|
1 /* |
|
2 * Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include "symmetriccipherimpl.h" |
|
20 |
|
21 #include <e32def.h> |
|
22 #include <cryptostrength.h> |
|
23 #include <cryptospi/cryptospidef.h> |
|
24 #include "keys.h" |
|
25 #include <cryptospi/plugincharacteristics.h> |
|
26 #include "pluginconfig.h" |
|
27 #include <cryptopanic.h> |
|
28 #include <securityerr.h> |
|
29 #include "../../../source/common/inlines.h" |
|
30 |
|
31 using namespace SoftwareCrypto; |
|
32 |
|
33 // |
|
34 // Implementation of Symmetric Cipher class |
|
35 // |
|
36 CSymmetricCipherImpl::CSymmetricCipherImpl() |
|
37 { |
|
38 } |
|
39 |
|
40 void CSymmetricCipherImpl::ConstructL(const CKey& aKey) |
|
41 { |
|
42 DoSetKeyL(aKey); |
|
43 } |
|
44 |
|
45 void CSymmetricCipherImpl::SecureDelete(HBufC8*& aBuffer) |
|
46 { |
|
47 if (aBuffer) |
|
48 { |
|
49 aBuffer->Des().FillZ(); |
|
50 } |
|
51 delete aBuffer; |
|
52 aBuffer = 0; |
|
53 } |
|
54 |
|
55 CSymmetricCipherImpl::~CSymmetricCipherImpl() |
|
56 { |
|
57 SecureDelete(iKey); |
|
58 } |
|
59 |
|
60 void CSymmetricCipherImpl::Close() |
|
61 { |
|
62 delete this; |
|
63 } |
|
64 |
|
65 TAny* CSymmetricCipherImpl::GetExtension(TUid /*aExtensionId*/) |
|
66 { |
|
67 return 0; |
|
68 } |
|
69 |
|
70 void CSymmetricCipherImpl::GetCharacteristicsL(const TAny*& aPluginCharacteristics) |
|
71 { |
|
72 TInt numCiphers = sizeof(KSymmetricCipherCharacteristics)/sizeof(TSymmetricCipherCharacteristics*); |
|
73 TInt32 implUid = ImplementationUid().iUid; |
|
74 for (TInt i = 0; i < numCiphers; ++i) |
|
75 { |
|
76 if (KSymmetricCipherCharacteristics[i]->cmn.iImplementationUID == implUid) |
|
77 { |
|
78 aPluginCharacteristics = KSymmetricCipherCharacteristics[i]; |
|
79 break; |
|
80 } |
|
81 } |
|
82 } |
|
83 |
|
84 TInt CSymmetricCipherImpl::GetKeyStrength() const |
|
85 { |
|
86 return BytesToBits(iKey->Length()); |
|
87 } |
|
88 |
|
89 HBufC8* CSymmetricCipherImpl::ExtractKeyDataLC(const CKey& aKey) const |
|
90 { |
|
91 const TDesC8& keyContent = aKey.GetTDesC8L(KSymmetricKeyParameterUid); |
|
92 return keyContent.AllocLC(); |
|
93 } |
|
94 |
|
95 TInt CSymmetricCipherImpl::KeySize() const |
|
96 { |
|
97 // return key size in BITS |
|
98 return BytesToBits(iKeyBytes); |
|
99 } |
|
100 |
|
101 void CSymmetricCipherImpl::DoSetKeyL(const CKey& aKey) |
|
102 { |
|
103 HBufC8* key = ExtractKeyDataLC(aKey); |
|
104 TInt keyLength(key->Length()); |
|
105 |
|
106 TCrypto::IsSymmetricWeakEnoughL(BytesToBits(keyLength)); |
|
107 if (! IsValidKeyLength(keyLength)) |
|
108 { |
|
109 CleanupStack::PopAndDestroy(key); |
|
110 User::Leave(KErrNotSupported); |
|
111 } |
|
112 |
|
113 SecureDelete(iKey); |
|
114 CleanupStack::Pop(key); |
|
115 iKey = key; |
|
116 iKeyBytes = keyLength; |
|
117 } |
|
118 |
|
119 // |
|
120 // Implementation of Symmetric Stream Cipher |
|
121 // |
|
122 CSymmetricStreamCipherImpl::CSymmetricStreamCipherImpl() |
|
123 { |
|
124 } |
|
125 |
|
126 CSymmetricStreamCipherImpl::~CSymmetricStreamCipherImpl() |
|
127 { |
|
128 } |
|
129 |
|
130 void CSymmetricStreamCipherImpl::SetKeyL(const CKey& aKey) |
|
131 { |
|
132 DoSetKeyL(aKey); |
|
133 TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength()); |
|
134 Reset(); |
|
135 } |
|
136 |
|
137 void CSymmetricStreamCipherImpl::ConstructL(const CKey& aKey) |
|
138 { |
|
139 CSymmetricCipherImpl::ConstructL(aKey); |
|
140 } |
|
141 |
|
142 TInt CSymmetricStreamCipherImpl::BlockSize() const |
|
143 { |
|
144 // return block size in BITS |
|
145 return 8; |
|
146 } |
|
147 |
|
148 void CSymmetricStreamCipherImpl::SetOperationModeL(TUid /*aOperationMode*/) |
|
149 { |
|
150 User::Leave(KErrNotSupported); |
|
151 } |
|
152 |
|
153 void CSymmetricStreamCipherImpl::SetCryptoModeL(TUid /*aCryptoMode*/) |
|
154 { |
|
155 // Call the reset method. |
|
156 Reset(); |
|
157 } |
|
158 |
|
159 void CSymmetricStreamCipherImpl::SetPaddingModeL(TUid /*aPaddingMode*/) |
|
160 { |
|
161 User::Leave(KErrNotSupported); |
|
162 } |
|
163 |
|
164 void CSymmetricStreamCipherImpl::SetIvL(const TDesC8& /*aIv*/) |
|
165 { |
|
166 User::Leave(KErrNotSupported); |
|
167 } |
|
168 |
|
169 TInt CSymmetricStreamCipherImpl::MaxOutputLength(TInt aInputLength) const |
|
170 { |
|
171 return aInputLength; |
|
172 } |
|
173 |
|
174 TInt CSymmetricStreamCipherImpl::MaxFinalOutputLength(TInt aInputLength) const |
|
175 { |
|
176 return aInputLength; |
|
177 } |
|
178 |
|
179 void CSymmetricStreamCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput) |
|
180 { |
|
181 TInt outputIndex = aOutput.Size(); |
|
182 |
|
183 // aOutput may already have outputIndex bytes of data in it |
|
184 // check there will still be enough space to process the result |
|
185 __ASSERT_DEBUG(aOutput.MaxLength() - outputIndex >= MaxOutputLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow)); |
|
186 |
|
187 aOutput.Append(aInput); |
|
188 |
|
189 TPtr8 transformBuf((TUint8*)(aOutput.Ptr()) + outputIndex, aInput.Size(), |
|
190 aInput.Size()); |
|
191 DoProcess(transformBuf); |
|
192 } |
|
193 |
|
194 void CSymmetricStreamCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput) |
|
195 { |
|
196 ProcessL(aInput, aOutput); |
|
197 } |
|
198 |
|
199 // |
|
200 // Implementation of Symmetric Block Cipher |
|
201 // |
|
202 CSymmetricBlockCipherImpl::CSymmetricBlockCipherImpl( |
|
203 TUint8 aBlockBytes, |
|
204 TUid aCryptoMode, |
|
205 TUid aOperationMode, |
|
206 TUid aPaddingMode) : |
|
207 iBlockBytes(aBlockBytes), |
|
208 iCryptoMode(aCryptoMode), |
|
209 iOperationMode(aOperationMode), |
|
210 iPaddingMode(aPaddingMode) |
|
211 { |
|
212 } |
|
213 |
|
214 CSymmetricBlockCipherImpl::~CSymmetricBlockCipherImpl() |
|
215 { |
|
216 delete iPadding; |
|
217 delete iCbcRegister; |
|
218 delete iCurrentCipherText; |
|
219 iIv.Close(); |
|
220 iInputStore.Close(); |
|
221 iPaddingBlock.Close(); |
|
222 } |
|
223 |
|
224 |
|
225 void CSymmetricBlockCipherImpl::ConstructL(const CKey& aKey) |
|
226 { |
|
227 CSymmetricCipherImpl::ConstructL(aKey); |
|
228 DoSetOperationModeL(iOperationMode); |
|
229 DoSetCryptoModeL(iCryptoMode); |
|
230 DoSetPaddingModeL(iPaddingMode); |
|
231 |
|
232 iInputStore.ReAllocL(iBlockBytes); |
|
233 iPaddingBlock.ReAllocL(iBlockBytes); |
|
234 |
|
235 iCbcRegister = new(ELeave) TUint32[iBlockBytes/4]; |
|
236 iCbcRegisterPtr = reinterpret_cast<TUint8*>(iCbcRegister); |
|
237 |
|
238 iCurrentCipherText = new(ELeave) TUint32[iBlockBytes/4]; |
|
239 iCurrentCipherTextPtr = reinterpret_cast<TUint8*>(iCurrentCipherText); |
|
240 } |
|
241 |
|
242 void CSymmetricBlockCipherImpl::Reset() |
|
243 { |
|
244 iInputStore.Zero(); |
|
245 iPaddingBlock.Zero(); |
|
246 |
|
247 if (iOperationMode.iUid == KOperationModeCBC) |
|
248 { |
|
249 // only copy the IV if it is already set |
|
250 if (iIv.MaxLength() > 0) |
|
251 { |
|
252 Mem::Copy(iCbcRegisterPtr, &iIv[0], iBlockBytes); |
|
253 } |
|
254 } |
|
255 } |
|
256 |
|
257 void CSymmetricBlockCipherImpl::SetKeyL(const CKey& aKey) |
|
258 { |
|
259 DoSetKeyL(aKey); |
|
260 TCrypto::IsSymmetricWeakEnoughL(GetKeyStrength()); |
|
261 SetKeySchedule(); |
|
262 Reset(); |
|
263 } |
|
264 |
|
265 void CSymmetricBlockCipherImpl::SetOperationModeL(TUid aOperationMode) |
|
266 { |
|
267 DoSetOperationModeL(aOperationMode); |
|
268 Reset(); |
|
269 } |
|
270 |
|
271 void CSymmetricBlockCipherImpl::SetCryptoModeL(TUid aCryptoMode) |
|
272 { |
|
273 DoSetCryptoModeL(aCryptoMode); |
|
274 SetKeySchedule(); |
|
275 Reset(); |
|
276 } |
|
277 |
|
278 void CSymmetricBlockCipherImpl::SetPaddingModeL(TUid aPaddingMode) |
|
279 { |
|
280 DoSetPaddingModeL(aPaddingMode); |
|
281 Reset(); |
|
282 } |
|
283 |
|
284 void CSymmetricBlockCipherImpl::SetIvL(const TDesC8& aIv) |
|
285 { |
|
286 if (iOperationMode.iUid != KOperationModeCBC) |
|
287 { |
|
288 User::Leave(KErrNotSupported); |
|
289 } |
|
290 DoSetIvL(aIv); |
|
291 Reset(); |
|
292 } |
|
293 |
|
294 void CSymmetricBlockCipherImpl::DoSetOperationModeL(TUid aOperationMode) |
|
295 { |
|
296 switch (aOperationMode.iUid) |
|
297 { |
|
298 case KOperationModeNone: |
|
299 case KOperationModeECB: |
|
300 case KOperationModeCBC: |
|
301 break; |
|
302 default: |
|
303 User::Leave(KErrNotSupported); |
|
304 } |
|
305 iOperationMode = aOperationMode; |
|
306 } |
|
307 |
|
308 void CSymmetricBlockCipherImpl::DoSetCryptoModeL(TUid aCryptoMode) |
|
309 { |
|
310 switch (aCryptoMode.iUid) |
|
311 { |
|
312 case KCryptoModeEncrypt: |
|
313 case KCryptoModeDecrypt: |
|
314 break; |
|
315 default: |
|
316 User::Leave(KErrNotSupported); |
|
317 } |
|
318 iCryptoMode = aCryptoMode; |
|
319 } |
|
320 |
|
321 void CSymmetricBlockCipherImpl::DoSetPaddingModeL(TUid aPaddingMode) |
|
322 { |
|
323 CPadding* padding(0); |
|
324 switch (aPaddingMode.iUid) |
|
325 { |
|
326 case KPaddingModeNone: |
|
327 padding = CPaddingNone::NewL(iBlockBytes); |
|
328 break; |
|
329 case KPaddingModeSSLv3: |
|
330 padding = CPaddingSSLv3::NewL(iBlockBytes); |
|
331 break; |
|
332 case KPaddingModePKCS7: |
|
333 padding = CPaddingPKCS7::NewL(iBlockBytes); |
|
334 break; |
|
335 default: |
|
336 User::Leave(KErrNotSupported); |
|
337 } |
|
338 delete iPadding; |
|
339 iPadding = padding; |
|
340 iPaddingMode = aPaddingMode; |
|
341 } |
|
342 |
|
343 void CSymmetricBlockCipherImpl::DoSetIvL(const TDesC8& aIv) |
|
344 { |
|
345 iIv.ReAllocL(iBlockBytes); |
|
346 iIv.SetLength(iBlockBytes); |
|
347 |
|
348 iIv.Zero(); |
|
349 if (aIv.Length() != iBlockBytes) |
|
350 { |
|
351 User::Leave(KErrArgument); |
|
352 } |
|
353 iIv = aIv; |
|
354 } |
|
355 |
|
356 TInt CSymmetricBlockCipherImpl::BlockSize() const |
|
357 { |
|
358 // return block size in BITS |
|
359 return BytesToBits(iBlockBytes); |
|
360 } |
|
361 |
|
362 TInt CSymmetricBlockCipherImpl::MaxOutputLength(TInt aInputLength) const |
|
363 { |
|
364 // The maximum output length required for Process is equal to the |
|
365 // size of the number of whole input blocks available. |
|
366 // |
|
367 // The block bytes is a power of two so we can use this to avoid |
|
368 // doing a real mod operation |
|
369 TUint inputStoreLength(iInputStore.Length()); |
|
370 TInt rem = (aInputLength + inputStoreLength) & (iBlockBytes - 1); |
|
371 return (aInputLength + inputStoreLength - rem); |
|
372 } |
|
373 |
|
374 TInt CSymmetricBlockCipherImpl::MaxFinalOutputLength(TInt aInputLength) const |
|
375 { |
|
376 if (iCryptoMode.iUid == KCryptoModeEncrypt) |
|
377 { |
|
378 return iPadding->MaxPaddedLength(iInputStore.Length() + aInputLength); |
|
379 } |
|
380 else |
|
381 { |
|
382 return iPadding->MaxUnPaddedLength(aInputLength + iInputStore.Size()); |
|
383 } |
|
384 } |
|
385 |
|
386 void CSymmetricBlockCipherImpl::ProcessL(const TDesC8& aInput, TDes8& aOutput) |
|
387 { |
|
388 // if we're running in CBC mode then we must have an IV set before we can |
|
389 // do any processing ie call SetIvL() before this method |
|
390 if (iOperationMode.iUid == KOperationModeCBC) |
|
391 { |
|
392 if (iIv.MaxLength() == 0) |
|
393 { |
|
394 User::Leave(KErrNotSupported); |
|
395 } |
|
396 } |
|
397 |
|
398 TInt inputLength(aInput.Length()); |
|
399 TInt inputStoreLength(iInputStore.Length()); |
|
400 |
|
401 if (MaxOutputLength(inputLength) > aOutput.MaxLength()) |
|
402 { |
|
403 User::Leave(KErrOverflow); |
|
404 } |
|
405 |
|
406 TUint8 blockSizeLog = CryptoLog2(iBlockBytes); |
|
407 TInt wholeBlocks = (inputLength + inputStoreLength) >> blockSizeLog; |
|
408 TInt wholeBlocksSize = wholeBlocks << blockSizeLog; |
|
409 |
|
410 if (wholeBlocks) |
|
411 { |
|
412 TInt outputLength(aOutput.Length()); |
|
413 |
|
414 if (inputStoreLength > 0) |
|
415 { |
|
416 aOutput.Append(iInputStore); |
|
417 iInputStore.Zero(); |
|
418 } |
|
419 aOutput.Append(aInput.Left(wholeBlocksSize - inputStoreLength)); |
|
420 Transform(const_cast<TUint8*>(aOutput.Ptr()) + outputLength, wholeBlocks); |
|
421 } |
|
422 |
|
423 TInt remainingBytes = inputLength + inputStoreLength - wholeBlocksSize; |
|
424 if (remainingBytes > 0) |
|
425 { |
|
426 iInputStore.Append(aInput.Right(remainingBytes)); |
|
427 } |
|
428 } |
|
429 |
|
430 void CSymmetricBlockCipherImpl::ProcessFinalL(const TDesC8& aInput, TDes8& aOutput) |
|
431 { |
|
432 // if we're running in CBC mode then we must have an IV set before we can |
|
433 // do any processing ie call SetIvL() before this method |
|
434 if (iOperationMode.iUid == KOperationModeCBC) |
|
435 { |
|
436 if (iIv.MaxLength() == 0) |
|
437 { |
|
438 User::Leave(KErrNotSupported); |
|
439 } |
|
440 } |
|
441 |
|
442 if (iCryptoMode.iUid == KCryptoModeEncrypt) |
|
443 { |
|
444 return DoProcessFinalEncryptL(aInput, aOutput); |
|
445 } |
|
446 else |
|
447 { |
|
448 return DoProcessFinalDecryptL(aInput, aOutput); |
|
449 } |
|
450 } |
|
451 |
|
452 void CSymmetricBlockCipherImpl::DoProcessFinalEncryptL(const TDesC8& aInput, TDes8& aOutput) |
|
453 { |
|
454 if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length()) |
|
455 { |
|
456 User::Leave(KErrOverflow); |
|
457 } |
|
458 |
|
459 // process everything up to the last (possibly empty block) |
|
460 TInt outputStartIndex = aOutput.Length(); |
|
461 ProcessL(aInput, aOutput); |
|
462 |
|
463 // pad the plaintext |
|
464 iPadding->PadL(iInputStore, iPaddingBlock); |
|
465 |
|
466 // if padding required |
|
467 if (iPaddingBlock.Length() > 0) |
|
468 { |
|
469 iInputStore.Zero(); |
|
470 |
|
471 // make sure the output is a multiple of the block size |
|
472 User::LeaveIfError(((aOutput.Length() - outputStartIndex + iPaddingBlock.Length()) % iBlockBytes) == 0 ? KErrNone : KErrInvalidPadding); |
|
473 |
|
474 outputStartIndex = aOutput.Length(); |
|
475 aOutput.Append(iPaddingBlock); |
|
476 iPaddingBlock.Zero(); |
|
477 TransformEncrypt(const_cast<TUint8*>(aOutput.Ptr()) + outputStartIndex, 1); |
|
478 } |
|
479 } |
|
480 |
|
481 void CSymmetricBlockCipherImpl::DoProcessFinalDecryptL(const TDesC8& aInput, TDes8& aOutput) |
|
482 { |
|
483 if (MaxFinalOutputLength(aInput.Length()) > aOutput.MaxLength() - aOutput.Length()) |
|
484 { |
|
485 User::Leave(KErrOverflow); |
|
486 } |
|
487 |
|
488 // Input length (including inputstore) must be a multiple of the |
|
489 // block size in length |
|
490 if ((aInput.Length() + iInputStore.Length()) & (iBlockBytes - 1)) |
|
491 { |
|
492 User::Leave(KErrArgument); |
|
493 } |
|
494 |
|
495 TInt bytesProcessed(0); |
|
496 if(aInput.Length() > iBlockBytes) |
|
497 { |
|
498 // the last block lies entirely within aInput so decrypt everything up |
|
499 // to this point. |
|
500 bytesProcessed = aInput.Length() - iBlockBytes; |
|
501 ProcessL(aInput.Left(bytesProcessed), aOutput); |
|
502 ASSERT(iInputStore.Length()==0); // all the blocks should have been decrypted |
|
503 } |
|
504 else |
|
505 { |
|
506 // if the input is less than one block in length then this + input |
|
507 // store should combine to give exactly one block of data |
|
508 ASSERT((iInputStore.Length() + aInput.Length()) == iBlockBytes); |
|
509 } |
|
510 |
|
511 // now contains the final ciphertext block |
|
512 iInputStore.Append(aInput.Right(aInput.Length() - bytesProcessed)); |
|
513 |
|
514 // Decrypt the last _padding_ blocksize into a new buffer |
|
515 TransformDecrypt(const_cast<TUint8*>(iInputStore.Ptr()), 1); |
|
516 |
|
517 // Unpad the last block and append to output |
|
518 iPadding->UnPadL(iInputStore, aOutput); |
|
519 |
|
520 iPaddingBlock.Zero(); |
|
521 iInputStore.Zero(); |
|
522 } |
|
523 |
|
524 |