Bitcoin Core 31.99.0
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1// Copyright (c) 2016-present The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <crypto/aes.h>
6#include <support/allocators/secure.h>
7
8#include <cstring>
9
10extern "C" {
11#include <crypto/ctaes/ctaes.c>
12}
13
14AES256Encrypt::AES256Encrypt(const unsigned char key[32])
15{
16 ctx = allocator.allocate(1);
17 AES256_init(ctx, key);
18}
19
20AES256Encrypt::~AES256Encrypt()
21{
22 allocator.deallocate(ctx, 1);
23}
24
25void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
26{
27 AES256_encrypt(ctx, 1, ciphertext, plaintext);
28}
29
30AES256Decrypt::AES256Decrypt(const unsigned char key[32])
31{
32 ctx = allocator.allocate(1);
33 AES256_init(ctx, key);
34}
35
36AES256Decrypt::~AES256Decrypt()
37{
38 allocator.deallocate(ctx, 1);
39}
40
41void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
42{
43 AES256_decrypt(ctx, 1, plaintext, ciphertext);
44}
45
46
47template <typename T>
48static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
49{
50 int written = 0;
51 int padsize = size % AES_BLOCKSIZE;
52 unsigned char mixed[AES_BLOCKSIZE];
53
54 if (!data || !size || !out)
55 return 0;
56
57 if (!pad && padsize != 0)
58 return 0;
59
60 memcpy(mixed, iv, AES_BLOCKSIZE);
61
62 // Write all but the last block
63 while (written + AES_BLOCKSIZE <= size) {
64 for (int i = 0; i != AES_BLOCKSIZE; i++)
65 mixed[i] ^= *data++;
66 enc.Encrypt(out + written, mixed);
67 memcpy(mixed, out + written, AES_BLOCKSIZE);
68 written += AES_BLOCKSIZE;
69 }
70 if (pad) {
71 // For all that remains, pad each byte with the value of the remaining
72 // space. If there is none, pad by a full block.
73 for (int i = 0; i != padsize; i++)
74 mixed[i] ^= *data++;
75 for (int i = padsize; i != AES_BLOCKSIZE; i++)
76 mixed[i] ^= AES_BLOCKSIZE - padsize;
77 enc.Encrypt(out + written, mixed);
78 written += AES_BLOCKSIZE;
79 }
80 return written;
81}
82
83template <typename T>
84static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
85{
86 int written = 0;
87 bool fail = false;
88 const unsigned char* prev = iv;
89
90 if (!data || !size || !out)
91 return 0;
92
93 if (size % AES_BLOCKSIZE != 0)
94 return 0;
95
96 // Decrypt all data. Padding will be checked in the output.
97 while (written != size) {
98 dec.Decrypt(out, data + written);
99 for (int i = 0; i != AES_BLOCKSIZE; i++)
100 *out++ ^= prev[i];
101 prev = data + written;
102 written += AES_BLOCKSIZE;
103 }
104
105 // When decrypting padding, attempt to run in constant-time
106 if (pad) {
107 // If used, padding size is the value of the last decrypted byte. For
108 // it to be valid, It must be between 1 and AES_BLOCKSIZE.
109 unsigned char padsize = *--out;
110 fail = !padsize | (padsize > AES_BLOCKSIZE);
111
112 // If not well-formed, treat it as though there's no padding.
113 padsize *= !fail;
114
115 // All padding must equal the last byte otherwise it's not well-formed
116 for (int i = AES_BLOCKSIZE; i != 0; i--)
117 fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
118
119 written -= padsize;
120 }
121 return written * !fail;
122}
123
124AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
125 : enc(key), pad(padIn)
126{
127 iv = allocator.allocate(AES_BLOCKSIZE);
128 memcpy(iv, ivIn, AES_BLOCKSIZE);
129}
130
131int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
132{
133 return CBCEncrypt(enc, iv, data, size, pad, out);
134}
135
136AES256CBCEncrypt::~AES256CBCEncrypt()
137{
138 allocator.deallocate(iv, AES_BLOCKSIZE);
139}
140
141AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
142 : dec(key), pad(padIn)
143{
144 iv = allocator.allocate(AES_BLOCKSIZE);
145 memcpy(iv, ivIn, AES_BLOCKSIZE);
146}
147
148
149int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
150{
151 return CBCDecrypt(dec, iv, data, size, pad, out);
152}
153
154AES256CBCDecrypt::~AES256CBCDecrypt()
155{
156 allocator.deallocate(iv, AES_BLOCKSIZE);
157}
CBCEncrypt
static int CBCEncrypt(const T &enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:48
CBCDecrypt
static int CBCDecrypt(const T &dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:84
AES256_KEYSIZE
static const int AES256_KEYSIZE
Definition: aes.h:16
AES_BLOCKSIZE
static const int AES_BLOCKSIZE
Definition: aes.h:15
AES256CBCDecrypt::pad
const bool pad
Definition: aes.h:68
AES256CBCDecrypt::AES256CBCDecrypt
AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:141
AES256CBCDecrypt::dec
const AES256Decrypt dec
Definition: aes.h:67
AES256CBCDecrypt::Decrypt
int Decrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:149
AES256CBCDecrypt::~AES256CBCDecrypt
~AES256CBCDecrypt()
Definition: aes.cpp:154
AES256CBCDecrypt::allocator
secure_allocator< unsigned char > allocator
Definition: aes.h:66
AES256CBCDecrypt::iv
unsigned char * iv
Definition: aes.h:69
AES256CBCEncrypt::AES256CBCEncrypt
AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:124
AES256CBCEncrypt::iv
unsigned char * iv
Definition: aes.h:55
AES256CBCEncrypt::Encrypt
int Encrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:131
AES256CBCEncrypt::pad
const bool pad
Definition: aes.h:54
AES256CBCEncrypt::~AES256CBCEncrypt
~AES256CBCEncrypt()
Definition: aes.cpp:136
AES256CBCEncrypt::enc
const AES256Encrypt enc
Definition: aes.h:53
AES256CBCEncrypt::allocator
secure_allocator< unsigned char > allocator
Definition: aes.h:52
AES256Decrypt::allocator
secure_allocator< AES256_ctx > allocator
Definition: aes.h:35
AES256Decrypt::ctx
AES256_ctx * ctx
Definition: aes.h:36
AES256Decrypt::~AES256Decrypt
~AES256Decrypt()
Definition: aes.cpp:36
AES256Decrypt::AES256Decrypt
AES256Decrypt(const unsigned char key[32])
Definition: aes.cpp:30
AES256Decrypt::Decrypt
void Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
Definition: aes.cpp:41
AES256Encrypt::allocator
secure_allocator< AES256_ctx > allocator
Definition: aes.h:22
AES256Encrypt::AES256Encrypt
AES256Encrypt(const unsigned char key[32])
Definition: aes.cpp:14
AES256Encrypt::~AES256Encrypt
~AES256Encrypt()
Definition: aes.cpp:20
AES256Encrypt::ctx
AES256_ctx * ctx
Definition: aes.h:23
AES256Encrypt::Encrypt
void Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
Definition: aes.cpp:25
AES256_encrypt
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *cipher16, const unsigned char *plain16)
Definition: ctaes.c:542
AES256_init
void AES256_init(AES256_ctx *ctx, const unsigned char *key32)
Definition: ctaes.c:538
AES256_decrypt
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *plain16, const unsigned char *cipher16)
Definition: ctaes.c:550
test_vectors_musig2_generate.data
data
Definition: test_vectors_musig2_generate.py:98
tests_wycheproof_generate_ecdsa.out
string out
Definition: tests_wycheproof_generate_ecdsa.py:24
secure_allocator::allocate
T * allocate(std::size_t n)
Definition: secure.h:27
secure_allocator::deallocate
void deallocate(T *p, std::size_t n)
Definition: secure.h:36
Generated on Mon Mar 23 2026 20:06:32 for Bitcoin Core by doxygen 1.9.4