diff options
Diffstat (limited to 'src/Crypto')
-rw-r--r-- | src/Crypto/Aes.h | 20 | ||||
-rw-r--r-- | src/Crypto/Sha2.h | 12 | ||||
-rw-r--r-- | src/Crypto/Twofish.c | 2 | ||||
-rw-r--r-- | src/Crypto/Whirlpool.c | 6 | ||||
-rw-r--r-- | src/Crypto/config.h | 8 | ||||
-rw-r--r-- | src/Crypto/cpu.c | 1 | ||||
-rw-r--r-- | src/Crypto/cpu.h | 6 | ||||
-rw-r--r-- | src/Crypto/jitterentropy-base-user.h | 2 | ||||
-rw-r--r-- | src/Crypto/misc.h | 2 | ||||
-rw-r--r-- | src/Crypto/wolfCrypt.c | 243 | ||||
-rw-r--r-- | src/Crypto/wolfCrypt.md | 25 |
11 files changed, 314 insertions, 13 deletions
diff --git a/src/Crypto/Aes.h b/src/Crypto/Aes.h index e12c6fc8..db1bed27 100644 --- a/src/Crypto/Aes.h +++ b/src/Crypto/Aes.h @@ -35,6 +35,11 @@ #include "Common/Tcdefs.h" +#ifdef WOLFCRYPT_BACKEND + #include <wolfssl/options.h> + #include <wolfssl/wolfcrypt/aes.h> +#endif + #ifndef EXIT_SUCCESS #define EXIT_SUCCESS 0 #define EXIT_FAILURE 1 @@ -93,11 +98,19 @@ typedef union typedef struct { uint_32t ks[KS_LENGTH]; aes_inf inf; +#ifdef WOLFCRYPT_BACKEND + XtsAes wc_enc_xts; + Aes wc_enc_aes; +#endif } aes_encrypt_ctx; typedef struct { uint_32t ks[KS_LENGTH]; aes_inf inf; +#ifdef WOLFCRYPT_BACKEND + XtsAes wc_dec_xts; + Aes wc_dec_aes; +#endif } aes_decrypt_ctx; /* This routine must be called before first use if non-static */ @@ -152,6 +165,13 @@ AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_de #endif +#ifdef WOLFCRYPT_BACKEND +AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]); +AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]); +AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1]); +AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1]); +#endif + #if defined(AES_MODES) /* Multiple calls to the following subroutines for multiple block */ diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h index 7e90abff..1fbcb8d1 100644 --- a/src/Crypto/Sha2.h +++ b/src/Crypto/Sha2.h @@ -12,6 +12,13 @@ #include "Common/Endian.h" #include "Crypto/config.h" +#ifdef WOLFCRYPT_BACKEND + #include <wolfssl/options.h> + #include <wolfssl/wolfcrypt/sha256.h> + #include <wolfssl/wolfcrypt/sha512.h> + #include <wolfssl/wolfcrypt/hash.h> +#endif + #if defined(__cplusplus) extern "C" { #endif @@ -28,6 +35,10 @@ extern "C" { #define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16) #endif +#ifdef WOLFCRYPT_BACKEND +typedef struct wc_Sha512 sha512_ctx; +typedef struct wc_Sha256 sha256_ctx; +#else typedef struct { uint_64t count[2]; SHA2_ALIGN uint_64t hash[8]; @@ -39,6 +50,7 @@ typedef struct SHA2_ALIGN uint_32t hash[8]; SHA2_ALIGN uint_32t wbuf[16]; } sha256_ctx; +#endif void sha512_begin(sha512_ctx* ctx); diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c index f0906f15..ad93b66f 100644 --- a/src/Crypto/Twofish.c +++ b/src/Crypto/Twofish.c @@ -607,7 +607,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]) byte S8[16]; uint32 S32[4]; } us; - int i; + unsigned int i; const byte* key = (const byte*) in_key; us.S32[0] = RS[0][key[0]] ^ RS[1][key[1]] ^ RS[2][key[2]] ^ RS[3][key[3]] ^ RS[4][key[4]] ^ RS[5][key[5]] ^ RS[6][key[6]] ^ RS[7][key[7]]; diff --git a/src/Crypto/Whirlpool.c b/src/Crypto/Whirlpool.c index 98ba318d..9af0cb32 100644 --- a/src/Crypto/Whirlpool.c +++ b/src/Crypto/Whirlpool.c @@ -894,7 +894,7 @@ static uint64 HashMultipleBlocks(WHIRLPOOL_CTX * const ctx, const uint64 *input, #if BYTE_ORDER == BIG_ENDIAN WhirlpoolTransform(ctx->state, input); #else - CorrectEndianess(dataBuf, input, 64); + CorrectEndianness(dataBuf, input, 64); WhirlpoolTransform(ctx->state, dataBuf); #endif input += 8; @@ -1008,7 +1008,7 @@ void WHIRLPOOL_finalize(WHIRLPOOL_CTX * const ctx, memset(data, 0, 32); } #if BYTE_ORDER == LITTLE_ENDIAN - CorrectEndianess(dataBuf, dataBuf, 32); + CorrectEndianness(dataBuf, dataBuf, 32); #endif dataBuf[4] = 0; @@ -1018,7 +1018,7 @@ void WHIRLPOOL_finalize(WHIRLPOOL_CTX * const ctx, WhirlpoolTransform(stateBuf, dataBuf); #if BYTE_ORDER == LITTLE_ENDIAN - CorrectEndianess(stateBuf, stateBuf, 64); + CorrectEndianness(stateBuf, stateBuf, 64); #endif memcpy(result, stateBuf, 64); } diff --git a/src/Crypto/config.h b/src/Crypto/config.h index 7ed6aabf..867c13dd 100644 --- a/src/Crypto/config.h +++ b/src/Crypto/config.h @@ -113,13 +113,13 @@ #define CRYPTOPP_X64_ASM_AVAILABLE #endif -#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM) && !defined(_M_ARM64) +#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__) #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1 #else #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0 #endif -#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(_M_ARM) && !defined(_M_ARM64) && ( \ +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__) && ( \ defined(__SSSE3__) || (_MSC_VER >= 1500) || \ (CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1000) || (__SUNPRO_CC >= 0x5110) || \ (CRYPTOPP_LLVM_CLANG_VERSION >= 20300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000)) @@ -128,7 +128,7 @@ #define CRYPTOPP_SSSE3_AVAILABLE 0 # endif -#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64) +#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__) #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1 #else #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0 @@ -146,7 +146,7 @@ #define CRYPTOPP_BOOL_ALIGN16 0 #endif -#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE && (defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)) +#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE && (defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)) #define CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE 1 #else #define CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE 0 diff --git a/src/Crypto/cpu.c b/src/Crypto/cpu.c index c3a769c8..effde6ba 100644 --- a/src/Crypto/cpu.c +++ b/src/Crypto/cpu.c @@ -348,7 +348,6 @@ void DetectX86Features() g_hasISSE = 1; else { - uint32 cpuid2[4] = {0}; CpuId(0x080000000, cpuid2); if (cpuid2[0] >= 0x080000001) { diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h index 157aeaef..2661bf1c 100644 --- a/src/Crypto/cpu.h +++ b/src/Crypto/cpu.h @@ -152,7 +152,7 @@ extern __m128i _mm_slli_si128(__m128i _A, int _Imm); #endif #endif -#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER) +#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER) #if defined(TC_WINDOWS_DRIVER) || defined (_UEFI) #if defined(__cplusplus) extern "C" { @@ -214,7 +214,7 @@ extern "C" { #endif #define CRYPTOPP_CPUID_AVAILABLE -#ifndef CRYPTOPP_DISABLE_AESNI +#if !defined(CRYPTOPP_DISABLE_AESNI) && !defined(WOLFCRYPT_BACKEND) #define TC_AES_HW_CPU #endif @@ -238,7 +238,7 @@ extern volatile int g_isIntel; extern volatile int g_isAMD; extern volatile uint32 g_cacheLineSize; void DetectX86Features(); // must be called at the start of the program/driver -int CpuId(uint32 input, uint32 *output); +int CpuId(uint32 input, uint32 output[4]); // disable all CPU extended features (e.g. SSE, AVX, AES) that may have // been enabled by DetectX86Features. void DisableCPUExtendedFeatures (); diff --git a/src/Crypto/jitterentropy-base-user.h b/src/Crypto/jitterentropy-base-user.h index b32d8ed3..aaefb41a 100644 --- a/src/Crypto/jitterentropy-base-user.h +++ b/src/Crypto/jitterentropy-base-user.h @@ -85,6 +85,8 @@ static VC_INLINE void jent_get_nstime(uint64 *out) #else +#include <sys/types.h> + #if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 /* taken from Linux kernel */ diff --git a/src/Crypto/misc.h b/src/Crypto/misc.h index 47d0288a..25313d1d 100644 --- a/src/Crypto/misc.h +++ b/src/Crypto/misc.h @@ -151,7 +151,7 @@ VC_INLINE uint64 ByteReverseWord64(uint64 value) #endif } -VC_INLINE void CorrectEndianess(uint64 *out, const uint64 *in, size_t byteCount) +VC_INLINE void CorrectEndianness(uint64 *out, const uint64 *in, size_t byteCount) { size_t i, count = byteCount/sizeof(uint64); diff --git a/src/Crypto/wolfCrypt.c b/src/Crypto/wolfCrypt.c new file mode 100644 index 00000000..39ab93a7 --- /dev/null +++ b/src/Crypto/wolfCrypt.c @@ -0,0 +1,243 @@ +/* See src/Crypto/wolfCrypt.md */ + +#include "Aes.h" +#include "Sha2.h" +#include "../Common/Crypto.h" +#include <wolfssl/wolfcrypt/hmac.h> + + +AES_RETURN aes_init() +{ +#if defined( AES_ERR_CHK ) + return EXIT_SUCCESS; +#else + return; +#endif +} + +AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]) +{ + int ret = 0; + + ret = wc_AesInit(&cx->wc_enc_aes, NULL, INVALID_DEVID); + + if (key_len == 128 || key_len == 192 || key_len == 256) + key_len = key_len/8; + + if (ret == 0) { + ret = wc_AesSetKey(&cx->wc_enc_aes, key, key_len, NULL, AES_ENCRYPTION); + } + +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif +} + +AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]) +{ + int ret = 0; + + ret = wc_AesInit(&cx->wc_dec_aes, NULL, INVALID_DEVID); + + if (key_len == 128 || key_len == 192 || key_len == 256) + key_len = key_len/8; + + if (ret == 0) { + ret = wc_AesSetKey(&cx->wc_dec_aes, key, key_len, NULL, AES_DECRYPTION); + } + +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif +} + +AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]) +{ + return aes_encrypt_key(key, 128, cx); +} + +AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]) +{ + return aes_encrypt_key(key, 192, cx); +} + +AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]) +{ + return aes_encrypt_key(key, 256, cx); +} + +AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]) +{ + return aes_decrypt_key(key, 128, cx); +} + +AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]) +{ + return aes_decrypt_key(key, 192, cx); +} + +AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]) +{ + return aes_decrypt_key(key, 256, cx); +} + +AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]) +{ + int ret = wc_AesEncryptDirect(&cx->wc_enc_aes, out, in); +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif + +} + +AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]) +{ + int ret = wc_AesDecryptDirect(&cx->wc_dec_aes, out, in); +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif + +} + +AES_RETURN xts_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]) +{ + int ret = 0; + + cx->wc_enc_xts.aes = cx->wc_enc_aes; + + ret = wc_AesInit(&cx->wc_enc_xts.tweak, NULL, INVALID_DEVID); + + if (key_len == 128 || key_len == 192 || key_len == 256) + key_len = key_len/8; + + if (ret == 0) { + ret = wc_AesSetKey(&cx->wc_enc_xts.tweak, key, key_len, NULL, AES_ENCRYPTION); + } +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif +} + +AES_RETURN xts_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]) +{ + int ret = 0; + + cx->wc_dec_xts.aes = cx->wc_dec_aes; + + ret = wc_AesInit(&cx->wc_dec_xts.tweak, NULL, INVALID_DEVID); + + if (key_len == 128 || key_len == 192 || key_len == 256) + key_len = key_len/8; + + if (ret == 0) { + ret = wc_AesSetKey(&cx->wc_dec_xts.tweak, key, key_len, NULL, AES_ENCRYPTION); + } + +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif +} + +AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]) +{ + return xts_encrypt_key(key, 256, cx); +} + +AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]) +{ + return xts_decrypt_key(key, 256, cx); +} + +AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1]) +{ + int ret = wc_AesXtsEncryptConsecutiveSectors(&cx->wc_enc_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE); + +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif + +} + +AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1]) +{ + int ret = wc_AesXtsDecryptConsecutiveSectors(&cx->wc_dec_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE); + +#if defined( AES_ERR_CHK ) + return ret ? EXIT_FAILURE : EXIT_SUCCESS; +#else + return; +#endif +} + + +void sha256_begin(sha256_ctx* ctx) +{ + wc_InitSha256(ctx); +} + +void sha256_hash(const unsigned char * source, uint_32t sourceLen, sha256_ctx *ctx) +{ + wc_Sha256Update(ctx, source, sourceLen); +} + +void sha256_end(unsigned char * result, sha256_ctx* ctx) +{ + wc_Sha256Final(ctx, result); +} + +void sha256(unsigned char * result, const unsigned char* source, uint_32t sourceLen) +{ + wc_Sha256 sha256; + wc_InitSha256(&sha256); + wc_Sha256Update(&sha256, source, sourceLen); + wc_Sha256Final(&sha256, result); + wc_Sha256Free(&sha256); +} + +void sha512_begin(sha512_ctx* ctx) +{ + wc_InitSha512(ctx); +} + +void sha512_hash(const unsigned char * source, uint_64t sourceLen, sha512_ctx *ctx) +{ + wc_Sha512Update(ctx, source, sourceLen); +} + +void sha512_end(unsigned char * result, sha512_ctx* ctx) +{ + wc_Sha512Final(ctx, result); +} + +void sha512(unsigned char * result, const unsigned char* source, uint_64t sourceLen) +{ + wc_Sha512 sha512; + wc_InitSha512(&sha512); + wc_Sha512Update(&sha512, source, sourceLen); + wc_Sha512Final(&sha512, result); + wc_Sha512Free(&sha512); +} + +void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) { + (void) iterations; + wc_HKDF(WC_SHA512, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen); +} + +void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) { + (void) iterations; + wc_HKDF(WC_SHA256, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen); +} diff --git a/src/Crypto/wolfCrypt.md b/src/Crypto/wolfCrypt.md new file mode 100644 index 00000000..32ccf242 --- /dev/null +++ b/src/Crypto/wolfCrypt.md @@ -0,0 +1,25 @@ +# wolfSSL as crypto provider for VeraCrypt + +[wolfCrypt](https://www.wolfssl.com/products/wolfcrypt/) is wolfSSL's cutting edge crypto engine and a +potential FIPS solution for users of VeraCrypt. Follow the steps below to setup VeraCrypt with wolfCrypt. + +## Building wolfSSL + +Clone wolfSSL and build it as shown below. + +``` +git clone https://github.com/wolfssl/wolfssl && cd wolfssl +./autogen.sh +./configure --enable-xts CFLAGS="-DNO_OLD_WC_NAMES" +make +sudo make install +``` + +## Building VeraCrypt with wolfSSL + +Build VeraCrypt with the `WOLFCRYPT` command line option. + +``` +make WXSTATIC=1 wxbuild && make WXSTATIC=1 clean && make WXSTATIC=1 WOLFCRYPT=1 && make WXSTATIC=1 WOLFCRYPT=1 package +``` + |