Line data Source code
1 : // Copyright (c) 2016-2019 The Bitcoin Core developers
2 : // Distributed under the MIT software license, see the accompanying
3 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 :
5 : #include <crypto/aes.h>
6 :
7 : #include <string.h>
8 :
9 : extern "C" {
10 : #include <crypto/ctaes/ctaes.c>
11 : }
12 :
13 28176 : AES256Encrypt::AES256Encrypt(const unsigned char key[32])
14 14088 : {
15 14088 : AES256_init(&ctx, key);
16 28176 : }
17 :
18 28176 : AES256Encrypt::~AES256Encrypt()
19 14088 : {
20 14088 : memset(&ctx, 0, sizeof(ctx));
21 28176 : }
22 :
23 27812 : void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
24 : {
25 27812 : AES256_encrypt(&ctx, 1, ciphertext, plaintext);
26 27812 : }
27 :
28 37332 : AES256Decrypt::AES256Decrypt(const unsigned char key[32])
29 18666 : {
30 18666 : AES256_init(&ctx, key);
31 37332 : }
32 :
33 37332 : AES256Decrypt::~AES256Decrypt()
34 18666 : {
35 18666 : memset(&ctx, 0, sizeof(ctx));
36 37332 : }
37 :
38 47955 : void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
39 : {
40 47955 : AES256_decrypt(&ctx, 1, plaintext, ciphertext);
41 47955 : }
42 :
43 :
44 : template <typename T>
45 14211 : static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
46 : {
47 14211 : int written = 0;
48 14211 : int padsize = size % AES_BLOCKSIZE;
49 : unsigned char mixed[AES_BLOCKSIZE];
50 :
51 14211 : if (!data || !size || !out)
52 139 : return 0;
53 :
54 14072 : if (!pad && padsize != 0)
55 60 : return 0;
56 :
57 14012 : memcpy(mixed, iv, AES_BLOCKSIZE);
58 :
59 : // Write all but the last block
60 37595 : while (written + AES_BLOCKSIZE <= size) {
61 400911 : for (int i = 0; i != AES_BLOCKSIZE; i++)
62 377328 : mixed[i] ^= *data++;
63 23583 : enc.Encrypt(out + written, mixed);
64 23583 : memcpy(mixed, out + written, AES_BLOCKSIZE);
65 23583 : written += AES_BLOCKSIZE;
66 : }
67 14012 : if (pad) {
68 : // For all that remains, pad each byte with the value of the remaining
69 : // space. If there is none, pad by a full block.
70 30212 : for (int i = 0; i != padsize; i++)
71 25988 : mixed[i] ^= *data++;
72 45820 : for (int i = padsize; i != AES_BLOCKSIZE; i++)
73 41596 : mixed[i] ^= AES_BLOCKSIZE - padsize;
74 4224 : enc.Encrypt(out + written, mixed);
75 4224 : written += AES_BLOCKSIZE;
76 4224 : }
77 14012 : return written;
78 14211 : }
79 :
80 : template <typename T>
81 18729 : static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
82 : {
83 18729 : int written = 0;
84 18729 : bool fail = false;
85 18729 : const unsigned char* prev = iv;
86 :
87 18729 : if (!data || !size || !out)
88 10 : return 0;
89 :
90 18719 : if (size % AES_BLOCKSIZE != 0)
91 0 : return 0;
92 :
93 : // Decrypt all data. Padding will be checked in the output.
94 66669 : while (written != size) {
95 47950 : dec.Decrypt(out, data + written);
96 815150 : for (int i = 0; i != AES_BLOCKSIZE; i++)
97 767200 : *out++ ^= prev[i];
98 47950 : prev = data + written;
99 47950 : written += AES_BLOCKSIZE;
100 : }
101 :
102 : // When decrypting padding, attempt to run in constant-time
103 18719 : if (pad) {
104 : // If used, padding size is the value of the last decrypted byte. For
105 : // it to be valid, It must be between 1 and AES_BLOCKSIZE.
106 9636 : unsigned char padsize = *--out;
107 9636 : fail = !padsize | (padsize > AES_BLOCKSIZE);
108 :
109 : // If not well-formed, treat it as though there's no padding.
110 9636 : padsize *= !fail;
111 :
112 : // All padding must equal the last byte otherwise it's not well-formed
113 163812 : for (int i = AES_BLOCKSIZE; i != 0; i--)
114 154176 : fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
115 :
116 9636 : written -= padsize;
117 9636 : }
118 18719 : return written * !fail;
119 18729 : }
120 :
121 28166 : AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
122 14083 : : enc(key), pad(padIn)
123 14083 : {
124 14083 : memcpy(iv, ivIn, AES_BLOCKSIZE);
125 28166 : }
126 :
127 14211 : int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
128 : {
129 14211 : return CBCEncrypt(enc, iv, data, size, pad, out);
130 : }
131 :
132 28166 : AES256CBCEncrypt::~AES256CBCEncrypt()
133 14083 : {
134 14083 : memset(iv, 0, sizeof(iv));
135 28166 : }
136 :
137 37322 : AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
138 18661 : : dec(key), pad(padIn)
139 18661 : {
140 18661 : memcpy(iv, ivIn, AES_BLOCKSIZE);
141 37322 : }
142 :
143 :
144 18729 : int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
145 : {
146 18729 : return CBCDecrypt(dec, iv, data, size, pad, out);
147 : }
148 :
149 37322 : AES256CBCDecrypt::~AES256CBCDecrypt()
150 18661 : {
151 18661 : memset(iv, 0, sizeof(iv));
152 37322 : }
|
