Merge Bug 1301 - missing SWI certificate store and Bug 1170 - Browser root certs
/** Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).* All rights reserved.* This component and the accompanying materials are made available* under the terms of the License "Eclipse Public License v1.0"* which accompanies this distribution, and is available* at the URL "http://www.eclipse.org/legal/epl-v10.html".** Initial Contributors:* Nokia Corporation - initial contribution.** Contributors:** Description: **/#include <e32std.h>#include <random.h>#include <pbedata.h>#include "pkcs5kdf.h"#include <pbencryptor.h>#include "pbe.h"#include <securityerr.h>#include "pbesymmetricfactory.h"EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword) { CPBEncryptSet* self = NewLC(aPassword); CleanupStack::Pop(); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword) { CPBEncryptSet* self = new(ELeave) CPBEncryptSet; CleanupStack::PushL(self); self->ConstructL(aPassword.Password()); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, const TPBECipher aCipher) { CPBEncryptSet* self = NewLC(aPassword, aCipher); CleanupStack::Pop(); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, const TPBECipher aCipher) { CPBEncryptSet* self = new(ELeave) CPBEncryptSet; CleanupStack::PushL(self); self->ConstructL(aPassword.Password(), aCipher); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, const CPBEncryptParms& aParms) { CPBEncryptSet* self = NewLC(aPassword, aParms); CleanupStack::Pop(); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, const CPBEncryptParms& aParms) { CPBEncryptSet* self = new(ELeave) CPBEncryptSet; CleanupStack::PushL(self); self->ConstructL(aPassword.Password(), aParms); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData, const TDesC8& aEncryptedKey, const TPBPassword& aPassword) { CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword); CleanupStack::Pop(); return self; }EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData, const TDesC8& aEncryptedKey, const TPBPassword& aPassword) { CPBEncryptSet* self = new(ELeave) CPBEncryptSet; CleanupStack::PushL(self); self->ConstructL(aData, aEncryptedKey, aPassword); return self; }void CPBEncryptSet::ConstructL(const TDesC8& aPassword) { CPBEncryptElement::ConstructL(aPassword); ConstructMasterKeyL(); }void CPBEncryptSet::ConstructL(const TDesC8& aPassword, const TPBECipher aCipher) { CPBEncryptElement::ConstructL(aPassword, aCipher); ConstructMasterKeyL(); }void CPBEncryptSet::ConstructL(const TDesC8& aPassword, const CPBEncryptParms& aParms) { CPBEncryptElement::ConstructL(aPassword, aParms); ConstructMasterKeyL(); }void CPBEncryptSet::ConstructMasterKeyL(void) { TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256); TRandom::RandomL(masterKey); iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256); EncryptMasterKeyL(masterKey); }void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData, const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword) { CPBEncryptElement::ConstructL(aData, aPassword); iEncryptedMasterKey = aEncryptedMasterKey.AllocL(); }EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword) { //1) Decrypt master key with old encrypt key TBuf8<KPBEMaxCipherKeyBytes> masterKey; DecryptMasterKeyL(masterKey); //2) create new encrypt parms TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes); TRandom::RandomL(authSalt); //3) create a totally new CPBEncryptionData representing the new password CPBEncryptionData* newData = CPBEncryptionData::NewL( aNewPassword.Password(), authSalt, iData->EncryptParms()); delete iData; iData = newData; // regenerate the password using a maximum length salt. CPBEncryptParms& epNonConst = const_cast<CPBEncryptParms&>(iData->EncryptParms()); epNonConst.ResizeSaltL(KPBEMaxSaltBytes); TPtr8 iEncryptKeyBuf(iEncryptKey->Des()); iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher())); iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf); //4) Encrypt master key with new encrypt key EncryptMasterKeyL(masterKey); }EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const { return *iEncryptedMasterKey; }CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const { CPBEncryptor* encryptor = NewEncryptL(); CleanupStack::PushL(encryptor); return encryptor; }CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const { TBuf8<KPBEMaxCipherKeyBytes> masterKey; DecryptMasterKeyL(masterKey); CPBEncryptor* encryptor = 0; //make sure the masterkey we pass is exactly the right length for the cipher encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(), masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher()))); return encryptor; }CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const { CPBDecryptor* decryptor = NewDecryptL(); CleanupStack::PushL(decryptor); return decryptor; }CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const { TBuf8<KPBEMaxCipherKeyBytes> masterKey; DecryptMasterKeyL(masterKey); CPBDecryptor* decryptor = 0; //make sure the masterkey we pass is exactly the right length for the cipher decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(), masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher()))); return decryptor; }void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const { CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC( iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV()); aMasterKey.SetLength(0); decryptor->Process(*iEncryptedMasterKey, aMasterKey); CleanupStack::PopAndDestroy(decryptor); }void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey) { CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC( iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV()); TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des()); encryptedMasterKeyBuf.SetLength(0); encryptor->Process(aMasterKey, encryptedMasterKeyBuf); CleanupStack::PopAndDestroy(encryptor); }CPBEncryptSet::CPBEncryptSet() { }CPBEncryptSet::~CPBEncryptSet() { delete iEncryptedMasterKey; }// Warning: This function is only valid BEFORE you call NewEncryptL// After creating the cipher, ask it about itself, not me!// This is _very_ dodgy as I assume all sorts of things about the encryptor.// 1) That it uses SSLv3 or similar style padding// 2) That it stores the IV for that stream at the front.// This is here for specific application that requires this and aren't able to// actually construct the cipher and ask it. In almost all other cases you// should construct the cipher and ask it.TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const { TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher()); TUint padding = blocksize - aPlaintextLength % blocksize; //totallength = blocksize of iv hidden at beginning + inputLength + padding return blocksize + aPlaintextLength + padding; }// Warning: This function is only valid BEFORE you call NewDecryptL// After creating the cipher, ask it about itself, not me!TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const { /*It's impossible to determine anything about how much padding will be * removed. So we'll return a max length that is longer than will ever * happen by at most a blocksize - 1. */ //In all cases SSLv3 padding has at least one byte of padding. TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher()); //totallength = inputlength - iv hidden at beginning - 1 byte of padding return aCiphertextLength - blocksize - 1; }