Bitcoin Core  0.19.99
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1 // Copyright (c) 2016-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <crypto/aes.h>
6 
7 #include <assert.h>
8 #include <string.h>
9 
10 extern "C" {
11 #include <crypto/ctaes/ctaes.c>
12 }
13 
14 AES256Encrypt::AES256Encrypt(const unsigned char key[32])
15 {
16  AES256_init(&ctx, key);
17 }
18 
20 {
21  memset(&ctx, 0, sizeof(ctx));
22 }
23 
24 void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
25 {
26  AES256_encrypt(&ctx, 1, ciphertext, plaintext);
27 }
28 
29 AES256Decrypt::AES256Decrypt(const unsigned char key[32])
30 {
31  AES256_init(&ctx, key);
32 }
33 
35 {
36  memset(&ctx, 0, sizeof(ctx));
37 }
38 
39 void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
40 {
41  AES256_decrypt(&ctx, 1, plaintext, ciphertext);
42 }
43 
44 
45 template <typename T>
46 static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
47 {
48  int written = 0;
49  int padsize = size % AES_BLOCKSIZE;
50  unsigned char mixed[AES_BLOCKSIZE];
51 
52  if (!data || !size || !out)
53  return 0;
54 
55  if (!pad && padsize != 0)
56  return 0;
57 
58  memcpy(mixed, iv, AES_BLOCKSIZE);
59 
60  // Write all but the last block
61  while (written + AES_BLOCKSIZE <= size) {
62  for (int i = 0; i != AES_BLOCKSIZE; i++)
63  mixed[i] ^= *data++;
64  enc.Encrypt(out + written, mixed);
65  memcpy(mixed, out + written, AES_BLOCKSIZE);
66  written += AES_BLOCKSIZE;
67  }
68  if (pad) {
69  // For all that remains, pad each byte with the value of the remaining
70  // space. If there is none, pad by a full block.
71  for (int i = 0; i != padsize; i++)
72  mixed[i] ^= *data++;
73  for (int i = padsize; i != AES_BLOCKSIZE; i++)
74  mixed[i] ^= AES_BLOCKSIZE - padsize;
75  enc.Encrypt(out + written, mixed);
76  written += AES_BLOCKSIZE;
77  }
78  return written;
79 }
80 
81 template <typename T>
82 static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
83 {
84  int written = 0;
85  bool fail = false;
86  const unsigned char* prev = iv;
87 
88  if (!data || !size || !out)
89  return 0;
90 
91  if (size % AES_BLOCKSIZE != 0)
92  return 0;
93 
94  // Decrypt all data. Padding will be checked in the output.
95  while (written != size) {
96  dec.Decrypt(out, data + written);
97  for (int i = 0; i != AES_BLOCKSIZE; i++)
98  *out++ ^= prev[i];
99  prev = data + written;
100  written += AES_BLOCKSIZE;
101  }
102 
103  // When decrypting padding, attempt to run in constant-time
104  if (pad) {
105  // If used, padding size is the value of the last decrypted byte. For
106  // it to be valid, It must be between 1 and AES_BLOCKSIZE.
107  unsigned char padsize = *--out;
108  fail = !padsize | (padsize > AES_BLOCKSIZE);
109 
110  // If not well-formed, treat it as though there's no padding.
111  padsize *= !fail;
112 
113  // All padding must equal the last byte otherwise it's not well-formed
114  for (int i = AES_BLOCKSIZE; i != 0; i--)
115  fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
116 
117  written -= padsize;
118  }
119  return written * !fail;
120 }
121 
122 AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
123  : enc(key), pad(padIn)
124 {
125  memcpy(iv, ivIn, AES_BLOCKSIZE);
126 }
127 
128 int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
129 {
130  return CBCEncrypt(enc, iv, data, size, pad, out);
131 }
132 
134 {
135  memset(iv, 0, sizeof(iv));
136 }
137 
138 AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
139  : dec(key), pad(padIn)
140 {
141  memcpy(iv, ivIn, AES_BLOCKSIZE);
142 }
143 
144 
145 int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
146 {
147  return CBCDecrypt(dec, iv, data, size, pad, out);
148 }
149 
151 {
152  memset(iv, 0, sizeof(iv));
153 }
void AES256_init(AES256_ctx *ctx, const unsigned char *key32)
Definition: ctaes.c:538
AES256Encrypt(const unsigned char key[32])
Definition: aes.cpp:14
static const int AES256_KEYSIZE
Definition: aes.h:15
static int CBCEncrypt(const T &enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:46
void Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
Definition: aes.cpp:24
const AES256Decrypt dec
Definition: aes.h:62
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *cipher16, const unsigned char *plain16)
Definition: ctaes.c:542
~AES256Encrypt()
Definition: aes.cpp:19
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:64
int Decrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:145
void Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
Definition: aes.cpp:39
static int CBCDecrypt(const T &dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:82
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *plain16, const unsigned char *cipher16)
Definition: ctaes.c:550
const bool pad
Definition: aes.h:63
~AES256CBCDecrypt()
Definition: aes.cpp:150
AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:138
AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:122
int Encrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:128
const AES256Encrypt enc
Definition: aes.h:49
~AES256Decrypt()
Definition: aes.cpp:34
void * memcpy(void *a, const void *b, size_t c)
AES256_ctx ctx
Definition: aes.h:21
~AES256CBCEncrypt()
Definition: aes.cpp:133
size_t size() const
Definition: univalue.h:69
const bool pad
Definition: aes.h:50
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:51
AES256Decrypt(const unsigned char key[32])
Definition: aes.cpp:29
static const int AES_BLOCKSIZE
Definition: aes.h:14