Skip to content

Replace OpenSSL AES with ctaes-based version #1486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Fuzzbawls merged 12 commits into from
May 16, 2020
Merged

Replace OpenSSL AES with ctaes-based version #1486

Fuzzbawls merged 12 commits into from
May 16, 2020

Conversation

@furszy
Copy link

@furszy furszy commented Apr 2, 2020

Coming from upstream 7689

slow and simple AES implementation.

Performance on modern systems should be around 2-10 Mbyte/s (for short to larger messages), which is plenty for the needs of our wallet.

@furszy furszy self-assigned this Apr 2, 2020
@furszy furszy mentioned this pull request Apr 3, 2020
Merged
@furszy furszy added this to the Future milestone Apr 6, 2020
@random-zebra random-zebra modified the milestones: Future, 5.0.0 Apr 24, 2020
@random-zebra
Copy link

random-zebra commented Apr 28, 2020

Been testing encryption/decryption for passphrases, keys, bip38, before/after this PR. All good so far.
Note for reviewers: if you get

pivx-qt: main.cpp:2494: bool ConnectBlock(const CBlock&, CValidationState&, CBlockIndex*, CCoinsViewCache&, bool, bool): Assertion `hashPrevBlock == view.GetBestBlock()' failed.

just rebase this PR on latest master (it's a simple rebase without conflicts) as the block index serialization is changed.

sipa and others added 11 commits May 13, 2020 02:14
@sipa @furszy
Squashed 'src/crypto/ctaes/' content from commit cd3c3ac
bfb12ba 
git-subtree-dir: src/crypto/ctaes
git-subtree-split: cd3c3ac31fac41cc253bf5780b55ecd8d7368545
@sipa @furszy
Add ctaes-based constant time AES implementation
2395fa7
@theuni @furszy
crypto: add AES 128/256 CBC classes
1708a62 
The output should always match openssl's, even for failed operations. Even for
a decrypt with broken padding, the output is always deterministic (and attemtps
to be constant-time).
@theuni @furszy
crypto: add aes cbc tests
86053f5
@furszy
crypter: fix the stored initialization vector size
b2175f3 
AES IV's are 16bytes, not 32. This was harmless but confusing.

Add WALLET_CRYPTO_IV_SIZE to make its usage explicit.

Coming from upstream 1c391a5
@furszy
crypter: hook up the new aes cbc classes
2aeb09e 
Coming from upstream 9049cde
@furszy
crypter: add a BytesToKey clone to replace the use of openssl
be94566 
BytesToKeySHA512AES should be functionally identical to EVP_BytesToKey, but
drops the dependency on openssl.

Coming from upstream 976f9ec
@theuni @furszy
crypter: add tests for crypter
ad984e4 
Verify that results correct (match known values), consistent (encrypt->decrypt
matches the original), and compatible with the previous openssl implementation.

Also check that failed encrypts/decrypts fail the exact same way as openssl.
@furszy
crypter: constify encrypt/decrypt
096d1b7 
This makes CCrypter easier to pass aroundf for tests

coming from fb96831
@furszy
build: Enumerate ctaes rather than globbing
5975fc2 
Coming from 723779c
@Fuzzbawls @furszy
Build: Add ctaes to CMakeLists
8adbaab
@furszy furszy force-pushed the 2020_openss_replace branch from 0eabf5c to 8adbaab Compare May 13, 2020 05:28
@furszy
Copy link
Author

furszy commented May 13, 2020
edited
Loading

Just rebased the PR to make the review process easier.

random-zebra
random-zebra previously approved these changes May 14, 2020
View reviewed changes
Copy link

@random-zebra random-zebra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good backport. ACK 8adbaab

Fuzzbawls
Fuzzbawls reviewed May 15, 2020
View reviewed changes
Copy link
Collaborator

@Fuzzbawls Fuzzbawls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So far, so good.

Minor note about un-necessary header includes in the crypto unit tests. They are from the original upstream PR, but just aren't needed and were later removed upstream (bitcoin#15919)

src/test/crypto_tests.cpp Outdated
#include <boost/assign/list_of.hpp>
#include <boost/test/unit_test.hpp>
#include <openssl/aes.h>
#include <openssl/evp.h>
Copy link
Collaborator

@Fuzzbawls Fuzzbawls May 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to add openssl header includes here

Copy link
Author

@furszy furszy May 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@furszy
Remove unused OpenSSL includes to make it more clear where OpenSSL is…
a49d5d4 
… used

Coming from btc@a34081b7c398847c37a587029c7ad7f3a3396c8e
@furszy
Copy link
Author

furszy commented May 16, 2020

Updated as per @Fuzzbawls suggestion.

Fuzzbawls
Fuzzbawls approved these changes May 16, 2020
View reviewed changes
Copy link
Collaborator

@Fuzzbawls Fuzzbawls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK a49d5d4

random-zebra
random-zebra approved these changes May 16, 2020
View reviewed changes
Copy link

@random-zebra random-zebra left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK cleanup commit a49d5d4

@Fuzzbawls Fuzzbawls merged commit e146131 into PIVX-Project:master May 16, 2020
random-zebra added a commit that referenced this pull request May 17, 2020
@random-zebra
Merge #1488: CCrypter using secure allocator vector.
cc84157 
f8fd095 Add missing lock in crypter GetKeys. (furszy)
366bc8b Get rid of LockObject and UnlockObject unused methods. (furszy)
121e5c0 [Wallet] Change CCrypter to use vectors with secure allocator (furszy)

Pull request description:

  Built on top of #1486. Commits starting in `d058064` .

  This PR back port, partially, [upstream@8753](bitcoin#8753) . -- The last three commits left to back port in a future PR --

  Containing the following changes:

  1)  Changing CCrypter to use vectors with secure allocator instead of have to lock stack memory pages to prevent the memory from being swapped to disk.

  2) Removing the unused LockObject and UnlockObject methods.

  3) Adding a missing lock in the `CCryptoKeyStore::GetKeys` method.

ACKs for top commit:
  Fuzzbawls:
    utACK f8fd095
  random-zebra:
    utACK f8fd095 and merging...

Tree-SHA512: c1b760d37da93623ade0fb2565e8f060a4b7f5a109633cbe885732a16ed32614ba1f07d351fadcd57a19edf1343bdee1a81ee27898b4f124b6ddb15cc226d0d2
@lyricidal lyricidal mentioned this pull request Aug 4, 2022
Merged
@furszy furszy deleted the 2020_openss_replace branch November 29, 2022 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fuzzbawls Fuzzbawls Fuzzbawls approved these changes

+1 more reviewer

@random-zebra random-zebra random-zebra approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@furszy furszy

Labels

Upstream Wallet

Projects

None yet

Milestone

4.2.0

Development

Successfully merging this pull request may close these issues.

5 participants

@furszy @random-zebra @Fuzzbawls @sipa @theuni