os/security/cryptoplugins/cryptospiplugins/source/softwarecrypto/cmacimpl.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 * Software Mac Implementation
    16 * plugin-dll headers
    17 *
    18 */
    19 
    20 
    21 /**
    22  @file
    23 */
    24 #include "cmacimpl.h"
    25 #include "pluginconfig.h"
    26 #include <cryptospi/cryptomacapi.h>
    27 
    28 
    29 using namespace SoftwareCrypto;
    30 using namespace CryptoSpi;
    31 
    32 /**
    33  * Constants used to generate Key1, Key2 and Key3
    34  */
    35 const TUint8 K1Constant[] = {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01};
    36 const TUint8 K2Constant[] = {0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02};
    37 const TUint8 K3Constant[] = {0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03};
    38 
    39 const TInt KAesXcbcMac96Size = 12;
    40 
    41 
    42 CCMacImpl* CCMacImpl::NewL(const CKey& aKey, CSymmetricCipher* aSymmetricCipher, TInt32 aAlgorithmUid)
    43 	{
    44 	CCMacImpl* self = CCMacImpl::NewLC(aKey, aSymmetricCipher, aAlgorithmUid);
    45 	CleanupStack::Pop(self);
    46 	return self;
    47 	}
    48 														
    49 CCMacImpl* CCMacImpl::NewLC(const CKey& aKey, CSymmetricCipher* aSymmetricCipher, TInt32 aAlgorithmUid)
    50 	{
    51 	CCMacImpl* self = NULL;
    52  	TRAPD(err, self = new (ELeave) CCMacImpl(aSymmetricCipher));
    53   	if(err!=KErrNone)
    54   		{
    55   		delete aSymmetricCipher;
    56   		User::Leave(err);
    57   		}
    58 	CleanupStack::PushL(self);
    59 	self->ConstructL(aKey, aAlgorithmUid);
    60 	return self;
    61 	}
    62 
    63 CKey* CCMacImpl::Create128bitKeyL(const CKey& aKey)
    64 	{
    65 	TBuf8<KMacBlockSize> keybuffer;
    66 	CryptoSpi::CKey* key = NULL;
    67 	
    68 	const TDesC8& keyContent=aKey.GetTDesC8L(CryptoSpi::KSymmetricKeyParameterUid);
    69 
    70 	if( (TUint32)keyContent.Size() > KMacBlockSize)
    71 		{
    72 		// Create key
    73 		CryptoSpi::CCryptoParams* keyParams = CryptoSpi::CCryptoParams::NewLC();
    74 		keybuffer.SetLength(KMacBlockSize);
    75 		keybuffer.FillZ();
    76 		// 'keybuffer' is the key with 128 zero bits.
    77 		keyParams->AddL(keybuffer, CryptoSpi::KSymmetricKeyParameterUid);
    78 		key=CryptoSpi::CKey::NewLC(aKey.KeyProperty(),*keyParams);
    79 		// evaluate final key data.
    80 		SetKeyL(*key);
    81 		CleanupStack::PopAndDestroy(2, keyParams);
    82 		keybuffer.Copy(FinalL(keyContent));
    83 		// 'keybuffer' contains the final key data.
    84 		}
    85 	else 
    86 		{
    87 		keybuffer.Copy(keyContent);
    88 		TUint i;
    89 		for (i=keybuffer.Size();i<KMacBlockSize;++i)
    90 			{
    91 			keybuffer.Append(0);
    92 			}
    93 		// 'keybuffer' contains the final key data.
    94 		}
    95 	
    96 	// create a new CKey instance and assign it to iKey using 'keybuffer'.
    97 	CryptoSpi::CCryptoParams* keyParams = CryptoSpi::CCryptoParams::NewLC();
    98 	keyParams->AddL(keybuffer, CryptoSpi::KSymmetricKeyParameterUid);
    99 	key=CryptoSpi::CKey::NewL(aKey.KeyProperty(),*keyParams);
   100 	CleanupStack::PopAndDestroy(keyParams);	
   101 
   102 	// 'key' will contain the final CKey instance.
   103 	return key;
   104 	}
   105 
   106 void CCMacImpl::SetKeyL(const CKey& aKey)
   107 	{
   108 	const TPtrC8 KeyConstant1(K1Constant, KMacBlockSize);
   109 	const TPtrC8 KeyConstant2(K2Constant, KMacBlockSize);
   110 	const TPtrC8 KeyConstant3(K3Constant, KMacBlockSize);
   111 
   112 	// Initialize the cipher class to encrypt Keyconstants to generate additional keys.
   113 	if (iImplementationUid == CryptoSpi::KAlgorithmCipherAesXcbcPrf128)
   114 		{
   115 		// RFC 4434: keys that were not equal in length to 128 bits will no longer be
   116 		// rejected but instead will be made 128 bits for AES-XCBC-PRF-128 Algorithm only.
   117 		CryptoSpi::CKey* key = Create128bitKeyL(aKey);
   118 		CleanupStack::PushL(key);
   119 		iCipherImpl->SetKeyL(*key);
   120 		CleanupStack::PopAndDestroy(key);	
   121 		}
   122 	else
   123 		{
   124 		iCipherImpl->SetKeyL(aKey);
   125 		}
   126 	iCipherImpl->SetCryptoModeL(CryptoSpi::KCryptoModeEncryptUid);
   127 	iCipherImpl->SetOperationModeL(CryptoSpi::KOperationModeNoneUid);
   128 
   129 	// cipher class expects the output buffer to be empty.
   130 	iKey1.Zero();
   131 	iKey2.Zero();
   132 	iKey3.Zero();
   133 
   134 	// aKey is used to generate Key1, Key2 and Key3.
   135 	// Where Key1 = encrypt KeyConstant1 with aKey
   136 	// Where Key2 = encrypt KeyConstant2 with aKey
   137 	// Where Key3 = encrypt KeyConstant3 with aKey
   138 	
   139 	// Key1 is used to encrypt the data whereas
   140 	// Key2 and Key3 is used to XOR with the last 
   141 	// block.
   142     iCipherImpl->ProcessFinalL(KeyConstant1, iKey1);
   143 	iCipherImpl->ProcessFinalL(KeyConstant2, iKey2);
   144 	iCipherImpl->ProcessFinalL(KeyConstant3, iKey3);
   145 	
   146 	// Create CKey instance with key1
   147 	CCryptoParams* keyParam =CCryptoParams::NewLC();
   148  	keyParam->AddL(iKey1, CryptoSpi::KSymmetricKeyParameterUid);
   149 
   150  	delete iKey;
   151  	iKey = NULL;
   152  	iKey=CKey::NewL(aKey.KeyProperty(), *keyParam);
   153  	// Initialize the cipher class for MAC calculation.
   154 	iCipherImpl->SetKeyL(*iKey);
   155  	iCipherImpl->SetOperationModeL(CryptoSpi::KOperationModeCBCUid);
   156  	Mem::FillZ(iE, sizeof(iE));
   157  	iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
   158 
   159  	CleanupStack::PopAndDestroy(keyParam);
   160 	}
   161 
   162 CCMacImpl::~CCMacImpl()
   163 	{
   164 	delete iKey;
   165 	delete iCipherImpl;
   166 	}
   167 
   168 CCMacImpl::CCMacImpl(const CCMacImpl& aCCMacImpl)
   169 	{
   170 	iImplementationUid = aCCMacImpl.iImplementationUid;
   171 	iKey1.Copy(aCCMacImpl.iKey1);
   172 	iKey2.Copy(aCCMacImpl.iKey2);
   173 	iKey3.Copy(aCCMacImpl.iKey3);
   174 	
   175 	(void)Mem::Copy(iE, aCCMacImpl.iE, sizeof(iE));
   176 	(void)Mem::Copy(iData, aCCMacImpl.iData, sizeof(iData));
   177 	
   178 	iCurrentTotalLength = aCCMacImpl.iCurrentTotalLength;
   179 	}
   180 
   181 const CExtendedCharacteristics* CCMacImpl::GetExtendedCharacteristicsL()
   182 	{
   183 	return iCipherImpl->GetExtendedCharacteristicsL();
   184 	}
   185 
   186 CCMacImpl::CCMacImpl(CryptoSpi::CSymmetricCipher* aSymmetricCipher)
   187 	{
   188 	iCipherImpl = aSymmetricCipher;
   189 	aSymmetricCipher = NULL;
   190 	iMacValue.SetLength(KMacBlockSize);
   191 	}
   192 
   193 void CCMacImpl::ConstructL(const CKey& aKey, TInt32 aAlgorithmUid) 
   194 	{
   195 	iImplementationUid = aAlgorithmUid;
   196 	
   197     switch(aAlgorithmUid)
   198     	{
   199     	case CryptoSpi::KAlgorithmCipherAesXcbcMac96:
   200     	case CryptoSpi::KAlgorithmCipherAesXcbcPrf128:
   201     		{
   202     		SetKeyL(aKey);
   203      		break;
   204     		}
   205     	default:
   206     		{
   207     		User::Leave(KErrNotSupported);
   208     		}
   209     	}
   210 	}
   211 
   212 /**
   213  * Takes the message and XOR it with iData.
   214  * 
   215  * @param aKey 128bit key. This key will be XORed with iData.
   216  * @param aOutput  The result of the XOR operation will be copied to this.
   217  * 				   Its length should be 128bit (16bytes).
   218  */
   219 
   220 void CCMacImpl::XORKeyWithData(const TDesC8& aKey, TDes8& aOutput)
   221 	{
   222 	for (TInt i = 0; i < KMacBlockSize; ++i)
   223 		{
   224 		aOutput[i] = iData[i] ^ aKey[i];
   225 		}
   226 	}
   227 
   228 /**
   229  * This function is used to pad message M to make the total message
   230  * length multiple of block size (128bit). The last block M[n] will be 
   231  * padded with a single "1" bit followed by the number of "0" bits required
   232  * to increase M[n]'s size to 128 bits (Block Size).
   233  * 
   234  * Used in AES-XCBC-MAC-96 and AES-XCBC-PRF-128 Mac algorithms.
   235  */
   236 void CCMacImpl::PadMessage()
   237 	{
   238 	if(iCurrentTotalLength < KMacBlockSize)
   239 		{
   240 		iData[iCurrentTotalLength] = 0x80;
   241 		Mem::FillZ(iData + iCurrentTotalLength+1, KMacBlockSize - iCurrentTotalLength - 1);
   242 		}
   243 	}
   244 
   245 void CCMacImpl::Reset()
   246 	{
   247 	Mem::FillZ(iE,sizeof(iE));
   248 	iCurrentTotalLength =0;
   249 	// record for Reset, for the next time MacL, UpdateL or FinalL is called as we
   250 	// cannot leave in Reset.
   251 	TRAP(iDelayedReset, iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize)));
   252 	}
   253 
   254 TPtrC8 CCMacImpl::MacL(const TDesC8& aMessage)
   255 	{
   256 	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
   257 	if (iDelayedReset != KErrNone)
   258 		{
   259 		// iE was reset to 128 zero bits in previous call to Reset which leaved.
   260 		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
   261 		iDelayedReset = KErrNone; 
   262 		}
   263 	
   264 	if (aMessage!=KNullDesC8())
   265 		{
   266 		DoUpdateL(aMessage);			
   267 		}
   268 	
   269 	// Calculate MAC
   270 	TPtrC8 macPtr(KNullDesC8());
   271 	macPtr.Set(DoFinalL());
   272 
   273 	// Restore the internal state.
   274 	// We don't want to save any state change happened in 
   275 	// DoFinalL.
   276 	// iE is not updated in DoFinalL function and hence
   277 	// can be used to reset iCipherImpl to previous state.
   278 	iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
   279 	
   280 	return macPtr;		
   281 	}
   282 
   283 TPtrC8 CCMacImpl::FinalL(const TDesC8& aMessage)
   284 	{
   285 	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
   286 	if (iDelayedReset == KErrNone)
   287 		{
   288 		// iE was reset to 128 zero bits in previous call to Reset which leaved.
   289 		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
   290 		iDelayedReset = KErrNone;
   291 		}
   292 
   293 	if (aMessage!=KNullDesC8())
   294 		{
   295 		DoUpdateL(aMessage);			
   296 		}
   297 	TPtrC8 macPtr(KNullDesC8());
   298 	macPtr.Set(DoFinalL());
   299 	Reset();
   300 	return macPtr;
   301 	}
   302 
   303 void CCMacImpl::UpdateL(const TDesC8& aMessage)
   304 	{
   305 	// Reset the cipher with iE as 128 zero bits as it leaved in previous call to Reset. 
   306 	if (iDelayedReset == KErrNone)
   307 		{
   308 		// iE was reset to 128 zero bits in previous call to Reset which leaved.
   309 		iCipherImpl->SetIvL(TPtrC8(iE, KMacBlockSize));
   310 		iDelayedReset = KErrNone;
   311 		}
   312 
   313 	if (aMessage!=KNullDesC8())
   314 		{
   315 		DoUpdateL(aMessage);			
   316 		}
   317 	}
   318 
   319 void CCMacImpl::ProcessBlockL()
   320 	{
   321 	TPtrC8 dataPtr(iData, KMacBlockSize);
   322 	TPtr8 intermediateCipherPtr(iE,0,KMacBlockSize);
   323 	// iData (Block) should be XORed with iE calculated
   324 	// from previoue processing. If it's the first processing
   325 	// then iE will be zero.
   326 	// Here we are not doing explicit XORing because iCpherImpl 
   327 	// is set in CBC mode. Therefore this operation will be
   328 	// done by iCipherImpl
   329 	iCipherImpl->ProcessL(dataPtr, intermediateCipherPtr);
   330 	// After processing discard the block.
   331 	iCurrentTotalLength = 0;
   332 	}
   333 
   334 void CCMacImpl::DoUpdateL(const TDesC8& aMessage)
   335 	{
   336 	TInt curLength = aMessage.Length();
   337 	const TUint8* msgPtr = aMessage.Ptr();
   338 	
   339 	while(curLength > 0)
   340 		{
   341 		// If block is formed then process it.
   342 		if(iCurrentTotalLength == KMacBlockSize)
   343 			ProcessBlockL();
   344 		
   345 		// Check the space left in the block.
   346 		TUint remainingLength = KMacBlockSize - iCurrentTotalLength;
   347 		// If unprocesed message length is less then remainingLength
   348 		// then copy the entire data to iData else copy till iData
   349 		// if full.
   350 		TUint length = Min(curLength, remainingLength);
   351 
   352 		
   353 		// Discard the return value obtained from Mem::Copy( ) function.		
   354 		(void)Mem::Copy(iData+iCurrentTotalLength, msgPtr, length);
   355 		// Update data offset
   356 		iCurrentTotalLength += length;
   357 		curLength -= length;
   358 		msgPtr += length;
   359 		}
   360  	}
   361 
   362 TPtrC8 CCMacImpl::DoFinalL()
   363 	{
   364 	TBuf8<KMacBlockSize> finalBlock;
   365 	finalBlock.SetLength(KMacBlockSize);
   366 	
   367 	// If padding is required then use Key3
   368 	// else use Key2.
   369 	if(iCurrentTotalLength < KMacBlockSize)
   370 		{
   371 		PadMessage();
   372 		XORKeyWithData(iKey3, finalBlock);
   373 		}
   374 	else
   375 		{
   376 		XORKeyWithData(iKey2, finalBlock);
   377 		}
   378 
   379 	// cipher class expects the output buffer to be empty.
   380 	iMacValue.Zero();
   381 
   382 	iCipherImpl->ProcessFinalL(finalBlock, iMacValue);
   383 	
   384     return (iImplementationUid == CryptoSpi::KAlgorithmCipherAesXcbcMac96)? iMacValue.Left(KAesXcbcMac96Size): TPtrC8(iMacValue);
   385 	}
   386 
   387 void CCMacImpl::ReInitialiseAndSetKeyL(const CKey& aKey)
   388 	{
   389 	Reset();
   390 	SetKeyL(aKey);
   391 	}
   392 
   393 
   394 CCMacImpl* CCMacImpl::CopyL()
   395 	{
   396 	CCMacImpl* clone = new(ELeave) CCMacImpl(*this);
   397 	CleanupStack::PushL(clone);
   398 	clone->iKey = CKey::NewL(*iKey);
   399 	CryptoSpi::CSymmetricCipherFactory::CreateSymmetricCipherL(clone->iCipherImpl,
   400 												CryptoSpi::KAesUid,
   401 												*iKey,
   402 												CryptoSpi::KCryptoModeEncryptUid,
   403 												CryptoSpi::KOperationModeCBCUid,
   404 												CryptoSpi::KPaddingModeNoneUid,
   405 												NULL);
   406 	clone->iCipherImpl->SetIvL(TPtrC8(clone->iE, KMacBlockSize));
   407 	CleanupStack::Pop();
   408 	return clone;	
   409 	}
   410 	
   411 CCMacImpl* CCMacImpl::ReplicateL()
   412 	{
   413 	CCMacImpl* replica = CopyL();
   414 	replica->Reset();
   415 	return replica;
   416 	}