您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
  1. // Copyright (c) 2016 The Starwels developers
  2. // Distributed under the MIT software license, see the accompanying
  3. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
  4. #include "aes.h"
  5. #include "crypto/common.h"
  6. #include <assert.h>
  7. #include <string.h>
  8. extern "C" {
  9. #include "crypto/ctaes/ctaes.c"
  10. }
  11. AES128Encrypt::AES128Encrypt(const unsigned char key[16])
  12. {
  13. AES128_init(&ctx, key);
  14. }
  15. AES128Encrypt::~AES128Encrypt()
  16. {
  17. memset(&ctx, 0, sizeof(ctx));
  18. }
  19. void AES128Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
  20. {
  21. AES128_encrypt(&ctx, 1, ciphertext, plaintext);
  22. }
  23. AES128Decrypt::AES128Decrypt(const unsigned char key[16])
  24. {
  25. AES128_init(&ctx, key);
  26. }
  27. AES128Decrypt::~AES128Decrypt()
  28. {
  29. memset(&ctx, 0, sizeof(ctx));
  30. }
  31. void AES128Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
  32. {
  33. AES128_decrypt(&ctx, 1, plaintext, ciphertext);
  34. }
  35. AES256Encrypt::AES256Encrypt(const unsigned char key[32])
  36. {
  37. AES256_init(&ctx, key);
  38. }
  39. AES256Encrypt::~AES256Encrypt()
  40. {
  41. memset(&ctx, 0, sizeof(ctx));
  42. }
  43. void AES256Encrypt::Encrypt(unsigned char ciphertext[16], const unsigned char plaintext[16]) const
  44. {
  45. AES256_encrypt(&ctx, 1, ciphertext, plaintext);
  46. }
  47. AES256Decrypt::AES256Decrypt(const unsigned char key[32])
  48. {
  49. AES256_init(&ctx, key);
  50. }
  51. AES256Decrypt::~AES256Decrypt()
  52. {
  53. memset(&ctx, 0, sizeof(ctx));
  54. }
  55. void AES256Decrypt::Decrypt(unsigned char plaintext[16], const unsigned char ciphertext[16]) const
  56. {
  57. AES256_decrypt(&ctx, 1, plaintext, ciphertext);
  58. }
  59. template <typename T>
  60. static int CBCEncrypt(const T& enc, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
  61. {
  62. int written = 0;
  63. int padsize = size % AES_BLOCKSIZE;
  64. unsigned char mixed[AES_BLOCKSIZE];
  65. if (!data || !size || !out)
  66. return 0;
  67. if (!pad && padsize != 0)
  68. return 0;
  69. memcpy(mixed, iv, AES_BLOCKSIZE);
  70. // Write all but the last block
  71. while (written + AES_BLOCKSIZE <= size) {
  72. for (int i = 0; i != AES_BLOCKSIZE; i++)
  73. mixed[i] ^= *data++;
  74. enc.Encrypt(out + written, mixed);
  75. memcpy(mixed, out + written, AES_BLOCKSIZE);
  76. written += AES_BLOCKSIZE;
  77. }
  78. if (pad) {
  79. // For all that remains, pad each byte with the value of the remaining
  80. // space. If there is none, pad by a full block.
  81. for (int i = 0; i != padsize; i++)
  82. mixed[i] ^= *data++;
  83. for (int i = padsize; i != AES_BLOCKSIZE; i++)
  84. mixed[i] ^= AES_BLOCKSIZE - padsize;
  85. enc.Encrypt(out + written, mixed);
  86. written += AES_BLOCKSIZE;
  87. }
  88. return written;
  89. }
  90. template <typename T>
  91. static int CBCDecrypt(const T& dec, const unsigned char iv[AES_BLOCKSIZE], const unsigned char* data, int size, bool pad, unsigned char* out)
  92. {
  93. int written = 0;
  94. bool fail = false;
  95. const unsigned char* prev = iv;
  96. if (!data || !size || !out)
  97. return 0;
  98. if (size % AES_BLOCKSIZE != 0)
  99. return 0;
  100. // Decrypt all data. Padding will be checked in the output.
  101. while (written != size) {
  102. dec.Decrypt(out, data + written);
  103. for (int i = 0; i != AES_BLOCKSIZE; i++)
  104. *out++ ^= prev[i];
  105. prev = data + written;
  106. written += AES_BLOCKSIZE;
  107. }
  108. // When decrypting padding, attempt to run in constant-time
  109. if (pad) {
  110. // If used, padding size is the value of the last decrypted byte. For
  111. // it to be valid, It must be between 1 and AES_BLOCKSIZE.
  112. unsigned char padsize = *--out;
  113. fail = !padsize | (padsize > AES_BLOCKSIZE);
  114. // If not well-formed, treat it as though there's no padding.
  115. padsize *= !fail;
  116. // All padding must equal the last byte otherwise it's not well-formed
  117. for (int i = AES_BLOCKSIZE; i != 0; i--)
  118. fail |= ((i > AES_BLOCKSIZE - padsize) & (*out-- != padsize));
  119. written -= padsize;
  120. }
  121. return written * !fail;
  122. }
  123. AES256CBCEncrypt::AES256CBCEncrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
  124. : enc(key), pad(padIn)
  125. {
  126. memcpy(iv, ivIn, AES_BLOCKSIZE);
  127. }
  128. int AES256CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
  129. {
  130. return CBCEncrypt(enc, iv, data, size, pad, out);
  131. }
  132. AES256CBCEncrypt::~AES256CBCEncrypt()
  133. {
  134. memset(iv, 0, sizeof(iv));
  135. }
  136. AES256CBCDecrypt::AES256CBCDecrypt(const unsigned char key[AES256_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
  137. : dec(key), pad(padIn)
  138. {
  139. memcpy(iv, ivIn, AES_BLOCKSIZE);
  140. }
  141. int AES256CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
  142. {
  143. return CBCDecrypt(dec, iv, data, size, pad, out);
  144. }
  145. AES256CBCDecrypt::~AES256CBCDecrypt()
  146. {
  147. memset(iv, 0, sizeof(iv));
  148. }
  149. AES128CBCEncrypt::AES128CBCEncrypt(const unsigned char key[AES128_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
  150. : enc(key), pad(padIn)
  151. {
  152. memcpy(iv, ivIn, AES_BLOCKSIZE);
  153. }
  154. AES128CBCEncrypt::~AES128CBCEncrypt()
  155. {
  156. memset(iv, 0, AES_BLOCKSIZE);
  157. }
  158. int AES128CBCEncrypt::Encrypt(const unsigned char* data, int size, unsigned char* out) const
  159. {
  160. return CBCEncrypt(enc, iv, data, size, pad, out);
  161. }
  162. AES128CBCDecrypt::AES128CBCDecrypt(const unsigned char key[AES128_KEYSIZE], const unsigned char ivIn[AES_BLOCKSIZE], bool padIn)
  163. : dec(key), pad(padIn)
  164. {
  165. memcpy(iv, ivIn, AES_BLOCKSIZE);
  166. }
  167. AES128CBCDecrypt::~AES128CBCDecrypt()
  168. {
  169. memset(iv, 0, AES_BLOCKSIZE);
  170. }
  171. int AES128CBCDecrypt::Decrypt(const unsigned char* data, int size, unsigned char* out) const
  172. {
  173. return CBCDecrypt(dec, iv, data, size, pad, out);
  174. }