Bitcoin Core  0.19.99
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1 // Copyright (c) 2016-2019 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <crypto/aes.h>
6 
7 #include <string.h>
8 
9 extern "C" {
10 #include <crypto/ctaes/ctaes.c>
11 }
12 
13 AES256Encrypt::AES256Encrypt(const unsigned char key[32])
14 {
15  AES256_init(&ctx, key);
16 }
17 
19 {
20  memset(&ctx, 0, sizeof(ctx));
21 }
22 
23 void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
24 {
25  AES256_encrypt(&ctx, 1, ciphertext, plaintext);
26 }
27 
28 AES256Decrypt::AES256Decrypt(const unsigned char key[32])
29 {
30  AES256_init(&ctx, key);
31 }
32 
34 {
35  memset(&ctx, 0, sizeof(ctx));
36 }
37 
38 void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
39 {
40  AES256_decrypt(&ctx, 1, plaintext, ciphertext);
41 }
42 
43 
44 template <typename T>
45 static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
46 {
47  int written = 0;
48  int padsize = size % AES_BLOCKSIZE;
49  unsigned char mixed[AES_BLOCKSIZE];
50 
51  if (!data || !size || !out)
52  return 0;
53 
54  if (!pad && padsize != 0)
55  return 0;
56 
57  memcpy(mixed, iv, AES_BLOCKSIZE);
58 
59  // Write all but the last block
60  while (written + AES_BLOCKSIZE <= size) {
61  for (int i = 0; i != AES_BLOCKSIZE; i++)
62  mixed[i] ^= *data++;
63  enc.Encrypt(out + written, mixed);
64  memcpy(mixed, out + written, AES_BLOCKSIZE);
65  written += AES_BLOCKSIZE;
66  }
67  if (pad) {
68  // For all that remains, pad each byte with the value of the remaining
69  // space. If there is none, pad by a full block.
70  for (int i = 0; i != padsize; i++)
71  mixed[i] ^= *data++;
72  for (int i = padsize; i != AES_BLOCKSIZE; i++)
73  mixed[i] ^= AES_BLOCKSIZE - padsize;
74  enc.Encrypt(out + written, mixed);
75  written += AES_BLOCKSIZE;
76  }
77  return written;
78 }
79 
80 template <typename T>
81 static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
82 {
83  int written = 0;
84  bool fail = false;
85  const unsigned char* prev = iv;
86 
87  if (!data || !size || !out)
88  return 0;
89 
90  if (size % AES_BLOCKSIZE != 0)
91  return 0;
92 
93  // Decrypt all data. Padding will be checked in the output.
94  while (written != size) {
95  dec.Decrypt(out, data + written);
96  for (int i = 0; i != AES_BLOCKSIZE; i++)
97  *out++ ^= prev[i];
98  prev = data + written;
99  written += AES_BLOCKSIZE;
100  }
101 
102  // When decrypting padding, attempt to run in constant-time
103  if (pad) {
104  // If used, padding size is the value of the last decrypted byte. For
105  // it to be valid, It must be between 1 and AES_BLOCKSIZE.
106  unsigned char padsize = *--out;
107  fail = !padsize | (padsize > AES_BLOCKSIZE);
108 
109  // If not well-formed, treat it as though there's no padding.
110  padsize *= !fail;
111 
112  // All padding must equal the last byte otherwise it's not well-formed
113  for (int i = AES_BLOCKSIZE; i != 0; i--)
114  fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
115 
116  written -= padsize;
117  }
118  return written * !fail;
119 }
120 
121 AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
122  : enc(key), pad(padIn)
123 {
124  memcpy(iv, ivIn, AES_BLOCKSIZE);
125 }
126 
127 int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
128 {
129  return CBCEncrypt(enc, iv, data, size, pad, out);
130 }
131 
133 {
134  memset(iv, 0, sizeof(iv));
135 }
136 
137 AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
138  : dec(key), pad(padIn)
139 {
140  memcpy(iv, ivIn, AES_BLOCKSIZE);
141 }
142 
143 
144 int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
145 {
146  return CBCDecrypt(dec, iv, data, size, pad, out);
147 }
148 
150 {
151  memset(iv, 0, sizeof(iv));
152 }
void AES256_init(AES256_ctx *ctx, const unsigned char *key32)
Definition: ctaes.c:538
AES256Encrypt(const unsigned char key[32])
Definition: aes.cpp:13
static const int AES256_KEYSIZE
Definition: aes.h:15
static int CBCEncrypt(const T &enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:45
void Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
Definition: aes.cpp:23
const AES256Decrypt dec
Definition: aes.h:62
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *cipher16, const unsigned char *plain16)
Definition: ctaes.c:542
~AES256Encrypt()
Definition: aes.cpp:18
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:64
int Decrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:144
void Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
Definition: aes.cpp:38
static int CBCDecrypt(const T &dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:81
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *plain16, const unsigned char *cipher16)
Definition: ctaes.c:550
const bool pad
Definition: aes.h:63
~AES256CBCDecrypt()
Definition: aes.cpp:149
AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:137
AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:121
int Encrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:127
const AES256Encrypt enc
Definition: aes.h:49
~AES256Decrypt()
Definition: aes.cpp:33
void * memcpy(void *a, const void *b, size_t c)
AES256_ctx ctx
Definition: aes.h:21
~AES256CBCEncrypt()
Definition: aes.cpp:132
size_t size() const
Definition: univalue.h:68
const bool pad
Definition: aes.h:50
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:51
AES256Decrypt(const unsigned char key[32])
Definition: aes.cpp:28
static const int AES_BLOCKSIZE
Definition: aes.h:14