diff options
Diffstat (limited to 'src/Volume')
38 files changed, 706 insertions, 223 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 8c6ce390..54bce73d 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -47,19 +47,19 @@ namespace VeraCrypt Cipher::~Cipher () { } - void Cipher::DecryptBlock (byte *data) const + void Cipher::DecryptBlock (uint8 *data) const { if (!Initialized) throw NotInitialized (SRC_POS); Decrypt (data); } - void Cipher::DecryptBlocks (byte *data, size_t blockCount) const + void Cipher::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); while (blockCount-- > 0) @@ -67,19 +67,19 @@ namespace VeraCrypt Decrypt (data); data += GetBlockSize(); } } - void Cipher::EncryptBlock (byte *data) const + void Cipher::EncryptBlock (uint8 *data) const { if (!Initialized) throw NotInitialized (SRC_POS); Encrypt (data); } - void Cipher::EncryptBlocks (byte *data, size_t blockCount) const + void Cipher::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); while (blockCount-- > 0) @@ -92,15 +92,16 @@ namespace VeraCrypt CipherList Cipher::GetAvailableCiphers () { CipherList l; l.push_back (shared_ptr <Cipher> (new CipherAES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <Cipher> (new CipherSerpent ())); l.push_back (shared_ptr <Cipher> (new CipherTwofish ())); l.push_back (shared_ptr <Cipher> (new CipherCamellia ())); l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ())); - + #endif return l; } void Cipher::SetKey (const ConstBufferPtr &key) { @@ -113,29 +114,60 @@ namespace VeraCrypt SetCipherKey (key); Key.CopyFrom (key); Initialized = true; } + #ifdef WOLFCRYPT_BACKEND + void Cipher::SetKeyXTS (const ConstBufferPtr &key) + { + if (key.Size() != GetKeySize ()) + throw ParameterIncorrect (SRC_POS); + + if (!Initialized) + ScheduledKey.Allocate (GetScheduledKeySize ()); + + SetCipherKeyXTS (key); + Key.CopyFrom (key); + Initialized = true; + } + + void Cipher::EncryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + EncryptXTS (data, length, startDataUnitNo); + } + + void Cipher::DecryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + DecryptXTS (data, length, startDataUnitNo); + } + #endif + #define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) #undef TC_EXCEPTION_NODECL #define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) TC_SERIALIZER_FACTORY_ADD_EXCEPTION_SET (CipherException); // AES - void CipherAES::Decrypt (byte *data) const + void CipherAES::Decrypt (uint8 *data) const { #ifdef TC_AES_HW_CPU if (IsHwSupportAvailable()) aes_hw_cpu_decrypt (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx), data); else #endif aes_decrypt (data, data, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))); } - void CipherAES::DecryptBlocks (byte *data, size_t blockCount) const + void CipherAES::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #ifdef TC_AES_HW_CPU @@ -153,21 +185,21 @@ namespace VeraCrypt else #endif Cipher::DecryptBlocks (data, blockCount); } - void CipherAES::Encrypt (byte *data) const + void CipherAES::Encrypt (uint8 *data) const { #ifdef TC_AES_HW_CPU if (IsHwSupportAvailable()) aes_hw_cpu_encrypt (ScheduledKey.Ptr(), data); else #endif aes_encrypt (data, data, (aes_encrypt_ctx *) ScheduledKey.Ptr()); } - void CipherAES::EncryptBlocks (byte *data, size_t blockCount) const + void CipherAES::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #ifdef TC_AES_HW_CPU @@ -184,10 +216,30 @@ namespace VeraCrypt } else #endif Cipher::EncryptBlocks (data, blockCount); } + #ifdef WOLFCRYPT_BACKEND + void CipherAES::EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr()); + } + + void CipherAES::DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))); + } + + void CipherAES::SetCipherKeyXTS (const uint8 *key) + { + if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + + if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + } + #endif size_t CipherAES::GetScheduledKeySize () const { return sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx); } @@ -207,41 +259,42 @@ namespace VeraCrypt #else return false; #endif } - void CipherAES::SetCipherKey (const byte *key) + void CipherAES::SetCipherKey (const uint8 *key) { if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS) throw CipherInitError (SRC_POS); if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS) throw CipherInitError (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // Serpent - void CipherSerpent::Decrypt (byte *data) const + void CipherSerpent::Decrypt (uint8 *data) const { serpent_decrypt (data, data, ScheduledKey); } - void CipherSerpent::Encrypt (byte *data) const + void CipherSerpent::Encrypt (uint8 *data) const { serpent_encrypt (data, data, ScheduledKey); } size_t CipherSerpent::GetScheduledKeySize () const { return 140*4; } - void CipherSerpent::SetCipherKey (const byte *key) + void CipherSerpent::SetCipherKey (const uint8 *key) { serpent_set_key (key, ScheduledKey); } - void CipherSerpent::EncryptBlocks (byte *data, size_t blockCount) const + void CipherSerpent::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM) @@ -253,11 +306,11 @@ namespace VeraCrypt else #endif Cipher::EncryptBlocks (data, blockCount); } - void CipherSerpent::DecryptBlocks (byte *data, size_t blockCount) const + void CipherSerpent::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM) @@ -288,31 +341,31 @@ namespace VeraCrypt #endif } // Twofish - void CipherTwofish::Decrypt (byte *data) const + void CipherTwofish::Decrypt (uint8 *data) const { twofish_decrypt ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *)data, (unsigned int *)data); } - void CipherTwofish::Encrypt (byte *data) const + void CipherTwofish::Encrypt (uint8 *data) const { twofish_encrypt ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *)data, (unsigned int *)data); } size_t CipherTwofish::GetScheduledKeySize () const { return TWOFISH_KS; } - void CipherTwofish::SetCipherKey (const byte *key) + void CipherTwofish::SetCipherKey (const uint8 *key) { twofish_set_key ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *) key); } - void CipherTwofish::EncryptBlocks (byte *data, size_t blockCount) const + void CipherTwofish::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) @@ -320,11 +373,11 @@ namespace VeraCrypt #else Cipher::EncryptBlocks (data, blockCount); #endif } - void CipherTwofish::DecryptBlocks (byte *data, size_t blockCount) const + void CipherTwofish::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) @@ -342,31 +395,31 @@ namespace VeraCrypt return false; #endif } // Camellia - void CipherCamellia::Decrypt (byte *data) const + void CipherCamellia::Decrypt (uint8 *data) const { camellia_decrypt (data, data, ScheduledKey.Ptr()); } - void CipherCamellia::Encrypt (byte *data) const + void CipherCamellia::Encrypt (uint8 *data) const { camellia_encrypt (data, data, ScheduledKey.Ptr()); } size_t CipherCamellia::GetScheduledKeySize () const { return CAMELLIA_KS; } - void CipherCamellia::SetCipherKey (const byte *key) + void CipherCamellia::SetCipherKey (const uint8 *key) { camellia_set_key (key, ScheduledKey.Ptr()); } - void CipherCamellia::EncryptBlocks (byte *data, size_t blockCount) const + void CipherCamellia::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) @@ -374,11 +427,11 @@ namespace VeraCrypt #else Cipher::EncryptBlocks (data, blockCount); #endif } - void CipherCamellia::DecryptBlocks (byte *data, size_t blockCount) const + void CipherCamellia::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) @@ -396,30 +449,30 @@ namespace VeraCrypt return false; #endif } // Kuznyechik - void CipherKuznyechik::Decrypt (byte *data) const + void CipherKuznyechik::Decrypt (uint8 *data) const { kuznyechik_decrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr()); } - void CipherKuznyechik::Encrypt (byte *data) const + void CipherKuznyechik::Encrypt (uint8 *data) const { kuznyechik_encrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr()); } size_t CipherKuznyechik::GetScheduledKeySize () const { return KUZNYECHIK_KS; } - void CipherKuznyechik::SetCipherKey (const byte *key) + void CipherKuznyechik::SetCipherKey (const uint8 *key) { kuznyechik_set_key (key, (kuznyechik_kds *) ScheduledKey.Ptr()); } - void CipherKuznyechik::EncryptBlocks (byte *data, size_t blockCount) const + void CipherKuznyechik::EncryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE @@ -431,11 +484,11 @@ namespace VeraCrypt else #endif Cipher::EncryptBlocks (data, blockCount); } - void CipherKuznyechik::DecryptBlocks (byte *data, size_t blockCount) const + void CipherKuznyechik::DecryptBlocks (uint8 *data, size_t blockCount) const { if (!Initialized) throw NotInitialized (SRC_POS); #if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE @@ -463,7 +516,8 @@ namespace VeraCrypt return state; #else return false; #endif } - bool Cipher::HwSupportEnabled = true; + #endif + bool Cipher::HwSupportEnabled = true; } diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 31a519a5..4c0d4893 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -24,15 +24,22 @@ namespace VeraCrypt class Cipher { public: virtual ~Cipher (); - virtual void DecryptBlock (byte *data) const; - virtual void DecryptBlocks (byte *data, size_t blockCount) const; - static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } - virtual void EncryptBlock (byte *data) const; - virtual void EncryptBlocks (byte *data, size_t blockCount) const; + virtual void DecryptBlock (uint8 *data) const; + virtual void DecryptBlocks (uint8 *data, size_t blockCount) const; + #ifndef WOLFCRYPT_BACKEND + static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } + #else + static void EnableHwSupport (bool enable) { HwSupportEnabled = false; } + virtual void EncryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + virtual void DecryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void EncryptBlock (uint8 *data) const; + virtual void EncryptBlocks (uint8 *data, size_t blockCount) const; static CipherList GetAvailableCiphers (); virtual size_t GetBlockSize () const = 0; virtual const SecureBuffer &GetKey () const { return Key; } virtual size_t GetKeySize () const = 0; virtual wstring GetName () const = 0; @@ -44,14 +51,19 @@ namespace VeraCrypt static const int MaxBlockSize = 16; protected: Cipher (); - virtual void Decrypt (byte *data) const = 0; - virtual void Encrypt (byte *data) const = 0; + virtual void Decrypt (uint8 *data) const = 0; + virtual void Encrypt (uint8 *data) const = 0; virtual size_t GetScheduledKeySize () const = 0; - virtual void SetCipherKey (const byte *key) = 0; + virtual void SetCipherKey (const uint8 *key) = 0; + #ifdef WOLFCRYPT_BACKEND + virtual void DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void SetCipherKeyXTS (const uint8 *key) = 0; + #endif static bool HwSupportEnabled; bool Initialized; SecureBuffer Key; SecureBuffer ScheduledKey; @@ -67,10 +79,11 @@ namespace VeraCrypt CipherException () { } CipherException (const string &message) : Exception (message) { } CipherException (const string &message, const wstring &subject) : Exception (message, subject) { } }; +#ifdef WOLFCRYPT_BACKEND #define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ class TC_JOIN (Cipher,NAME) : public Cipher \ { \ public: \ @@ -82,23 +95,54 @@ namespace VeraCrypt virtual wstring GetName () const { return L###NAME; }; \ virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \ TC_CIPHER_ADD_METHODS \ \ protected: \ - virtual void Decrypt (byte *data) const; \ - virtual void Encrypt (byte *data) const; \ + virtual void Decrypt (uint8 *data) const; \ + virtual void Encrypt (uint8 *data) const; \ virtual size_t GetScheduledKeySize () const; \ - virtual void SetCipherKey (const byte *key); \ + virtual void SetCipherKey (const uint8 *key); \ + virtual void DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; \ + virtual void SetCipherKeyXTS (const uint8 *key); \ + virtual void EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; \ \ private: \ TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ } +#else + +#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ + class TC_JOIN (Cipher,NAME) : public Cipher \ + { \ + public: \ + TC_JOIN (Cipher,NAME) () { } \ + virtual ~TC_JOIN (Cipher,NAME) () { } \ +\ + virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \ + virtual size_t GetKeySize () const { return KEY_SIZE; }; \ + virtual wstring GetName () const { return L###NAME; }; \ + virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \ + TC_CIPHER_ADD_METHODS \ +\ + protected: \ + virtual void Decrypt (uint8 *data) const; \ + virtual void Encrypt (uint8 *data) const; \ + virtual size_t GetScheduledKeySize () const; \ + virtual void SetCipherKey (const uint8 *key); \ +\ + private: \ + TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ + TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ + } + +#endif + #define TC_CIPHER_ADD_METHODS \ - virtual void DecryptBlocks (byte *data, size_t blockCount) const; \ - virtual void EncryptBlocks (byte *data, size_t blockCount) const; \ + virtual void DecryptBlocks (uint8 *data, size_t blockCount) const; \ + virtual void EncryptBlocks (uint8 *data, size_t blockCount) const; \ virtual bool IsHwSupportAvailable () const; TC_CIPHER (AES, 16, 32); TC_CIPHER (Serpent, 16, 32); TC_CIPHER (Twofish, 16, 32); diff --git a/src/Volume/Crc32.h b/src/Volume/Crc32.h index ced20457..4b1ee045 100644 --- a/src/Volume/Crc32.h +++ b/src/Volume/Crc32.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -24,18 +24,18 @@ namespace VeraCrypt Crc32 () : CrcValue (0xffffFFFF) { }; virtual ~Crc32 () { }; uint32 Get () const { return CrcValue ^ 0xffffFFFF; } - uint32 Process (byte data) + uint32 Process (uint8 data) { - return CrcValue = crc_32_tab[(byte) (CrcValue ^ data)] ^ (CrcValue >> 8); + return CrcValue = crc_32_tab[(uint8) (CrcValue ^ data)] ^ (CrcValue >> 8); } static uint32 ProcessBuffer (const ConstBufferPtr &buffer) { - return ::GetCrc32 (const_cast<byte *> (buffer.Get()), static_cast<int> (buffer.Size())); + return ::GetCrc32 (const_cast<uint8 *> (buffer.Get()), static_cast<int> (buffer.Size())); } protected: uint32 CrcValue; diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index 85d9be1c..5090a254 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -2,18 +2,21 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include "EncryptionAlgorithm.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif namespace VeraCrypt { EncryptionAlgorithm::EncryptionAlgorithm () : Deprecated (false) { @@ -21,49 +24,50 @@ namespace VeraCrypt EncryptionAlgorithm::~EncryptionAlgorithm () { } - void EncryptionAlgorithm::Decrypt (byte *data, uint64 length) const + void EncryptionAlgorithm::Decrypt (uint8 *data, uint64 length) const { if_debug (ValidateState ()); Mode->Decrypt (data, length); } void EncryptionAlgorithm::Decrypt (const BufferPtr &data) const { Decrypt (data, data.Size()); } - void EncryptionAlgorithm::DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionAlgorithm::DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { if_debug (ValidateState()); Mode->DecryptSectors (data, sectorIndex, sectorCount, sectorSize); } - void EncryptionAlgorithm::Encrypt (byte *data, uint64 length) const + void EncryptionAlgorithm::Encrypt (uint8 *data, uint64 length) const { if_debug (ValidateState()); Mode->Encrypt (data, length); } void EncryptionAlgorithm::Encrypt (const BufferPtr &data) const { Encrypt (data, data.Size()); } - void EncryptionAlgorithm::EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionAlgorithm::EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { if_debug (ValidateState ()); Mode->EncryptSectors (data, sectorIndex, sectorCount, sectorSize); } EncryptionAlgorithmList EncryptionAlgorithm::GetAvailableAlgorithms () { EncryptionAlgorithmList l; l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); @@ -74,11 +78,11 @@ namespace VeraCrypt l.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikSerpentCamellia ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikTwofish ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - + #endif return l; } size_t EncryptionAlgorithm::GetLargestKeySize (const EncryptionAlgorithmList &algorithms) { @@ -213,24 +217,47 @@ namespace VeraCrypt c.SetKey (key.GetRange (keyOffset, c.GetKeySize())); keyOffset += c.GetKeySize(); } } - void EncryptionAlgorithm::ValidateState () const + #ifdef WOLFCRYPT_BACKEND + void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key) + { + if (Ciphers.size() < 1) + throw NotInitialized (SRC_POS); + + if (GetKeySize() != key.Size()) + throw ParameterIncorrect (SRC_POS); + + size_t keyOffset = 0; + foreach_ref (Cipher &c, Ciphers) + { + c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize())); + keyOffset += c.GetKeySize(); + } + } + #endif + + void EncryptionAlgorithm::ValidateState () const { if (Ciphers.size() < 1 || Mode.get() == nullptr) throw NotInitialized (SRC_POS); } // AES AES::AES () { Ciphers.push_back (shared_ptr <Cipher> (new CipherAES())); + #ifdef WOLFCRYPT_BACKEND + SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #endif + } +#ifndef WOLFCRYPT_BACKEND // AES-Twofish AESTwofish::AESTwofish () { Ciphers.push_back (shared_ptr <Cipher> (new CipherTwofish ())); Ciphers.push_back (shared_ptr <Cipher> (new CipherAES ())); @@ -351,6 +378,7 @@ namespace VeraCrypt Ciphers.push_back (shared_ptr <Cipher> (new CipherSerpent ())); Ciphers.push_back (shared_ptr <Cipher> (new CipherCamellia ())); SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); } +#endif } diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index 56642146..7b6f83dc 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -25,16 +25,16 @@ namespace VeraCrypt class EncryptionAlgorithm { public: virtual ~EncryptionAlgorithm (); - virtual void Decrypt (byte *data, uint64 length) const; + virtual void Decrypt (uint8 *data, uint64 length) const; virtual void Decrypt (const BufferPtr &data) const; - virtual void DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; - virtual void Encrypt (byte *data, uint64 length) const; + virtual void DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Encrypt (uint8 *data, uint64 length) const; virtual void Encrypt (const BufferPtr &data) const; - virtual void EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; static EncryptionAlgorithmList GetAvailableAlgorithms (); virtual const CipherList &GetCiphers () const { return Ciphers; } virtual shared_ptr <EncryptionAlgorithm> GetNew () const = 0; virtual size_t GetMaxBlockSize () const; virtual size_t GetMinBlockSize () const; @@ -44,11 +44,14 @@ namespace VeraCrypt virtual wstring GetName (bool forGuiDisplay = false) const; bool IsDeprecated () const { return Deprecated; } virtual bool IsModeSupported (const EncryptionMode &mode) const; virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const; virtual void SetKey (const ConstBufferPtr &key); - virtual void SetMode (shared_ptr <EncryptionMode> mode); + #ifdef WOLFCRYPT_BACKEND + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void SetMode (shared_ptr <EncryptionMode> mode); protected: EncryptionAlgorithm (); void ValidateState () const; diff --git a/src/Volume/EncryptionMode.cpp b/src/Volume/EncryptionMode.cpp index b7e5cc02..5519f36a 100644 --- a/src/Volume/EncryptionMode.cpp +++ b/src/Volume/EncryptionMode.cpp @@ -2,18 +2,21 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionThreadPool.h" namespace VeraCrypt { EncryptionMode::EncryptionMode () : KeySet (false), SectorOffset (0) @@ -22,42 +25,46 @@ namespace VeraCrypt EncryptionMode::~EncryptionMode () { } - void EncryptionMode::DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionMode::DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { EncryptionThreadPool::DoWork (EncryptionThreadPool::WorkType::DecryptDataUnits, this, data, sectorIndex, sectorCount, sectorSize); } - void EncryptionMode::EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionMode::EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { EncryptionThreadPool::DoWork (EncryptionThreadPool::WorkType::EncryptDataUnits, this, data, sectorIndex, sectorCount, sectorSize); } EncryptionModeList EncryptionMode::GetAvailableModes () { EncryptionModeList l; + #ifdef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #endif return l; } void EncryptionMode::ValidateState () const { if (!KeySet || Ciphers.size() < 1) throw NotInitialized (SRC_POS); } - void EncryptionMode::ValidateParameters (byte *data, uint64 length) const + void EncryptionMode::ValidateParameters (uint8 *data, uint64 length) const { if ((Ciphers.size() > 0 && (length % Ciphers.front()->GetBlockSize()) != 0)) throw ParameterIncorrect (SRC_POS); } - void EncryptionMode::ValidateParameters (byte *data, uint64 sectorCount, size_t sectorSize) const + void EncryptionMode::ValidateParameters (uint8 *data, uint64 sectorCount, size_t sectorSize) const { if (sectorCount == 0 || sectorSize == 0 || (sectorSize % EncryptionDataUnitSize) != 0) throw ParameterIncorrect (SRC_POS); } } diff --git a/src/Volume/EncryptionMode.h b/src/Volume/EncryptionMode.h index a629d6b7..bc9d0a06 100644 --- a/src/Volume/EncryptionMode.h +++ b/src/Volume/EncryptionMode.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -25,16 +25,16 @@ namespace VeraCrypt class EncryptionMode { public: virtual ~EncryptionMode (); - virtual void Decrypt (byte *data, uint64 length) const = 0; - virtual void DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; - virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0; - virtual void Encrypt (byte *data, uint64 length) const = 0; - virtual void EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; - virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0; + virtual void Decrypt (uint8 *data, uint64 length) const = 0; + virtual void DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0; + virtual void Encrypt (uint8 *data, uint64 length) const = 0; + virtual void EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0; static EncryptionModeList GetAvailableModes (); virtual const SecureBuffer &GetKey () const { throw NotApplicable (SRC_POS); } virtual size_t GetKeySize () const = 0; virtual wstring GetName () const = 0; virtual shared_ptr <EncryptionMode> GetNew () const = 0; @@ -46,12 +46,12 @@ namespace VeraCrypt protected: EncryptionMode (); virtual void ValidateState () const; - void ValidateParameters (byte *data, uint64 length) const; - virtual void ValidateParameters (byte *data, uint64 sectorCount, size_t sectorSize) const; + void ValidateParameters (uint8 *data, uint64 length) const; + virtual void ValidateParameters (uint8 *data, uint64 sectorCount, size_t sectorSize) const; static const size_t EncryptionDataUnitSize = ENCRYPTION_DATA_UNIT_SIZE; CipherList Ciphers; bool KeySet; diff --git a/src/Volume/EncryptionModeWolfCryptXTS.cpp b/src/Volume/EncryptionModeWolfCryptXTS.cpp new file mode 100644 index 00000000..878ad042 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp @@ -0,0 +1,119 @@ + +#include "Crypto/cpu.h" +#include "Crypto/misc.h" +#include "EncryptionModeWolfCryptXTS.h" +#include "Common/Crypto.h" + +namespace VeraCrypt +{ + void EncryptionModeWolfCryptXTS::Encrypt (uint8 *data, uint64 length) const + { + EncryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin(); + + for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher) + { + EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + ++iSecondaryCipher; + } + + assert (iSecondaryCipher == SecondaryCiphers.end()); + } + + void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.EncryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + size_t EncryptionModeWolfCryptXTS::GetKeySize () const + { + if (Ciphers.empty()) + throw NotInitialized (SRC_POS); + + size_t keySize = 0; + foreach_ref (const Cipher &cipher, SecondaryCiphers) + { + keySize += cipher.GetKeySize(); + } + + return keySize; + } + + void EncryptionModeWolfCryptXTS::Decrypt (uint8 *data, uint64 length) const + { + DecryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end(); + + for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher) + { + --iSecondaryCipher; + DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + } + + assert (iSecondaryCipher == SecondaryCiphers.begin()); + } + + void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.DecryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers) + { + EncryptionMode::SetCiphers (ciphers); + + SecondaryCiphers.clear(); + + foreach_ref (const Cipher &cipher, ciphers) + { + SecondaryCiphers.push_back (cipher.GetNew()); + } + + if (SecondaryKey.Size() > 0) + SetSecondaryCipherKeys(); + } + + void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key) + { + SecondaryKey.Allocate (key.Size()); + SecondaryKey.CopyFrom (key); + + if (!SecondaryCiphers.empty()) + SetSecondaryCipherKeys(); + + } + + void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys () + { + size_t keyOffset = 0; + foreach_ref (Cipher &cipher, SecondaryCiphers) + { + cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); + keyOffset += cipher.GetKeySize(); + } + + KeySet = true; + } +} diff --git a/src/Volume/EncryptionModeWolfCryptXTS.h b/src/Volume/EncryptionModeWolfCryptXTS.h new file mode 100644 index 00000000..e19a5d23 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.h @@ -0,0 +1,54 @@ +/* + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2025 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS +#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS + +#include "Platform/Platform.h" +#include "EncryptionMode.h" + +namespace VeraCrypt +{ + class EncryptionModeWolfCryptXTS : public EncryptionMode + { + public: + EncryptionModeWolfCryptXTS () { } + virtual ~EncryptionModeWolfCryptXTS () { } + + virtual void Decrypt (uint8 *data, uint64 length) const; + virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Encrypt (uint8 *data, uint64 length) const; + virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual const SecureBuffer &GetKey () const { return SecondaryKey; } + virtual size_t GetKeySize () const; + virtual wstring GetName () const { return L"XTS"; }; + virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); } + virtual void SetCiphers (const CipherList &ciphers); + virtual void SetKey (const ConstBufferPtr &key); + + protected: + void DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void SetSecondaryCipherKeys (); + + SecureBuffer SecondaryKey; + CipherList SecondaryCiphers; + + private: + EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &); + EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &); + }; +} + +#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS diff --git a/src/Volume/EncryptionModeXTS.cpp b/src/Volume/EncryptionModeXTS.cpp index 66f0ff62..96427e0c 100644 --- a/src/Volume/EncryptionModeXTS.cpp +++ b/src/Volume/EncryptionModeXTS.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -45,16 +45,16 @@ #endif namespace VeraCrypt { - void EncryptionModeXTS::Encrypt (byte *data, uint64 length) const + void EncryptionModeXTS::Encrypt (uint8 *data, uint64 length) const { EncryptBuffer (data, length, 0); } - void EncryptionModeXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + void EncryptionModeXTS::EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const { if_debug (ValidateState()); CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin(); @@ -65,16 +65,16 @@ namespace VeraCrypt } assert (iSecondaryCipher == SecondaryCiphers.end()); } - void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const { - byte finalCarry; - byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; - byte whiteningValue [BYTES_PER_XTS_BLOCK]; - byte byteBufUnitNo [BYTES_PER_XTS_BLOCK]; + uint8 finalCarry; + uint8 whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; + uint8 whiteningValue [BYTES_PER_XTS_BLOCK]; + uint8 byteBufUnitNo [BYTES_PER_XTS_BLOCK]; uint64 *whiteningValuesPtr64 = (uint64 *) whiteningValues; uint64 *whiteningValuePtr64 = (uint64 *) whiteningValue; uint64 *bufPtr = (uint64 *) buffer; uint64 *dataUnitBufPtr; unsigned int startBlock = startCipherBlockNo, endBlock, block, countBlock; @@ -180,11 +180,11 @@ namespace VeraCrypt *bufPtr++ ^= *whiteningValuesPtr64++; *bufPtr++ ^= *whiteningValuesPtr64++; } #endif // Actual encryption - cipher.EncryptBlocks ((byte *) dataUnitBufPtr, countBlock); + cipher.EncryptBlocks ((uint8 *) dataUnitBufPtr, countBlock); bufPtr = dataUnitBufPtr; whiteningValuesPtr64 = (uint64 *) whiteningValues; #if (CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && CRYPTOPP_BOOL_X64) @@ -205,11 +205,11 @@ namespace VeraCrypt FAST_ERASE64 (whiteningValue, sizeof (whiteningValue)); FAST_ERASE64 (whiteningValues, sizeof (whiteningValues)); } - void EncryptionModeXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionModeXTS::EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); } size_t EncryptionModeXTS::GetKeySize () const @@ -224,16 +224,16 @@ namespace VeraCrypt } return keySize; } - void EncryptionModeXTS::Decrypt (byte *data, uint64 length) const + void EncryptionModeXTS::Decrypt (uint8 *data, uint64 length) const { DecryptBuffer (data, length, 0); } - void EncryptionModeXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + void EncryptionModeXTS::DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const { if_debug (ValidateState()); CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end(); @@ -244,16 +244,16 @@ namespace VeraCrypt } assert (iSecondaryCipher == SecondaryCiphers.begin()); } - void EncryptionModeXTS::DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + void EncryptionModeXTS::DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const { - byte finalCarry; - byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; - byte whiteningValue [BYTES_PER_XTS_BLOCK]; - byte byteBufUnitNo [BYTES_PER_XTS_BLOCK]; + uint8 finalCarry; + uint8 whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; + uint8 whiteningValue [BYTES_PER_XTS_BLOCK]; + uint8 byteBufUnitNo [BYTES_PER_XTS_BLOCK]; uint64 *whiteningValuesPtr64 = (uint64 *) whiteningValues; uint64 *whiteningValuePtr64 = (uint64 *) whiteningValue; uint64 *bufPtr = (uint64 *) buffer; uint64 *dataUnitBufPtr; unsigned int startBlock = startCipherBlockNo, endBlock, block, countBlock; @@ -350,11 +350,11 @@ namespace VeraCrypt { *bufPtr++ ^= *whiteningValuesPtr64++; *bufPtr++ ^= *whiteningValuesPtr64++; } #endif - cipher.DecryptBlocks ((byte *) dataUnitBufPtr, countBlock); + cipher.DecryptBlocks ((uint8 *) dataUnitBufPtr, countBlock); bufPtr = dataUnitBufPtr; whiteningValuesPtr64 = (uint64 *) whiteningValues; #if (CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && CRYPTOPP_BOOL_X64) XorBlocks (bufPtr, whiteningValuesPtr64, countBlock, startBlock, endBlock); @@ -372,13 +372,13 @@ namespace VeraCrypt *((uint64 *) byteBufUnitNo) = Endian::Little (dataUnitNo); } FAST_ERASE64 (whiteningValue, sizeof (whiteningValue)); FAST_ERASE64 (whiteningValues, sizeof (whiteningValues)); - } + } - void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + void EncryptionModeXTS::DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); } void EncryptionModeXTS::SetCiphers (const CipherList &ciphers) @@ -409,11 +409,11 @@ namespace VeraCrypt { size_t keyOffset = 0; foreach_ref (Cipher &cipher, SecondaryCiphers) { cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); - keyOffset += cipher.GetKeySize(); + keyOffset += cipher.GetKeySize(); } KeySet = true; } } diff --git a/src/Volume/EncryptionModeXTS.h b/src/Volume/EncryptionModeXTS.h index 6f674073..80130efd 100644 --- a/src/Volume/EncryptionModeXTS.h +++ b/src/Volume/EncryptionModeXTS.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -22,26 +22,26 @@ namespace VeraCrypt { public: EncryptionModeXTS () { } virtual ~EncryptionModeXTS () { } - virtual void Decrypt (byte *data, uint64 length) const; - virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; - virtual void Encrypt (byte *data, uint64 length) const; - virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Decrypt (uint8 *data, uint64 length) const; + virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Encrypt (uint8 *data, uint64 length) const; + virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; virtual const SecureBuffer &GetKey () const { return SecondaryKey; } virtual size_t GetKeySize () const; virtual wstring GetName () const { return L"XTS"; }; virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeXTS); } virtual void SetCiphers (const CipherList &ciphers); virtual void SetKey (const ConstBufferPtr &key); protected: - void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; - void DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; - void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; - void EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + void DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const; + void EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; void SetSecondaryCipherKeys (); SecureBuffer SecondaryKey; CipherList SecondaryCiphers; diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index bb9c3a0b..dfa1e5ea 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -14,10 +14,13 @@ #include "Common/Crc.h" #include "Crc32.h" #include "EncryptionAlgorithm.h" #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionTest.h" #include "Pkcs5Kdf.h" namespace VeraCrypt { @@ -41,13 +44,13 @@ namespace VeraCrypt } struct CipherTestVector { - byte Key[32]; - byte Plaintext[16]; - byte Ciphertext[16]; + uint8 Key[32]; + uint8 Plaintext[16]; + uint8 Ciphertext[16]; }; static const CipherTestVector AESTestVectors[] = { { @@ -62,10 +65,11 @@ namespace VeraCrypt 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 } } }; + #ifndef WOLFCRYPT_BACKEND static const CipherTestVector SerpentTestVectors[] = { { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, @@ -149,10 +153,11 @@ namespace VeraCrypt { 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, 0x67, 0x18, 0xD0, 0x8B } } }; + #endif static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) { Buffer buffer (cipher.GetBlockSize()); for (size_t i = 0; i < testVectorCount; ++i) @@ -172,11 +177,11 @@ namespace VeraCrypt TestCipher (aes, AESTestVectors, array_capacity (AESTestVectors)); Buffer testData (1024); for (size_t i = 0; i < testData.Size(); ++i) { - testData[i] = (byte) i; + testData[i] = (uint8) i; } uint32 origCrc = Crc32::ProcessBuffer (testData); aes.SetKey (ConstBufferPtr (testData, aes.GetKeySize())); @@ -188,10 +193,11 @@ namespace VeraCrypt aes.DecryptBlocks (testData, testData.Size() / aes.GetBlockSize()); if (origCrc != Crc32::ProcessBuffer (testData)) throw TestFailed (SRC_POS); + #ifndef WOLFCRYPT_BACKEND CipherSerpent serpent; TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors)); CipherTwofish twofish; TestCipher (twofish, TwofishTestVectors, array_capacity (TwofishTestVectors)); @@ -199,10 +205,11 @@ namespace VeraCrypt CipherCamellia camellia; TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors)); CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); + #endif } const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] = { /* XTS-AES-256 */ @@ -435,13 +442,20 @@ namespace VeraCrypt size_t i; for (i = 0; i < array_capacity (XtsTestVectors); i++) { AES aes; - shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); - - aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); + #endif + + aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); + #endif xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); aes.SetMode (xts); memcpy (p, XtsTestVectors[i].plaintext, sizeof (p)); @@ -469,11 +483,11 @@ namespace VeraCrypt uint64 nbrUnits; uint64 writeOffset; int testCase = 0; int nTestsPerformed = 0; - static const byte testKey[] = + static const uint8 testKey[] = { 0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, 0x62, 0x49, 0x77, 0x57, 0x24, 0x70, 0x93, 0x69, 0x99, 0x59, 0x57, 0x49, 0x66, 0x96, 0x76, 0x27, 0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 }; @@ -492,26 +506,33 @@ namespace VeraCrypt unitNo = writeOffset / ENCRYPTION_DATA_UNIT_SIZE; // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; ea.SetKey (ConstBufferPtr (testKey, ea.GetKeySize())); Buffer modeKey (ea.GetKeySize()); for (size_t mi = 0; mi < modeKey.Size(); mi++) - modeKey[mi] = (byte) mi; + modeKey[mi] = (uint8) mi; modeKey.CopyFrom (ConstBufferPtr (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2, sizeof (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2))); mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif - // Each data unit will contain the same plaintext + // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, XtsTestVectors[array_capacity (XtsTestVectors)-1].plaintext, ENCRYPTION_DATA_UNIT_SIZE); @@ -554,10 +575,11 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; break; } } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { switch (testCase) { case 0: @@ -918,11 +940,11 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; break; } } - + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); ea.DecryptSectors (buf, unitNo, nbrUnits, ENCRYPTION_DATA_UNIT_SIZE); @@ -939,24 +961,31 @@ namespace VeraCrypt nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE; // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; ea.SetKey (ConstBufferPtr (testKey, ea.GetKeySize())); Buffer modeKey (ea.GetKeySize()); for (size_t mi = 0; mi < modeKey.Size(); mi++) - modeKey[mi] = (byte) mi; + modeKey[mi] = (uint8) mi; modeKey.CopyFrom (ConstBufferPtr (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2, sizeof (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2))); mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, @@ -972,10 +1001,11 @@ namespace VeraCrypt { if (crc != 0x33b91fab) throw TestFailed (SRC_POS); nTestsPerformed++; } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { if (crc != 0x3494d480) throw TestFailed (SRC_POS); nTestsPerformed++; @@ -1056,10 +1086,11 @@ namespace VeraCrypt { if (crc != 0x755dad72) throw TestFailed (SRC_POS); nTestsPerformed++; } + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); ea.Decrypt (buf, sizeof (buf)); @@ -1067,22 +1098,26 @@ namespace VeraCrypt if (GetCrc32 (buf, sizeof (buf)) != 0x9f5edd58) throw TestFailed (SRC_POS); nTestsPerformed++; } - + #ifndef WOLFCRYPT_BACKEND if (nTestsPerformed != 150) + #else + if (nTestsPerformed != 10) + #endif throw TestFailed (SRC_POS); } void EncryptionTest::TestPkcs5 () { - VolumePassword password ((byte*) "password", 8); - static const byte saltData[] = { 0x12, 0x34, 0x56, 0x78 }; + VolumePassword password ((uint8*) "password", 8); + static const uint8 saltData[] = { 0x12, 0x34, 0x56, 0x78 }; ConstBufferPtr salt (saltData, sizeof (saltData)); Buffer derivedKey (4); + #ifndef WOLFCRYPT_BACKEND Pkcs5HmacBlake2s pkcs5HmacBlake2s; pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0) throw TestFailed (SRC_POS); @@ -1103,7 +1138,18 @@ namespace VeraCrypt Pkcs5HmacStreebog pkcs5HmacStreebog; pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0) throw TestFailed (SRC_POS); - } + #else + Pkcs5HmacSha256 pkcs5HmacSha256; + pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0) + throw TestFailed (SRC_POS); + + Pkcs5HmacSha512 pkcs5HmacSha512; + pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0) + throw TestFailed (SRC_POS); + #endif + } } diff --git a/src/Volume/EncryptionTest.h b/src/Volume/EncryptionTest.h index 17e14fd7..b8f91c4e 100644 --- a/src/Volume/EncryptionTest.h +++ b/src/Volume/EncryptionTest.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -31,16 +31,16 @@ namespace VeraCrypt static void TestXts (); static void TestXtsAES (); struct XtsTestVector { - byte key1[32]; - byte key2[32]; - byte dataUnitNo[8]; + uint8 key1[32]; + uint8 key2[32]; + uint8 dataUnitNo[8]; unsigned int blockNo; - byte plaintext[ENCRYPTION_DATA_UNIT_SIZE]; - byte ciphertext[ENCRYPTION_DATA_UNIT_SIZE]; + uint8 plaintext[ENCRYPTION_DATA_UNIT_SIZE]; + uint8 ciphertext[ENCRYPTION_DATA_UNIT_SIZE]; }; static const XtsTestVector XtsTestVectors[]; private: diff --git a/src/Volume/EncryptionThreadPool.cpp b/src/Volume/EncryptionThreadPool.cpp index 7c86bf49..d216df65 100644 --- a/src/Volume/EncryptionThreadPool.cpp +++ b/src/Volume/EncryptionThreadPool.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -24,17 +24,17 @@ #include "Common/Crypto.h" #include "EncryptionThreadPool.h" namespace VeraCrypt { - void EncryptionThreadPool::DoWork (WorkType::Enum type, const EncryptionMode *encryptionMode, byte *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize) + void EncryptionThreadPool::DoWork (WorkType::Enum type, const EncryptionMode *encryptionMode, uint8 *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize) { size_t fragmentCount; size_t unitsPerFragment; size_t remainder; - byte *fragmentData; + uint8 *fragmentData; uint64 fragmentStartUnitNo; WorkItem *workItem; WorkItem *firstFragmentWorkItem; diff --git a/src/Volume/EncryptionThreadPool.h b/src/Volume/EncryptionThreadPool.h index baf31e23..1bfa60a1 100644 --- a/src/Volume/EncryptionThreadPool.h +++ b/src/Volume/EncryptionThreadPool.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -53,19 +53,19 @@ namespace VeraCrypt union { struct { const EncryptionMode *Mode; - byte *Data; + uint8 *Data; uint64 StartUnitNo; uint64 UnitCount; size_t SectorSize; } Encryption; }; }; - static void DoWork (WorkType::Enum type, const EncryptionMode *mode, byte *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize); + static void DoWork (WorkType::Enum type, const EncryptionMode *mode, uint8 *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize); static bool IsRunning () { return ThreadPoolRunning; } static void Start (); static void Stop (); protected: diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index aad900c1..a990eec9 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -22,15 +22,16 @@ namespace VeraCrypt HashList Hash::GetAvailableAlgorithms () { HashList l; l.push_back (shared_ptr <Hash> (new Sha512 ())); - l.push_back (shared_ptr <Hash> (new Whirlpool ())); - l.push_back (shared_ptr <Hash> (new Blake2s ())); l.push_back (shared_ptr <Hash> (new Sha256 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Hash> (new Blake2s ())); + l.push_back (shared_ptr <Hash> (new Whirlpool ())); l.push_back (shared_ptr <Hash> (new Streebog ())); - + #endif return l; } void Hash::ValidateDataParameters (const ConstBufferPtr &data) const { @@ -42,10 +43,11 @@ namespace VeraCrypt { if (buffer.Size() < GetDigestSize ()) throw ParameterIncorrect (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // RIPEMD-160 Blake2s::Blake2s () { Context.Allocate (sizeof (blake2s_state), 32); Init(); @@ -65,10 +67,11 @@ namespace VeraCrypt void Blake2s::ProcessData (const ConstBufferPtr &data) { if_debug (ValidateDataParameters (data)); blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size()); } + #endif // SHA-256 Sha256::Sha256 () { Context.Allocate (sizeof (sha256_ctx), 32); @@ -114,10 +117,11 @@ namespace VeraCrypt { if_debug (ValidateDataParameters (data)); sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr()); } + #ifndef WOLFCRYPT_BACKEND // Whirlpool Whirlpool::Whirlpool () { Context.Allocate (sizeof (WHIRLPOOL_CTX), 32); Init(); @@ -161,6 +165,7 @@ namespace VeraCrypt void Streebog::ProcessData (const ConstBufferPtr &data) { if_debug (ValidateDataParameters (data)); STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); } + #endif } diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index 0e464b37..8950982b 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -46,10 +46,11 @@ namespace VeraCrypt private: Hash (const Hash &); Hash &operator= (const Hash &); }; + #ifndef WOLFCRYPT_BACKEND // Blake2s class Blake2s : public Hash { public: Blake2s (); @@ -68,10 +69,11 @@ namespace VeraCrypt private: Blake2s (const Blake2s &); Blake2s &operator= (const Blake2s &); }; + #endif // SHA-256 class Sha256 : public Hash { public: @@ -115,10 +117,11 @@ namespace VeraCrypt private: Sha512 (const Sha512 &); Sha512 &operator= (const Sha512 &); }; + #ifndef WOLFCRYPT_BACKEND // Whirlpool class Whirlpool : public Hash { public: Whirlpool (); @@ -160,8 +163,9 @@ namespace VeraCrypt private: Streebog (const Streebog &); Streebog &operator= (const Streebog &); }; + #endif } #endif // TC_HEADER_Encryption_Hash diff --git a/src/Volume/Keyfile.cpp b/src/Volume/Keyfile.cpp index 24b40709..d38ed523 100644 --- a/src/Volume/Keyfile.cpp +++ b/src/Volume/Keyfile.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -33,24 +33,24 @@ namespace VeraCrypt SecureBuffer keyfileBuf (File::GetOptimalReadSize()); if (Token::IsKeyfilePathValid (Path, emvSupportEnabled)) { // Apply keyfile generated by a security token - vector <byte> keyfileData; + vector <uint8> keyfileData; Token::getTokenKeyfile(wstring(Path))->GetKeyfileData(keyfileData); if (keyfileData.size() < MinProcessedLength) throw InsufficientData(SRC_POS, Path); for (size_t i = 0; i < keyfileData.size(); i++) { uint32 crc = crc32.Process(keyfileData[i]); - pool[poolPos++] += (byte)(crc >> 24); - pool[poolPos++] += (byte)(crc >> 16); - pool[poolPos++] += (byte)(crc >> 8); - pool[poolPos++] += (byte) crc; + pool[poolPos++] += (uint8)(crc >> 24); + pool[poolPos++] += (uint8)(crc >> 16); + pool[poolPos++] += (uint8)(crc >> 8); + pool[poolPos++] += (uint8) crc; if (poolPos >= pool.Size()) poolPos = 0; if (++totalLength >= MaxProcessedLength) @@ -67,14 +67,14 @@ namespace VeraCrypt while ((readLength = file.Read (keyfileBuf)) > 0) { for (size_t i = 0; i < readLength; i++) { uint32 crc = crc32.Process(keyfileBuf[i]); - pool[poolPos++] += (byte)(crc >> 24); - pool[poolPos++] += (byte)(crc >> 16); - pool[poolPos++] += (byte)(crc >> 8); - pool[poolPos++] += (byte) crc; + pool[poolPos++] += (uint8)(crc >> 24); + pool[poolPos++] += (uint8)(crc >> 16); + pool[poolPos++] += (uint8)(crc >> 8); + pool[poolPos++] += (uint8) crc; if (poolPos >= pool.Size()) poolPos = 0; if (++totalLength >= MaxProcessedLength) goto done; } diff --git a/src/Volume/Keyfile.h b/src/Volume/Keyfile.h index 1d87a983..f087fc70 100644 --- a/src/Volume/Keyfile.h +++ b/src/Volume/Keyfile.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index ff49cefe..7dad9ebc 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -54,66 +54,71 @@ namespace VeraCrypt { Pkcs5KdfList l; l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - + #endif return l; } void Pkcs5Kdf::ValidateParameters (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { if (key.Size() < 1 || password.Size() < 1 || salt.Size() < 1 || iterationCount < 1) throw ParameterIncorrect (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } + #endif void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_sha256 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } void Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_sha256 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } void Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_sha512 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } + #ifndef WOLFCRYPT_BACKEND void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_whirlpool ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_whirlpool (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } void Pkcs5HmacStreebog::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_streebog (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } void Pkcs5HmacStreebog_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_streebog (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size()); } + #endif } diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 9071caf0..399d53fb 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -46,10 +46,11 @@ namespace VeraCrypt private: Pkcs5Kdf (const Pkcs5Kdf &); Pkcs5Kdf &operator= (const Pkcs5Kdf &); }; + #ifndef WOLFCRYPT_BACKEND class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf { public: Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf() { } virtual ~Pkcs5HmacBlake2s_Boot () { } @@ -79,10 +80,11 @@ namespace VeraCrypt private: Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &); Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &); }; + #endif class Pkcs5HmacSha256_Boot : public Pkcs5Kdf { public: Pkcs5HmacSha256_Boot () : Pkcs5Kdf() { } @@ -130,11 +132,11 @@ namespace VeraCrypt private: Pkcs5HmacSha512 (const Pkcs5HmacSha512 &); Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &); }; - + #ifndef WOLFCRYPT_BACKEND class Pkcs5HmacWhirlpool : public Pkcs5Kdf { public: Pkcs5HmacWhirlpool () : Pkcs5Kdf() { } virtual ~Pkcs5HmacWhirlpool () { } @@ -181,8 +183,9 @@ namespace VeraCrypt private: Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &); Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &); }; + #endif } #endif // TC_HEADER_Encryption_Pkcs5 diff --git a/src/Volume/Version.h b/src/Volume/Version.h index b2f9215c..8e00d81f 100644 --- a/src/Volume/Version.h +++ b/src/Volume/Version.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index 524f2395..b06279b7 100644 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index c816da58..e924df9b 100644 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -112,10 +112,11 @@ namespace VeraCrypt void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; } + bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); } protected: void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength); void ValidateState () const; diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index d69ec135..a4f62562 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -11,14 +11,16 @@ # OBJS := OBJSEX := OBJSNOOPT := +OBJSSSE41 := +OBJSSSSE3 := +OBJSHANI := OBJS += Cipher.o OBJS += EncryptionAlgorithm.o OBJS += EncryptionMode.o -OBJS += EncryptionModeXTS.o OBJS += EncryptionTest.o OBJS += EncryptionThreadPool.o OBJS += Hash.o OBJS += Keyfile.o OBJS += Pkcs5Kdf.o @@ -28,62 +30,85 @@ OBJS += VolumeHeader.o OBJS += VolumeInfo.o OBJS += VolumeLayout.o OBJS += VolumePassword.o OBJS += VolumePasswordCache.o +ifeq "$(ENABLE_WOLFCRYPT)" "0" +OBJS += EncryptionModeXTS.o +else +OBJS += EncryptionModeWolfCryptXTS.o +endif + +ifeq "$(ENABLE_WOLFCRYPT)" "0" ifeq "$(PLATFORM)" "MacOSX" - OBJSEX += ../Crypto/Aes_asm.oo - OBJS += ../Crypto/Aes_hw_cpu.o - OBJS += ../Crypto/Aescrypt.o - OBJSEX += ../Crypto/Twofish_asm.oo - OBJSEX += ../Crypto/Camellia_asm.oo +ifneq "$(COMPILE_ASM)" "false" + OBJSEX += ../Crypto/Aes_asm.oo + OBJS += ../Crypto/Aes_hw_cpu.o + OBJSEX += ../Crypto/Aes_hw_armv8.oo + OBJS += ../Crypto/Aescrypt.o + OBJSEX += ../Crypto/Twofish_asm.oo + OBJSEX += ../Crypto/Camellia_asm.oo OBJSEX += ../Crypto/Camellia_aesni_asm.oo OBJSEX += ../Crypto/sha256-nayuki.oo OBJSEX += ../Crypto/sha512-nayuki.oo + OBJSEX += ../Crypto/sha256_armv8.oo OBJSEX += ../Crypto/sha256_avx1.oo OBJSEX += ../Crypto/sha256_avx2.oo OBJSEX += ../Crypto/sha256_sse4.oo OBJSEX += ../Crypto/sha512_avx1.oo OBJSEX += ../Crypto/sha512_avx2.oo OBJSEX += ../Crypto/sha512_sse4.oo +endif else ifeq "$(CPU_ARCH)" "x86" OBJS += ../Crypto/Aes_x86.o -ifeq "$(DISABLE_AESNI)" "0" - OBJS += ../Crypto/Aes_hw_cpu.o -endif + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif OBJS += ../Crypto/sha256-x86-nayuki.o OBJS += ../Crypto/sha512-x86-nayuki.o else ifeq "$(CPU_ARCH)" "x64" OBJS += ../Crypto/Aes_x64.o -ifeq "$(DISABLE_AESNI)" "0" - OBJS += ../Crypto/Aes_hw_cpu.o -endif + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif OBJS += ../Crypto/Twofish_x64.o OBJS += ../Crypto/Camellia_x64.o OBJS += ../Crypto/Camellia_aesni_x64.o OBJS += ../Crypto/sha512-x64-nayuki.o OBJS += ../Crypto/sha256_avx1_x64.o OBJS += ../Crypto/sha256_avx2_x64.o OBJS += ../Crypto/sha256_sse4_x64.o OBJS += ../Crypto/sha512_avx1_x64.o OBJS += ../Crypto/sha512_avx2_x64.o OBJS += ../Crypto/sha512_sse4_x64.o +else ifeq "$(CPU_ARCH)" "arm64" + OBJARMV8CRYPTO += ../Crypto/Aes_hw_armv8.oarmv8crypto + OBJS += ../Crypto/Aescrypt.o + OBJARMV8CRYPTO += ../Crypto/sha256_armv8.oarmv8crypto else OBJS += ../Crypto/Aescrypt.o endif ifeq "$(GCC_GTEQ_430)" "1" -OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 -OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 + OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 + OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 else -OBJS += ../Crypto/blake2s_SSE41.o -OBJS += ../Crypto/blake2s_SSSE3.o + OBJS += ../Crypto/blake2s_SSE41.o + OBJS += ../Crypto/blake2s_SSSE3.o +endif +ifeq "$(GCC_GTEQ_500)" "1" + OBJSHANI += ../Crypto/Sha2Intel.oshani +else + OBJS += ../Crypto/Sha2Intel.o +endif +else +OBJS += ../Crypto/wolfCrypt.o endif +ifeq "$(ENABLE_WOLFCRYPT)" "0" OBJS += ../Crypto/Aeskey.o OBJS += ../Crypto/Aestab.o -OBJS += ../Crypto/cpu.o OBJS += ../Crypto/blake2s.o OBJS += ../Crypto/blake2s_SSE2.o OBJS += ../Crypto/SerpentFast.o OBJS += ../Crypto/SerpentFast_simd.o OBJS += ../Crypto/Sha2.o @@ -91,10 +116,14 @@ OBJS += ../Crypto/Twofish.o OBJS += ../Crypto/Whirlpool.o OBJS += ../Crypto/Camellia.o OBJS += ../Crypto/Streebog.o OBJS += ../Crypto/kuznyechik.o OBJS += ../Crypto/kuznyechik_simd.o +OBJS += ../Common/Pkcs5.o +endif + +OBJS += ../Crypto/cpu.o OBJSNOOPT += ../Crypto/jitterentropy-base.o0 OBJS += ../Common/CommandAPDU.o OBJS += ../Common/PCSCException.o @@ -108,25 +137,38 @@ OBJS += ../Common/Crc.o OBJS += ../Common/TLVParser.o OBJS += ../Common/EMVCard.o OBJS += ../Common/EMVToken.o OBJS += ../Common/Endian.o OBJS += ../Common/GfMul.o -OBJS += ../Common/Pkcs5.o OBJS += ../Common/SecurityToken.o VolumeLibrary: Volume.a +ifeq "$(ENABLE_WOLFCRYPT)" "0" ifeq "$(PLATFORM)" "MacOSX" +ifneq "$(COMPILE_ASM)" "false" +../Crypto/Aes_hw_armv8.oo: ../Crypto/Aes_hw_armv8.c + @echo Compiling $(<F) + $(CC) $(CFLAGS_ARM64) -c ../Crypto/Aes_hw_armv8.c -o ../Crypto/Aes_hw_armv8_arm64.o + $(CC) $(CFLAGS_X64) -c ../Crypto/Aes_hw_armv8.c -o ../Crypto/Aes_hw_armv8_x64.o + lipo -create ../Crypto/Aes_hw_armv8_arm64.o ../Crypto/Aes_hw_armv8_x64.o -output ../Crypto/Aes_hw_armv8.oo + rm -fr ../Crypto/Aes_hw_armv8_arm64.o ../Crypto/Aes_hw_armv8_x64.o +../Crypto/sha256_armv8.oo: ../Crypto/sha256_armv8.c + @echo Compiling $(<F) + $(CC) $(CFLAGS_ARM64) -c ../Crypto/sha256_armv8.c -o ../Crypto/sha256_armv8_arm64.o + $(CC) $(CFLAGS_X64) -c ../Crypto/sha256_armv8.c -o ../Crypto/sha256_armv8_x64.o + lipo -create ../Crypto/sha256_armv8_arm64.o ../Crypto/sha256_armv8_x64.o -output ../Crypto/sha256_armv8.oo + rm -fr ../Crypto/sha256_armv8_arm64.o ../Crypto/sha256_armv8_x64.o ../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm @echo Assembling $(<F) $(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm $(AS) $(ASFLAGS64) -o ../Crypto/Aes_x64.o ../Crypto/Aes_x64.asm lipo -create ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o -output ../Crypto/Aes_asm.oo rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o ../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S @echo Assembling $(<F) - $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S + $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S ../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S @echo Assembling $(<F) $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S ../Crypto/Camellia_aesni_asm.oo: ../Crypto/Camellia_aesni_x64.S @echo Assembling $(<F) @@ -157,7 +199,9 @@ ifeq "$(PLATFORM)" "MacOSX" $(AS) $(ASFLAGS64) -o ../Crypto/sha512_avx2.oo ../Crypto/sha512_avx2_x64.asm ../Crypto/sha512_sse4.oo: ../Crypto/sha512_sse4_x64.asm @echo Assembling $(<F) $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm endif +endif +endif include $(BUILD_INC)/Makefile.inc diff --git a/src/Volume/VolumeException.cpp b/src/Volume/VolumeException.cpp index 0ba9ec34..e1e8fbf8 100644 --- a/src/Volume/VolumeException.cpp +++ b/src/Volume/VolumeException.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/VolumeException.h b/src/Volume/VolumeException.h index 8185fab9..8e88a576 100644 --- a/src/Volume/VolumeException.h +++ b/src/Volume/VolumeException.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index d8527ed5..f3eaba9b 100644 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -2,18 +2,21 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include "Crc32.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "Pkcs5Kdf.h" #include "Pkcs5Kdf.h" #include "VolumeHeader.h" #include "VolumeException.h" #include "Common/Crypto.h" @@ -42,10 +45,11 @@ namespace VeraCrypt VolumeDataSize = 0; EncryptedAreaStart = 0; EncryptedAreaLength = 0; Flags = 0; SectorSize = 0; + XtsKeyVulnerable = false; } void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options) { if (options.DataKey.Size() != options.EA->GetKeySize() * 2 || options.Salt.Size() != GetSaltSize()) @@ -57,10 +61,13 @@ namespace VeraCrypt RequiredMinProgramVersion = CurrentRequiredMinProgramVersion; DataAreaKey.Zero(); DataAreaKey.CopyFrom (options.DataKey); + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0); + VolumeCreationTime = 0; HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0); VolumeDataSize = options.VolumeDataSize; EncryptedAreaStart = options.VolumeDataStart; @@ -74,12 +81,16 @@ namespace VeraCrypt { throw ParameterIncorrect (SRC_POS); } EA = options.EA; - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); - EA->SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ()); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); + #endif + EA->SetMode (mode); EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) @@ -98,21 +109,32 @@ namespace VeraCrypt pkcs5->DeriveKey (headerKey, password, pim, salt); foreach (shared_ptr <EncryptionMode> mode, encryptionModes) { - if (typeid (*mode) != typeid (EncryptionModeXTS)) - mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); + #ifdef WOLFCRYPT_BACKEND + if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS)) + #else + if (typeid (*mode) != typeid (EncryptionModeXTS)) + #endif + mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms) { if (!ea->IsModeSupported (mode)) continue; + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); + #endif mode = mode->GetNew(); mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); } else @@ -204,14 +226,24 @@ namespace VeraCrypt DataAreaKey.CopyFrom (header.GetRange (offset, DataKeyAreaMaxSize)); ea = ea->GetNew(); mode = mode->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + #endif mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0); } else { mode->SetKey (header.GetRange (offset, mode->GetKeySize())); ea->SetKey (header.GetRange (offset + LegacyEncryptionModeKeyAreaSize, ea->GetKeySize())); @@ -248,14 +280,21 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew(); shared_ptr <EncryptionAlgorithm> ea = EA->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); - ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); + #endif + mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); } else { mode->SetKey (newHeaderKey.GetRange (0, mode->GetKeySize())); ea->SetKey (newHeaderKey.GetRange (LegacyEncryptionModeKeyAreaSize, ea->GetKeySize())); diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 85908711..95018b71 100644 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -74,10 +74,11 @@ namespace VeraCrypt size_t GetSectorSize () const { return SectorSize; } static uint32 GetSaltSize () { return SaltSize; } uint64 GetVolumeDataSize () const { return VolumeDataSize; } VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; } void SetSize (uint32 headerSize); + bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; } protected: bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode); template <typename T> T DeserializeEntry (const ConstBufferPtr &header, size_t &offset) const; template <typename T> T DeserializeEntryAt (const ConstBufferPtr &header, const size_t &offset) const; @@ -118,10 +119,11 @@ namespace VeraCrypt uint64 EncryptedAreaLength; uint32 Flags; uint32 SectorSize; SecureBuffer DataAreaKey; + bool XtsKeyVulnerable; private: VolumeHeader (const VolumeHeader &); VolumeHeader &operator= (const VolumeHeader &); }; diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp index 699e203f..f982c077 100644 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -53,10 +53,11 @@ namespace VeraCrypt sr.Deserialize ("TotalDataWritten", TotalDataWritten); Type = static_cast <VolumeType::Enum> (sr.DeserializeInt32 ("Type")); VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("Pim", Pim); + sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second) { return first->SerialInstanceNumber > second->SerialInstanceNumber; @@ -93,10 +94,11 @@ namespace VeraCrypt sr.Serialize ("TotalDataWritten", TotalDataWritten); sr.Serialize ("Type", static_cast <uint32> (Type)); sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("Pim", Pim); + sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable); } void VolumeInfo::Set (const Volume &volume) { EncryptionAlgorithmBlockSize = static_cast <uint32> (volume.GetEncryptionAlgorithm()->GetMaxBlockSize()); @@ -117,9 +119,10 @@ namespace VeraCrypt Type = volume.GetType(); TopWriteOffset = volume.GetTopWriteOffset(); TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); Pim = volume.GetPim (); + MasterKeyVulnerable = volume.IsMasterKeyVulnerable(); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); } diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 1adc87e3..549b9fbd 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -59,11 +59,11 @@ namespace VeraCrypt uint64 TotalDataWritten; VolumeType::Enum Type; DevicePath VirtualDevice; VolumeTime VolumeCreationTime; int Pim; - + bool MasterKeyVulnerable; private: VolumeInfo (const VolumeInfo &); VolumeInfo &operator= (const VolumeInfo &); }; } diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index efb77649..8077a1ab 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -2,18 +2,21 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include "Volume/EncryptionMode.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "VolumeLayout.h" #include "Boot/Windows/BootCommon.h" namespace VeraCrypt { @@ -64,20 +67,24 @@ namespace VeraCrypt Type = VolumeType::Normal; HeaderOffset = TC_VOLUME_HEADER_OFFSET; HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const { return HeaderSize; @@ -95,10 +102,11 @@ namespace VeraCrypt HeaderOffset = TC_VOLUME_HEADER_OFFSET; HeaderSize = TC_VOLUME_HEADER_SIZE; BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); @@ -109,13 +117,16 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikSerpentCamellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const { return Header->GetEncryptedAreaStart(); } @@ -140,10 +151,11 @@ namespace VeraCrypt HeaderOffset = TC_HIDDEN_VOLUME_HEADER_OFFSET; HeaderSize = TC_VOLUME_HEADER_SIZE; BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); @@ -156,10 +168,13 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const { return Header->GetEncryptedAreaStart(); @@ -192,10 +207,11 @@ namespace VeraCrypt Type = VolumeType::Normal; HeaderOffset = TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET; HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); @@ -206,13 +222,17 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikSerpentCamellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new KuznyechikTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const { return 0; } @@ -224,12 +244,14 @@ namespace VeraCrypt Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const { Pkcs5KdfList l; l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - return l; + #endif + return l; } } diff --git a/src/Volume/VolumeLayout.h b/src/Volume/VolumeLayout.h index 32b646ad..810d387f 100644 --- a/src/Volume/VolumeLayout.h +++ b/src/Volume/VolumeLayout.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/VolumePassword.cpp b/src/Volume/VolumePassword.cpp index a22c9388..28f1daaf 100644 --- a/src/Volume/VolumePassword.cpp +++ b/src/Volume/VolumePassword.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -58,11 +58,11 @@ namespace VeraCrypt Buffer wipeBuffer (128 * 1024); wipeBuffer.Zero(); sr.Serialize ("WipeData", ConstBufferPtr (wipeBuffer)); } - void VolumePassword::Set (const byte *password, size_t size) + void VolumePassword::Set (const uint8 *password, size_t size) { AllocateBuffer (); if (size > MaxSize) throw PasswordTooLong (SRC_POS); diff --git a/src/Volume/VolumePassword.h b/src/Volume/VolumePassword.h index f4a3ccbe..ee75636e 100644 --- a/src/Volume/VolumePassword.h +++ b/src/Volume/VolumePassword.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -20,25 +20,25 @@ namespace VeraCrypt { class VolumePassword : public Serializable { public: VolumePassword (); - VolumePassword (const byte *password, size_t size) { Set (password, size); } + VolumePassword (const uint8 *password, size_t size) { Set (password, size); } VolumePassword (const SecureBuffer &password) { Set (password.Ptr (), password.Size ()); } VolumePassword (const VolumePassword &password) { Set (password); } virtual ~VolumePassword (); bool operator== (const VolumePassword &other) const { return ConstBufferPtr (DataPtr(), Size()).IsDataEqual (ConstBufferPtr (other.DataPtr(), other.Size())); } bool operator!= (const VolumePassword &other) const { return !(*this == other); } VolumePassword &operator= (const VolumePassword &password) { Set (password); return *this; } operator BufferPtr () const { return BufferPtr (PasswordBuffer); } - byte *DataPtr () const { return PasswordBuffer; } + uint8 *DataPtr () const { return PasswordBuffer; } bool IsEmpty () const { return PasswordSize == 0; } size_t Size () const { return PasswordSize; } - void Set (const byte *password, size_t size); + void Set (const uint8 *password, size_t size); void Set (const VolumePassword &password); TC_SERIALIZABLE (VolumePassword); static const size_t MaxLegacySize; diff --git a/src/Volume/VolumePasswordCache.cpp b/src/Volume/VolumePasswordCache.cpp index bd87a858..0f7f621d 100644 --- a/src/Volume/VolumePasswordCache.cpp +++ b/src/Volume/VolumePasswordCache.cpp @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/VolumePasswordCache.h b/src/Volume/VolumePasswordCache.h index 21e62804..3e153467 100644 --- a/src/Volume/VolumePasswordCache.h +++ b/src/Volume/VolumePasswordCache.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Volume/VolumeSlot.h b/src/Volume/VolumeSlot.h index 153f34a4..b88ea411 100644 --- a/src/Volume/VolumeSlot.h +++ b/src/Volume/VolumeSlot.h @@ -2,11 +2,11 @@ Derived from source code of TrueCrypt 7.1a, which is Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ |