From 9247ce1bb90c44d19a0069fadb12c0c480ac9b4f Mon Sep 17 00:00:00 2001 From: lealem47 <60322859+lealem47@users.noreply.github.com> Date: Sun, 12 Nov 2023 16:51:31 -0700 Subject: wolfCrypt as crypto backend for VeraCrypt (#1227) * wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class --- src/Volume/EncryptionTest.cpp | 62 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 8 deletions(-) (limited to 'src/Volume/EncryptionTest.cpp') diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index bb9c3a0b..c900885e 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -16,6 +16,9 @@ #include "EncryptionAlgorithm.h" #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionTest.h" #include "Pkcs5Kdf.h" @@ -64,6 +67,7 @@ namespace VeraCrypt } }; + #ifndef WOLFCRYPT_BACKEND static const CipherTestVector SerpentTestVectors[] = { { @@ -151,6 +155,7 @@ namespace VeraCrypt } } }; + #endif static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) { @@ -190,6 +195,7 @@ namespace VeraCrypt if (origCrc != Crc32::ProcessBuffer (testData)) throw TestFailed (SRC_POS); + #ifndef WOLFCRYPT_BACKEND CipherSerpent serpent; TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors)); @@ -201,6 +207,7 @@ namespace VeraCrypt CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); + #endif } const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] = @@ -437,9 +444,16 @@ namespace VeraCrypt for (i = 0; i < array_capacity (XtsTestVectors); i++) { AES aes; - shared_ptr xts (new EncryptionModeXTS); - - aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + shared_ptr xts (new EncryptionModeWolfCryptXTS); + #else + shared_ptr xts (new EncryptionModeXTS); + #endif + + aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); + #endif xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); aes.SetMode (xts); @@ -494,7 +508,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { - shared_ptr mode (new EncryptionModeXTS); + #ifdef WOLFCRYPT_BACKEND + shared_ptr mode (new EncryptionModeWolfCryptXTS); + #else + shared_ptr mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -508,8 +526,11 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif - // Each data unit will contain the same plaintext + // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, @@ -556,6 +577,7 @@ namespace VeraCrypt break; } } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { switch (testCase) @@ -920,7 +942,7 @@ namespace VeraCrypt break; } } - + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -941,7 +963,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { + #ifdef WOLFCRYPT_BACKEND + shared_ptr mode (new EncryptionModeWolfCryptXTS); + #else shared_ptr mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -955,6 +981,9 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) @@ -974,6 +1003,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { if (crc != 0x3494d480) @@ -1058,6 +1088,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -1069,8 +1100,11 @@ namespace VeraCrypt nTestsPerformed++; } - + #ifndef WOLFCRYPT_BACKEND if (nTestsPerformed != 150) + #else + if (nTestsPerformed != 10) + #endif throw TestFailed (SRC_POS); } @@ -1081,6 +1115,7 @@ namespace VeraCrypt ConstBufferPtr salt (saltData, sizeof (saltData)); Buffer derivedKey (4); + #ifndef WOLFCRYPT_BACKEND Pkcs5HmacBlake2s pkcs5HmacBlake2s; pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0) @@ -1105,5 +1140,16 @@ namespace VeraCrypt pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0) throw TestFailed (SRC_POS); - } + #else + Pkcs5HmacSha256 pkcs5HmacSha256; + pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0) + throw TestFailed (SRC_POS); + + Pkcs5HmacSha512 pkcs5HmacSha512; + pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0) + throw TestFailed (SRC_POS); + #endif + } } -- cgit v1.2.3