1 // Copyright (c) 2009-2012 The Bitcoin Developers
2 // Distributed under the MIT/X11 software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
7 #include "allocators.h" /* for SecureString */
10 //#include <openssl/crypto.h> // for OPENSSL_cleanse()
12 const unsigned int WALLET_CRYPTO_KEY_SIZE = 32;
13 const unsigned int WALLET_CRYPTO_SALT_SIZE = 8;
16 Private key encryption is done based on a CMasterKey,
17 which holds a salt and random encryption key.
19 CMasterKeys are encrypted using AES-256-CBC using a key
20 derived using derivation method nDerivationMethod
21 (0 == EVP_sha512()) and derivation iterations nDeriveIterations.
22 vchOtherDerivationParameters is provided for alternative algorithms
23 which may require more parameters (such as scrypt).
25 Wallet Private Keys are then encrypted using AES-256-CBC
26 with the double-sha256 of the public key as the IV, and the
27 master key's key as the encryption key (see keystore.[ch]).
30 /** Master key for wallet encryption */
34 std::vector<unsigned char> vchCryptedKey;
35 std::vector<unsigned char> vchSalt;
38 unsigned int nDerivationMethod;
39 unsigned int nDeriveIterations;
40 // Use this for more parameters to key derivation,
41 // such as the various parameters to scrypt
42 std::vector<unsigned char> vchOtherDerivationParameters;
46 READWRITE(vchCryptedKey);
48 READWRITE(nDerivationMethod);
49 READWRITE(nDeriveIterations);
50 READWRITE(vchOtherDerivationParameters);
54 // 25000 rounds is just under 0.1 seconds on a 1.86 GHz Pentium M
55 // ie slightly lower than the lowest hardware we need bother supporting
56 nDeriveIterations = 25000;
57 nDerivationMethod = 1;
58 vchOtherDerivationParameters = std::vector<unsigned char>(0);
61 CMasterKey(unsigned int nDerivationMethodIndex)
63 switch (nDerivationMethodIndex)
67 nDeriveIterations = 25000;
68 nDerivationMethod = 0;
69 vchOtherDerivationParameters = std::vector<unsigned char>(0);
72 case 1: // scrypt+sha512
73 nDeriveIterations = 10000;
74 nDerivationMethod = 1;
75 vchOtherDerivationParameters = std::vector<unsigned char>(0);
82 typedef std::vector<unsigned char, secure_allocator<unsigned char> > CKeyingMaterial;
84 /** Encryption/decryption context with key information */
88 unsigned char chKey[WALLET_CRYPTO_KEY_SIZE];
89 unsigned char chIV[WALLET_CRYPTO_KEY_SIZE];
93 bool SetKeyFromPassphrase(const SecureString &strKeyData, const std::vector<unsigned char>& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod);
94 bool Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned char> &vchCiphertext);
95 bool Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingMaterial& vchPlaintext);
96 bool SetKey(const CKeyingMaterial& chNewKey, const std::vector<unsigned char>& chNewIV);
100 OPENSSL_cleanse(&chKey, sizeof chKey);
101 OPENSSL_cleanse(&chIV, sizeof chIV);
109 // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap)
110 // Note that this does nothing about suspend-to-disk (which will put all our key data on disk)
111 // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process.
112 LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey);
113 LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV);
120 LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey);
121 LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV);
125 bool EncryptSecret(CKeyingMaterial& vMasterKey, const CSecret &vchPlaintext, const uint256& nIV, std::vector<unsigned char> &vchCiphertext);
126 bool DecryptSecret(const CKeyingMaterial& vMasterKey, const std::vector<unsigned char> &vchCiphertext, const uint256& nIV, CSecret &vchPlaintext);