Bitcoin ABC  0.28.12
P2P Digital Currency
aes.cpp
Go to the documentation of this file.
1 // Copyright (c) 2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <crypto/aes.h>
6 
7 #include <cstring>
8 
9 extern "C" {
10 #include <crypto/ctaes/ctaes.c>
11 }
12 
13 AES128Encrypt::AES128Encrypt(const uint8_t key[16]) {
14  AES128_init(&ctx, key);
15 }
16 
18  memset(&ctx, 0, sizeof(ctx));
19 }
20 
21 void AES128Encrypt::Encrypt(uint8_t ciphertext[16],
22  const uint8_t plaintext[16]) const {
23  AES128_encrypt(&ctx, 1, ciphertext, plaintext);
24 }
25 
26 AES128Decrypt::AES128Decrypt(const uint8_t key[16]) {
27  AES128_init(&ctx, key);
28 }
29 
31  memset(&ctx, 0, sizeof(ctx));
32 }
33 
34 void AES128Decrypt::Decrypt(uint8_t plaintext[16],
35  const uint8_t ciphertext[16]) const {
36  AES128_decrypt(&ctx, 1, plaintext, ciphertext);
37 }
38 
39 AES256Encrypt::AES256Encrypt(const uint8_t key[32]) {
40  AES256_init(&ctx, key);
41 }
42 
44  memset(&ctx, 0, sizeof(ctx));
45 }
46 
47 void AES256Encrypt::Encrypt(uint8_t ciphertext[16],
48  const uint8_t plaintext[16]) const {
49  AES256_encrypt(&ctx, 1, ciphertext, plaintext);
50 }
51 
52 AES256Decrypt::AES256Decrypt(const uint8_t key[32]) {
53  AES256_init(&ctx, key);
54 }
55 
57  memset(&ctx, 0, sizeof(ctx));
58 }
59 
60 void AES256Decrypt::Decrypt(uint8_t plaintext[16],
61  const uint8_t ciphertext[16]) const {
62  AES256_decrypt(&ctx, 1, plaintext, ciphertext);
63 }
64 
65 template <typename T>
66 static int CBCEncrypt(const T &enc, const uint8_t iv[AES_BLOCKSIZE],
67  const uint8_t *data, int size, bool pad, uint8_t *out) {
68  int written = 0;
69  int padsize = size % AES_BLOCKSIZE;
70  uint8_t mixed[AES_BLOCKSIZE];
71 
72  if (!data || !size || !out) {
73  return 0;
74  }
75 
76  if (!pad && padsize != 0) {
77  return 0;
78  }
79 
80  memcpy(mixed, iv, AES_BLOCKSIZE);
81 
82  // Write all but the last block
83  while (written + AES_BLOCKSIZE <= size) {
84  for (int i = 0; i != AES_BLOCKSIZE; i++) {
85  mixed[i] ^= *data++;
86  }
87  enc.Encrypt(out + written, mixed);
88  memcpy(mixed, out + written, AES_BLOCKSIZE);
89  written += AES_BLOCKSIZE;
90  }
91  if (pad) {
92  // For all that remains, pad each byte with the value of the remaining
93  // space. If there is none, pad by a full block.
94  for (int i = 0; i != padsize; i++) {
95  mixed[i] ^= *data++;
96  }
97  for (int i = padsize; i != AES_BLOCKSIZE; i++) {
98  mixed[i] ^= AES_BLOCKSIZE - padsize;
99  }
100  enc.Encrypt(out + written, mixed);
101  written += AES_BLOCKSIZE;
102  }
103  return written;
104 }
105 
106 template <typename T>
107 static int CBCDecrypt(const T &dec, const uint8_t iv[AES_BLOCKSIZE],
108  const uint8_t *data, int size, bool pad, uint8_t *out) {
109  int written = 0;
110  bool fail = false;
111  const uint8_t *prev = iv;
112 
113  if (!data || !size || !out) {
114  return 0;
115  }
116 
117  if (size % AES_BLOCKSIZE != 0) {
118  return 0;
119  }
120 
121  // Decrypt all data. Padding will be checked in the output.
122  while (written != size) {
123  dec.Decrypt(out, data + written);
124  for (int i = 0; i != AES_BLOCKSIZE; i++) {
125  *out++ ^= prev[i];
126  }
127  prev = data + written;
128  written += AES_BLOCKSIZE;
129  }
130 
131  // When decrypting padding, attempt to run in constant-time
132  if (pad) {
133  // If used, padding size is the value of the last decrypted byte. For
134  // it to be valid, It must be between 1 and AES_BLOCKSIZE.
135  uint8_t padsize = *--out;
136  fail = !padsize | (padsize > AES_BLOCKSIZE);
137 
138  // If not well-formed, treat it as though there's no padding.
139  padsize *= !fail;
140 
141  // All padding must equal the last byte otherwise it's not well-formed
142  for (int i = AES_BLOCKSIZE; i != 0; i--) {
143  fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
144  }
145 
146  written -= padsize;
147  }
148  return written * !fail;
149 }
150 
152  const uint8_t ivIn[AES_BLOCKSIZE],
153  bool padIn)
154  : enc(key), pad(padIn) {
155  memcpy(iv, ivIn, AES_BLOCKSIZE);
156 }
157 
158 int AES256CBCEncrypt::Encrypt(const uint8_t *data, int size,
159  uint8_t *out) const {
160  return CBCEncrypt(enc, iv, data, size, pad, out);
161 }
162 
164  memset(iv, 0, sizeof(iv));
165 }
166 
168  const uint8_t ivIn[AES_BLOCKSIZE],
169  bool padIn)
170  : dec(key), pad(padIn) {
171  memcpy(iv, ivIn, AES_BLOCKSIZE);
172 }
173 
174 int AES256CBCDecrypt::Decrypt(const uint8_t *data, int size,
175  uint8_t *out) const {
176  return CBCDecrypt(dec, iv, data, size, pad, out);
177 }
178 
180  memset(iv, 0, sizeof(iv));
181 }
182 
184  const uint8_t ivIn[AES_BLOCKSIZE],
185  bool padIn)
186  : enc(key), pad(padIn) {
187  memcpy(iv, ivIn, AES_BLOCKSIZE);
188 }
189 
191  memset(iv, 0, AES_BLOCKSIZE);
192 }
193 
194 int AES128CBCEncrypt::Encrypt(const uint8_t *data, int size,
195  uint8_t *out) const {
196  return CBCEncrypt(enc, iv, data, size, pad, out);
197 }
198 
200  const uint8_t ivIn[AES_BLOCKSIZE],
201  bool padIn)
202  : dec(key), pad(padIn) {
203  memcpy(iv, ivIn, AES_BLOCKSIZE);
204 }
205 
207  memset(iv, 0, AES_BLOCKSIZE);
208 }
209 
210 int AES128CBCDecrypt::Decrypt(const uint8_t *data, int size,
211  uint8_t *out) const {
212  return CBCDecrypt(dec, iv, data, size, pad, out);
213 }
static int CBCDecrypt(const T &dec, const uint8_t iv[AES_BLOCKSIZE], const uint8_t *data, int size, bool pad, uint8_t *out)
Definition: aes.cpp:107
static int CBCEncrypt(const T &enc, const uint8_t iv[AES_BLOCKSIZE], const uint8_t *data, int size, bool pad, uint8_t *out)
Definition: aes.cpp:66
static const int AES128_KEYSIZE
Definition: aes.h:15
static const int AES256_KEYSIZE
Definition: aes.h:16
static const int AES_BLOCKSIZE
Definition: aes.h:14
~AES128CBCDecrypt()
Definition: aes.cpp:206
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:111
const bool pad
Definition: aes.h:110
int Decrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:210
AES128CBCDecrypt(const uint8_t key[AES128_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:199
const AES128Decrypt dec
Definition: aes.h:109
int Encrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:194
AES128CBCEncrypt(const uint8_t key[AES128_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:183
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:98
const AES128Encrypt enc
Definition: aes.h:96
~AES128CBCEncrypt()
Definition: aes.cpp:190
const bool pad
Definition: aes.h:97
AES128Decrypt(const uint8_t key[16])
Definition: aes.cpp:26
AES128_ctx ctx
Definition: aes.h:32
~AES128Decrypt()
Definition: aes.cpp:30
void Decrypt(uint8_t plaintext[16], const uint8_t ciphertext[16]) const
Definition: aes.cpp:34
AES128Encrypt(const uint8_t key[16])
Definition: aes.cpp:13
void Encrypt(uint8_t ciphertext[16], const uint8_t plaintext[16]) const
Definition: aes.cpp:21
~AES128Encrypt()
Definition: aes.cpp:17
AES128_ctx ctx
Definition: aes.h:21
const bool pad
Definition: aes.h:84
const AES256Decrypt dec
Definition: aes.h:83
AES256CBCDecrypt(const uint8_t key[AES256_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:167
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:85
int Decrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:174
~AES256CBCDecrypt()
Definition: aes.cpp:179
uint8_t iv[AES_BLOCKSIZE]
Definition: aes.h:72
AES256CBCEncrypt(const uint8_t key[AES256_KEYSIZE], const uint8_t ivIn[AES_BLOCKSIZE], bool padIn)
Definition: aes.cpp:151
const bool pad
Definition: aes.h:71
int Encrypt(const uint8_t *data, int size, uint8_t *out) const
Definition: aes.cpp:158
~AES256CBCEncrypt()
Definition: aes.cpp:163
const AES256Encrypt enc
Definition: aes.h:70
AES256Decrypt(const uint8_t key[32])
Definition: aes.cpp:52
~AES256Decrypt()
Definition: aes.cpp:56
void Decrypt(uint8_t plaintext[16], const uint8_t ciphertext[16]) const
Definition: aes.cpp:60
AES256_ctx ctx
Definition: aes.h:54
void Encrypt(uint8_t ciphertext[16], const uint8_t plaintext[16]) const
Definition: aes.cpp:47
~AES256Encrypt()
Definition: aes.cpp:43
AES256Encrypt(const uint8_t key[32])
Definition: aes.cpp:39
AES256_ctx ctx
Definition: aes.h:43
void AES128_decrypt(const AES128_ctx *ctx, size_t blocks, uint8_t *plain16, const uint8_t *cipher16)
Definition: ctaes.c:531
void AES256_decrypt(const AES256_ctx *ctx, size_t blocks, uint8_t *plain16, const uint8_t *cipher16)
Definition: ctaes.c:575
void AES128_init(AES128_ctx *ctx, const uint8_t *key16)
Definition: ctaes.c:518
void AES256_encrypt(const AES256_ctx *ctx, size_t blocks, uint8_t *cipher16, const uint8_t *plain16)
Definition: ctaes.c:566
void AES256_init(AES256_ctx *ctx, const uint8_t *key32)
Definition: ctaes.c:562
void AES128_encrypt(const AES128_ctx *ctx, size_t blocks, uint8_t *cipher16, const uint8_t *plain16)
Definition: ctaes.c:522