Fix prevent issues in FSecurity

[platform/framework/native/appfw.git] / src / security / pkcs / FSecPkcs_Pkcs05PbMacParametersImpl.cpp

//
// Open Service Platform
// Copyright (c) 2013 Samsung Electronics Co., Ltd.
//
// Licensed under the Apache License, Version 2.0 (the License);
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

/**
 * @file                FSecPkcsPkcs05PbMacParameters.cpp
 * @brief               This is the implementation file for Pkcs05PbMacParameters class.
 *
 * This header file contains the implementation of Pkcs05PbMacParameters class.
 *
 */

#include <new>
#include <openssl/evp.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/hmac.h>
#include <openssl/objects.h>
#include <openssl/obj_mac.h>
#include <unique_ptr.h>
#include <FBaseSysLog.h>
#include <FBaseByteBuffer.h>
#include <FBaseResult.h>
#include <FSecPkcsIAlgorithmParameters.h>
#include <FSecPkcsPkcs05PbKdf2Parameters.h>
#include <FSecPkcsAlgorithmIdentifier.h>
#include <FSecPkcsTypes.h>
#include <FSecPkcsPkcs05PbMacParameters.h>
#include "FSecPkcs_PkcsUtility.h"
#include "FSecPkcs_Pkcs05PbMacParametersImpl.h"

using namespace Tizen::Base;

namespace Tizen { namespace Security { namespace Pkcs
{


_Pkcs05PbMacParametersImpl::_Pkcs05PbMacParametersImpl(void)
{

}



_Pkcs05PbMacParametersImpl::~_Pkcs05PbMacParametersImpl(void)
{
        //do nothing
}

result
_Pkcs05PbMacParametersImpl::Construct(const Tizen::Base::ByteBuffer& encodedData)
{
        result r = E_SUCCESS;
        const byte* pBuffer = null;
        const unsigned char* pBuf = null;
        int bufferLen = 0;
        int nidMacAlgo = 0;
        int paramLen = 0;
        PBE2PARAM* pMacObj = null;
        std::unique_ptr< ByteBuffer > pKdfParam;
        Tizen::Base::String macOid = null;
        ASN1_TYPE* pParam = null;
        std::unique_ptr< Pkcs05PbKdf2Parameters > pKdf2Parameters;

        pBuffer = encodedData.GetPointer();
        SysTryReturnResult(NID_SEC_CRYPTO, pBuffer != null, E_INVALID_ARG, "The specified input parameter is invalid.");

        bufferLen = encodedData.GetRemaining();
        SysTryReturnResult(NID_SEC_CRYPTO, bufferLen > 0, E_INVALID_ARG, "The specified input parameter is invalid.");

        pMacObj = d2i_PBE2PARAM(null, reinterpret_cast< const unsigned char** >(&pBuffer), bufferLen);
        SysTryReturnResult(NID_SEC_CRYPTO, pMacObj != null, E_INVALID_ARG, "The specified input parameter is invalid.");

        SysTryCatch(NID_SEC_CRYPTO, OBJ_obj2nid(pMacObj->keyfunc->algorithm) == NID_id_pbkdf2, r = E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        pParam = pMacObj->keyfunc->parameter;
        SysTryReturn(NID_SEC_CRYPTO, !((!pParam) || (pParam->type != V_ASN1_SEQUENCE)), E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        pBuf = pParam->value.sequence->data;
        SysTryCatch(NID_SEC_CRYPTO, pBuf != null, r = E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        paramLen = pParam->value.sequence->length;
        SysTryCatch(NID_SEC_CRYPTO, paramLen > 0, r = E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        pKdfParam = std::unique_ptr< ByteBuffer >(new (std::nothrow) ByteBuffer());
        SysTryCatch(NID_SEC_CRYPTO, pKdfParam, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        r = pKdfParam->Construct(paramLen);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        r = pKdfParam->SetArray(pBuf, 0, paramLen);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        pKdfParam->Flip();

        pKdf2Parameters = std::unique_ptr< Pkcs05PbKdf2Parameters >(new (std::nothrow) Pkcs05PbKdf2Parameters());
        SysTryCatch(NID_SEC_CRYPTO, pKdf2Parameters, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        r = pKdf2Parameters->Construct(*pKdfParam);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        __keyDerivationFunction.Construct(OID_PBKDF2, pKdf2Parameters.get());
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        nidMacAlgo = OBJ_obj2nid(pMacObj->encryption->algorithm);
        macOid = _PkcsUtility::ConvertToOid(nidMacAlgo);

        r = GetLastResult();
        SysTryCatch(NID_SEC_CRYPTO, r != E_UNSUPPORTED_ALGORITHM, r = E_UNSUPPORTED_ALGORITHM, E_UNSUPPORTED_ALGORITHM, "[E_UNSUPPORTED_ALGORITHM] The input algorithm is not supported.");

        r = __messageAuthScheme.Construct(macOid, null);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

CATCH:

        PBE2PARAM_free(pMacObj);
        return r;
}

result
_Pkcs05PbMacParametersImpl::Construct(const AlgorithmIdentifier& keyDerivationFunction, const AlgorithmIdentifier& messageAuthScheme)
{
        result r = E_SUCCESS;

        std::unique_ptr< IAlgorithmParameters > pParam(keyDerivationFunction.GetParametersN());
        SysTryReturn(NID_SEC_CRYPTO, pParam != null, r, r, "[%s] Failed to get the parameters.", GetErrorMessage(r));

        r = __keyDerivationFunction.Construct(keyDerivationFunction.GetAlgorithmObjectId(), pParam.get());
        SysTryReturn(NID_SEC_CRYPTO, !IsFailed(r), r, r, "[%s] Failed to construct the algorithm identifier.", GetErrorMessage(r));

        std::unique_ptr< IAlgorithmParameters > pAuthParam(messageAuthScheme.GetParametersN());
        SysTryReturn(NID_SEC_CRYPTO, pParam != null, r, r, "[%s] Failed to get the parameters.", GetErrorMessage(r));

        r = __messageAuthScheme.Construct(messageAuthScheme.GetAlgorithmObjectId(), pAuthParam.get());
        SysTryReturn(NID_SEC_CRYPTO, !IsFailed(r), r, r, "[%s] Failed to construct the algorithm identifier.", GetErrorMessage(r));

        return r;
}


ByteBuffer*
_Pkcs05PbMacParametersImpl::GetEncodedDataN(void) const
{

        result r = E_SUCCESS;
        PBE2PARAM* pMacObj = null;
        byte* pTemp = {0, };
        int value = 0;
        int algoNid = 0;
        int prfNid = 0;
        int ret = 0;
        Tizen::Base::String keyOid = null;
        Tizen::Base::String macAlgo = null;
        Tizen::Base::String prfOid = null;
        std::unique_ptr< Pkcs05PbKdf2Parameters > pKeyParams;
        std::unique_ptr< ByteBuffer > pSalt;
        std::unique_ptr< ByteBuffer > pEncMacParam;

        SysAssertf(__keyDerivationFunction.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");
        SysAssertf(__messageAuthScheme.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");

        keyOid = __keyDerivationFunction.GetAlgorithmObjectId();

        macAlgo = __messageAuthScheme.GetAlgorithmObjectId();

        pKeyParams = std::unique_ptr< Pkcs05PbKdf2Parameters >(dynamic_cast< Pkcs05PbKdf2Parameters* >(__keyDerivationFunction.GetParametersN()));
        SysTryReturn(NID_SEC_CRYPTO, pKeyParams, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        pSalt = std::unique_ptr< ByteBuffer >(new (std::nothrow) ByteBuffer());
        SysTryCatch(NID_SEC_CRYPTO, pSalt != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        SysTryCatch(NID_SEC_CRYPTO, pKeyParams->GetSaltValue().GetRemaining() > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] The method cannot proceed due to a severe system error.");

        r = pSalt->Construct(pKeyParams->GetSaltValue());
        SysTryReturn(NID_SEC_CRYPTO, !IsFailed(r), null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        pMacObj = PBE2PARAM_new();
        SysTryReturn(NID_SEC_CRYPTO, pMacObj != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        prfOid = (pKeyParams->GetPrf()).GetAlgorithmObjectId();
        prfNid = _PkcsUtility::ConvertToNid(prfOid);

        pMacObj->keyfunc = _PkcsUtility::GenerateKdfParametersN(pKeyParams->GetIterationCount(), const_cast< unsigned char* >(pSalt->GetPointer()), pSalt->GetRemaining(), prfNid, pKeyParams->GetDerivedKeyLength());
        SysTryCatch(NID_SEC_CRYPTO, pMacObj->keyfunc != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] The method cannot proceed due to a severe system error.");

        algoNid = _PkcsUtility::ConvertToNid(macAlgo);

        pMacObj->encryption = X509_ALGOR_new();
        SysTryCatch(NID_SEC_CRYPTO, (pMacObj->encryption != null), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        ret = X509_ALGOR_set0(pMacObj->encryption, OBJ_nid2obj(algoNid), V_ASN1_NULL, NULL);
        SysTryCatch(NID_SEC_CRYPTO, ret > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] The method cannot proceed due to a severe system error.");

        // encode the PBE2PARAM structure

        value = i2d_PBE2PARAM(pMacObj, &pTemp);
        SysTryCatch(NID_SEC_CRYPTO, value > 0, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] The method cannot proceed due to a severe system error.");

        pEncMacParam = std::unique_ptr< ByteBuffer >(new (std::nothrow) ByteBuffer());
        SysTryCatch(NID_SEC_CRYPTO, pEncMacParam, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        r = pEncMacParam->Construct(value);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");

        r = pEncMacParam->SetArray(pTemp, 0, value);
        SysTryCatch(NID_SEC_CRYPTO, !IsFailed(r), r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] The method cannot proceed due to a severe system error.");

        pEncMacParam->Flip();

CATCH:

        if (IsFailed(r))
        {
                pEncMacParam.reset(null);
        }
        PBE2PARAM_free(pMacObj);
        OPENSSL_free(pTemp);
        SetLastResult(r);
        return pEncMacParam.release();

}



const AlgorithmIdentifier&
_Pkcs05PbMacParametersImpl::GetKeyDerivationAlgorithm(void) const
{
        ClearLastResult();

        SysAssertf(__keyDerivationFunction.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");
        SysAssertf(__messageAuthScheme.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");

        return __keyDerivationFunction;
}

const AlgorithmIdentifier&
_Pkcs05PbMacParametersImpl::GetMacAlgorithm(void) const
{
        ClearLastResult();

        SysAssertf(__keyDerivationFunction.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");
        SysAssertf(__messageAuthScheme.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");

        return __messageAuthScheme;
}

PkcsAlgorithmParameterType
_Pkcs05PbMacParametersImpl::GetType(void) const
{
        ClearLastResult();
        return PKCS_ALGO_PARAM_TYPE_PKCS05_MAC;
}

bool
_Pkcs05PbMacParametersImpl::Equals(const Object& obj) const
{
        bool value = false;

        SysAssertf(__keyDerivationFunction.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");
        SysAssertf(__messageAuthScheme.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");

        const _Pkcs05PbMacParametersImpl* pOther = dynamic_cast< const _Pkcs05PbMacParametersImpl* >(&obj);

        SysTryReturn(NID_SEC_CRYPTO, pOther != null, false, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        if (pOther == this)
        {
                return true;
        }

        SysTryReturn(NID_SEC_CRYPTO, pOther->GetKeyDerivationAlgorithm().GetAlgorithmObjectId().GetLength() > 0, false, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");
        SysTryReturn(NID_SEC_CRYPTO, pOther->GetMacAlgorithm().GetAlgorithmObjectId().GetLength() > 0, false, E_INVALID_ARG, "[E_INVALID_ARG] The specified input parameter is invalid.");

        value = (__keyDerivationFunction.Equals(pOther->GetKeyDerivationAlgorithm())) && (__messageAuthScheme.Equals(pOther->GetMacAlgorithm()));

        return value;

}

int
_Pkcs05PbMacParametersImpl::GetHashCode(void) const
{
        SysAssertf(__keyDerivationFunction.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");
        SysAssertf(__messageAuthScheme.GetAlgorithmObjectId().GetLength() > 0, "Not yet constructed. Construct () should be called before use.");

        return __keyDerivationFunction.GetHashCode() + __messageAuthScheme.GetHashCode();
}

_Pkcs05PbMacParametersImpl*
_Pkcs05PbMacParametersImpl::GetInstance(Pkcs05PbMacParameters& pkcs05PbMacParameters)
{
        return pkcs05PbMacParameters.__pPkcs05PbMacParametersImpl;
}

const _Pkcs05PbMacParametersImpl*
_Pkcs05PbMacParametersImpl::GetInstance(const Pkcs05PbMacParameters& pkcs05PbMacParameters)
{
        return pkcs05PbMacParameters.__pPkcs05PbMacParametersImpl;
}

} } } // end of namespace Pkcs