diff options
author | lealem47 <60322859+lealem47@users.noreply.github.com> | 2023-11-12 16:51:31 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-13 00:51:31 +0100 |
commit | 9247ce1bb90c44d19a0069fadb12c0c480ac9b4f (patch) | |
tree | 66fb4728d502759271d03eba59d51c1a129b2ffb /src/Volume | |
parent | 458be85f84a097aa829658c50ce41d82791fb6a8 (diff) | |
download | VeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.tar.gz VeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.zip |
wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt
* Refactor to use EncryptionModeWolfCryptXTS class
Diffstat (limited to 'src/Volume')
-rw-r--r-- | src/Volume/Cipher.cpp | 58 | ||||
-rw-r--r-- | src/Volume/Cipher.h | 48 | ||||
-rw-r--r-- | src/Volume/EncryptionAlgorithm.cpp | 34 | ||||
-rw-r--r-- | src/Volume/EncryptionAlgorithm.h | 5 | ||||
-rw-r--r-- | src/Volume/EncryptionMode.cpp | 7 | ||||
-rw-r--r-- | src/Volume/EncryptionModeWolfCryptXTS.cpp | 119 | ||||
-rw-r--r-- | src/Volume/EncryptionModeWolfCryptXTS.h | 54 | ||||
-rw-r--r-- | src/Volume/EncryptionModeXTS.cpp | 6 | ||||
-rw-r--r-- | src/Volume/EncryptionTest.cpp | 62 | ||||
-rw-r--r-- | src/Volume/Hash.cpp | 11 | ||||
-rw-r--r-- | src/Volume/Hash.h | 4 | ||||
-rw-r--r-- | src/Volume/Pkcs5Kdf.cpp | 9 | ||||
-rw-r--r-- | src/Volume/Pkcs5Kdf.h | 5 | ||||
-rw-r--r-- | src/Volume/Volume.make | 192 | ||||
-rw-r--r-- | src/Volume/VolumeHeader.cpp | 48 | ||||
-rw-r--r-- | src/Volume/VolumeLayout.cpp | 38 |
16 files changed, 570 insertions, 130 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 8c6ce390..d0fb7bd5 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -94,11 +94,12 @@ namespace VeraCrypt CipherList l; l.push_back (shared_ptr <Cipher> (new CipherAES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <Cipher> (new CipherSerpent ())); l.push_back (shared_ptr <Cipher> (new CipherTwofish ())); l.push_back (shared_ptr <Cipher> (new CipherCamellia ())); l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ())); - + #endif return l; } @@ -115,6 +116,37 @@ namespace VeraCrypt Initialized = true; } + #ifdef WOLFCRYPT_BACKEND + void Cipher::SetKeyXTS (const ConstBufferPtr &key) + { + if (key.Size() != GetKeySize ()) + throw ParameterIncorrect (SRC_POS); + + if (!Initialized) + ScheduledKey.Allocate (GetScheduledKeySize ()); + + SetCipherKeyXTS (key); + Key.CopyFrom (key); + Initialized = true; + } + + void Cipher::EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + EncryptXTS (data, length, startDataUnitNo); + } + + void Cipher::DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + DecryptXTS (data, length, startDataUnitNo); + } + #endif + #define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) #undef TC_EXCEPTION_NODECL #define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) @@ -186,6 +218,26 @@ namespace VeraCrypt #endif Cipher::EncryptBlocks (data, blockCount); } + #ifdef WOLFCRYPT_BACKEND + void CipherAES::EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr()); + } + + void CipherAES::DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))); + } + + void CipherAES::SetCipherKeyXTS (const byte *key) + { + if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + + if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + } + #endif size_t CipherAES::GetScheduledKeySize () const { @@ -218,6 +270,7 @@ namespace VeraCrypt throw CipherInitError (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // Serpent void CipherSerpent::Decrypt (byte *data) const { @@ -465,5 +518,6 @@ namespace VeraCrypt return false; #endif } - bool Cipher::HwSupportEnabled = true; + #endif + bool Cipher::HwSupportEnabled = true; } diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 31a519a5..1b7fd233 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -28,8 +28,15 @@ namespace VeraCrypt virtual void DecryptBlock (byte *data) const; virtual void DecryptBlocks (byte *data, size_t blockCount) const; - static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } - virtual void EncryptBlock (byte *data) const; + #ifndef WOLFCRYPT_BACKEND + static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } + #else + static void EnableHwSupport (bool enable) { HwSupportEnabled = false; } + virtual void EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; + virtual void DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void EncryptBlock (byte *data) const; virtual void EncryptBlocks (byte *data, size_t blockCount) const; static CipherList GetAvailableCiphers (); virtual size_t GetBlockSize () const = 0; @@ -50,6 +57,11 @@ namespace VeraCrypt virtual void Encrypt (byte *data) const = 0; virtual size_t GetScheduledKeySize () const = 0; virtual void SetCipherKey (const byte *key) = 0; + #ifdef WOLFCRYPT_BACKEND + virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void SetCipherKeyXTS (const byte *key) = 0; + #endif static bool HwSupportEnabled; bool Initialized; @@ -69,6 +81,7 @@ namespace VeraCrypt CipherException (const string &message, const wstring &subject) : Exception (message, subject) { } }; +#ifdef WOLFCRYPT_BACKEND #define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ class TC_JOIN (Cipher,NAME) : public Cipher \ @@ -88,12 +101,43 @@ namespace VeraCrypt virtual void Encrypt (byte *data) const; \ virtual size_t GetScheduledKeySize () const; \ virtual void SetCipherKey (const byte *key); \ + virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \ + virtual void SetCipherKeyXTS (const byte *key); \ + virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \ \ private: \ TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ } +#else + +#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ + class TC_JOIN (Cipher,NAME) : public Cipher \ + { \ + public: \ + TC_JOIN (Cipher,NAME) () { } \ + virtual ~TC_JOIN (Cipher,NAME) () { } \ +\ + virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \ + virtual size_t GetKeySize () const { return KEY_SIZE; }; \ + virtual wstring GetName () const { return L###NAME; }; \ + virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \ + TC_CIPHER_ADD_METHODS \ +\ + protected: \ + virtual void Decrypt (byte *data) const; \ + virtual void Encrypt (byte *data) const; \ + virtual size_t GetScheduledKeySize () const; \ + virtual void SetCipherKey (const byte *key); \ +\ + private: \ + TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ + TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ + } + +#endif + #define TC_CIPHER_ADD_METHODS \ virtual void DecryptBlocks (byte *data, size_t blockCount) const; \ virtual void EncryptBlocks (byte *data, size_t blockCount) const; \ diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index 85d9be1c..0178da00 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -12,6 +12,9 @@ #include "EncryptionAlgorithm.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif namespace VeraCrypt { @@ -62,6 +65,7 @@ namespace VeraCrypt EncryptionAlgorithmList l; l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -76,7 +80,7 @@ namespace VeraCrypt l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - + #endif return l; } @@ -215,7 +219,25 @@ namespace VeraCrypt } } - void EncryptionAlgorithm::ValidateState () const + #ifdef WOLFCRYPT_BACKEND + void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key) + { + if (Ciphers.size() < 1) + throw NotInitialized (SRC_POS); + + if (GetKeySize() != key.Size()) + throw ParameterIncorrect (SRC_POS); + + size_t keyOffset = 0; + foreach_ref (Cipher &c, Ciphers) + { + c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize())); + keyOffset += c.GetKeySize(); + } + } + #endif + + void EncryptionAlgorithm::ValidateState () const { if (Ciphers.size() < 1 || Mode.get() == nullptr) throw NotInitialized (SRC_POS); @@ -226,9 +248,14 @@ namespace VeraCrypt { Ciphers.push_back (shared_ptr <Cipher> (new CipherAES())); + #ifdef WOLFCRYPT_BACKEND + SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #endif + } +#ifndef WOLFCRYPT_BACKEND // AES-Twofish AESTwofish::AESTwofish () { @@ -353,4 +380,5 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); } +#endif } diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index 56642146..d60082fa 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -46,7 +46,10 @@ namespace VeraCrypt virtual bool IsModeSupported (const EncryptionMode &mode) const; virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const; virtual void SetKey (const ConstBufferPtr &key); - virtual void SetMode (shared_ptr <EncryptionMode> mode); + #ifdef WOLFCRYPT_BACKEND + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void SetMode (shared_ptr <EncryptionMode> mode); protected: EncryptionAlgorithm (); diff --git a/src/Volume/EncryptionMode.cpp b/src/Volume/EncryptionMode.cpp index b7e5cc02..81d275b6 100644 --- a/src/Volume/EncryptionMode.cpp +++ b/src/Volume/EncryptionMode.cpp @@ -12,6 +12,9 @@ #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionThreadPool.h" namespace VeraCrypt @@ -38,7 +41,11 @@ namespace VeraCrypt { EncryptionModeList l; + #ifdef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #endif return l; } diff --git a/src/Volume/EncryptionModeWolfCryptXTS.cpp b/src/Volume/EncryptionModeWolfCryptXTS.cpp new file mode 100644 index 00000000..891f6007 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp @@ -0,0 +1,119 @@ + +#include "Crypto/cpu.h" +#include "Crypto/misc.h" +#include "EncryptionModeWolfCryptXTS.h" +#include "Common/Crypto.h" + +namespace VeraCrypt +{ + void EncryptionModeWolfCryptXTS::Encrypt (byte *data, uint64 length) const + { + EncryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin(); + + for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher) + { + EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + ++iSecondaryCipher; + } + + assert (iSecondaryCipher == SecondaryCiphers.end()); + } + + void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.EncryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + size_t EncryptionModeWolfCryptXTS::GetKeySize () const + { + if (Ciphers.empty()) + throw NotInitialized (SRC_POS); + + size_t keySize = 0; + foreach_ref (const Cipher &cipher, SecondaryCiphers) + { + keySize += cipher.GetKeySize(); + } + + return keySize; + } + + void EncryptionModeWolfCryptXTS::Decrypt (byte *data, uint64 length) const + { + DecryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end(); + + for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher) + { + --iSecondaryCipher; + DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + } + + assert (iSecondaryCipher == SecondaryCiphers.begin()); + } + + void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.DecryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers) + { + EncryptionMode::SetCiphers (ciphers); + + SecondaryCiphers.clear(); + + foreach_ref (const Cipher &cipher, ciphers) + { + SecondaryCiphers.push_back (cipher.GetNew()); + } + + if (SecondaryKey.Size() > 0) + SetSecondaryCipherKeys(); + } + + void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key) + { + SecondaryKey.Allocate (key.Size()); + SecondaryKey.CopyFrom (key); + + if (!SecondaryCiphers.empty()) + SetSecondaryCipherKeys(); + + } + + void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys () + { + size_t keyOffset = 0; + foreach_ref (Cipher &cipher, SecondaryCiphers) + { + cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); + keyOffset += cipher.GetKeySize(); + } + + KeySet = true; + } +} diff --git a/src/Volume/EncryptionModeWolfCryptXTS.h b/src/Volume/EncryptionModeWolfCryptXTS.h new file mode 100644 index 00000000..e432f768 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.h @@ -0,0 +1,54 @@ +/* + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS +#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS + +#include "Platform/Platform.h" +#include "EncryptionMode.h" + +namespace VeraCrypt +{ + class EncryptionModeWolfCryptXTS : public EncryptionMode + { + public: + EncryptionModeWolfCryptXTS () { } + virtual ~EncryptionModeWolfCryptXTS () { } + + virtual void Decrypt (byte *data, uint64 length) const; + virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Encrypt (byte *data, uint64 length) const; + virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual const SecureBuffer &GetKey () const { return SecondaryKey; } + virtual size_t GetKeySize () const; + virtual wstring GetName () const { return L"XTS"; }; + virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); } + virtual void SetCiphers (const CipherList &ciphers); + virtual void SetKey (const ConstBufferPtr &key); + + protected: + void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; + void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; + void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void SetSecondaryCipherKeys (); + + SecureBuffer SecondaryKey; + CipherList SecondaryCiphers; + + private: + EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &); + EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &); + }; +} + +#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS diff --git a/src/Volume/EncryptionModeXTS.cpp b/src/Volume/EncryptionModeXTS.cpp index 66f0ff62..56ee895c 100644 --- a/src/Volume/EncryptionModeXTS.cpp +++ b/src/Volume/EncryptionModeXTS.cpp @@ -69,7 +69,7 @@ namespace VeraCrypt void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const { - byte finalCarry; + byte finalCarry; byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; byte whiteningValue [BYTES_PER_XTS_BLOCK]; byte byteBufUnitNo [BYTES_PER_XTS_BLOCK]; @@ -374,7 +374,7 @@ namespace VeraCrypt FAST_ERASE64 (whiteningValue, sizeof (whiteningValue)); FAST_ERASE64 (whiteningValues, sizeof (whiteningValues)); - } + } void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { @@ -411,7 +411,7 @@ namespace VeraCrypt foreach_ref (Cipher &cipher, SecondaryCiphers) { cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); - keyOffset += cipher.GetKeySize(); + keyOffset += cipher.GetKeySize(); } KeySet = true; diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index bb9c3a0b..c900885e 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -16,6 +16,9 @@ #include "EncryptionAlgorithm.h" #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionTest.h" #include "Pkcs5Kdf.h" @@ -64,6 +67,7 @@ namespace VeraCrypt } }; + #ifndef WOLFCRYPT_BACKEND static const CipherTestVector SerpentTestVectors[] = { { @@ -151,6 +155,7 @@ namespace VeraCrypt } } }; + #endif static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) { @@ -190,6 +195,7 @@ namespace VeraCrypt if (origCrc != Crc32::ProcessBuffer (testData)) throw TestFailed (SRC_POS); + #ifndef WOLFCRYPT_BACKEND CipherSerpent serpent; TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors)); @@ -201,6 +207,7 @@ namespace VeraCrypt CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); + #endif } const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] = @@ -437,9 +444,16 @@ namespace VeraCrypt for (i = 0; i < array_capacity (XtsTestVectors); i++) { AES aes; - shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); - - aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); + #endif + + aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); + #endif xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); aes.SetMode (xts); @@ -494,7 +508,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -508,8 +526,11 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif - // Each data unit will contain the same plaintext + // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, @@ -556,6 +577,7 @@ namespace VeraCrypt break; } } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { switch (testCase) @@ -920,7 +942,7 @@ namespace VeraCrypt break; } } - + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -941,7 +963,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -955,6 +981,9 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) @@ -974,6 +1003,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { if (crc != 0x3494d480) @@ -1058,6 +1088,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -1069,8 +1100,11 @@ namespace VeraCrypt nTestsPerformed++; } - + #ifndef WOLFCRYPT_BACKEND if (nTestsPerformed != 150) + #else + if (nTestsPerformed != 10) + #endif throw TestFailed (SRC_POS); } @@ -1081,6 +1115,7 @@ namespace VeraCrypt ConstBufferPtr salt (saltData, sizeof (saltData)); Buffer derivedKey (4); + #ifndef WOLFCRYPT_BACKEND Pkcs5HmacBlake2s pkcs5HmacBlake2s; pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0) @@ -1105,5 +1140,16 @@ namespace VeraCrypt pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0) throw TestFailed (SRC_POS); - } + #else + Pkcs5HmacSha256 pkcs5HmacSha256; + pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0) + throw TestFailed (SRC_POS); + + Pkcs5HmacSha512 pkcs5HmacSha512; + pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0) + throw TestFailed (SRC_POS); + #endif + } } diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index aad900c1..d2e3e649 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -24,11 +24,12 @@ namespace VeraCrypt HashList l; l.push_back (shared_ptr <Hash> (new Sha512 ())); - l.push_back (shared_ptr <Hash> (new Whirlpool ())); - l.push_back (shared_ptr <Hash> (new Blake2s ())); l.push_back (shared_ptr <Hash> (new Sha256 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Hash> (new Blake2s ())); + l.push_back (shared_ptr <Hash> (new Whirlpool ())); l.push_back (shared_ptr <Hash> (new Streebog ())); - + #endif return l; } @@ -44,6 +45,7 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // RIPEMD-160 Blake2s::Blake2s () { @@ -67,6 +69,7 @@ namespace VeraCrypt if_debug (ValidateDataParameters (data)); blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size()); } + #endif // SHA-256 Sha256::Sha256 () @@ -116,6 +119,7 @@ namespace VeraCrypt sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr()); } + #ifndef WOLFCRYPT_BACKEND // Whirlpool Whirlpool::Whirlpool () { @@ -163,4 +167,5 @@ namespace VeraCrypt if_debug (ValidateDataParameters (data)); STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); } + #endif } diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index 0e464b37..5720eb50 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -48,6 +48,7 @@ namespace VeraCrypt Hash &operator= (const Hash &); }; + #ifndef WOLFCRYPT_BACKEND // Blake2s class Blake2s : public Hash { @@ -70,6 +71,7 @@ namespace VeraCrypt Blake2s (const Blake2s &); Blake2s &operator= (const Blake2s &); }; + #endif // SHA-256 class Sha256 : public Hash @@ -117,6 +119,7 @@ namespace VeraCrypt Sha512 &operator= (const Sha512 &); }; + #ifndef WOLFCRYPT_BACKEND // Whirlpool class Whirlpool : public Hash { @@ -162,6 +165,7 @@ namespace VeraCrypt Streebog (const Streebog &); Streebog &operator= (const Streebog &); }; + #endif } #endif // TC_HEADER_Encryption_Hash diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index ff49cefe..820f1121 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -56,10 +56,11 @@ namespace VeraCrypt l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - + #endif return l; } @@ -69,6 +70,7 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); @@ -80,6 +82,7 @@ namespace VeraCrypt ValidateParameters (key, password, salt, iterationCount); derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #endif void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { @@ -99,6 +102,7 @@ namespace VeraCrypt derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #ifndef WOLFCRYPT_BACKEND void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); @@ -116,4 +120,5 @@ namespace VeraCrypt ValidateParameters (key, password, salt, iterationCount); derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #endif } diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 9071caf0..fc83eb06 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -48,6 +48,7 @@ namespace VeraCrypt Pkcs5Kdf &operator= (const Pkcs5Kdf &); }; + #ifndef WOLFCRYPT_BACKEND class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf { public: @@ -81,6 +82,7 @@ namespace VeraCrypt Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &); Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &); }; + #endif class Pkcs5HmacSha256_Boot : public Pkcs5Kdf { @@ -132,7 +134,7 @@ namespace VeraCrypt Pkcs5HmacSha512 (const Pkcs5HmacSha512 &); Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &); }; - + #ifndef WOLFCRYPT_BACKEND class Pkcs5HmacWhirlpool : public Pkcs5Kdf { public: @@ -183,6 +185,7 @@ namespace VeraCrypt Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &); Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &); }; + #endif } #endif // TC_HEADER_Encryption_Pkcs5 diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index d69ec135..f81df229 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -16,7 +16,6 @@ OBJSNOOPT := OBJS += Cipher.o OBJS += EncryptionAlgorithm.o OBJS += EncryptionMode.o -OBJS += EncryptionModeXTS.o OBJS += EncryptionTest.o OBJS += EncryptionThreadPool.o OBJS += Hash.o @@ -30,58 +29,68 @@ OBJS += VolumeLayout.o OBJS += VolumePassword.o OBJS += VolumePasswordCache.o -ifeq "$(PLATFORM)" "MacOSX" - OBJSEX += ../Crypto/Aes_asm.oo - OBJS += ../Crypto/Aes_hw_cpu.o - OBJS += ../Crypto/Aescrypt.o - OBJSEX += ../Crypto/Twofish_asm.oo - OBJSEX += ../Crypto/Camellia_asm.oo - OBJSEX += ../Crypto/Camellia_aesni_asm.oo - OBJSEX += ../Crypto/sha256-nayuki.oo - OBJSEX += ../Crypto/sha512-nayuki.oo - OBJSEX += ../Crypto/sha256_avx1.oo - OBJSEX += ../Crypto/sha256_avx2.oo - OBJSEX += ../Crypto/sha256_sse4.oo - OBJSEX += ../Crypto/sha512_avx1.oo - OBJSEX += ../Crypto/sha512_avx2.oo - OBJSEX += ../Crypto/sha512_sse4.oo -else ifeq "$(CPU_ARCH)" "x86" - OBJS += ../Crypto/Aes_x86.o -ifeq "$(DISABLE_AESNI)" "0" - OBJS += ../Crypto/Aes_hw_cpu.o -endif - OBJS += ../Crypto/sha256-x86-nayuki.o - OBJS += ../Crypto/sha512-x86-nayuki.o -else ifeq "$(CPU_ARCH)" "x64" - OBJS += ../Crypto/Aes_x64.o -ifeq "$(DISABLE_AESNI)" "0" - OBJS += ../Crypto/Aes_hw_cpu.o -endif - OBJS += ../Crypto/Twofish_x64.o - OBJS += ../Crypto/Camellia_x64.o - OBJS += ../Crypto/Camellia_aesni_x64.o - OBJS += ../Crypto/sha512-x64-nayuki.o - OBJS += ../Crypto/sha256_avx1_x64.o - OBJS += ../Crypto/sha256_avx2_x64.o - OBJS += ../Crypto/sha256_sse4_x64.o - OBJS += ../Crypto/sha512_avx1_x64.o - OBJS += ../Crypto/sha512_avx2_x64.o - OBJS += ../Crypto/sha512_sse4_x64.o +ifeq "$(ENABLE_WOLFCRYPT)" "0" +OBJS += EncryptionModeXTS.o else - OBJS += ../Crypto/Aescrypt.o +OBJS += EncryptionModeWolfCryptXTS.o endif -ifeq "$(GCC_GTEQ_430)" "1" -OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 -OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 +ifeq "$(ENABLE_WOLFCRYPT)" "0" + ifeq "$(PLATFORM)" "MacOSX" + OBJSEX += ../Crypto/Aes_asm.oo + OBJS += ../Crypto/Aes_hw_cpu.o + OBJS += ../Crypto/Aescrypt.o + OBJSEX += ../Crypto/Twofish_asm.oo + OBJSEX += ../Crypto/Camellia_asm.oo + OBJSEX += ../Crypto/Camellia_aesni_asm.oo + OBJSEX += ../Crypto/sha256-nayuki.oo + OBJSEX += ../Crypto/sha512-nayuki.oo + OBJSEX += ../Crypto/sha256_avx1.oo + OBJSEX += ../Crypto/sha256_avx2.oo + OBJSEX += ../Crypto/sha256_sse4.oo + OBJSEX += ../Crypto/sha512_avx1.oo + OBJSEX += ../Crypto/sha512_avx2.oo + OBJSEX += ../Crypto/sha512_sse4.oo + else ifeq "$(CPU_ARCH)" "x86" + OBJS += ../Crypto/Aes_x86.o + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif + OBJS += ../Crypto/sha256-x86-nayuki.o + OBJS += ../Crypto/sha512-x86-nayuki.o + else ifeq "$(CPU_ARCH)" "x64" + OBJS += ../Crypto/Aes_x64.o + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif + OBJS += ../Crypto/Twofish_x64.o + OBJS += ../Crypto/Camellia_x64.o + OBJS += ../Crypto/Camellia_aesni_x64.o + OBJS += ../Crypto/sha512-x64-nayuki.o + OBJS += ../Crypto/sha256_avx1_x64.o + OBJS += ../Crypto/sha256_avx2_x64.o + OBJS += ../Crypto/sha256_sse4_x64.o + OBJS += ../Crypto/sha512_avx1_x64.o + OBJS += ../Crypto/sha512_avx2_x64.o + OBJS += ../Crypto/sha512_sse4_x64.o + else + OBJS += ../Crypto/Aescrypt.o + endif + + ifeq "$(GCC_GTEQ_430)" "1" + OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 + OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 + else + OBJS += ../Crypto/blake2s_SSE41.o + OBJS += ../Crypto/blake2s_SSSE3.o + endif else -OBJS += ../Crypto/blake2s_SSE41.o -OBJS += ../Crypto/blake2s_SSSE3.o + OBJS += ../Crypto/wolfCrypt.o endif +ifeq "$(ENABLE_WOLFCRYPT)" "0" OBJS += ../Crypto/Aeskey.o OBJS += ../Crypto/Aestab.o -OBJS += ../Crypto/cpu.o OBJS += ../Crypto/blake2s.o OBJS += ../Crypto/blake2s_SSE2.o OBJS += ../Crypto/SerpentFast.o @@ -93,6 +102,10 @@ OBJS += ../Crypto/Camellia.o OBJS += ../Crypto/Streebog.o OBJS += ../Crypto/kuznyechik.o OBJS += ../Crypto/kuznyechik_simd.o +OBJS += ../Common/Pkcs5.o +endif + +OBJS += ../Crypto/cpu.o OBJSNOOPT += ../Crypto/jitterentropy-base.o0 @@ -110,54 +123,55 @@ OBJS += ../Common/EMVCard.o OBJS += ../Common/EMVToken.o OBJS += ../Common/Endian.o OBJS += ../Common/GfMul.o -OBJS += ../Common/Pkcs5.o OBJS += ../Common/SecurityToken.o VolumeLibrary: Volume.a -ifeq "$(PLATFORM)" "MacOSX" -../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm - $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm - lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo - rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S -../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S -../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S -../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S - @echo Assembling $(<F) - $(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S - $(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S - lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo - rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm -../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm -../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm -../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S - @echo Assembling $(<F) - $(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S -../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm -../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm -../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm - @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm +ifeq "$(ENABLE_WOLFCRYPT)" "0" + ifeq "$(PLATFORM)" "MacOSX" + ../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm + $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm + lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo + rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o + ../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S + ../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S + ../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S + ../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S + @echo Assembling $(<F) + $(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S + $(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S + lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo + rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o + ../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm + ../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm + ../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm + ../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S + @echo Assembling $(<F) + $(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S + ../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm + ../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm + ../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm + @echo Assembling $(<F) + $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm + endif endif include $(BUILD_INC)/Makefile.inc diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index d8527ed5..57b63394 100644 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -12,6 +12,9 @@ #include "Crc32.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "Pkcs5Kdf.h" #include "Pkcs5Kdf.h" #include "VolumeHeader.h" @@ -76,8 +79,12 @@ namespace VeraCrypt } EA = options.EA; - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); - EA->SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ()); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); + #endif + EA->SetMode (mode); EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } @@ -100,17 +107,28 @@ namespace VeraCrypt foreach (shared_ptr <EncryptionMode> mode, encryptionModes) { - if (typeid (*mode) != typeid (EncryptionModeXTS)) - mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); + #ifdef WOLFCRYPT_BACKEND + if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS)) + #else + if (typeid (*mode) != typeid (EncryptionModeXTS)) + #endif + mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms) { if (!ea->IsModeSupported (mode)) continue; + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); + #endif mode = mode->GetNew(); mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); @@ -206,9 +224,16 @@ namespace VeraCrypt ea = ea->GetNew(); mode = mode->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + #endif mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); } else @@ -250,10 +275,17 @@ namespace VeraCrypt shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew(); shared_ptr <EncryptionAlgorithm> ea = EA->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); - ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); + #endif + mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); } else { diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index efb77649..3600d76f 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -12,6 +12,9 @@ #include "Volume/EncryptionMode.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "VolumeLayout.h" #include "Boot/Windows/BootCommon.h" @@ -66,6 +69,7 @@ namespace VeraCrypt HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -75,7 +79,10 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const @@ -97,6 +104,7 @@ namespace VeraCrypt BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -111,9 +119,12 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const { @@ -142,6 +153,7 @@ namespace VeraCrypt BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -158,6 +170,9 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const @@ -194,6 +209,7 @@ namespace VeraCrypt HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -208,9 +224,13 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const { @@ -226,10 +246,12 @@ namespace VeraCrypt { Pkcs5KdfList l; l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - return l; + #endif + return l; } } |