1 // Copyright (c) 2016 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
6 #include "crypto/common.h"
12 #include "crypto/ctaes/ctaes.c"
15 AES128Encrypt::AES128Encrypt(const unsigned char key
[16])
17 AES128_init(&ctx
, key
);
20 AES128Encrypt::~AES128Encrypt()
22 memset(&ctx
, 0, sizeof(ctx
));
25 void AES128Encrypt::Encrypt(unsigned char ciphertext
[16], const unsigned char plaintext
[16]) const
27 AES128_encrypt(&ctx
, 1, ciphertext
, plaintext
);
30 AES128Decrypt::AES128Decrypt(const unsigned char key
[16])
32 AES128_init(&ctx
, key
);
35 AES128Decrypt::~AES128Decrypt()
37 memset(&ctx
, 0, sizeof(ctx
));
40 void AES128Decrypt::Decrypt(unsigned char plaintext
[16], const unsigned char ciphertext
[16]) const
42 AES128_decrypt(&ctx
, 1, plaintext
, ciphertext
);
45 AES256Encrypt::AES256Encrypt(const unsigned char key
[32])
47 AES256_init(&ctx
, key
);
50 AES256Encrypt::~AES256Encrypt()
52 memset(&ctx
, 0, sizeof(ctx
));
55 void AES256Encrypt::Encrypt(unsigned char ciphertext
[16], const unsigned char plaintext
[16]) const
57 AES256_encrypt(&ctx
, 1, ciphertext
, plaintext
);
60 AES256Decrypt::AES256Decrypt(const unsigned char key
[32])
62 AES256_init(&ctx
, key
);
65 AES256Decrypt::~AES256Decrypt()
67 memset(&ctx
, 0, sizeof(ctx
));
70 void AES256Decrypt::Decrypt(unsigned char plaintext
[16], const unsigned char ciphertext
[16]) const
72 AES256_decrypt(&ctx
, 1, plaintext
, ciphertext
);
77 static int CBCEncrypt(const T
& enc
, const unsigned char iv
[AES_BLOCKSIZE
], const unsigned char* data
, int size
, bool pad
, unsigned char* out
)
80 int padsize
= size
% AES_BLOCKSIZE
;
81 unsigned char mixed
[AES_BLOCKSIZE
];
83 if (!data
|| !size
|| !out
)
86 if (!pad
&& padsize
!= 0)
89 memcpy(mixed
, iv
, AES_BLOCKSIZE
);
91 // Write all but the last block
92 while (written
+ AES_BLOCKSIZE
<= size
) {
93 for (int i
= 0; i
!= AES_BLOCKSIZE
; i
++)
95 enc
.Encrypt(out
+ written
, mixed
);
96 memcpy(mixed
, out
+ written
, AES_BLOCKSIZE
);
97 written
+= AES_BLOCKSIZE
;
100 // For all that remains, pad each byte with the value of the remaining
101 // space. If there is none, pad by a full block.
102 for (int i
= 0; i
!= padsize
; i
++)
104 for (int i
= padsize
; i
!= AES_BLOCKSIZE
; i
++)
105 mixed
[i
] ^= AES_BLOCKSIZE
- padsize
;
106 enc
.Encrypt(out
+ written
, mixed
);
107 written
+= AES_BLOCKSIZE
;
112 template <typename T
>
113 static int CBCDecrypt(const T
& dec
, const unsigned char iv
[AES_BLOCKSIZE
], const unsigned char* data
, int size
, bool pad
, unsigned char* out
)
117 const unsigned char* prev
= iv
;
119 if (!data
|| !size
|| !out
)
122 if (size
% AES_BLOCKSIZE
!= 0)
125 // Decrypt all data. Padding will be checked in the output.
126 while (written
!= size
) {
127 dec
.Decrypt(out
, data
+ written
);
128 for (int i
= 0; i
!= AES_BLOCKSIZE
; i
++)
130 prev
= data
+ written
;
131 written
+= AES_BLOCKSIZE
;
134 // When decrypting padding, attempt to run in constant-time
136 // If used, padding size is the value of the last decrypted byte. For
137 // it to be valid, It must be between 1 and AES_BLOCKSIZE.
138 unsigned char padsize
= *--out
;
139 fail
= !padsize
| (padsize
> AES_BLOCKSIZE
);
141 // If not well-formed, treat it as though there's no padding.
144 // All padding must equal the last byte otherwise it's not well-formed
145 for (int i
= AES_BLOCKSIZE
; i
!= 0; i
--)
146 fail
|= ((i
> AES_BLOCKSIZE
- padsize
) & (*out
-- != padsize
));
150 return written
* !fail
;
153 AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key
[AES256_KEYSIZE
], const unsigned char ivIn
[AES_BLOCKSIZE
], bool padIn
)
154 : enc(key
), pad(padIn
)
156 memcpy(iv
, ivIn
, AES_BLOCKSIZE
);
159 int AES256CBCEncrypt::Encrypt(const unsigned char* data
, int size
, unsigned char* out
) const
161 return CBCEncrypt(enc
, iv
, data
, size
, pad
, out
);
164 AES256CBCEncrypt::~AES256CBCEncrypt()
166 memset(iv
, 0, sizeof(iv
));
169 AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key
[AES256_KEYSIZE
], const unsigned char ivIn
[AES_BLOCKSIZE
], bool padIn
)
170 : dec(key
), pad(padIn
)
172 memcpy(iv
, ivIn
, AES_BLOCKSIZE
);
176 int AES256CBCDecrypt::Decrypt(const unsigned char* data
, int size
, unsigned char* out
) const
178 return CBCDecrypt(dec
, iv
, data
, size
, pad
, out
);
181 AES256CBCDecrypt::~AES256CBCDecrypt()
183 memset(iv
, 0, sizeof(iv
));
186 AES128CBCEncrypt::AES128CBCEncrypt(const unsigned char key
[AES128_KEYSIZE
], const unsigned char ivIn
[AES_BLOCKSIZE
], bool padIn
)
187 : enc(key
), pad(padIn
)
189 memcpy(iv
, ivIn
, AES_BLOCKSIZE
);
192 AES128CBCEncrypt::~AES128CBCEncrypt()
194 memset(iv
, 0, AES_BLOCKSIZE
);
197 int AES128CBCEncrypt::Encrypt(const unsigned char* data
, int size
, unsigned char* out
) const
199 return CBCEncrypt(enc
, iv
, data
, size
, pad
, out
);
202 AES128CBCDecrypt::AES128CBCDecrypt(const unsigned char key
[AES128_KEYSIZE
], const unsigned char ivIn
[AES_BLOCKSIZE
], bool padIn
)
203 : dec(key
), pad(padIn
)
205 memcpy(iv
, ivIn
, AES_BLOCKSIZE
);
208 AES128CBCDecrypt::~AES128CBCDecrypt()
210 memset(iv
, 0, AES_BLOCKSIZE
);
213 int AES128CBCDecrypt::Decrypt(const unsigned char* data
, int size
, unsigned char* out
) const
215 return CBCDecrypt(dec
, iv
, data
, size
, pad
, out
);