Mercurial Mercurial > oss > MCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
crypto/weakcryptospi/source/pbe/pbe.cpp
author Mikko Sunikka <mikko.sunikka@nokia.com>
Fri, 06 Nov 2009 13:21:00 +0200
changeset 19 cd501b96611d
permissions -rw-r--r--
Revision: 200945 Kit: 200945

/*
* Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: 
*
*/


#include <e32std.h>
#include <random.h>
#include <cryptostrength.h>
#include <securityerr.h>
#include <pbedata.h>
#include "pkcs5kdf.h"
#include "pbe.h"
#include <pbencryptor.h>
#include "pbesymmetricfactory.h"

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewL(const TPBPassword& aPassword)
	{
	CPBEncryptElement* self = NewLC(aPassword);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewLC(const TPBPassword& aPassword)
	{
	CPBEncryptElement* self = new(ELeave) CPBEncryptElement;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password());
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewL(const TPBPassword& aPassword, 
	const TPBECipher aCipher)
	{
	CPBEncryptElement* self = NewLC(aPassword, aCipher);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewLC(const TPBPassword& aPassword, 
	const TPBECipher aCipher)
	{
	CPBEncryptElement* self = new(ELeave) CPBEncryptElement;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password(), aCipher);
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewL(const TPBPassword& aPassword, 
	const CPBEncryptParms& aParms)
	{
	CPBEncryptElement* self = NewLC(aPassword, aParms);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewLC(const TPBPassword& aPassword, 
	const CPBEncryptParms& aParms)
	{
	CPBEncryptElement* self = new(ELeave) CPBEncryptElement;
	CleanupStack::PushL(self);
	self->ConstructL(aPassword.Password(), aParms);
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewL(
	const CPBEncryptionData& aData, const TPBPassword& aPassword)
	{
	CPBEncryptElement* self = CPBEncryptElement::NewLC(aData, aPassword);
	CleanupStack::Pop();
	return self;
	}

EXPORT_C CPBEncryptElement* CPBEncryptElement::NewLC(
	const CPBEncryptionData& aData, const TPBPassword& aPassword)
	{
	CPBEncryptElement* self = new(ELeave) CPBEncryptElement;
	CleanupStack::PushL(self);
	self->ConstructL(aData, aPassword);
	return self;
	}

CPBEncryptElement::CPBEncryptElement(void) 
	{
	}

CPBEncryptElement::~CPBEncryptElement(void)
	{
	delete iData;
	delete iEncryptKey;
	}

void CPBEncryptElement::ConstructL(const TDesC8& aPassword)
	{
	// Construct based on cryptography strength
	if (TCrypto::Strength() == TCrypto::EStrong)
		{
		ConstructL(aPassword, KPBEDefaultStrongCipher);
		}
	else
		{
		ConstructL(aPassword, KPBEDefaultWeakCipher);
		}
	}

void CPBEncryptElement::ConstructL(const TDesC8& aPassword, TPBECipher aCipher)
	{
	TBuf8<KPBEMaxCipherIVBytes> iv(KPBEMaxCipherIVBytes);
	iv.SetLength(PBE::GetBlockBytes(aCipher));
	TRandom::RandomL(iv);

	TBuf8<KPBEDefaultSaltBytes> encryptSalt(KPBEDefaultSaltBytes);
	TRandom::RandomL(encryptSalt);

	TBuf8<KPBEDefaultSaltBytes> authSalt(KPBEDefaultSaltBytes);
	TRandom::RandomL(authSalt);

	iData = CPBEncryptionData::NewL(aPassword, aCipher, authSalt, encryptSalt,
		iv, KDefaultIterations);

	MakeEncryptKeyL(PBE::GetKeyBytes(aCipher), aPassword);
	}

void CPBEncryptElement::ConstructL(const CPBEncryptionData& aData, 
	const TPBPassword& aPassword)
	{
	iData = CPBEncryptionData::NewL(aData);
	if(!AuthenticateL(aPassword))
		{
		User::Leave(KErrBadPassphrase);
		}
	}

void CPBEncryptElement::ConstructL(const TDesC8& aPassword,
	const CPBEncryptParms& aParms)
	{
	TUint keySize = PBE::GetKeyBytes(aParms.Cipher());

	TBuf8<KPBEDefaultSaltBytes> authSalt(KPBEDefaultSaltBytes);
	TRandom::RandomL(authSalt);

	//Recreate parms with given data and create a totally new auth
	iData = CPBEncryptionData::NewL(aPassword, authSalt, aParms);
	MakeEncryptKeyL(keySize, aPassword);
	}

const CPBEncryptionData& CPBEncryptElement::EncryptionData(void) const
	{
	return *iData;
	}

CPBEncryptor* CPBEncryptElement::NewEncryptL() const 
	{
	CPBEncryptor* encryptor = NewEncryptLC();
	CleanupStack::Pop();
	return encryptor;
	}

CPBEncryptor* CPBEncryptElement::NewEncryptLC() const
	{
	CPBEncryptor* encryptor = CPBEncryptorElement::NewLC( 
		iData->EncryptParms().Cipher(), *iEncryptKey, 
		iData->EncryptParms().IV());
	return encryptor;
	}

TBool CPBEncryptElement::AuthenticateL(const TPBPassword& aPassword)
	{
	TBool retval = EFalse;

	//create a new auth to test against the existing one
	//therefore we use the same key size, and salt as the current one
	CPBAuthData* auth = CPBAuthData::NewLC(aPassword.Password(),
		iData->AuthData().Salt(), iData->AuthData().Key().Size(),
		iData->AuthData().Iterations());
	if(*auth==iData->AuthData())
		{
		//We've got a valid password, regenerate the key so they can decrypt
		//stuff.  We don't the change the length of iEncryptKey as we assume the
		//previous key size is appropriate for the new one
		MakeEncryptKeyL(PBE::GetKeyBytes(iData->EncryptParms().Cipher()),
			aPassword.Password());
		retval = ETrue;
		}
	CleanupStack::PopAndDestroy(auth);
	return retval;
	}

CPBDecryptor* CPBEncryptElement::NewDecryptL() const
	{
	CPBDecryptor* decryptor = NewDecryptLC();
	CleanupStack::Pop();
	return decryptor;
	}

CPBDecryptor* CPBEncryptElement::NewDecryptLC() const
	{
	CPBDecryptor* decryptor = CPBDecryptorElement::NewLC(
		iData->EncryptParms().Cipher(), *iEncryptKey,
		iData->EncryptParms().IV());
	return decryptor;
	}

// Warning: This function is only valid BEFORE you call NewEncryptL
// After creating the cipher, ask it about itself, not me!
// This is _very_ dodgy as I assume all sorts of things about the encryptor.
// 1) That it uses SSLv3 or similar style padding
// 2) That it stores the IV for that stream at the front.
// This is here for specific application that requires this and aren't able to
// actually construct the cipher and ask it.  In almost all other cases you
// should construct the cipher and ask it.
TInt CPBEncryptElement::MaxCiphertextLength(TInt aPlaintextLength) const
	{
	TUint blocksize = PBE::GetBlockBytes(iData->EncryptParms().Cipher());
	TUint padding = blocksize - aPlaintextLength % blocksize;
	//len = inputLength + padding
	return aPlaintextLength + padding;
	}

// Warning: This function is only valid BEFORE you call NewDecryptL
// After creating the cipher, ask it about itself, not me!
TInt CPBEncryptElement::MaxPlaintextLength(TInt aCiphertextLength) const
	{
	/*It's impossible to determine anything about how much padding will be
	 * removed.  So we'll return a max length that is longer than will
	 * ever happen by at most a blocksize - 1.
	 */
	//totallength = inputlength - 1 byte of padding min
	return aCiphertextLength - 1;
	}

void CPBEncryptElement::MakeEncryptKeyL(TUint aKeySize, const TDesC8& aPassword)
	{
	iEncryptKey = HBufC8::NewMaxL(aKeySize);
	TPtr8 encryptKeyBuf = iEncryptKey->Des();
	iData->EncryptParms().DeriveKeyL(aPassword, encryptKeyBuf);
	}

EXPORT_C TPBPassword::TPBPassword(const TDesC8& aPassword)
	{
	iPassword.Set(aPassword);
	}

EXPORT_C TPBPassword::TPBPassword(const TDesC16& aPassword)
	{
	iPassword.Set(reinterpret_cast<const TUint8*>(aPassword.Ptr()), aPassword.Size());
	}

EXPORT_C const TDesC8& TPBPassword::Password(void) const
	{
	return iPassword;
	}
MCL/sf/os/security