VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Volume
diff options
context:
space:
mode:
Diffstat (limited to 'src/Volume')
-rw-r--r--src/Volume/Cipher.cpp116
-rw-r--r--src/Volume/Cipher.h70
-rw-r--r--src/Volume/Crc32.h6
-rw-r--r--src/Volume/EncryptionAlgorithm.cpp42
-rw-r--r--src/Volume/EncryptionAlgorithm.h13
-rw-r--r--src/Volume/EncryptionMode.cpp15
-rw-r--r--src/Volume/EncryptionMode.h16
-rw-r--r--src/Volume/EncryptionModeWolfCryptXTS.cpp119
-rw-r--r--src/Volume/EncryptionModeWolfCryptXTS.h54
-rw-r--r--src/Volume/EncryptionModeXTS.cpp40
-rw-r--r--src/Volume/EncryptionModeXTS.h16
-rw-r--r--src/Volume/EncryptionTest.cpp84
-rw-r--r--src/Volume/EncryptionTest.h10
-rw-r--r--src/Volume/EncryptionThreadPool.cpp4
-rw-r--r--src/Volume/EncryptionThreadPool.h4
-rw-r--r--src/Volume/Hash.cpp11
-rw-r--r--src/Volume/Hash.h4
-rw-r--r--src/Volume/Keyfile.cpp47
-rw-r--r--src/Volume/Keyfile.h4
-rw-r--r--src/Volume/Pkcs5Kdf.cpp37
-rw-r--r--src/Volume/Pkcs5Kdf.h40
-rw-r--r--src/Volume/Volume.cpp25
-rw-r--r--src/Volume/Volume.h21
-rw-r--r--src/Volume/Volume.make67
-rw-r--r--src/Volume/VolumeHeader.cpp78
-rw-r--r--src/Volume/VolumeHeader.h6
-rw-r--r--src/Volume/VolumeInfo.cpp6
-rw-r--r--src/Volume/VolumeInfo.h3
-rw-r--r--src/Volume/VolumeLayout.cpp51
-rw-r--r--src/Volume/VolumeLayout.h4
-rw-r--r--src/Volume/VolumePassword.cpp2
-rw-r--r--src/Volume/VolumePassword.h6
32 files changed, 718 insertions, 303 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 8c6ce390..de240544 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -49,7 +49,7 @@ namespace VeraCrypt
{
}
- void Cipher::DecryptBlock (byte *data) const
+ void Cipher::DecryptBlock (uint8 *data) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -57,7 +57,7 @@ namespace VeraCrypt
Decrypt (data);
}
- void Cipher::DecryptBlocks (byte *data, size_t blockCount) const
+ void Cipher::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -69,7 +69,7 @@ namespace VeraCrypt
}
}
- void Cipher::EncryptBlock (byte *data) const
+ void Cipher::EncryptBlock (uint8 *data) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -77,7 +77,7 @@ namespace VeraCrypt
Encrypt (data);
}
- void Cipher::EncryptBlocks (byte *data, size_t blockCount) const
+ void Cipher::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -94,11 +94,12 @@ namespace VeraCrypt
CipherList l;
l.push_back (shared_ptr <Cipher> (new CipherAES ()));
+ #ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
-
+ #endif
return l;
}
@@ -115,6 +116,37 @@ namespace VeraCrypt
Initialized = true;
}
+ #ifdef WOLFCRYPT_BACKEND
+ void Cipher::SetKeyXTS (const ConstBufferPtr &key)
+ {
+ if (key.Size() != GetKeySize ())
+ throw ParameterIncorrect (SRC_POS);
+
+ if (!Initialized)
+ ScheduledKey.Allocate (GetScheduledKeySize ());
+
+ SetCipherKeyXTS (key);
+ Key.CopyFrom (key);
+ Initialized = true;
+ }
+
+ void Cipher::EncryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if (!Initialized)
+ throw NotInitialized (SRC_POS);
+
+ EncryptXTS (data, length, startDataUnitNo);
+ }
+
+ void Cipher::DecryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if (!Initialized)
+ throw NotInitialized (SRC_POS);
+
+ DecryptXTS (data, length, startDataUnitNo);
+ }
+ #endif
+
#define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
#undef TC_EXCEPTION_NODECL
#define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
@@ -123,7 +155,7 @@ namespace VeraCrypt
// AES
- void CipherAES::Decrypt (byte *data) const
+ void CipherAES::Decrypt (uint8 *data) const
{
#ifdef TC_AES_HW_CPU
if (IsHwSupportAvailable())
@@ -133,7 +165,7 @@ namespace VeraCrypt
aes_decrypt (data, data, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx)));
}
- void CipherAES::DecryptBlocks (byte *data, size_t blockCount) const
+ void CipherAES::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -155,7 +187,7 @@ namespace VeraCrypt
Cipher::DecryptBlocks (data, blockCount);
}
- void CipherAES::Encrypt (byte *data) const
+ void CipherAES::Encrypt (uint8 *data) const
{
#ifdef TC_AES_HW_CPU
if (IsHwSupportAvailable())
@@ -165,7 +197,7 @@ namespace VeraCrypt
aes_encrypt (data, data, (aes_encrypt_ctx *) ScheduledKey.Ptr());
}
- void CipherAES::EncryptBlocks (byte *data, size_t blockCount) const
+ void CipherAES::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -186,6 +218,26 @@ namespace VeraCrypt
#endif
Cipher::EncryptBlocks (data, blockCount);
}
+ #ifdef WOLFCRYPT_BACKEND
+ void CipherAES::EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr());
+ }
+
+ void CipherAES::DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx)));
+ }
+
+ void CipherAES::SetCipherKeyXTS (const uint8 *key)
+ {
+ if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
+ throw CipherInitError (SRC_POS);
+
+ if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
+ throw CipherInitError (SRC_POS);
+ }
+ #endif
size_t CipherAES::GetScheduledKeySize () const
{
@@ -209,7 +261,7 @@ namespace VeraCrypt
#endif
}
- void CipherAES::SetCipherKey (const byte *key)
+ void CipherAES::SetCipherKey (const uint8 *key)
{
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS)
throw CipherInitError (SRC_POS);
@@ -218,13 +270,14 @@ namespace VeraCrypt
throw CipherInitError (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
// Serpent
- void CipherSerpent::Decrypt (byte *data) const
+ void CipherSerpent::Decrypt (uint8 *data) const
{
serpent_decrypt (data, data, ScheduledKey);
}
- void CipherSerpent::Encrypt (byte *data) const
+ void CipherSerpent::Encrypt (uint8 *data) const
{
serpent_encrypt (data, data, ScheduledKey);
}
@@ -234,12 +287,12 @@ namespace VeraCrypt
return 140*4;
}
- void CipherSerpent::SetCipherKey (const byte *key)
+ void CipherSerpent::SetCipherKey (const uint8 *key)
{
serpent_set_key (key, ScheduledKey);
}
- void CipherSerpent::EncryptBlocks (byte *data, size_t blockCount) const
+ void CipherSerpent::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -255,7 +308,7 @@ namespace VeraCrypt
Cipher::EncryptBlocks (data, blockCount);
}
- void CipherSerpent::DecryptBlocks (byte *data, size_t blockCount) const
+ void CipherSerpent::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -290,12 +343,12 @@ namespace VeraCrypt
// Twofish
- void CipherTwofish::Decrypt (byte *data) const
+ void CipherTwofish::Decrypt (uint8 *data) const
{
twofish_decrypt ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *)data, (unsigned int *)data);
}
- void CipherTwofish::Encrypt (byte *data) const
+ void CipherTwofish::Encrypt (uint8 *data) const
{
twofish_encrypt ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *)data, (unsigned int *)data);
}
@@ -305,12 +358,12 @@ namespace VeraCrypt
return TWOFISH_KS;
}
- void CipherTwofish::SetCipherKey (const byte *key)
+ void CipherTwofish::SetCipherKey (const uint8 *key)
{
twofish_set_key ((TwofishInstance *) ScheduledKey.Ptr(), (unsigned int *) key);
}
- void CipherTwofish::EncryptBlocks (byte *data, size_t blockCount) const
+ void CipherTwofish::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -322,7 +375,7 @@ namespace VeraCrypt
#endif
}
- void CipherTwofish::DecryptBlocks (byte *data, size_t blockCount) const
+ void CipherTwofish::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -344,12 +397,12 @@ namespace VeraCrypt
}
// Camellia
- void CipherCamellia::Decrypt (byte *data) const
+ void CipherCamellia::Decrypt (uint8 *data) const
{
camellia_decrypt (data, data, ScheduledKey.Ptr());
}
- void CipherCamellia::Encrypt (byte *data) const
+ void CipherCamellia::Encrypt (uint8 *data) const
{
camellia_encrypt (data, data, ScheduledKey.Ptr());
}
@@ -359,12 +412,12 @@ namespace VeraCrypt
return CAMELLIA_KS;
}
- void CipherCamellia::SetCipherKey (const byte *key)
+ void CipherCamellia::SetCipherKey (const uint8 *key)
{
camellia_set_key (key, ScheduledKey.Ptr());
}
- void CipherCamellia::EncryptBlocks (byte *data, size_t blockCount) const
+ void CipherCamellia::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -376,7 +429,7 @@ namespace VeraCrypt
#endif
}
- void CipherCamellia::DecryptBlocks (byte *data, size_t blockCount) const
+ void CipherCamellia::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -398,12 +451,12 @@ namespace VeraCrypt
}
// Kuznyechik
- void CipherKuznyechik::Decrypt (byte *data) const
+ void CipherKuznyechik::Decrypt (uint8 *data) const
{
kuznyechik_decrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr());
}
- void CipherKuznyechik::Encrypt (byte *data) const
+ void CipherKuznyechik::Encrypt (uint8 *data) const
{
kuznyechik_encrypt_block (data, data, (kuznyechik_kds *) ScheduledKey.Ptr());
}
@@ -413,11 +466,11 @@ namespace VeraCrypt
return KUZNYECHIK_KS;
}
- void CipherKuznyechik::SetCipherKey (const byte *key)
+ void CipherKuznyechik::SetCipherKey (const uint8 *key)
{
kuznyechik_set_key (key, (kuznyechik_kds *) ScheduledKey.Ptr());
}
- void CipherKuznyechik::EncryptBlocks (byte *data, size_t blockCount) const
+ void CipherKuznyechik::EncryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -433,7 +486,7 @@ namespace VeraCrypt
Cipher::EncryptBlocks (data, blockCount);
}
- void CipherKuznyechik::DecryptBlocks (byte *data, size_t blockCount) const
+ void CipherKuznyechik::DecryptBlocks (uint8 *data, size_t blockCount) const
{
if (!Initialized)
throw NotInitialized (SRC_POS);
@@ -465,5 +518,6 @@ namespace VeraCrypt
return false;
#endif
}
- bool Cipher::HwSupportEnabled = true;
+ #endif
+ bool Cipher::HwSupportEnabled = true;
}
diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h
index 31a519a5..c53cfbd9 100644
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@@ -26,11 +26,18 @@ namespace VeraCrypt
public:
virtual ~Cipher ();
- virtual void DecryptBlock (byte *data) const;
- virtual void DecryptBlocks (byte *data, size_t blockCount) const;
- static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
- virtual void EncryptBlock (byte *data) const;
- virtual void EncryptBlocks (byte *data, size_t blockCount) const;
+ virtual void DecryptBlock (uint8 *data) const;
+ virtual void DecryptBlocks (uint8 *data, size_t blockCount) const;
+ #ifndef WOLFCRYPT_BACKEND
+ static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; }
+ #else
+ static void EnableHwSupport (bool enable) { HwSupportEnabled = false; }
+ virtual void EncryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ virtual void DecryptBlockXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ virtual void SetKeyXTS (const ConstBufferPtr &key);
+ #endif
+ virtual void EncryptBlock (uint8 *data) const;
+ virtual void EncryptBlocks (uint8 *data, size_t blockCount) const;
static CipherList GetAvailableCiphers ();
virtual size_t GetBlockSize () const = 0;
virtual const SecureBuffer &GetKey () const { return Key; }
@@ -46,10 +53,15 @@ namespace VeraCrypt
protected:
Cipher ();
- virtual void Decrypt (byte *data) const = 0;
- virtual void Encrypt (byte *data) const = 0;
+ virtual void Decrypt (uint8 *data) const = 0;
+ virtual void Encrypt (uint8 *data) const = 0;
virtual size_t GetScheduledKeySize () const = 0;
- virtual void SetCipherKey (const byte *key) = 0;
+ virtual void SetCipherKey (const uint8 *key) = 0;
+ #ifdef WOLFCRYPT_BACKEND
+ virtual void DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const = 0;
+ virtual void EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const = 0;
+ virtual void SetCipherKeyXTS (const uint8 *key) = 0;
+ #endif
static bool HwSupportEnabled;
bool Initialized;
@@ -69,6 +81,7 @@ namespace VeraCrypt
CipherException (const string &message, const wstring &subject) : Exception (message, subject) { }
};
+#ifdef WOLFCRYPT_BACKEND
#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
class TC_JOIN (Cipher,NAME) : public Cipher \
@@ -84,19 +97,50 @@ namespace VeraCrypt
TC_CIPHER_ADD_METHODS \
\
protected: \
- virtual void Decrypt (byte *data) const; \
- virtual void Encrypt (byte *data) const; \
+ virtual void Decrypt (uint8 *data) const; \
+ virtual void Encrypt (uint8 *data) const; \
virtual size_t GetScheduledKeySize () const; \
- virtual void SetCipherKey (const byte *key); \
+ virtual void SetCipherKey (const uint8 *key); \
+ virtual void DecryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; \
+ virtual void SetCipherKeyXTS (const uint8 *key); \
+ virtual void EncryptXTS (uint8 *data, uint64 length, uint64 startDataUnitNo) const; \
\
private: \
TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
}
+#else
+
+#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \
+ class TC_JOIN (Cipher,NAME) : public Cipher \
+ { \
+ public: \
+ TC_JOIN (Cipher,NAME) () { } \
+ virtual ~TC_JOIN (Cipher,NAME) () { } \
+\
+ virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \
+ virtual size_t GetKeySize () const { return KEY_SIZE; }; \
+ virtual wstring GetName () const { return L###NAME; }; \
+ virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \
+ TC_CIPHER_ADD_METHODS \
+\
+ protected: \
+ virtual void Decrypt (uint8 *data) const; \
+ virtual void Encrypt (uint8 *data) const; \
+ virtual size_t GetScheduledKeySize () const; \
+ virtual void SetCipherKey (const uint8 *key); \
+\
+ private: \
+ TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \
+ TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \
+ }
+
+#endif
+
#define TC_CIPHER_ADD_METHODS \
- virtual void DecryptBlocks (byte *data, size_t blockCount) const; \
- virtual void EncryptBlocks (byte *data, size_t blockCount) const; \
+ virtual void DecryptBlocks (uint8 *data, size_t blockCount) const; \
+ virtual void EncryptBlocks (uint8 *data, size_t blockCount) const; \
virtual bool IsHwSupportAvailable () const;
TC_CIPHER (AES, 16, 32);
diff --git a/src/Volume/Crc32.h b/src/Volume/Crc32.h
index ced20457..ebe7aa83 100644
--- a/src/Volume/Crc32.h
+++ b/src/Volume/Crc32.h
@@ -26,14 +26,14 @@ namespace VeraCrypt
uint32 Get () const { return CrcValue ^ 0xffffFFFF; }
- uint32 Process (byte data)
+ uint32 Process (uint8 data)
{
- return CrcValue = crc_32_tab[(byte) (CrcValue ^ data)] ^ (CrcValue >> 8);
+ return CrcValue = crc_32_tab[(uint8) (CrcValue ^ data)] ^ (CrcValue >> 8);
}
static uint32 ProcessBuffer (const ConstBufferPtr &buffer)
{
- return ::GetCrc32 (const_cast<byte *> (buffer.Get()), static_cast<int> (buffer.Size()));
+ return ::GetCrc32 (const_cast<uint8 *> (buffer.Get()), static_cast<int> (buffer.Size()));
}
protected:
diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp
index 85d9be1c..4a325fe3 100644
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@@ -12,6 +12,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
namespace VeraCrypt
{
@@ -23,7 +26,7 @@ namespace VeraCrypt
{
}
- void EncryptionAlgorithm::Decrypt (byte *data, uint64 length) const
+ void EncryptionAlgorithm::Decrypt (uint8 *data, uint64 length) const
{
if_debug (ValidateState ());
Mode->Decrypt (data, length);
@@ -34,13 +37,13 @@ namespace VeraCrypt
Decrypt (data, data.Size());
}
- void EncryptionAlgorithm::DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionAlgorithm::DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
if_debug (ValidateState());
Mode->DecryptSectors (data, sectorIndex, sectorCount, sectorSize);
}
- void EncryptionAlgorithm::Encrypt (byte *data, uint64 length) const
+ void EncryptionAlgorithm::Encrypt (uint8 *data, uint64 length) const
{
if_debug (ValidateState());
Mode->Encrypt (data, length);
@@ -51,7 +54,7 @@ namespace VeraCrypt
Encrypt (data, data.Size());
}
- void EncryptionAlgorithm::EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionAlgorithm::EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
if_debug (ValidateState ());
Mode->EncryptSectors (data, sectorIndex, sectorCount, sectorSize);
@@ -62,6 +65,7 @@ namespace VeraCrypt
EncryptionAlgorithmList l;
l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -76,7 +80,7 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
+ #endif
return l;
}
@@ -215,7 +219,25 @@ namespace VeraCrypt
}
}
- void EncryptionAlgorithm::ValidateState () const
+ #ifdef WOLFCRYPT_BACKEND
+ void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key)
+ {
+ if (Ciphers.size() < 1)
+ throw NotInitialized (SRC_POS);
+
+ if (GetKeySize() != key.Size())
+ throw ParameterIncorrect (SRC_POS);
+
+ size_t keyOffset = 0;
+ foreach_ref (Cipher &c, Ciphers)
+ {
+ c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize()));
+ keyOffset += c.GetKeySize();
+ }
+ }
+ #endif
+
+ void EncryptionAlgorithm::ValidateState () const
{
if (Ciphers.size() < 1 || Mode.get() == nullptr)
throw NotInitialized (SRC_POS);
@@ -226,9 +248,14 @@ namespace VeraCrypt
{
Ciphers.push_back (shared_ptr <Cipher> (new CipherAES()));
+ #ifdef WOLFCRYPT_BACKEND
+ SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #else
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+ #endif
+ }
+#ifndef WOLFCRYPT_BACKEND
// AES-Twofish
AESTwofish::AESTwofish ()
{
@@ -353,4 +380,5 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
+#endif
}
diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h
index 56642146..e9f9b9ef 100644
--- a/src/Volume/EncryptionAlgorithm.h
+++ b/src/Volume/EncryptionAlgorithm.h
@@ -27,12 +27,12 @@ namespace VeraCrypt
public:
virtual ~EncryptionAlgorithm ();
- virtual void Decrypt (byte *data, uint64 length) const;
+ virtual void Decrypt (uint8 *data, uint64 length) const;
virtual void Decrypt (const BufferPtr &data) const;
- virtual void DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
- virtual void Encrypt (byte *data, uint64 length) const;
+ virtual void DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void Encrypt (uint8 *data, uint64 length) const;
virtual void Encrypt (const BufferPtr &data) const;
- virtual void EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
static EncryptionAlgorithmList GetAvailableAlgorithms ();
virtual const CipherList &GetCiphers () const { return Ciphers; }
virtual shared_ptr <EncryptionAlgorithm> GetNew () const = 0;
@@ -46,7 +46,10 @@ namespace VeraCrypt
virtual bool IsModeSupported (const EncryptionMode &mode) const;
virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const;
virtual void SetKey (const ConstBufferPtr &key);
- virtual void SetMode (shared_ptr <EncryptionMode> mode);
+ #ifdef WOLFCRYPT_BACKEND
+ virtual void SetKeyXTS (const ConstBufferPtr &key);
+ #endif
+ virtual void SetMode (shared_ptr <EncryptionMode> mode);
protected:
EncryptionAlgorithm ();
diff --git a/src/Volume/EncryptionMode.cpp b/src/Volume/EncryptionMode.cpp
index b7e5cc02..6a63efe5 100644
--- a/src/Volume/EncryptionMode.cpp
+++ b/src/Volume/EncryptionMode.cpp
@@ -12,6 +12,9 @@
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "EncryptionThreadPool.h"
namespace VeraCrypt
@@ -24,12 +27,12 @@ namespace VeraCrypt
{
}
- void EncryptionMode::DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionMode::DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
EncryptionThreadPool::DoWork (EncryptionThreadPool::WorkType::DecryptDataUnits, this, data, sectorIndex, sectorCount, sectorSize);
}
- void EncryptionMode::EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionMode::EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
EncryptionThreadPool::DoWork (EncryptionThreadPool::WorkType::EncryptDataUnits, this, data, sectorIndex, sectorCount, sectorSize);
}
@@ -38,7 +41,11 @@ namespace VeraCrypt
{
EncryptionModeList l;
+ #ifdef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #else
l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #endif
return l;
}
@@ -49,13 +56,13 @@ namespace VeraCrypt
throw NotInitialized (SRC_POS);
}
- void EncryptionMode::ValidateParameters (byte *data, uint64 length) const
+ void EncryptionMode::ValidateParameters (uint8 *data, uint64 length) const
{
if ((Ciphers.size() > 0 && (length % Ciphers.front()->GetBlockSize()) != 0))
throw ParameterIncorrect (SRC_POS);
}
- void EncryptionMode::ValidateParameters (byte *data, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionMode::ValidateParameters (uint8 *data, uint64 sectorCount, size_t sectorSize) const
{
if (sectorCount == 0 || sectorSize == 0 || (sectorSize % EncryptionDataUnitSize) != 0)
throw ParameterIncorrect (SRC_POS);
diff --git a/src/Volume/EncryptionMode.h b/src/Volume/EncryptionMode.h
index a629d6b7..0da28fa7 100644
--- a/src/Volume/EncryptionMode.h
+++ b/src/Volume/EncryptionMode.h
@@ -27,12 +27,12 @@ namespace VeraCrypt
public:
virtual ~EncryptionMode ();
- virtual void Decrypt (byte *data, uint64 length) const = 0;
- virtual void DecryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
- virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0;
- virtual void Encrypt (byte *data, uint64 length) const = 0;
- virtual void EncryptSectors (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
- virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0;
+ virtual void Decrypt (uint8 *data, uint64 length) const = 0;
+ virtual void DecryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0;
+ virtual void Encrypt (uint8 *data, uint64 length) const = 0;
+ virtual void EncryptSectors (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const = 0;
static EncryptionModeList GetAvailableModes ();
virtual const SecureBuffer &GetKey () const { throw NotApplicable (SRC_POS); }
virtual size_t GetKeySize () const = 0;
@@ -48,8 +48,8 @@ namespace VeraCrypt
EncryptionMode ();
virtual void ValidateState () const;
- void ValidateParameters (byte *data, uint64 length) const;
- virtual void ValidateParameters (byte *data, uint64 sectorCount, size_t sectorSize) const;
+ void ValidateParameters (uint8 *data, uint64 length) const;
+ virtual void ValidateParameters (uint8 *data, uint64 sectorCount, size_t sectorSize) const;
static const size_t EncryptionDataUnitSize = ENCRYPTION_DATA_UNIT_SIZE;
diff --git a/src/Volume/EncryptionModeWolfCryptXTS.cpp b/src/Volume/EncryptionModeWolfCryptXTS.cpp
new file mode 100644
index 00000000..878ad042
--- /dev/null
+++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp
@@ -0,0 +1,119 @@
+
+#include "Crypto/cpu.h"
+#include "Crypto/misc.h"
+#include "EncryptionModeWolfCryptXTS.h"
+#include "Common/Crypto.h"
+
+namespace VeraCrypt
+{
+ void EncryptionModeWolfCryptXTS::Encrypt (uint8 *data, uint64 length) const
+ {
+ EncryptBuffer (data, length, 0);
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if_debug (ValidateState());
+
+ CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin();
+
+ for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher)
+ {
+ EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
+ ++iSecondaryCipher;
+ }
+
+ assert (iSecondaryCipher == SecondaryCiphers.end());
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ {
+ cipher.EncryptBlockXTS(buffer, length, startDataUnitNo);
+ }
+
+ void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ {
+ EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
+ }
+
+ size_t EncryptionModeWolfCryptXTS::GetKeySize () const
+ {
+ if (Ciphers.empty())
+ throw NotInitialized (SRC_POS);
+
+ size_t keySize = 0;
+ foreach_ref (const Cipher &cipher, SecondaryCiphers)
+ {
+ keySize += cipher.GetKeySize();
+ }
+
+ return keySize;
+ }
+
+ void EncryptionModeWolfCryptXTS::Decrypt (uint8 *data, uint64 length) const
+ {
+ DecryptBuffer (data, length, 0);
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const
+ {
+ if_debug (ValidateState());
+
+ CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end();
+
+ for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher)
+ {
+ --iSecondaryCipher;
+ DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0);
+ }
+
+ assert (iSecondaryCipher == SecondaryCiphers.begin());
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ {
+ cipher.DecryptBlockXTS(buffer, length, startDataUnitNo);
+ }
+
+ void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ {
+ DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
+ }
+
+ void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers)
+ {
+ EncryptionMode::SetCiphers (ciphers);
+
+ SecondaryCiphers.clear();
+
+ foreach_ref (const Cipher &cipher, ciphers)
+ {
+ SecondaryCiphers.push_back (cipher.GetNew());
+ }
+
+ if (SecondaryKey.Size() > 0)
+ SetSecondaryCipherKeys();
+ }
+
+ void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key)
+ {
+ SecondaryKey.Allocate (key.Size());
+ SecondaryKey.CopyFrom (key);
+
+ if (!SecondaryCiphers.empty())
+ SetSecondaryCipherKeys();
+
+ }
+
+ void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys ()
+ {
+ size_t keyOffset = 0;
+ foreach_ref (Cipher &cipher, SecondaryCiphers)
+ {
+ cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
+ keyOffset += cipher.GetKeySize();
+ }
+
+ KeySet = true;
+ }
+}
diff --git a/src/Volume/EncryptionModeWolfCryptXTS.h b/src/Volume/EncryptionModeWolfCryptXTS.h
new file mode 100644
index 00000000..c9f2d59f
--- /dev/null
+++ b/src/Volume/EncryptionModeWolfCryptXTS.h
@@ -0,0 +1,54 @@
+/*
+ Derived from source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
+ by the TrueCrypt License 3.0.
+
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages.
+*/
+
+#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS
+#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS
+
+#include "Platform/Platform.h"
+#include "EncryptionMode.h"
+
+namespace VeraCrypt
+{
+ class EncryptionModeWolfCryptXTS : public EncryptionMode
+ {
+ public:
+ EncryptionModeWolfCryptXTS () { }
+ virtual ~EncryptionModeWolfCryptXTS () { }
+
+ virtual void Decrypt (uint8 *data, uint64 length) const;
+ virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void Encrypt (uint8 *data, uint64 length) const;
+ virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual const SecureBuffer &GetKey () const { return SecondaryKey; }
+ virtual size_t GetKeySize () const;
+ virtual wstring GetName () const { return L"XTS"; };
+ virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); }
+ virtual void SetCiphers (const CipherList &ciphers);
+ virtual void SetKey (const ConstBufferPtr &key);
+
+ protected:
+ void DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void SetSecondaryCipherKeys ();
+
+ SecureBuffer SecondaryKey;
+ CipherList SecondaryCiphers;
+
+ private:
+ EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &);
+ EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &);
+ };
+}
+
+#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS
diff --git a/src/Volume/EncryptionModeXTS.cpp b/src/Volume/EncryptionModeXTS.cpp
index 66f0ff62..001bfcf8 100644
--- a/src/Volume/EncryptionModeXTS.cpp
+++ b/src/Volume/EncryptionModeXTS.cpp
@@ -47,12 +47,12 @@
namespace VeraCrypt
{
- void EncryptionModeXTS::Encrypt (byte *data, uint64 length) const
+ void EncryptionModeXTS::Encrypt (uint8 *data, uint64 length) const
{
EncryptBuffer (data, length, 0);
}
- void EncryptionModeXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
+ void EncryptionModeXTS::EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const
{
if_debug (ValidateState());
@@ -67,12 +67,12 @@ namespace VeraCrypt
assert (iSecondaryCipher == SecondaryCiphers.end());
}
- void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
- byte finalCarry;
- byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
- byte whiteningValue [BYTES_PER_XTS_BLOCK];
- byte byteBufUnitNo [BYTES_PER_XTS_BLOCK];
+ uint8 finalCarry;
+ uint8 whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
+ uint8 whiteningValue [BYTES_PER_XTS_BLOCK];
+ uint8 byteBufUnitNo [BYTES_PER_XTS_BLOCK];
uint64 *whiteningValuesPtr64 = (uint64 *) whiteningValues;
uint64 *whiteningValuePtr64 = (uint64 *) whiteningValue;
uint64 *bufPtr = (uint64 *) buffer;
@@ -182,7 +182,7 @@ namespace VeraCrypt
}
#endif
// Actual encryption
- cipher.EncryptBlocks ((byte *) dataUnitBufPtr, countBlock);
+ cipher.EncryptBlocks ((uint8 *) dataUnitBufPtr, countBlock);
bufPtr = dataUnitBufPtr;
whiteningValuesPtr64 = (uint64 *) whiteningValues;
@@ -207,7 +207,7 @@ namespace VeraCrypt
FAST_ERASE64 (whiteningValues, sizeof (whiteningValues));
}
- void EncryptionModeXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionModeXTS::EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
}
@@ -226,12 +226,12 @@ namespace VeraCrypt
return keySize;
}
- void EncryptionModeXTS::Decrypt (byte *data, uint64 length) const
+ void EncryptionModeXTS::Decrypt (uint8 *data, uint64 length) const
{
DecryptBuffer (data, length, 0);
}
- void EncryptionModeXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const
+ void EncryptionModeXTS::DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const
{
if_debug (ValidateState());
@@ -246,12 +246,12 @@ namespace VeraCrypt
assert (iSecondaryCipher == SecondaryCiphers.begin());
}
- void EncryptionModeXTS::DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
+ void EncryptionModeXTS::DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const
{
- byte finalCarry;
- byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
- byte whiteningValue [BYTES_PER_XTS_BLOCK];
- byte byteBufUnitNo [BYTES_PER_XTS_BLOCK];
+ uint8 finalCarry;
+ uint8 whiteningValues [ENCRYPTION_DATA_UNIT_SIZE];
+ uint8 whiteningValue [BYTES_PER_XTS_BLOCK];
+ uint8 byteBufUnitNo [BYTES_PER_XTS_BLOCK];
uint64 *whiteningValuesPtr64 = (uint64 *) whiteningValues;
uint64 *whiteningValuePtr64 = (uint64 *) whiteningValue;
uint64 *bufPtr = (uint64 *) buffer;
@@ -352,7 +352,7 @@ namespace VeraCrypt
*bufPtr++ ^= *whiteningValuesPtr64++;
}
#endif
- cipher.DecryptBlocks ((byte *) dataUnitBufPtr, countBlock);
+ cipher.DecryptBlocks ((uint8 *) dataUnitBufPtr, countBlock);
bufPtr = dataUnitBufPtr;
whiteningValuesPtr64 = (uint64 *) whiteningValues;
@@ -374,9 +374,9 @@ namespace VeraCrypt
FAST_ERASE64 (whiteningValue, sizeof (whiteningValue));
FAST_ERASE64 (whiteningValues, sizeof (whiteningValues));
- }
+ }
- void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
+ void EncryptionModeXTS::DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const
{
DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE);
}
@@ -411,7 +411,7 @@ namespace VeraCrypt
foreach_ref (Cipher &cipher, SecondaryCiphers)
{
cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize()));
- keyOffset += cipher.GetKeySize();
+ keyOffset += cipher.GetKeySize();
}
KeySet = true;
diff --git a/src/Volume/EncryptionModeXTS.h b/src/Volume/EncryptionModeXTS.h
index 6f674073..cbed0d33 100644
--- a/src/Volume/EncryptionModeXTS.h
+++ b/src/Volume/EncryptionModeXTS.h
@@ -24,10 +24,10 @@ namespace VeraCrypt
EncryptionModeXTS () { }
virtual ~EncryptionModeXTS () { }
- virtual void Decrypt (byte *data, uint64 length) const;
- virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
- virtual void Encrypt (byte *data, uint64 length) const;
- virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void Decrypt (uint8 *data, uint64 length) const;
+ virtual void DecryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
+ virtual void Encrypt (uint8 *data, uint64 length) const;
+ virtual void EncryptSectorsCurrentThread (uint8 *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const;
virtual const SecureBuffer &GetKey () const { return SecondaryKey; }
virtual size_t GetKeySize () const;
virtual wstring GetName () const { return L"XTS"; };
@@ -36,10 +36,10 @@ namespace VeraCrypt
virtual void SetKey (const ConstBufferPtr &key);
protected:
- void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
- void DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
- void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const;
- void EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void DecryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ void DecryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
+ void EncryptBuffer (uint8 *data, uint64 length, uint64 startDataUnitNo) const;
+ void EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, uint8 *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const;
void SetSecondaryCipherKeys ();
SecureBuffer SecondaryKey;
diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp
index 5c251bd5..9009be66 100644
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@@ -16,6 +16,9 @@
#include "EncryptionAlgorithm.h"
#include "EncryptionMode.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "EncryptionTest.h"
#include "Pkcs5Kdf.h"
@@ -43,9 +46,9 @@ namespace VeraCrypt
struct CipherTestVector
{
- byte Key[32];
- byte Plaintext[16];
- byte Ciphertext[16];
+ uint8 Key[32];
+ uint8 Plaintext[16];
+ uint8 Ciphertext[16];
};
static const CipherTestVector AESTestVectors[] =
@@ -64,6 +67,7 @@ namespace VeraCrypt
}
};
+ #ifndef WOLFCRYPT_BACKEND
static const CipherTestVector SerpentTestVectors[] =
{
{
@@ -151,6 +155,7 @@ namespace VeraCrypt
}
}
};
+ #endif
static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount)
{
@@ -174,7 +179,7 @@ namespace VeraCrypt
Buffer testData (1024);
for (size_t i = 0; i < testData.Size(); ++i)
{
- testData[i] = (byte) i;
+ testData[i] = (uint8) i;
}
uint32 origCrc = Crc32::ProcessBuffer (testData);
@@ -190,6 +195,7 @@ namespace VeraCrypt
if (origCrc != Crc32::ProcessBuffer (testData))
throw TestFailed (SRC_POS);
+ #ifndef WOLFCRYPT_BACKEND
CipherSerpent serpent;
TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors));
@@ -201,6 +207,7 @@ namespace VeraCrypt
CipherKuznyechik kuznyechik;
TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
+ #endif
}
const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] =
@@ -437,9 +444,16 @@ namespace VeraCrypt
for (i = 0; i < array_capacity (XtsTestVectors); i++)
{
AES aes;
- shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
-
- aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS);
+ #else
+ shared_ptr <EncryptionMode> xts (new EncryptionModeXTS);
+ #endif
+
+ aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1)));
+ #ifdef WOLFCRYPT_BACKEND
+ aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
+ #endif
xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2)));
aes.SetMode (xts);
@@ -471,7 +485,7 @@ namespace VeraCrypt
int testCase = 0;
int nTestsPerformed = 0;
- static const byte testKey[] =
+ static const uint8 testKey[] =
{
0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, 0x62, 0x49, 0x77, 0x57, 0x24, 0x70, 0x93, 0x69, 0x99, 0x59, 0x57, 0x49, 0x66, 0x96, 0x76, 0x27,
0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92,
@@ -494,7 +508,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
- shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
+ #else
+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #endif
if (!ea.IsModeSupported (mode))
continue;
@@ -503,13 +521,16 @@ namespace VeraCrypt
Buffer modeKey (ea.GetKeySize());
for (size_t mi = 0; mi < modeKey.Size(); mi++)
- modeKey[mi] = (byte) mi;
+ modeKey[mi] = (uint8) mi;
modeKey.CopyFrom (ConstBufferPtr (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2, sizeof (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2)));
mode->SetKey (modeKey);
ea.SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ ea.SetKeyXTS (modeKey);
+ #endif
- // Each data unit will contain the same plaintext
+ // Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
{
memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE,
@@ -556,6 +577,7 @@ namespace VeraCrypt
break;
}
}
+ #ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
switch (testCase)
@@ -920,7 +942,7 @@ namespace VeraCrypt
break;
}
}
-
+ #endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -941,7 +963,11 @@ namespace VeraCrypt
// Test all EAs that support this mode of operation
foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms())
{
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS);
+ #else
shared_ptr <EncryptionMode> mode (new EncryptionModeXTS);
+ #endif
if (!ea.IsModeSupported (mode))
continue;
@@ -950,11 +976,14 @@ namespace VeraCrypt
Buffer modeKey (ea.GetKeySize());
for (size_t mi = 0; mi < modeKey.Size(); mi++)
- modeKey[mi] = (byte) mi;
+ modeKey[mi] = (uint8) mi;
modeKey.CopyFrom (ConstBufferPtr (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2, sizeof (XtsTestVectors[array_capacity (XtsTestVectors)-1].key2)));
mode->SetKey (modeKey);
ea.SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ ea.SetKeyXTS (modeKey);
+ #endif
// Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)
@@ -974,6 +1003,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
+ #ifndef WOLFCRYPT_BACKEND
else if (typeid (ea) == typeid (Serpent))
{
if (crc != 0x3494d480)
@@ -1058,6 +1088,7 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
+ #endif
if (crc == 0x9f5edd58)
throw TestFailed (SRC_POS);
@@ -1069,29 +1100,33 @@ namespace VeraCrypt
nTestsPerformed++;
}
-
+ #ifndef WOLFCRYPT_BACKEND
if (nTestsPerformed != 150)
+ #else
+ if (nTestsPerformed != 10)
+ #endif
throw TestFailed (SRC_POS);
}
void EncryptionTest::TestPkcs5 ()
{
- VolumePassword password ((byte*) "password", 8);
- static const byte saltData[] = { 0x12, 0x34, 0x56, 0x78 };
+ VolumePassword password ((uint8*) "password", 8);
+ static const uint8 saltData[] = { 0x12, 0x34, 0x56, 0x78 };
ConstBufferPtr salt (saltData, sizeof (saltData));
Buffer derivedKey (4);
+ #ifndef WOLFCRYPT_BACKEND
Pkcs5HmacBlake2s pkcs5HmacBlake2s;
pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
throw TestFailed (SRC_POS);
- Pkcs5HmacSha512 pkcs5HmacSha512(false);
+ Pkcs5HmacSha512 pkcs5HmacSha512;
pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x13\x64\xae\xf8", 4) != 0)
throw TestFailed (SRC_POS);
- Pkcs5HmacWhirlpool pkcs5HmacWhirlpool(false);
+ Pkcs5HmacWhirlpool pkcs5HmacWhirlpool;
pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x50\x7c\x36\x6f", 4) != 0)
throw TestFailed (SRC_POS);
@@ -1105,5 +1140,16 @@ namespace VeraCrypt
pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
throw TestFailed (SRC_POS);
- }
+ #else
+ Pkcs5HmacSha256 pkcs5HmacSha256;
+ pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0)
+ throw TestFailed (SRC_POS);
+
+ Pkcs5HmacSha512 pkcs5HmacSha512;
+ pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0)
+ throw TestFailed (SRC_POS);
+ #endif
+ }
}
diff --git a/src/Volume/EncryptionTest.h b/src/Volume/EncryptionTest.h
index 17e14fd7..fae07cb2 100644
--- a/src/Volume/EncryptionTest.h
+++ b/src/Volume/EncryptionTest.h
@@ -33,12 +33,12 @@ namespace VeraCrypt
struct XtsTestVector
{
- byte key1[32];
- byte key2[32];
- byte dataUnitNo[8];
+ uint8 key1[32];
+ uint8 key2[32];
+ uint8 dataUnitNo[8];
unsigned int blockNo;
- byte plaintext[ENCRYPTION_DATA_UNIT_SIZE];
- byte ciphertext[ENCRYPTION_DATA_UNIT_SIZE];
+ uint8 plaintext[ENCRYPTION_DATA_UNIT_SIZE];
+ uint8 ciphertext[ENCRYPTION_DATA_UNIT_SIZE];
};
static const XtsTestVector XtsTestVectors[];
diff --git a/src/Volume/EncryptionThreadPool.cpp b/src/Volume/EncryptionThreadPool.cpp
index 7c86bf49..36f8a622 100644
--- a/src/Volume/EncryptionThreadPool.cpp
+++ b/src/Volume/EncryptionThreadPool.cpp
@@ -26,13 +26,13 @@
namespace VeraCrypt
{
- void EncryptionThreadPool::DoWork (WorkType::Enum type, const EncryptionMode *encryptionMode, byte *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize)
+ void EncryptionThreadPool::DoWork (WorkType::Enum type, const EncryptionMode *encryptionMode, uint8 *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize)
{
size_t fragmentCount;
size_t unitsPerFragment;
size_t remainder;
- byte *fragmentData;
+ uint8 *fragmentData;
uint64 fragmentStartUnitNo;
WorkItem *workItem;
diff --git a/src/Volume/EncryptionThreadPool.h b/src/Volume/EncryptionThreadPool.h
index baf31e23..a78aee75 100644
--- a/src/Volume/EncryptionThreadPool.h
+++ b/src/Volume/EncryptionThreadPool.h
@@ -55,7 +55,7 @@ namespace VeraCrypt
struct
{
const EncryptionMode *Mode;
- byte *Data;
+ uint8 *Data;
uint64 StartUnitNo;
uint64 UnitCount;
size_t SectorSize;
@@ -63,7 +63,7 @@ namespace VeraCrypt
};
};
- static void DoWork (WorkType::Enum type, const EncryptionMode *mode, byte *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize);
+ static void DoWork (WorkType::Enum type, const EncryptionMode *mode, uint8 *data, uint64 startUnitNo, uint64 unitCount, size_t sectorSize);
static bool IsRunning () { return ThreadPoolRunning; }
static void Start ();
static void Stop ();
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index aad900c1..d2e3e649 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -24,11 +24,12 @@ namespace VeraCrypt
HashList l;
l.push_back (shared_ptr <Hash> (new Sha512 ()));
- l.push_back (shared_ptr <Hash> (new Whirlpool ()));
- l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Sha256 ()));
+ #ifndef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <Hash> (new Blake2s ()));
+ l.push_back (shared_ptr <Hash> (new Whirlpool ()));
l.push_back (shared_ptr <Hash> (new Streebog ()));
-
+ #endif
return l;
}
@@ -44,6 +45,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
// RIPEMD-160
Blake2s::Blake2s ()
{
@@ -67,6 +69,7 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
}
+ #endif
// SHA-256
Sha256::Sha256 ()
@@ -116,6 +119,7 @@ namespace VeraCrypt
sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr());
}
+ #ifndef WOLFCRYPT_BACKEND
// Whirlpool
Whirlpool::Whirlpool ()
{
@@ -163,4 +167,5 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
}
+ #endif
}
diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h
index 0e464b37..5720eb50 100644
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@@ -48,6 +48,7 @@ namespace VeraCrypt
Hash &operator= (const Hash &);
};
+ #ifndef WOLFCRYPT_BACKEND
// Blake2s
class Blake2s : public Hash
{
@@ -70,6 +71,7 @@ namespace VeraCrypt
Blake2s (const Blake2s &);
Blake2s &operator= (const Blake2s &);
};
+ #endif
// SHA-256
class Sha256 : public Hash
@@ -117,6 +119,7 @@ namespace VeraCrypt
Sha512 &operator= (const Sha512 &);
};
+ #ifndef WOLFCRYPT_BACKEND
// Whirlpool
class Whirlpool : public Hash
{
@@ -162,6 +165,7 @@ namespace VeraCrypt
Streebog (const Streebog &);
Streebog &operator= (const Streebog &);
};
+ #endif
}
#endif // TC_HEADER_Encryption_Hash
diff --git a/src/Volume/Keyfile.cpp b/src/Volume/Keyfile.cpp
index d171458c..e756cdf1 100644
--- a/src/Volume/Keyfile.cpp
+++ b/src/Volume/Keyfile.cpp
@@ -12,13 +12,13 @@
#include "Platform/Serializer.h"
#include "Common/SecurityToken.h"
+#include "Common/EMVToken.h"
#include "Crc32.h"
#include "Keyfile.h"
#include "VolumeException.h"
-
namespace VeraCrypt
{
- void Keyfile::Apply (const BufferPtr &pool) const
+ void Keyfile::Apply (const BufferPtr &pool, bool emvSupportEnabled) const
{
if (Path.IsDirectory())
throw ParameterIncorrect (SRC_POS);
@@ -32,23 +32,23 @@ namespace VeraCrypt
SecureBuffer keyfileBuf (File::GetOptimalReadSize());
- if (SecurityToken::IsKeyfilePathValid (Path))
+ if (Token::IsKeyfilePathValid (Path, emvSupportEnabled))
{
// Apply keyfile generated by a security token
- vector <byte> keyfileData;
- SecurityToken::GetKeyfileData (SecurityTokenKeyfile (wstring (Path)), keyfileData);
+ vector <uint8> keyfileData;
+ Token::getTokenKeyfile(wstring(Path))->GetKeyfileData(keyfileData);
if (keyfileData.size() < MinProcessedLength)
- throw InsufficientData (SRC_POS, Path);
+ throw InsufficientData(SRC_POS, Path);
for (size_t i = 0; i < keyfileData.size(); i++)
{
- uint32 crc = crc32.Process (keyfileData[i]);
+ uint32 crc = crc32.Process(keyfileData[i]);
- pool[poolPos++] += (byte) (crc >> 24);
- pool[poolPos++] += (byte) (crc >> 16);
- pool[poolPos++] += (byte) (crc >> 8);
- pool[poolPos++] += (byte) crc;
+ pool[poolPos++] += (uint8)(crc >> 24);
+ pool[poolPos++] += (uint8)(crc >> 16);
+ pool[poolPos++] += (uint8)(crc >> 8);
+ pool[poolPos++] += (uint8) crc;
if (poolPos >= pool.Size())
poolPos = 0;
@@ -57,8 +57,9 @@ namespace VeraCrypt
break;
}
- burn (&keyfileData.front(), keyfileData.size());
- goto done;
+
+ burn(&keyfileData.front(), keyfileData.size());
+ goto done;
}
file.Open (Path, File::OpenRead, File::ShareRead);
@@ -67,26 +68,24 @@ namespace VeraCrypt
{
for (size_t i = 0; i < readLength; i++)
{
- uint32 crc = crc32.Process (keyfileBuf[i]);
-
- pool[poolPos++] += (byte) (crc >> 24);
- pool[poolPos++] += (byte) (crc >> 16);
- pool[poolPos++] += (byte) (crc >> 8);
- pool[poolPos++] += (byte) crc;
-
+ uint32 crc = crc32.Process(keyfileBuf[i]);
+ pool[poolPos++] += (uint8)(crc >> 24);
+ pool[poolPos++] += (uint8)(crc >> 16);
+ pool[poolPos++] += (uint8)(crc >> 8);
+ pool[poolPos++] += (uint8) crc;
if (poolPos >= pool.Size())
poolPos = 0;
-
if (++totalLength >= MaxProcessedLength)
goto done;
}
}
-done:
+ done:
+
if (totalLength < MinProcessedLength)
throw InsufficientData (SRC_POS, Path);
}
- shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password)
+ shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool emvSupportEnabled)
{
if (!password)
password.reset (new VolumePassword);
@@ -143,7 +142,7 @@ done:
// Apply all keyfiles
foreach_ref (const Keyfile &k, keyfilesExp)
{
- k.Apply (keyfilePool);
+ k.Apply (keyfilePool, emvSupportEnabled);
}
newPassword->Set (keyfilePool);
diff --git a/src/Volume/Keyfile.h b/src/Volume/Keyfile.h
index 04674178..1d87a983 100644
--- a/src/Volume/Keyfile.h
+++ b/src/Volume/Keyfile.h
@@ -29,7 +29,7 @@ namespace VeraCrypt
virtual ~Keyfile () { };
operator FilesystemPath () const { return Path; }
- static shared_ptr <VolumePassword> ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password);
+ static shared_ptr <VolumePassword> ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool emvSupportEnabled = false);
static shared_ptr <KeyfileList> DeserializeList (shared_ptr <Stream> stream, const string &name);
static void SerializeList (shared_ptr <Stream> stream, const string &name, shared_ptr <KeyfileList> keyfiles);
static bool WasHiddenFilePresentInKeyfilePath() { bool r = HiddenFileWasPresentInKeyfilePath; HiddenFileWasPresentInKeyfilePath = false; return r; }
@@ -38,7 +38,7 @@ namespace VeraCrypt
static const size_t MaxProcessedLength = 1024 * 1024;
protected:
- void Apply (const BufferPtr &pool) const;
+ void Apply (const BufferPtr &pool, bool emvSupportEnabled) const;
static bool HiddenFileWasPresentInKeyfilePath;
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index fee057a8..820f1121 100644
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -16,7 +16,7 @@
namespace VeraCrypt
{
- Pkcs5Kdf::Pkcs5Kdf (bool truecryptMode) : m_truecryptMode(truecryptMode)
+ Pkcs5Kdf::Pkcs5Kdf ()
{
}
@@ -29,9 +29,9 @@ namespace VeraCrypt
DeriveKey (key, password, salt, GetIterationCount(pim));
}
- shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode)
+ shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name)
{
- foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms(truecryptMode))
+ foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms())
{
if (kdf->GetName() == name)
return kdf;
@@ -39,9 +39,9 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
- shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const Hash &hash, bool truecryptMode)
+ shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const Hash &hash)
{
- foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms(truecryptMode))
+ foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms())
{
if (typeid (*kdf->GetHash()) == typeid (hash))
return kdf;
@@ -50,24 +50,17 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
- Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms (bool truecryptMode)
+ Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms ()
{
Pkcs5KdfList l;
- if (truecryptMode)
- {
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (true)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (true)));
- }
- else
- {
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
- }
-
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
+ #ifndef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
+ #endif
return l;
}
@@ -77,6 +70,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
+ #ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -88,6 +82,7 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #endif
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
@@ -107,6 +102,7 @@ namespace VeraCrypt
derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #ifndef WOLFCRYPT_BACKEND
void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
@@ -124,4 +120,5 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+ #endif
}
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index 25ad76e8..fc83eb06 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -29,20 +29,17 @@ namespace VeraCrypt
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0;
- static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name, bool truecryptMode);
- static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash, bool truecryptMode);
- static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode);
+ static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name);
+ static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash);
+ static Pkcs5KdfList GetAvailableAlgorithms ();
virtual shared_ptr <Hash> GetHash () const = 0;
virtual int GetIterationCount (int pim) const = 0;
virtual wstring GetName () const = 0;
virtual Pkcs5Kdf* Clone () const = 0;
virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); }
- bool GetTrueCryptMode () const { return m_truecryptMode;}
- void SetTrueCryptMode (bool truecryptMode) { m_truecryptMode = truecryptMode;}
protected:
- bool m_truecryptMode;
- Pkcs5Kdf (bool truecryptMode);
+ Pkcs5Kdf ();
void ValidateParameters (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -51,10 +48,11 @@ namespace VeraCrypt
Pkcs5Kdf &operator= (const Pkcs5Kdf &);
};
+ #ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
{
public:
- Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf(false) { }
+ Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacBlake2s_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -71,7 +69,7 @@ namespace VeraCrypt
class Pkcs5HmacBlake2s : public Pkcs5Kdf
{
public:
- Pkcs5HmacBlake2s () : Pkcs5Kdf(false) { }
+ Pkcs5HmacBlake2s () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacBlake2s () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -84,11 +82,12 @@ namespace VeraCrypt
Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
};
+ #endif
class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
{
public:
- Pkcs5HmacSha256_Boot () : Pkcs5Kdf(false) { }
+ Pkcs5HmacSha256_Boot () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacSha256_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -105,7 +104,7 @@ namespace VeraCrypt
class Pkcs5HmacSha256 : public Pkcs5Kdf
{
public:
- Pkcs5HmacSha256 () : Pkcs5Kdf(false) { }
+ Pkcs5HmacSha256 () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacSha256 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -122,31 +121,31 @@ namespace VeraCrypt
class Pkcs5HmacSha512 : public Pkcs5Kdf
{
public:
- Pkcs5HmacSha512 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { }
+ Pkcs5HmacSha512 () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacSha512 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); }
- virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
+ virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
virtual wstring GetName () const { return L"HMAC-SHA-512"; }
- virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(); }
private:
Pkcs5HmacSha512 (const Pkcs5HmacSha512 &);
Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &);
};
-
+ #ifndef WOLFCRYPT_BACKEND
class Pkcs5HmacWhirlpool : public Pkcs5Kdf
{
public:
- Pkcs5HmacWhirlpool (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { }
+ Pkcs5HmacWhirlpool () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacWhirlpool () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); }
- virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
+ virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
virtual wstring GetName () const { return L"HMAC-Whirlpool"; }
- virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(); }
private:
Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &);
@@ -156,7 +155,7 @@ namespace VeraCrypt
class Pkcs5HmacStreebog : public Pkcs5Kdf
{
public:
- Pkcs5HmacStreebog () : Pkcs5Kdf(false) { }
+ Pkcs5HmacStreebog () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacStreebog () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -173,7 +172,7 @@ namespace VeraCrypt
class Pkcs5HmacStreebog_Boot : public Pkcs5Kdf
{
public:
- Pkcs5HmacStreebog_Boot () : Pkcs5Kdf(false) { }
+ Pkcs5HmacStreebog_Boot () : Pkcs5Kdf() { }
virtual ~Pkcs5HmacStreebog_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
@@ -186,6 +185,7 @@ namespace VeraCrypt
Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &);
Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &);
};
+ #endif
}
#endif // TC_HEADER_Encryption_Pkcs5
diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp
index c4a21b3e..524f2395 100644
--- a/src/Volume/Volume.cpp
+++ b/src/Volume/Volume.cpp
@@ -30,7 +30,6 @@ namespace VeraCrypt
TopWriteOffset (0),
TotalDataRead (0),
TotalDataWritten (0),
- TrueCryptMode (false),
Pim (0),
EncryptionNotCompleted (false)
{
@@ -71,7 +70,7 @@ namespace VeraCrypt
return EA->GetMode();
}
- void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
make_shared_auto (File, file);
@@ -102,18 +101,14 @@ namespace VeraCrypt
throw;
}
- return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+ return Open (file, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
}
- void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
if (!volumeFile)
throw ParameterIncorrect (SRC_POS);
- // TrueCrypt doesn't support SHA-256 and Streebog
- if (kdf && truecryptMode && (kdf->GetName() == L"HMAC-SHA-256" || kdf->GetName() == L"HMAC-Streebog"))
- throw UnsupportedAlgoInTrueCryptMode (SRC_POS);
-
Protection = protection;
VolumeFile = volumeFile;
SystemEncryption = partitionInSystemEncryptionScope;
@@ -121,7 +116,7 @@ namespace VeraCrypt
try
{
VolumeHostSize = VolumeFile->Length();
- shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password);
+ shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled);
bool skipLayoutV1Normal = false;
@@ -190,11 +185,11 @@ namespace VeraCrypt
shared_ptr <VolumeHeader> header = layout->GetHeader();
- if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
+ if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes))
{
// Header decrypted
- if (!truecryptMode && typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b)
+ if (typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b)
{
// VolumeLayoutV1Normal has been opened as VolumeLayoutV2Normal
layout.reset (new VolumeLayoutV1Normal);
@@ -202,7 +197,6 @@ namespace VeraCrypt
layout->SetHeader (header);
}
- TrueCryptMode = truecryptMode;
Pim = pim;
Type = layout->GetType();
SectorSize = header->GetSectorSize();
@@ -248,7 +242,8 @@ namespace VeraCrypt
Volume protectedVolume;
protectedVolume.Open (VolumeFile,
- protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles,
+ protectionPassword, protectionPim, protectionKdf, protectionKeyfiles,
+ emvSupportEnabled,
VolumeProtection::ReadOnly,
shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
VolumeType::Hidden,
@@ -286,8 +281,8 @@ namespace VeraCrypt
Buffer mbr (VolumeFile->GetDeviceSectorSize());
driveDevice.ReadAt (mbr, 0);
- // Search for the string "VeraCrypt" or "TrueCrypt"
- const char* bootSignature = truecryptMode? "TrueCrypt" : TC_APP_NAME;
+ // Search for the string "VeraCrypt"
+ const char* bootSignature = TC_APP_NAME;
size_t nameLen = strlen (bootSignature);
for (size_t i = 0; i < mbr.Size() - nameLen; ++i)
{
diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h
index a743a161..4b91e435 100644
--- a/src/Volume/Volume.h
+++ b/src/Volume/Volume.h
@@ -52,20 +52,6 @@ namespace VeraCrypt
return Data.substr (pos + 1);
}
}
-
- bool HasTrueCryptExtension () const
- {
- wstring sExt = GetExtension ();
- if ((sExt.size () == 2)
- && (sExt[0] == L't' || sExt[0] == L'T')
- && (sExt[1] == L'c' || sExt[1] == L'C')
- )
- {
- return true;
- }
- else
- return false;
- }
protected:
wstring Data;
@@ -118,17 +104,17 @@ namespace VeraCrypt
uint64 GetTotalDataRead () const { return TotalDataRead; }
uint64 GetTotalDataWritten () const { return TotalDataWritten; }
VolumeType::Enum GetType () const { return Type; }
- bool GetTrueCryptMode() const { return TrueCryptMode; }
int GetPim() const { return Pim;}
uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); }
bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; }
bool IsInSystemEncryptionScope () const { return SystemEncryption; }
- void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
- void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
void ReadSectors (const BufferPtr &buffer, uint64 byteOffset);
void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; }
+ bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); }
protected:
void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength);
@@ -152,7 +138,6 @@ namespace VeraCrypt
uint64 TopWriteOffset;
uint64 TotalDataRead;
uint64 TotalDataWritten;
- bool TrueCryptMode;
int Pim;
bool EncryptionNotCompleted;
diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make
index 91f40fb7..708f28c5 100644
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -16,7 +16,6 @@ OBJSNOOPT :=
OBJS += Cipher.o
OBJS += EncryptionAlgorithm.o
OBJS += EncryptionMode.o
-OBJS += EncryptionModeXTS.o
OBJS += EncryptionTest.o
OBJS += EncryptionThreadPool.o
OBJS += Hash.o
@@ -30,12 +29,20 @@ OBJS += VolumeLayout.o
OBJS += VolumePassword.o
OBJS += VolumePasswordCache.o
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
+OBJS += EncryptionModeXTS.o
+else
+OBJS += EncryptionModeWolfCryptXTS.o
+endif
+
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
ifeq "$(PLATFORM)" "MacOSX"
- OBJSEX += ../Crypto/Aes_asm.oo
- OBJS += ../Crypto/Aes_hw_cpu.o
- OBJS += ../Crypto/Aescrypt.o
- OBJSEX += ../Crypto/Twofish_asm.oo
- OBJSEX += ../Crypto/Camellia_asm.oo
+ifneq "$(COMPILE_ASM)" "false"
+ OBJSEX += ../Crypto/Aes_asm.oo
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ OBJS += ../Crypto/Aescrypt.o
+ OBJSEX += ../Crypto/Twofish_asm.oo
+ OBJSEX += ../Crypto/Camellia_asm.oo
OBJSEX += ../Crypto/Camellia_aesni_asm.oo
OBJSEX += ../Crypto/sha256-nayuki.oo
OBJSEX += ../Crypto/sha512-nayuki.oo
@@ -45,18 +52,19 @@ ifeq "$(PLATFORM)" "MacOSX"
OBJSEX += ../Crypto/sha512_avx1.oo
OBJSEX += ../Crypto/sha512_avx2.oo
OBJSEX += ../Crypto/sha512_sse4.oo
+endif
else ifeq "$(CPU_ARCH)" "x86"
OBJS += ../Crypto/Aes_x86.o
-ifeq "$(DISABLE_AESNI)" "0"
- OBJS += ../Crypto/Aes_hw_cpu.o
-endif
+ ifeq "$(DISABLE_AESNI)" "0"
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ endif
OBJS += ../Crypto/sha256-x86-nayuki.o
OBJS += ../Crypto/sha512-x86-nayuki.o
else ifeq "$(CPU_ARCH)" "x64"
OBJS += ../Crypto/Aes_x64.o
-ifeq "$(DISABLE_AESNI)" "0"
- OBJS += ../Crypto/Aes_hw_cpu.o
-endif
+ ifeq "$(DISABLE_AESNI)" "0"
+ OBJS += ../Crypto/Aes_hw_cpu.o
+ endif
OBJS += ../Crypto/Twofish_x64.o
OBJS += ../Crypto/Camellia_x64.o
OBJS += ../Crypto/Camellia_aesni_x64.o
@@ -72,16 +80,19 @@ else
endif
ifeq "$(GCC_GTEQ_430)" "1"
-OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
-OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+ OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
+ OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+else
+ OBJS += ../Crypto/blake2s_SSE41.o
+ OBJS += ../Crypto/blake2s_SSSE3.o
+endif
else
-OBJS += ../Crypto/blake2s_SSE41.o
-OBJS += ../Crypto/blake2s_SSSE3.o
+OBJS += ../Crypto/wolfCrypt.o
endif
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
OBJS += ../Crypto/Aeskey.o
OBJS += ../Crypto/Aestab.o
-OBJS += ../Crypto/cpu.o
OBJS += ../Crypto/blake2s.o
OBJS += ../Crypto/blake2s_SSE2.o
OBJS += ../Crypto/SerpentFast.o
@@ -93,18 +104,34 @@ OBJS += ../Crypto/Camellia.o
OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o
+OBJS += ../Common/Pkcs5.o
+endif
+
+OBJS += ../Crypto/cpu.o
OBJSNOOPT += ../Crypto/jitterentropy-base.o0
+OBJS += ../Common/CommandAPDU.o
+OBJS += ../Common/PCSCException.o
+OBJS += ../Common/ResponseAPDU.o
+OBJS += ../Common/SCard.o
+OBJS += ../Common/SCardLoader.o
+OBJS += ../Common/SCardManager.o
+OBJS += ../Common/SCardReader.o
+OBJS += ../Common/Token.o
OBJS += ../Common/Crc.o
+OBJS += ../Common/TLVParser.o
+OBJS += ../Common/EMVCard.o
+OBJS += ../Common/EMVToken.o
OBJS += ../Common/Endian.o
OBJS += ../Common/GfMul.o
-OBJS += ../Common/Pkcs5.o
OBJS += ../Common/SecurityToken.o
VolumeLibrary: Volume.a
+ifeq "$(ENABLE_WOLFCRYPT)" "0"
ifeq "$(PLATFORM)" "MacOSX"
+ifneq "$(COMPILE_ASM)" "false"
../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm
@echo Assembling $(<F)
$(AS) $(ASFLAGS32) -o ../Crypto/Aes_x86.o ../Crypto/Aes_x86.asm
@@ -113,7 +140,7 @@ ifeq "$(PLATFORM)" "MacOSX"
rm -fr ../Crypto/Aes_x86.o ../Crypto/Aes_x64.o
../Crypto/Twofish_asm.oo: ../Crypto/Twofish_x64.S
@echo Assembling $(<F)
- $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
+ $(AS) $(ASFLAGS64) -p gas -o ../Crypto/Twofish_asm.oo ../Crypto/Twofish_x64.S
../Crypto/Camellia_asm.oo: ../Crypto/Camellia_x64.S
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -p gas -o ../Crypto/Camellia_asm.oo ../Crypto/Camellia_x64.S
@@ -148,5 +175,7 @@ ifeq "$(PLATFORM)" "MacOSX"
@echo Assembling $(<F)
$(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm
endif
+endif
+endif
include $(BUILD_INC)/Makefile.inc
diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp
index faed1fcb..2b8699a3 100644
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@@ -12,6 +12,9 @@
#include "Crc32.h"
#include "EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "EncryptionModeWolfCryptXTS.h"
+#endif
#include "Pkcs5Kdf.h"
#include "Pkcs5Kdf.h"
#include "VolumeHeader.h"
@@ -44,6 +47,7 @@ namespace VeraCrypt
EncryptedAreaLength = 0;
Flags = 0;
SectorSize = 0;
+ XtsKeyVulnerable = false;
}
void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options)
@@ -59,6 +63,9 @@ namespace VeraCrypt
DataAreaKey.Zero();
DataAreaKey.CopyFrom (options.DataKey);
+ // check if the XTS key is vulnerable by comparing the two parts of the key
+ XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0);
+
VolumeCreationTime = 0;
HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0);
VolumeDataSize = options.VolumeDataSize;
@@ -76,13 +83,17 @@ namespace VeraCrypt
}
EA = options.EA;
- shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
- EA->SetMode (mode);
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
+ #else
+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
+ #endif
+ EA->SetMode (mode);
EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
}
- bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+ bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
{
if (password.Size() < 1)
throw PasswordEmpty (SRC_POS);
@@ -100,17 +111,28 @@ namespace VeraCrypt
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
- if (typeid (*mode) != typeid (EncryptionModeXTS))
- mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
+ #ifdef WOLFCRYPT_BACKEND
+ if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS))
+ #else
+ if (typeid (*mode) != typeid (EncryptionModeXTS))
+ #endif
+ mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
{
if (!ea->IsModeSupported (mode))
continue;
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
+ #endif
mode = mode->GetNew();
mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
@@ -125,7 +147,7 @@ namespace VeraCrypt
header.CopyFrom (encryptedData.GetRange (EncryptedHeaderDataOffset, EncryptedHeaderDataSize));
ea->Decrypt (header);
- if (Deserialize (header, ea, mode, truecryptMode))
+ if (Deserialize (header, ea, mode))
{
EA = ea;
Pkcs5 = pkcs5;
@@ -138,18 +160,12 @@ namespace VeraCrypt
return false;
}
- bool VolumeHeader::Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode, bool truecryptMode)
+ bool VolumeHeader::Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode)
{
if (header.Size() != EncryptedHeaderDataSize)
throw ParameterIncorrect (SRC_POS);
- if (truecryptMode && (header[0] != 'T' ||
- header[1] != 'R' ||
- header[2] != 'U' ||
- header[3] != 'E'))
- return false;
-
- if (!truecryptMode && (header[0] != 'V' ||
+ if ((header[0] != 'V' ||
header[1] != 'E' ||
header[2] != 'R' ||
header[3] != 'A'))
@@ -173,16 +189,9 @@ namespace VeraCrypt
RequiredMinProgramVersion = DeserializeEntry <uint16> (header, offset);
- if (!truecryptMode && (RequiredMinProgramVersion > Version::Number()))
+ if ((RequiredMinProgramVersion > Version::Number()))
throw HigherVersionRequired (SRC_POS);
- if (truecryptMode)
- {
- if (RequiredMinProgramVersion < 0x600 || RequiredMinProgramVersion > 0x71a)
- throw UnsupportedTrueCryptFormat (SRC_POS);
- RequiredMinProgramVersion = CurrentRequiredMinProgramVersion;
- }
-
VolumeKeyAreaCrc32 = DeserializeEntry <uint32> (header, offset);
VolumeCreationTime = DeserializeEntry <uint64> (header, offset);
HeaderCreationTime = DeserializeEntry <uint64> (header, offset);
@@ -219,10 +228,20 @@ namespace VeraCrypt
ea = ea->GetNew();
mode = mode->GetNew();
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
+ ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
+ #endif
mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
+
+ // check if the XTS key is vulnerable by comparing the two parts of the key
+ XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0);
}
else
{
@@ -263,10 +282,17 @@ namespace VeraCrypt
shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew();
shared_ptr <EncryptionAlgorithm> ea = EA->GetNew();
+ #ifndef WOLFCRYPT_BACKEND
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
- mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
- ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ #else
+ if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS))
+ {
+ ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
+ ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
+ #endif
+ mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
}
else
{
diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h
index 191547e3..18a52950 100644
--- a/src/Volume/VolumeHeader.h
+++ b/src/Volume/VolumeHeader.h
@@ -60,7 +60,7 @@ namespace VeraCrypt
virtual ~VolumeHeader ();
void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options);
- bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
+ bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; }
uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; }
@@ -76,9 +76,10 @@ namespace VeraCrypt
uint64 GetVolumeDataSize () const { return VolumeDataSize; }
VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; }
void SetSize (uint32 headerSize);
+ bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; }
protected:
- bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode, bool truecryptMode);
+ bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode);
template <typename T> T DeserializeEntry (const ConstBufferPtr &header, size_t &offset) const;
template <typename T> T DeserializeEntryAt (const ConstBufferPtr &header, const size_t &offset) const;
void Init ();
@@ -120,6 +121,7 @@ namespace VeraCrypt
uint32 SectorSize;
SecureBuffer DataAreaKey;
+ bool XtsKeyVulnerable;
private:
VolumeHeader (const VolumeHeader &);
diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp
index b30dafa2..f3b044b7 100644
--- a/src/Volume/VolumeInfo.cpp
+++ b/src/Volume/VolumeInfo.cpp
@@ -54,8 +54,8 @@ namespace VeraCrypt
Type = static_cast <VolumeType::Enum> (sr.DeserializeInt32 ("Type"));
VirtualDevice = sr.DeserializeWString ("VirtualDevice");
sr.Deserialize ("VolumeCreationTime", VolumeCreationTime);
- sr.Deserialize ("TrueCryptMode", TrueCryptMode);
sr.Deserialize ("Pim", Pim);
+ sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable);
}
bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second)
@@ -95,8 +95,8 @@ namespace VeraCrypt
sr.Serialize ("Type", static_cast <uint32> (Type));
sr.Serialize ("VirtualDevice", wstring (VirtualDevice));
sr.Serialize ("VolumeCreationTime", VolumeCreationTime);
- sr.Serialize ("TrueCryptMode", TrueCryptMode);
sr.Serialize ("Pim", Pim);
+ sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable);
}
void VolumeInfo::Set (const Volume &volume)
@@ -120,8 +120,8 @@ namespace VeraCrypt
TopWriteOffset = volume.GetTopWriteOffset();
TotalDataRead = volume.GetTotalDataRead();
TotalDataWritten = volume.GetTotalDataWritten();
- TrueCryptMode = volume.GetTrueCryptMode();
Pim = volume.GetPim ();
+ MasterKeyVulnerable = volume.IsMasterKeyVulnerable();
}
TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo);
diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h
index f9e07a2e..ad6c2ca4 100644
--- a/src/Volume/VolumeInfo.h
+++ b/src/Volume/VolumeInfo.h
@@ -60,9 +60,8 @@ namespace VeraCrypt
VolumeType::Enum Type;
DevicePath VirtualDevice;
VolumeTime VolumeCreationTime;
- bool TrueCryptMode;
int Pim;
-
+ bool MasterKeyVulnerable;
private:
VolumeInfo (const VolumeInfo &);
VolumeInfo &operator= (const VolumeInfo &);
diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp
index 3045ba83..3600d76f 100644
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@@ -12,6 +12,9 @@
#include "Volume/EncryptionMode.h"
#include "Volume/EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "Volume/EncryptionModeWolfCryptXTS.h"
+#endif
#include "VolumeLayout.h"
#include "Boot/Windows/BootCommon.h"
@@ -66,6 +69,7 @@ namespace VeraCrypt
HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -75,7 +79,10 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
- SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
}
uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const
@@ -97,6 +104,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -111,9 +119,12 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
+
+ }
uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const
{
@@ -142,6 +153,7 @@ namespace VeraCrypt
BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -158,6 +170,9 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
}
uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const
@@ -194,6 +209,7 @@ namespace VeraCrypt
HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE;
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ()));
+ #ifndef WOLFCRYPT_BACKEND
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
@@ -208,9 +224,13 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ()));
-
- SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
+
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
+ #else
+ SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ()));
+ #endif
+
+ }
uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const
{
@@ -222,17 +242,16 @@ namespace VeraCrypt
return volumeHostSize;
}
- Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions (bool truecryptMode) const
+ Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const
{
Pkcs5KdfList l;
- if (!truecryptMode)
- {
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
- }
- return l;
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
+ #ifndef WOLFCRYPT_BACKEND
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
+ #endif
+ return l;
}
}
diff --git a/src/Volume/VolumeLayout.h b/src/Volume/VolumeLayout.h
index 40a8643d..32b646ad 100644
--- a/src/Volume/VolumeLayout.h
+++ b/src/Volume/VolumeLayout.h
@@ -38,7 +38,7 @@ namespace VeraCrypt
virtual uint32 GetHeaderSize () const { return HeaderSize; }
virtual uint64 GetMaxDataSize (uint64 volumeSize) const = 0;
virtual EncryptionAlgorithmList GetSupportedEncryptionAlgorithms () const { return SupportedEncryptionAlgorithms; }
- virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions (bool truecryptMode) const { return Pkcs5Kdf::GetAvailableAlgorithms(truecryptMode); }
+ virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions () const { return Pkcs5Kdf::GetAvailableAlgorithms(); }
virtual EncryptionModeList GetSupportedEncryptionModes () const { return SupportedEncryptionModes; }
virtual VolumeType::Enum GetType () const { return Type; }
virtual bool HasBackupHeader () const = 0;
@@ -126,7 +126,7 @@ namespace VeraCrypt
virtual uint64 GetDataOffset (uint64 volumeHostSize) const;
virtual uint64 GetDataSize (uint64 volumeHostSize) const;
virtual uint64 GetMaxDataSize (uint64 volumeSize) const { throw NotApplicable (SRC_POS); }
- virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions (bool truecryptMode) const;
+ virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions () const;
virtual bool HasBackupHeader () const { return false; }
virtual bool HasDriveHeader () const { return true; }
diff --git a/src/Volume/VolumePassword.cpp b/src/Volume/VolumePassword.cpp
index a22c9388..9ba3ebce 100644
--- a/src/Volume/VolumePassword.cpp
+++ b/src/Volume/VolumePassword.cpp
@@ -60,7 +60,7 @@ namespace VeraCrypt
sr.Serialize ("WipeData", ConstBufferPtr (wipeBuffer));
}
- void VolumePassword::Set (const byte *password, size_t size)
+ void VolumePassword::Set (const uint8 *password, size_t size)
{
AllocateBuffer ();
diff --git a/src/Volume/VolumePassword.h b/src/Volume/VolumePassword.h
index f4a3ccbe..c1e6b9b6 100644
--- a/src/Volume/VolumePassword.h
+++ b/src/Volume/VolumePassword.h
@@ -22,7 +22,7 @@ namespace VeraCrypt
{
public:
VolumePassword ();
- VolumePassword (const byte *password, size_t size) { Set (password, size); }
+ VolumePassword (const uint8 *password, size_t size) { Set (password, size); }
VolumePassword (const SecureBuffer &password) { Set (password.Ptr (), password.Size ()); }
VolumePassword (const VolumePassword &password) { Set (password); }
virtual ~VolumePassword ();
@@ -33,10 +33,10 @@ namespace VeraCrypt
operator BufferPtr () const { return BufferPtr (PasswordBuffer); }
- byte *DataPtr () const { return PasswordBuffer; }
+ uint8 *DataPtr () const { return PasswordBuffer; }
bool IsEmpty () const { return PasswordSize == 0; }
size_t Size () const { return PasswordSize; }
- void Set (const byte *password, size_t size);
+ void Set (const uint8 *password, size_t size);
void Set (const VolumePassword &password);
TC_SERIALIZABLE (VolumePassword);