diff options
Diffstat (limited to 'src/Volume')
28 files changed, 662 insertions, 367 deletions
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 32f61b76..d0fb7bd5 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -16,13 +16,11 @@ #include "Crypto/SerpentFast.h" #include "Crypto/Twofish.h" #include "Crypto/Camellia.h" -#include "Crypto/GostCipher.h" #include "Crypto/kuznyechik.h" #ifdef TC_AES_HW_CPU # include "Crypto/Aes_hw_cpu.h" #endif -#include "Crypto/cpu.h" extern "C" int IsAesHwCpuSupported () { @@ -32,7 +30,7 @@ extern "C" int IsAesHwCpuSupported () if (!stateValid) { - state = g_hasAESNI ? true : false; + state = HasAESNI() ? true : false; stateValid = true; } return state && VeraCrypt::Cipher::IsHwSupportEnabled(); @@ -96,12 +94,12 @@ namespace VeraCrypt CipherList l; l.push_back (shared_ptr <Cipher> (new CipherAES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <Cipher> (new CipherSerpent ())); l.push_back (shared_ptr <Cipher> (new CipherTwofish ())); l.push_back (shared_ptr <Cipher> (new CipherCamellia ())); - l.push_back (shared_ptr <Cipher> (new CipherGost89 ())); l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ())); - + #endif return l; } @@ -118,6 +116,37 @@ namespace VeraCrypt Initialized = true; } + #ifdef WOLFCRYPT_BACKEND + void Cipher::SetKeyXTS (const ConstBufferPtr &key) + { + if (key.Size() != GetKeySize ()) + throw ParameterIncorrect (SRC_POS); + + if (!Initialized) + ScheduledKey.Allocate (GetScheduledKeySize ()); + + SetCipherKeyXTS (key); + Key.CopyFrom (key); + Initialized = true; + } + + void Cipher::EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + EncryptXTS (data, length, startDataUnitNo); + } + + void Cipher::DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + DecryptXTS (data, length, startDataUnitNo); + } + #endif + #define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) #undef TC_EXCEPTION_NODECL #define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE) @@ -189,6 +218,26 @@ namespace VeraCrypt #endif Cipher::EncryptBlocks (data, blockCount); } + #ifdef WOLFCRYPT_BACKEND + void CipherAES::EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + xts_encrypt (data, data, length, startDataUnitNo, (aes_encrypt_ctx *) ScheduledKey.Ptr()); + } + + void CipherAES::DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const + { + xts_decrypt (data, data, length, startDataUnitNo, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))); + } + + void CipherAES::SetCipherKeyXTS (const byte *key) + { + if (xts_encrypt_key256 (key, (aes_encrypt_ctx *) ScheduledKey.Ptr()) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + + if (xts_decrypt_key256 (key, (aes_decrypt_ctx *) (ScheduledKey.Ptr() + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS) + throw CipherInitError (SRC_POS); + } + #endif size_t CipherAES::GetScheduledKeySize () const { @@ -203,7 +252,7 @@ namespace VeraCrypt if (!stateValid) { - state = g_hasAESNI ? true : false; + state = HasAESNI() ? true : false; stateValid = true; } return state && HwSupportEnabled; @@ -221,6 +270,7 @@ namespace VeraCrypt throw CipherInitError (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // Serpent void CipherSerpent::Decrypt (byte *data) const { @@ -247,7 +297,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE +#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM) if ((blockCount >= 4) && IsHwSupportAvailable()) { @@ -263,7 +313,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE +#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(CRYPTOPP_DISABLE_ASM) if ((blockCount >= 4) && IsHwSupportAvailable()) { @@ -318,7 +368,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) twofish_encrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount); #else Cipher::EncryptBlocks (data, blockCount); @@ -330,7 +380,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) twofish_decrypt_blocks ( (TwofishInstance *) ScheduledKey.Ptr(), data, data, blockCount); #else Cipher::DecryptBlocks (data, blockCount); @@ -339,7 +389,7 @@ namespace VeraCrypt bool CipherTwofish::IsHwSupportAvailable () const { -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) return true; #else return false; @@ -372,7 +422,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) camellia_encrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount); #else Cipher::EncryptBlocks (data, blockCount); @@ -384,7 +434,7 @@ namespace VeraCrypt if (!Initialized) throw NotInitialized (SRC_POS); -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) camellia_decrypt_blocks ( ScheduledKey.Ptr(), data, data, blockCount); #else Cipher::DecryptBlocks (data, blockCount); @@ -393,55 +443,13 @@ namespace VeraCrypt bool CipherCamellia::IsHwSupportAvailable () const { -#if CRYPTOPP_BOOL_X64 +#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM) return true; #else return false; #endif } - // GOST89 - void CipherGost89::Decrypt (byte *data) const - { - gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - void CipherGost89::Encrypt (byte *data) const - { - gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - size_t CipherGost89::GetScheduledKeySize () const - { - return GOST_KS; - } - - void CipherGost89::SetCipherKey (const byte *key) - { - gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - // GOST89 with static SBOX - void CipherGost89StaticSBOX::Decrypt (byte *data) const - { - gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - void CipherGost89StaticSBOX::Encrypt (byte *data) const - { - gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - size_t CipherGost89StaticSBOX::GetScheduledKeySize () const - { - return GOST_KS; - } - - void CipherGost89StaticSBOX::SetCipherKey (const byte *key) - { - gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0); - } - // Kuznyechik void CipherKuznyechik::Decrypt (byte *data) const { @@ -510,5 +518,6 @@ namespace VeraCrypt return false; #endif } - bool Cipher::HwSupportEnabled = true; + #endif + bool Cipher::HwSupportEnabled = true; } diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 18d1d2ed..1b7fd233 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -14,8 +14,7 @@ #define TC_HEADER_Encryption_Ciphers #include "Platform/Platform.h" -#include "Crypto/config.h" - +#include "Crypto/cpu.h" namespace VeraCrypt { @@ -29,8 +28,15 @@ namespace VeraCrypt virtual void DecryptBlock (byte *data) const; virtual void DecryptBlocks (byte *data, size_t blockCount) const; - static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } - virtual void EncryptBlock (byte *data) const; + #ifndef WOLFCRYPT_BACKEND + static void EnableHwSupport (bool enable) { HwSupportEnabled = enable; } + #else + static void EnableHwSupport (bool enable) { HwSupportEnabled = false; } + virtual void EncryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; + virtual void DecryptBlockXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void EncryptBlock (byte *data) const; virtual void EncryptBlocks (byte *data, size_t blockCount) const; static CipherList GetAvailableCiphers (); virtual size_t GetBlockSize () const = 0; @@ -51,6 +57,11 @@ namespace VeraCrypt virtual void Encrypt (byte *data) const = 0; virtual size_t GetScheduledKeySize () const = 0; virtual void SetCipherKey (const byte *key) = 0; + #ifdef WOLFCRYPT_BACKEND + virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const = 0; + virtual void SetCipherKeyXTS (const byte *key) = 0; + #endif static bool HwSupportEnabled; bool Initialized; @@ -70,6 +81,7 @@ namespace VeraCrypt CipherException (const string &message, const wstring &subject) : Exception (message, subject) { } }; +#ifdef WOLFCRYPT_BACKEND #define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ class TC_JOIN (Cipher,NAME) : public Cipher \ @@ -89,12 +101,43 @@ namespace VeraCrypt virtual void Encrypt (byte *data) const; \ virtual size_t GetScheduledKeySize () const; \ virtual void SetCipherKey (const byte *key); \ + virtual void DecryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \ + virtual void SetCipherKeyXTS (const byte *key); \ + virtual void EncryptXTS (byte *data, uint64 length, uint64 startDataUnitNo) const; \ \ private: \ TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ } +#else + +#define TC_CIPHER(NAME, BLOCK_SIZE, KEY_SIZE) \ + class TC_JOIN (Cipher,NAME) : public Cipher \ + { \ + public: \ + TC_JOIN (Cipher,NAME) () { } \ + virtual ~TC_JOIN (Cipher,NAME) () { } \ +\ + virtual size_t GetBlockSize () const { return BLOCK_SIZE; }; \ + virtual size_t GetKeySize () const { return KEY_SIZE; }; \ + virtual wstring GetName () const { return L###NAME; }; \ + virtual shared_ptr <Cipher> GetNew () const { return shared_ptr <Cipher> (new TC_JOIN (Cipher,NAME)()); } \ + TC_CIPHER_ADD_METHODS \ +\ + protected: \ + virtual void Decrypt (byte *data) const; \ + virtual void Encrypt (byte *data) const; \ + virtual size_t GetScheduledKeySize () const; \ + virtual void SetCipherKey (const byte *key); \ +\ + private: \ + TC_JOIN (Cipher,NAME) (const TC_JOIN (Cipher,NAME) &); \ + TC_JOIN (Cipher,NAME) &operator= (const TC_JOIN (Cipher,NAME) &); \ + } + +#endif + #define TC_CIPHER_ADD_METHODS \ virtual void DecryptBlocks (byte *data, size_t blockCount) const; \ virtual void EncryptBlocks (byte *data, size_t blockCount) const; \ @@ -109,9 +152,6 @@ namespace VeraCrypt #undef TC_CIPHER_ADD_METHODS #define TC_CIPHER_ADD_METHODS - TC_CIPHER (Gost89, 16, 32); - TC_CIPHER (Gost89StaticSBOX, 16, 32); - #undef TC_CIPHER @@ -126,10 +166,6 @@ namespace VeraCrypt #undef TC_EXCEPTION -#if (defined (TC_ARCH_X86) || defined (TC_ARCH_X64)) && !defined (__ppc__) -# define TC_AES_HW_CPU -#endif - } #endif // TC_HEADER_Encryption_Ciphers diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index b94f69fa..0178da00 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -12,6 +12,9 @@ #include "EncryptionAlgorithm.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif namespace VeraCrypt { @@ -62,10 +65,10 @@ namespace VeraCrypt EncryptionAlgorithmList l; l.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); - l.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ())); @@ -77,7 +80,7 @@ namespace VeraCrypt l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); l.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - + #endif return l; } @@ -216,7 +219,25 @@ namespace VeraCrypt } } - void EncryptionAlgorithm::ValidateState () const + #ifdef WOLFCRYPT_BACKEND + void EncryptionAlgorithm::SetKeyXTS (const ConstBufferPtr &key) + { + if (Ciphers.size() < 1) + throw NotInitialized (SRC_POS); + + if (GetKeySize() != key.Size()) + throw ParameterIncorrect (SRC_POS); + + size_t keyOffset = 0; + foreach_ref (Cipher &c, Ciphers) + { + c.SetKeyXTS (key.GetRange (keyOffset, c.GetKeySize())); + keyOffset += c.GetKeySize(); + } + } + #endif + + void EncryptionAlgorithm::ValidateState () const { if (Ciphers.size() < 1 || Mode.get() == nullptr) throw NotInitialized (SRC_POS); @@ -227,9 +248,14 @@ namespace VeraCrypt { Ciphers.push_back (shared_ptr <Cipher> (new CipherAES())); + #ifdef WOLFCRYPT_BACKEND + SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #endif + } +#ifndef WOLFCRYPT_BACKEND // AES-Twofish AESTwofish::AESTwofish () { @@ -301,17 +327,6 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); } - - // GOST89 - GOST89::GOST89 () - { - Deprecated = true; - - Ciphers.push_back (shared_ptr <Cipher> (new CipherGost89())); - - SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } - // Kuznyechik Kuznyechik::Kuznyechik () { @@ -365,4 +380,5 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); } +#endif } diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index a701e700..d60082fa 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -46,7 +46,10 @@ namespace VeraCrypt virtual bool IsModeSupported (const EncryptionMode &mode) const; virtual bool IsModeSupported (const shared_ptr <EncryptionMode> mode) const; virtual void SetKey (const ConstBufferPtr &key); - virtual void SetMode (shared_ptr <EncryptionMode> mode); + #ifdef WOLFCRYPT_BACKEND + virtual void SetKeyXTS (const ConstBufferPtr &key); + #endif + virtual void SetMode (shared_ptr <EncryptionMode> mode); protected: EncryptionAlgorithm (); @@ -86,7 +89,6 @@ namespace VeraCrypt TC_ENCRYPTION_ALGORITHM (TwofishSerpent); TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES); TC_ENCRYPTION_ALGORITHM (Camellia); - TC_ENCRYPTION_ALGORITHM (GOST89); TC_ENCRYPTION_ALGORITHM (Kuznyechik); TC_ENCRYPTION_ALGORITHM (KuznyechikTwofish); TC_ENCRYPTION_ALGORITHM (KuznyechikAES); diff --git a/src/Volume/EncryptionMode.cpp b/src/Volume/EncryptionMode.cpp index b7e5cc02..81d275b6 100644 --- a/src/Volume/EncryptionMode.cpp +++ b/src/Volume/EncryptionMode.cpp @@ -12,6 +12,9 @@ #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionThreadPool.h" namespace VeraCrypt @@ -38,7 +41,11 @@ namespace VeraCrypt { EncryptionModeList l; + #ifdef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #else l.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #endif return l; } diff --git a/src/Volume/EncryptionModeWolfCryptXTS.cpp b/src/Volume/EncryptionModeWolfCryptXTS.cpp new file mode 100644 index 00000000..891f6007 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.cpp @@ -0,0 +1,119 @@ + +#include "Crypto/cpu.h" +#include "Crypto/misc.h" +#include "EncryptionModeWolfCryptXTS.h" +#include "Common/Crypto.h" + +namespace VeraCrypt +{ + void EncryptionModeWolfCryptXTS::Encrypt (byte *data, uint64 length) const + { + EncryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.begin(); + + for (CipherList::const_iterator iCipher = Ciphers.begin(); iCipher != Ciphers.end(); ++iCipher) + { + EncryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + ++iSecondaryCipher; + } + + assert (iSecondaryCipher == SecondaryCiphers.end()); + } + + void EncryptionModeWolfCryptXTS::EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.EncryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + EncryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + size_t EncryptionModeWolfCryptXTS::GetKeySize () const + { + if (Ciphers.empty()) + throw NotInitialized (SRC_POS); + + size_t keySize = 0; + foreach_ref (const Cipher &cipher, SecondaryCiphers) + { + keySize += cipher.GetKeySize(); + } + + return keySize; + } + + void EncryptionModeWolfCryptXTS::Decrypt (byte *data, uint64 length) const + { + DecryptBuffer (data, length, 0); + } + + void EncryptionModeWolfCryptXTS::DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const + { + if_debug (ValidateState()); + + CipherList::const_iterator iSecondaryCipher = SecondaryCiphers.end(); + + for (CipherList::const_reverse_iterator iCipher = Ciphers.rbegin(); iCipher != Ciphers.rend(); ++iCipher) + { + --iSecondaryCipher; + DecryptBufferXTS (**iCipher, **iSecondaryCipher, data, length, startDataUnitNo, 0); + } + + assert (iSecondaryCipher == SecondaryCiphers.begin()); + } + + void EncryptionModeWolfCryptXTS::DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const + { + cipher.DecryptBlockXTS(buffer, length, startDataUnitNo); + } + + void EncryptionModeWolfCryptXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const + { + DecryptBuffer (data, sectorCount * sectorSize, sectorIndex * sectorSize / ENCRYPTION_DATA_UNIT_SIZE); + } + + void EncryptionModeWolfCryptXTS::SetCiphers (const CipherList &ciphers) + { + EncryptionMode::SetCiphers (ciphers); + + SecondaryCiphers.clear(); + + foreach_ref (const Cipher &cipher, ciphers) + { + SecondaryCiphers.push_back (cipher.GetNew()); + } + + if (SecondaryKey.Size() > 0) + SetSecondaryCipherKeys(); + } + + void EncryptionModeWolfCryptXTS::SetKey (const ConstBufferPtr &key) + { + SecondaryKey.Allocate (key.Size()); + SecondaryKey.CopyFrom (key); + + if (!SecondaryCiphers.empty()) + SetSecondaryCipherKeys(); + + } + + void EncryptionModeWolfCryptXTS::SetSecondaryCipherKeys () + { + size_t keyOffset = 0; + foreach_ref (Cipher &cipher, SecondaryCiphers) + { + cipher.SetKeyXTS (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); + keyOffset += cipher.GetKeySize(); + } + + KeySet = true; + } +} diff --git a/src/Volume/EncryptionModeWolfCryptXTS.h b/src/Volume/EncryptionModeWolfCryptXTS.h new file mode 100644 index 00000000..e432f768 --- /dev/null +++ b/src/Volume/EncryptionModeWolfCryptXTS.h @@ -0,0 +1,54 @@ +/* + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Volume_EncryptionModeWolfCryptXTS +#define TC_HEADER_Volume_EncryptionModeWolfCryptXTS + +#include "Platform/Platform.h" +#include "EncryptionMode.h" + +namespace VeraCrypt +{ + class EncryptionModeWolfCryptXTS : public EncryptionMode + { + public: + EncryptionModeWolfCryptXTS () { } + virtual ~EncryptionModeWolfCryptXTS () { } + + virtual void Decrypt (byte *data, uint64 length) const; + virtual void DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual void Encrypt (byte *data, uint64 length) const; + virtual void EncryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const; + virtual const SecureBuffer &GetKey () const { return SecondaryKey; } + virtual size_t GetKeySize () const; + virtual wstring GetName () const { return L"XTS"; }; + virtual shared_ptr <EncryptionMode> GetNew () const { return shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS); } + virtual void SetCiphers (const CipherList &ciphers); + virtual void SetKey (const ConstBufferPtr &key); + + protected: + void DecryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; + void DecryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void EncryptBuffer (byte *data, uint64 length, uint64 startDataUnitNo) const; + void EncryptBufferXTS (Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const; + void SetSecondaryCipherKeys (); + + SecureBuffer SecondaryKey; + CipherList SecondaryCiphers; + + private: + EncryptionModeWolfCryptXTS (const EncryptionModeWolfCryptXTS &); + EncryptionModeWolfCryptXTS &operator= (const EncryptionModeWolfCryptXTS &); + }; +} + +#endif // TC_HEADER_Volume_EncryptionModeWolfCryptXTS diff --git a/src/Volume/EncryptionModeXTS.cpp b/src/Volume/EncryptionModeXTS.cpp index 66f0ff62..56ee895c 100644 --- a/src/Volume/EncryptionModeXTS.cpp +++ b/src/Volume/EncryptionModeXTS.cpp @@ -69,7 +69,7 @@ namespace VeraCrypt void EncryptionModeXTS::EncryptBufferXTS (const Cipher &cipher, const Cipher &secondaryCipher, byte *buffer, uint64 length, uint64 startDataUnitNo, unsigned int startCipherBlockNo) const { - byte finalCarry; + byte finalCarry; byte whiteningValues [ENCRYPTION_DATA_UNIT_SIZE]; byte whiteningValue [BYTES_PER_XTS_BLOCK]; byte byteBufUnitNo [BYTES_PER_XTS_BLOCK]; @@ -374,7 +374,7 @@ namespace VeraCrypt FAST_ERASE64 (whiteningValue, sizeof (whiteningValue)); FAST_ERASE64 (whiteningValues, sizeof (whiteningValues)); - } + } void EncryptionModeXTS::DecryptSectorsCurrentThread (byte *data, uint64 sectorIndex, uint64 sectorCount, size_t sectorSize) const { @@ -411,7 +411,7 @@ namespace VeraCrypt foreach_ref (Cipher &cipher, SecondaryCiphers) { cipher.SetKey (SecondaryKey.GetRange (keyOffset, cipher.GetKeySize())); - keyOffset += cipher.GetKeySize(); + keyOffset += cipher.GetKeySize(); } KeySet = true; diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index 22aea220..c900885e 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -16,6 +16,9 @@ #include "EncryptionAlgorithm.h" #include "EncryptionMode.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "EncryptionTest.h" #include "Pkcs5Kdf.h" @@ -64,6 +67,7 @@ namespace VeraCrypt } }; + #ifndef WOLFCRYPT_BACKEND static const CipherTestVector SerpentTestVectors[] = { { @@ -123,23 +127,7 @@ namespace VeraCrypt } } }; - - static const CipherTestVector GOST89TestVectors[] = - { - { - { - 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, - 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF - }, - { - 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88 - }, - { - 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F - } - } - }; - + static const CipherTestVector KuznyechikTestVectors[] = { { @@ -167,6 +155,7 @@ namespace VeraCrypt } } }; + #endif static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) { @@ -206,6 +195,7 @@ namespace VeraCrypt if (origCrc != Crc32::ProcessBuffer (testData)) throw TestFailed (SRC_POS); + #ifndef WOLFCRYPT_BACKEND CipherSerpent serpent; TestCipher (serpent, SerpentTestVectors, array_capacity (SerpentTestVectors)); @@ -215,11 +205,9 @@ namespace VeraCrypt CipherCamellia camellia; TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors)); - CipherGost89StaticSBOX gost89; - TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors)); - CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); + #endif } const EncryptionTest::XtsTestVector EncryptionTest::XtsTestVectors[] = @@ -456,9 +444,16 @@ namespace VeraCrypt for (i = 0; i < array_capacity (XtsTestVectors); i++) { AES aes; - shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); - - aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> xts (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> xts (new EncryptionModeXTS); + #endif + + aes.SetKey (ConstBufferPtr (XtsTestVectors[i].key1, sizeof (XtsTestVectors[i].key1))); + #ifdef WOLFCRYPT_BACKEND + aes.SetKeyXTS (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); + #endif xts->SetKey (ConstBufferPtr (XtsTestVectors[i].key2, sizeof (XtsTestVectors[i].key2))); aes.SetMode (xts); @@ -513,7 +508,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -527,8 +526,11 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif - // Each data unit will contain the same plaintext + // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) { memcpy ((unsigned char *) buf + i * ENCRYPTION_DATA_UNIT_SIZE, @@ -575,6 +577,7 @@ namespace VeraCrypt break; } } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { switch (testCase) @@ -653,32 +656,6 @@ namespace VeraCrypt break; } } - else if (typeid (ea) == typeid (GOST89)) - { - switch (testCase) - { - case 0: - if (crc != 0x12194ef5) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 1: - if (crc != 0xda8d429b) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 2: - if (crc != 0xdbf0b12e) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 3: - if (crc != 0xb986eb4a) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - } - } else if (typeid (ea) == typeid (Kuznyechik)) { switch (testCase) @@ -965,7 +942,7 @@ namespace VeraCrypt break; } } - + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -986,7 +963,11 @@ namespace VeraCrypt // Test all EAs that support this mode of operation foreach_ref (EncryptionAlgorithm &ea, EncryptionAlgorithm::GetAvailableAlgorithms()) { + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS); + #else shared_ptr <EncryptionMode> mode (new EncryptionModeXTS); + #endif if (!ea.IsModeSupported (mode)) continue; @@ -1000,6 +981,9 @@ namespace VeraCrypt mode->SetKey (modeKey); ea.SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + ea.SetKeyXTS (modeKey); + #endif // Each data unit will contain the same plaintext for (i = 0; i < nbrUnits; i++) @@ -1019,6 +1003,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #ifndef WOLFCRYPT_BACKEND else if (typeid (ea) == typeid (Serpent)) { if (crc != 0x3494d480) @@ -1037,12 +1022,6 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } - else if (typeid (ea) == typeid (GOST89)) - { - if (crc != 0x9e8653cb) - throw TestFailed (SRC_POS); - nTestsPerformed++; - } else if (typeid (ea) == typeid (Kuznyechik)) { if (crc != 0xd6d39cdb) @@ -1109,6 +1088,7 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -1120,8 +1100,11 @@ namespace VeraCrypt nTestsPerformed++; } - - if (nTestsPerformed != 160) + #ifndef WOLFCRYPT_BACKEND + if (nTestsPerformed != 150) + #else + if (nTestsPerformed != 10) + #endif throw TestFailed (SRC_POS); } @@ -1132,17 +1115,18 @@ namespace VeraCrypt ConstBufferPtr salt (saltData, sizeof (saltData)); Buffer derivedKey (4); - Pkcs5HmacRipemd160 pkcs5HmacRipemd160(false); - pkcs5HmacRipemd160.DeriveKey (derivedKey, password, salt, 5); - if (memcmp (derivedKey.Ptr(), "\x7a\x3d\x7c\x03", 4) != 0) + #ifndef WOLFCRYPT_BACKEND + Pkcs5HmacBlake2s pkcs5HmacBlake2s; + pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0) throw TestFailed (SRC_POS); - Pkcs5HmacSha512 pkcs5HmacSha512(false); + Pkcs5HmacSha512 pkcs5HmacSha512; pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x13\x64\xae\xf8", 4) != 0) throw TestFailed (SRC_POS); - Pkcs5HmacWhirlpool pkcs5HmacWhirlpool(false); + Pkcs5HmacWhirlpool pkcs5HmacWhirlpool; pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\x50\x7c\x36\x6f", 4) != 0) throw TestFailed (SRC_POS); @@ -1156,5 +1140,16 @@ namespace VeraCrypt pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5); if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0) throw TestFailed (SRC_POS); - } + #else + Pkcs5HmacSha256 pkcs5HmacSha256; + pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0) + throw TestFailed (SRC_POS); + + Pkcs5HmacSha512 pkcs5HmacSha512; + pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0) + throw TestFailed (SRC_POS); + #endif + } } diff --git a/src/Volume/EncryptionThreadPool.cpp b/src/Volume/EncryptionThreadPool.cpp index 4219c7d7..7c86bf49 100644 --- a/src/Volume/EncryptionThreadPool.cpp +++ b/src/Volume/EncryptionThreadPool.cpp @@ -125,9 +125,9 @@ namespace VeraCrypt firstFragmentWorkItem->ItemCompletedEvent.Wait(); - auto_ptr <Exception> itemException; + unique_ptr <Exception> itemException; if (firstFragmentWorkItem->ItemException.get()) - itemException = firstFragmentWorkItem->ItemException; + itemException = move_ptr(firstFragmentWorkItem->ItemException); firstFragmentWorkItem->State.Set (WorkItem::State::Free); WorkItemCompletedEvent.Signal(); diff --git a/src/Volume/EncryptionThreadPool.h b/src/Volume/EncryptionThreadPool.h index 43aa4c80..baf31e23 100644 --- a/src/Volume/EncryptionThreadPool.h +++ b/src/Volume/EncryptionThreadPool.h @@ -44,7 +44,7 @@ namespace VeraCrypt }; struct WorkItem *FirstFragment; - auto_ptr <Exception> ItemException; + unique_ptr <Exception> ItemException; SyncEvent ItemCompletedEvent; SharedVal <size_t> OutstandingFragmentCount; SharedVal <State::Enum> State; diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index 5e64b3ff..d2e3e649 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -12,7 +12,7 @@ #include "Hash.h" -#include "Crypto/Rmd160.h" +#include "Crypto/blake2.h" #include "Crypto/Sha2.h" #include "Crypto/Whirlpool.h" #include "Crypto/Streebog.h" @@ -24,11 +24,12 @@ namespace VeraCrypt HashList l; l.push_back (shared_ptr <Hash> (new Sha512 ())); - l.push_back (shared_ptr <Hash> (new Whirlpool ())); l.push_back (shared_ptr <Hash> (new Sha256 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Hash> (new Blake2s ())); + l.push_back (shared_ptr <Hash> (new Whirlpool ())); l.push_back (shared_ptr <Hash> (new Streebog ())); - l.push_back (shared_ptr <Hash> (new Ripemd160 ())); - + #endif return l; } @@ -40,34 +41,35 @@ namespace VeraCrypt void Hash::ValidateDigestParameters (const BufferPtr &buffer) const { - if (buffer.Size() != GetDigestSize ()) + if (buffer.Size() < GetDigestSize ()) throw ParameterIncorrect (SRC_POS); } + #ifndef WOLFCRYPT_BACKEND // RIPEMD-160 - Ripemd160::Ripemd160 () + Blake2s::Blake2s () { - Deprecated = true; // Mark RIPEMD-160 as deprecated like on Windows. - Context.Allocate (sizeof (RMD160_CTX), 32); + Context.Allocate (sizeof (blake2s_state), 32); Init(); } - void Ripemd160::GetDigest (const BufferPtr &buffer) + void Blake2s::GetDigest (const BufferPtr &buffer) { if_debug (ValidateDigestParameters (buffer)); - RMD160Final (buffer, (RMD160_CTX *) Context.Ptr()); + blake2s_final ((blake2s_state *) Context.Ptr(), buffer); } - void Ripemd160::Init () + void Blake2s::Init () { - RMD160Init ((RMD160_CTX *) Context.Ptr()); + blake2s_init ((blake2s_state *) Context.Ptr()); } - void Ripemd160::ProcessData (const ConstBufferPtr &data) + void Blake2s::ProcessData (const ConstBufferPtr &data) { if_debug (ValidateDataParameters (data)); - RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); + blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size()); } + #endif // SHA-256 Sha256::Sha256 () @@ -117,6 +119,7 @@ namespace VeraCrypt sha512_hash (data.Get(), (int) data.Size(), (sha512_ctx *) Context.Ptr()); } + #ifndef WOLFCRYPT_BACKEND // Whirlpool Whirlpool::Whirlpool () { @@ -164,4 +167,5 @@ namespace VeraCrypt if_debug (ValidateDataParameters (data)); STREEBOG_add ((STREEBOG_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); } + #endif } diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index c76a6896..5720eb50 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -48,28 +48,30 @@ namespace VeraCrypt Hash &operator= (const Hash &); }; - // RIPEMD-160 - class Ripemd160 : public Hash + #ifndef WOLFCRYPT_BACKEND + // Blake2s + class Blake2s : public Hash { public: - Ripemd160 (); - virtual ~Ripemd160 () { } + Blake2s (); + virtual ~Blake2s () { } virtual void GetDigest (const BufferPtr &buffer); virtual size_t GetBlockSize () const { return 64; } - virtual size_t GetDigestSize () const { return 160 / 8; } - virtual wstring GetName () const { return L"RIPEMD-160"; } - virtual wstring GetAltName () const { return L"RIPEMD160"; } - virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Ripemd160); } + virtual size_t GetDigestSize () const { return 32; } + virtual wstring GetName () const { return L"BLAKE2s-256"; } + virtual wstring GetAltName () const { return L"BLAKE2s"; } + virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Blake2s); } virtual void Init (); virtual void ProcessData (const ConstBufferPtr &data); protected: private: - Ripemd160 (const Ripemd160 &); - Ripemd160 &operator= (const Ripemd160 &); + Blake2s (const Blake2s &); + Blake2s &operator= (const Blake2s &); }; + #endif // SHA-256 class Sha256 : public Hash @@ -117,6 +119,7 @@ namespace VeraCrypt Sha512 &operator= (const Sha512 &); }; + #ifndef WOLFCRYPT_BACKEND // Whirlpool class Whirlpool : public Hash { @@ -162,6 +165,7 @@ namespace VeraCrypt Streebog (const Streebog &); Streebog &operator= (const Streebog &); }; + #endif } #endif // TC_HEADER_Encryption_Hash diff --git a/src/Volume/Keyfile.cpp b/src/Volume/Keyfile.cpp index d15dc0d7..24b40709 100644 --- a/src/Volume/Keyfile.cpp +++ b/src/Volume/Keyfile.cpp @@ -12,13 +12,13 @@ #include "Platform/Serializer.h" #include "Common/SecurityToken.h" +#include "Common/EMVToken.h" #include "Crc32.h" #include "Keyfile.h" #include "VolumeException.h" - namespace VeraCrypt { - void Keyfile::Apply (const BufferPtr &pool) const + void Keyfile::Apply (const BufferPtr &pool, bool emvSupportEnabled) const { if (Path.IsDirectory()) throw ParameterIncorrect (SRC_POS); @@ -32,22 +32,22 @@ namespace VeraCrypt SecureBuffer keyfileBuf (File::GetOptimalReadSize()); - if (SecurityToken::IsKeyfilePathValid (Path)) + if (Token::IsKeyfilePathValid (Path, emvSupportEnabled)) { // Apply keyfile generated by a security token vector <byte> keyfileData; - SecurityToken::GetKeyfileData (SecurityTokenKeyfile (wstring (Path)), keyfileData); + Token::getTokenKeyfile(wstring(Path))->GetKeyfileData(keyfileData); if (keyfileData.size() < MinProcessedLength) - throw InsufficientData (SRC_POS, Path); + throw InsufficientData(SRC_POS, Path); for (size_t i = 0; i < keyfileData.size(); i++) { - uint32 crc = crc32.Process (keyfileData[i]); + uint32 crc = crc32.Process(keyfileData[i]); - pool[poolPos++] += (byte) (crc >> 24); - pool[poolPos++] += (byte) (crc >> 16); - pool[poolPos++] += (byte) (crc >> 8); + pool[poolPos++] += (byte)(crc >> 24); + pool[poolPos++] += (byte)(crc >> 16); + pool[poolPos++] += (byte)(crc >> 8); pool[poolPos++] += (byte) crc; if (poolPos >= pool.Size()) @@ -57,8 +57,9 @@ namespace VeraCrypt break; } - Memory::Erase (&keyfileData.front(), keyfileData.size()); - goto done; + + burn(&keyfileData.front(), keyfileData.size()); + goto done; } file.Open (Path, File::OpenRead, File::ShareRead); @@ -67,26 +68,24 @@ namespace VeraCrypt { for (size_t i = 0; i < readLength; i++) { - uint32 crc = crc32.Process (keyfileBuf[i]); - - pool[poolPos++] += (byte) (crc >> 24); - pool[poolPos++] += (byte) (crc >> 16); - pool[poolPos++] += (byte) (crc >> 8); + uint32 crc = crc32.Process(keyfileBuf[i]); + pool[poolPos++] += (byte)(crc >> 24); + pool[poolPos++] += (byte)(crc >> 16); + pool[poolPos++] += (byte)(crc >> 8); pool[poolPos++] += (byte) crc; - if (poolPos >= pool.Size()) poolPos = 0; - if (++totalLength >= MaxProcessedLength) goto done; } } -done: + done: + if (totalLength < MinProcessedLength) throw InsufficientData (SRC_POS, Path); } - shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password) + shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool emvSupportEnabled) { if (!password) password.reset (new VolumePassword); @@ -143,7 +142,7 @@ done: // Apply all keyfiles foreach_ref (const Keyfile &k, keyfilesExp) { - k.Apply (keyfilePool); + k.Apply (keyfilePool, emvSupportEnabled); } newPassword->Set (keyfilePool); diff --git a/src/Volume/Keyfile.h b/src/Volume/Keyfile.h index 04674178..1d87a983 100644 --- a/src/Volume/Keyfile.h +++ b/src/Volume/Keyfile.h @@ -29,7 +29,7 @@ namespace VeraCrypt virtual ~Keyfile () { }; operator FilesystemPath () const { return Path; } - static shared_ptr <VolumePassword> ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password); + static shared_ptr <VolumePassword> ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool emvSupportEnabled = false); static shared_ptr <KeyfileList> DeserializeList (shared_ptr <Stream> stream, const string &name); static void SerializeList (shared_ptr <Stream> stream, const string &name, shared_ptr <KeyfileList> keyfiles); static bool WasHiddenFilePresentInKeyfilePath() { bool r = HiddenFileWasPresentInKeyfilePath; HiddenFileWasPresentInKeyfilePath = false; return r; } @@ -38,7 +38,7 @@ namespace VeraCrypt static const size_t MaxProcessedLength = 1024 * 1024; protected: - void Apply (const BufferPtr &pool) const; + void Apply (const BufferPtr &pool, bool emvSupportEnabled) const; static bool HiddenFileWasPresentInKeyfilePath; diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index fd49d2e2..820f1121 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -16,7 +16,7 @@ namespace VeraCrypt { - Pkcs5Kdf::Pkcs5Kdf (bool truecryptMode) : m_truecryptMode(truecryptMode) + Pkcs5Kdf::Pkcs5Kdf () { } @@ -29,9 +29,9 @@ namespace VeraCrypt DeriveKey (key, password, salt, GetIterationCount(pim)); } - shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode) + shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name) { - foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms(truecryptMode)) + foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms()) { if (kdf->GetName() == name) return kdf; @@ -39,9 +39,9 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } - shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const Hash &hash, bool truecryptMode) + shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const Hash &hash) { - foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms(truecryptMode)) + foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms()) { if (typeid (*kdf->GetHash()) == typeid (hash)) return kdf; @@ -50,25 +50,17 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } - Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms (bool truecryptMode) + Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms () { Pkcs5KdfList l; - if (truecryptMode) - { - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (true))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (true))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (true))); - } - else - { - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (false))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - } - + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); + #endif return l; } @@ -78,17 +70,19 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } - void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + #ifndef WOLFCRYPT_BACKEND + void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } - void Pkcs5HmacRipemd160_1000::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #endif void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { @@ -108,6 +102,7 @@ namespace VeraCrypt derive_key_sha512 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #ifndef WOLFCRYPT_BACKEND void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); @@ -125,4 +120,5 @@ namespace VeraCrypt ValidateParameters (key, password, salt, iterationCount); derive_key_streebog ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + #endif } diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 76cc56a0..fc83eb06 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -29,20 +29,17 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const; virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0; - static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name, bool truecryptMode); - static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash, bool truecryptMode); - static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode); + static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name); + static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash); + static Pkcs5KdfList GetAvailableAlgorithms (); virtual shared_ptr <Hash> GetHash () const = 0; virtual int GetIterationCount (int pim) const = 0; virtual wstring GetName () const = 0; virtual Pkcs5Kdf* Clone () const = 0; virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); } - bool GetTrueCryptMode () const { return m_truecryptMode;} - void SetTrueCryptMode (bool truecryptMode) { m_truecryptMode = truecryptMode;} protected: - bool m_truecryptMode; - Pkcs5Kdf (bool truecryptMode); + Pkcs5Kdf (); void ValidateParameters (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; @@ -51,44 +48,46 @@ namespace VeraCrypt Pkcs5Kdf &operator= (const Pkcs5Kdf &); }; - class Pkcs5HmacRipemd160 : public Pkcs5Kdf + #ifndef WOLFCRYPT_BACKEND + class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf { public: - Pkcs5HmacRipemd160 (bool truecryptMode) : Pkcs5Kdf (truecryptMode) { } - virtual ~Pkcs5HmacRipemd160 () { } + Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf() { } + virtual ~Pkcs5HmacBlake2s_Boot () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; - virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; } - virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); } + virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); } + virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s_Boot(); } private: - Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &); - Pkcs5HmacRipemd160 &operator= (const Pkcs5HmacRipemd160 &); + Pkcs5HmacBlake2s_Boot (const Pkcs5HmacBlake2s_Boot &); + Pkcs5HmacBlake2s_Boot &operator= (const Pkcs5HmacBlake2s_Boot &); }; - class Pkcs5HmacRipemd160_1000 : public Pkcs5Kdf + class Pkcs5HmacBlake2s : public Pkcs5Kdf { public: - Pkcs5HmacRipemd160_1000 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { } - virtual ~Pkcs5HmacRipemd160_1000 () { } + Pkcs5HmacBlake2s () : Pkcs5Kdf() { } + virtual ~Pkcs5HmacBlake2s () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; - virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); } - virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); } + virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } + virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s(); } private: - Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &); - Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &); + Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &); + Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &); }; + #endif class Pkcs5HmacSha256_Boot : public Pkcs5Kdf { public: - Pkcs5HmacSha256_Boot () : Pkcs5Kdf(false) { } + Pkcs5HmacSha256_Boot () : Pkcs5Kdf() { } virtual ~Pkcs5HmacSha256_Boot () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; @@ -105,7 +104,7 @@ namespace VeraCrypt class Pkcs5HmacSha256 : public Pkcs5Kdf { public: - Pkcs5HmacSha256 () : Pkcs5Kdf(false) { } + Pkcs5HmacSha256 () : Pkcs5Kdf() { } virtual ~Pkcs5HmacSha256 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; @@ -122,31 +121,31 @@ namespace VeraCrypt class Pkcs5HmacSha512 : public Pkcs5Kdf { public: - Pkcs5HmacSha512 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { } + Pkcs5HmacSha512 () : Pkcs5Kdf() { } virtual ~Pkcs5HmacSha512 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } + virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-SHA-512"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(); } private: Pkcs5HmacSha512 (const Pkcs5HmacSha512 &); Pkcs5HmacSha512 &operator= (const Pkcs5HmacSha512 &); }; - + #ifndef WOLFCRYPT_BACKEND class Pkcs5HmacWhirlpool : public Pkcs5Kdf { public: - Pkcs5HmacWhirlpool (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { } + Pkcs5HmacWhirlpool () : Pkcs5Kdf() { } virtual ~Pkcs5HmacWhirlpool () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } + virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-Whirlpool"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(); } private: Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &); @@ -156,7 +155,7 @@ namespace VeraCrypt class Pkcs5HmacStreebog : public Pkcs5Kdf { public: - Pkcs5HmacStreebog () : Pkcs5Kdf(false) { } + Pkcs5HmacStreebog () : Pkcs5Kdf() { } virtual ~Pkcs5HmacStreebog () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; @@ -173,7 +172,7 @@ namespace VeraCrypt class Pkcs5HmacStreebog_Boot : public Pkcs5Kdf { public: - Pkcs5HmacStreebog_Boot () : Pkcs5Kdf(false) { } + Pkcs5HmacStreebog_Boot () : Pkcs5Kdf() { } virtual ~Pkcs5HmacStreebog_Boot () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; @@ -186,6 +185,7 @@ namespace VeraCrypt Pkcs5HmacStreebog_Boot (const Pkcs5HmacStreebog_Boot &); Pkcs5HmacStreebog_Boot &operator= (const Pkcs5HmacStreebog_Boot &); }; + #endif } #endif // TC_HEADER_Encryption_Pkcs5 diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index c4a21b3e..524f2395 100644 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -30,7 +30,6 @@ namespace VeraCrypt TopWriteOffset (0), TotalDataRead (0), TotalDataWritten (0), - TrueCryptMode (false), Pim (0), EncryptionNotCompleted (false) { @@ -71,7 +70,7 @@ namespace VeraCrypt return EA->GetMode(); } - void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { make_shared_auto (File, file); @@ -102,18 +101,14 @@ namespace VeraCrypt throw; } - return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + return Open (file, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); } - void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { if (!volumeFile) throw ParameterIncorrect (SRC_POS); - // TrueCrypt doesn't support SHA-256 and Streebog - if (kdf && truecryptMode && (kdf->GetName() == L"HMAC-SHA-256" || kdf->GetName() == L"HMAC-Streebog")) - throw UnsupportedAlgoInTrueCryptMode (SRC_POS); - Protection = protection; VolumeFile = volumeFile; SystemEncryption = partitionInSystemEncryptionScope; @@ -121,7 +116,7 @@ namespace VeraCrypt try { VolumeHostSize = VolumeFile->Length(); - shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password); + shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled); bool skipLayoutV1Normal = false; @@ -190,11 +185,11 @@ namespace VeraCrypt shared_ptr <VolumeHeader> header = layout->GetHeader(); - if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) + if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes)) { // Header decrypted - if (!truecryptMode && typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b) + if (typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b) { // VolumeLayoutV1Normal has been opened as VolumeLayoutV2Normal layout.reset (new VolumeLayoutV1Normal); @@ -202,7 +197,6 @@ namespace VeraCrypt layout->SetHeader (header); } - TrueCryptMode = truecryptMode; Pim = pim; Type = layout->GetType(); SectorSize = header->GetSectorSize(); @@ -248,7 +242,8 @@ namespace VeraCrypt Volume protectedVolume; protectedVolume.Open (VolumeFile, - protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles, + protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, + emvSupportEnabled, VolumeProtection::ReadOnly, shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (), VolumeType::Hidden, @@ -286,8 +281,8 @@ namespace VeraCrypt Buffer mbr (VolumeFile->GetDeviceSectorSize()); driveDevice.ReadAt (mbr, 0); - // Search for the string "VeraCrypt" or "TrueCrypt" - const char* bootSignature = truecryptMode? "TrueCrypt" : TC_APP_NAME; + // Search for the string "VeraCrypt" + const char* bootSignature = TC_APP_NAME; size_t nameLen = strlen (bootSignature); for (size_t i = 0; i < mbr.Size() - nameLen; ++i) { diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index a743a161..c816da58 100644 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -52,20 +52,6 @@ namespace VeraCrypt return Data.substr (pos + 1); } } - - bool HasTrueCryptExtension () const - { - wstring sExt = GetExtension (); - if ((sExt.size () == 2) - && (sExt[0] == L't' || sExt[0] == L'T') - && (sExt[1] == L'c' || sExt[1] == L'C') - ) - { - return true; - } - else - return false; - } protected: wstring Data; @@ -118,13 +104,12 @@ namespace VeraCrypt uint64 GetTotalDataRead () const { return TotalDataRead; } uint64 GetTotalDataWritten () const { return TotalDataWritten; } VolumeType::Enum GetType () const { return Type; } - bool GetTrueCryptMode() const { return TrueCryptMode; } int GetPim() const { return Pim;} uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); } bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; } bool IsInSystemEncryptionScope () const { return SystemEncryption; } - void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); - void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); @@ -152,7 +137,6 @@ namespace VeraCrypt uint64 TopWriteOffset; uint64 TotalDataRead; uint64 TotalDataWritten; - bool TrueCryptMode; int Pim; bool EncryptionNotCompleted; diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index 7b5cb4f1..b6d9e99e 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -12,10 +12,10 @@ OBJS := OBJSEX := +OBJSNOOPT := OBJS += Cipher.o OBJS += EncryptionAlgorithm.o OBJS += EncryptionMode.o -OBJS += EncryptionModeXTS.o OBJS += EncryptionTest.o OBJS += EncryptionThreadPool.o OBJS += Hash.o @@ -29,12 +29,19 @@ OBJS += VolumeLayout.o OBJS += VolumePassword.o OBJS += VolumePasswordCache.o +ifeq "$(ENABLE_WOLFCRYPT)" "0" +OBJS += EncryptionModeXTS.o +else +OBJS += EncryptionModeWolfCryptXTS.o +endif + +ifeq "$(ENABLE_WOLFCRYPT)" "0" ifeq "$(PLATFORM)" "MacOSX" - OBJSEX += ../Crypto/Aes_asm.oo - OBJS += ../Crypto/Aes_hw_cpu.o - OBJS += ../Crypto/Aescrypt.o - OBJSEX += ../Crypto/Twofish_asm.oo - OBJSEX += ../Crypto/Camellia_asm.oo + OBJSEX += ../Crypto/Aes_asm.oo + OBJS += ../Crypto/Aes_hw_cpu.o + OBJS += ../Crypto/Aescrypt.o + OBJSEX += ../Crypto/Twofish_asm.oo + OBJSEX += ../Crypto/Camellia_asm.oo OBJSEX += ../Crypto/Camellia_aesni_asm.oo OBJSEX += ../Crypto/sha256-nayuki.oo OBJSEX += ../Crypto/sha512-nayuki.oo @@ -46,12 +53,16 @@ ifeq "$(PLATFORM)" "MacOSX" OBJSEX += ../Crypto/sha512_sse4.oo else ifeq "$(CPU_ARCH)" "x86" OBJS += ../Crypto/Aes_x86.o - OBJS += ../Crypto/Aes_hw_cpu.o + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif OBJS += ../Crypto/sha256-x86-nayuki.o OBJS += ../Crypto/sha512-x86-nayuki.o else ifeq "$(CPU_ARCH)" "x64" OBJS += ../Crypto/Aes_x64.o - OBJS += ../Crypto/Aes_hw_cpu.o + ifeq "$(DISABLE_AESNI)" "0" + OBJS += ../Crypto/Aes_hw_cpu.o + endif OBJS += ../Crypto/Twofish_x64.o OBJS += ../Crypto/Camellia_x64.o OBJS += ../Crypto/Camellia_aesni_x64.o @@ -66,29 +77,57 @@ else OBJS += ../Crypto/Aescrypt.o endif +ifeq "$(GCC_GTEQ_430)" "1" + OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 + OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 +else + OBJS += ../Crypto/blake2s_SSE41.o + OBJS += ../Crypto/blake2s_SSSE3.o +endif +else +OBJS += ../Crypto/wolfCrypt.o +endif + +ifeq "$(ENABLE_WOLFCRYPT)" "0" OBJS += ../Crypto/Aeskey.o OBJS += ../Crypto/Aestab.o -OBJS += ../Crypto/cpu.o -OBJS += ../Crypto/Rmd160.o +OBJS += ../Crypto/blake2s.o +OBJS += ../Crypto/blake2s_SSE2.o OBJS += ../Crypto/SerpentFast.o OBJS += ../Crypto/SerpentFast_simd.o OBJS += ../Crypto/Sha2.o OBJS += ../Crypto/Twofish.o OBJS += ../Crypto/Whirlpool.o OBJS += ../Crypto/Camellia.o -OBJS += ../Crypto/GostCipher.o OBJS += ../Crypto/Streebog.o OBJS += ../Crypto/kuznyechik.o OBJS += ../Crypto/kuznyechik_simd.o +OBJS += ../Common/Pkcs5.o +endif +OBJS += ../Crypto/cpu.o + +OBJSNOOPT += ../Crypto/jitterentropy-base.o0 + +OBJS += ../Common/CommandAPDU.o +OBJS += ../Common/PCSCException.o +OBJS += ../Common/ResponseAPDU.o +OBJS += ../Common/SCard.o +OBJS += ../Common/SCardLoader.o +OBJS += ../Common/SCardManager.o +OBJS += ../Common/SCardReader.o +OBJS += ../Common/Token.o OBJS += ../Common/Crc.o +OBJS += ../Common/TLVParser.o +OBJS += ../Common/EMVCard.o +OBJS += ../Common/EMVToken.o OBJS += ../Common/Endian.o OBJS += ../Common/GfMul.o -OBJS += ../Common/Pkcs5.o OBJS += ../Common/SecurityToken.o VolumeLibrary: Volume.a +ifeq "$(ENABLE_WOLFCRYPT)" "0" ifeq "$(PLATFORM)" "MacOSX" ../Crypto/Aes_asm.oo: ../Crypto/Aes_x86.asm ../Crypto/Aes_x64.asm @echo Assembling $(<F) @@ -133,5 +172,6 @@ ifeq "$(PLATFORM)" "MacOSX" @echo Assembling $(<F) $(AS) $(ASFLAGS64) -o ../Crypto/sha512_sse4.oo ../Crypto/sha512_sse4_x64.asm endif +endif include $(BUILD_INC)/Makefile.inc diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index faed1fcb..57b63394 100644 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -12,6 +12,9 @@ #include "Crc32.h" #include "EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "EncryptionModeWolfCryptXTS.h" +#endif #include "Pkcs5Kdf.h" #include "Pkcs5Kdf.h" #include "VolumeHeader.h" @@ -76,13 +79,17 @@ namespace VeraCrypt } EA = options.EA; - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); - EA->SetMode (mode); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ()); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); + #endif + EA->SetMode (mode); EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } - bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) { if (password.Size() < 1) throw PasswordEmpty (SRC_POS); @@ -100,17 +107,28 @@ namespace VeraCrypt foreach (shared_ptr <EncryptionMode> mode, encryptionModes) { - if (typeid (*mode) != typeid (EncryptionModeXTS)) - mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); + #ifdef WOLFCRYPT_BACKEND + if (typeid (*mode) != typeid (EncryptionModeWolfCryptXTS)) + #else + if (typeid (*mode) != typeid (EncryptionModeXTS)) + #endif + mode->SetKey (headerKey.GetRange (0, mode->GetKeySize())); foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms) { if (!ea->IsModeSupported (mode)) continue; + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (headerKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); + #endif mode = mode->GetNew(); mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize())); @@ -125,7 +143,7 @@ namespace VeraCrypt header.CopyFrom (encryptedData.GetRange (EncryptedHeaderDataOffset, EncryptedHeaderDataSize)); ea->Decrypt (header); - if (Deserialize (header, ea, mode, truecryptMode)) + if (Deserialize (header, ea, mode)) { EA = ea; Pkcs5 = pkcs5; @@ -138,18 +156,12 @@ namespace VeraCrypt return false; } - bool VolumeHeader::Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode, bool truecryptMode) + bool VolumeHeader::Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode) { if (header.Size() != EncryptedHeaderDataSize) throw ParameterIncorrect (SRC_POS); - if (truecryptMode && (header[0] != 'T' || - header[1] != 'R' || - header[2] != 'U' || - header[3] != 'E')) - return false; - - if (!truecryptMode && (header[0] != 'V' || + if ((header[0] != 'V' || header[1] != 'E' || header[2] != 'R' || header[3] != 'A')) @@ -173,16 +185,9 @@ namespace VeraCrypt RequiredMinProgramVersion = DeserializeEntry <uint16> (header, offset); - if (!truecryptMode && (RequiredMinProgramVersion > Version::Number())) + if ((RequiredMinProgramVersion > Version::Number())) throw HigherVersionRequired (SRC_POS); - if (truecryptMode) - { - if (RequiredMinProgramVersion < 0x600 || RequiredMinProgramVersion > 0x71a) - throw UnsupportedTrueCryptFormat (SRC_POS); - RequiredMinProgramVersion = CurrentRequiredMinProgramVersion; - } - VolumeKeyAreaCrc32 = DeserializeEntry <uint32> (header, offset); VolumeCreationTime = DeserializeEntry <uint64> (header, offset); HeaderCreationTime = DeserializeEntry <uint64> (header, offset); @@ -219,9 +224,16 @@ namespace VeraCrypt ea = ea->GetNew(); mode = mode->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (header.GetRange (offset, ea->GetKeySize())); + ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + #endif mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); } else @@ -263,10 +275,17 @@ namespace VeraCrypt shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew(); shared_ptr <EncryptionAlgorithm> ea = EA->GetNew(); + #ifndef WOLFCRYPT_BACKEND if (typeid (*mode) == typeid (EncryptionModeXTS)) { - mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); - ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + #else + if (typeid (*mode) == typeid (EncryptionModeWolfCryptXTS)) + { + ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize())); + ea->SetKeyXTS (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); + #endif + mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize())); } else { diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 191547e3..85908711 100644 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -60,7 +60,7 @@ namespace VeraCrypt virtual ~VolumeHeader (); void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options); - bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); + bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; } uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; } @@ -78,7 +78,7 @@ namespace VeraCrypt void SetSize (uint32 headerSize); protected: - bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode, bool truecryptMode); + bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode); template <typename T> T DeserializeEntry (const ConstBufferPtr &header, size_t &offset) const; template <typename T> T DeserializeEntryAt (const ConstBufferPtr &header, const size_t &offset) const; void Init (); diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp index b30dafa2..699e203f 100644 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -54,7 +54,6 @@ namespace VeraCrypt Type = static_cast <VolumeType::Enum> (sr.DeserializeInt32 ("Type")); VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); - sr.Deserialize ("TrueCryptMode", TrueCryptMode); sr.Deserialize ("Pim", Pim); } @@ -95,7 +94,6 @@ namespace VeraCrypt sr.Serialize ("Type", static_cast <uint32> (Type)); sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); - sr.Serialize ("TrueCryptMode", TrueCryptMode); sr.Serialize ("Pim", Pim); } @@ -120,7 +118,6 @@ namespace VeraCrypt TopWriteOffset = volume.GetTopWriteOffset(); TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); - TrueCryptMode = volume.GetTrueCryptMode(); Pim = volume.GetPim (); } diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index f9e07a2e..1adc87e3 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -60,7 +60,6 @@ namespace VeraCrypt VolumeType::Enum Type; DevicePath VirtualDevice; VolumeTime VolumeCreationTime; - bool TrueCryptMode; int Pim; private: diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index 0eaed427..3600d76f 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -12,6 +12,9 @@ #include "Volume/EncryptionMode.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "VolumeLayout.h" #include "Boot/Windows/BootCommon.h" @@ -66,6 +69,7 @@ namespace VeraCrypt HeaderSize = TC_VOLUME_HEADER_SIZE_LEGACY; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); @@ -75,7 +79,10 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV1Normal::GetDataOffset (uint64 volumeHostSize) const @@ -97,10 +104,10 @@ namespace VeraCrypt BackupHeaderOffset = -TC_VOLUME_HEADER_GROUP_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ())); @@ -112,9 +119,12 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutV2Normal::GetDataOffset (uint64 volumeHostSize) const { @@ -143,10 +153,10 @@ namespace VeraCrypt BackupHeaderOffset = -TC_HIDDEN_VOLUME_HEADER_OFFSET; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ())); @@ -160,6 +170,9 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif } uint64 VolumeLayoutV2Hidden::GetDataOffset (uint64 volumeHostSize) const @@ -196,10 +209,10 @@ namespace VeraCrypt HeaderSize = TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE; SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES ())); + #ifndef WOLFCRYPT_BACKEND SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ())); @@ -211,9 +224,13 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new TwofishSerpent ())); - - SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); - } + + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ())); + #else + SupportedEncryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeWolfCryptXTS ())); + #endif + + } uint64 VolumeLayoutSystemEncryption::GetDataOffset (uint64 volumeHostSize) const { @@ -225,18 +242,16 @@ namespace VeraCrypt return volumeHostSize; } - Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions (bool truecryptMode) const + Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const { Pkcs5KdfList l; - if (!truecryptMode) - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ())); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 (truecryptMode))); - if (!truecryptMode) - { - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false))); - l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); - } - return l; + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ())); + #ifndef WOLFCRYPT_BACKEND + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ())); + l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ())); + #endif + return l; } } diff --git a/src/Volume/VolumeLayout.h b/src/Volume/VolumeLayout.h index 40a8643d..32b646ad 100644 --- a/src/Volume/VolumeLayout.h +++ b/src/Volume/VolumeLayout.h @@ -38,7 +38,7 @@ namespace VeraCrypt virtual uint32 GetHeaderSize () const { return HeaderSize; } virtual uint64 GetMaxDataSize (uint64 volumeSize) const = 0; virtual EncryptionAlgorithmList GetSupportedEncryptionAlgorithms () const { return SupportedEncryptionAlgorithms; } - virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions (bool truecryptMode) const { return Pkcs5Kdf::GetAvailableAlgorithms(truecryptMode); } + virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions () const { return Pkcs5Kdf::GetAvailableAlgorithms(); } virtual EncryptionModeList GetSupportedEncryptionModes () const { return SupportedEncryptionModes; } virtual VolumeType::Enum GetType () const { return Type; } virtual bool HasBackupHeader () const = 0; @@ -126,7 +126,7 @@ namespace VeraCrypt virtual uint64 GetDataOffset (uint64 volumeHostSize) const; virtual uint64 GetDataSize (uint64 volumeHostSize) const; virtual uint64 GetMaxDataSize (uint64 volumeSize) const { throw NotApplicable (SRC_POS); } - virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions (bool truecryptMode) const; + virtual Pkcs5KdfList GetSupportedKeyDerivationFunctions () const; virtual bool HasBackupHeader () const { return false; } virtual bool HasDriveHeader () const { return true; } diff --git a/src/Volume/VolumePassword.cpp b/src/Volume/VolumePassword.cpp index fee149c3..a22c9388 100644 --- a/src/Volume/VolumePassword.cpp +++ b/src/Volume/VolumePassword.cpp @@ -16,6 +16,10 @@ namespace VeraCrypt { + const size_t VolumePassword::MaxLegacySize = 64; + const size_t VolumePassword::MaxSize = 128; + const size_t VolumePassword::WarningSizeThreshold = 12; + VolumePassword::VolumePassword () : PasswordSize (0) { AllocateBuffer (); diff --git a/src/Volume/VolumePassword.h b/src/Volume/VolumePassword.h index 5e319774..f4a3ccbe 100644 --- a/src/Volume/VolumePassword.h +++ b/src/Volume/VolumePassword.h @@ -41,9 +41,9 @@ namespace VeraCrypt TC_SERIALIZABLE (VolumePassword); - static const size_t MaxLegacySize = 64; - static const size_t MaxSize = 128; - static const size_t WarningSizeThreshold = 12; + static const size_t MaxLegacySize; + static const size_t MaxSize; + static const size_t WarningSizeThreshold; protected: void AllocateBuffer (); @@ -81,6 +81,7 @@ namespace VeraCrypt TC_EXCEPTION (PasswordEmpty); \ TC_EXCEPTION (PasswordTooLong); \ TC_EXCEPTION (PasswordUTF8TooLong); \ + TC_EXCEPTION (PasswordLegacyUTF8TooLong); \ TC_EXCEPTION (PasswordUTF8Invalid); \ TC_EXCEPTION (UnportablePassword); |