From 9247ce1bb90c44d19a0069fadb12c0c480ac9b4f Mon Sep 17 00:00:00 2001
From: lealem47 <60322859+lealem47@users.noreply.github.com>
Date: Sun, 12 Nov 2023 16:51:31 -0700
Subject: wolfCrypt as crypto backend for VeraCrypt (#1227)

* wolfCrypt as crypto backend for VeraCrypt

* Refactor to use EncryptionModeWolfCryptXTS class
---
 src/Common/Volumes.c | 73 +++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 49 insertions(+), 24 deletions(-)

(limited to 'src/Common/Volumes.c')

diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 5b1d4065..989b2d14 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -369,31 +369,34 @@ KeyReady:	;
 
 			switch (pkcs5_prf)
 			{
-			case BLAKE2S:
-				derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+			case SHA512:
+				derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
-			case SHA512:
-				derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+			case SHA256:
+				derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
-			case WHIRLPOOL:
-				derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+                #ifndef WOLFCRYPT_BACKEND
+                        case BLAKE2S:
+				derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
-			case SHA256:
-				derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+	                case WHIRLPOOL:
+				derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
-			case STREEBOG:
+
+                        case STREEBOG:
 				derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
 					PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
 				break;
-			default:
+                #endif	
+                        default:
 				// Unknown/wrong ID
 				TC_THROW_FATAL_EXCEPTION;
 			}
@@ -650,7 +653,8 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
 	//
 	// we have: TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE
 
-	WHIRLPOOL_CTX whirlpool;
+#ifndef WOLFCRYPT_BACKEND
+        WHIRLPOOL_CTX whirlpool;
 	sha512_ctx sha2;
 
 	WHIRLPOOL_init (&whirlpool);
@@ -667,6 +671,26 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
 
 	WHIRLPOOL_finalize (&whirlpool, fingerprint);
 	sha512_end (&fingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
+#else
+	sha512_ctx sha2_512;
+	sha256_ctx sha2_256;
+
+	sha512_begin (&sha2_512);
+	sha256_begin (&sha2_256);
+
+	sha512_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_512);
+	sha256_hash (bootLoaderBuf, TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &sha2_256);
+
+	sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_512);
+	sha256_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2_256);
+
+	sha512_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_512);
+	sha256_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2_256);
+
+	sha512_end (&fingerprint, &sha2_512);
+	sha256_end (&fingerprint [SHA512_DIGESTSIZE], &sha2_256);
+	sha256_end (&fingerprint [SHA512_DIGESTSIZE + SHA256_DIGESTSIZE], &sha2_256);
+#endif
 }
 #endif
 
@@ -711,11 +735,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 #endif
 	{
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk, cryptoInfo->ks);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk, cryptoInfo->ks);
 	#else
 		status = EAInit (dk, cryptoInfo->ks);
@@ -729,11 +753,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 #endif
 		// Secondary key schedule
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk + 32, cryptoInfo->ks2);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk + 32, cryptoInfo->ks2);
 	#else
 		EAInit (dk + 32, cryptoInfo->ks2);
@@ -790,11 +814,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 
 		// Init the encryption algorithm with the decrypted master key
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk, cryptoInfo->ks);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk, cryptoInfo->ks);
 	#else
 		status = EAInit (dk, cryptoInfo->ks);
@@ -809,11 +833,11 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
 
 		// The secondary master key (if cascade, multiple concatenated)
 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-	#if defined (TC_WINDOWS_BOOT_SERPENT)
+	#if defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)
 		serpent_set_key (dk + 32, cryptoInfo->ks2);
-	#elif defined (TC_WINDOWS_BOOT_TWOFISH)
+	#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)
 		twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
-	#elif defined (TC_WINDOWS_BOOT_CAMELLIA)
+	#elif defined (TC_WINDOWS_BOOT_CAMELLIA) && !defined (WOLFCRYPT_BACKEND)
 		camellia_set_key (dk + 32, cryptoInfo->ks2);
 	#else
 		EAInit (dk + 32, cryptoInfo->ks2);
@@ -976,6 +1000,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 			break;
 
+        #ifndef WOLFCRYPT_BACKEND
 		case BLAKE2S:
 			derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -990,7 +1015,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 			derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 				PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 			break;
-
+        #endif
 		default:
 			// Unknown/wrong ID
 			crypto_close (cryptoInfo);
-- 
cgit v1.2.3