VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-10-14 21:19:53 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:24:03 +0100
commitf05f6a00a6b0f150b0a0b51cd7b44b9c9193e3de (patch)
tree68ff46ae6fa1575eb6052465a8708fb96311894e
parent905a3ff4a5d70a00d9ba7819b9f43ad9ce0654e6 (diff)
downloadVeraCrypt-f05f6a00a6b0f150b0a0b51cd7b44b9c9193e3de.tar.gz
VeraCrypt-f05f6a00a6b0f150b0a0b51cd7b44b9c9193e3de.zip
Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 .
-rw-r--r--src/Volume/Hash.cpp29
-rw-r--r--src/Volume/Hash.h22
-rw-r--r--src/Volume/Pkcs5Kdf.cpp17
-rw-r--r--src/Volume/Pkcs5Kdf.h31
-rw-r--r--src/Volume/VolumeLayout.cpp3
5 files changed, 97 insertions, 5 deletions
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index b917a8e5..cc582b92 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -17,10 +17,11 @@ namespace VeraCrypt
HashList Hash::GetAvailableAlgorithms ()
{
HashList l;
-
- l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
+
l.push_back (shared_ptr <Hash> (new Sha512 ()));
l.push_back (shared_ptr <Hash> (new Whirlpool ()));
+ l.push_back (shared_ptr <Hash> (new Sha256 ()));
+ l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
return l;
}
@@ -60,6 +61,30 @@ namespace VeraCrypt
if_debug (ValidateDataParameters (data));
RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
}
+
+ // SHA-256
+ Sha256::Sha256 ()
+ {
+ Context.Allocate (sizeof (sha256_ctx));
+ Init();
+ }
+
+ void Sha256::GetDigest (const BufferPtr &buffer)
+ {
+ if_debug (ValidateDigestParameters (buffer));
+ sha256_end (buffer, (sha256_ctx *) Context.Ptr());
+ }
+
+ void Sha256::Init ()
+ {
+ sha256_begin ((sha256_ctx *) Context.Ptr());
+ }
+
+ void Sha256::ProcessData (const ConstBufferPtr &data)
+ {
+ if_debug (ValidateDataParameters (data));
+ sha256_hash (data.Get(), (int) data.Size(), (sha256_ctx *) Context.Ptr());
+ }
// SHA-512
Sha512::Sha512 ()
diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h
index 70872d54..3df9f5b7 100644
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@@ -64,6 +64,28 @@ namespace VeraCrypt
Ripemd160 (const Ripemd160 &);
Ripemd160 &operator= (const Ripemd160 &);
};
+
+ // SHA-256
+ class Sha256 : public Hash
+ {
+ public:
+ Sha256 ();
+ virtual ~Sha256 () { }
+
+ virtual void GetDigest (const BufferPtr &buffer);
+ virtual size_t GetBlockSize () const { return 64; }
+ virtual size_t GetDigestSize () const { return 256 / 8; }
+ virtual wstring GetName () const { return L"SHA-256"; }
+ virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Sha256); }
+ virtual void Init ();
+ virtual void ProcessData (const ConstBufferPtr &data);
+
+ protected:
+
+ private:
+ Sha256 (const Sha256 &);
+ Sha256 &operator= (const Sha256 &);
+ };
// SHA-512
class Sha512 : public Hash
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index 6521e71a..b81cc7c4 100644
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -49,10 +49,11 @@ namespace VeraCrypt
Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms ()
{
Pkcs5KdfList l;
-
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 ()));
+
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 ()));
return l;
}
@@ -74,6 +75,18 @@ namespace VeraCrypt
ValidateParameters (key, password, salt, iterationCount);
derive_key_ripemd160 (bNotTest, (char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
+
+ void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
+ {
+ ValidateParameters (key, password, salt, iterationCount);
+ derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ }
+
+ void Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
+ {
+ ValidateParameters (key, password, salt, iterationCount);
+ derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ }
void Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
{
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index 00e7a0a9..23de2c8c 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -74,7 +74,38 @@ namespace VeraCrypt
Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &);
Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &);
};
+
+ class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
+ {
+ public:
+ Pkcs5HmacSha256_Boot () { }
+ virtual ~Pkcs5HmacSha256_Boot () { }
+
+ virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const;
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
+ virtual int GetIterationCount () const { return 200000; }
+ virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+ private:
+ Pkcs5HmacSha256_Boot (const Pkcs5HmacSha256_Boot &);
+ Pkcs5HmacSha256_Boot &operator= (const Pkcs5HmacSha256_Boot &);
+ };
+
+ class Pkcs5HmacSha256 : public Pkcs5Kdf
+ {
+ public:
+ Pkcs5HmacSha256 () { }
+ virtual ~Pkcs5HmacSha256 () { }
+
+ virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const;
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
+ virtual int GetIterationCount () const { return 500000; }
+ virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+
+ private:
+ Pkcs5HmacSha256 (const Pkcs5HmacSha256 &);
+ Pkcs5HmacSha256 &operator= (const Pkcs5HmacSha256 &);
+ };
class Pkcs5HmacSha512 : public Pkcs5Kdf
{
diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp
index a3ecab02..fb75a869 100644
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@@ -229,7 +229,8 @@ namespace VeraCrypt
Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const
{
Pkcs5KdfList l;
-
+
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 ()));
return l;
}