raw
genesis                 1 // Copyright (c) 2011 The Bitcoin Developers
genesis 2 // Distributed under the MIT/X11 software license, see the accompanying
genesis 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
genesis 4 #ifndef __CRYPTER_H__
genesis 5 #define __CRYPTER_H__
genesis 6
genesis 7 #include "key.h"
genesis 8
genesis 9 const unsigned int WALLET_CRYPTO_KEY_SIZE = 32;
genesis 10 const unsigned int WALLET_CRYPTO_SALT_SIZE = 8;
genesis 11
genesis 12 /*
genesis 13 Private key encryption is done based on a CMasterKey,
genesis 14 which holds a salt and random encryption key.
genesis 15
genesis 16 CMasterKeys are encrypted using AES-256-CBC using a key
genesis 17 derived using derivation method nDerivationMethod
genesis 18 (0 == EVP_sha512()) and derivation iterations nDeriveIterations.
genesis 19 vchOtherDerivationParameters is provided for alternative algorithms
genesis 20 which may require more parameters (such as scrypt).
genesis 21
genesis 22 Wallet Private Keys are then encrypted using AES-256-CBC
genesis 23 with the double-sha256 of the public key as the IV, and the
genesis 24 master key's key as the encryption key (see keystore.[ch]).
genesis 25 */
genesis 26
genesis 27 class CMasterKey
genesis 28 {
genesis 29 public:
genesis 30 std::vector<unsigned char> vchCryptedKey;
genesis 31 std::vector<unsigned char> vchSalt;
genesis 32 // 0 = EVP_sha512()
genesis 33 // 1 = scrypt()
genesis 34 unsigned int nDerivationMethod;
genesis 35 unsigned int nDeriveIterations;
genesis 36 // Use this for more parameters to key derivation,
genesis 37 // such as the various parameters to scrypt
genesis 38 std::vector<unsigned char> vchOtherDerivationParameters;
genesis 39
genesis 40 IMPLEMENT_SERIALIZE
genesis 41 (
genesis 42 READWRITE(vchCryptedKey);
genesis 43 READWRITE(vchSalt);
genesis 44 READWRITE(nDerivationMethod);
genesis 45 READWRITE(nDeriveIterations);
genesis 46 READWRITE(vchOtherDerivationParameters);
genesis 47 )
genesis 48 CMasterKey()
genesis 49 {
genesis 50 // 25000 rounds is just under 0.1 seconds on a 1.86 GHz Pentium M
genesis 51 // ie slightly lower than the lowest hardware we need bother supporting
genesis 52 nDeriveIterations = 25000;
genesis 53 nDerivationMethod = 0;
genesis 54 vchOtherDerivationParameters = std::vector<unsigned char>(0);
genesis 55 }
genesis 56 };
genesis 57
genesis 58 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CKeyingMaterial;
genesis 59
genesis 60 class CCrypter
genesis 61 {
genesis 62 private:
genesis 63 unsigned char chKey[WALLET_CRYPTO_KEY_SIZE];
genesis 64 unsigned char chIV[WALLET_CRYPTO_KEY_SIZE];
genesis 65 bool fKeySet;
genesis 66
genesis 67 public:
genesis 68 bool SetKeyFromPassphrase(const SecureString &strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod);
genesis 69 bool Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext);
genesis 70 bool Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext);
genesis 71 bool SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV);
genesis 72
genesis 73 void CleanKey()
genesis 74 {
genesis 75 memset(&chKey, 0, sizeof chKey);
genesis 76 memset(&chIV, 0, sizeof chIV);
genesis 77 munlock(&chKey, sizeof chKey);
genesis 78 munlock(&chIV, sizeof chIV);
genesis 79 fKeySet = false;
genesis 80 }
genesis 81
genesis 82 CCrypter()
genesis 83 {
genesis 84 fKeySet = false;
genesis 85 }
genesis 86
genesis 87 ~CCrypter()
genesis 88 {
genesis 89 CleanKey();
genesis 90 }
genesis 91 };
genesis 92
genesis 93 bool EncryptSecret(CKeyingMaterial& vMasterKey, const CSecret &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext);
genesis 94 bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char> &vchCiphertext, const uint256& nIV, CSecret &vchPlaintext);
genesis 95
genesis 96 #endif