Bitcoin Core  0.18.99
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1 // Copyright (c) 2016-2018 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <crypto/aes.h>
6 #include <crypto/common.h>
7 
8 #include <assert.h>
9 #include <string.h>
10 
11 extern "C" {
12 #include <crypto/ctaes/ctaes.c>
13 }
14 
15 AES256Encrypt::AES256Encrypt(const unsigned char key[32])
16 {
17  AES256_init(&ctx, key);
18 }
19 
21 {
22  memset(&ctx, 0, sizeof(ctx));
23 }
24 
25 void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
26 {
27  AES256_encrypt(&ctx, 1, ciphertext, plaintext);
28 }
29 
30 AES256Decrypt::AES256Decrypt(const unsigned char key[32])
31 {
32  AES256_init(&ctx, key);
33 }
34 
36 {
37  memset(&ctx, 0, sizeof(ctx));
38 }
39 
40 void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
41 {
42  AES256_decrypt(&ctx, 1, plaintext, ciphertext);
43 }
44 
45 
46 template <typename T>
47 static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
48 {
49  int written = 0;
50  int padsize = size % AES_BLOCKSIZE;
51  unsigned char mixed[AES_BLOCKSIZE];
52 
53  if (!data || !size || !out)
54  return 0;
55 
56  if (!pad && padsize != 0)
57  return 0;
58 
59  memcpy(mixed, iv, AES_BLOCKSIZE);
60 
61  // Write all but the last block
62  while (written + AES_BLOCKSIZE <= size) {
63  for (int i = 0; i != AES_BLOCKSIZE; i++)
64  mixed[i] ^= *data++;
65  enc.Encrypt(out + written, mixed);
66  memcpy(mixed, out + written, AES_BLOCKSIZE);
67  written += AES_BLOCKSIZE;
68  }
69  if (pad) {
70  // For all that remains, pad each byte with the value of the remaining
71  // space. If there is none, pad by a full block.
72  for (int i = 0; i != padsize; i++)
73  mixed[i] ^= *data++;
74  for (int i = padsize; i != AES_BLOCKSIZE; i++)
75  mixed[i] ^= AES_BLOCKSIZE - padsize;
76  enc.Encrypt(out + written, mixed);
77  written += AES_BLOCKSIZE;
78  }
79  return written;
80 }
81 
82 template <typename T>
83 static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
84 {
85  int written = 0;
86  bool fail = false;
87  const unsigned char* prev = iv;
88 
89  if (!data || !size || !out)
90  return 0;
91 
92  if (size % AES_BLOCKSIZE != 0)
93  return 0;
94 
95  // Decrypt all data. Padding will be checked in the output.
96  while (written != size) {
97  dec.Decrypt(out, data + written);
98  for (int i = 0; i != AES_BLOCKSIZE; i++)
99  *out++ ^= prev[i];
100  prev = data + written;
101  written += AES_BLOCKSIZE;
102  }
103 
104  // When decrypting padding, attempt to run in constant-time
105  if (pad) {
106  // If used, padding size is the value of the last decrypted byte. For
107  // it to be valid, It must be between 1 and AES_BLOCKSIZE.
108  unsigned char padsize = *--out;
109  fail = !padsize | (padsize > AES_BLOCKSIZE);
110 
111  // If not well-formed, treat it as though there's no padding.
112  padsize *= !fail;
113 
114  // All padding must equal the last byte otherwise it's not well-formed
115  for (int i = AES_BLOCKSIZE; i != 0; i--)
116  fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
117 
118  written -= padsize;
119  }
120  return written * !fail;
121 }
122 
123 AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
124  : enc(key), pad(padIn)
125 {
126  memcpy(iv, ivIn, AES_BLOCKSIZE);
127 }
128 
129 int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
130 {
131  return CBCEncrypt(enc, iv, data, size, pad, out);
132 }
133 
135 {
136  memset(iv, 0, sizeof(iv));
137 }
138 
139 AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
140  : dec(key), pad(padIn)
141 {
142  memcpy(iv, ivIn, AES_BLOCKSIZE);
143 }
144 
145 
146 int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
147 {
148  return CBCDecrypt(dec, iv, data, size, pad, out);
149 }
150 
152 {
153  memset(iv, 0, sizeof(iv));
154 }
void AES256_init(AES256_ctx *ctx, const unsigned char *key32)
Definition: ctaes.c:538
AES256Encrypt(const unsigned char key[32])
Definition: aes.cpp:15
void Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
Definition: aes.cpp:25
const AES256Decrypt dec
Definition: aes.h:62
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *cipher16, const unsigned char *plain16)
Definition: ctaes.c:542
~AES256Encrypt()
Definition: aes.cpp:20
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:64
int Decrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:146
void Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
Definition: aes.cpp:40
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *plain16, const unsigned char *cipher16)
Definition: ctaes.c:550
const bool pad
Definition: aes.h:63
~AES256CBCDecrypt()
Definition: aes.cpp:151
AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:139
AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:123
int Encrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:129
const AES256Encrypt enc
Definition: aes.h:49
~AES256Decrypt()
Definition: aes.cpp:35
void * memcpy(void *a, const void *b, size_t c)
AES256_ctx ctx
Definition: aes.h:21
~AES256CBCEncrypt()
Definition: aes.cpp:134
size_t size() const
Definition: univalue.h:69
const bool pad
Definition: aes.h:50
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:51
AES256Decrypt(const unsigned char key[32])
Definition: aes.cpp:30