/*
* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include <e32std.h>
#include <random.h>
#include <pbedata.h>
#include "pkcs5kdf.h"
#include <pbencryptor.h>
#include "pbe.h"
#include <securityerr.h>
#include "pbesymmetricfactory.h"

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword)
	{
	CPBEncryptSet* self = NewLC(aPassword);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword)
	{
	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password());
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword, 
	const TPBECipher aCipher)
	{
	CPBEncryptSet* self = NewLC(aPassword, aCipher);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, 
	const TPBECipher aCipher)
	{
	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password(), aCipher);
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const TPBPassword& aPassword,
	const CPBEncryptParms& aParms)
	{
	CPBEncryptSet* self = NewLC(aPassword, aParms);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const TPBPassword& aPassword, 
	const CPBEncryptParms& aParms)
	{
	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password(), aParms);
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewL(const CPBEncryptionData& aData, 
	const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
	{
	CPBEncryptSet* self = NewLC(aData, aEncryptedKey, aPassword);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptSet* CPBEncryptSet::NewLC(const CPBEncryptionData& aData,
	const TDesC8& aEncryptedKey, const TPBPassword& aPassword)
	{
	CPBEncryptSet* self = new(ELeave) CPBEncryptSet;
	CleanupStack::PushL(self);
	self->ConstructL(aData, aEncryptedKey, aPassword);
	return self;
	}

void CPBEncryptSet::ConstructL(const TDesC8& aPassword)
	{
	CPBEncryptElement::ConstructL(aPassword);
	ConstructMasterKeyL();
	}

void CPBEncryptSet::ConstructL(const TDesC8& aPassword,
	const TPBECipher aCipher)
	{
	CPBEncryptElement::ConstructL(aPassword, aCipher);
	ConstructMasterKeyL();
	}

void CPBEncryptSet::ConstructL(const TDesC8& aPassword, 
	const CPBEncryptParms& aParms)
	{
	CPBEncryptElement::ConstructL(aPassword, aParms);
	ConstructMasterKeyL();
	}

void CPBEncryptSet::ConstructMasterKeyL(void)
	{
	TBuf8<KAESKeyBytes256> masterKey(KAESKeyBytes256);
	TRandom::RandomL(masterKey);
	iEncryptedMasterKey = HBufC8::NewL(KAESKeyBytes256);
	EncryptMasterKeyL(masterKey);
	}

void CPBEncryptSet::ConstructL(const CPBEncryptionData& aData,
	const TDesC8& aEncryptedMasterKey, const TPBPassword& aPassword)
	{
	CPBEncryptElement::ConstructL(aData, aPassword);
	iEncryptedMasterKey = aEncryptedMasterKey.AllocL();
	}

EXPORT_C void CPBEncryptSet::ChangePasswordL(const TPBPassword& aNewPassword)
	{
	//1) Decrypt master key with old encrypt key 
	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
	DecryptMasterKeyL(masterKey);

	//2) create new encrypt parms

	TBuf8<KPBEMaxSaltBytes> authSalt(KPBEMaxSaltBytes);
	TRandom::RandomL(authSalt);

	//3) create a totally new CPBEncryptionData representing the new password
	CPBEncryptionData* newData = CPBEncryptionData::NewL(
		aNewPassword.Password(), authSalt, iData->EncryptParms());

	delete iData;
	iData = newData;

	// regenerate the password using a maximum length salt.
	CPBEncryptParms& epNonConst =
		const_cast<CPBEncryptParms&>(iData->EncryptParms());
	epNonConst.ResizeSaltL(KPBEMaxSaltBytes);

	TPtr8 iEncryptKeyBuf(iEncryptKey->Des());
	iEncryptKeyBuf.SetLength(PBE::GetKeyBytes(iData->EncryptParms().Cipher()));
	
	iData->EncryptParms().DeriveKeyL(aNewPassword.Password(), iEncryptKeyBuf);

	//4) Encrypt master key with new encrypt key
	EncryptMasterKeyL(masterKey);
	}

EXPORT_C const TDesC8& CPBEncryptSet::EncryptedMasterKey(void) const
	{
	return *iEncryptedMasterKey;
	}

CPBEncryptor* CPBEncryptSet::NewEncryptLC(void) const
	{
	CPBEncryptor* encryptor = NewEncryptL();
	CleanupStack::PushL(encryptor);
	return encryptor;
	}

CPBEncryptor* CPBEncryptSet::NewEncryptL(void) const
	{
	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
	DecryptMasterKeyL(masterKey);

	CPBEncryptor* encryptor = 0;
	//make sure the masterkey we pass is exactly the right length for the cipher
	encryptor = CPBEncryptorSet::NewL(iData->EncryptParms().Cipher(),
		masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));		
	return encryptor;
	}

CPBDecryptor* CPBEncryptSet::NewDecryptLC(void) const
	{
	CPBDecryptor* decryptor = NewDecryptL();
	CleanupStack::PushL(decryptor);
	return decryptor;
	}

CPBDecryptor* CPBEncryptSet::NewDecryptL(void) const
	{
	TBuf8<KPBEMaxCipherKeyBytes> masterKey;
	DecryptMasterKeyL(masterKey);

	CPBDecryptor* decryptor = 0;
	//make sure the masterkey we pass is exactly the right length for the cipher
	decryptor = CPBDecryptorSet::NewL(iData->EncryptParms().Cipher(),
		masterKey.Left(PBE::GetKeyBytes(iData->EncryptParms().Cipher())));		
	return decryptor;
	}

void CPBEncryptSet::DecryptMasterKeyL(TDes8& aMasterKey) const
	{
	CPBDecryptorElement* decryptor = CPBDecryptorElement::NewLC(
		iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
	aMasterKey.SetLength(0);
	decryptor->Process(*iEncryptedMasterKey, aMasterKey);
	CleanupStack::PopAndDestroy(decryptor);
	}

void CPBEncryptSet::EncryptMasterKeyL(const TDesC8& aMasterKey)
	{
	CPBEncryptorElement* encryptor = CPBEncryptorElement::NewLC(
		iData->EncryptParms().Cipher(), *iEncryptKey, iData->EncryptParms().IV());
	TPtr8 encryptedMasterKeyBuf(iEncryptedMasterKey->Des());
	encryptedMasterKeyBuf.SetLength(0);
	encryptor->Process(aMasterKey, encryptedMasterKeyBuf);
	CleanupStack::PopAndDestroy(encryptor);
	}

CPBEncryptSet::CPBEncryptSet()
	{
	}

CPBEncryptSet::~CPBEncryptSet()
	{
	delete iEncryptedMasterKey;
	}

// Warning: This function is only valid BEFORE you call NewEncryptL
// After creating the cipher, ask it about itself, not me!
// This is _very_ dodgy as I assume all sorts of things about the encryptor.
// 1) That it uses SSLv3 or similar style padding
// 2) That it stores the IV for that stream at the front.
// This is here for specific application that requires this and aren't able to
// actually construct the cipher and ask it.  In almost all other cases you
// should construct the cipher and ask it.
TInt CPBEncryptSet::MaxCiphertextLength(TInt aPlaintextLength) const
    {
	TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
	TUint padding = blocksize - aPlaintextLength % blocksize;
	//totallength = blocksize of iv hidden at beginning + inputLength + padding
	return blocksize + aPlaintextLength + padding;
    }

// Warning: This function is only valid BEFORE you call NewDecryptL
// After creating the cipher, ask it about itself, not me!
TInt CPBEncryptSet::MaxPlaintextLength(TInt aCiphertextLength) const
    {
	/*It's impossible to determine anything about how much padding will be
	 * removed.  So we'll return a max length that is longer than will ever
	 * happen by at most a blocksize - 1.
	 */
	//In all cases SSLv3 padding has at least one byte of padding.
	TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
	//totallength = inputlength - iv hidden at beginning - 1 byte of padding
    return aCiphertextLength - blocksize - 1;
    }