Bitcoin ABC 0.30.7
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1// Copyright (c) 2016 The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <crypto/aes.h>
6
7#include <cstring>
8
9extern "C" {
10#include <crypto/ctaes/ctaes.c>
11}
12
13AES128Encrypt::AES128Encrypt(const uint8_t key[16]) {
14 AES128_init(&ctx, key);
15}
16
18 memset(&ctx, 0, sizeof(ctx));
19}
20
21void AES128Encrypt::Encrypt(uint8_t ciphertext[16],
22 const uint8_t plaintext[16]) const {
23 AES128_encrypt(&ctx, 1, ciphertext, plaintext);
24}
25
26AES128Decrypt::AES128Decrypt(const uint8_t key[16]) {
27 AES128_init(&ctx, key);
28}
29
31 memset(&ctx, 0, sizeof(ctx));
32}
33
34void AES128Decrypt::Decrypt(uint8_t plaintext[16],
35 const uint8_t ciphertext[16]) const {
36 AES128_decrypt(&ctx, 1, plaintext, ciphertext);
37}
38
39AES256Encrypt::AES256Encrypt(const uint8_t key[32]) {
40 AES256_init(&ctx, key);
41}
42
44 memset(&ctx, 0, sizeof(ctx));
45}
46
47void AES256Encrypt::Encrypt(uint8_t ciphertext[16],
48 const uint8_t plaintext[16]) const {
49 AES256_encrypt(&ctx, 1, ciphertext, plaintext);
50}
51
52AES256Decrypt::AES256Decrypt(const uint8_t key[32]) {
53 AES256_init(&ctx, key);
54}
55
57 memset(&ctx, 0, sizeof(ctx));
58}
59
60void AES256Decrypt::Decrypt(uint8_t plaintext[16],
61 const uint8_t ciphertext[16]) const {
62 AES256_decrypt(&ctx, 1, plaintext, ciphertext);
63}
64
65template <typename T>
66static int CBCEncrypt(const T &enc, const uint8_t iv[AES_BLOCKSIZE],
67 const uint8_t *data, int size, bool pad, uint8_t *out) {
68 int written = 0;
69 int padsize = size % AES_BLOCKSIZE;
70 uint8_t mixed[AES_BLOCKSIZE];
71
72 if (!data || !size || !out) {
73 return 0;
74 }
75
76 if (!pad && padsize != 0) {
77 return 0;
78 }
79
80 memcpy(mixed, iv, AES_BLOCKSIZE);
81
82 // Write all but the last block
83 while (written + AES_BLOCKSIZE <= size) {
84 for (int i = 0; i != AES_BLOCKSIZE; i++) {
85 mixed[i] ^= *data++;
86 }
87 enc.Encrypt(out + written, mixed);
88 memcpy(mixed, out + written, AES_BLOCKSIZE);
89 written += AES_BLOCKSIZE;
90 }
91 if (pad) {
92 // For all that remains, pad each byte with the value of the remaining
93 // space. If there is none, pad by a full block.
94 for (int i = 0; i != padsize; i++) {
95 mixed[i] ^= *data++;
96 }
97 for (int i = padsize; i != AES_BLOCKSIZE; i++) {
98 mixed[i] ^= AES_BLOCKSIZE - padsize;
99 }
100 enc.Encrypt(out + written, mixed);
101 written += AES_BLOCKSIZE;
102 }
103 return written;
104}
105
106template <typename T>
107static int CBCDecrypt(const T &dec, const uint8_t iv[AES_BLOCKSIZE],
108 const uint8_t *data, int size, bool pad, uint8_t *out) {
109 int written = 0;
110 bool fail = false;
111 const uint8_t *prev = iv;
112
113 if (!data || !size || !out) {
114 return 0;
115 }
116
117 if (size % AES_BLOCKSIZE != 0) {
118 return 0;
119 }
120
121 // Decrypt all data. Padding will be checked in the output.
122 while (written != size) {
123 dec.Decrypt(out, data + written);
124 for (int i = 0; i != AES_BLOCKSIZE; i++) {
125 *out++ ^= prev[i];
126 }
127 prev = data + written;
128 written += AES_BLOCKSIZE;
129 }
130
131 // When decrypting padding, attempt to run in constant-time
132 if (pad) {
133 // If used, padding size is the value of the last decrypted byte. For
134 // it to be valid, It must be between 1 and AES_BLOCKSIZE.
135 uint8_t padsize = *--out;
136 fail = !padsize | (padsize > AES_BLOCKSIZE);
137
138 // If not well-formed, treat it as though there's no padding.
139 padsize *= !fail;
140
141 // All padding must equal the last byte otherwise it's not well-formed
142 for (int i = AES_BLOCKSIZE; i != 0; i--) {
143 fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
144 }
145
146 written -= padsize;
147 }
148 return written * !fail;
149}
150
152 const uint8_t ivIn[AES_BLOCKSIZE],
153 bool padIn)
154 : enc(key), pad(padIn) {
155 memcpy(iv, ivIn, AES_BLOCKSIZE);
156}
157
158int AES256CBCEncrypt::Encrypt(const uint8_t *data, int size,
159 uint8_t *out) const {
160 return CBCEncrypt(enc, iv, data, size, pad, out);
161}
162
164 memset(iv, 0, sizeof(iv));
165}
166
168 const uint8_t ivIn[AES_BLOCKSIZE],
169 bool padIn)
170 : dec(key), pad(padIn) {
171 memcpy(iv, ivIn, AES_BLOCKSIZE);
172}
173
174int AES256CBCDecrypt::Decrypt(const uint8_t *data, int size,
175 uint8_t *out) const {
176 return CBCDecrypt(dec, iv, data, size, pad, out);
177}
178
180 memset(iv, 0, sizeof(iv));
181}
182
184 const uint8_t ivIn[AES_BLOCKSIZE],
185 bool padIn)
186 : enc(key), pad(padIn) {
187 memcpy(iv, ivIn, AES_BLOCKSIZE);
188}
189
191 memset(iv, 0, AES_BLOCKSIZE);
192}
193
194int AES128CBCEncrypt::Encrypt(const uint8_t *data, int size,
195 uint8_t *out) const {
196 return CBCEncrypt(enc, iv, data, size, pad, out);
197}
198
200 const uint8_t ivIn[AES_BLOCKSIZE],
201 bool padIn)
202 : dec(key), pad(padIn) {
203 memcpy(iv, ivIn, AES_BLOCKSIZE);
204}
205
207 memset(iv, 0, AES_BLOCKSIZE);
208}
209
210int AES128CBCDecrypt::Decrypt(const uint8_t *data, int size,
211 uint8_t *out) const {
212 return CBCDecrypt(dec, iv, data, size, pad, out);
213}
static int CBCDecrypt(const T &dec, const uint8_t iv[AES_BLOCKSIZE], const uint8_t *data, int size, bool pad, uint8_t *out)
Definition: aes.cpp:107
static int CBCEncrypt(const T &enc, const uint8_t iv[AES_BLOCKSIZE], const uint8_t *data, int size, bool pad, uint8_t *out)
Definition: aes.cpp:66
static const int AES128_KEYSIZE
Definition: aes.h:15
static const int AES256_KEYSIZE
Definition: aes.h:16
static const int AES_BLOCKSIZE
Definition: aes.h:14
~AES128CBCDecrypt()
Definition: aes.cpp:206
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:111
const bool pad
Definition: aes.h:110
int Decrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:210
AES128CBCDecrypt(const uint8_t key[AES128_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:199
const AES128Decrypt dec
Definition: aes.h:109
int Encrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:194
AES128CBCEncrypt(const uint8_t key[AES128_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:183
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:98
const AES128Encrypt enc
Definition: aes.h:96
~AES128CBCEncrypt()
Definition: aes.cpp:190
const bool pad
Definition: aes.h:97
AES128Decrypt(const uint8_t key[16])
Definition: aes.cpp:26
AES128_ctx ctx
Definition: aes.h:32
~AES128Decrypt()
Definition: aes.cpp:30
void Decrypt(uint8_t plaintext[16], const uint8_t ciphertext[16]) const
Definition: aes.cpp:34
AES128Encrypt(const uint8_t key[16])
Definition: aes.cpp:13
void Encrypt(uint8_t ciphertext[16], const uint8_t plaintext[16]) const
Definition: aes.cpp:21
~AES128Encrypt()
Definition: aes.cpp:17
AES128_ctx ctx
Definition: aes.h:21
const bool pad
Definition: aes.h:84
const AES256Decrypt dec
Definition: aes.h:83
AES256CBCDecrypt(const uint8_t key[AES256_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:167
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:85
int Decrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:174
~AES256CBCDecrypt()
Definition: aes.cpp:179
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:72
AES256CBCEncrypt(const uint8_t key[AES256_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:151
const bool pad
Definition: aes.h:71
int Encrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:158
~AES256CBCEncrypt()
Definition: aes.cpp:163
const AES256Encrypt enc
Definition: aes.h:70
AES256Decrypt(const uint8_t key[32])
Definition: aes.cpp:52
~AES256Decrypt()
Definition: aes.cpp:56
void Decrypt(uint8_t plaintext[16], const uint8_t ciphertext[16]) const
Definition: aes.cpp:60
AES256_ctx ctx
Definition: aes.h:54
void Encrypt(uint8_t ciphertext[16], const uint8_t plaintext[16]) const
Definition: aes.cpp:47
~AES256Encrypt()
Definition: aes.cpp:43
AES256Encrypt(const uint8_t key[32])
Definition: aes.cpp:39
AES256_ctx ctx
Definition: aes.h:43
void AES128_decrypt(const AES128_ctx *ctx, size_t blocks, uint8_t *plain16, const uint8_t *cipher16)
Definition: ctaes.c:531
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, uint8_t *plain16, const uint8_t *cipher16)
Definition: ctaes.c:575
void AES128_init(AES128_ctx *ctx, const uint8_t *key16)
Definition: ctaes.c:518
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, uint8_t *cipher16, const uint8_t *plain16)
Definition: ctaes.c:566
void AES256_init(AES256_ctx *ctx, const uint8_t *key32)
Definition: ctaes.c:562
void AES128_encrypt(const AES128_ctx *ctx, size_t blocks, uint8_t *cipher16, const uint8_t *plain16)
Definition: ctaes.c:522