|
1 /* |
|
2 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 #include "pkcs5kdf.h" |
|
21 #include "pkcs12kdf.h" |
|
22 #include "pbedata.h" |
|
23 #include "pbesymmetricfactory.h" |
|
24 #include "cryptostrength.h" |
|
25 |
|
26 EXPORT_C CPBEncryptionData* CPBEncryptionData::NewL(const TDesC8& aPassword, |
|
27 TPBECipher aCipher, const TDesC8& aAuthSalt, |
|
28 const TDesC8& aEncryptSalt, const TDesC8& aIV, TUint aIterations) |
|
29 { |
|
30 CPBEncryptionData* self = NewLC(aPassword, aCipher, aAuthSalt, aEncryptSalt, |
|
31 aIV, aIterations); |
|
32 CleanupStack::Pop(self); |
|
33 return self; |
|
34 } |
|
35 |
|
36 EXPORT_C CPBEncryptionData* CPBEncryptionData::NewLC(const TDesC8& aPassword, |
|
37 TPBECipher aCipher, const TDesC8& aAuthSalt, |
|
38 const TDesC8& aEncryptSalt, const TDesC8& aIV, TUint aIterations) |
|
39 { |
|
40 CPBEncryptionData* self = new(ELeave)CPBEncryptionData(); |
|
41 CleanupStack::PushL(self); |
|
42 self->ConstructL(aPassword, aCipher, aAuthSalt, aEncryptSalt, aIV, |
|
43 aIterations); |
|
44 return self; |
|
45 } |
|
46 |
|
47 EXPORT_C CPBEncryptionData* CPBEncryptionData::NewL( |
|
48 const CPBEncryptionData& aData) |
|
49 { |
|
50 CPBEncryptionData* self = NewLC(aData); |
|
51 CleanupStack::Pop(self); |
|
52 return self; |
|
53 } |
|
54 |
|
55 EXPORT_C CPBEncryptionData* CPBEncryptionData::NewLC( |
|
56 const CPBEncryptionData& aData) |
|
57 { |
|
58 CPBEncryptionData* self = new(ELeave)CPBEncryptionData(); |
|
59 CleanupStack::PushL(self); |
|
60 self->ConstructL(aData); |
|
61 return self; |
|
62 } |
|
63 |
|
64 EXPORT_C CPBEncryptionData* CPBEncryptionData::NewL( |
|
65 const TDesC8& aPassword, const TDesC8& aAuthSalt, |
|
66 const CPBEncryptParms& aParms) |
|
67 /** |
|
68 This factory function takes the user-supplied password |
|
69 and the randomly-generated authentication salt, along |
|
70 with the encryption paramaters. It is provided so the |
|
71 encryption parameters can be extended without having to |
|
72 provide multiple factory functions. |
|
73 |
|
74 @param aPassword User-supplied password. This |
|
75 password is not transformed so |
|
76 if it needs to be in a particular |
|
77 format, e.g. for PKCS#12, the |
|
78 transformation must be applied before |
|
79 this function is called. |
|
80 @param aAuthSalt The salt is used to derive the |
|
81 authentication key; not the encryption |
|
82 key. |
|
83 @param aParms Encryption parameters describe how the |
|
84 data is encrypted. |
|
85 @return New instance of CPBEncryptionData. |
|
86 */ |
|
87 { |
|
88 CPBEncryptionData* self = new(ELeave) CPBEncryptionData; |
|
89 CleanupStack::PushL(self); |
|
90 self->ConstructL(aPassword, aAuthSalt, aParms); |
|
91 CleanupStack::Pop(self); |
|
92 return self; |
|
93 } |
|
94 |
|
95 void CPBEncryptionData::ConstructL( |
|
96 const TDesC8& aPassword, const TDesC8& aAuthSalt, |
|
97 const CPBEncryptParms& aParms) |
|
98 /** |
|
99 Second-phase constructor for factory function with |
|
100 same signature. |
|
101 */ |
|
102 { |
|
103 iParms = CPBEncryptParms::NewL(aParms); |
|
104 iAuth = CPBAuthData::NewL( |
|
105 aPassword, |
|
106 aAuthSalt, |
|
107 PBE::GetKeyBytes(aParms.Cipher()), |
|
108 aParms.Iterations()); |
|
109 } |
|
110 |
|
111 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
112 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
113 EXPORT_C CPBEncryptionData::CPBEncryptionData(void) |
|
114 { |
|
115 } |
|
116 |
|
117 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
118 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
119 CPBEncryptionData::~CPBEncryptionData(void) |
|
120 { |
|
121 delete iParms; |
|
122 delete iAuth; |
|
123 } |
|
124 |
|
125 void CPBEncryptionData::ConstructL(const TDesC8& aPassword, |
|
126 TPBECipher aCipher, const TDesC8& aAuthSalt, |
|
127 const TDesC8& aEncryptSalt, const TDesC8& aIV, TUint aIterations) |
|
128 { |
|
129 iParms = CPBEncryptParms::NewL(aCipher, aEncryptSalt, aIV, aIterations); |
|
130 iAuth = CPBAuthData::NewL(aPassword, aAuthSalt, |
|
131 PBE::GetKeyBytes(aCipher), aIterations); |
|
132 } |
|
133 |
|
134 void CPBEncryptionData::ConstructL(const CPBEncryptionData& aData) |
|
135 { |
|
136 iParms = CPBEncryptParms::NewL(aData.EncryptParms()); |
|
137 iAuth = CPBAuthData::NewL(aData.AuthData()); |
|
138 } |
|
139 |
|
140 EXPORT_C const CPBEncryptParms& CPBEncryptionData::EncryptParms(void) const |
|
141 { |
|
142 return *iParms; |
|
143 } |
|
144 EXPORT_C const CPBAuthData& CPBEncryptionData::AuthData(void) const |
|
145 { |
|
146 return *iAuth; |
|
147 } |
|
148 |
|
149 /* CPBEncryptParms */ |
|
150 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewL() |
|
151 /** |
|
152 This factory function allocates an encryption |
|
153 parameters object with default settings. The |
|
154 individual settings can be retrieved and modified |
|
155 with the accessor and mutator functions after |
|
156 this object has been created. |
|
157 |
|
158 This factory function is provided so that individual |
|
159 parameters can be modified without providing many |
|
160 factory functions. |
|
161 |
|
162 @return New instance of CPBEncryptParms. |
|
163 */ |
|
164 { |
|
165 CPBEncryptParms* self = NewLC(); |
|
166 CleanupStack::Pop(self); |
|
167 return self; |
|
168 } |
|
169 |
|
170 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewLC() |
|
171 /** |
|
172 Similar to the NewL overload which takes no |
|
173 arguments, this function additionally puts the |
|
174 allocated instance of CPBEncryptParms on the |
|
175 cleanup stack. |
|
176 |
|
177 @return New instance of CPBEncryptParms. |
|
178 */ |
|
179 { |
|
180 CPBEncryptParms* self = new(ELeave) CPBEncryptParms; |
|
181 CleanupStack::PushL(self); |
|
182 self->ConstructL(); |
|
183 return self; |
|
184 } |
|
185 |
|
186 void CPBEncryptParms::ConstructL() |
|
187 /** |
|
188 Initialize this object with default cipher, kdf (PKCS#5,) |
|
189 salt length, iteration count, and IV. |
|
190 */ |
|
191 { |
|
192 iData = new(ELeave) TParamsData; |
|
193 iData->iKdf = EKdfPkcs5; |
|
194 |
|
195 iSalt = HBufC8::NewMaxL(KPBEDefaultSaltBytes); |
|
196 TPtr8 saltDes = iSalt->Des(); |
|
197 TRandom::RandomL(saltDes); |
|
198 |
|
199 iIterations = KDefaultIterations; |
|
200 |
|
201 iIV = HBufC8::NewMaxL(KPBEMaxCipherIVBytes); |
|
202 |
|
203 SetCipher( |
|
204 (TCrypto::Strength() == TCrypto::EStrong) |
|
205 ? KPBEDefaultStrongCipher : KPBEDefaultWeakCipher ); |
|
206 } |
|
207 |
|
208 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewL(TPBECipher aCipher, |
|
209 const TDesC8& aSalt, const TDesC8& aIV, TUint aIterations) |
|
210 { |
|
211 CPBEncryptParms* self = NewLC(aCipher, aSalt, aIV, aIterations); |
|
212 CleanupStack::Pop(self); |
|
213 return self; |
|
214 } |
|
215 |
|
216 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewLC(TPBECipher aCipher, |
|
217 const TDesC8& aSalt, const TDesC8& aIV, TUint aIterations) |
|
218 { |
|
219 CPBEncryptParms* self = new(ELeave)CPBEncryptParms(); |
|
220 CleanupStack::PushL(self); |
|
221 self->ConstructL(aCipher, aSalt, aIV, aIterations); |
|
222 return self; |
|
223 } |
|
224 |
|
225 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewL(const CPBEncryptParms& aParms) |
|
226 { |
|
227 CPBEncryptParms* self = NewLC(aParms); |
|
228 CleanupStack::Pop(self); |
|
229 return self; |
|
230 } |
|
231 |
|
232 EXPORT_C CPBEncryptParms* CPBEncryptParms::NewLC(const CPBEncryptParms& aParms) |
|
233 { |
|
234 CPBEncryptParms* self = new(ELeave)CPBEncryptParms(); |
|
235 CleanupStack::PushL(self); |
|
236 self->ConstructL(aParms); |
|
237 return self; |
|
238 } |
|
239 |
|
240 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
241 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
242 EXPORT_C CPBEncryptParms::CPBEncryptParms() |
|
243 { |
|
244 } |
|
245 |
|
246 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
247 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
248 CPBEncryptParms::~CPBEncryptParms() |
|
249 { |
|
250 delete iData; |
|
251 delete iSalt; |
|
252 delete iIV; |
|
253 } |
|
254 |
|
255 void CPBEncryptParms::ConstructL(TPBECipher aCipher, const TDesC8& aSalt, |
|
256 const TDesC8& aIV, TUint aIterations) |
|
257 { |
|
258 iData = new(ELeave) TParamsData; |
|
259 iData->iCipher = aCipher; |
|
260 iData->iKdf = EKdfPkcs5; |
|
261 iSalt = aSalt.AllocL(); |
|
262 iIV = aIV.AllocL(); |
|
263 iIterations = aIterations; |
|
264 } |
|
265 |
|
266 void CPBEncryptParms::ConstructL(const CPBEncryptParms& aParms) |
|
267 { |
|
268 iData = new(ELeave) TParamsData; |
|
269 iData->iCipher = aParms.Cipher(); |
|
270 iData->iKdf = aParms.iData->iKdf; |
|
271 iSalt = aParms.Salt().AllocL(); |
|
272 iIterations = aParms.Iterations(); |
|
273 iIV = aParms.IV().AllocL(); |
|
274 } |
|
275 |
|
276 EXPORT_C TPBECipher CPBEncryptParms::Cipher() const |
|
277 { |
|
278 return iData->iCipher; |
|
279 } |
|
280 |
|
281 EXPORT_C void CPBEncryptParms::SetCipher(TPBECipher aCipher) |
|
282 /** |
|
283 * Replace the current cipher. This function resizes the |
|
284 * IV and replaces its existing contents. |
|
285 * |
|
286 * @param aCipher New cipher. |
|
287 * |
|
288 * @deprecated Use SetCipherL instead. |
|
289 * @see SetCipherL |
|
290 */ |
|
291 { |
|
292 TPtr8 ivDes = iIV->Des(); |
|
293 ivDes.SetLength(PBE::GetBlockBytes(aCipher)); |
|
294 TRandom::RandomL(ivDes); |
|
295 |
|
296 iData->iCipher = aCipher; |
|
297 } |
|
298 |
|
299 EXPORT_C CPBEncryptParms::TKdf CPBEncryptParms::Kdf() const |
|
300 /** |
|
301 Accessor function returns the key derivation function |
|
302 (KDF) specified by this object. |
|
303 |
|
304 @return KDF specified by this object. |
|
305 */ |
|
306 { |
|
307 return iData->iKdf; |
|
308 } |
|
309 |
|
310 EXPORT_C void CPBEncryptParms::SetKdf(CPBEncryptParms::TKdf aKdf) |
|
311 /** |
|
312 Replace the current key derivation function. |
|
313 |
|
314 @param aKdf Key derivation function. |
|
315 */ |
|
316 { |
|
317 iData->iKdf = aKdf; |
|
318 } |
|
319 |
|
320 EXPORT_C TPtrC8 CPBEncryptParms::Salt() const |
|
321 { |
|
322 return TPtrC8(*iSalt); |
|
323 } |
|
324 |
|
325 EXPORT_C void CPBEncryptParms::ResizeSaltL(TInt aNewLen) |
|
326 /** |
|
327 Resize the current salt and replace its contents. |
|
328 |
|
329 @param aNewLen New salt length. |
|
330 */ |
|
331 { |
|
332 iSalt = iSalt->ReAllocL(aNewLen); |
|
333 TPtr8 saltDes = iSalt->Des(); |
|
334 TRandom::RandomL(saltDes); |
|
335 } |
|
336 |
|
337 EXPORT_C TInt CPBEncryptParms::Iterations() const |
|
338 { |
|
339 return iIterations; |
|
340 } |
|
341 |
|
342 EXPORT_C void CPBEncryptParms::SetIterations(TInt aIterCount) |
|
343 /** |
|
344 Replace the current iteration count with the supplied value. |
|
345 |
|
346 @param aIterCount Number of iterations to apply in |
|
347 the KDF. |
|
348 */ |
|
349 { |
|
350 ASSERT(aIterCount >= 0); |
|
351 iIterations = aIterCount; |
|
352 } |
|
353 |
|
354 EXPORT_C TPtrC8 CPBEncryptParms::IV() const |
|
355 { |
|
356 return TPtrC8(*iIV); |
|
357 } |
|
358 |
|
359 EXPORT_C void CPBEncryptParms::SetIV(const TDesC8& aNewIv) |
|
360 /** |
|
361 Replace the initialization vector. |
|
362 |
|
363 @param aNewIv New initialization vector length. |
|
364 This must have no more than |
|
365 KPBEMaxCipherIVBytes bytes. |
|
366 */ |
|
367 { |
|
368 iIV->Des().Copy(aNewIv); |
|
369 } |
|
370 |
|
371 void CPBEncryptParms::DeriveKeyL(const TDesC8& aPassword, TDes8& aKeyBuf) const |
|
372 /** |
|
373 Derive a key from this object's kdf, salt, amd iteration count. |
|
374 |
|
375 @param aPassword User-supplied password used to generate key. |
|
376 @param aKeyBuf Buffer to populate with new key. |
|
377 On entry it must be set to the required |
|
378 key length. |
|
379 */ |
|
380 { |
|
381 switch (iData->iKdf) |
|
382 { |
|
383 case CPBEncryptParms::EKdfPkcs5: |
|
384 TPKCS5KDF::DeriveKeyL(aKeyBuf, aPassword, *iSalt, iIterations); |
|
385 break; |
|
386 |
|
387 case CPBEncryptParms::EKdfPkcs12: |
|
388 PKCS12KDF::DeriveKeyL(aKeyBuf, PKCS12KDF::EIDByteEncryptKey, aPassword, *iSalt, iIterations); |
|
389 break; |
|
390 |
|
391 default: |
|
392 ASSERT(EFalse); |
|
393 break; |
|
394 } |
|
395 } |
|
396 |
|
397 /* CPBAuthData */ |
|
398 |
|
399 EXPORT_C CPBAuthData* CPBAuthData::NewL(const TDesC8& aPassword, |
|
400 const TDesC8& aSalt, TUint aKeySize, TUint aIterations) |
|
401 { |
|
402 CPBAuthData* self = NewLC(aPassword, aSalt, aKeySize, aIterations); |
|
403 CleanupStack::Pop(self); |
|
404 return self; |
|
405 } |
|
406 |
|
407 EXPORT_C CPBAuthData* CPBAuthData::NewLC(const TDesC8& aPassword, |
|
408 const TDesC8& aSalt, TUint aKeySize, TUint aIterations) |
|
409 { |
|
410 CPBAuthData* self = new(ELeave)CPBAuthData(); |
|
411 CleanupStack::PushL(self); |
|
412 self->ConstructL(aPassword, aSalt, aKeySize, aIterations); |
|
413 return self; |
|
414 } |
|
415 |
|
416 EXPORT_C CPBAuthData* CPBAuthData::NewL(const CPBAuthData& aData) |
|
417 { |
|
418 CPBAuthData* self = NewLC(aData); |
|
419 CleanupStack::Pop(self); |
|
420 return self; |
|
421 } |
|
422 |
|
423 EXPORT_C CPBAuthData* CPBAuthData::NewLC(const CPBAuthData& aData) |
|
424 { |
|
425 CPBAuthData* self = new(ELeave)CPBAuthData(); |
|
426 CleanupStack::PushL(self); |
|
427 self->ConstructL(aData); |
|
428 return self; |
|
429 } |
|
430 |
|
431 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
432 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
433 EXPORT_C CPBAuthData::CPBAuthData() |
|
434 { |
|
435 } |
|
436 |
|
437 // HPRE-5TDFK2: Remove Store/estor.dll dependency on Cryptography/pbe.dll |
|
438 // This method is DUPLICATED in common/generic/syslibs/store/ucrypt/ue_strm.cpp |
|
439 CPBAuthData::~CPBAuthData() |
|
440 { |
|
441 delete iAuthKey; |
|
442 delete iSalt; |
|
443 } |
|
444 |
|
445 void CPBAuthData::ConstructL(const TDesC8& aPassword, const TDesC8& aSalt, |
|
446 TUint aKeySize, TUint aIterations) |
|
447 { |
|
448 iSalt = aSalt.AllocL(); |
|
449 iIterations = aIterations; |
|
450 iAuthKey = HBufC8::NewMaxL(aKeySize); |
|
451 TPtr8 authKeyPtr = iAuthKey->Des(); |
|
452 TPKCS5KDF::DeriveKeyL(authKeyPtr, aPassword, *iSalt, iIterations); |
|
453 } |
|
454 |
|
455 void CPBAuthData::ConstructL(const CPBAuthData& aData) |
|
456 { |
|
457 iAuthKey = aData.Key().AllocL(); |
|
458 iSalt = aData.Salt().AllocL(); |
|
459 iIterations = aData.Iterations(); |
|
460 } |
|
461 |
|
462 EXPORT_C TPtrC8 CPBAuthData::Key() const |
|
463 { |
|
464 return TPtrC8(*iAuthKey); |
|
465 } |
|
466 |
|
467 EXPORT_C TPtrC8 CPBAuthData::Salt() const |
|
468 { |
|
469 return TPtrC8(*iSalt); |
|
470 } |
|
471 |
|
472 EXPORT_C TInt CPBAuthData::Iterations() const |
|
473 { |
|
474 return iIterations; |
|
475 } |
|
476 |
|
477 EXPORT_C TBool CPBAuthData::operator==(const CPBAuthData& aAuth) const |
|
478 { |
|
479 //if the key's are equal, the its true, as the other members are used in key derivation |
|
480 return (*iAuthKey == aAuth.Key()); |
|
481 } |