--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/weakcrypto/source/pbe/pbeset.cpp Wed Jul 08 11:25:26 2009 +0100
@@ -0,0 +1,260 @@
+/*
+* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+#include <e32std.h>
+#include <random.h>
+#include <pbedata.h>
+#include "pkcs5kdf.h"
+#include "pbencryptor.h"
+#include "pbe.h"
+#include <securityerr.h>
+#include "pbesymmetricfactory.h"
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword)
+ {
+ CPBEncryptSet* self = NewLC(aPassword);
+ CleanupStack::Pop();
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword)
+ {
+ CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+ CleanupStack::PushL(self);
+ self->ConstructL(aPassword.Password());
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
+ const TPBECipher aCipher)
+ {
+ CPBEncryptSet* self = NewLC(aPassword, aCipher);
+ CleanupStack::Pop();
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
+ const TPBECipher aCipher)
+ {
+ CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+ CleanupStack::PushL(self);
+ self->ConstructL(aPassword.Password(), aCipher);
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
+ const CPBEncryptParms& aParms)
+ {
+ CPBEncryptSet* self = NewLC(aPassword, aParms);
+ CleanupStack::Pop();
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword,
+ const CPBEncryptParms& aParms)
+ {
+ CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+ CleanupStack::PushL(self);
+ self->ConstructL(aPassword.Password(), aParms);
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData,
+ const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
+ {
+ CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword);
+ CleanupStack::Pop();
+ return self;
+ }
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData,
+ const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
+ {
+ CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+ CleanupStack::PushL(self);
+ self->ConstructL(aData, aEncryptedKey, aPassword);
+ return self;
+ }
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword)
+ {
+ CPBEncryptElement::ConstructL(aPassword);
+ ConstructMasterKeyL();
+ }
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
+ const TPBECipher aCipher)
+ {
+ CPBEncryptElement::ConstructL(aPassword, aCipher);
+ ConstructMasterKeyL();
+ }
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
+ const CPBEncryptParms& aParms)
+ {
+ CPBEncryptElement::ConstructL(aPassword, aParms);
+ ConstructMasterKeyL();
+ }
+
+void CPBEncryptSet::ConstructMasterKeyL(void)
+ {
+ TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256);
+ TRandom::RandomL(masterKey);
+ iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256);
+ EncryptMasterKeyL(masterKey);
+ }
+
+void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData,
+ const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword)
+ {
+ CPBEncryptElement::ConstructL(aData, aPassword);
+ iEncryptedMasterKey = aEncryptedMasterKey.AllocL();
+ }
+
+EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword)
+ {
+ //1) Decrypt master key with old encrypt key
+ TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+ DecryptMasterKeyL(masterKey);
+
+ //2) create new encrypt parms
+
+ TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes);
+ TRandom::RandomL(authSalt);
+
+ //3) create a totally new CPBEncryptionData representing the new password
+ CPBEncryptionData* newData = CPBEncryptionData::NewL(
+ aNewPassword.Password(), authSalt, iData->EncryptParms());
+
+ delete iData;
+ iData = newData;
+
+ // regenerate the password using a maximum length salt.
+ CPBEncryptParms& epNonConst =
+ const_cast<CPBEncryptParms&>(iData->EncryptParms());
+ epNonConst.ResizeSaltL(KPBEMaxSaltBytes);
+
+ TPtr8 iEncryptKeyBuf(iEncryptKey->Des());
+ iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher()));
+
+ iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf);
+
+ //4) Encrypt master key with new encrypt key
+ EncryptMasterKeyL(masterKey);
+ }
+
+EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const
+ {
+ return *iEncryptedMasterKey;
+ }
+
+CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const
+ {
+ CPBEncryptor* encryptor = NewEncryptL();
+ CleanupStack::PushL(encryptor);
+ return encryptor;
+ }
+
+CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const
+ {
+ TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+ DecryptMasterKeyL(masterKey);
+
+ CPBEncryptor* encryptor = 0;
+ //make sure the masterkey we pass is exactly the right length for the cipher
+ encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(),
+ masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
+ return encryptor;
+ }
+
+CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const
+ {
+ CPBDecryptor* decryptor = NewDecryptL();
+ CleanupStack::PushL(decryptor);
+ return decryptor;
+ }
+
+CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const
+ {
+ TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+ DecryptMasterKeyL(masterKey);
+
+ CPBDecryptor* decryptor = 0;
+ //make sure the masterkey we pass is exactly the right length for the cipher
+ decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(),
+ masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));
+ return decryptor;
+ }
+
+void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const
+ {
+ CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC(
+ iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
+ aMasterKey.SetLength(0);
+ decryptor->Process(*iEncryptedMasterKey, aMasterKey);
+ CleanupStack::PopAndDestroy(decryptor);
+ }
+
+void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey)
+ {
+ CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC(
+ iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
+ TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des());
+ encryptedMasterKeyBuf.SetLength(0);
+ encryptor->Process(aMasterKey, encryptedMasterKeyBuf);
+ CleanupStack::PopAndDestroy(encryptor);
+ }
+
+CPBEncryptSet::CPBEncryptSet()
+ {
+ }
+
+CPBEncryptSet::~CPBEncryptSet()
+ {
+ delete iEncryptedMasterKey;
+ }
+
+// Warning: This function is only valid BEFORE you call NewEncryptL
+// After creating the cipher, ask it about itself, not me!
+// This is _very_ dodgy as I assume all sorts of things about the encryptor.
+// 1) That it uses SSLv3 or similar style padding
+// 2) That it stores the IV for that stream at the front.
+// This is here for specific application that requires this and aren't able to
+// actually construct the cipher and ask it. In almost all other cases you
+// should construct the cipher and ask it.
+TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const
+ {
+ TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
+ TUint padding = blocksize - aPlaintextLength % blocksize;
+ //totallength = blocksize of iv hidden at beginning + inputLength + padding
+ return blocksize + aPlaintextLength + padding;
+ }
+
+// Warning: This function is only valid BEFORE you call NewDecryptL
+// After creating the cipher, ask it about itself, not me!
+TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const
+ {
+ /*It's impossible to determine anything about how much padding will be
+ * removed. So we'll return a max length that is longer than will ever
+ * happen by at most a blocksize - 1.
+ */
+ //In all cases SSLv3 padding has at least one byte of padding.
+ TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
+ //totallength = inputlength - iv hidden at beginning - 1 byte of padding
+ return aCiphertextLength - blocksize - 1;
+ }