-
+ 64DDDC1348603EA005F4F5297EA6D51074FEAD3DD8D1256C1A4C2A678FEF1ABCB58D148EBB9EB3716E200E27ABF6D07C19D1CF6FCBB4E1B9DCBA59FDE8EAE324
bitcoin/src/crypter.cpp
(0 . 0)(1 . 132)
3612 // Copyright (c) 2011 The Bitcoin Developers
3613 // Distributed under the MIT/X11 software license, see the accompanying
3614 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
3615
3616 #include <openssl/aes.h>
3617 #include <openssl/evp.h>
3618 #include <vector>
3619 #include <string>
3620 #include "headers.h"
3621 #ifdef WIN32
3622 #include <windows.h>
3623 #endif
3624
3625 #include "crypter.h"
3626 #include "main.h"
3627 #include "util.h"
3628
3629 bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
3630 {
3631 if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
3632 return false;
3633
3634 // Try to keep the keydata out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
3635 // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
3636 // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
3637 mlock(&chKey[0], sizeof chKey);
3638 mlock(&chIV[0], sizeof chIV);
3639
3640 int i = 0;
3641 if (nDerivationMethod == 0)
3642 i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
3643 (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);
3644
3645 if (i != WALLET_CRYPTO_KEY_SIZE)
3646 {
3647 memset(&chKey, 0, sizeof chKey);
3648 memset(&chIV, 0, sizeof chIV);
3649 return false;
3650 }
3651
3652 fKeySet = true;
3653 return true;
3654 }
3655
3656 bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV)
3657 {
3658 if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
3659 return false;
3660
3661 // Try to keep the keydata out of swap
3662 // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
3663 // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
3664 mlock(&chKey[0], sizeof chKey);
3665 mlock(&chIV[0], sizeof chIV);
3666
3667 memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
3668 memcpy(&chIV[0], &chNewIV[0], sizeof chIV);
3669
3670 fKeySet = true;
3671 return true;
3672 }
3673
3674 bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext)
3675 {
3676 if (!fKeySet)
3677 return false;
3678
3679 // max ciphertext len for a n bytes of plaintext is
3680 // n + AES_BLOCK_SIZE - 1 bytes
3681 int nLen = vchPlaintext.size();
3682 int nCLen = nLen + AES_BLOCK_SIZE, nFLen = 0;
3683 vchCiphertext = std::vector<unsigned char> (nCLen);
3684
3685 EVP_CIPHER_CTX ctx;
3686
3687 EVP_CIPHER_CTX_init(&ctx);
3688 EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
3689
3690 EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen);
3691 EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0])+nCLen, &nFLen);
3692
3693 EVP_CIPHER_CTX_cleanup(&ctx);
3694
3695 vchCiphertext.resize(nCLen + nFLen);
3696 return true;
3697 }
3698
3699 bool CCrypter::Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext)
3700 {
3701 if (!fKeySet)
3702 return false;
3703
3704 // plaintext will always be equal to or lesser than length of ciphertext
3705 int nLen = vchCiphertext.size();
3706 int nPLen = nLen, nFLen = 0;
3707
3708 vchPlaintext = CKeyingMaterial(nPLen);
3709
3710 EVP_CIPHER_CTX ctx;
3711
3712 EVP_CIPHER_CTX_init(&ctx);
3713 EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
3714
3715 EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen);
3716 EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0])+nPLen, &nFLen);
3717
3718 EVP_CIPHER_CTX_cleanup(&ctx);
3719
3720 vchPlaintext.resize(nPLen + nFLen);
3721 return true;
3722 }
3723
3724
3725 bool EncryptSecret(CKeyingMaterial& vMasterKey, const CSecret &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext)
3726 {
3727 CCrypter cKeyCrypter;
3728 std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
3729 memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
3730 if(!cKeyCrypter.SetKey(vMasterKey, chIV))
3731 return false;
3732 return cKeyCrypter.Encrypt((CKeyingMaterial)vchPlaintext, vchCiphertext);
3733 }
3734
3735 bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCiphertext, const uint256& nIV, CSecret& vchPlaintext)
3736 {
3737 CCrypter cKeyCrypter;
3738 std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
3739 memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
3740 if(!cKeyCrypter.SetKey(vMasterKey, chIV))
3741 return false;
3742 return cKeyCrypter.Decrypt(vchCiphertext, *((CKeyingMaterial*)&vchPlaintext));
3743 }