Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 03:18:26 -06:00
Code Activity

wolfCrypt as crypto backend for VeraCrypt (#1227)

Browse Source 
* wolfCrypt as crypto backend for VeraCrypt

* Refactor to use EncryptionModeWolfCryptXTS class
This commit is contained in:
lealem47
2023-11-12 16:51:31 -07:00
committed by GitHub
parent 458be85f84
commit 9247ce1bb9
36 changed files with 1104 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/Volume/Cipher.cpp
View File

@@ -94,11 +94,12 @@ namespace VeraCrypt
CipherList l;
l.push_back (shared_ptr <Cipher> (new CipherAES ()));
#ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
#endif
return l;
}
@@ -115,6 +116,37 @@ namespace VeraCrypt
Initialized = true;
}
#ifdef WOLFCRYPT_BACKEND
void Cipher::SetKeyXTS (const ConstBufferPtr &key)
{
if (key.Size() != GetKeySize ())
throw ParameterIncorrect (SRC_POS);
if (!Initialized)
ScheduledKey.Allocate (GetScheduledKeySize ());
SetCipherKeyXTS (key);
Key.CopyFrom (key);
Initialized = true;
}
void Cipher::EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
EncryptXTS (data, length, startDataUnitNo);
}
void Cipher::DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
DecryptXTS (data, length, startDataUnitNo);
}
#endif
#define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
#undef TC_EXCEPTION_NODECL
#define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
@@ -186,6 +218,26 @@ namespace VeraCrypt
#endif
Cipher::EncryptBlocks (data, blockCount);
}
#ifdef WOLFCRYPT_BACKEND
void CipherAES::EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
{
xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr());
}
void CipherAES::DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
{
xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx)));
}
void CipherAES::SetCipherKeyXTS (const byte *key)
{
if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
throw CipherInitError (SRC_POS);
if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
throw CipherInitError (SRC_POS);
}
#endif
size_t CipherAES::GetScheduledKeySize () const
{
@@ -218,6 +270,7 @@ namespace VeraCrypt
throw CipherInitError (SRC_POS);
}
#ifndef WOLFCRYPT_BACKEND
// Serpent
void CipherSerpent::Decrypt (byte *data) const
{
@@ -465,5 +518,6 @@ namespace VeraCrypt
return false;
#endif
}
bool Cipher::HwSupportEnabled = true;
#endif
bool Cipher::HwSupportEnabled = true;
}

48
src/Volume/Cipher.h
View File

@@ -28,8 +28,15 @@ namespace VeraCrypt
virtual void DecryptBlock (byte *data) const;
virtual void DecryptBlocks (byte *data, size_t blockCount) const;
static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
virtual void EncryptBlock (byte *data) const;
#ifndef WOLFCRYPT_BACKEND
static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
#else
static void EnableHwSupport (bool enable) { HwSupportEnabled = false; }
virtual void EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
virtual void DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
virtual void SetKeyXTS (const ConstBufferPtr &key);
#endif
virtual void EncryptBlock (byte *data) const;
virtual void EncryptBlocks (byte *data, size_t blockCount) const;
static CipherList GetAvailableCiphers ();
virtual size_t GetBlockSize () const = 0;
@@ -50,6 +57,11 @@ namespace VeraCrypt
virtual void Encrypt (byte *data) const = 0;
virtual size_t GetScheduledKeySize () const = 0;
virtual void SetCipherKey (const byte *key) = 0;
#ifdef WOLFCRYPT_BACKEND
virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
virtual void SetCipherKeyXTS (const byte *key) = 0;
#endif
static bool HwSupportEnabled;
bool Initialized;
@@ -69,6 +81,36 @@ namespace VeraCrypt
CipherException (const string &message, const wstring &subject) : Exception (message, subject) { }
};
#ifdef WOLFCRYPT_BACKEND
#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
class TC_JOIN (Cipher,NAME) : public Cipher \
{ \
public: \
TC_JOIN (Cipher,NAME) () { } \
virtual ~TC_JOIN (Cipher,NAME) () { } \
\
virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \
virtual size_t GetKeySize () const { return KEY_SIZE; }; \
virtual wstring GetName () const { return L###NAME; }; \
virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \
TC_CIPHER_ADD_METHODS \
\
protected: \
virtual void Decrypt (byte *data) const; \
virtual void Encrypt (byte *data) const; \
virtual size_t GetScheduledKeySize () const; \
virtual void SetCipherKey (const byte *key); \
virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
virtual void SetCipherKeyXTS (const byte *key); \
virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
\
private: \
TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
}
#else
#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
class TC_JOIN (Cipher,NAME) : public Cipher \
@@ -94,6 +136,8 @@ namespace VeraCrypt
TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
}
#endif
#define TC_CIPHER_ADD_METHODS \
virtual void DecryptBlocks (byte *data, size_t blockCount) const; \
virtual void EncryptBlocks (byte *data, size_t blockCount) const; \

34
src/Volume/EncryptionAlgorithm.cpp
View File

@@ -12,6 +12,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionModeXTS.h"
#ifdef WOLFCRYPT_BACKEND
#include "EncryptionModeWolfCryptXTS.h"
#endif
namespace VeraCrypt
{
@@ -62,6 +65,7 @@ namespace VeraCrypt
EncryptionAlgorithmList l;
l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
#ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -76,7 +80,7 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
#endif
return l;
}
@@ -215,7 +219,25 @@ namespace VeraCrypt
}
}
void EncryptionAlgorithm::ValidateState () const
#ifdef WOLFCRYPT_BACKEND
void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key)
{
if (Ciphers.size() < 1)
throw NotInitialized (SRC_POS);
if (GetKeySize() != key.Size())
throw ParameterIncorrect (SRC_POS);
size_t keyOffset = 0;
foreach_ref (Cipher &c, Ciphers)
{
c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize()));
keyOffset += c.GetKeySize();
}
}
#endif
void EncryptionAlgorithm::ValidateState () const
{
if (Ciphers.size() < 1 || Mode.get() == nullptr)
throw NotInitialized (SRC_POS);
@@ -226,9 +248,14 @@ namespace VeraCrypt
{
Ciphers.push_back (shared_ptr <Cipher> (new CipherAES()));
#ifdef WOLFCRYPT_BACKEND
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#else
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
#endif
}
#ifndef WOLFCRYPT_BACKEND
// AES-Twofish
AESTwofish::AESTwofish ()
{
@@ -353,4 +380,5 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
#endif
}

5
src/Volume/EncryptionAlgorithm.h
View File

@@ -46,7 +46,10 @@ namespace VeraCrypt
virtual bool IsModeSupported (const EncryptionMode &mode) const;
virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const;
virtual void SetKey (const ConstBufferPtr &key);
virtual void SetMode (shared_ptr <EncryptionMode> mode);
#ifdef WOLFCRYPT_BACKEND
virtual void SetKeyXTS (const ConstBufferPtr &key);
#endif
virtual void SetMode (shared_ptr <EncryptionMode> mode);
protected:
EncryptionAlgorithm ();

7
src/Volume/EncryptionMode.cpp
View File

@@ -12,6 +12,9 @@
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
#ifdef WOLFCRYPT_BACKEND
#include "EncryptionModeWolfCryptXTS.h"
#endif
#include "EncryptionThreadPool.h"
namespace VeraCrypt
@@ -38,7 +41,11 @@ namespace VeraCrypt
{
EncryptionModeList l;
#ifdef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#else
l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
#endif
return l;
}

119
src/Volume/EncryptionModeWolfCryptXTS.cpp Normal file
View File

@@ -0,0 +1,119 @@
#include "Crypto/cpu.h"
#include "Crypto/misc.h"
#include "EncryptionModeWolfCryptXTS.h"
#include "Common/Crypto.h"
namespace VeraCrypt
{
void EncryptionModeWolfCryptXTS::Encrypt (byte *data, uint64 length) const
{
EncryptBuffer (data, length, 0);
}
void EncryptionModeWolfCryptXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
{
if_debug (ValidateState());
CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin();
for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher)
{
EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
++iSecondaryCipher;
}
assert (iSecondaryCipher == SecondaryCiphers.end());
}
void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
cipher.EncryptBlockXTS(buffer, length, startDataUnitNo);
}
void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
}
size_t EncryptionModeWolfCryptXTS::GetKeySize () const
{
if (Ciphers.empty())
throw NotInitialized (SRC_POS);
size_t keySize = 0;
foreach_ref (const Cipher &cipher, SecondaryCiphers)
{
keySize += cipher.GetKeySize();
}
return keySize;
}
void EncryptionModeWolfCryptXTS::Decrypt (byte *data, uint64 length) const
{
DecryptBuffer (data, length, 0);
}
void EncryptionModeWolfCryptXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
{
if_debug (ValidateState());
CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end();
for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher)
{
--iSecondaryCipher;
DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
}
assert (iSecondaryCipher == SecondaryCiphers.begin());
}
void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
cipher.DecryptBlockXTS(buffer, length, startDataUnitNo);
}
void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
}
void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers)
{
EncryptionMode::SetCiphers (ciphers);
SecondaryCiphers.clear();
foreach_ref (const Cipher &cipher, ciphers)
{
SecondaryCiphers.push_back (cipher.GetNew());
}
if (SecondaryKey.Size() > 0)
SetSecondaryCipherKeys();
}
void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key)
{
SecondaryKey.Allocate (key.Size());
SecondaryKey.CopyFrom (key);
if (!SecondaryCiphers.empty())
SetSecondaryCipherKeys();
}
void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys ()
{
size_t keyOffset = 0;
foreach_ref (Cipher &cipher, SecondaryCiphers)
{
cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
keyOffset += cipher.GetKeySize();
}
KeySet = true;
}
}

54
src/Volume/EncryptionModeWolfCryptXTS.h Normal file
View File

@@ -0,0 +1,54 @@
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS
#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS
#include "Platform/Platform.h"
#include "EncryptionMode.h"
namespace VeraCrypt
{
class EncryptionModeWolfCryptXTS : public EncryptionMode
{
public:
EncryptionModeWolfCryptXTS () { }
virtual ~EncryptionModeWolfCryptXTS () { }
virtual void Decrypt (byte *data, uint64 length) const;
virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
virtual void Encrypt (byte *data, uint64 length) const;
virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
virtual const SecureBuffer &GetKey () const { return SecondaryKey; }
virtual size_t GetKeySize () const;
virtual wstring GetName () const { return L"XTS"; };
virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); }
virtual void SetCiphers (const CipherList &ciphers);
virtual void SetKey (const ConstBufferPtr &key);
protected:
void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
void SetSecondaryCipherKeys ();
SecureBuffer SecondaryKey;
CipherList SecondaryCiphers;
private:
EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &);
EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &);
};
}
#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS

6
src/Volume/EncryptionModeXTS.cpp
View File

@@ -69,7 +69,7 @@ namespace VeraCrypt
void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
byte finalCarry;
byte finalCarry;
byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
byte whiteningValue [BYTES_PER_XTS_BLOCK];
byte byteBufUnitNo [BYTES_PER_XTS_BLOCK];
@@ -374,7 +374,7 @@ namespace VeraCrypt
FAST_ERASE64 (whiteningValue, sizeof (whiteningValue));
FAST_ERASE64 (whiteningValues, sizeof (whiteningValues));
}
}
void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
@@ -411,7 +411,7 @@ namespace VeraCrypt
foreach_ref (Cipher &cipher, SecondaryCiphers)
{
cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
keyOffset += cipher.GetKeySize();
keyOffset += cipher.GetKeySize();
}
KeySet = true;

60
src/Volume/EncryptionTest.cpp
View File

@@ -16,6 +16,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
#ifdef WOLFCRYPT_BACKEND
#include "EncryptionModeWolfCryptXTS.h"
#endif
#include "EncryptionTest.h"
#include "Pkcs5Kdf.h"
@@ -64,6 +67,7 @@ namespace VeraCrypt
}
};
#ifndef WOLFCRYPT_BACKEND
static const CipherTestVector SerpentTestVectors[] =
{
{
@@ -151,6 +155,7 @@ namespace VeraCrypt
}
}
};
#endif
static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount)
{
@@ -190,6 +195,7 @@ namespace VeraCrypt
if (origCrc != Crc32::ProcessBuffer (testData))
throw TestFailed (SRC_POS);
#ifndef WOLFCRYPT_BACKEND
CipherSerpent serpent;
TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors));
@@ -201,6 +207,7 @@ namespace VeraCrypt
CipherKuznyechik kuznyechik;
TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
#endif
}
const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] =
@@ -437,9 +444,16 @@ namespace VeraCrypt
for (i = 0; i < array_capacity (XtsTestVectors); i++)
{
AES aes;
shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
#ifdef WOLFCRYPT_BACKEND
shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
#else
shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
#endif
aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
#ifdef WOLFCRYPT_BACKEND
aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
#endif
xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
aes.SetMode (xts);
@@ -494,7 +508,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
#ifdef WOLFCRYPT_BACKEND
shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
#else
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
#endif
if (!ea.IsModeSupported (mode))
continue;
@@ -508,8 +526,11 @@ namespace VeraCrypt
mode->SetKey (modeKey);
ea.SetMode (mode);
#ifdef WOLFCRYPT_BACKEND
ea.SetKeyXTS (modeKey);
#endif
// Each data unit will contain the same plaintext
// Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
{
memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE,
@@ -556,6 +577,7 @@ namespace VeraCrypt
break;
}
}
#ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
switch (testCase)
@@ -920,7 +942,7 @@ namespace VeraCrypt
break;
}
}
#endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -941,7 +963,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
#ifdef WOLFCRYPT_BACKEND
shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
#else
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
#endif
if (!ea.IsModeSupported (mode))
continue;
@@ -955,6 +981,9 @@ namespace VeraCrypt
mode->SetKey (modeKey);
ea.SetMode (mode);
#ifdef WOLFCRYPT_BACKEND
ea.SetKeyXTS (modeKey);
#endif
// Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
@@ -974,6 +1003,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
#ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
if (crc != 0x3494d480)
@@ -1058,6 +1088,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
#endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -1069,8 +1100,11 @@ namespace VeraCrypt
nTestsPerformed++;
}
#ifndef WOLFCRYPT_BACKEND
if (nTestsPerformed != 150)
#else
if (nTestsPerformed != 10)
#endif
throw TestFailed (SRC_POS);
}
@@ -1081,6 +1115,7 @@ namespace VeraCrypt
ConstBufferPtr salt (saltData, sizeof (saltData));
Buffer derivedKey (4);
#ifndef WOLFCRYPT_BACKEND
Pkcs5HmacBlake2s pkcs5HmacBlake2s;
pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
@@ -1105,5 +1140,16 @@ namespace VeraCrypt
pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
throw TestFailed (SRC_POS);
}
#else
Pkcs5HmacSha256 pkcs5HmacSha256;
pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0)
throw TestFailed (SRC_POS);
Pkcs5HmacSha512 pkcs5HmacSha512;
pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0)
throw TestFailed (SRC_POS);
#endif
}
}

11
src/Volume/Hash.cpp
View File

@@ -24,11 +24,12 @@ namespace VeraCrypt
HashList l;
l.push_back (shared_ptr <Hash> (new Sha512 ()));
l.push_back (shared_ptr <Hash> (new Whirlpool ()));
l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Sha256 ()));
#ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Whirlpool ()));
l.push_back (shared_ptr <Hash> (new Streebog ()));
#endif
return l;
}
@@ -44,6 +45,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
#ifndef WOLFCRYPT_BACKEND
// RIPEMD-160
Blake2s::Blake2s ()
{
@@ -67,6 +69,7 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
}
#endif
// SHA-256
Sha256::Sha256 ()
@@ -116,6 +119,7 @@ namespace VeraCrypt
sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr());
}
#ifndef WOLFCRYPT_BACKEND
// Whirlpool
Whirlpool::Whirlpool ()
{
@@ -163,4 +167,5 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
}
#endif
}

4
src/Volume/Hash.h
View File

@@ -48,6 +48,7 @@ namespace VeraCrypt
Hash &operator= (const Hash &);
};
#ifndef WOLFCRYPT_BACKEND
// Blake2s
class Blake2s : public Hash
{
@@ -70,6 +71,7 @@ namespace VeraCrypt
Blake2s (const Blake2s &);
Blake2s &operator= (const Blake2s &);
};
#endif
// SHA-256
class Sha256 : public Hash
@@ -117,6 +119,7 @@ namespace VeraCrypt
Sha512 &operator= (const Sha512 &);
};
#ifndef WOLFCRYPT_BACKEND
// Whirlpool
class Whirlpool : public Hash
{
@@ -162,6 +165,7 @@ namespace VeraCrypt
Streebog (const Streebog &);
Streebog &operator= (const Streebog &);
};
#endif
}
#endif // TC_HEADER_Encryption_Hash

9
src/Volume/Pkcs5Kdf.cpp
View File

@@ -56,10 +56,11 @@ namespace VeraCrypt
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
#ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
#endif
return l;
}
@@ -69,6 +70,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
#ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -80,6 +82,7 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
#endif
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
@@ -99,6 +102,7 @@ namespace VeraCrypt
derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
#ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -116,4 +120,5 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
#endif
}

5
src/Volume/Pkcs5Kdf.h
View File

@@ -48,6 +48,7 @@ namespace VeraCrypt
Pkcs5Kdf &operator= (const Pkcs5Kdf &);
};
#ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
{
public:
@@ -81,6 +82,7 @@ namespace VeraCrypt
Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
};
#endif
class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
{
@@ -132,7 +134,7 @@ namespace VeraCrypt
Pkcs5HmacSha512 (const Pkcs5HmacSha512 &);
Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &);
};
#ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacWhirlpool : public Pkcs5Kdf
{
public:
@@ -183,6 +185,7 @@ namespace VeraCrypt
Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &);
Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &);
};
#endif
}
#endif // TC_HEADER_Encryption_Pkcs5

192
src/Volume/Volume.make
View File

@@ -16,7 +16,6 @@ OBJSNOOPT :=
OBJS += Cipher.o
OBJS += EncryptionAlgorithm.o
OBJS += EncryptionMode.o
OBJS += EncryptionModeXTS.o
OBJS += EncryptionTest.o
OBJS += EncryptionThreadPool.o
OBJS += Hash.o
@@ -30,58 +29,68 @@ OBJS += VolumeLayout.o
OBJS += VolumePassword.o
OBJS += VolumePasswordCache.o
ifeq "$(PLATFORM)" "MacOSX"
OBJSEX += ../Crypto/Aes_asm.oo
OBJS += ../Crypto/Aes_hw_cpu.o
OBJS += ../Crypto/Aescrypt.o
OBJSEX += ../Crypto/Twofish_asm.oo
OBJSEX += ../Crypto/Camellia_asm.oo
OBJSEX += ../Crypto/Camellia_aesni_asm.oo
OBJSEX += ../Crypto/sha256-nayuki.oo
OBJSEX += ../Crypto/sha512-nayuki.oo
OBJSEX += ../Crypto/sha256_avx1.oo
OBJSEX += ../Crypto/sha256_avx2.oo
OBJSEX += ../Crypto/sha256_sse4.oo
OBJSEX += ../Crypto/sha512_avx1.oo
OBJSEX += ../Crypto/sha512_avx2.oo
OBJSEX += ../Crypto/sha512_sse4.oo
else ifeq "$(CPU_ARCH)" "x86"
OBJS += ../Crypto/Aes_x86.o
ifeq "$(DISABLE_AESNI)" "0"
OBJS += ../Crypto/Aes_hw_cpu.o
endif
OBJS += ../Crypto/sha256-x86-nayuki.o
OBJS += ../Crypto/sha512-x86-nayuki.o
else ifeq "$(CPU_ARCH)" "x64"
OBJS += ../Crypto/Aes_x64.o
ifeq "$(DISABLE_AESNI)" "0"
OBJS += ../Crypto/Aes_hw_cpu.o
endif
OBJS += ../Crypto/Twofish_x64.o
OBJS += ../Crypto/Camellia_x64.o
OBJS += ../Crypto/Camellia_aesni_x64.o
OBJS += ../Crypto/sha512-x64-nayuki.o
OBJS += ../Crypto/sha256_avx1_x64.o
OBJS += ../Crypto/sha256_avx2_x64.o
OBJS += ../Crypto/sha256_sse4_x64.o
OBJS += ../Crypto/sha512_avx1_x64.o
OBJS += ../Crypto/sha512_avx2_x64.o
OBJS += ../Crypto/sha512_sse4_x64.o
ifeq "$(ENABLE_WOLFCRYPT)" "0"
OBJS += EncryptionModeXTS.o
else
OBJS += ../Crypto/Aescrypt.o
OBJS += EncryptionModeWolfCryptXTS.o
endif
ifeq "$(GCC_GTEQ_430)" "1"
OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
ifeq "$(ENABLE_WOLFCRYPT)" "0"
ifeq "$(PLATFORM)" "MacOSX"
OBJSEX += ../Crypto/Aes_asm.oo
OBJS += ../Crypto/Aes_hw_cpu.o
OBJS += ../Crypto/Aescrypt.o
OBJSEX += ../Crypto/Twofish_asm.oo
OBJSEX += ../Crypto/Camellia_asm.oo
OBJSEX += ../Crypto/Camellia_aesni_asm.oo
OBJSEX += ../Crypto/sha256-nayuki.oo
OBJSEX += ../Crypto/sha512-nayuki.oo
OBJSEX += ../Crypto/sha256_avx1.oo
OBJSEX += ../Crypto/sha256_avx2.oo
OBJSEX += ../Crypto/sha256_sse4.oo
OBJSEX += ../Crypto/sha512_avx1.oo
OBJSEX += ../Crypto/sha512_avx2.oo
OBJSEX += ../Crypto/sha512_sse4.oo
else ifeq "$(CPU_ARCH)" "x86"
OBJS += ../Crypto/Aes_x86.o
ifeq "$(DISABLE_AESNI)" "0"
OBJS += ../Crypto/Aes_hw_cpu.o
endif
OBJS += ../Crypto/sha256-x86-nayuki.o
OBJS += ../Crypto/sha512-x86-nayuki.o
else ifeq "$(CPU_ARCH)" "x64"
OBJS += ../Crypto/Aes_x64.o
ifeq "$(DISABLE_AESNI)" "0"
OBJS += ../Crypto/Aes_hw_cpu.o
endif
OBJS += ../Crypto/Twofish_x64.o
OBJS += ../Crypto/Camellia_x64.o
OBJS += ../Crypto/Camellia_aesni_x64.o
OBJS += ../Crypto/sha512-x64-nayuki.o
OBJS += ../Crypto/sha256_avx1_x64.o
OBJS += ../Crypto/sha256_avx2_x64.o
OBJS += ../Crypto/sha256_sse4_x64.o
OBJS += ../Crypto/sha512_avx1_x64.o
OBJS += ../Crypto/sha512_avx2_x64.o
OBJS += ../Crypto/sha512_sse4_x64.o
else
OBJS += ../Crypto/Aescrypt.o
endif
ifeq "$(GCC_GTEQ_430)" "1"
OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
else
OBJS += ../Crypto/blake2s_SSE41.o
OBJS += ../Crypto/blake2s_SSSE3.o
endif
else
OBJS += ../Crypto/blake2s_SSE41.o
OBJS += ../Crypto/blake2s_SSSE3.o
OBJS += ../Crypto/wolfCrypt.o
endif
ifeq "$(ENABLE_WOLFCRYPT)" "0"
OBJS += ../Crypto/Aeskey.o
OBJS += ../Crypto/Aestab.o
OBJS += ../Crypto/cpu.o
OBJS += ../Crypto/blake2s.o
OBJS += ../Crypto/blake2s_SSE2.o
OBJS += ../Crypto/SerpentFast.o
@@ -93,6 +102,10 @@ OBJS += ../Crypto/Camellia.o
OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o
OBJS += ../Common/Pkcs5.o
endif
OBJS += ../Crypto/cpu.o
OBJSNOOPT += ../Crypto/jitterentropy-base.o0
@@ -110,54 +123,55 @@ OBJS += ../Common/EMVCard.o
OBJS += ../Common/EMVToken.o
OBJS += ../Common/Endian.o
OBJS += ../Common/GfMul.o
OBJS += ../Common/Pkcs5.o
OBJS += ../Common/SecurityToken.o
VolumeLibrary: Volume.a
ifeq "$(PLATFORM)" "MacOSX"
../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
$(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm
lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo
rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S
../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S
lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo
rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o
../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm
../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm
../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm
../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
@echo Assembling $(<F)
$(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S
../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm
../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm
../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
ifeq "$(ENABLE_WOLFCRYPT)" "0"
ifeq "$(PLATFORM)" "MacOSX"
../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
$(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm
lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo
rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S
../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S
lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo
rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o
../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm
../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm
../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm
../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
@echo Assembling $(<F)
$(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S
../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm
../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm
../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
endif
endif
include $(BUILD_INC)/Makefile.inc

48
src/Volume/VolumeHeader.cpp
View File

@@ -12,6 +12,9 @@
#include "Crc32.h"
#include "EncryptionModeXTS.h"
#ifdef WOLFCRYPT_BACKEND
#include "EncryptionModeWolfCryptXTS.h"
#endif
#include "Pkcs5Kdf.h"
#include "Pkcs5Kdf.h"
#include "VolumeHeader.h"
@@ -76,8 +79,12 @@ namespace VeraCrypt
}
EA = options.EA;
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
EA->SetMode (mode);
#ifdef WOLFCRYPT_BACKEND
shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
#else
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
#endif
EA->SetMode (mode);
EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
}
@@ -100,17 +107,28 @@ namespace VeraCrypt
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
if (typeid (*mode) != typeid (EncryptionModeXTS))
mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
#ifdef WOLFCRYPT_BACKEND
if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS))
#else
if (typeid (*mode) != typeid (EncryptionModeXTS))
#endif
mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
{
if (!ea->IsModeSupported (mode))
continue;
#ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
#else
if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
{
ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
#endif
mode = mode->GetNew();
mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
@@ -206,9 +224,16 @@ namespace VeraCrypt
ea = ea->GetNew();
mode = mode->GetNew();
#ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
#else
if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
{
ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
#endif
mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
}
else
@@ -250,10 +275,17 @@ namespace VeraCrypt
shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew();
shared_ptr <EncryptionAlgorithm> ea = EA->GetNew();
#ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
#else
if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
{
ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
#endif
mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
}
else
{

38
src/Volume/VolumeLayout.cpp
View File

@@ -12,6 +12,9 @@
#include "Volume/EncryptionMode.h"
#include "Volume/EncryptionModeXTS.h"
#ifdef WOLFCRYPT_BACKEND
#include "Volume/EncryptionModeWolfCryptXTS.h"
#endif
#include "VolumeLayout.h"
#include "Boot/Windows/BootCommon.h"
@@ -66,6 +69,7 @@ namespace VeraCrypt
HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
#ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -75,7 +79,10 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
#else
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#endif
}
uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const
@@ -97,6 +104,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
#ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -111,9 +119,12 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
#else
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#endif
}
uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const
{
@@ -142,6 +153,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
#ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -158,6 +170,9 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
#else
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#endif
}
uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const
@@ -194,6 +209,7 @@ namespace VeraCrypt
HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
#ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -208,9 +224,13 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
#else
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
#endif
}
uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const
{
@@ -226,10 +246,12 @@ namespace VeraCrypt
{
Pkcs5KdfList l;
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
#ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
return l;
#endif
return l;
}
}