Mercurial Mercurial > oss > MCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
crypto/weakcryptospi/source/pbe/pbeset.cpp
changeset 19 cd501b96611d 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/weakcryptospi/source/pbe/pbeset.cpp	Fri Nov 06 13:21:00 2009 +0200
@@ -0,0 +1,261 @@
+/*
+* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+#include <e32std.h>
+#include <random.h>
+#include <pbedata.h>
+#include "pkcs5kdf.h"
+#include <pbencryptor.h>
+#include "pbe.h"
+#include <securityerr.h>
+#include "pbesymmetricfactory.h"
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword)
+	{
+	CPBEncryptSet* self = NewLC(aPassword);
+	CleanupStack::Pop();
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword)
+	{
+	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+	CleanupStack::PushL(self);
+	self->ConstructL(aPassword.Password());
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, 
+	const TPBECipher aCipher)
+	{
+	CPBEncryptSet* self = NewLC(aPassword, aCipher);
+	CleanupStack::Pop();
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, 
+	const TPBECipher aCipher)
+	{
+	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+	CleanupStack::PushL(self);
+	self->ConstructL(aPassword.Password(), aCipher);
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
+	const CPBEncryptParms& aParms)
+	{
+	CPBEncryptSet* self = NewLC(aPassword, aParms);
+	CleanupStack::Pop();
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, 
+	const CPBEncryptParms& aParms)
+	{
+	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+	CleanupStack::PushL(self);
+	self->ConstructL(aPassword.Password(), aParms);
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData, 
+	const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
+	{
+	CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword);
+	CleanupStack::Pop();
+	return self;
+	}
+
+EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData,
+	const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
+	{
+	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
+	CleanupStack::PushL(self);
+	self->ConstructL(aData, aEncryptedKey, aPassword);
+	return self;
+	}
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword)
+	{
+	CPBEncryptElement::ConstructL(aPassword);
+	ConstructMasterKeyL();
+	}
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
+	const TPBECipher aCipher)
+	{
+	CPBEncryptElement::ConstructL(aPassword, aCipher);
+	ConstructMasterKeyL();
+	}
+
+void CPBEncryptSet::ConstructL(const TDesC8& aPassword, 
+	const CPBEncryptParms& aParms)
+	{
+	CPBEncryptElement::ConstructL(aPassword, aParms);
+	ConstructMasterKeyL();
+	}
+
+void CPBEncryptSet::ConstructMasterKeyL(void)
+	{
+	TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256);
+	TRandom::RandomL(masterKey);
+	iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256);
+	EncryptMasterKeyL(masterKey);
+	}
+
+void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData,
+	const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword)
+	{
+	CPBEncryptElement::ConstructL(aData, aPassword);
+	iEncryptedMasterKey = aEncryptedMasterKey.AllocL();
+	}
+
+EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword)
+	{
+	//1) Decrypt master key with old encrypt key 
+	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+	DecryptMasterKeyL(masterKey);
+
+	//2) create new encrypt parms
+
+	TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes);
+	TRandom::RandomL(authSalt);
+
+	//3) create a totally new CPBEncryptionData representing the new password
+	CPBEncryptionData* newData = CPBEncryptionData::NewL(
+		aNewPassword.Password(), authSalt, iData->EncryptParms());
+
+	delete iData;
+	iData = newData;
+
+	// regenerate the password using a maximum length salt.
+	CPBEncryptParms& epNonConst =
+		const_cast<CPBEncryptParms&>(iData->EncryptParms());
+	epNonConst.ResizeSaltL(KPBEMaxSaltBytes);
+
+	TPtr8 iEncryptKeyBuf(iEncryptKey->Des());
+	iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher()));
+	
+	iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf);
+
+	//4) Encrypt master key with new encrypt key
+	EncryptMasterKeyL(masterKey);
+	}
+
+EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const
+	{
+	return *iEncryptedMasterKey;
+	}
+
+CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const
+	{
+	CPBEncryptor* encryptor = NewEncryptL();
+	CleanupStack::PushL(encryptor);
+	return encryptor;
+	}
+
+CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const
+	{
+	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+	DecryptMasterKeyL(masterKey);
+
+	CPBEncryptor* encryptor = 0;
+	//make sure the masterkey we pass is exactly the right length for the cipher
+	encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(),
+		masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));		
+	return encryptor;
+	}
+
+CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const
+	{
+	CPBDecryptor* decryptor = NewDecryptL();
+	CleanupStack::PushL(decryptor);
+	return decryptor;
+	}
+
+CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const
+	{
+	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
+	DecryptMasterKeyL(masterKey);
+
+	CPBDecryptor* decryptor = 0;
+	//make sure the masterkey we pass is exactly the right length for the cipher
+	decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(),
+		masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));		
+	return decryptor;
+	}
+
+void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const
+	{
+	CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC(
+		iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
+	aMasterKey.SetLength(0);
+	decryptor->Process(*iEncryptedMasterKey, aMasterKey);
+	CleanupStack::PopAndDestroy(decryptor);
+	}
+
+void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey)
+	{
+	CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC(
+		iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
+	TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des());
+	encryptedMasterKeyBuf.SetLength(0);
+	encryptor->Process(aMasterKey, encryptedMasterKeyBuf);
+	CleanupStack::PopAndDestroy(encryptor);
+	}
+
+CPBEncryptSet::CPBEncryptSet()
+	{
+	}
+
+CPBEncryptSet::~CPBEncryptSet()
+	{
+	delete iEncryptedMasterKey;
+	}
+
+// Warning: This function is only valid BEFORE you call NewEncryptL
+// After creating the cipher, ask it about itself, not me!
+// This is _very_ dodgy as I assume all sorts of things about the encryptor.
+// 1) That it uses SSLv3 or similar style padding
+// 2) That it stores the IV for that stream at the front.
+// This is here for specific application that requires this and aren't able to
+// actually construct the cipher and ask it.  In almost all other cases you
+// should construct the cipher and ask it.
+TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const
+    {
+	TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
+	TUint padding = blocksize - aPlaintextLength % blocksize;
+	//totallength = blocksize of iv hidden at beginning + inputLength + padding
+	return blocksize + aPlaintextLength + padding;
+    }
+
+// Warning: This function is only valid BEFORE you call NewDecryptL
+// After creating the cipher, ask it about itself, not me!
+TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const
+    {
+	/*It's impossible to determine anything about how much padding will be
+	 * removed.  So we'll return a max length that is longer than will ever
+	 * happen by at most a blocksize - 1.
+	 */
+	//In all cases SSLv3 padding has at least one byte of padding.
+	TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
+	//totallength = inputlength - iv hidden at beginning - 1 byte of padding
+    return aCiphertextLength - blocksize - 1;
+    }
+
MCL/sf/os/security