mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 02:58:02 -06:00
wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class
This commit is contained in:
lealem47
GitHub
@@ -369,31 +369,34 @@ KeyReady: ;
|
||||
|
||||
switch (pkcs5_prf)
|
||||
{
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case SHA512:
|
||||
derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case STREEBOG:
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
|
||||
case STREEBOG:
|
||||
derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
default:
|
||||
#endif
|
||||
default:
|
||||
// Unknown/wrong ID
|
||||
TC_THROW_FATAL_EXCEPTION;
|
||||
}
|
||||
@@ -650,7 +653,8 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
|
||||
//
|
||||
// we have: TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE
|
||||
|
||||
WHIRLPOOL_CTX whirlpool;
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
WHIRLPOOL_CTX whirlpool;
|
||||
sha512_ctx sha2;
|
||||
|
||||
WHIRLPOOL_init (&whirlpool);
|
||||
@@ -667,6 +671,26 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
|
||||
|
||||
WHIRLPOOL_finalize (&whirlpool, fingerprint);
|
||||
sha512_end (&fingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
|
||||
#else
|
||||
sha512_ctx sha2_512;
|
||||
sha256_ctx sha2_256;
|
||||
|
||||
sha512_begin (&sha2_512);
|
||||
sha256_begin (&sha2_256);
|
||||
|
||||
sha512_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_512);
|
||||
sha256_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_256);
|
||||
|
||||
sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_512);
|
||||
sha256_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_256);
|
||||
|
||||
sha512_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_512);
|
||||
sha256_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_256);
|
||||
|
||||
sha512_end (&fingerprint, &sha2_512);
|
||||
sha256_end (&fingerprint [SHA512_DIGESTSIZE], &sha2_256);
|
||||
sha256_end (&fingerprint [SHA512_DIGESTSIZE + SHA256_DIGESTSIZE], &sha2_256);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -711,11 +735,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
#endif
|
||||
{
|
||||
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT)
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
|
||||
serpent_set_key (dk, cryptoInfo->ks);
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
|
||||
twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
|
||||
camellia_set_key (dk, cryptoInfo->ks);
|
||||
#else
|
||||
status = EAInit (dk, cryptoInfo->ks);
|
||||
@@ -729,11 +753,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
#endif
|
||||
// Secondary key schedule
|
||||
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT)
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
|
||||
serpent_set_key (dk + 32, cryptoInfo->ks2);
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
|
||||
twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
|
||||
camellia_set_key (dk + 32, cryptoInfo->ks2);
|
||||
#else
|
||||
EAInit (dk + 32, cryptoInfo->ks2);
|
||||
@@ -790,11 +814,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
|
||||
// Init the encryption algorithm with the decrypted master key
|
||||
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT)
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
|
||||
serpent_set_key (dk, cryptoInfo->ks);
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
|
||||
twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
|
||||
camellia_set_key (dk, cryptoInfo->ks);
|
||||
#else
|
||||
status = EAInit (dk, cryptoInfo->ks);
|
||||
@@ -809,11 +833,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
|
||||
// The secondary master key (if cascade, multiple concatenated)
|
||||
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT)
|
||||
#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
|
||||
serpent_set_key (dk + 32, cryptoInfo->ks2);
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
|
||||
#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
|
||||
twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
|
||||
#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
|
||||
camellia_set_key (dk + 32, cryptoInfo->ks2);
|
||||
#else
|
||||
EAInit (dk + 32, cryptoInfo->ks2);
|
||||
@@ -976,6 +1000,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
@@ -990,7 +1015,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
|
||||
derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
#endif
|
||||
default:
|
||||
// Unknown/wrong ID
|
||||
crypto_close (cryptoInfo);
|
||||
|
||||
Reference in New Issue
Block a user