VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Volume
diff options
context:
space:
mode:
authorlealem47 <60322859+lealem47@users.noreply.github.com>2023-11-12 16:51:31 -0700
committerGitHub <noreply@github.com>2023-11-13 00:51:31 +0100
commit9247ce1bb90c44d19a0069fadb12c0c480ac9b4f (patch)
tree66fb4728d502759271d03eba59d51c1a129b2ffb /src/Volume
parent458be85f84a097aa829658c50ce41d82791fb6a8 (diff)
downloadVeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.tar.gz
VeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.zip
wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class
Diffstat (limited to 'src/Volume')
-rw-r--r--src/Volume/Cipher.cpp58
-rw-r--r--src/Volume/Cipher.h48
-rw-r--r--src/Volume/EncryptionAlgorithm.cpp34
-rw-r--r--src/Volume/EncryptionAlgorithm.h5
-rw-r--r--src/Volume/EncryptionMode.cpp7
-rw-r--r--src/Volume/EncryptionModeWolfCryptXTS.cpp119
-rw-r--r--src/Volume/EncryptionModeWolfCryptXTS.h54
-rw-r--r--src/Volume/EncryptionModeXTS.cpp6
-rw-r--r--src/Volume/EncryptionTest.cpp62
-rw-r--r--src/Volume/Hash.cpp11
-rw-r--r--src/Volume/Hash.h4
-rw-r--r--src/Volume/Pkcs5Kdf.cpp9
-rw-r--r--src/Volume/Pkcs5Kdf.h5
-rw-r--r--src/Volume/Volume.make192
-rw-r--r--src/Volume/VolumeHeader.cpp48
-rw-r--r--src/Volume/VolumeLayout.cpp38
16 files changed, 570 insertions, 130 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 8c6ce390..d0fb7bd5 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -94,11 +94,12 @@ namespace VeraCrypt
CipherList l;
l.push_back (shared_ptr <Cipher> (new CipherAES ()));
+ #ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
-
+ #endif
return l;
}
@@ -115,6 +116,37 @@ namespace VeraCrypt
Initialized = true;
}
+ #ifdef WOLFCRYPT_BACKEND
+ void Cipher::SetKeyXTS (const ConstBufferPtr &key)
+ {
+ if (key.Size() != GetKeySize ())
+ throw ParameterIncorrect (SRC_POS);
+
+ if (!Initialized)
+ ScheduledKey.Allocate (GetScheduledKeySize ());
+
+ SetCipherKeyXTS (key);
+ Key.CopyFrom (key);
+ Initialized = true;
+ }
+
+ void Cipher::EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if (!Initialized)
+ throw NotInitialized (SRC_POS);
+
+ EncryptXTS (data, length, startDataUnitNo);
+ }
+
+ void Cipher::DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if (!Initialized)
+ throw NotInitialized (SRC_POS);
+
+ DecryptXTS (data, length, startDataUnitNo);
+ }
+ #endif
+
#define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
#undef TC_EXCEPTION_NODECL
#define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
@@ -186,6 +218,26 @@ namespace VeraCrypt
#endif
Cipher::EncryptBlocks (data, blockCount);
}
+ #ifdef WOLFCRYPT_BACKEND
+ void CipherAES::EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr());
+ }
+
+ void CipherAES::DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx)));
+ }
+
+ void CipherAES::SetCipherKeyXTS (const byte *key)
+ {
+ if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
+ throw CipherInitError (SRC_POS);
+
+ if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
+ throw CipherInitError (SRC_POS);
+ }
+ #endif
size_t CipherAES::GetScheduledKeySize () const
{
@@ -218,6 +270,7 @@ namespace VeraCrypt
throw CipherInitError (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
// Serpent
void CipherSerpent::Decrypt (byte *data) const
{
@@ -465,5 +518,6 @@ namespace VeraCrypt
return false;
#endif
}
- bool Cipher::HwSupportEnabled = true;
+ #endif
+ bool Cipher::HwSupportEnabled = true;
}
diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h
index 31a519a5..1b7fd233 100644
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@@ -28,8 +28,15 @@ namespace VeraCrypt
virtual void DecryptBlock (byte *data) const;
virtual void DecryptBlocks (byte *data, size_t blockCount) const;
- static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
- virtual void EncryptBlock (byte *data) const;
+ #ifndef WOLFCRYPT_BACKEND
+ static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
+ #else
+ static void EnableHwSupport (bool enable) { HwSupportEnabled = false; }
+ virtual void EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
+ virtual void DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const;
+ virtual void SetKeyXTS (const ConstBufferPtr &key);
+ #endif
+ virtual void EncryptBlock (byte *data) const;
virtual void EncryptBlocks (byte *data, size_t blockCount) const;
static CipherList GetAvailableCiphers ();
virtual size_t GetBlockSize () const = 0;
@@ -50,6 +57,11 @@ namespace VeraCrypt
virtual void Encrypt (byte *data) const = 0;
virtual size_t GetScheduledKeySize () const = 0;
virtual void SetCipherKey (const byte *key) = 0;
+ #ifdef WOLFCRYPT_BACKEND
+ virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
+ virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0;
+ virtual void SetCipherKeyXTS (const byte *key) = 0;
+ #endif
static bool HwSupportEnabled;
bool Initialized;
@@ -69,6 +81,7 @@ namespace VeraCrypt
CipherException (const string &message, const wstring &subject) : Exception (message, subject) { }
};
+#ifdef WOLFCRYPT_BACKEND
#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
class TC_JOIN (Cipher,NAME) : public Cipher \
@@ -88,12 +101,43 @@ namespace VeraCrypt
virtual void Encrypt (byte *data) const; \
virtual size_t GetScheduledKeySize () const; \
virtual void SetCipherKey (const byte *key); \
+ virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
+ virtual void SetCipherKeyXTS (const byte *key); \
+ virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \
\
private: \
TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
}
+#else
+
+#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
+ class TC_JOIN (Cipher,NAME) : public Cipher \
+ { \
+ public: \
+ TC_JOIN (Cipher,NAME) () { } \
+ virtual ~TC_JOIN (Cipher,NAME) () { } \
+\
+ virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \
+ virtual size_t GetKeySize () const { return KEY_SIZE; }; \
+ virtual wstring GetName () const { return L###NAME; }; \
+ virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \
+ TC_CIPHER_ADD_METHODS \
+\
+ protected: \
+ virtual void Decrypt (byte *data) const; \
+ virtual void Encrypt (byte *data) const; \
+ virtual size_t GetScheduledKeySize () const; \
+ virtual void SetCipherKey (const byte *key); \
+\
+ private: \
+ TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
+ TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
+ }
+
+#endif
+
#define TC_CIPHER_ADD_METHODS \
virtual void DecryptBlocks (byte *data, size_t blockCount) const; \
virtual void EncryptBlocks (byte *data, size_t blockCount) const; \
diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp
index 85d9be1c..0178da00 100644
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@@ -12,6 +12,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
namespace VeraCrypt
{
@@ -62,6 +65,7 @@ namespace VeraCrypt
EncryptionAlgorithmList l;
l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -76,7 +80,7 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
+ #endif
return l;
}
@@ -215,7 +219,25 @@ namespace VeraCrypt
}
}
- void EncryptionAlgorithm::ValidateState () const
+ #ifdef WOLFCRYPT_BACKEND
+ void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key)
+ {
+ if (Ciphers.size() < 1)
+ throw NotInitialized (SRC_POS);
+
+ if (GetKeySize() != key.Size())
+ throw ParameterIncorrect (SRC_POS);
+
+ size_t keyOffset = 0;
+ foreach_ref (Cipher &c, Ciphers)
+ {
+ c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize()));
+ keyOffset += c.GetKeySize();
+ }
+ }
+ #endif
+
+ void EncryptionAlgorithm::ValidateState () const
{
if (Ciphers.size() < 1 || Mode.get() == nullptr)
throw NotInitialized (SRC_POS);
@@ -226,9 +248,14 @@ namespace VeraCrypt
{
Ciphers.push_back (shared_ptr <Cipher> (new CipherAES()));
+ #ifdef WOLFCRYPT_BACKEND
+ SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #else
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+ #endif
+ }
+#ifndef WOLFCRYPT_BACKEND
// AES-Twofish
AESTwofish::AESTwofish ()
{
@@ -353,4 +380,5 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
+#endif
}
diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h
index 56642146..d60082fa 100644
--- a/src/Volume/EncryptionAlgorithm.h
+++ b/src/Volume/EncryptionAlgorithm.h
@@ -46,7 +46,10 @@ namespace VeraCrypt
virtual bool IsModeSupported (const EncryptionMode &mode) const;
virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const;
virtual void SetKey (const ConstBufferPtr &key);
- virtual void SetMode (shared_ptr <EncryptionMode> mode);
+ #ifdef WOLFCRYPT_BACKEND
+ virtual void SetKeyXTS (const ConstBufferPtr &key);
+ #endif
+ virtual void SetMode (shared_ptr <EncryptionMode> mode);
protected:
EncryptionAlgorithm ();
diff --git a/src/Volume/EncryptionMode.cpp b/src/Volume/EncryptionMode.cpp
index b7e5cc02..81d275b6 100644
--- a/src/Volume/EncryptionMode.cpp
+++ b/src/Volume/EncryptionMode.cpp
@@ -12,6 +12,9 @@
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "EncryptionThreadPool.h"
namespace VeraCrypt
@@ -38,7 +41,11 @@ namespace VeraCrypt
{
EncryptionModeList l;
+ #ifdef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #else
l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #endif
return l;
}
diff --git a/src/Volume/EncryptionModeWolfCryptXTS.cpp b/src/Volume/EncryptionModeWolfCryptXTS.cpp
new file mode 100644
index 00000000..891f6007
--- /dev/null
+++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp
@@ -0,0 +1,119 @@
+
+#include "Crypto/cpu.h"
+#include "Crypto/misc.h"
+#include "EncryptionModeWolfCryptXTS.h"
+#include "Common/Crypto.h"
+
+namespace VeraCrypt
+{
+ void EncryptionModeWolfCryptXTS::Encrypt (byte *data, uint64 length) const
+ {
+ EncryptBuffer (data, length, 0);
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if_debug (ValidateState());
+
+ CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin();
+
+ for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher)
+ {
+ EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
+ ++iSecondaryCipher;
+ }
+
+ assert (iSecondaryCipher == SecondaryCiphers.end());
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ {
+ cipher.EncryptBlockXTS(buffer, length, startDataUnitNo);
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ {
+ EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
+ }
+
+ size_t EncryptionModeWolfCryptXTS::GetKeySize () const
+ {
+ if (Ciphers.empty())
+ throw NotInitialized (SRC_POS);
+
+ size_t keySize = 0;
+ foreach_ref (const Cipher &cipher, SecondaryCiphers)
+ {
+ keySize += cipher.GetKeySize();
+ }
+
+ return keySize;
+ }
+
+ void EncryptionModeWolfCryptXTS::Decrypt (byte *data, uint64 length) const
+ {
+ DecryptBuffer (data, length, 0);
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if_debug (ValidateState());
+
+ CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end();
+
+ for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher)
+ {
+ --iSecondaryCipher;
+ DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
+ }
+
+ assert (iSecondaryCipher == SecondaryCiphers.begin());
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ {
+ cipher.DecryptBlockXTS(buffer, length, startDataUnitNo);
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ {
+ DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
+ }
+
+ void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers)
+ {
+ EncryptionMode::SetCiphers (ciphers);
+
+ SecondaryCiphers.clear();
+
+ foreach_ref (const Cipher &cipher, ciphers)
+ {
+ SecondaryCiphers.push_back (cipher.GetNew());
+ }
+
+ if (SecondaryKey.Size() > 0)
+ SetSecondaryCipherKeys();
+ }
+
+ void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key)
+ {
+ SecondaryKey.Allocate (key.Size());
+ SecondaryKey.CopyFrom (key);
+
+ if (!SecondaryCiphers.empty())
+ SetSecondaryCipherKeys();
+
+ }
+
+ void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys ()
+ {
+ size_t keyOffset = 0;
+ foreach_ref (Cipher &cipher, SecondaryCiphers)
+ {
+ cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
+ keyOffset += cipher.GetKeySize();
+ }
+
+ KeySet = true;
+ }
+}
diff --git a/src/Volume/EncryptionModeWolfCryptXTS.h b/src/Volume/EncryptionModeWolfCryptXTS.h
new file mode 100644
index 00000000..e432f768
--- /dev/null
+++ b/src/Volume/EncryptionModeWolfCryptXTS.h
@@ -0,0 +1,54 @@
+/*
+ Derived from source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
+ by the TrueCrypt License 3.0.
+
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages.
+*/
+
+#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS
+#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS
+
+#include "Platform/Platform.h"
+#include "EncryptionMode.h"
+
+namespace VeraCrypt
+{
+ class EncryptionModeWolfCryptXTS : public EncryptionMode
+ {
+ public:
+ EncryptionModeWolfCryptXTS () { }
+ virtual ~EncryptionModeWolfCryptXTS () { }
+
+ virtual void Decrypt (byte *data, uint64 length) const;
+ virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void Encrypt (byte *data, uint64 length) const;
+ virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual const SecureBuffer &GetKey () const { return SecondaryKey; }
+ virtual size_t GetKeySize () const;
+ virtual wstring GetName () const { return L"XTS"; };
+ virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); }
+ virtual void SetCiphers (const CipherList &ciphers);
+ virtual void SetKey (const ConstBufferPtr &key);
+
+ protected:
+ void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
+ void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
+ void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void SetSecondaryCipherKeys ();
+
+ SecureBuffer SecondaryKey;
+ CipherList SecondaryCiphers;
+
+ private:
+ EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &);
+ EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &);
+ };
+}
+
+#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS
diff --git a/src/Volume/EncryptionModeXTS.cpp b/src/Volume/EncryptionModeXTS.cpp
index 66f0ff62..56ee895c 100644
--- a/src/Volume/EncryptionModeXTS.cpp
+++ b/src/Volume/EncryptionModeXTS.cpp
@@ -69,7 +69,7 @@ namespace VeraCrypt
void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
- byte finalCarry;
+ byte finalCarry;
byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
byte whiteningValue [BYTES_PER_XTS_BLOCK];
byte byteBufUnitNo [BYTES_PER_XTS_BLOCK];
@@ -374,7 +374,7 @@ namespace VeraCrypt
FAST_ERASE64 (whiteningValue, sizeof (whiteningValue));
FAST_ERASE64 (whiteningValues, sizeof (whiteningValues));
- }
+ }
void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
@@ -411,7 +411,7 @@ namespace VeraCrypt
foreach_ref (Cipher &cipher, SecondaryCiphers)
{
cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
- keyOffset += cipher.GetKeySize();
+ keyOffset += cipher.GetKeySize();
}
KeySet = true;
diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp
index bb9c3a0b..c900885e 100644
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@@ -16,6 +16,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "EncryptionTest.h"
#include "Pkcs5Kdf.h"
@@ -64,6 +67,7 @@ namespace VeraCrypt
}
};
+ #ifndef WOLFCRYPT_BACKEND
static const CipherTestVector SerpentTestVectors[] =
{
{
@@ -151,6 +155,7 @@ namespace VeraCrypt
}
}
};
+ #endif
static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount)
{
@@ -190,6 +195,7 @@ namespace VeraCrypt
if (origCrc != Crc32::ProcessBuffer (testData))
throw TestFailed (SRC_POS);
+ #ifndef WOLFCRYPT_BACKEND
CipherSerpent serpent;
TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors));
@@ -201,6 +207,7 @@ namespace VeraCrypt
CipherKuznyechik kuznyechik;
TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
+ #endif
}
const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] =
@@ -437,9 +444,16 @@ namespace VeraCrypt
for (i = 0; i < array_capacity (XtsTestVectors); i++)
{
AES aes;
- shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
-
- aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
+ #else
+ shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
+ #endif
+
+ aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
+ #ifdef WOLFCRYPT_BACKEND
+ aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
+ #endif
xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
aes.SetMode (xts);
@@ -494,7 +508,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
- shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
+ #else
+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #endif
if (!ea.IsModeSupported (mode))
continue;
@@ -508,8 +526,11 @@ namespace VeraCrypt
mode->SetKey (modeKey);
ea.SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ ea.SetKeyXTS (modeKey);
+ #endif
- // Each data unit will contain the same plaintext
+ // Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
{
memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE,
@@ -556,6 +577,7 @@ namespace VeraCrypt
break;
}
}
+ #ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
switch (testCase)
@@ -920,7 +942,7 @@ namespace VeraCrypt
break;
}
}
-
+ #endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -941,7 +963,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
+ #else
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #endif
if (!ea.IsModeSupported (mode))
continue;
@@ -955,6 +981,9 @@ namespace VeraCrypt
mode->SetKey (modeKey);
ea.SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ ea.SetKeyXTS (modeKey);
+ #endif
// Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
@@ -974,6 +1003,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
+ #ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
if (crc != 0x3494d480)
@@ -1058,6 +1088,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
+ #endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -1069,8 +1100,11 @@ namespace VeraCrypt
nTestsPerformed++;
}
-
+ #ifndef WOLFCRYPT_BACKEND
if (nTestsPerformed != 150)
+ #else
+ if (nTestsPerformed != 10)
+ #endif
throw TestFailed (SRC_POS);
}
@@ -1081,6 +1115,7 @@ namespace VeraCrypt
ConstBufferPtr salt (saltData, sizeof (saltData));
Buffer derivedKey (4);
+ #ifndef WOLFCRYPT_BACKEND
Pkcs5HmacBlake2s pkcs5HmacBlake2s;
pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
@@ -1105,5 +1140,16 @@ namespace VeraCrypt
pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
throw TestFailed (SRC_POS);
- }
+ #else
+ Pkcs5HmacSha256 pkcs5HmacSha256;
+ pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0)
+ throw TestFailed (SRC_POS);
+
+ Pkcs5HmacSha512 pkcs5HmacSha512;
+ pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0)
+ throw TestFailed (SRC_POS);
+ #endif
+ }
}
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index aad900c1..d2e3e649 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -24,11 +24,12 @@ namespace VeraCrypt
HashList l;
l.push_back (shared_ptr <Hash> (new Sha512 ()));
- l.push_back (shared_ptr <Hash> (new Whirlpool ()));
- l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Sha256 ()));
+ #ifndef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <Hash> (new Blake2s ()));
+ l.push_back (shared_ptr <Hash> (new Whirlpool ()));
l.push_back (shared_ptr <Hash> (new Streebog ()));
-
+ #endif
return l;
}
@@ -44,6 +45,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
// RIPEMD-160
Blake2s::Blake2s ()
{
@@ -67,6 +69,7 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
}
+ #endif
// SHA-256
Sha256::Sha256 ()
@@ -116,6 +119,7 @@ namespace VeraCrypt
sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr());
}
+ #ifndef WOLFCRYPT_BACKEND
// Whirlpool
Whirlpool::Whirlpool ()
{
@@ -163,4 +167,5 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
}
+ #endif
}
diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h
index 0e464b37..5720eb50 100644
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@@ -48,6 +48,7 @@ namespace VeraCrypt
Hash &operator= (const Hash &);
};
+ #ifndef WOLFCRYPT_BACKEND
// Blake2s
class Blake2s : public Hash
{
@@ -70,6 +71,7 @@ namespace VeraCrypt
Blake2s (const Blake2s &);
Blake2s &operator= (const Blake2s &);
};
+ #endif
// SHA-256
class Sha256 : public Hash
@@ -117,6 +119,7 @@ namespace VeraCrypt
Sha512 &operator= (const Sha512 &);
};
+ #ifndef WOLFCRYPT_BACKEND
// Whirlpool
class Whirlpool : public Hash
{
@@ -162,6 +165,7 @@ namespace VeraCrypt
Streebog (const Streebog &);
Streebog &operator= (const Streebog &);
};
+ #endif
}
#endif // TC_HEADER_Encryption_Hash
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index ff49cefe..820f1121 100644
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -56,10 +56,11 @@ namespace VeraCrypt
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
+ #ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
-
+ #endif
return l;
}
@@ -69,6 +70,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -80,6 +82,7 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #endif
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
@@ -99,6 +102,7 @@ namespace VeraCrypt
derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -116,4 +120,5 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #endif
}
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index 9071caf0..fc83eb06 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -48,6 +48,7 @@ namespace VeraCrypt
Pkcs5Kdf &operator= (const Pkcs5Kdf &);
};
+ #ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
{
public:
@@ -81,6 +82,7 @@ namespace VeraCrypt
Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
};
+ #endif
class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
{
@@ -132,7 +134,7 @@ namespace VeraCrypt
Pkcs5HmacSha512 (const Pkcs5HmacSha512 &);
Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &);
};
-
+ #ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacWhirlpool : public Pkcs5Kdf
{
public:
@@ -183,6 +185,7 @@ namespace VeraCrypt
Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &);
Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &);
};
+ #endif
}
#endif // TC_HEADER_Encryption_Pkcs5
diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make
index d69ec135..f81df229 100644
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -16,7 +16,6 @@ OBJSNOOPT :=
OBJS += Cipher.o
OBJS += EncryptionAlgorithm.o
OBJS += EncryptionMode.o
-OBJS += EncryptionModeXTS.o
OBJS += EncryptionTest.o
OBJS += EncryptionThreadPool.o
OBJS += Hash.o
@@ -30,58 +29,68 @@ OBJS += VolumeLayout.o
OBJS += VolumePassword.o
OBJS += VolumePasswordCache.o
-ifeq "$(PLATFORM)" "MacOSX"
- OBJSEX += ../Crypto/Aes_asm.oo
- OBJS += ../Crypto/Aes_hw_cpu.o
- OBJS += ../Crypto/Aescrypt.o
- OBJSEX += ../Crypto/Twofish_asm.oo
- OBJSEX += ../Crypto/Camellia_asm.oo
- OBJSEX += ../Crypto/Camellia_aesni_asm.oo
- OBJSEX += ../Crypto/sha256-nayuki.oo
- OBJSEX += ../Crypto/sha512-nayuki.oo
- OBJSEX += ../Crypto/sha256_avx1.oo
- OBJSEX += ../Crypto/sha256_avx2.oo
- OBJSEX += ../Crypto/sha256_sse4.oo
- OBJSEX += ../Crypto/sha512_avx1.oo
- OBJSEX += ../Crypto/sha512_avx2.oo
- OBJSEX += ../Crypto/sha512_sse4.oo
-else ifeq "$(CPU_ARCH)" "x86"
- OBJS += ../Crypto/Aes_x86.o
-ifeq "$(DISABLE_AESNI)" "0"
- OBJS += ../Crypto/Aes_hw_cpu.o
-endif
- OBJS += ../Crypto/sha256-x86-nayuki.o
- OBJS += ../Crypto/sha512-x86-nayuki.o
-else ifeq "$(CPU_ARCH)" "x64"
- OBJS += ../Crypto/Aes_x64.o
-ifeq "$(DISABLE_AESNI)" "0"
- OBJS += ../Crypto/Aes_hw_cpu.o
-endif
- OBJS += ../Crypto/Twofish_x64.o
- OBJS += ../Crypto/Camellia_x64.o
- OBJS += ../Crypto/Camellia_aesni_x64.o
- OBJS += ../Crypto/sha512-x64-nayuki.o
- OBJS += ../Crypto/sha256_avx1_x64.o
- OBJS += ../Crypto/sha256_avx2_x64.o
- OBJS += ../Crypto/sha256_sse4_x64.o
- OBJS += ../Crypto/sha512_avx1_x64.o
- OBJS += ../Crypto/sha512_avx2_x64.o
- OBJS += ../Crypto/sha512_sse4_x64.o
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
+OBJS += EncryptionModeXTS.o
else
- OBJS += ../Crypto/Aescrypt.o
+OBJS += EncryptionModeWolfCryptXTS.o
endif
-ifeq "$(GCC_GTEQ_430)" "1"
-OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
-OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
+ ifeq "$(PLATFORM)" "MacOSX"
+ OBJSEX += ../Crypto/Aes_asm.oo
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ OBJS += ../Crypto/Aescrypt.o
+ OBJSEX += ../Crypto/Twofish_asm.oo
+ OBJSEX += ../Crypto/Camellia_asm.oo
+ OBJSEX += ../Crypto/Camellia_aesni_asm.oo
+ OBJSEX += ../Crypto/sha256-nayuki.oo
+ OBJSEX += ../Crypto/sha512-nayuki.oo
+ OBJSEX += ../Crypto/sha256_avx1.oo
+ OBJSEX += ../Crypto/sha256_avx2.oo
+ OBJSEX += ../Crypto/sha256_sse4.oo
+ OBJSEX += ../Crypto/sha512_avx1.oo
+ OBJSEX += ../Crypto/sha512_avx2.oo
+ OBJSEX += ../Crypto/sha512_sse4.oo
+ else ifeq "$(CPU_ARCH)" "x86"
+ OBJS += ../Crypto/Aes_x86.o
+ ifeq "$(DISABLE_AESNI)" "0"
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ endif
+ OBJS += ../Crypto/sha256-x86-nayuki.o
+ OBJS += ../Crypto/sha512-x86-nayuki.o
+ else ifeq "$(CPU_ARCH)" "x64"
+ OBJS += ../Crypto/Aes_x64.o
+ ifeq "$(DISABLE_AESNI)" "0"
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ endif
+ OBJS += ../Crypto/Twofish_x64.o
+ OBJS += ../Crypto/Camellia_x64.o
+ OBJS += ../Crypto/Camellia_aesni_x64.o
+ OBJS += ../Crypto/sha512-x64-nayuki.o
+ OBJS += ../Crypto/sha256_avx1_x64.o
+ OBJS += ../Crypto/sha256_avx2_x64.o
+ OBJS += ../Crypto/sha256_sse4_x64.o
+ OBJS += ../Crypto/sha512_avx1_x64.o
+ OBJS += ../Crypto/sha512_avx2_x64.o
+ OBJS += ../Crypto/sha512_sse4_x64.o
+ else
+ OBJS += ../Crypto/Aescrypt.o
+ endif
+
+ ifeq "$(GCC_GTEQ_430)" "1"
+ OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
+ OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+ else
+ OBJS += ../Crypto/blake2s_SSE41.o
+ OBJS += ../Crypto/blake2s_SSSE3.o
+ endif
else
-OBJS += ../Crypto/blake2s_SSE41.o
-OBJS += ../Crypto/blake2s_SSSE3.o
+ OBJS += ../Crypto/wolfCrypt.o
endif
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
OBJS += ../Crypto/Aeskey.o
OBJS += ../Crypto/Aestab.o
-OBJS += ../Crypto/cpu.o
OBJS += ../Crypto/blake2s.o
OBJS += ../Crypto/blake2s_SSE2.o
OBJS += ../Crypto/SerpentFast.o
@@ -93,6 +102,10 @@ OBJS += ../Crypto/Camellia.o
OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o
+OBJS += ../Common/Pkcs5.o
+endif
+
+OBJS += ../Crypto/cpu.o
OBJSNOOPT += ../Crypto/jitterentropy-base.o0
@@ -110,54 +123,55 @@ OBJS += ../Common/EMVCard.o
OBJS += ../Common/EMVToken.o
OBJS += ../Common/Endian.o
OBJS += ../Common/GfMul.o
-OBJS += ../Common/Pkcs5.o
OBJS += ../Common/SecurityToken.o
VolumeLibrary: Volume.a
-ifeq "$(PLATFORM)" "MacOSX"
-../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
- $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm
- lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo
- rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
-../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
-../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
-../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S
-../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S
- $(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S
- lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo
- rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o
-../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm
-../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm
-../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm
-../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
- @echo Assembling $(<F)
- $(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S
-../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm
-../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm
-../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
- @echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
+ ifeq "$(PLATFORM)" "MacOSX"
+ ../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
+ $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm
+ lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo
+ rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
+ ../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
+ ../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
+ ../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_aesni_asm.oo ../Crypto/Camellia_aesni_x64.S
+ ../Crypto/sha256-nayuki.oo: ../Crypto/sha256-x86-nayuki.S
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS32) -p gas -o ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x86-nayuki.S
+ $(AS) $(ASFLAGS64) -p gas -o ../Crypto/sha256-x64-nayuki.o ../Crypto/sha256-x64-nayuki.S
+ lipo -create ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o -output ../Crypto/sha256-nayuki.oo
+ rm -fr ../Crypto/sha256-x86-nayuki.o ../Crypto/sha256-x64-nayuki.o
+ ../Crypto/sha256_avx1.oo: ../Crypto/sha256_avx1_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx1.oo ../Crypto/sha256_avx1_x64.asm
+ ../Crypto/sha256_avx2.oo: ../Crypto/sha256_avx2_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha256_avx2.oo ../Crypto/sha256_avx2_x64.asm
+ ../Crypto/sha256_sse4.oo: ../Crypto/sha256_sse4_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha256_sse4.oo ../Crypto/sha256_sse4_x64.asm
+ ../Crypto/sha512-nayuki.oo: ../Crypto/sha512-x64-nayuki.S
+ @echo Assembling $(<F)
+ $(AS) -p gas $(ASFLAGS64) -o ../Crypto/sha512-nayuki.oo ../Crypto/sha512-x64-nayuki.S
+ ../Crypto/sha512_avx1.oo: ../Crypto/sha512_avx1_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx1.oo ../Crypto/sha512_avx1_x64.asm
+ ../Crypto/sha512_avx2.oo: ../Crypto/sha512_avx2_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm
+ ../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm
+ @echo Assembling $(<F)
+ $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
+ endif
endif
include $(BUILD_INC)/Makefile.inc
diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp
index d8527ed5..57b63394 100644
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@@ -12,6 +12,9 @@
#include "Crc32.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "Pkcs5Kdf.h"
#include "Pkcs5Kdf.h"
#include "VolumeHeader.h"
@@ -76,8 +79,12 @@ namespace VeraCrypt
}
EA = options.EA;
- shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
- EA->SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
+ #else
+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
+ #endif
+ EA->SetMode (mode);
EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
}
@@ -100,17 +107,28 @@ namespace VeraCrypt
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
- if (typeid (*mode) != typeid (EncryptionModeXTS))
- mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
+ #ifdef WOLFCRYPT_BACKEND
+ if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS))
+ #else
+ if (typeid (*mode) != typeid (EncryptionModeXTS))
+ #endif
+ mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
{
if (!ea->IsModeSupported (mode))
continue;
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
+ #endif
mode = mode->GetNew();
mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
@@ -206,9 +224,16 @@ namespace VeraCrypt
ea = ea->GetNew();
mode = mode->GetNew();
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
+ #endif
mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
}
else
@@ -250,10 +275,17 @@ namespace VeraCrypt
shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew();
shared_ptr <EncryptionAlgorithm> ea = EA->GetNew();
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
- ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
+ #endif
+ mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
}
else
{
diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp
index efb77649..3600d76f 100644
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@@ -12,6 +12,9 @@
#include "Volume/EncryptionMode.h"
#include "Volume/EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "Volume/EncryptionModeWolfCryptXTS.h"
+#endif
#include "VolumeLayout.h"
#include "Boot/Windows/BootCommon.h"
@@ -66,6 +69,7 @@ namespace VeraCrypt
HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -75,7 +79,10 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
- SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
}
uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const
@@ -97,6 +104,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -111,9 +119,12 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
+
+ }
uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const
{
@@ -142,6 +153,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -158,6 +170,9 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
}
uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const
@@ -194,6 +209,7 @@ namespace VeraCrypt
HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -208,9 +224,13 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
- SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
+
+ }
uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const
{
@@ -226,10 +246,12 @@ namespace VeraCrypt
{
Pkcs5KdfList l;
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
+ #ifndef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
- return l;
+ #endif
+ return l;
}
}