starwels
/
starwels
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8185 Commits
3 Branches
Tree: a21df62069
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a21df62069'
${ noResults }
starwels/src/wallet/crypter.h

crypter.h 6.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. // Copyright (c) 2009-2014 The Bitcoin Core developers

  2. // Distributed under the MIT software license, see the accompanying

  3. // file COPYING or http://www.opensource.org/licenses/mit-license.php.

  4. 

  5. #ifndef BITCOIN_WALLET_CRYPTER_H

  6. #define BITCOIN_WALLET_CRYPTER_H

  7. 

  8. #include "keystore.h"

  9. #include "serialize.h"

  10. #include "support/allocators/secure.h"

  11. 

  12. class uint256;

  13. 

  14. const unsigned int WALLET_CRYPTO_KEY_SIZE = 32;

  15. const unsigned int WALLET_CRYPTO_SALT_SIZE = 8;

  16. 

  17. /**

  18.  * Private key encryption is done based on a CMasterKey,

  19.  * which holds a salt and random encryption key.

  20.  * 

  21.  * CMasterKeys are encrypted using AES-256-CBC using a key

  22.  * derived using derivation method nDerivationMethod

  23.  * (0 == EVP_sha512()) and derivation iterations nDeriveIterations.

  24.  * vchOtherDerivationParameters is provided for alternative algorithms

  25.  * which may require more parameters (such as scrypt).

  26.  * 

  27.  * Wallet Private Keys are then encrypted using AES-256-CBC

  28.  * with the double-sha256 of the public key as the IV, and the

  29.  * master key's key as the encryption key (see keystore.[ch]).

  30.  */

  31. 

  32. /** Master key for wallet encryption */

  33. class CMasterKey

  34. {

  35. public:

  36.     std::vector<unsigned char> vchCryptedKey;

  37.     std::vector<unsigned char> vchSalt;

  38.     //! 0 = EVP_sha512()

  39.     //! 1 = scrypt()

  40.     unsigned int nDerivationMethod;

  41.     unsigned int nDeriveIterations;

  42.     //! Use this for more parameters to key derivation,

  43.     //! such as the various parameters to scrypt

  44.     std::vector<unsigned char> vchOtherDerivationParameters;

  45. 

  46.     ADD_SERIALIZE_METHODS;

  47. 

  48.     template <typename Stream, typename Operation>

  49.     inline void SerializationOp(Stream& s, Operation ser_action, int nType, int nVersion) {

  50.         READWRITE(vchCryptedKey);

  51.         READWRITE(vchSalt);

  52.         READWRITE(nDerivationMethod);

  53.         READWRITE(nDeriveIterations);

  54.         READWRITE(vchOtherDerivationParameters);

  55.     }

  56. 

  57.     CMasterKey()

  58.     {

  59.         // 25000 rounds is just under 0.1 seconds on a 1.86 GHz Pentium M

  60.         // ie slightly lower than the lowest hardware we need bother supporting

  61.         nDeriveIterations = 25000;

  62.         nDerivationMethod = 0;

  63.         vchOtherDerivationParameters = std::vector<unsigned char>(0);

  64.     }

  65. };

  66. 

  67. typedef std::vector<unsigned char, secure_allocator<unsigned char> > CKeyingMaterial;

  68. 

  69. /** Encryption/decryption context with key information */

  70. class CCrypter

  71. {

  72. private:

  73.     unsigned char chKey[WALLET_CRYPTO_KEY_SIZE];

  74.     unsigned char chIV[WALLET_CRYPTO_KEY_SIZE];

  75.     bool fKeySet;

  76. 

  77. public:

  78.     bool SetKeyFromPassphrase(const SecureString &strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod);

  79.     bool Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext);

  80.     bool Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext);

  81.     bool SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV);

  82. 

  83.     void CleanKey()

  84.     {

  85.         memory_cleanse(chKey, sizeof(chKey));

  86.         memory_cleanse(chIV, sizeof(chIV));

  87.         fKeySet = false;

  88.     }

  89. 

  90.     CCrypter()

  91.     {

  92.         fKeySet = false;

  93. 

  94.         // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)

  95.         // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)

  96.         // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.

  97.         LockedPageManager::Instance().LockRange(&chKey[0], sizeof chKey);

  98.         LockedPageManager::Instance().LockRange(&chIV[0], sizeof chIV);

  99.     }

  100. 

  101.     ~CCrypter()

  102.     {

  103.         CleanKey();

  104. 

  105.         LockedPageManager::Instance().UnlockRange(&chKey[0], sizeof chKey);

  106.         LockedPageManager::Instance().UnlockRange(&chIV[0], sizeof chIV);

  107.     }

  108. };

  109. 

  110. /** Keystore which keeps the private keys encrypted.

  111.  * It derives from the basic key store, which is used if no encryption is active.

  112.  */

  113. class CCryptoKeyStore : public CBasicKeyStore

  114. {

  115. private:

  116.     CryptedKeyMap mapCryptedKeys;

  117. 

  118.     CKeyingMaterial vMasterKey;

  119. 

  120.     //! if fUseCrypto is true, mapKeys must be empty

  121.     //! if fUseCrypto is false, vMasterKey must be empty

  122.     bool fUseCrypto;

  123. 

  124.     //! keeps track of whether Unlock has run a thorough check before

  125.     bool fDecryptionThoroughlyChecked;

  126. 

  127. protected:

  128.     bool SetCrypted();

  129. 

  130.     //! will encrypt previously unencrypted keys

  131.     bool EncryptKeys(CKeyingMaterial& vMasterKeyIn);

  132. 

  133.     bool Unlock(const CKeyingMaterial& vMasterKeyIn);

  134. 

  135. public:

  136.     CCryptoKeyStore() : fUseCrypto(false), fDecryptionThoroughlyChecked(false)

  137.     {

  138.     }

  139. 

  140.     bool IsCrypted() const

  141.     {

  142.         return fUseCrypto;

  143.     }

  144. 

  145.     bool IsLocked() const

  146.     {

  147.         if (!IsCrypted())

  148.             return false;

  149.         bool result;

  150.         {

  151.             LOCK(cs_KeyStore);

  152.             result = vMasterKey.empty();

  153.         }

  154.         return result;

  155.     }

  156. 

  157.     bool Lock();

  158. 

  159.     virtual bool AddCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret);

  160.     bool AddKeyPubKey(const CKey& key, const CPubKey &pubkey);

  161.     bool HaveKey(const CKeyID &address) const

  162.     {

  163.         {

  164.             LOCK(cs_KeyStore);

  165.             if (!IsCrypted())

  166.                 return CBasicKeyStore::HaveKey(address);

  167.             return mapCryptedKeys.count(address) > 0;

  168.         }

  169.         return false;

  170.     }

  171.     bool GetKey(const CKeyID &address, CKey& keyOut) const;

  172.     bool GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const;

  173.     void GetKeys(std::set<CKeyID> &setAddress) const

  174.     {

  175.         if (!IsCrypted())

  176.         {

  177.             CBasicKeyStore::GetKeys(setAddress);

  178.             return;

  179.         }

  180.         setAddress.clear();

  181.         CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();

  182.         while (mi != mapCryptedKeys.end())

  183.         {

  184.             setAddress.insert((*mi).first);

  185.             mi++;

  186.         }

  187.     }

  188. 

  189.     /**

  190.      * Wallet status (encrypted, locked) changed.

  191.      * Note: Called without locks held.

  192.      */

  193.     boost::signals2::signal<void (CCryptoKeyStore* wallet)> NotifyStatusChanged;

  194. };

  195. 

  196. #endif // BITCOIN_WALLET_CRYPTER_H