AES128-CTR replacement

[chfast]

No description provided.

[gcolvin]

Looks like a clean translation of typical crypto code. If you wanted an OO interface then state_t could be wrapped with an AES class with Cipher() and BlockCopy() as public methods and the rest private.

[codecov-io]

Codecov Report

Merging #3638 into develop will decrease coverage by 0.77%.
The diff coverage is 86.86%.

@@             Coverage Diff             @@
##           develop    #3638      +/-   ##
===========================================
- Coverage    50.15%   49.37%   -0.78%     
===========================================
  Files          356      355       -1     
  Lines        26950    25996     -954     
  Branches      3222     3226       +4     
===========================================
- Hits         13517    12836     -681     
+ Misses       12287    12104     -183     
- Partials      1054     1056       +2

Impacted Files	Coverage Δ
libdevcrypto/SecretStore.cpp	43.82% <ø> (-5.28%)	❌
libethcore/KeyManager.cpp	43.7% <ø> (ø)	✅
test/libdevcrypto/crypto.cpp	95.24% <ø> (-0.43%)	❌
libdevcrypto/CryptoPP.cpp	81.48% <ø> (ø)	✅
libdevcrypto/Common.h	64.28% <ø> (-4.47%)	❌
libdevcrypto/Common.cpp	61.23% <ø> (+0.34%)	✅
libdevcrypto/AES.h	100% <100%> (ø)
test/libdevcrypto/AES.cpp	100% <100%> (ø)	✅
libdevcrypto/AES.cpp	78.37% <80.64%> (-3.98%)	❌
libethereum/Transaction.cpp	51.02% <0%> (-25.22%)	❌
... and 93 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ea88803...0dac6ca. Read the comment docs.

[chriseth]

Please mention that it was released under the "unlicense", roughly equivalent to a release to the public domain.

[chriseth]

i is bounded by Nb * (Nr + 1) and j is bounded by 4 - is there any easier way to (perhaps in an automated way) check that this does not go out of bounds with respect to roundKeys?

[chfast]

I hoped I will not have to decrypt this indexing :D

[chriseth]

Sorry, but this just looks like dynamite to me. Buffers passed as plain pointers with sizes resulting from formulas including weird constants, it is just too easy to confuse two constants here, and we don't really know how much this library is used, tested, etc.

[chfast]

I agree with @chriseth now. We should spend some time to find good AES implementation for both 128 and 256 (presale wallet) size.

[pirapira]

@chfast what's the status here?