[VerusCoin.git] / src / wallet / crypter.cpp

// Copyright (c) 2009-2013 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include "crypter.h"

#include "script/script.h"
#include "script/standard.h"
#include "util.h"

#include <string>
#include <vector>
#include <boost/foreach.hpp>
#include <openssl/aes.h>
#include <openssl/evp.h>

bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
{
    if (nRounds < 1 || chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
        return false;

    int i = 0;
    if (nDerivationMethod == 0)
        i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
                          (unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);

    if (i != (int)WALLET_CRYPTO_KEY_SIZE)
    {
        memory_cleanse(chKey, sizeof(chKey));
        memory_cleanse(chIV, sizeof(chIV));
        return false;
    }

    fKeySet = true;
    return true;
}

bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV)
{
    if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE || chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
        return false;

    memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
    memcpy(&chIV[0], &chNewIV[0], sizeof chIV);

    fKeySet = true;
    return true;
}

bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext)
{
    if (!fKeySet)
        return false;

    // max ciphertext len for a n bytes of plaintext is
    // n + AES_BLOCK_SIZE - 1 bytes
    int nLen = vchPlaintext.size();
    int nCLen = nLen + AES_BLOCK_SIZE, nFLen = 0;
    vchCiphertext = std::vector<unsigned char> (nCLen);

    EVP_CIPHER_CTX ctx;

    bool fOk = true;

    EVP_CIPHER_CTX_init(&ctx);
    if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
    if (fOk) fOk = EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0;
    if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0;
    EVP_CIPHER_CTX_cleanup(&ctx);

    if (!fOk) return false;

    vchCiphertext.resize(nCLen + nFLen);
    return true;
}

bool CCrypter::Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext)
{
    if (!fKeySet)
        return false;

    // plaintext will always be equal to or lesser than length of ciphertext
    int nLen = vchCiphertext.size();
    int nPLen = nLen, nFLen = 0;

    vchPlaintext = CKeyingMaterial(nPLen);

    EVP_CIPHER_CTX ctx;

    bool fOk = true;

    EVP_CIPHER_CTX_init(&ctx);
    if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
    if (fOk) fOk = EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0;
    if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0;
    EVP_CIPHER_CTX_cleanup(&ctx);

    if (!fOk) return false;

    vchPlaintext.resize(nPLen + nFLen);
    return true;
}


static bool EncryptSecret(const CKeyingMaterial& vMasterKey, const CKeyingMaterial &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext)
{
    CCrypter cKeyCrypter;
    std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
    memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
    if(!cKeyCrypter.SetKey(vMasterKey, chIV))
        return false;
    return cKeyCrypter.Encrypt(*((const CKeyingMaterial*)&vchPlaintext), vchCiphertext);
}

static bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCiphertext, const uint256& nIV, CKeyingMaterial& vchPlaintext)
{
    CCrypter cKeyCrypter;
    std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
    memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
    if(!cKeyCrypter.SetKey(vMasterKey, chIV))
        return false;
    return cKeyCrypter.Decrypt(vchCiphertext, *((CKeyingMaterial*)&vchPlaintext));
}

static bool DecryptKey(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCryptedSecret, const CPubKey& vchPubKey, CKey& key)
{
    CKeyingMaterial vchSecret;
    if(!DecryptSecret(vMasterKey, vchCryptedSecret, vchPubKey.GetHash(), vchSecret))
        return false;

    if (vchSecret.size() != 32)
        return false;

    key.Set(vchSecret.begin(), vchSecret.end(), vchPubKey.IsCompressed());
    return key.VerifyPubKey(vchPubKey);
}

bool CCryptoKeyStore::SetCrypted()
{
    LOCK(cs_KeyStore);
    if (fUseCrypto)
        return true;
    if (!mapKeys.empty())
        return false;
    fUseCrypto = true;
    return true;
}

bool CCryptoKeyStore::Lock()
{
    if (!SetCrypted())
        return false;

    {
        LOCK(cs_KeyStore);
        vMasterKey.clear();
    }

    NotifyStatusChanged(this);
    return true;
}

bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)
{
    {
        LOCK(cs_KeyStore);
        if (!SetCrypted())
            return false;

        bool keyPass = false;
        bool keyFail = false;
        CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();
        for (; mi != mapCryptedKeys.end(); ++mi)
        {
            const CPubKey &vchPubKey = (*mi).second.first;
            const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
            CKey key;
            if (!DecryptKey(vMasterKeyIn, vchCryptedSecret, vchPubKey, key))
            {
                keyFail = true;
                break;
            }
            keyPass = true;
            if (fDecryptionThoroughlyChecked)
                break;
        }
        if (keyPass && keyFail)
        {
            LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n");
            assert(false);
        }
        if (keyFail || !keyPass)
            return false;
        vMasterKey = vMasterKeyIn;
        fDecryptionThoroughlyChecked = true;
    }
    NotifyStatusChanged(this);
    return true;
}

bool CCryptoKeyStore::AddKeyPubKey(const CKey& key, const CPubKey &pubkey)
{
    {
        LOCK(cs_KeyStore);
        if (!IsCrypted())
            return CBasicKeyStore::AddKeyPubKey(key, pubkey);

        if (IsLocked())
            return false;

        std::vector<unsigned char> vchCryptedSecret;
        CKeyingMaterial vchSecret(key.begin(), key.end());
        if (!EncryptSecret(vMasterKey, vchSecret, pubkey.GetHash(), vchCryptedSecret))
            return false;

        if (!AddCryptedKey(pubkey, vchCryptedSecret))
            return false;
    }
    return true;
}


bool CCryptoKeyStore::AddCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret)
{
    {
        LOCK(cs_KeyStore);
        if (!SetCrypted())
            return false;

        mapCryptedKeys[vchPubKey.GetID()] = make_pair(vchPubKey, vchCryptedSecret);
    }
    return true;
}

bool CCryptoKeyStore::GetKey(const CKeyID &address, CKey& keyOut) const
{
    {
        LOCK(cs_KeyStore);
        if (!IsCrypted())
            return CBasicKeyStore::GetKey(address, keyOut);

        CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
        if (mi != mapCryptedKeys.end())
        {
            const CPubKey &vchPubKey = (*mi).second.first;
            const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
            return DecryptKey(vMasterKey, vchCryptedSecret, vchPubKey, keyOut);
        }
    }
    return false;
}

bool CCryptoKeyStore::GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const
{
    {
        LOCK(cs_KeyStore);
        if (!IsCrypted())
            return CKeyStore::GetPubKey(address, vchPubKeyOut);

        CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
        if (mi != mapCryptedKeys.end())
        {
            vchPubKeyOut = (*mi).second.first;
            return true;
        }
    }
    return false;
}

bool CCryptoKeyStore::EncryptKeys(CKeyingMaterial& vMasterKeyIn)
{
    {
        LOCK(cs_KeyStore);
        if (!mapCryptedKeys.empty() || IsCrypted())
            return false;

        fUseCrypto = true;
        BOOST_FOREACH(KeyMap::value_type& mKey, mapKeys)
        {
            const CKey &key = mKey.second;
            CPubKey vchPubKey = key.GetPubKey();
            CKeyingMaterial vchSecret(key.begin(), key.end());
            std::vector<unsigned char> vchCryptedSecret;
            if (!EncryptSecret(vMasterKeyIn, vchSecret, vchPubKey.GetHash(), vchCryptedSecret))
                return false;
            if (!AddCryptedKey(vchPubKey, vchCryptedSecret))
                return false;
        }
        mapKeys.clear();
    }
    return true;
}
Commit	Line	Data
f914f1a7	1	// Copyright (c) 2009-2013 The Bitcoin Core developers
78253fcb	2	// Distributed under the MIT software license, see the accompanying
4e87d341 MC	3	// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4e87d341 MC	4
51ed9ec9 BD	5	#include "crypter.h"
51ed9ec9 BD	6
cbd22a50	7	#include "script/script.h"
066e2a14	8	#include "script/standard.h"
ad49c256	9	#include "util.h"
829c9203	10
4e87d341	11	#include <string>
51ed9ec9	12	#include <vector>
829c9203	13	#include <boost/foreach.hpp>
51ed9ec9 BD	14	#include <openssl/aes.h>
51ed9ec9 BD	15	#include <openssl/evp.h>
4e87d341	16
94f778bd	17	bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod)
4e87d341 MC	18	{
	19	if (nRounds < 1 \|\| chSalt.size() != WALLET_CRYPTO_SALT_SIZE)
	20	return false;
	21
4e87d341 MC	22	int i = 0;
	23	if (nDerivationMethod == 0)
	24	i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), &chSalt[0],
	25	(unsigned char *)&strKeyData[0], strKeyData.size(), nRounds, chKey, chIV);
	26
9fb89c26	27	if (i != (int)WALLET_CRYPTO_KEY_SIZE)
4e87d341	28	{
1630219d CF	29	memory_cleanse(chKey, sizeof(chKey));
1630219d CF	30	memory_cleanse(chIV, sizeof(chIV));
4e87d341 MC	31	return false;
	32	}
	33
	34	fKeySet = true;
	35	return true;
	36	}
	37
	38	bool CCrypter::SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV)
	39	{
	40	if (chNewKey.size() != WALLET_CRYPTO_KEY_SIZE \|\| chNewIV.size() != WALLET_CRYPTO_KEY_SIZE)
	41	return false;
	42
4e87d341 MC	43	memcpy(&chKey[0], &chNewKey[0], sizeof chKey);
	44	memcpy(&chIV[0], &chNewIV[0], sizeof chIV);
	45
	46	fKeySet = true;
	47	return true;
	48	}
	49
	50	bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext)
	51	{
	52	if (!fKeySet)
	53	return false;
	54
	55	// max ciphertext len for a n bytes of plaintext is
	56	// n + AES_BLOCK_SIZE - 1 bytes
	57	int nLen = vchPlaintext.size();
	58	int nCLen = nLen + AES_BLOCK_SIZE, nFLen = 0;
	59	vchCiphertext = std::vector<unsigned char> (nCLen);
	60
	61	EVP_CIPHER_CTX ctx;
	62
e5c027b4	63	bool fOk = true;
4e87d341	64
e5c027b4	65	EVP_CIPHER_CTX_init(&ctx);
8d657a65 E	66	if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
	67	if (fOk) fOk = EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen) != 0;
	68	if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0]) + nCLen, &nFLen) != 0;
4e87d341 MC	69	EVP_CIPHER_CTX_cleanup(&ctx);
4e87d341 MC	70
e5c027b4 PW	71	if (!fOk) return false;
e5c027b4 PW	72
4e87d341 MC	73	vchCiphertext.resize(nCLen + nFLen);
	74	return true;
	75	}
	76
	77	bool CCrypter::Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext)
	78	{
	79	if (!fKeySet)
	80	return false;
	81
	82	// plaintext will always be equal to or lesser than length of ciphertext
	83	int nLen = vchCiphertext.size();
	84	int nPLen = nLen, nFLen = 0;
	85
	86	vchPlaintext = CKeyingMaterial(nPLen);
	87
	88	EVP_CIPHER_CTX ctx;
	89
e5c027b4	90	bool fOk = true;
4e87d341	91
e5c027b4	92	EVP_CIPHER_CTX_init(&ctx);
8d657a65 E	93	if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV) != 0;
	94	if (fOk) fOk = EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen) != 0;
	95	if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0]) + nPLen, &nFLen) != 0;
4e87d341 MC	96	EVP_CIPHER_CTX_cleanup(&ctx);
4e87d341 MC	97
e5c027b4 PW	98	if (!fOk) return false;
e5c027b4 PW	99
4e87d341 MC	100	vchPlaintext.resize(nPLen + nFLen);
	101	return true;
	102	}
	103
	104
35f7227a	105	static bool EncryptSecret(const CKeyingMaterial& vMasterKey, const CKeyingMaterial &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext)
4e87d341 MC	106	{
	107	CCrypter cKeyCrypter;
	108	std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
	109	memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
	110	if(!cKeyCrypter.SetKey(vMasterKey, chIV))
	111	return false;
dfa23b94	112	return cKeyCrypter.Encrypt(((const CKeyingMaterial)&vchPlaintext), vchCiphertext);
4e87d341 MC	113	}
4e87d341 MC	114
35f7227a	115	static bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCiphertext, const uint256& nIV, CKeyingMaterial& vchPlaintext)
4e87d341 MC	116	{
	117	CCrypter cKeyCrypter;
	118	std::vector<unsigned char> chIV(WALLET_CRYPTO_KEY_SIZE);
	119	memcpy(&chIV[0], &nIV, WALLET_CRYPTO_KEY_SIZE);
	120	if(!cKeyCrypter.SetKey(vMasterKey, chIV))
	121	return false;
	122	return cKeyCrypter.Decrypt(vchCiphertext, ((CKeyingMaterial)&vchPlaintext));
	123	}
829c9203	124
35f7227a DK	125	static bool DecryptKey(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char>& vchCryptedSecret, const CPubKey& vchPubKey, CKey& key)
	126	{
	127	CKeyingMaterial vchSecret;
	128	if(!DecryptSecret(vMasterKey, vchCryptedSecret, vchPubKey.GetHash(), vchSecret))
	129	return false;
	130
	131	if (vchSecret.size() != 32)
	132	return false;
	133
	134	key.Set(vchSecret.begin(), vchSecret.end(), vchPubKey.IsCompressed());
	135	return key.VerifyPubKey(vchPubKey);
	136	}
	137
829c9203 WL	138	bool CCryptoKeyStore::SetCrypted()
	139	{
	140	LOCK(cs_KeyStore);
	141	if (fUseCrypto)
	142	return true;
	143	if (!mapKeys.empty())
	144	return false;
	145	fUseCrypto = true;
	146	return true;
	147	}
	148
	149	bool CCryptoKeyStore::Lock()
	150	{
	151	if (!SetCrypted())
	152	return false;
	153
	154	{
	155	LOCK(cs_KeyStore);
	156	vMasterKey.clear();
	157	}
	158
	159	NotifyStatusChanged(this);
	160	return true;
	161	}
	162
	163	bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)
	164	{
	165	{
	166	LOCK(cs_KeyStore);
	167	if (!SetCrypted())
	168	return false;
	169
1e21c17d GM	170	bool keyPass = false;
1e21c17d GM	171	bool keyFail = false;
829c9203 WL	172	CryptedKeyMap::const_iterator mi = mapCryptedKeys.begin();
	173	for (; mi != mapCryptedKeys.end(); ++mi)
	174	{
	175	const CPubKey &vchPubKey = (*mi).second.first;
	176	const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
829c9203	177	CKey key;
35f7227a	178	if (!DecryptKey(vMasterKeyIn, vchCryptedSecret, vchPubKey, key))
1e21c17d GM	179	{
1e21c17d GM	180	keyFail = true;
829c9203	181	break;
1e21c17d GM	182	}
1e21c17d GM	183	keyPass = true;
a35b55b5 MC	184	if (fDecryptionThoroughlyChecked)
a35b55b5 MC	185	break;
829c9203	186	}
1e21c17d GM	187	if (keyPass && keyFail)
1e21c17d GM	188	{
7ff9d122	189	LogPrintf("The wallet is probably corrupted: Some keys decrypt but not all.\n");
1e21c17d GM	190	assert(false);
	191	}
	192	if (keyFail \|\| !keyPass)
	193	return false;
829c9203	194	vMasterKey = vMasterKeyIn;
a35b55b5	195	fDecryptionThoroughlyChecked = true;
829c9203 WL	196	}
	197	NotifyStatusChanged(this);
	198	return true;
	199	}
	200
	201	bool CCryptoKeyStore::AddKeyPubKey(const CKey& key, const CPubKey &pubkey)
	202	{
	203	{
	204	LOCK(cs_KeyStore);
	205	if (!IsCrypted())
	206	return CBasicKeyStore::AddKeyPubKey(key, pubkey);
	207
	208	if (IsLocked())
	209	return false;
	210
	211	std::vector<unsigned char> vchCryptedSecret;
	212	CKeyingMaterial vchSecret(key.begin(), key.end());
	213	if (!EncryptSecret(vMasterKey, vchSecret, pubkey.GetHash(), vchCryptedSecret))
	214	return false;
	215
	216	if (!AddCryptedKey(pubkey, vchCryptedSecret))
	217	return false;
	218	}
	219	return true;
	220	}
	221
	222
	223	bool CCryptoKeyStore::AddCryptedKey(const CPubKey &vchPubKey, const std::vector<unsigned char> &vchCryptedSecret)
	224	{
	225	{
	226	LOCK(cs_KeyStore);
	227	if (!SetCrypted())
	228	return false;
	229
	230	mapCryptedKeys[vchPubKey.GetID()] = make_pair(vchPubKey, vchCryptedSecret);
	231	}
	232	return true;
	233	}
	234
	235	bool CCryptoKeyStore::GetKey(const CKeyID &address, CKey& keyOut) const
	236	{
	237	{
	238	LOCK(cs_KeyStore);
	239	if (!IsCrypted())
	240	return CBasicKeyStore::GetKey(address, keyOut);
	241
	242	CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
	243	if (mi != mapCryptedKeys.end())
	244	{
	245	const CPubKey &vchPubKey = (*mi).second.first;
	246	const std::vector<unsigned char> &vchCryptedSecret = (*mi).second.second;
35f7227a	247	return DecryptKey(vMasterKey, vchCryptedSecret, vchPubKey, keyOut);
829c9203 WL	248	}
	249	}
	250	return false;
	251	}
	252
	253	bool CCryptoKeyStore::GetPubKey(const CKeyID &address, CPubKey& vchPubKeyOut) const
	254	{
	255	{
	256	LOCK(cs_KeyStore);
	257	if (!IsCrypted())
	258	return CKeyStore::GetPubKey(address, vchPubKeyOut);
	259
	260	CryptedKeyMap::const_iterator mi = mapCryptedKeys.find(address);
	261	if (mi != mapCryptedKeys.end())
	262	{
	263	vchPubKeyOut = (*mi).second.first;
	264	return true;
	265	}
	266	}
	267	return false;
	268	}
	269
	270	bool CCryptoKeyStore::EncryptKeys(CKeyingMaterial& vMasterKeyIn)
	271	{
	272	{
	273	LOCK(cs_KeyStore);
	274	if (!mapCryptedKeys.empty() \|\| IsCrypted())
	275	return false;
	276
	277	fUseCrypto = true;
	278	BOOST_FOREACH(KeyMap::value_type& mKey, mapKeys)
	279	{
	280	const CKey &key = mKey.second;
	281	CPubKey vchPubKey = key.GetPubKey();
	282	CKeyingMaterial vchSecret(key.begin(), key.end());
	283	std::vector<unsigned char> vchCryptedSecret;
	284	if (!EncryptSecret(vMasterKeyIn, vchSecret, vchPubKey.GetHash(), vchCryptedSecret))
	285	return false;
	286	if (!AddCryptedKey(vchPubKey, vchCryptedSecret))
	287	return false;
	288	}
	289	mapKeys.clear();
	290	}
	291	return true;
	292	}