aes_8cpp_source.html

 // Copyright (c) 2016-2019 The Bitcoin Core developers

 // Distributed under the MIT software license, see the accompanying

 // file COPYING or http://www.opensource.org/licenses/mit-license.php.


 #include <crypto/aes.h>


 #include <string.h>


 extern "C" {

 #include <crypto/ctaes/ctaes.c>

 }


 AES256Encrypt::AES256Encrypt(const unsigned char key[32])

 {

     AES256_init(&ctx, key);

 }


 AES256Encrypt::~AES256Encrypt()

 {

     memset(&ctx, 0, sizeof(ctx));

 }


 void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const

 {

     AES256_encrypt(&ctx, 1, ciphertext, plaintext);

 }


 AES256Decrypt::AES256Decrypt(const unsigned char key[32])

 {

     AES256_init(&ctx, key);

 }


 AES256Decrypt::~AES256Decrypt()

 {

     memset(&ctx, 0, sizeof(ctx));

 }


 void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const

 {

     AES256_decrypt(&ctx, 1, plaintext, ciphertext);

 }


 template <typename T>

 static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)

 {

     int written = 0;

     int padsize = size % AES_BLOCKSIZE;

     unsigned char mixed[AES_BLOCKSIZE];


     if (!data || !size || !out)

         return 0;


     if (!pad && padsize != 0)

         return 0;


     memcpy(mixed, iv, AES_BLOCKSIZE);


     // Write all but the last block

     while (written + AES_BLOCKSIZE <= size) {

         for (int i = 0; i != AES_BLOCKSIZE; i++)

             mixed[i] ^= *data++;

         enc.Encrypt(out + written, mixed);

         memcpy(mixed, out + written, AES_BLOCKSIZE);

         written += AES_BLOCKSIZE;

     }

     if (pad) {

         // For all that remains, pad each byte with the value of the remaining

         // space. If there is none, pad by a full block.

         for (int i = 0; i != padsize; i++)

             mixed[i] ^= *data++;

         for (int i = padsize; i != AES_BLOCKSIZE; i++)

             mixed[i] ^= AES_BLOCKSIZE - padsize;

         enc.Encrypt(out + written, mixed);

         written += AES_BLOCKSIZE;

     }

     return written;

 }


 template <typename T>

 static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)

 {

     int written = 0;

     bool fail = false;

     const unsigned char* prev = iv;


     if (!data || !size || !out)

         return 0;


     if (size % AES_BLOCKSIZE != 0)

         return 0;


     // Decrypt all data. Padding will be checked in the output.

     while (written != size) {

         dec.Decrypt(out, data + written);

         for (int i = 0; i != AES_BLOCKSIZE; i++)

             *out++ ^= prev[i];

         prev = data + written;

         written += AES_BLOCKSIZE;

     }


     // When decrypting padding, attempt to run in constant-time

     if (pad) {

         // If used, padding size is the value of the last decrypted byte. For

         // it to be valid, It must be between 1 and AES_BLOCKSIZE.

         unsigned char padsize = *--out;

         fail = !padsize | (padsize > AES_BLOCKSIZE);


         // If not well-formed, treat it as though there's no padding.

         padsize *= !fail;


         // All padding must equal the last byte otherwise it's not well-formed

         for (int i = AES_BLOCKSIZE; i != 0; i--)

             fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));


         written -= padsize;

     }

     return written * !fail;

 }


 AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)

     : enc(key), pad(padIn)

 {

     memcpy(iv, ivIn, AES_BLOCKSIZE);

 }


 int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const

 {

     return CBCEncrypt(enc, iv, data, size, pad, out);

 }


 AES256CBCEncrypt::~AES256CBCEncrypt()

 {

     memset(iv, 0, sizeof(iv));

 }


 AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)

     : dec(key), pad(padIn)

 {

     memcpy(iv, ivIn, AES_BLOCKSIZE);

 }


 int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const

 {

     return CBCDecrypt(dec, iv, data, size, pad, out);

 }


 AES256CBCDecrypt::~AES256CBCDecrypt()

 {

     memset(iv, 0, sizeof(iv));

 }

CBCEncrypt
static int CBCEncrypt(const T &enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:45

CBCDecrypt
static int CBCDecrypt(const T &dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char *data, int size, bool pad, unsigned char *out)
Definition: aes.cpp:81

aes.h

AES256_KEYSIZE
static const int AES256_KEYSIZE
Definition: aes.h:15

AES_BLOCKSIZE
static const int AES_BLOCKSIZE
Definition: aes.h:14

AES256CBCDecrypt::pad
const bool pad
Definition: aes.h:63

AES256CBCDecrypt::AES256CBCDecrypt
AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:137

AES256CBCDecrypt::dec
const AES256Decrypt dec
Definition: aes.h:62

AES256CBCDecrypt::Decrypt
int Decrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:144

AES256CBCDecrypt::~AES256CBCDecrypt
~AES256CBCDecrypt()
Definition: aes.cpp:149

AES256CBCDecrypt::iv
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:64

AES256CBCEncrypt::AES256CBCEncrypt
AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:121

AES256CBCEncrypt::Encrypt
int Encrypt(const unsigned char *data, int size, unsigned char *out) const
Definition: aes.cpp:127

AES256CBCEncrypt::pad
const bool pad
Definition: aes.h:50

AES256CBCEncrypt::~AES256CBCEncrypt
~AES256CBCEncrypt()
Definition: aes.cpp:132

AES256CBCEncrypt::enc
const AES256Encrypt enc
Definition: aes.h:49

AES256CBCEncrypt::iv
unsigned char iv[AES_BLOCKSIZE]
Definition: aes.h:51

AES256Decrypt::~AES256Decrypt
~AES256Decrypt()
Definition: aes.cpp:33

AES256Decrypt::AES256Decrypt
AES256Decrypt(const unsigned char key[32])
Definition: aes.cpp:28

AES256Decrypt::Decrypt
void Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
Definition: aes.cpp:38

AES256Decrypt::ctx
AES256_ctx ctx
Definition: aes.h:33

AES256Encrypt::AES256Encrypt
AES256Encrypt(const unsigned char key[32])
Definition: aes.cpp:13

AES256Encrypt::~AES256Encrypt
~AES256Encrypt()
Definition: aes.cpp:18

AES256Encrypt::Encrypt
void Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
Definition: aes.cpp:23

AES256Encrypt::ctx
AES256_ctx ctx
Definition: aes.h:21

ctaes.c

AES256_encrypt
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *cipher16, const unsigned char *plain16)
Definition: ctaes.c:542

AES256_init
void AES256_init(AES256_ctx *ctx, const unsigned char *key32)
Definition: ctaes.c:538

AES256_decrypt
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, unsigned char *plain16, const unsigned char *cipher16)
Definition: ctaes.c:550

tests_wycheproof_generate.out
string out
Definition: tests_wycheproof_generate.py:28

string.h