X-Git-Url: https://git.novaco.in/?p=novacoin.git;a=blobdiff_plain;f=src%2Fcrypter.h;h=dd5d50664af1ae5dde1363f33bdfab7ab71406b5;hp=5b95ea415e0359ec45838b6cd5331f2138780f46;hb=9acf270b14e561fe959ff25001f083a00e5e1caa;hpb=4e87d341f75f13bbd7d108c31c03886fbc4df56f diff --git a/src/crypter.h b/src/crypter.h index 5b95ea4..dd5d506 100644 --- a/src/crypter.h +++ b/src/crypter.h @@ -1,10 +1,12 @@ -// Copyright (c) 2011 The Bitcoin Developers +// Copyright (c) 2009-2012 The Bitcoin Developers // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. #ifndef __CRYPTER_H__ #define __CRYPTER_H__ +#include "allocators.h" /* for SecureString */ #include "key.h" +#include "serialize.h" const unsigned int WALLET_CRYPTO_KEY_SIZE = 32; const unsigned int WALLET_CRYPTO_SALT_SIZE = 8; @@ -13,17 +15,18 @@ const unsigned int WALLET_CRYPTO_SALT_SIZE = 8; Private key encryption is done based on a CMasterKey, which holds a salt and random encryption key. -CMasterKeys is encrypted using AES-256-CBC using a key +CMasterKeys are encrypted using AES-256-CBC using a key derived using derivation method nDerivationMethod (0 == EVP_sha512()) and derivation iterations nDeriveIterations. vchOtherDerivationParameters is provided for alternative algorithms which may require more parameters (such as scrypt). Wallet Private Keys are then encrypted using AES-256-CBC -with the double-sha256 of the private key as the IV, and the -master key's key as the encryption key. +with the double-sha256 of the public key as the IV, and the +master key's key as the encryption key (see keystore.[ch]). */ +/** Master key for wallet encryption */ class CMasterKey { public: @@ -50,13 +53,34 @@ public: // 25000 rounds is just under 0.1 seconds on a 1.86 GHz Pentium M // ie slightly lower than the lowest hardware we need bother supporting nDeriveIterations = 25000; - nDerivationMethod = 0; + nDerivationMethod = 1; vchOtherDerivationParameters = std::vector(0); } + + CMasterKey(unsigned int nDerivationMethodIndex) + { + switch (nDerivationMethodIndex) + { + case 0: // sha512 + default: + nDeriveIterations = 25000; + nDerivationMethod = 0; + vchOtherDerivationParameters = std::vector(0); + break; + + case 1: // scrypt+sha512 + nDeriveIterations = 10000; + nDerivationMethod = 1; + vchOtherDerivationParameters = std::vector(0); + break; + } + } + }; typedef std::vector > CKeyingMaterial; +/** Encryption/decryption context with key information */ class CCrypter { private: @@ -65,7 +89,7 @@ private: bool fKeySet; public: - bool SetKeyFromPassphrase(const std::string &strKeyData, const std::vector& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod); + bool SetKeyFromPassphrase(const SecureString &strKeyData, const std::vector& chSalt, const unsigned int nRounds, const unsigned int nDerivationMethod); bool Encrypt(const CKeyingMaterial& vchPlaintext, std::vector &vchCiphertext); bool Decrypt(const std::vector& vchCiphertext, CKeyingMaterial& vchPlaintext); bool SetKey(const CKeyingMaterial& chNewKey, const std::vector& chNewIV); @@ -74,19 +98,26 @@ public: { memset(&chKey, 0, sizeof chKey); memset(&chIV, 0, sizeof chIV); - munlock(&chKey, sizeof chKey); - munlock(&chIV, sizeof chIV); fKeySet = false; } CCrypter() { fKeySet = false; + + // Try to keep the key data out of swap (and be a bit over-careful to keep the IV that we don't even use out of swap) + // Note that this does nothing about suspend-to-disk (which will put all our key data on disk) + // Note as well that at no point in this program is any attempt made to prevent stealing of keys by reading the memory of the running process. + LockedPageManager::instance.LockRange(&chKey[0], sizeof chKey); + LockedPageManager::instance.LockRange(&chIV[0], sizeof chIV); } ~CCrypter() { CleanKey(); + + LockedPageManager::instance.UnlockRange(&chKey[0], sizeof chKey); + LockedPageManager::instance.UnlockRange(&chIV[0], sizeof chIV); } };