = blocksize of iv hidden at beginning + inputLength + padding
245 return blocksize + aPlaintextLength + padding;
248 // Warning: This function is only valid BEFORE you call NewDecryptL
249 // After creating the cipher, ask it about itself, not me!
250 TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const
252 /*It's impossible to determine anything about how much padding will be
253 * removed. So we'll return a max length that is longer than will ever
254 * happen by at most a blocksize - 1.
256 //In all cases SSLv3 padding has at least one byte of padding.
257 TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
258 //totallength = inputlength - iv hidden at beginning - 1 byte of padding
259 return aCiphertextLength - blocksize - 1;