VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorlealem47 <60322859+lealem47@users.noreply.github.com>2023-11-12 16:51:31 -0700
committerGitHub <noreply@github.com>2023-11-13 00:51:31 +0100
commit9247ce1bb90c44d19a0069fadb12c0c480ac9b4f (patch)
tree66fb4728d502759271d03eba59d51c1a129b2ffb /src/Common
parent458be85f84a097aa829658c50ce41d82791fb6a8 (diff)
downloadVeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.tar.gz
VeraCrypt-9247ce1bb90c44d19a0069fadb12c0c480ac9b4f.zip
wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/BootEncryption.cpp17
-rw-r--r--src/Common/Crypto.c50
-rw-r--r--src/Common/Dlgcode.c20
-rw-r--r--src/Common/Random.c45
-rw-r--r--src/Common/Tests.c22
-rw-r--r--src/Common/Volumes.c73
-rw-r--r--src/Common/Xts.c10
7 files changed, 162 insertions, 75 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index d3dc249e..af6063e4 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1687,23 +1687,26 @@ namespace VeraCrypt
if (_stricmp (request.BootEncryptionAlgorithmName, "AES") == 0)
ea = AES;
- else if (_stricmp (request.BootEncryptionAlgorithmName, "Serpent") == 0)
+ #ifndef WOLFCRYPT_BACKEND
+ else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
+ ea = CAMELLIA;
+ else if (_stricmp (request.BootEncryptionAlgorithmName, "Serpent") == 0)
ea = SERPENT;
else if (_stricmp (request.BootEncryptionAlgorithmName, "Twofish") == 0)
ea = TWOFISH;
- else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
- ea = CAMELLIA;
-
+ #endif
if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
pkcs5_prf = SHA256;
- else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
- pkcs5_prf = BLAKE2S;
- else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
+ else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
pkcs5_prf = SHA512;
+ #ifndef WOLFCRYPT_BACKEND
+ else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
+ pkcs5_prf = BLAKE2S;
else if (_stricmp(request.BootPrfAlgorithmName, "Whirlpool") == 0)
pkcs5_prf = WHIRLPOOL;
else if (_stricmp(request.BootPrfAlgorithmName, "Streebog") == 0)
pkcs5_prf = STREEBOG;
+ #endif
else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
pkcs5_prf = BLAKE2S;
}
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 38af7fe5..49948107 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -57,15 +57,19 @@ static Cipher Ciphers[] =
// ID Name (Bytes) (Bytes) (Bytes)
#ifdef TC_WINDOWS_BOOT
{ AES, "AES", 16, 32, AES_KS },
- { SERPENT, "Serpent", 16, 32, 140*4 },
+#ifndef WOLFCRYPT_BACKEND
+ { SERPENT, "Serpent", 16, 32, 140*4 },
{ TWOFISH, "Twofish", 16, 32, TWOFISH_KS },
+#endif
#else
{ AES, L"AES", 16, 32, AES_KS },
+#ifndef WOLFCRYPT_BACKEND
{ SERPENT, L"Serpent", 16, 32, 140*4 },
{ TWOFISH, L"Twofish", 16, 32, TWOFISH_KS },
{ CAMELLIA, L"Camellia", 16, 32, CAMELLIA_KS },
{ KUZNYECHIK, L"Kuznyechik",16, 32, KUZNYECHIK_KS },
#endif
+#endif
{ 0, 0, 0, 0, 0 }
};
@@ -79,6 +83,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
{ { 0, 0 }, { 0, 0}, 0, 0 }, // Must be all-zero
{ { AES, 0 }, { XTS, 0 }, 1, 1 },
+#ifndef WOLFCRYPT_BACKEND
{ { SERPENT, 0 }, { XTS, 0 }, 1, 1 },
{ { TWOFISH, 0 }, { XTS, 0 }, 1, 1 },
{ { CAMELLIA, 0 }, { XTS, 0 }, 1, 1 },
@@ -93,6 +98,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
{ { SERPENT, CAMELLIA, 0 }, { XTS, 0 }, 0, 1 },
{ { AES, KUZNYECHIK, 0 }, { XTS, 0 }, 0, 1 },
{ { CAMELLIA, SERPENT, KUZNYECHIK, 0 }, { XTS, 0 }, 0, 1 },
+#endif
{ { 0, 0 }, { 0, 0}, 0, 0 } // Must be all-zero
#else // TC_WINDOWS_BOOT
@@ -100,6 +106,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
// Encryption algorithms available for boot drive encryption
{ { 0, 0 }, { 0, 0 }, 0 }, // Must be all-zero
{ { AES, 0 }, { XTS, 0 }, 1 },
+#ifndef WOLFCRYPT_BACKEND
{ { SERPENT, 0 }, { XTS, 0 }, 1 },
{ { TWOFISH, 0 }, { XTS, 0 }, 1 },
{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
@@ -107,6 +114,7 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
{ { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },
+#endif
{ { 0, 0 }, { 0, 0 }, 0 }, // Must be all-zero
#endif
@@ -119,11 +127,13 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
static Hash Hashes[] =
{ // ID Name Deprecated System Encryption
{ SHA512, L"SHA-512", FALSE, FALSE },
- { WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
- { BLAKE2S, L"BLAKE2s-256", FALSE, TRUE },
{ SHA256, L"SHA-256", FALSE, TRUE },
+ #ifndef WOLFCRYPT_BACKEND
+ { BLAKE2S, L"BLAKE2s-256", FALSE, TRUE },
+ { WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
{ STREEBOG, L"Streebog", FALSE, FALSE },
- { 0, 0, 0 }
+ #endif
+ { 0, 0, 0 }
};
#endif
@@ -147,6 +157,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
#endif
break;
+#ifndef WOLFCRYPT_BACKEND
case SERPENT:
serpent_set_key (key, ks);
break;
@@ -167,6 +178,7 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
break;
#endif // !defined(TC_WINDOWS_BOOT)
+#endif
default:
// Unknown/wrong cipher ID
return ERR_CIPHER_INIT_FAILURE;
@@ -189,6 +201,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
aes_encrypt (data, data, ks);
break;
+#ifndef WOLFCRYPT_BACKEND
case TWOFISH: twofish_encrypt (ks, data, data); break;
case SERPENT: serpent_encrypt (data, data, ks); break;
#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_CAMELLIA)
@@ -197,6 +210,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
#if !defined(TC_WINDOWS_BOOT)
case KUZNYECHIK: kuznyechik_encrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
+#endif
default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
}
@@ -230,6 +244,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
+#ifndef WOLFCRYPT_BACKEND
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == SERPENT
&& (blockCount >= 4)
@@ -267,6 +282,7 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
+#endif
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@@ -284,6 +300,7 @@ void DecipherBlock(int cipher, void *data, void *ks)
{
switch (cipher)
{
+#ifndef WOLFCRYPT_BACKEND
case SERPENT: serpent_decrypt (data, data, ks); break;
case TWOFISH: twofish_decrypt (ks, data, data); break;
#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_CAMELLIA)
@@ -292,6 +309,7 @@ void DecipherBlock(int cipher, void *data, void *ks)
#if !defined(TC_WINDOWS_BOOT)
case KUZNYECHIK: kuznyechik_decrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
+#endif
#ifndef TC_WINDOWS_BOOT
@@ -341,6 +359,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
+#ifndef WOLFCRYPT_BACKEND
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == SERPENT
&& (blockCount >= 4)
@@ -378,6 +397,7 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
+#endif
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@@ -523,8 +543,16 @@ BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2)
// Secondary key schedule
if (EAInit (ci->ea, key2, ci->ks2) != ERR_SUCCESS)
return FALSE;
+
+ #ifdef WOLFCRYPT_BACKEND
+ if (xts_encrypt_key256 (key2, (aes_encrypt_ctx *) ci->ks) != EXIT_SUCCESS)
+ return ERR_CIPHER_INIT_FAILURE;
+
+ if (xts_decrypt_key256 (key2, (aes_decrypt_ctx *) (ci->ks + sizeof(aes_encrypt_ctx))) != EXIT_SUCCESS)
+ return ERR_CIPHER_INIT_FAILURE;
+ #endif
- /* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
+ /* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB
mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have
to create approximately 11,378,125,361,078,862 (about eleven quadrillion) TrueCrypt volumes (provided
@@ -1093,11 +1121,11 @@ void EncipherBlock(int cipher, void *data, void *ks)
aes_hw_cpu_encrypt ((byte *) ks, data);
else
aes_encrypt (data, data, ks);
-#elif defined (TC_WINDOWS_BOOT_SERPENT)
+#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_encrypt (data, data, ks);
-#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_encrypt (ks, data, data);
-#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_encrypt (data, data, ks);
#endif
}
@@ -1109,11 +1137,11 @@ void DecipherBlock(int cipher, void *data, void *ks)
aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx) + 14 * 16, data);
else
aes_decrypt (data, data, (aes_decrypt_ctx *) ((byte *) ks + sizeof(aes_encrypt_ctx)));
-#elif defined (TC_WINDOWS_BOOT_SERPENT)
+#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_decrypt (data, data, ks);
-#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_decrypt (ks, data, data);
-#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_decrypt (data, data, ks);
#endif
}
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 7ad0fdb0..78aa3844 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -6143,11 +6143,13 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
*/
{
BYTE digest [MAX_DIGESTSIZE];
- WHIRLPOOL_CTX wctx;
- blake2s_state bctx;
+ #ifndef WOLFCRYPT_BACKEND
+ WHIRLPOOL_CTX wctx;
+ STREEBOG_CTX stctx;
+ blake2s_state bctx;
+ #endif
sha512_ctx s2ctx;
sha256_ctx s256ctx;
- STREEBOG_CTX stctx;
int hid, i;
@@ -6172,7 +6174,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
sha256_hash (lpTestBuffer, benchmarkBufferSize, &s256ctx);
sha256_end ((unsigned char *) digest, &s256ctx);
break;
-
+ #ifndef WOLFCRYPT_BACKEND
case BLAKE2S:
blake2s_init(&bctx);
blake2s_update(&bctx, lpTestBuffer, benchmarkBufferSize);
@@ -6192,7 +6194,8 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
break;
}
- }
+ #endif
+ }
if (QueryPerformanceCounter (&performanceCountEnd) == 0)
goto counter_error;
@@ -6240,7 +6243,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
-
+ #ifndef WOLFCRYPT_BACKEND
case BLAKE2S:
/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
@@ -6256,7 +6259,8 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
derive_key_streebog("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
}
- }
+ #endif
+ }
if (QueryPerformanceCounter (&performanceCountEnd) == 0)
goto counter_error;
@@ -15671,4 +15675,4 @@ DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize)
return dwRet;
}
-#endif // VC_COMREG \ No newline at end of file
+#endif // VC_COMREG
diff --git a/src/Common/Random.c b/src/Common/Random.c
index fd836c7f..ee3fcf53 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -262,19 +262,17 @@ BOOL Randmix ()
if (bRandmixEnabled)
{
unsigned char hashOutputBuffer [MAX_DIGESTSIZE];
- WHIRLPOOL_CTX wctx;
- blake2s_state bctx;
+ #ifndef WOLFCRYPT_BACKEND
+ WHIRLPOOL_CTX wctx;
+ blake2s_state bctx;
+ STREEBOG_CTX stctx;
+ #endif
sha512_ctx sctx;
sha256_ctx s256ctx;
- STREEBOG_CTX stctx;
int poolIndex, digestIndex, digestSize;
switch (HashFunction)
{
- case BLAKE2S:
- digestSize = BLAKE2S_DIGESTSIZE;
- break;
-
case SHA512:
digestSize = SHA512_DIGESTSIZE;
break;
@@ -283,6 +281,11 @@ BOOL Randmix ()
digestSize = SHA256_DIGESTSIZE;
break;
+ #ifndef WOLFCRYPT_BACKEND
+ case BLAKE2S:
+ digestSize = BLAKE2S_DIGESTSIZE;
+ break;
+
case WHIRLPOOL:
digestSize = WHIRLPOOL_DIGESTSIZE;
break;
@@ -290,7 +293,7 @@ BOOL Randmix ()
case STREEBOG:
digestSize = STREEBOG_DIGESTSIZE;
break;
-
+ #endif
default:
TC_THROW_FATAL_EXCEPTION;
}
@@ -303,12 +306,6 @@ BOOL Randmix ()
/* Compute the message digest of the entire pool using the selected hash function. */
switch (HashFunction)
{
- case BLAKE2S:
- blake2s_init(&bctx);
- blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
- blake2s_final(&bctx, hashOutputBuffer);
- break;
-
case SHA512:
sha512_begin (&sctx);
sha512_hash (pRandPool, RNG_POOL_SIZE, &sctx);
@@ -321,6 +318,13 @@ BOOL Randmix ()
sha256_end (hashOutputBuffer, &s256ctx);
break;
+ #ifndef WOLFCRYPT_BACKEND
+ case BLAKE2S:
+ blake2s_init(&bctx);
+ blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
+ blake2s_final(&bctx, hashOutputBuffer);
+ break;
+
case WHIRLPOOL:
WHIRLPOOL_init (&wctx);
WHIRLPOOL_add (pRandPool, RNG_POOL_SIZE, &wctx);
@@ -332,7 +336,7 @@ BOOL Randmix ()
STREEBOG_add (&stctx, pRandPool, RNG_POOL_SIZE);
STREEBOG_finalize (&stctx, hashOutputBuffer);
break;
-
+ #endif
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -349,10 +353,6 @@ BOOL Randmix ()
burn (hashOutputBuffer, MAX_DIGESTSIZE);
switch (HashFunction)
{
- case BLAKE2S:
- burn (&bctx, sizeof(bctx));
- break;
-
case SHA512:
burn (&sctx, sizeof(sctx));
break;
@@ -361,6 +361,11 @@ BOOL Randmix ()
burn (&s256ctx, sizeof(s256ctx));
break;
+ #ifndef WOLFCRYPT_BACKEND
+ case BLAKE2S:
+ burn (&bctx, sizeof(bctx));
+ break;
+
case WHIRLPOOL:
burn (&wctx, sizeof(wctx));
break;
@@ -368,7 +373,7 @@ BOOL Randmix ()
case STREEBOG:
burn (&stctx, sizeof(sctx));
break;
-
+ #endif
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index 4f53d4ed..82564a84 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -311,6 +311,9 @@ AES_TEST aes_ecb_vectors[AES_TEST_COUNT] = {
0x8e,0xa2,0xb7,0xca,0x51,0x67,0x45,0xbf,0xea,0xfc,0x49,0x90,0x4b,0x49,0x60,0x89
};
+
+#ifndef WOLFCRYPT_BACKEND
+
// Serpent ECB test vectors
#define SERPENT_TEST_COUNT 1
@@ -419,6 +422,7 @@ KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = {
}
};
+#endif
/* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */
@@ -784,6 +788,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
break;
}
}
+ #ifndef WOLFCRYPT_BACKEND
else if (wcscmp (name, L"Serpent") == 0)
{
switch (testCase)
@@ -1148,7 +1153,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
break;
}
}
-
+ #endif
if (crc == 0x9f5edd58)
return FALSE;
@@ -1200,6 +1205,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return FALSE;
nTestsPerformed++;
}
+ #ifndef WOLFCRYPT_BACKEND
else if (wcscmp (name, L"Serpent") == 0)
{
if (crc != 0x3494d480)
@@ -1284,7 +1290,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return FALSE;
nTestsPerformed++;
}
-
+ #endif
if (crc == 0x9f5edd58)
return FALSE;
@@ -1357,6 +1363,7 @@ static BOOL DoAutoTestAlgorithms (void)
bFailed = TRUE;
}
+ #ifndef WOLFCRYPT_BACKEND
/* Serpent */
for (i = 0; i < SERPENT_TEST_COUNT; i++)
@@ -1437,6 +1444,7 @@ static BOOL DoAutoTestAlgorithms (void)
}
if (i != KUZNYECHIK_TEST_COUNT)
bFailed = TRUE;
+ #endif
/* PKCS #5 and HMACs */
if (!test_pkcs5 ())
@@ -1565,6 +1573,7 @@ BOOL test_hmac_sha512 ()
return (nTestsPerformed == 6);
}
+#ifndef WOLFCRYPT_BACKEND
BOOL test_hmac_blake2s ()
{
unsigned int i;
@@ -1609,6 +1618,7 @@ BOOL test_hmac_whirlpool ()
return TRUE;
}
+#endif
/* http://www.tc26.ru/methods/recommendation/%D0%A2%D0%9A26%D0%90%D0%9B%D0%93.pdf */
/* https://tools.ietf.org/html/draft-smyshlyaev-gost-usage-00 */
@@ -1633,6 +1643,7 @@ static const unsigned char gost3411_2012_hmac_r1[] = {
};
+#ifndef WOLFCRYPT_BACKEND
BOOL test_hmac_streebog ()
{
CRYPTOPP_ALIGN_DATA(16) char digest[64]; /* large enough to hold digets and test vector inputs */
@@ -1653,6 +1664,7 @@ int __cdecl StreebogHash (unsigned char* input, unsigned long inputLen, unsigned
STREEBOG_finalize (&ctx, output);
return STREEBOG_DIGESTSIZE;
}
+#endif
BOOL test_pkcs5 ()
{
@@ -1666,6 +1678,7 @@ BOOL test_pkcs5 ()
if (!test_hmac_sha512())
return FALSE;
+#ifndef WOLFCRYPT_BACKEND
/* HMAC-BLAKE2s tests */
if (test_hmac_blake2s() == FALSE)
return FALSE;
@@ -1685,7 +1698,7 @@ BOOL test_pkcs5 ()
/* STREEBOG hash tests */
if (RunHashTest (StreebogHash, Streebog512TestVectors, (HasSSE2() || HasSSE41())? TRUE : FALSE) == FALSE)
return FALSE;
-
+#endif
/* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */
derive_key_sha256 ("passwd", 6, "\x73\x61\x6C\x74", 4, 1, dk, 64);
if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0)
@@ -1717,6 +1730,7 @@ BOOL test_pkcs5 ()
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
return FALSE;
+#ifndef WOLFCRYPT_BACKEND
/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
@@ -1746,6 +1760,6 @@ BOOL test_pkcs5 ()
derive_key_streebog ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96);
if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0)
return FALSE;
-
+#endif
return TRUE;
}
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 5b1d4065..989b2d14 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -369,31 +369,34 @@ KeyReady: ;
switch (pkcs5_prf)
{
- case BLAKE2S:
- derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ case SHA512:
+ derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
- case SHA512:
- derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ case SHA256:
+ derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
- case WHIRLPOOL:
- derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ #ifndef WOLFCRYPT_BACKEND
+ case BLAKE2S:
+ derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
- case SHA256:
- derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ case WHIRLPOOL:
+ derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
- case STREEBOG:
+
+ case STREEBOG:
derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
- default:
+ #endif
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -650,7 +653,8 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
//
// we have: TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE
- WHIRLPOOL_CTX whirlpool;
+#ifndef WOLFCRYPT_BACKEND
+ WHIRLPOOL_CTX whirlpool;
sha512_ctx sha2;
WHIRLPOOL_init (&whirlpool);
@@ -667,6 +671,26 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
WHIRLPOOL_finalize (&whirlpool, fingerprint);
sha512_end (&fingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
+#else
+ sha512_ctx sha2_512;
+ sha256_ctx sha2_256;
+
+ sha512_begin (&sha2_512);
+ sha256_begin (&sha2_256);
+
+ sha512_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_512);
+ sha256_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_256);
+
+ sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_512);
+ sha256_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_256);
+
+ sha512_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_512);
+ sha256_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_256);
+
+ sha512_end (&fingerprint, &sha2_512);
+ sha256_end (&fingerprint [SHA512_DIGESTSIZE], &sha2_256);
+ sha256_end (&fingerprint [SHA512_DIGESTSIZE + SHA256_DIGESTSIZE], &sha2_256);
+#endif
}
#endif
@@ -711,11 +735,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
#endif
{
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
- #if defined (TC_WINDOWS_BOOT_SERPENT)
+ #if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_set_key (dk, cryptoInfo->ks);
- #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
- #elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+ #elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_set_key (dk, cryptoInfo->ks);
#else
status = EAInit (dk, cryptoInfo->ks);
@@ -729,11 +753,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
#endif
// Secondary key schedule
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
- #if defined (TC_WINDOWS_BOOT_SERPENT)
+ #if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_set_key (dk + 32, cryptoInfo->ks2);
- #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
- #elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+ #elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_set_key (dk + 32, cryptoInfo->ks2);
#else
EAInit (dk + 32, cryptoInfo->ks2);
@@ -790,11 +814,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
// Init the encryption algorithm with the decrypted master key
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
- #if defined (TC_WINDOWS_BOOT_SERPENT)
+ #if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_set_key (dk, cryptoInfo->ks);
- #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
- #elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+ #elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_set_key (dk, cryptoInfo->ks);
#else
status = EAInit (dk, cryptoInfo->ks);
@@ -809,11 +833,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
// The secondary master key (if cascade, multiple concatenated)
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
- #if defined (TC_WINDOWS_BOOT_SERPENT)
+ #if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
serpent_set_key (dk + 32, cryptoInfo->ks2);
- #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
- #elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+ #elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
camellia_set_key (dk + 32, cryptoInfo->ks2);
#else
EAInit (dk + 32, cryptoInfo->ks2);
@@ -976,6 +1000,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
+ #ifndef WOLFCRYPT_BACKEND
case BLAKE2S:
derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -990,7 +1015,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
-
+ #endif
default:
// Unknown/wrong ID
crypto_close (cryptoInfo);
diff --git a/src/Common/Xts.c b/src/Common/Xts.c
index 390eb31e..4a62aaf3 100644
--- a/src/Common/Xts.c
+++ b/src/Common/Xts.c
@@ -54,10 +54,14 @@ void EncryptBufferXTS (unsigned __int8 *buffer,
unsigned __int8 *ks2,
int cipher)
{
- if (CipherSupportsIntraDataUnitParallelization (cipher))
+ #ifndef WOLFCRYPT_BACKEND
+ if (CipherSupportsIntraDataUnitParallelization (cipher))
EncryptBufferXTSParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
else
EncryptBufferXTSNonParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
+ #else
+ xts_encrypt(buffer, buffer, length, startDataUnitNo, ks);
+ #endif
}
#if (CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && CRYPTOPP_BOOL_X64)
@@ -380,10 +384,14 @@ void DecryptBufferXTS (unsigned __int8 *buffer,
unsigned __int8 *ks2,
int cipher)
{
+ #ifndef WOLFCRYPT_BACKEND
if (CipherSupportsIntraDataUnitParallelization (cipher))
DecryptBufferXTSParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
else
DecryptBufferXTSNonParallel (buffer, length, startDataUnitNo, startCipherBlockNo, ks, ks2, cipher);
+ #else
+ xts_decrypt(buffer, buffer, length, startDataUnitNo, ks);
+ #endif
}