VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/Crypto')
-rw-r--r--src/Crypto/Aes.h20
-rw-r--r--src/Crypto/Crypto_vs2019.vcxproj3
-rw-r--r--src/Crypto/Sha2.h12
-rw-r--r--src/Crypto/Twofish.c2
-rw-r--r--src/Crypto/Whirlpool.c6
-rw-r--r--src/Crypto/config.h8
-rw-r--r--src/Crypto/cpu.c1
-rw-r--r--src/Crypto/cpu.h6
-rw-r--r--src/Crypto/jitterentropy-base-user.h2
-rw-r--r--src/Crypto/misc.h2
-rw-r--r--src/Crypto/wolfCrypt.c243
-rw-r--r--src/Crypto/wolfCrypt.md25
12 files changed, 317 insertions, 13 deletions
diff --git a/src/Crypto/Aes.h b/src/Crypto/Aes.h
index e12c6fc8..db1bed27 100644
--- a/src/Crypto/Aes.h
+++ b/src/Crypto/Aes.h
@@ -35,6 +35,11 @@
#include "Common/Tcdefs.h"
+#ifdef WOLFCRYPT_BACKEND
+ #include <wolfssl/options.h>
+ #include <wolfssl/wolfcrypt/aes.h>
+#endif
+
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE 1
@@ -93,11 +98,19 @@ typedef union
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
+#ifdef WOLFCRYPT_BACKEND
+ XtsAes wc_enc_xts;
+ Aes wc_enc_aes;
+#endif
} aes_encrypt_ctx;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
+#ifdef WOLFCRYPT_BACKEND
+ XtsAes wc_dec_xts;
+ Aes wc_dec_aes;
+#endif
} aes_decrypt_ctx;
/* This routine must be called before first use if non-static */
@@ -152,6 +165,13 @@ AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_de
#endif
+#ifdef WOLFCRYPT_BACKEND
+AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
+AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
+AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1]);
+AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1]);
+#endif
+
#if defined(AES_MODES)
/* Multiple calls to the following subroutines for multiple block */
diff --git a/src/Crypto/Crypto_vs2019.vcxproj b/src/Crypto/Crypto_vs2019.vcxproj
index aa75b9b8..ccd512b9 100644
--- a/src/Crypto/Crypto_vs2019.vcxproj
+++ b/src/Crypto/Crypto_vs2019.vcxproj
@@ -308,6 +308,9 @@
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
<ClCompile Include="blake2s.c" />
+ <ClCompile Include="blake2s_SSE2.c" />
+ <ClCompile Include="blake2s_SSE41.c" />
+ <ClCompile Include="blake2s_SSSE3.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
diff --git a/src/Crypto/Sha2.h b/src/Crypto/Sha2.h
index 7e90abff..1fbcb8d1 100644
--- a/src/Crypto/Sha2.h
+++ b/src/Crypto/Sha2.h
@@ -12,6 +12,13 @@
#include "Common/Endian.h"
#include "Crypto/config.h"
+#ifdef WOLFCRYPT_BACKEND
+ #include <wolfssl/options.h>
+ #include <wolfssl/wolfcrypt/sha256.h>
+ #include <wolfssl/wolfcrypt/sha512.h>
+ #include <wolfssl/wolfcrypt/hash.h>
+#endif
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -28,6 +35,10 @@ extern "C" {
#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)
#endif
+#ifdef WOLFCRYPT_BACKEND
+typedef struct wc_Sha512 sha512_ctx;
+typedef struct wc_Sha256 sha256_ctx;
+#else
typedef struct
{ uint_64t count[2];
SHA2_ALIGN uint_64t hash[8];
@@ -39,6 +50,7 @@ typedef struct
SHA2_ALIGN uint_32t hash[8];
SHA2_ALIGN uint_32t wbuf[16];
} sha256_ctx;
+#endif
void sha512_begin(sha512_ctx* ctx);
diff --git a/src/Crypto/Twofish.c b/src/Crypto/Twofish.c
index f0906f15..ad93b66f 100644
--- a/src/Crypto/Twofish.c
+++ b/src/Crypto/Twofish.c
@@ -607,7 +607,7 @@ void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])
byte S8[16];
uint32 S32[4];
} us;
- int i;
+ unsigned int i;
const byte* key = (const byte*) in_key;
us.S32[0] = RS[0][key[0]] ^ RS[1][key[1]] ^ RS[2][key[2]] ^ RS[3][key[3]] ^ RS[4][key[4]] ^ RS[5][key[5]] ^ RS[6][key[6]] ^ RS[7][key[7]];
diff --git a/src/Crypto/Whirlpool.c b/src/Crypto/Whirlpool.c
index 98ba318d..9af0cb32 100644
--- a/src/Crypto/Whirlpool.c
+++ b/src/Crypto/Whirlpool.c
@@ -894,7 +894,7 @@ static uint64 HashMultipleBlocks(WHIRLPOOL_CTX * const ctx, const uint64 *input,
#if BYTE_ORDER == BIG_ENDIAN
WhirlpoolTransform(ctx->state, input);
#else
- CorrectEndianess(dataBuf, input, 64);
+ CorrectEndianness(dataBuf, input, 64);
WhirlpoolTransform(ctx->state, dataBuf);
#endif
input += 8;
@@ -1008,7 +1008,7 @@ void WHIRLPOOL_finalize(WHIRLPOOL_CTX * const ctx,
memset(data, 0, 32);
}
#if BYTE_ORDER == LITTLE_ENDIAN
- CorrectEndianess(dataBuf, dataBuf, 32);
+ CorrectEndianness(dataBuf, dataBuf, 32);
#endif
dataBuf[4] = 0;
@@ -1018,7 +1018,7 @@ void WHIRLPOOL_finalize(WHIRLPOOL_CTX * const ctx,
WhirlpoolTransform(stateBuf, dataBuf);
#if BYTE_ORDER == LITTLE_ENDIAN
- CorrectEndianess(stateBuf, stateBuf, 64);
+ CorrectEndianness(stateBuf, stateBuf, 64);
#endif
memcpy(result, stateBuf, 64);
}
diff --git a/src/Crypto/config.h b/src/Crypto/config.h
index 7ed6aabf..867c13dd 100644
--- a/src/Crypto/config.h
+++ b/src/Crypto/config.h
@@ -113,13 +113,13 @@
#define CRYPTOPP_X64_ASM_AVAILABLE
#endif
-#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM) && !defined(_M_ARM64)
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__)
#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
#endif
-#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(_M_ARM) && !defined(_M_ARM64) && ( \
+#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__) && ( \
defined(__SSSE3__) || (_MSC_VER >= 1500) || \
(CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1000) || (__SUNPRO_CC >= 0x5110) || \
(CRYPTOPP_LLVM_CLANG_VERSION >= 20300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40000))
@@ -128,7 +128,7 @@
#define CRYPTOPP_SSSE3_AVAILABLE 0
# endif
-#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64)
+#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64) && !defined(__arm__) && !defined(__aarch64__) && !defined(__arm64__)
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0
@@ -146,7 +146,7 @@
#define CRYPTOPP_BOOL_ALIGN16 0
#endif
-#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE && (defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER))
+#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE && (defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER))
#define CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE 0
diff --git a/src/Crypto/cpu.c b/src/Crypto/cpu.c
index c3a769c8..effde6ba 100644
--- a/src/Crypto/cpu.c
+++ b/src/Crypto/cpu.c
@@ -348,7 +348,6 @@ void DetectX86Features()
g_hasISSE = 1;
else
{
- uint32 cpuid2[4] = {0};
CpuId(0x080000000, cpuid2);
if (cpuid2[0] >= 0x080000001)
{
diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h
index 157aeaef..2661bf1c 100644
--- a/src/Crypto/cpu.h
+++ b/src/Crypto/cpu.h
@@ -152,7 +152,7 @@ extern __m128i _mm_slli_si128(__m128i _A, int _Imm);
#endif
#endif
-#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
+#if CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
@@ -214,7 +214,7 @@ extern "C" {
#endif
#define CRYPTOPP_CPUID_AVAILABLE
-#ifndef CRYPTOPP_DISABLE_AESNI
+#if !defined(CRYPTOPP_DISABLE_AESNI) && !defined(WOLFCRYPT_BACKEND)
#define TC_AES_HW_CPU
#endif
@@ -238,7 +238,7 @@ extern volatile int g_isIntel;
extern volatile int g_isAMD;
extern volatile uint32 g_cacheLineSize;
void DetectX86Features(); // must be called at the start of the program/driver
-int CpuId(uint32 input, uint32 *output);
+int CpuId(uint32 input, uint32 output[4]);
// disable all CPU extended features (e.g. SSE, AVX, AES) that may have
// been enabled by DetectX86Features.
void DisableCPUExtendedFeatures ();
diff --git a/src/Crypto/jitterentropy-base-user.h b/src/Crypto/jitterentropy-base-user.h
index b32d8ed3..aaefb41a 100644
--- a/src/Crypto/jitterentropy-base-user.h
+++ b/src/Crypto/jitterentropy-base-user.h
@@ -85,6 +85,8 @@ static VC_INLINE void jent_get_nstime(uint64 *out)
#else
+#include <sys/types.h>
+
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
/* taken from Linux kernel */
diff --git a/src/Crypto/misc.h b/src/Crypto/misc.h
index 47d0288a..25313d1d 100644
--- a/src/Crypto/misc.h
+++ b/src/Crypto/misc.h
@@ -151,7 +151,7 @@ VC_INLINE uint64 ByteReverseWord64(uint64 value)
#endif
}
-VC_INLINE void CorrectEndianess(uint64 *out, const uint64 *in, size_t byteCount)
+VC_INLINE void CorrectEndianness(uint64 *out, const uint64 *in, size_t byteCount)
{
size_t i, count = byteCount/sizeof(uint64);
diff --git a/src/Crypto/wolfCrypt.c b/src/Crypto/wolfCrypt.c
new file mode 100644
index 00000000..39ab93a7
--- /dev/null
+++ b/src/Crypto/wolfCrypt.c
@@ -0,0 +1,243 @@
+/* See src/Crypto/wolfCrypt.md */
+
+#include "Aes.h"
+#include "Sha2.h"
+#include "../Common/Crypto.h"
+#include <wolfssl/wolfcrypt/hmac.h>
+
+
+AES_RETURN aes_init()
+{
+#if defined( AES_ERR_CHK )
+ return EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
+{
+ int ret = 0;
+
+ ret = wc_AesInit(&cx->wc_enc_aes, NULL, INVALID_DEVID);
+
+ if (key_len == 128 || key_len == 192 || key_len == 256)
+ key_len = key_len/8;
+
+ if (ret == 0) {
+ ret = wc_AesSetKey(&cx->wc_enc_aes, key, key_len, NULL, AES_ENCRYPTION);
+ }
+
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
+{
+ int ret = 0;
+
+ ret = wc_AesInit(&cx->wc_dec_aes, NULL, INVALID_DEVID);
+
+ if (key_len == 128 || key_len == 192 || key_len == 256)
+ key_len = key_len/8;
+
+ if (ret == 0) {
+ ret = wc_AesSetKey(&cx->wc_dec_aes, key, key_len, NULL, AES_DECRYPTION);
+ }
+
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
+{
+ return aes_encrypt_key(key, 128, cx);
+}
+
+AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
+{
+ return aes_encrypt_key(key, 192, cx);
+}
+
+AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
+{
+ return aes_encrypt_key(key, 256, cx);
+}
+
+AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
+{
+ return aes_decrypt_key(key, 128, cx);
+}
+
+AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
+{
+ return aes_decrypt_key(key, 192, cx);
+}
+
+AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
+{
+ return aes_decrypt_key(key, 256, cx);
+}
+
+AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
+{
+ int ret = wc_AesEncryptDirect(&cx->wc_enc_aes, out, in);
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+
+}
+
+AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
+{
+ int ret = wc_AesDecryptDirect(&cx->wc_dec_aes, out, in);
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+
+}
+
+AES_RETURN xts_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
+{
+ int ret = 0;
+
+ cx->wc_enc_xts.aes = cx->wc_enc_aes;
+
+ ret = wc_AesInit(&cx->wc_enc_xts.tweak, NULL, INVALID_DEVID);
+
+ if (key_len == 128 || key_len == 192 || key_len == 256)
+ key_len = key_len/8;
+
+ if (ret == 0) {
+ ret = wc_AesSetKey(&cx->wc_enc_xts.tweak, key, key_len, NULL, AES_ENCRYPTION);
+ }
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+AES_RETURN xts_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
+{
+ int ret = 0;
+
+ cx->wc_dec_xts.aes = cx->wc_dec_aes;
+
+ ret = wc_AesInit(&cx->wc_dec_xts.tweak, NULL, INVALID_DEVID);
+
+ if (key_len == 128 || key_len == 192 || key_len == 256)
+ key_len = key_len/8;
+
+ if (ret == 0) {
+ ret = wc_AesSetKey(&cx->wc_dec_xts.tweak, key, key_len, NULL, AES_ENCRYPTION);
+ }
+
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+AES_RETURN xts_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
+{
+ return xts_encrypt_key(key, 256, cx);
+}
+
+AES_RETURN xts_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
+{
+ return xts_decrypt_key(key, 256, cx);
+}
+
+AES_RETURN xts_encrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_encrypt_ctx cx[1])
+{
+ int ret = wc_AesXtsEncryptConsecutiveSectors(&cx->wc_enc_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE);
+
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+
+}
+
+AES_RETURN xts_decrypt(const unsigned char *in, unsigned char *out, word64 length, word64 sector, const aes_decrypt_ctx cx[1])
+{
+ int ret = wc_AesXtsDecryptConsecutiveSectors(&cx->wc_dec_xts, out, in, length, sector, ENCRYPTION_DATA_UNIT_SIZE);
+
+#if defined( AES_ERR_CHK )
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+#else
+ return;
+#endif
+}
+
+
+void sha256_begin(sha256_ctx* ctx)
+{
+ wc_InitSha256(ctx);
+}
+
+void sha256_hash(const unsigned char * source, uint_32t sourceLen, sha256_ctx *ctx)
+{
+ wc_Sha256Update(ctx, source, sourceLen);
+}
+
+void sha256_end(unsigned char * result, sha256_ctx* ctx)
+{
+ wc_Sha256Final(ctx, result);
+}
+
+void sha256(unsigned char * result, const unsigned char* source, uint_32t sourceLen)
+{
+ wc_Sha256 sha256;
+ wc_InitSha256(&sha256);
+ wc_Sha256Update(&sha256, source, sourceLen);
+ wc_Sha256Final(&sha256, result);
+ wc_Sha256Free(&sha256);
+}
+
+void sha512_begin(sha512_ctx* ctx)
+{
+ wc_InitSha512(ctx);
+}
+
+void sha512_hash(const unsigned char * source, uint_64t sourceLen, sha512_ctx *ctx)
+{
+ wc_Sha512Update(ctx, source, sourceLen);
+}
+
+void sha512_end(unsigned char * result, sha512_ctx* ctx)
+{
+ wc_Sha512Final(ctx, result);
+}
+
+void sha512(unsigned char * result, const unsigned char* source, uint_64t sourceLen)
+{
+ wc_Sha512 sha512;
+ wc_InitSha512(&sha512);
+ wc_Sha512Update(&sha512, source, sourceLen);
+ wc_Sha512Final(&sha512, result);
+ wc_Sha512Free(&sha512);
+}
+
+void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) {
+ (void) iterations;
+ wc_HKDF(WC_SHA512, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen);
+}
+
+void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) {
+ (void) iterations;
+ wc_HKDF(WC_SHA256, (byte*)pwd, (word32)pwd_len, (byte*)salt, (word32)salt_len, NULL, 0, (byte*)dk, (word32)dklen);
+}
diff --git a/src/Crypto/wolfCrypt.md b/src/Crypto/wolfCrypt.md
new file mode 100644
index 00000000..32ccf242
--- /dev/null
+++ b/src/Crypto/wolfCrypt.md
@@ -0,0 +1,25 @@
+# wolfSSL as crypto provider for VeraCrypt
+
+[wolfCrypt](https://www.wolfssl.com/products/wolfcrypt/) is wolfSSL's cutting edge crypto engine and a
+potential FIPS solution for users of VeraCrypt. Follow the steps below to setup VeraCrypt with wolfCrypt.
+
+## Building wolfSSL
+
+Clone wolfSSL and build it as shown below.
+
+```
+git clone https://github.com/wolfssl/wolfssl && cd wolfssl
+./autogen.sh
+./configure --enable-xts CFLAGS="-DNO_OLD_WC_NAMES"
+make
+sudo make install
+```
+
+## Building VeraCrypt with wolfSSL
+
+Build VeraCrypt with the `WOLFCRYPT` command line option.
+
+```
+make WXSTATIC=1 wxbuild && make WXSTATIC=1 clean && make WXSTATIC=1 WOLFCRYPT=1 && make WXSTATIC=1 WOLFCRYPT=1 package
+```
+