Mercurial Mercurial > oss > MCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
crypto/weakcryptospi/source/padding/padding.cpp
author Mikko Sunikka <mikko.sunikka@nokia.com>
Fri, 06 Nov 2009 13:21:00 +0200
changeset 19 cd501b96611d
child 41 9b5a3a9fddf8
permissions -rw-r--r--
Revision: 200945 Kit: 200945

/*
* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include <e32base.h>
#include <random.h>
#include <padding.h>
#include <securityerr.h>
#include <cryptopanic.h>

#include "paddingshim.h"

/* CPadding */
CPadding::CPadding(void) : iBlockBytes(-1)
	{
	}

EXPORT_C CPadding::CPadding(TInt aBlockBytes) : iBlockBytes(aBlockBytes)
	{
	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
	}

EXPORT_C void CPadding::SetBlockSize(TInt aBlockBytes)
	{
	__ASSERT_ALWAYS(aBlockBytes > 0, User::Invariant());
	iBlockBytes = aBlockBytes;
	}

EXPORT_C TInt CPadding::BlockSize(void) const
	{
	return iBlockBytes;
	}

EXPORT_C TInt CPadding::MaxPaddedLength(TInt /*aInputBytes*/) const
	{
	return BlockSize();
	}

EXPORT_C TInt CPadding::MaxUnPaddedLength(TInt aInputBytes) const
	{
	return aInputBytes - MinPaddingLength();
	}

EXPORT_C void CPadding::PadL(const TDesC8& aInput, TDes8& aOutput)
	{
	// Check that the input is small enough to fit inside one padded block
	// Won't leave if input text is equal to blocksize. Let DoPadL handle such situations
	if(aInput.Length() > BlockSize() - MinPaddingLength()
			&& aInput.Length() != BlockSize()) 	
		User::Leave(KErrArgument);
	
	// Check that the output descriptor supplied is large enough to store the result
	if(aOutput.MaxLength() < MaxPaddedLength(aInput.Length())) 	
		User::Leave(KErrOverflow);

	// Call the virtual function, implemented by derived classes
	DoPadL(aInput, aOutput);
	}

TInt CPadding::GetExtension(TUint aExtensionId, TAny*& a0, TAny* a1)
	{
	return Extension_(aExtensionId, a0, a1);
	}

/* CPaddingNone */
EXPORT_C CPaddingNone* CPaddingNone::NewL(TInt aBlockBytes)
	{
	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
	return CPaddingNoneShim::NewL(aBlockBytes);
	}

EXPORT_C CPaddingNone* CPaddingNone::NewLC(TInt aBlockBytes)
	{
	CPaddingNone* self = CPaddingNone::NewL(aBlockBytes);
	CleanupStack::PushL(self);
	return self;
	}

EXPORT_C CPaddingNone::CPaddingNone(TInt aBlockBytes):CPadding(aBlockBytes)
	{
	}

void CPaddingNone::DoPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	aOutput.Append(aInput);
	}

void CPaddingNone::UnPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	__ASSERT_DEBUG(aOutput.MaxLength() >= MaxPaddedLength(aInput.Length()), User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));
	aOutput.Append(aInput);
	}

TInt CPaddingNone::MinPaddingLength(void) const
	{
	return 0;
	}

TInt CPaddingNone::MaxPaddedLength(TInt aInputSize) const
	{
	return aInputSize;
	}

/* CPaddingSSLv3 */
EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewL(TInt aBlockBytes)
	{
	__ASSERT_ALWAYS(aBlockBytes > 0, User::Leave(KErrArgument));
	return CPaddingSSLv3Shim::NewL(aBlockBytes);	
	}

EXPORT_C CPaddingSSLv3* CPaddingSSLv3::NewLC(TInt aBlockBytes)
	{
	CPaddingSSLv3* self = CPaddingSSLv3::NewL(aBlockBytes);
	CleanupStack::PushL(self);
	return self;
	}

EXPORT_C CPaddingSSLv3::CPaddingSSLv3(TInt aBlockBytes):CPadding(aBlockBytes)
	{
	}

void CPaddingSSLv3::DoPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	TInt paddingBytes=BlockSize()-(aInput.Length()%BlockSize());
	aOutput.Append(aInput);
	aOutput.SetLength(aOutput.Length()+paddingBytes);
	for (TInt i=1;i<=paddingBytes;i++)
		{
		aOutput[aOutput.Length()-i]=(TUint8)(paddingBytes-1);
		}
	}

void CPaddingSSLv3::UnPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	TInt paddingLen = aInput[aInput.Length()-1] + 1;

	if (paddingLen > aInput.Length())
		{
		User::Leave(KErrInvalidPadding);
		}

	TInt outlen = aInput.Length() - paddingLen;

	__ASSERT_DEBUG(aOutput.MaxLength() >= outlen, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));

	aOutput.Append(aInput.Left(outlen));
	}

TInt CPaddingSSLv3::MinPaddingLength(void) const
	{
	//if aInputBytes is 1 less than the blocksize then we get 1 byte of padding
	return 1;
	}

TInt CPaddingSSLv3::MaxPaddedLength(TInt aInputBytes) const
	{
	TUint padBytes = BlockSize() - (aInputBytes % BlockSize());
	return padBytes + aInputBytes;
	}

/* CPaddingPKCS1Signature */
EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewL(TInt aBlockBytes)
	{
	return CPaddingPKCS1SignatureShim::NewL(aBlockBytes);
	}

EXPORT_C CPaddingPKCS1Signature* CPaddingPKCS1Signature::NewLC(TInt aBlockBytes)
	{
	CPaddingPKCS1Signature* self = CPaddingPKCS1Signature::NewL(aBlockBytes);
	CleanupStack::PushL(self);
	return self;
	}

EXPORT_C CPaddingPKCS1Signature::CPaddingPKCS1Signature(TInt aBlockBytes)
	: CPadding(aBlockBytes)
	{
	}

void CPaddingPKCS1Signature::DoPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	aOutput.SetLength(BlockSize());
	TInt i;
	TInt j;
	aOutput[0]=0;
	TInt startOfData=BlockSize()-aInput.Length();
	// PKCS1 also specifies a block type 0 for private key operations but
	// does not recommend its use. This block type (0) is compatible with 
	// unpadded data though so you can create PKCS1 type 0 blocks using 
	// CPaddingNone.
	aOutput[1]=1;				// Block type 1 (private key operation)
	for (i=2;i<(startOfData-1);i++)
		{
		aOutput[i]=0xff;
		}
	j=0;
	aOutput[startOfData-1]=0;				// separator
	for (i=startOfData;i<BlockSize();i++,j++)
		{
		aOutput[i]=aInput[j];
		}
	}
	
void CPaddingPKCS1Signature::UnPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	// erm, oops, this is not quite as simplistic as it first looks...
	// our integer class will strip any leading zeros so we might actually
	// get some real data that starts out looking like padding but isn't 
	// really
	
	TInt inputLen = aInput.Length();
	if (inputLen <=0 )				
		User::Leave(KErrInvalidPadding);	//	Invalid padding data

	// Leading zero may have been stripped off by integer class
	TInt dataStart=0;
	if (aInput[dataStart] == 0)
		{
		++dataStart;
		}

	if (dataStart < inputLen && aInput[dataStart])		//	might be mode one or mode zero,
		{
		++dataStart;
		while (dataStart < inputLen && aInput[dataStart] == 0xff)
			{
			++dataStart;
			}
		
		if (dataStart == inputLen || aInput[dataStart])	//	this would mean theres no zero between 0x01ff and data...so its not mode one
			dataStart=0;			//	mode zero, start from begining of data
		else
			++dataStart;
		}
	else							//	We've definitely got a mode zero 
		{							//	or broken data, assume mode zero
		dataStart=0;		
		}

	TInt len=inputLen-dataStart;

	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));

	aOutput.SetLength(len);
	TInt i=0;
	while (dataStart<inputLen)
		{
		aOutput[i++]=aInput[dataStart++];
		}
	}

TInt CPaddingPKCS1Signature::MinPaddingLength(void) const
	{
	return 11; //0x00, 0x01, <MIN of 8 0xFF octets> , 0x00
	}

/* CPaddingPKCS1Encryption */
EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewL(
	TInt aBlockBytes)
	{
	return CPaddingPKCS1EncryptionShim::NewL(aBlockBytes);
	}

EXPORT_C CPaddingPKCS1Encryption* CPaddingPKCS1Encryption::NewLC(
	TInt aBlockBytes)
	{
	CPaddingPKCS1Encryption* self = CPaddingPKCS1Encryption::NewL(aBlockBytes);
	CleanupStack::PushL(self);
	return self;
	}

EXPORT_C CPaddingPKCS1Encryption::CPaddingPKCS1Encryption(TInt aBlockBytes)
	: CPadding(aBlockBytes)
	{
	}

void CPaddingPKCS1Encryption::DoPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	aOutput.SetLength(BlockSize());
	
	aOutput[0]=0;
	TInt startOfData=BlockSize()-aInput.Length();
	aOutput[1]=2;				// Block type 2 (public key operation)
	TBuf8<256> rnd(256);
	GenerateRandomBytesL(rnd);

	TInt i = 2;
	TInt j = 0;
	for (; i<(startOfData-1);)
		{
		if (rnd[j])
			{
			aOutput[i++]=rnd[j];
			}
		if (++j==256)
			{
			GenerateRandomBytesL(rnd);
			j=0;
			}
		}

	j=0;
	aOutput[startOfData-1]=0;				// separator
	for (i=startOfData;i<BlockSize();i++,j++)
		{
		aOutput[i]=aInput[j];
		}
	}
	
void CPaddingPKCS1Encryption::UnPadL(const TDesC8& aInput,TDes8& aOutput)
	{
	TInt inputLen = aInput.Length();
	if (inputLen <= 0)				
		User::Leave(KErrInvalidPadding);	//	Invalid padding data

	// Leading zero may have been stripped off by integer class
	TInt dataStart=0;
	if (aInput[dataStart] == 0)
		{
		++dataStart;
		}
	
	// expecting mode 2 padding, otherwise broken
	if (dataStart == inputLen || aInput[dataStart] != 2)	
		{
		User::Leave(KErrInvalidPadding);
		}
	++dataStart;

	// skip random non zero bytes
	while (dataStart < inputLen && aInput[dataStart])
		{
		++dataStart;
		}

	// expecting zero separator
	if (dataStart == inputLen || aInput[dataStart] != 0)
		{
		User::Leave(KErrInvalidPadding);		
		}
	++dataStart;

	TInt len = inputLen - dataStart;
	__ASSERT_DEBUG(aOutput.MaxLength() >= len, User::Panic(KCryptoPanic, ECryptoPanicOutputDescriptorOverflow));

	aOutput.SetLength(len);
	TInt i=0;
	while (dataStart<inputLen)
		{
		aOutput[i++]=aInput[dataStart++];
		}
	}

TInt CPaddingPKCS1Encryption::MinPaddingLength(void) const
	{
	return 11; //0x00, 0x02, <min of 8 random octets>, 0x00
	}
MCL/sf/os/security