|
1 /* |
|
2 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include <e32std.h> |
|
20 #include <random.h> |
|
21 #include <pbedata.h> |
|
22 #include "pkcs5kdf.h" |
|
23 #include "pbencryptor.h" |
|
24 #include "pbe.h" |
|
25 #include <securityerr.h> |
|
26 #include "pbesymmetricfactory.h" |
|
27 |
|
28 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword) |
|
29 { |
|
30 CPBEncryptSet* self = NewLC(aPassword); |
|
31 CleanupStack::Pop(); |
|
32 return self; |
|
33 } |
|
34 |
|
35 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword) |
|
36 { |
|
37 CPBEncryptSet* self = new(ELeave) CPBEncryptSet; |
|
38 CleanupStack::PushL(self); |
|
39 self->ConstructL(aPassword.Password()); |
|
40 return self; |
|
41 } |
|
42 |
|
43 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, |
|
44 const TPBECipher aCipher) |
|
45 { |
|
46 CPBEncryptSet* self = NewLC(aPassword, aCipher); |
|
47 CleanupStack::Pop(); |
|
48 return self; |
|
49 } |
|
50 |
|
51 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, |
|
52 const TPBECipher aCipher) |
|
53 { |
|
54 CPBEncryptSet* self = new(ELeave) CPBEncryptSet; |
|
55 CleanupStack::PushL(self); |
|
56 self->ConstructL(aPassword.Password(), aCipher); |
|
57 return self; |
|
58 } |
|
59 |
|
60 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, |
|
61 const CPBEncryptParms& aParms) |
|
62 { |
|
63 CPBEncryptSet* self = NewLC(aPassword, aParms); |
|
64 CleanupStack::Pop(); |
|
65 return self; |
|
66 } |
|
67 |
|
68 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, |
|
69 const CPBEncryptParms& aParms) |
|
70 { |
|
71 CPBEncryptSet* self = new(ELeave) CPBEncryptSet; |
|
72 CleanupStack::PushL(self); |
|
73 self->ConstructL(aPassword.Password(), aParms); |
|
74 return self; |
|
75 } |
|
76 |
|
77 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData, |
|
78 const TDesC8& aEncryptedKey, const TPBPassword& aPassword) |
|
79 { |
|
80 CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword); |
|
81 CleanupStack::Pop(); |
|
82 return self; |
|
83 } |
|
84 |
|
85 EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData, |
|
86 const TDesC8& aEncryptedKey, const TPBPassword& aPassword) |
|
87 { |
|
88 CPBEncryptSet* self = new(ELeave) CPBEncryptSet; |
|
89 CleanupStack::PushL(self); |
|
90 self->ConstructL(aData, aEncryptedKey, aPassword); |
|
91 return self; |
|
92 } |
|
93 |
|
94 void CPBEncryptSet::ConstructL(const TDesC8& aPassword) |
|
95 { |
|
96 CPBEncryptElement::ConstructL(aPassword); |
|
97 ConstructMasterKeyL(); |
|
98 } |
|
99 |
|
100 void CPBEncryptSet::ConstructL(const TDesC8& aPassword, |
|
101 const TPBECipher aCipher) |
|
102 { |
|
103 CPBEncryptElement::ConstructL(aPassword, aCipher); |
|
104 ConstructMasterKeyL(); |
|
105 } |
|
106 |
|
107 void CPBEncryptSet::ConstructL(const TDesC8& aPassword, |
|
108 const CPBEncryptParms& aParms) |
|
109 { |
|
110 CPBEncryptElement::ConstructL(aPassword, aParms); |
|
111 ConstructMasterKeyL(); |
|
112 } |
|
113 |
|
114 void CPBEncryptSet::ConstructMasterKeyL(void) |
|
115 { |
|
116 TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256); |
|
117 TRandom::RandomL(masterKey); |
|
118 iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256); |
|
119 EncryptMasterKeyL(masterKey); |
|
120 } |
|
121 |
|
122 void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData, |
|
123 const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword) |
|
124 { |
|
125 CPBEncryptElement::ConstructL(aData, aPassword); |
|
126 iEncryptedMasterKey = aEncryptedMasterKey.AllocL(); |
|
127 } |
|
128 |
|
129 EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword) |
|
130 { |
|
131 //1) Decrypt master key with old encrypt key |
|
132 TBuf8<KPBEMaxCipherKeyBytes> masterKey; |
|
133 DecryptMasterKeyL(masterKey); |
|
134 |
|
135 //2) create new encrypt parms |
|
136 |
|
137 TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes); |
|
138 TRandom::RandomL(authSalt); |
|
139 |
|
140 //3) create a totally new CPBEncryptionData representing the new password |
|
141 CPBEncryptionData* newData = CPBEncryptionData::NewL( |
|
142 aNewPassword.Password(), authSalt, iData->EncryptParms()); |
|
143 |
|
144 delete iData; |
|
145 iData = newData; |
|
146 |
|
147 // regenerate the password using a maximum length salt. |
|
148 CPBEncryptParms& epNonConst = |
|
149 const_cast<CPBEncryptParms&>(iData->EncryptParms()); |
|
150 epNonConst.ResizeSaltL(KPBEMaxSaltBytes); |
|
151 |
|
152 TPtr8 iEncryptKeyBuf(iEncryptKey->Des()); |
|
153 iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher())); |
|
154 |
|
155 iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf); |
|
156 |
|
157 //4) Encrypt master key with new encrypt key |
|
158 EncryptMasterKeyL(masterKey); |
|
159 } |
|
160 |
|
161 EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const |
|
162 { |
|
163 return *iEncryptedMasterKey; |
|
164 } |
|
165 |
|
166 CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const |
|
167 { |
|
168 CPBEncryptor* encryptor = NewEncryptL(); |
|
169 CleanupStack::PushL(encryptor); |
|
170 return encryptor; |
|
171 } |
|
172 |
|
173 CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const |
|
174 { |
|
175 TBuf8<KPBEMaxCipherKeyBytes> masterKey; |
|
176 DecryptMasterKeyL(masterKey); |
|
177 |
|
178 CPBEncryptor* encryptor = 0; |
|
179 //make sure the masterkey we pass is exactly the right length for the cipher |
|
180 encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(), |
|
181 masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher()))); |
|
182 return encryptor; |
|
183 } |
|
184 |
|
185 CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const |
|
186 { |
|
187 CPBDecryptor* decryptor = NewDecryptL(); |
|
188 CleanupStack::PushL(decryptor); |
|
189 return decryptor; |
|
190 } |
|
191 |
|
192 CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const |
|
193 { |
|
194 TBuf8<KPBEMaxCipherKeyBytes> masterKey; |
|
195 DecryptMasterKeyL(masterKey); |
|
196 |
|
197 CPBDecryptor* decryptor = 0; |
|
198 //make sure the masterkey we pass is exactly the right length for the cipher |
|
199 decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(), |
|
200 masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher()))); |
|
201 return decryptor; |
|
202 } |
|
203 |
|
204 void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const |
|
205 { |
|
206 CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC( |
|
207 iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV()); |
|
208 aMasterKey.SetLength(0); |
|
209 decryptor->Process(*iEncryptedMasterKey, aMasterKey); |
|
210 CleanupStack::PopAndDestroy(decryptor); |
|
211 } |
|
212 |
|
213 void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey) |
|
214 { |
|
215 CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC( |
|
216 iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV()); |
|
217 TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des()); |
|
218 encryptedMasterKeyBuf.SetLength(0); |
|
219 encryptor->Process(aMasterKey, encryptedMasterKeyBuf); |
|
220 CleanupStack::PopAndDestroy(encryptor); |
|
221 } |
|
222 |
|
223 CPBEncryptSet::CPBEncryptSet() |
|
224 { |
|
225 } |
|
226 |
|
227 CPBEncryptSet::~CPBEncryptSet() |
|
228 { |
|
229 delete iEncryptedMasterKey; |
|
230 } |
|
231 |
|
232 // Warning: This function is only valid BEFORE you call NewEncryptL |
|
233 // After creating the cipher, ask it about itself, not me! |
|
234 // This is _very_ dodgy as I assume all sorts of things about the encryptor. |
|
235 // 1) That it uses SSLv3 or similar style padding |
|
236 // 2) That it stores the IV for that stream at the front. |
|
237 // This is here for specific application that requires this and aren't able to |
|
238 // actually construct the cipher and ask it. In almost all other cases you |
|
239 // should construct the cipher and ask it. |
|
240 TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const |
|
241 { |
|
242 TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher()); |
|
243 TUint padding = blocksize - aPlaintextLength % blocksize; |
|
244 //totallength = blocksize of iv hidden at beginning + inputLength + padding |
|
245 return blocksize + aPlaintextLength + padding; |
|
246 } |
|
247 |
|
248 // Warning: This function is only valid BEFORE you call NewDecryptL |
|
249 // After creating the cipher, ask it about itself, not me! |
|
250 TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const |
|
251 { |
|
252 /*It's impossible to determine anything about how much padding will be |
|
253 * removed. So we'll return a max length that is longer than will ever |
|
254 * happen by at most a blocksize - 1. |
|
255 */ |
|
256 //In all cases SSLv3 padding has at least one byte of padding. |
|
257 TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher()); |
|
258 //totallength = inputlength - iv hidden at beginning - 1 byte of padding |
|
259 return aCiphertextLength - blocksize - 1; |
|
260 } |