VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-07 00:45:30 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-08 00:29:26 +0100
commit36795a688fd1d5bb9f497970938d9fcb08cfc330 (patch)
tree24ffb2320c1f72c16b96c13fa4dddda4267065ee
parent2dee49d3c8422aa1aa11c8630823aab3028cccd5 (diff)
downloadVeraCrypt-36795a688fd1d5bb9f497970938d9fcb08cfc330.tar.gz
VeraCrypt-36795a688fd1d5bb9f497970938d9fcb08cfc330.zip
Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.
-rw-r--r--src/Boot/Windows/Boot.vcxproj2
-rw-r--r--src/Boot/Windows/Boot.vcxproj.filters6
-rw-r--r--src/Boot/Windows/Makefile4
-rw-r--r--src/Build/Include/Makefile.inc24
-rw-r--r--src/Common/BootEncryption.cpp18
-rw-r--r--src/Common/Crypto.c26
-rw-r--r--src/Common/Crypto.h14
-rw-r--r--src/Common/Dlgcode.c19
-rw-r--r--src/Common/EncryptionThreadPool.c4
-rw-r--r--src/Common/Pkcs5.c294
-rw-r--r--src/Common/Pkcs5.h6
-rw-r--r--src/Common/Random.c18
-rw-r--r--src/Common/Random.h2
-rw-r--r--src/Common/Tcdefs.h6
-rw-r--r--src/Common/Tests.c186
-rw-r--r--src/Common/Tests.h2
-rw-r--r--src/Common/Volumes.c34
-rw-r--r--src/Core/RandomNumberGenerator.cpp6
-rw-r--r--src/Core/Unix/Linux/CoreLinux.cpp3
-rw-r--r--src/Crypto/Crypto.vcxproj21
-rw-r--r--src/Crypto/Crypto.vcxproj.filters36
-rw-r--r--src/Crypto/Crypto_vs2019.vcxproj23
-rw-r--r--src/Crypto/GostCipher.c265
-rw-r--r--src/Crypto/GostCipher.h68
-rw-r--r--src/Crypto/Makefile.inc3
-rw-r--r--src/Crypto/Rmd160.c500
-rw-r--r--src/Crypto/Rmd160.h33
-rw-r--r--src/Crypto/Sources8
-rw-r--r--src/Crypto/config.h6
-rw-r--r--src/Crypto/cpu.h11
-rw-r--r--src/Crypto/gost89_x64.asm483
-rw-r--r--src/Driver/Driver.vcxproj5
-rw-r--r--src/Driver/Driver.vcxproj.filters15
-rw-r--r--src/Driver/veracrypt_vs2019.vcxproj11
-rw-r--r--src/Driver/veracrypt_vs2019.vcxproj.filters12
-rw-r--r--src/Format/Tcformat.c9
-rw-r--r--src/Makefile8
-rw-r--r--src/Mount/Favorites.cpp2
-rw-r--r--src/Mount/Mount.c4
-rw-r--r--src/Volume/Cipher.cpp44
-rw-r--r--src/Volume/Cipher.h3
-rw-r--r--src/Volume/EncryptionAlgorithm.cpp12
-rw-r--r--src/Volume/EncryptionAlgorithm.h1
-rw-r--r--src/Volume/EncryptionTest.cpp61
-rw-r--r--src/Volume/Hash.cpp21
-rw-r--r--src/Volume/Hash.h20
-rw-r--r--src/Volume/Pkcs5Kdf.cpp11
-rw-r--r--src/Volume/Pkcs5Kdf.h36
-rw-r--r--src/Volume/Volume.make12
-rw-r--r--src/Volume/VolumeLayout.cpp8
50 files changed, 482 insertions, 1944 deletions
diff --git a/src/Boot/Windows/Boot.vcxproj b/src/Boot/Windows/Boot.vcxproj
index 68d5d270..b9a04d80 100644
--- a/src/Boot/Windows/Boot.vcxproj
+++ b/src/Boot/Windows/Boot.vcxproj
@@ -222,6 +222,7 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH</NMakeReBuildCommandLine>
<ItemDefinitionGroup>
</ItemDefinitionGroup>
<ItemGroup>
+ <ClCompile Include="..\..\Crypto\blake2s-ref.c" />
<ClCompile Include="BootConfig.cpp" />
<ClCompile Include="BootConsoleIo.cpp" />
<ClCompile Include="BootDebug.cpp" />
@@ -240,7 +241,6 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH</NMakeReBuildCommandLine>
<ClCompile Include="..\..\Common\Xts.c" />
<ClCompile Include="..\..\Crypto\AesSmall.c" />
<ClCompile Include="..\..\Crypto\CamelliaSmall.c" />
- <ClCompile Include="..\..\Crypto\Rmd160.c" />
<ClCompile Include="..\..\Crypto\Serpent.c" />
<ClCompile Include="..\..\Crypto\Sha2Small.c" />
<ClCompile Include="..\..\Crypto\Twofish.c" />
diff --git a/src/Boot/Windows/Boot.vcxproj.filters b/src/Boot/Windows/Boot.vcxproj.filters
index 1a60ac81..24d23894 100644
--- a/src/Boot/Windows/Boot.vcxproj.filters
+++ b/src/Boot/Windows/Boot.vcxproj.filters
@@ -74,9 +74,6 @@
<ClCompile Include="..\..\Crypto\CamelliaSmall.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
- <ClCompile Include="..\..\Crypto\Rmd160.c">
- <Filter>Source Files\Crypto</Filter>
- </ClCompile>
<ClCompile Include="..\..\Crypto\Serpent.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
@@ -86,6 +83,9 @@
<ClCompile Include="..\..\Crypto\Twofish.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
+ <ClCompile Include="..\..\Crypto\blake2s-ref.c">
+ <Filter>Source Files\Crypto</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="BootCrt.asm">
diff --git a/src/Boot/Windows/Makefile b/src/Boot/Windows/Makefile
index 9689b7cf..d08e1f50 100644
--- a/src/Boot/Windows/Makefile
+++ b/src/Boot/Windows/Makefile
@@ -46,7 +46,7 @@ CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE /D TC_WINDOWS_BOOT_$(SI
OBJDIR = $(OBJDIR)_$(SINGLE_PRF)
CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_$(SINGLE_PRF)
!else
-CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_RIPEMD160
+CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_BLAKE2S
!endif
OUTDIR = $(OBJDIR)
@@ -85,7 +85,7 @@ OBJS = $(OBJS) $(OUTDIR)\Xts.obj
!if "$(SINGLE_PRF)" == "SHA2"
OBJS = $(OBJS) $(OUTDIR)\Sha2Small.obj
!else
-OBJS = $(OBJS) $(OUTDIR)\Rmd160.obj
+OBJS = $(OBJS) $(OUTDIR)\blake2s-ref.obj
!endif
!if !DEFINED (SINGLE_CIPHER)
diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc
index 4c153657..b7ed20c9 100644
--- a/src/Build/Include/Makefile.inc
+++ b/src/Build/Include/Makefile.inc
@@ -14,7 +14,7 @@ $(NAME): $(NAME).a
clean:
@echo Cleaning $(NAME)
- rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) *.gch
+ rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d) *.gch
%.o: %.c
@echo Compiling $(<F)
@@ -23,11 +23,27 @@ clean:
%.o0: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -O0 -c $< -o $@
+
+%.osse41: %.c
+ @echo Compiling $(<F)
+ $(CC) $(CFLAGS) -mssse3 -msse4.1 -c $< -o $@
+
+%.ossse3: %.c
+ @echo Compiling $(<F)
+ $(CC) $(CFLAGS) -mssse3 -c $< -o $@
%.o: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -c $< -o $@
+%.osse41: %.cpp
+ @echo Compiling $(<F)
+ $(CXX) $(CXXFLAGS) -mssse3 -msse4.1 -c $< -o $@
+
+%.ossse3: %.cpp
+ @echo Compiling $(<F)
+ $(CXX) $(CXXFLAGS) -mssse3 -c $< -o $@
+
%.o: %.S
@echo Compiling $(<F)
$(CC) $(CFLAGS) -c $< -o $@
@@ -72,10 +88,10 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr
# Dependencies
--include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d)
+-include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d)
-$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT)
+$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3)
@echo Updating library $@
- $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT)
+ $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3)
$(RANLIB) $@
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index c3ce07ab..9a16db53 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1705,15 +1705,11 @@ namespace VeraCrypt
ea = TWOFISH;
else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
ea = CAMELLIA;
-#if defined(CIPHER_GOST89)
- else if (_stricmp (request.BootEncryptionAlgorithmName, "GOST89") == 0)
- ea = GOST89;
-#endif
if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
pkcs5_prf = SHA256;
- else if (_stricmp(request.BootPrfAlgorithmName, "RIPEMD-160") == 0)
- pkcs5_prf = RIPEMD160;
+ else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
+ pkcs5_prf = BLAKE2S;
else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
pkcs5_prf = SHA512;
else if (_stricmp(request.BootPrfAlgorithmName, "Whirlpool") == 0)
@@ -1721,7 +1717,7 @@ namespace VeraCrypt
else if (_stricmp(request.BootPrfAlgorithmName, "Streebog") == 0)
pkcs5_prf = STREEBOG;
else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
- pkcs5_prf = RIPEMD160;
+ pkcs5_prf = BLAKE2S;
}
catch (...)
{
@@ -1747,8 +1743,8 @@ namespace VeraCrypt
pkcs5_prf = SelectedPrfAlgorithmId;
}
- // Only RIPEMD160 and SHA-256 are supported for MBR boot loader
- if (!bIsGPT && pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
+ // Only BLAKE2s and SHA-256 are supported for MBR boot loader
+ if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256)
throw ParameterIncorrect (SRC_POS);
int bootSectorId = 0;
@@ -2222,7 +2218,7 @@ namespace VeraCrypt
EfiBootConf::EfiBootConf() : passwordType (0),
passwordMsg ("Password: "),
passwordPicture ("login.bmp"),
- hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: "),
+ hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: "),
hashAlgo (0),
requestHash (0),
pimMsg ("PIM (Leave empty for default): "),
@@ -2339,7 +2335,7 @@ namespace VeraCrypt
passwordType = ReadConfigInteger (configContent, "PasswordType", 0);
passwordMsg = ReadConfigString (configContent, "PasswordMsg", "Password: ", buffer, sizeof (buffer));
passwordPicture = ReadConfigString (configContent, "PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", buffer, sizeof (buffer));
- //hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
+ //hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
hashAlgo = ReadConfigInteger (configContent, "Hash", 0);
requestHash = ReadConfigInteger (configContent, "HashRqt", 1);
pimMsg = ReadConfigString (configContent, "PimMsg", "PIM: ", buffer, sizeof (buffer));
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index da233090..10c97e98 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -64,9 +64,6 @@ static Cipher Ciphers[] =
{ SERPENT, L"Serpent", 16, 32, 140*4 },
{ TWOFISH, L"Twofish", 16, 32, TWOFISH_KS },
{ CAMELLIA, L"Camellia", 16, 32, CAMELLIA_KS },
-#if defined(CIPHER_GOST89)
- { GOST89, L"GOST89", 16, 32, GOST_KS },
-#endif // defined(CIPHER_GOST89)
{ KUZNYECHIK, L"Kuznyechik",16, 32, KUZNYECHIK_KS },
#endif
{ 0, 0, 0, 0, 0 }
@@ -85,9 +82,6 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
{ { SERPENT, 0 }, { XTS, 0 }, 1, 1 },
{ { TWOFISH, 0 }, { XTS, 0 }, 1, 1 },
{ { CAMELLIA, 0 }, { XTS, 0 }, 1, 1 },
-#if defined(CIPHER_GOST89)
- { { GOST89, 0 }, { XTS, 0 }, 0, 0 },
-#endif // defined(CIPHER_GOST89)
{ { KUZNYECHIK, 0 }, { XTS, 0 }, 0, 1 },
{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
@@ -126,8 +120,8 @@ static Hash Hashes[] =
{ // ID Name Deprecated System Encryption
{ SHA512, L"SHA-512", FALSE, FALSE },
{ WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
+ { BLAKE2S, L"BLAKE2s-256", FALSE, TRUE },
{ SHA256, L"SHA-256", FALSE, TRUE },
- { RIPEMD160, L"RIPEMD-160", TRUE, TRUE },
{ STREEBOG, L"Streebog", FALSE, FALSE },
{ 0, 0, 0 }
};
@@ -168,11 +162,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
#endif
#if !defined(TC_WINDOWS_BOOT)
-#if defined(CIPHER_GOST89)
- case GOST89:
- gost_set_key(key, (gost_kds*)ks, 1);
- break;
-#endif // && defined(CIPHER_GOST89)
case KUZNYECHIK:
kuznyechik_set_key(key, (kuznyechik_kds*)ks);
break;
@@ -206,9 +195,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
case CAMELLIA: camellia_encrypt (data, data, ks); break;
#endif
#if !defined(TC_WINDOWS_BOOT)
-#if defined(CIPHER_GOST89)
- case GOST89: gost_encrypt(data, data, ks, 1); break;
-#endif // defined(CIPHER_GOST89)
case KUZNYECHIK: kuznyechik_encrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
@@ -281,9 +267,6 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
- else if (cipher == GOST89) {
- gost_encrypt(data, data, ks, (int)blockCount);
- }
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@@ -307,9 +290,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
case CAMELLIA: camellia_decrypt (data, data, ks); break;
#endif
#if !defined(TC_WINDOWS_BOOT)
-#if defined(CIPHER_GOST89)
- case GOST89: gost_decrypt(data, data, ks, 1); break;
-#endif // defined(CIPHER_GOST89)
case KUZNYECHIK: kuznyechik_decrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
@@ -398,9 +378,6 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
- else if (cipher == GOST89) {
- gost_decrypt(data, data, ks, (int)blockCount);
- }
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@@ -466,7 +443,6 @@ int CipherGetKeyScheduleSize (int cipherId)
BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
{
return (cipher == AES && IsAesHwCpuSupported())
- || (cipher == GOST89)
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 95222ba6..b9600cf9 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -53,7 +53,7 @@ enum
SHA512 = FIRST_PRF_ID,
WHIRLPOOL,
SHA256,
- RIPEMD160,
+ BLAKE2S,
STREEBOG,
HASH_ENUM_END_ID
};
@@ -61,8 +61,8 @@ enum
// The last PRF to try when mounting and also the number of implemented PRFs
#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
-#define RIPEMD160_BLOCKSIZE 64
-#define RIPEMD160_DIGESTSIZE 20
+#define BLAKE2S_BLOCKSIZE 64
+#define BLAKE2S_DIGESTSIZE 32
#define SHA256_BLOCKSIZE 64
#define SHA256_DIGESTSIZE 32
@@ -112,7 +112,6 @@ enum
SERPENT,
TWOFISH,
CAMELLIA,
- GOST89,
KUZNYECHIK
};
@@ -173,7 +172,7 @@ typedef struct
#ifdef TC_WINDOWS_BOOT
#define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
#else
-#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
+#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
#endif
#endif
@@ -200,12 +199,11 @@ typedef struct
#endif
#include "Twofish.h"
-#include "Rmd160.h"
+#include "blake2.h"
#ifndef TC_WINDOWS_BOOT
# include "Sha2.h"
# include "Whirlpool.h"
# include "Streebog.h"
-# include "GostCipher.h"
# include "kuznyechik.h"
# include "Camellia.h"
#if !defined (_UEFI)
@@ -252,7 +250,7 @@ typedef struct CRYPTO_INFO_t
uint16 HeaderVersion;
#ifdef TC_WINDOWS_DRIVER
- unsigned __int8 master_keydata_hash[RIPEMD160_DIGESTSIZE];
+ unsigned __int8 master_keydata_hash[BLAKE2S_DIGESTSIZE];
#else
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index f26ae38c..9d5c0d06 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -6412,7 +6412,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
{
BYTE digest [MAX_DIGESTSIZE];
WHIRLPOOL_CTX wctx;
- RMD160_CTX rctx;
+ blake2s_state bctx;
sha512_ctx s2ctx;
sha256_ctx s256ctx;
STREEBOG_CTX stctx;
@@ -6441,10 +6441,10 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
sha256_end ((unsigned char *) digest, &s256ctx);
break;
- case RIPEMD160:
- RMD160Init(&rctx);
- RMD160Update(&rctx, lpTestBuffer, benchmarkBufferSize);
- RMD160Final((unsigned char *) digest, &rctx);
+ case BLAKE2S:
+ blake2s_init(&bctx);
+ blake2s_update(&bctx, lpTestBuffer, benchmarkBufferSize);
+ blake2s_final(&bctx, (unsigned char *) digest);
break;
case WHIRLPOOL:
@@ -6509,9 +6509,9 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
- case RIPEMD160:
- /* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
+ case BLAKE2S:
+ /* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
+ derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:
@@ -7895,9 +7895,6 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000");
if (idTestCipher == AES || idTestCipher == SERPENT || idTestCipher == TWOFISH || idTestCipher == CAMELLIA
-#if defined(CIPHER_GOST89)
- || idTestCipher == GOST89
-#endif
|| idTestCipher == KUZNYECHIK
)
{
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 1401e8a0..62b2cae8 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -248,8 +248,8 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
case DeriveKeyWork:
switch (workItem->KeyDerivation.Pkcs5Prf)
{
- case RIPEMD160:
- derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
+ case BLAKE2S:
+ derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index 3ac3cc2c..10d33ff0 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -16,7 +16,7 @@
#include <memory.h>
#include <stdlib.h>
#endif
-#include "Rmd160.h"
+#include "blake2.h"
#ifndef TC_WINDOWS_BOOT
#include "Sha2.h"
#include "Whirlpool.h"
@@ -550,100 +550,131 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
#endif // TC_WINDOWS_BOOT
-#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_RIPEMD160)
+#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_BLAKE2S)
-typedef struct hmac_ripemd160_ctx_struct
+typedef struct hmac_blake2s_ctx_struct
{
- RMD160_CTX context;
- RMD160_CTX inner_digest_ctx; /*pre-computed inner digest context */
- RMD160_CTX outer_digest_ctx; /*pre-computed outer digest context */
- char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the RIPEMD-160 hash */
- char u[RIPEMD160_DIGESTSIZE];
-} hmac_ripemd160_ctx;
-
-void hmac_ripemd160_internal (char *input_digest, int len, hmac_ripemd160_ctx* hmac)
+ blake2s_state ctx;
+ blake2s_state inner_digest_ctx; /*pre-computed inner digest context */
+ blake2s_state outer_digest_ctx; /*pre-computed outer digest context */
+ char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */
+ char u[BLAKE2S_DIGESTSIZE];
+} hmac_blake2s_ctx;
+
+void hmac_blake2s_internal
+(
+ char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */
+ int ld, /* length of input data in bytes */
+ hmac_blake2s_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */
+)
{
- RMD160_CTX* context = &(hmac->context);
+ blake2s_state* ctx = &(hmac->ctx);
/**** Restore Precomputed Inner Digest Context ****/
- memcpy (context, &(hmac->inner_digest_ctx), sizeof (RMD160_CTX));
+ memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (blake2s_state));
- RMD160Update(context, (const unsigned char *) input_digest, len); /* then text of datagram */
- RMD160Final((unsigned char *) input_digest, context); /* finish up 1st pass */
+ blake2s_update (ctx, d, ld);
+
+ blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */
/**** Restore Precomputed Outer Digest Context ****/
- memcpy (context, &(hmac->outer_digest_ctx), sizeof (RMD160_CTX));
+ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state));
+
+ blake2s_update (ctx, d, SHA256_DIGESTSIZE);
- /* results of 1st hash */
- RMD160Update(context, (const unsigned char *) input_digest, RIPEMD160_DIGESTSIZE);
- RMD160Final((unsigned char *) input_digest, context); /* finish up 2nd pass */
+ blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */
}
#ifndef TC_WINDOWS_BOOT
-void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
+void hmac_blake2s
+(
+ char *k, /* secret key */
+ int lk, /* length of the key in bytes */
+ char *d, /* data */
+ int ld /* length of data in bytes */
+)
{
- hmac_ripemd160_ctx hmac;
- RMD160_CTX* ctx;
- unsigned char* k_pad = (unsigned char*) hmac.k; /* inner/outer padding - key XORd with ipad */
- unsigned char tk[RIPEMD160_DIGESTSIZE];
- int i;
-
- /* If the key is longer than the hash algorithm block size,
- let key = ripemd160(key), as per HMAC specifications. */
- if (keylen > RIPEMD160_BLOCKSIZE)
+ hmac_blake2s_ctx hmac;
+ blake2s_state* ctx;
+ char* buf = hmac.k;
+ int b;
+ char key[BLAKE2S_DIGESTSIZE];
+#if defined (DEVICE_DRIVER)
+ NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+#ifdef _WIN64
+ XSTATE_SAVE SaveState;
+ if (IsCpuIntel() && HasSAVX())
+ saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
+#else
+ KFLOATING_SAVE floatingPointState;
+ if (HasSSE2())
+ saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+#endif
+ /* If the key is longer than the hash algorithm block size,
+ let key = blake2s(key), as per HMAC specifications. */
+ if (lk > BLAKE2S_BLOCKSIZE)
{
- RMD160_CTX tctx;
+ blake2s_state tctx;
- RMD160Init(&tctx);
- RMD160Update(&tctx, (const unsigned char *) key, keylen);
- RMD160Final(tk, &tctx);
+ blake2s_init (&tctx);
+ blake2s_update (&tctx, k, lk);
+ blake2s_final (&tctx, (unsigned char *) key);
- key = (char *) tk;
- keylen = RIPEMD160_DIGESTSIZE;
+ k = key;
+ lk = BLAKE2S_DIGESTSIZE;
- burn (&tctx, sizeof(tctx)); // Prevent leaks
- }
+ burn (&tctx, sizeof(tctx)); // Prevent leaks
+ }
+
+ /**** Precompute HMAC Inner Digest ****/
- /* perform inner RIPEMD-160 */
ctx = &(hmac.inner_digest_ctx);
- /* start out by storing key in pads */
- memset(k_pad, 0x36, 64);
- /* XOR key with ipad and opad values */
- for (i=0; i<keylen; i++)
- {
- k_pad[i] ^= key[i];
- }
+ blake2s_init (ctx);
- RMD160Init(ctx); /* init context for 1st pass */
- RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
+ /* Pad the key for inner digest */
+ for (b = 0; b < lk; ++b)
+ buf[b] = (char) (k[b] ^ 0x36);
+ memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk);
+
+ blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
+
+ /**** Precompute HMAC Outer Digest ****/
- /* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
- memset(k_pad, 0x5c, 64);
- for (i=0; i<keylen; i++)
- {
- k_pad[i] ^= key[i];
- }
+ blake2s_init (ctx);
- RMD160Init(ctx); /* init context for 2nd pass */
- RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
+ for (b = 0; b < lk; ++b)
+ buf[b] = (char) (k[b] ^ 0x5C);
+ memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk);
- hmac_ripemd160_internal (input_digest, len, &hmac);
+ blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
- burn (&hmac, sizeof(hmac));
- burn (tk, sizeof(tk));
-}
+ hmac_blake2s_internal(d, ld, &hmac);
+
+#if defined (DEVICE_DRIVER)
+ if (NT_SUCCESS (saveStatus))
+#ifdef _WIN64
+ KeRestoreExtendedProcessorStateVC(&SaveState);
+#else
+ KeRestoreFloatingPointState (&floatingPointState);
+#endif
#endif
+ /* Prevent leaks */
+ burn(&hmac, sizeof(hmac));
+ burn(key, sizeof(key));
+}
+#endif
-static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int b, hmac_ripemd160_ctx* hmac)
+static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
{
char* k = hmac->k;
char* u = hmac->u;
uint32 c;
- int i;
+ int i;
#ifdef TC_WINDOWS_BOOT
/* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
@@ -653,11 +684,11 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
c = iterations >> 16;
i = ((int) iterations) & 0x01;
if (i)
- c = (c == 0)? 327661 : c << 11;
+ c = (c == 0)? 200000 : c << 11;
else
- c = (c == 0)? 655331 : 15000 + c * 1000;
+ c = (c == 0)? 500000 : 15000 + c * 1000;
#else
- c = iterations;
+ c = iterations;
#endif
/* iteration 1 */
@@ -665,7 +696,7 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
/* big-endian block number */
#ifdef TC_WINDOWS_BOOT
- /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256*/
+ /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */
memset (&k[salt_len], 0, 3);
k[salt_len + 3] = (char) b;
#else
@@ -673,14 +704,14 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
memcpy (&k[salt_len], &b, 4);
#endif
- hmac_ripemd160_internal (k, salt_len + 4, hmac);
- memcpy (u, k, RIPEMD160_DIGESTSIZE);
+ hmac_blake2s_internal (k, salt_len + 4, hmac);
+ memcpy (u, k, BLAKE2S_DIGESTSIZE);
/* remaining iterations */
- while ( c > 1)
+ while (c > 1)
{
- hmac_ripemd160_internal (k, RIPEMD160_DIGESTSIZE, hmac);
- for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
+ hmac_blake2s_internal (k, BLAKE2S_DIGESTSIZE, hmac);
+ for (i = 0; i < BLAKE2S_DIGESTSIZE; i++)
{
u[i] ^= k[i];
}
@@ -688,86 +719,107 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
}
}
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
+
+void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
+ hmac_blake2s_ctx hmac;
+ blake2s_state* ctx;
+ char* buf = hmac.k;
int b, l, r;
- hmac_ripemd160_ctx hmac;
- RMD160_CTX* ctx;
- unsigned char* k_pad = (unsigned char*) hmac.k;
#ifndef TC_WINDOWS_BOOT
- unsigned char tk[RIPEMD160_DIGESTSIZE];
+ char key[BLAKE2S_DIGESTSIZE];
+#if defined (DEVICE_DRIVER)
+ NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+#ifdef _WIN64
+ XSTATE_SAVE SaveState;
+ if (IsCpuIntel() && HasSAVX())
+ saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
+#else
+ KFLOATING_SAVE floatingPointState;
+ if (HasSSE2())
+ saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+#endif
/* If the password is longer than the hash algorithm block size,
- let password = ripemd160(password), as per HMAC specifications. */
- if (pwd_len > RIPEMD160_BLOCKSIZE)
+ let pwd = blake2s(pwd), as per HMAC specifications. */
+ if (pwd_len > BLAKE2S_BLOCKSIZE)
{
- RMD160_CTX tctx;
+ blake2s_state tctx;
- RMD160Init(&tctx);
- RMD160Update(&tctx, (const unsigned char *) pwd, pwd_len);
- RMD160Final(tk, &tctx);
+ blake2s_init (&tctx);
+ blake2s_update (&tctx, pwd, pwd_len);
+ blake2s_final (&tctx, (unsigned char *) key);
- pwd = (char *) tk;
- pwd_len = RIPEMD160_DIGESTSIZE;
+ pwd = key;
+ pwd_len = SHA256_DIGESTSIZE;
- burn (&tctx, sizeof(tctx)); // Prevent leaks
- }
+ burn (&tctx, sizeof(tctx)); // Prevent leaks
+ }
#endif
- if (dklen % RIPEMD160_DIGESTSIZE)
+ if (dklen % BLAKE2S_DIGESTSIZE)
{
- l = 1 + dklen / RIPEMD160_DIGESTSIZE;
+ l = 1 + dklen / BLAKE2S_DIGESTSIZE;
}
else
{
- l = dklen / RIPEMD160_DIGESTSIZE;
+ l = dklen / BLAKE2S_DIGESTSIZE;
}
- r = dklen - (l - 1) * RIPEMD160_DIGESTSIZE;
+ r = dklen - (l - 1) * BLAKE2S_DIGESTSIZE;
+
+ /**** Precompute HMAC Inner Digest ****/
- /* perform inner RIPEMD-160 */
ctx = &(hmac.inner_digest_ctx);
- /* start out by storing key in pads */
- memset(k_pad, 0x36, 64);
- /* XOR key with ipad and opad values */
- for (b=0; b<pwd_len; b++)
- {
- k_pad[b] ^= pwd[b];
- }
+ blake2s_init (ctx);
+
+ /* Pad the key for inner digest */
+ for (b = 0; b < pwd_len; ++b)
+ buf[b] = (char) (pwd[b] ^ 0x36);
+ memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len);
+
+ blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
- RMD160Init(ctx); /* init context for 1st pass */
- RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
+ /**** Precompute HMAC Outer Digest ****/
- /* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
- memset(k_pad, 0x5c, 64);
- for (b=0; b<pwd_len; b++)
- {
- k_pad[b] ^= pwd[b];
- }
+ blake2s_init (ctx);
+
+ for (b = 0; b < pwd_len; ++b)
+ buf[b] = (char) (pwd[b] ^ 0x5C);
+ memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len);
- RMD160Init(ctx); /* init context for 2nd pass */
- RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
+ blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
/* first l - 1 blocks */
for (b = 1; b < l; b++)
{
- derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
- memcpy (dk, hmac.u, RIPEMD160_DIGESTSIZE);
- dk += RIPEMD160_DIGESTSIZE;
+ derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
+ memcpy (dk, hmac.u, BLAKE2S_DIGESTSIZE);
+ dk += BLAKE2S_DIGESTSIZE;
}
/* last block */
- derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
+ derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
memcpy (dk, hmac.u, r);
+#if defined (DEVICE_DRIVER)
+ if (NT_SUCCESS (saveStatus))
+#ifdef _WIN64
+ KeRestoreExtendedProcessorStateVC(&SaveState);
+#else
+ KeRestoreFloatingPointState (&floatingPointState);
+#endif
+#endif
/* Prevent possible leaks. */
burn (&hmac, sizeof(hmac));
#ifndef TC_WINDOWS_BOOT
- burn (tk, sizeof(tk));
+ burn (key, sizeof(key));
#endif
}
-#endif // TC_WINDOWS_BOOT
+
+#endif
#ifndef TC_WINDOWS_BOOT
@@ -1210,8 +1262,8 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id)
case SHA256:
return L"HMAC-SHA-256";
- case RIPEMD160:
- return L"HMAC-RIPEMD-160";
+ case BLAKE2S:
+ return L"HMAC-BLAKE2s";
case WHIRLPOOL:
return L"HMAC-Whirlpool";
@@ -1238,11 +1290,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
switch (pkcs5_prf_id)
{
- case RIPEMD160:
+ case BLAKE2S:
if (truecryptMode)
- return bBoot ? 1000 : 2000;
+ return 0; // BLAKE2s not supported by TrueCrypt
else if (pim == 0)
- return bBoot? 327661 : 655331;
+ return bBoot? 200000 : 500000;
else
{
return bBoot? pim * 2048 : 15000 + pim * 1000;
@@ -1290,14 +1342,14 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE
if (truecryptMode)
{
if ( (bootType == PRF_BOOT_GPT)
- || (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160)
- || (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL && pkcs5_prf_id != RIPEMD160)
+ || (bootType == PRF_BOOT_MBR)
+ || (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL)
)
return 0;
}
else
{
- if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160 && pkcs5_prf_id != SHA256)
+ if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256)
|| (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID))
)
return 0;
diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h
index 98d8bf74..4a6b6882 100644
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -20,9 +20,9 @@
extern "C"
{
#endif
-/* output written to input_digest which must be at lease 20 bytes long */
-void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len);
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
+/* output written to input_digest which must be at lease 32 bytes long */
+void hmac_blake2s (char *key, int keylen, char *input_digest, int len);
+void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to d which must be at lease 32 bytes long */
void hmac_sha256 (char *k, int lk, char *d, int ld);
diff --git a/src/Common/Random.c b/src/Common/Random.c
index 1080ce7e..c44c69d7 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -263,7 +263,7 @@ BOOL Randmix ()
{
unsigned char hashOutputBuffer [MAX_DIGESTSIZE];
WHIRLPOOL_CTX wctx;
- RMD160_CTX rctx;
+ blake2s_state bctx;
sha512_ctx sctx;
sha256_ctx s256ctx;
STREEBOG_CTX stctx;
@@ -271,8 +271,8 @@ BOOL Randmix ()
switch (HashFunction)
{
- case RIPEMD160:
- digestSize = RIPEMD160_DIGESTSIZE;
+ case BLAKE2S:
+ digestSize = BLAKE2S_DIGESTSIZE;
break;
case SHA512:
@@ -303,10 +303,10 @@ BOOL Randmix ()
/* Compute the message digest of the entire pool using the selected hash function. */
switch (HashFunction)
{
- case RIPEMD160:
- RMD160Init(&rctx);
- RMD160Update(&rctx, pRandPool, RNG_POOL_SIZE);
- RMD160Final(hashOutputBuffer, &rctx);
+ case BLAKE2S:
+ blake2s_init(&bctx);
+ blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
+ blake2s_final(&bctx, hashOutputBuffer);
break;
case SHA512:
@@ -349,8 +349,8 @@ BOOL Randmix ()
burn (hashOutputBuffer, MAX_DIGESTSIZE);
switch (HashFunction)
{
- case RIPEMD160:
- burn (&rctx, sizeof(rctx));
+ case BLAKE2S:
+ burn (&bctx, sizeof(bctx));
break;
case SHA512:
diff --git a/src/Common/Random.h b/src/Common/Random.h
index 88dd041b..68758782 100644
--- a/src/Common/Random.h
+++ b/src/Common/Random.h
@@ -21,7 +21,7 @@ extern "C" {
/* RNG defines & pool pointers */
#define RNG_POOL_SIZE 320 // Must be divisible by the size of the output of each of the implemented hash functions. (in bytes)
-#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % RIPEMD160_DIGESTSIZE
+#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % BLAKE2S_DIGESTSIZE
#error RNG_POOL_SIZE must be divisible by the size of the output of each of the implemented hash functions.
#endif
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 0b3025ed..8a0a1e2f 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -52,6 +52,10 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#endif // defined(_UEFI)
+#ifdef TC_WINDOWS_BOOT
+#include <stddef.h>
+#endif
+
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
@@ -92,6 +96,7 @@ typedef __int8 int8;
typedef __int16 int16;
typedef __int32 int32;
typedef unsigned __int8 byte;
+typedef unsigned __int8 uint8;
typedef unsigned __int16 uint16;
typedef unsigned __int32 uint32;
@@ -118,6 +123,7 @@ typedef int16_t int16;
typedef int32_t int32;
typedef int64_t int64;
typedef uint8_t byte;
+typedef uint8_t uint8;
typedef uint16_t uint16;
typedef uint32_t uint32;
typedef uint64_t uint64;
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index a66c7b54..0fcd93ce 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -374,27 +374,6 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = {
0xAD, 0x5C, 0x4D, 0x84
}
};
-#if defined(CIPHER_GOST89)
-// GOST89 ECB test vectors
-#define GOST89_TEST_COUNT 1
-
-typedef struct {
- unsigned char key[32];
- unsigned char plaintext[16];
- unsigned char ciphertext[16];
- } GOST89_TEST;
-
-GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = {
-{
- 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44,
- 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
- 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98,
- 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
- 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF,
- 0x02, 0x9D, 0xBD, 0x9F
-}
-};
-#endif
// Kuznyechik ECB test vectors
#define KUZNYECHIK_TEST_COUNT 4
@@ -503,22 +482,34 @@ char *hmac_sha512_test_vectors[] =
"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
};
-char *hmac_ripemd160_test_keys[] =
+char *hmac_blake2s_test_keys[] =
{
- "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",
- "\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ "Jefe",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
};
-char *hmac_ripemd160_test_data[] =
+char *hmac_blake2s_test_data[] =
{
- "message digest",
- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ "Hi There",
+ "what do ya want for nothing?",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
};
-char *hmac_ripemd160_test_vectors[] =
+char *hmac_blake2s_test_vectors[] =
{
- "\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34",
- "\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9",
+ "\x65\xa8\xb7\xc5\xcc\x91\x36\xd4\x24\xe8\x2c\x37\xe2\x70\x7e\x74\xe9\x13\xc0\x65\x5b\x99\xc7\x5f\x40\xed\xf3\x87\x45\x3a\x32\x60",
+ "\x90\xb6\x28\x1e\x2f\x30\x38\xc9\x05\x6a\xf0\xb4\xa7\xe7\x63\xca\xe6\xfe\x5d\x9e\xb4\x38\x6a\x0e\xc9\x52\x37\x89\x0c\x10\x4f\xf0",
+ "\xfc\xc4\xf5\x95\x29\x50\x2e\x34\xc3\xd8\xda\x3f\xfd\xab\x82\x96\x6a\x2c\xb6\x37\xff\x5e\x9b\xd7\x01\x13\x5c\x2e\x94\x69\xe7\x90",
+ "\x46\x44\x34\xdc\xbe\xce\x09\x5d\x45\x6a\x1d\x62\xd6\xec\x56\xf8\x98\xe6\x25\xa3\x9e\x5c\x52\xbd\xf9\x4d\xaf\x11\x1b\xad\x83\xaa",
+ "\xd2\x3d\x79\x39\x4f\x53\xd5\x36\xa0\x96\xe6\x51\x44\x47\xee\xaa\xbb\x05\xde\xd0\x1b\xe3\x2c\x19\x37\xda\x6a\x8f\x71\x03\xbc\x4e",
+ "\xcb\x60\xf6\xa7\x91\xf1\x40\xbf\x8a\xa2\xe5\x1f\xf3\x58\xcd\xb2\xcc\x5c\x03\x33\x04\x5b\x7f\xb7\x7a\xba\x7a\xb3\xb0\xcf\xb2\x37",
};
char *hmac_whirlpool_test_key =
@@ -628,6 +619,32 @@ HashTestVector Streebog512TestVectors[] = {
{NULL, NULL}
};
+/* https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt */
+HashTestVector Blake2sTestVectors[] = {
+ {"",
+ "69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9"
+ },
+ {"61",
+ "4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90"
+ },
+ {"616263",
+ "508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982"
+ },
+ {"6d65737361676520646967657374",
+ "fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c"
+ },
+ {"6162636465666768696a6b6c6d6e6f707172737475767778797a",
+ "bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12"
+ },
+ {"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839",
+ "c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b"
+ },
+ {"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930",
+ "fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66"
+ },
+ {NULL, NULL}
+};
+
unsigned char ks_tmp[MAX_EXPANDED_KEY];
void CipherInit2(int cipher, void* key, void* ks, int key_len)
@@ -650,11 +667,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
case CAMELLIA:
CipherInit(cipher,key,ks);
break;
-#if defined(CIPHER_GOST89)
- case GOST89:
- CipherInit(cipher,key,ks);
- break;
-#endif // defined(CIPHER_GOST89)
case KUZNYECHIK:
CipherInit(cipher, key, ks);
break;
@@ -850,34 +862,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
break;
}
}
-#if defined(CIPHER_GOST89)
- else if (wcscmp (name, L"GOST89") == 0)
- {
- switch (testCase)
- {
- case 0:
- if (crc != 0x12194ef5)
- return FALSE;
- nTestsPerformed++;
- break;
- case 1:
- if (crc != 0xda8d429b)
- return FALSE;
- nTestsPerformed++;
- break;
- case 2:
- if (crc != 0xdbf0b12e)
- return FALSE;
- nTestsPerformed++;
- break;
- case 3:
- if (crc != 0xb986eb4a)
- return FALSE;
- nTestsPerformed++;
- break;
- }
- }
-#endif
else if (wcscmp (name, L"Kuznyechik") == 0)
{
switch (testCase)
@@ -1234,14 +1218,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return FALSE;
nTestsPerformed++;
}
-#if defined(CIPHER_GOST89)
- else if (wcscmp (name, L"GOST89") == 0)
- {
- if (crc != 0x9e8653cb)
- return FALSE;
- nTestsPerformed++;
- }
-#endif
else if (wcscmp (name, L"Kuznyechik") == 0)
{
if (crc != 0xd6d39cdb)
@@ -1319,11 +1295,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
nTestsPerformed++;
}
-#if defined(CIPHER_GOST89)
- return (nTestsPerformed == 160);
-#else
- return (nTestsPerformed == 155);
-#endif
+ return (nTestsPerformed == 150);
}
static BOOL DoAutoTestAlgorithms (void)
@@ -1466,28 +1438,6 @@ static BOOL DoAutoTestAlgorithms (void)
if (i != KUZNYECHIK_TEST_COUNT)
bFailed = TRUE;
-#if defined(CIPHER_GOST89)
- /* GOST89 */
-
- for (i = 0; i < GOST89_TEST_COUNT; i++)
- {
- int cipher = GOST89;
- memcpy(key, gost89_vectors[i].key, 32);
- memcpy(tmp, gost89_vectors[i].plaintext, 16);
- gost_set_key(key, (gost_kds*)ks_tmp, 0);
-
- EncipherBlock(cipher, tmp, ks_tmp);
- if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0)
- break;
-
- DecipherBlock(cipher, tmp, ks_tmp);
- if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0)
- break;
- }
- if (i != GOST89_TEST_COUNT)
- bFailed = TRUE;
-#endif
-
/* PKCS #5 and HMACs */
if (!test_pkcs5 ())
bFailed = TRUE;
@@ -1599,23 +1549,29 @@ BOOL test_hmac_sha512 ()
return (nTestsPerformed == 6);
}
-BOOL test_hmac_ripemd160 ()
+BOOL test_hmac_blake2s ()
{
- int nTestsPerformed = 0;
unsigned int i;
+ int nTestsPerformed = 0;
- for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++)
+ for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++)
{
char digest[1024]; /* large enough to hold digets and test vector inputs */
- memcpy (digest, hmac_ripemd160_test_data[i], strlen (hmac_ripemd160_test_data[i]));
- hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, digest, (int) strlen (hmac_ripemd160_test_data[i]));
- if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0)
+ memcpy (digest, hmac_blake2s_test_data[i], strlen (hmac_blake2s_test_data[i]));
+ hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) strlen (hmac_blake2s_test_data[i]));
+ if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
return FALSE;
else
nTestsPerformed++;
}
- return (nTestsPerformed == 2);
+ return (nTestsPerformed == 6);
+}
+
+int __cdecl Blake2sHash (unsigned char* input, unsigned long inputLen, unsigned char* output)
+{
+ blake2s(output, input, (size_t) inputLen);
+ return BLAKE2S_DIGESTSIZE;
}
BOOL test_hmac_whirlpool ()
@@ -1686,8 +1642,12 @@ BOOL test_pkcs5 ()
if (!test_hmac_sha512())
return FALSE;
- /* HMAC-RIPEMD-160 tests */
- if (test_hmac_ripemd160() == FALSE)
+ /* HMAC-BLAKE2s tests */
+ if (test_hmac_blake2s() == FALSE)
+ return FALSE;
+
+ /* Blake2s hash tests */
+ if (RunHashTest (Blake2sHash, Blake2sTestVectors, (HasSSE2())? TRUE : FALSE) == FALSE)
return FALSE;
/* HMAC-Whirlpool tests */
@@ -1733,14 +1693,14 @@ BOOL test_pkcs5 ()
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
return FALSE;
- /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
- if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
+ /* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
+ derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+ if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
return FALSE;
- /* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
- derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
- if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
+ /* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */
+ derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+ if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)
return FALSE;
/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */
diff --git a/src/Common/Tests.h b/src/Common/Tests.h
index 6aff505f..356d54f4 100644
--- a/src/Common/Tests.h
+++ b/src/Common/Tests.h
@@ -19,7 +19,7 @@ extern unsigned char ks_tmp[MAX_EXPANDED_KEY];
void CipherInit2(int cipher, void* key, void* ks, int key_len);
BOOL test_hmac_sha512 (void);
-BOOL test_hmac_ripemd160 (void);
+BOOL test_hmac_blake2s (void);
BOOL test_hmac_whirlpool (void);
BOOL test_pkcs5 (void);
BOOL TestSectorBufEncryption ();
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 7bfb8ec2..902c1699 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -27,6 +27,8 @@
#ifndef DEVICE_DRIVER
#include "Random.h"
+#else
+#include "cpu.h"
#endif
#endif // !defined(_UEFI)
@@ -378,8 +380,8 @@ KeyReady: ;
switch (pkcs5_prf)
{
- case RIPEMD160:
- derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ case BLAKE2S:
+ derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
@@ -577,12 +579,22 @@ KeyReady: ;
memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
#ifdef TC_WINDOWS_DRIVER
{
- RMD160_CTX ctx;
- RMD160Init (&ctx);
- RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
- RMD160Update (&ctx, header, sizeof(header));
- RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
+ blake2s_state ctx;
+#ifndef _WIN64
+ NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+ KFLOATING_SAVE floatingPointState;
+ if (HasSSE2())
+ saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+ blake2s_init (&ctx);
+ blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
+ blake2s_update (&ctx, header, sizeof(header));
+ blake2s_final (&ctx, cryptoInfo->master_keydata_hash);
burn(&ctx, sizeof (ctx));
+#ifndef _WIN64
+ if (NT_SUCCESS (saveStatus))
+ KeRestoreFloatingPointState (&floatingPointState);
+#endif
}
#else
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
@@ -709,7 +721,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#else
- derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+ derive_key_blake2s (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#endif
@@ -792,7 +804,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
#ifdef TC_WINDOWS_BOOT_SHA2
cryptoInfo->pkcs5 = SHA256;
#else
- cryptoInfo->pkcs5 = RIPEMD160;
+ cryptoInfo->pkcs5 = BLAKE2S;
#endif
memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk));
@@ -981,8 +993,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
- case RIPEMD160:
- derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ case BLAKE2S:
+ derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp
index 91247d87..39753ee8 100644
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -252,7 +252,7 @@ namespace VeraCrypt
void RandomNumberGenerator::Test ()
{
shared_ptr <Hash> origPoolHash = PoolHash;
- PoolHash.reset (new Ripemd160());
+ PoolHash.reset (new Blake2s());
Pool.Zero();
Buffer buffer (1);
@@ -262,14 +262,14 @@ namespace VeraCrypt
AddToPool (buffer);
}
- if (Crc32::ProcessBuffer (Pool) != 0x2de46d17)
+ if (Crc32::ProcessBuffer (Pool) != 0x9ae2fff8)
throw TestFailed (SRC_POS);
buffer.Allocate (PoolSize);
buffer.CopyFrom (PeekPool());
AddToPool (buffer);
- if (Crc32::ProcessBuffer (Pool) != 0xcb88e019)
+ if (Crc32::ProcessBuffer (Pool) != 0x391135a7)
throw TestFailed (SRC_POS);
PoolHash = origPoolHash;
diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp
index 47ec8fb8..e1da6dff 100644
--- a/src/Core/Unix/Linux/CoreLinux.cpp
+++ b/src/Core/Unix/Linux/CoreLinux.cpp
@@ -303,8 +303,7 @@ namespace VeraCrypt
void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const
{
bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS));
- bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (GOST89))
- || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))
diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj
index c6e0aac5..97a472f7 100644
--- a/src/Crypto/Crypto.vcxproj
+++ b/src/Crypto/Crypto.vcxproj
@@ -200,26 +200,19 @@
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
- <CustomBuild Include="Gost89_x64.asm">
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
- <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
- <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- </CustomBuild>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
+ <ClCompile Include="blake2s.c" />
+ <ClCompile Include="blake2s_SSE2.c" />
+ <ClCompile Include="blake2s_SSE41.c" />
+ <ClCompile Include="blake2s_SSSE3.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
- <ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@@ -227,7 +220,6 @@
<ClCompile Include="kuznyechik.c" />
<ClCompile Include="kuznyechik_simd.c" />
<ClCompile Include="rdrand.c" />
- <ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@@ -243,6 +235,9 @@
<ClInclude Include="Aes_hw_cpu.h" />
<ClInclude Include="Aesopt.h" />
<ClInclude Include="Aestab.h" />
+ <ClInclude Include="blake2s-load-sse2.h" />
+ <ClInclude Include="blake2s-load-sse41.h" />
+ <ClInclude Include="blake2s-round.h" />
<ClInclude Include="Camellia.h" />
<ClInclude Include="chacha256.h" />
<ClInclude Include="chachaRng.h" />
@@ -250,13 +245,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
- <ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
- <ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />
diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters
index 541a0867..5d149bdd 100644
--- a/src/Crypto/Crypto.vcxproj.filters
+++ b/src/Crypto/Crypto.vcxproj.filters
@@ -24,9 +24,6 @@
<ClCompile Include="cpu.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="Rmd160.c">
- <Filter>Source Files</Filter>
- </ClCompile>
<ClCompile Include="Sha2.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -36,9 +33,6 @@
<ClCompile Include="Whirlpool.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="GostCipher.c">
- <Filter>Source Files</Filter>
- </ClCompile>
<ClCompile Include="kuznyechik.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -81,6 +75,18 @@
<ClCompile Include="t1ha2_selfcheck.c">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="blake2s.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="blake2s_SSE2.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="blake2s_SSE41.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="blake2s_SSSE3.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Aes.h">
@@ -107,9 +113,6 @@
<ClInclude Include="misc.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="Rmd160.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="Sha2.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -119,9 +122,6 @@
<ClInclude Include="Whirlpool.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="GostCipher.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="kuznyechik.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -164,6 +164,15 @@
<ClInclude Include="t1ha_selfcheck.h">
<Filter>Header Files</Filter>
</ClInclude>
+ <ClInclude Include="blake2s-load-sse2.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="blake2s-load-sse41.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="blake2s-round.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="Aes_hw_cpu.asm">
@@ -175,9 +184,6 @@
<CustomBuild Include="Aes_x86.asm">
<Filter>Source Files</Filter>
</CustomBuild>
- <CustomBuild Include="Gost89_x64.asm">
- <Filter>Source Files</Filter>
- </CustomBuild>
<CustomBuild Include="Twofish_x64.S">
<Filter>Source Files</Filter>
</CustomBuild>
diff --git a/src/Crypto/Crypto_vs2019.vcxproj b/src/Crypto/Crypto_vs2019.vcxproj
index 8d9ce46e..aa75b9b8 100644
--- a/src/Crypto/Crypto_vs2019.vcxproj
+++ b/src/Crypto/Crypto_vs2019.vcxproj
@@ -297,24 +297,6 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
- <CustomBuild Include="Gost89_x64.asm">
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
- <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
- <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Command Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
-</Command>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
- </CustomBuild>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Aescrypt.c">
@@ -325,12 +307,12 @@
</ClCompile>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
+ <ClCompile Include="blake2s.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
- <ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@@ -345,7 +327,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
</ClCompile>
- <ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@@ -368,13 +349,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
- <ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
- <ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />
diff --git a/src/Crypto/GostCipher.c b/src/Crypto/GostCipher.c
deleted file mode 100644
index ddd649cd..00000000
--- a/src/Crypto/GostCipher.c
+++ /dev/null
@@ -1,265 +0,0 @@
-/** @file
-GOST89 implementation
-
-Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions
-of the Apache License, Version 2.0.
-The full text of the license may be found at
-https://opensource.org/licenses/Apache-2.0
-
-Dynamic SBOX idea is from GostCrypt project. Copyright (c) 2008-2011 TrueCrypt Developers Association
-**/
-
-
-
-#include "GostCipher.h"
-#include "Streebog.h"
-#include "cpu.h"
-
-#if defined(CIPHER_GOST89)
-
-// Crypto Pro
-byte S_CryptoPro[8][16] = {
- {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
- {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
- {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
- {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
- {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
- {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
- {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
- {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
- };
-
-// TC26
-byte S_TC26[8][16] =
-{
- { 0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, 0x1 },
- { 0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, 0xf },
- { 0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, 0x0 },
- { 0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, 0xb },
- { 0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, 0xc },
- { 0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, 0x0 },
- { 0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, 0x7 },
- { 0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, 0x2 },
-};
-
-void gost_prepare_kds(gost_kds* kds) {
- uint32 i;
- // Build substitution tables.
- for (i = 0; i < 256; ++i) {
- uint32 p;
- p = kds->sbox[7][i >> 4] << 4 | kds->sbox[6][i & 15];
- p = p << 24; p = p << 11 | p >> 21;
- kds->sbox_cvt[i] = p; // S87
-
- p = kds->sbox[5][i >> 4] << 4 | kds->sbox[4][i & 15];
- p = p << 16; p = p << 11 | p >> 21;
- kds->sbox_cvt[256 + i] = p; // S65
-
- p = kds->sbox[3][i >> 4] << 4 | kds->sbox[2][i & 15];
- p = p << 8; p = p << 11 | p >> 21;
- kds->sbox_cvt[256 * 2 + i] = p; // S43
-
- p = kds->sbox[1][i >> 4] << 4 | kds->sbox[0][i & 15];
- p = p << 11 | p >> 21;
- kds->sbox_cvt[256 * 3 + i] = p; // S21
- }
-}
-
-
-static void xor_s_box(byte s_box[8][16], byte *seed)
-{
- int i;
- for (i = 0; i < 16; i++)
- {
- s_box[0][i] ^= (seed[ (i * 4) + 0 ] ) & 0xF;
- s_box[1][i] ^= (seed[ (i * 4) + 0 ]>>4) & 0xF;
- s_box[2][i] ^= (seed[ (i * 4) + 1 ] ) & 0xF;
- s_box[3][i] ^= (seed[ (i * 4) + 1 ]>>4) & 0xF;
- s_box[4][i] ^= (seed[ (i * 4) + 2 ] ) & 0xF;
- s_box[5][i] ^= (seed[ (i * 4) + 2 ]>>4) & 0xF;
- s_box[6][i] ^= (seed[ (i * 4) + 3 ] ) & 0xF;
- s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF;
- }
-}
-
-void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox)
-{
- memcpy(ks->key, key, GOST_KEYSIZE);
- memcpy(ks->sbox, S_TC26, sizeof(ks->sbox));
-
- if (useDynamicSbox)
- {
- STREEBOG_CTX sctx;
- byte sbox_seed[64];
-#if defined (DEVICE_DRIVER) && !defined (_WIN64)
- KFLOATING_SAVE floatingPointState;
- NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
- if (HasSSE2() || HasSSE41())
- saveStatus = KeSaveFloatingPointState (&floatingPointState);
-#endif
- //Generate pseudorandom data based on the key
- STREEBOG_init(&sctx);
- STREEBOG_add(&sctx, ks->key, 32);
- STREEBOG_finalize(&sctx, sbox_seed);
-
-#if defined (DEVICE_DRIVER) && !defined (_WIN64)
- if (NT_SUCCESS (saveStatus))
- KeRestoreFloatingPointState (&floatingPointState);
-#endif
-
- xor_s_box(ks->sbox, sbox_seed);
- }
-
- gost_prepare_kds(ks);
-}
-
-static uint32 f(uint32 v, uint32* sbox){
- byte* x =(byte*) &v;
- /* Do substitutions */
- return sbox[x[3]] | sbox[256 + x[2]] | sbox[256*2 + x[1]] | sbox[256*3 + x[0]];
-}
-
-void gost_encrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
- uint32* in = (uint32*)&in_;
- uint32* out = (uint32*)out_;
- uint32* key = (uint32*)kds->key;
- uint32* sbox = kds->sbox_cvt;
-
- // As named in the GOST
- uint32 n1 = in[0];
- uint32 n2 = in[1];
-
- n2 ^= f(n1+key[0], sbox);
- n1 ^= f(n2+key[1], sbox);
- n2 ^= f(n1+key[2], sbox);
- n1 ^= f(n2+key[3], sbox);
- n2 ^= f(n1+key[4], sbox);
- n1 ^= f(n2+key[5], sbox);
- n2 ^= f(n1+key[6], sbox);
- n1 ^= f(n2+key[7], sbox);
-
- n2 ^= f(n1+key[0], sbox);
- n1 ^= f(n2+key[1], sbox);
- n2 ^= f(n1+key[2], sbox);
- n1 ^= f(n2+key[3], sbox);
- n2 ^= f(n1+key[4], sbox);
- n1 ^= f(n2+key[5], sbox);
- n2 ^= f(n1+key[6], sbox);
- n1 ^= f(n2+key[7], sbox);
-
- n2 ^= f(n1+key[0], sbox);
- n1 ^= f(n2+key[1], sbox);
- n2 ^= f(n1+key[2], sbox);
- n1 ^= f(n2+key[3], sbox);
- n2 ^= f(n1+key[4], sbox);
- n1 ^= f(n2+key[5], sbox);
- n2 ^= f(n1+key[6], sbox);
- n1 ^= f(n2+key[7], sbox);
-
- n2 ^= f(n1+key[7], sbox);
- n1 ^= f(n2+key[6], sbox);
- n2 ^= f(n1+key[5], sbox);
- n1 ^= f(n2+key[4], sbox);
- n2 ^= f(n1+key[3], sbox);
- n1 ^= f(n2+key[2], sbox);
- n2 ^= f(n1+key[1], sbox);
- n1 ^= f(n2+key[0], sbox);
-
- // There is no swap after the last round
- out[0] = n2;
- out[1] = n1;
-}
-
-void gost_decrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
- uint32* in = (uint32*)&in_;
- uint32* out = (uint32*)out_;
- uint32* key = (uint32*)kds->key;
- uint32* sbox = kds->sbox_cvt;
-
- // As named in the GOST
- uint32 n1 = in[0];
- uint32 n2 = in[1];
-
- n2 ^= f(n1+key[0], sbox);
- n1 ^= f(n2+key[1], sbox);
- n2 ^= f(n1+key[2], sbox);
- n1 ^= f(n2+key[3], sbox);
- n2 ^= f(n1+key[4], sbox);
- n1 ^= f(n2+key[5], sbox);
- n2 ^= f(n1+key[6], sbox);
- n1 ^= f(n2+key[7], sbox);
-
- n2 ^= f(n1+key[7], sbox);
- n1 ^= f(n2+key[6], sbox);
- n2 ^= f(n1+key[5], sbox);
- n1 ^= f(n2+key[4], sbox);
- n2 ^= f(n1+key[3], sbox);
- n1 ^= f(n2+key[2], sbox);
- n2 ^= f(n1+key[1], sbox);
- n1 ^= f(n2+key[0], sbox);
-
- n2 ^= f(n1+key[7], sbox);
- n1 ^= f(n2+key[6], sbox);
- n2 ^= f(n1+key[5], sbox);
- n1 ^= f(n2+key[4], sbox);
- n2 ^= f(n1+key[3], sbox);
- n1 ^= f(n2+key[2], sbox);
- n2 ^= f(n1+key[1], sbox);
- n1 ^= f(n2+key[0], sbox);
-
- n2 ^= f(n1+key[7], sbox);
- n1 ^= f(n2+key[6], sbox);
- n2 ^= f(n1+key[5], sbox);
- n1 ^= f(n2+key[4], sbox);
- n2 ^= f(n1+key[3], sbox);
- n1 ^= f(n2+key[2], sbox);
- n2 ^= f(n1+key[1], sbox);
- n1 ^= f(n2+key[0], sbox);
-
- out[0] = n2;
- out[1] = n1;
-}
-
-#if defined(_M_AMD64)
-void gost_encrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
-void gost_decrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
-#endif
-
-void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count) {
-#if defined(_M_AMD64)
- gost_encrypt_128_CBC_asm(in, out, ks, (uint64)count);
-#else
- while (count > 0) {
- // encrypt two blocks in CBC mode
- gost_encrypt_block(*((uint64*)in), (uint64*)out, ks);
- *((gst_udword*)(out + 8)) = *((gst_udword*)(in + 8)) ^ *((gst_udword*)(out));
- *((gst_udword*)(out + 12)) = *((gst_udword*)(in + 12)) ^ *((gst_udword*)(out + 4));
- gost_encrypt_block(*((uint64*)(out + 8)), (uint64*)(out + 8), ks);
- count--;
- in += 16;
- out += 16;
- }
-#endif
-}
-
-void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count) {
-#if defined(_M_AMD64)
- gost_decrypt_128_CBC_asm(in, out, ks, (uint64)count);
-#else
- while (count > 0) {
- // decrypt two blocks in CBC mode
- gost_decrypt_block(*((uint64*)(in + 8)), (uint64*)(out + 8), ks);
- *((gst_udword*)(out + 8)) ^= *((gst_udword*)(in));;
- *((gst_udword*)(out + 12)) ^= *((gst_udword*)(in + 4));;
- gost_decrypt_block(*((uint64*)(in)), (uint64*)(out), ks);
- count--;
- in += 16;
- out += 16;
- }
-#endif
-}
-
-#endif
diff --git a/src/Crypto/GostCipher.h b/src/Crypto/GostCipher.h
deleted file mode 100644
index bcb77207..00000000
--- a/src/Crypto/GostCipher.h
+++ /dev/null
@@ -1,68 +0,0 @@
-
-/*
- Copyright (c) 2008-2011 TrueCrypt Developers Association. All rights reserved.
-
- Governed by the TrueCrypt License 3.0 the full text of which is contained in
- the file License.txt included in TrueCrypt binary and source code distribution
- packages.
-*/
-
-
-
-#ifndef GOST_CIPHER_H
-#define GOST_CIPHER_H
-
-#include "Common/Tcdefs.h"
-#include "config.h"
-#include "misc.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-//In unsigned chars
-#define GOST_KEYSIZE 32
-#define GOST_BLOCKSIZE 8
-#define GOST_SBOX_SIZE 16
-
-//Production setting, but can be turned off to compare the algorithm with other implementations
-#define CIPHER_GOST89
-#define GOST_DYNAMIC_SBOXES
-
-#if defined(CIPHER_GOST89)
-
-#ifdef GST_WINDOWS_BOOT
-typedef int gst_word;
-typedef long gst_dword;
-typedef unsigned int gst_uword;
-typedef unsigned long gst_udword;
-#else
-typedef short gst_word;
-typedef int gst_dword;
-typedef unsigned short gst_uword;
-typedef unsigned int gst_udword;
-#endif
-
-typedef struct gost_kds
-{
- CRYPTOPP_ALIGN_DATA(16) byte key[32];
- gst_udword sbox_cvt[256 * 4];
- byte sbox[8][16];
-} gost_kds;
-
-#define GOST_KS (sizeof(gost_kds))
-
-void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count);
-void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count);
-void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox);
-
-#else
-#define GOST_KS (0)
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif
diff --git a/src/Crypto/Makefile.inc b/src/Crypto/Makefile.inc
index c8d2dfdf..e05d02ca 100644
--- a/src/Crypto/Makefile.inc
+++ b/src/Crypto/Makefile.inc
@@ -16,9 +16,6 @@ VC_MLEXE = ml64.exe
TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
-"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj": gost89_$(TC_ARCH).asm
- nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).lst" gost89_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
-
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
diff --git a/src/Crypto/Rmd160.c b/src/Crypto/Rmd160.c
deleted file mode 100644
index 0c6ec839..00000000
--- a/src/Crypto/Rmd160.c
+++ /dev/null
@@ -1,500 +0,0 @@
-// RIPEMD-160 written and placed in the public domain by Wei Dai
-
-/*
- * This code implements the MD4 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- */
-
-/* Adapted for TrueCrypt */
-/* Adapted for VeraCrypt */
-#if !defined(_UEFI)
-#include <memory.h>
-#endif // !defined(_UEFI)
-
-#include "Common/Tcdefs.h"
-#include "Common/Endian.h"
-#include "Rmd160.h"
-
-#define F(x, y, z) (x ^ y ^ z)
-#define G(x, y, z) (z ^ (x & (y^z)))
-#define H(x, y, z) (z ^ (x | ~y))
-#define I(x, y, z) (y ^ (z & (x^y)))
-#define J(x, y, z) (x ^ (y | ~z))
-
-#define PUT_64BIT_LE(cp, value) do { \
- (cp)[7] = (byte) ((value) >> 56); \
- (cp)[6] = (byte) ((value) >> 48); \
- (cp)[5] = (byte) ((value) >> 40); \
- (cp)[4] = (byte) ((value) >> 32); \
- (cp)[3] = (byte) ((value) >> 24); \
- (cp)[2] = (byte) ((value) >> 16); \
- (cp)[1] = (byte) ((value) >> 8); \
- (cp)[0] = (byte) (value); } while (0)
-
-#define PUT_32BIT_LE(cp, value) do { \
- (cp)[3] = (byte) ((value) >> 24); \
- (cp)[2] = (byte) ((value) >> 16); \
- (cp)[1] = (byte) ((value) >> 8); \
- (cp)[0] = (byte) (value); } while (0)
-
-#ifndef TC_MINIMIZE_CODE_SIZE
-
-static byte PADDING[64] = {
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-#else
-
-static byte PADDING[64];
-
-#endif
-
-void RMD160Init (RMD160_CTX *ctx)
-{
- ctx->count = 0;
- ctx->state[0] = 0x67452301;
- ctx->state[1] = 0xefcdab89;
- ctx->state[2] = 0x98badcfe;
- ctx->state[3] = 0x10325476;
- ctx->state[4] = 0xc3d2e1f0;
- PADDING[0] = 0x80;
-}
-
-/*
-* Update context to reflect the concatenation of another buffer full
-* of bytes.
-*/
-void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg)
-{
-#ifndef TC_WINDOWS_BOOT
- uint64 len = lenArg;
-#else
- uint32 len = lenArg;
-#endif
- unsigned int have, need;
-
- /* Check how many bytes we already have and how many more we need. */
- have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
- need = RIPEMD160_BLOCK_LENGTH - have;
-
- /* Update bitcount */
- ctx->count += len;
-
- if (len >= need) {
- if (have != 0) {
- memcpy (ctx->buffer + have, input, (size_t) need);
- RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer);
- input += need;
- len -= need;
- have = 0;
- }
-
- /* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */
- while (len >= RIPEMD160_BLOCK_LENGTH) {
- RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input);
- input += RIPEMD160_BLOCK_LENGTH;
- len -= RIPEMD160_BLOCK_LENGTH;
- }
- }
-
- /* Handle any remaining bytes of data. */
- if (len != 0)
- memcpy (ctx->buffer + have, input, (size_t) len);
-}
-
-/*
-* Pad pad to 64-byte boundary with the bit pattern
-* 1 0* (64-bit count of bits processed, MSB-first)
-*/
-static void RMD160Pad(RMD160_CTX *ctx)
-{
- byte count[8];
- uint32 padlen;
-
- /* Convert count to 8 bytes in little endian order. */
-
-#ifndef TC_WINDOWS_BOOT
- uint64 bitcount = ctx->count << 3;
- PUT_64BIT_LE(count, bitcount);
-#else
- *(uint32 *) (count + 4) = 0;
- *(uint32 *) (count + 0) = ctx->count << 3;
-#endif
-
- /* Pad out to 56 mod 64. */
- padlen = RIPEMD160_BLOCK_LENGTH -
- (uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
- if (padlen < 1 + 8)
- padlen += RIPEMD160_BLOCK_LENGTH;
- RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
- RMD160Update(ctx, count, 8);
-}
-
-/*
-* Final wrapup--call RMD160Pad, fill in digest and zero out ctx.
-*/
-void RMD160Final(unsigned char *digest, RMD160_CTX *ctx)
-{
- int i;
-
- RMD160Pad(ctx);
- if (digest) {
- for (i = 0; i < 5; i++)
- PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
-#ifndef TC_WINDOWS_BOOT
- burn (ctx, sizeof(*ctx));
-#endif
- }
-}
-
-
-#ifndef TC_MINIMIZE_CODE_SIZE
-
-#define word32 unsigned __int32
-
-#define k0 0
-#define k1 0x5a827999UL
-#define k2 0x6ed9eba1UL
-#define k3 0x8f1bbcdcUL
-#define k4 0xa953fd4eUL
-#define k5 0x50a28be6UL
-#define k6 0x5c4dd124UL
-#define k7 0x6d703ef3UL
-#define k8 0x7a6d76e9UL
-#define k9 0
-
-static word32 rotlFixed (word32 x, unsigned int y)
-{
- return (word32)((x<<y) | (x>>(sizeof(word32)*8-y)));
-}
-
-#define Subround(f, a, b, c, d, e, x, s, k) \
- a += f(b, c, d) + x + k;\
- a = rotlFixed((word32)a, s) + e;\
- c = rotlFixed((word32)c, 10U)
-
-void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data)
-{
-#if BYTE_ORDER == LITTLE_ENDIAN
- const word32 *X = data;
-#else
- word32 X[16];
- int i;
-#endif
-
- word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
- a1 = a2 = digest[0];
- b1 = b2 = digest[1];
- c1 = c2 = digest[2];
- d1 = d2 = digest[3];
- e1 = e2 = digest[4];
-
-#if BYTE_ORDER == BIG_ENDIAN
- for (i = 0; i < 16; i++)
- {
- X[i] = LE32 (data[i]);
- }
-#endif
-
- Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0);
- Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0);
- Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0);
- Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0);
- Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0);
- Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0);
- Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0);
- Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0);
- Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0);
- Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0);
- Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0);
- Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0);
- Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0);
- Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0);
- Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0);
- Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0);
-
- Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1);
- Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1);
- Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1);
- Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1);
- Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1);
- Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1);
- Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1);
- Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1);
- Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1);
- Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1);
- Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1);
- Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1);
- Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1);
- Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1);
- Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1);
- Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1);
-
- Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2);
- Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2);
- Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2);
- Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2);
- Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2);
- Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2);
- Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2);
- Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2);
- Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2);
- Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2);
- Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2);
- Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2);
- Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2);
- Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2);
- Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2);
- Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2);
-
- Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3);
- Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3);
- Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3);
- Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3);
- Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3);
- Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3);
- Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3);
- Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3);
- Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3);
- Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3);
- Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3);
- Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3);
- Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3);
- Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3);
- Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3);
- Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3);
-
- Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4);
- Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4);
- Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4);
- Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4);
- Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4);
- Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4);
- Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4);
- Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4);
- Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4);
- Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4);
- Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4);
- Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4);
- Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4);
- Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4);
- Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4);
- Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4);
-
- Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5);
- Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5);
- Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5);
- Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5);
- Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5);
- Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5);
- Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5);
- Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5);
- Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5);
- Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5);
- Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5);
- Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5);
- Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5);
- Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5);
- Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5);
- Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5);
-
- Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6);
- Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6);
- Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6);
- Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6);
- Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6);
- Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6);
- Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6);
- Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6);
- Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6);
- Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6);
- Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6);
- Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6);
- Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6);
- Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6);
- Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6);
- Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6);
-
- Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7);
- Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7);
- Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7);
- Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7);
- Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7);
- Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7);
- Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7);
- Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7);
- Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7);
- Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7);
- Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7);
- Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7);
- Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7);
- Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7);
- Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7);
- Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7);
-
- Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8);
- Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8);
- Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8);
- Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8);
- Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8);
- Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8);
- Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8);
- Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8);
- Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8);
- Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8);
- Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8);
- Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8);
- Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8);
- Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8);
- Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8);
- Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8);
-
- Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9);
- Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9);
- Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9);
- Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9);
- Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9);
- Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9);
- Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9);
- Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9);
- Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9);
- Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9);
- Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9);
- Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9);
- Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9);
- Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9);
- Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9);
- Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9);
-
- c1 = digest[1] + c1 + d2;
- digest[1] = digest[2] + d1 + e2;
- digest[2] = digest[3] + e1 + a2;
- digest[3] = digest[4] + a1 + b2;
- digest[4] = digest[0] + b1 + c2;
- digest[0] = c1;
-}
-
-#else // TC_MINIMIZE_CODE_SIZE
-
-/*
- Derived from source code of TrueCrypt 7.1a, which is
- Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
- by the TrueCrypt License 3.0.
-
- Modifications and additions to the original source code (contained in this file)
- and all other portions of this file are Copyright (c) 2013-2017 IDRIX
- and are governed by the Apache License 2.0 the full text of which is
- contained in the file License.txt included in VeraCrypt binary and source
- code distribution packages.
-*/
-
-#pragma optimize ("tl", on)
-
-typedef unsigned __int32 uint32;
-typedef unsigned __int8 byte;
-
-#include <stdlib.h>
-#pragma intrinsic (_lrotl)
-
-static const byte OrderTab[] = {
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
- 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
- 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
- 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
- 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
- 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
- 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
- 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
- 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
- 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
-};
-
-static const byte RolTab[] = {
- 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
- 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
- 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
- 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
- 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
- 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
- 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
- 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
- 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
- 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
-};
-
-static const uint32 KTab[] = {
- 0x00000000UL,
- 0x5A827999UL,
- 0x6ED9EBA1UL,
- 0x8F1BBCDCUL,
- 0xA953FD4EUL,
- 0x50A28BE6UL,
- 0x5C4DD124UL,
- 0x6D703EF3UL,
- 0x7A6D76E9UL,
- 0x00000000UL
-};
-
-
-void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data)
-{
- uint32 a, b, c, d, e;
- uint32 a2, b2, c2, d2, e2;
- byte pos;
- uint32 tmp;
-
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
-
- for (pos = 0; pos < 160; ++pos)
- {
- tmp = a + data[OrderTab[pos]] + KTab[pos >> 4];
-
- switch (pos >> 4)
- {
- case 0: case 9: tmp += F (b, c, d); break;
- case 1: case 8: tmp += G (b, c, d); break;
- case 2: case 7: tmp += H (b, c, d); break;
- case 3: case 6: tmp += I (b, c, d); break;
- case 4: case 5: tmp += J (b, c, d); break;
- }
-
- tmp = _lrotl (tmp, RolTab[pos]) + e;
- a = e;
- e = d;
- d = _lrotl (c, 10);
- c = b;
- b = tmp;
-
- if (pos == 79)
- {
- a2 = a;
- b2 = b;
- c2 = c;
- d2 = d;
- e2 = e;
-
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
- }
- }
-
- tmp = state[1] + c2 + d;
- state[1] = state[2] + d2 + e;
- state[2] = state[3] + e2 + a;
- state[3] = state[4] + a2 + b;
- state[4] = state[0] + b2 + c;
- state[0] = tmp;
-}
-
-#endif // TC_MINIMIZE_CODE_SIZE
diff --git a/src/Crypto/Rmd160.h b/src/Crypto/Rmd160.h
deleted file mode 100644
index 81b5d6f0..00000000
--- a/src/Crypto/Rmd160.h
+++ /dev/null
@@ -1,33 +0,0 @@
-#ifndef TC_HEADER_Crypto_Ripemd160
-#define TC_HEADER_Crypto_Ripemd160
-
-#include "Common/Tcdefs.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#define RIPEMD160_BLOCK_LENGTH 64
-
-typedef struct RMD160Context
-{
- unsigned __int32 state[5];
-#ifndef TC_WINDOWS_BOOT
- uint64 count;
-#else
- uint32 count;
-#endif
- unsigned char buffer[RIPEMD160_BLOCK_LENGTH];
-} RMD160_CTX;
-
-void RMD160Init (RMD160_CTX *ctx);
-void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data);
-void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len);
-void RMD160Final (unsigned char *digest, RMD160_CTX *ctx);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif // TC_HEADER_Crypto_Ripemd160
diff --git a/src/Crypto/Sources b/src/Crypto/Sources
index 9a1bef14..9542d4b6 100644
--- a/src/Crypto/Sources
+++ b/src/Crypto/Sources
@@ -7,7 +7,6 @@ NTTARGETFILES = \
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj" \
"$(OBJ_PATH)\$(O)\rdrand_ml.obj" \
- "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Twofish_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_aesni_$(TC_ARCH).obj" \
@@ -22,19 +21,21 @@ NTTARGETFILES = \
SOURCES = \
Aes_$(TC_ARCH).asm \
- gost89_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
rdrand_ml.asm \
rdseed_ml.asm \
Aeskey.c \
Aestab.c \
+ blake2s.c \
+ blake2s_SSE2.c \
+ blake2s_SSE41.c \
+ blake2s_SSSE3.c \
chacha-xmm.c \
chacha256.c \
chachaRng.c \
cpu.c \
jitterentropy-base.c \
rdrand.c \
- Rmd160.c \
SerpentFast.c \
SerpentFast_simd.cpp \
Sha2.c \
@@ -43,7 +44,6 @@ SOURCES = \
t1ha2_selfcheck.c \
Twofish.c \
Twofish_$(TC_ARCH).S \
- GostCipher.c \
Streebog.c \
kuznyechik.c \
kuznyechik_simd.c \
diff --git a/src/Crypto/config.h b/src/Crypto/config.h
index 8e1e41fc..7ed6aabf 100644
--- a/src/Crypto/config.h
+++ b/src/Crypto/config.h
@@ -128,6 +128,12 @@
#define CRYPTOPP_SSSE3_AVAILABLE 0
# endif
+#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64)
+ #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1
+#else
+ #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0
+#endif
+
#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__))
#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
#else
diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h
index 1a3efcee..157aeaef 100644
--- a/src/Crypto/cpu.h
+++ b/src/Crypto/cpu.h
@@ -134,6 +134,11 @@ extern __m128i _mm_slli_epi16(__m128i _A, int _Count);
extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8);
extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0);
extern __m128i _mm_set1_epi64x (__int64 a);
+extern __m128i _mm_castps_si128(__m128);
+extern __m128 _mm_castsi128_ps(__m128i);
+extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8);
+extern __m128i _mm_srli_si128(__m128i _A, int _Imm);
+extern __m128i _mm_slli_si128(__m128i _A, int _Imm);
#define _mm_xor_si64 _m_pxor
#define _mm_empty _m_empty
#define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \
@@ -148,12 +153,12 @@ extern __m128i _mm_set1_epi64x (__int64 a);
#endif
#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
-#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
+extern __m128i _mm_alignr_epi8 (__m128i a, __m128i b, int n);
#if defined(__cplusplus)
}
#endif
@@ -162,13 +167,14 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#endif
#endif
-#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern int _mm_extract_epi32(__m128i src, const int ndx);
extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx);
+extern __m128i _mm_blend_epi16 (__m128i v1, __m128i v2, const int mask);
#if defined(_M_X64)
extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx);
#endif
@@ -200,7 +206,6 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
#include <wmmintrin.h>
#endif
#endif
-#endif
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
diff --git a/src/Crypto/gost89_x64.asm b/src/Crypto/gost89_x64.asm
deleted file mode 100644
index 5f5892fe..00000000
--- a/src/Crypto/gost89_x64.asm
+++ /dev/null
@@ -1,483 +0,0 @@
-;
-; GOST89 implementation x64
-;
-; Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
-;
-; This program and the accompanying materials
-; are licensed and made available under the terms and conditions
-; of the Apache License, Version 2.0.
-;
-; The full text of the license may be found at
-; https://opensource.org/licenses/Apache-2.0
-;
-; Some ideas from article https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/
-;
-
-[section .bss align=16]
-
-;///////////////////////////////////////////////////////////////////
-;// Win64 registers to save
-;///////////////////////////////////////////////////////////////////
-%macro SaveRegs 0
- sub rsp,8*8+10*16
- mov [rsp], rbx
- mov [rsp+8], rbp
- mov [rsp+8*2], rdi
- mov [rsp+8*3], rsi
- mov [rsp+8*4], r12
- mov [rsp+8*5], r13
- mov [rsp+8*6], r14
- mov [rsp+8*7], r15
-%endmacro
-
-%macro RestoreRegs 0
- mov rbx, [rsp]
- mov rbp, [rsp+8]
- mov rdi, [rsp+8*2]
- mov rsi, [rsp+8*3]
- mov r12, [rsp+8*4]
- mov r13, [rsp+8*5]
- mov r14, [rsp+8*6]
- mov r15, [rsp+8*7]
- add rsp,8*8+10*16
-%endmacro
-
-[section .text align=16]
-;///////////////////////////////////////////////////////////////////
-;// Crypting 2 blocks
-;///////////////////////////////////////////////////////////////////
-%macro gost_round2 2 ; 1 - pos1, 2 - pos2
- ; 1st
- ; 1-2 byte
- add ecx, r13d ; add key
- movzx edi, cl
- movzx esi, ch
- xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
- xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
- shr ecx, 16
- ; 3-4 байт
- movzx edi, cl
- xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
- movzx esi, ch
- xor r14d, dword [r8 + 32 + rsi*4]
- mov edx, [r8 + %1*4] ; read key for second step
-
- ; 2nd
- ; 1-2 byte
- add eax, r10d ; read key
- movzx r15d, al
- movzx ebp, ah
- xor r11d, dword [r8 + 32 + 256*3*4 + r15*4]
- xor r11d, dword [r8 + 32 + 256*2*4 + rbp*4]
- shr eax, 16
- ; 3-4 байт
- movzx r15d, al
- xor r11d, dword [r8 + 32 + 256*4 + r15*4]
- movzx ebp, ah
- xor r11d, dword [r8 + 32 + rbp*4]
- mov ebx, [r8 + %1*4] ; read key for second step
-
- ; second step
- ; 1st
- ; 1-2 byte
- add edx, r14d ; add key
- movzx edi, dl
- movzx esi, dh
- xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
- xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
- shr edx, 16
- ; 3-4 байт
- movzx edi, dl
- xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
- movzx esi, dh
- xor r13d, dword [r8 + 32 + rsi*4]
- mov ecx, [r8 + %2*4] ; read key
-
- ; 2nd
- ; 1-2 byte
- add ebx, r11d; ; add key
- movzx r15d, bl;
- movzx ebp, bh;
- xor r10d, dword [r8 + 32 + 256*3*4 + r15*4]
- xor r10d, dword [r8 + 32 + 256*2*4 + rbp*4]
- shr ebx, 16
- ; 3-4 байт
- movzx r15d, bl
- xor r10d, dword [r8 + 32 + 256*4 + r15*4]
- movzx ebp, bh
- xor r10d, dword [r8 + 32 + rbp*4]
- mov eax, [r8 + %2*4] ; read key
-%endmacro
-
-; input: r8 - &key, rcx - &IN
-; returns: (r13) & (r10)
-GostEncrypt2x64:
- ; 1st
- mov r13d, [rcx]
- mov r14, [rcx]
- shr r14, 32
-
- ; 2nd
- mov r10d, [rcx + 16]
- mov r11, [rcx + 16]
- shr r11, 32
-
- mov ecx, [r8]
- mov eax, ecx
-
- gost_round2 1, 2
- gost_round2 3, 4
- gost_round2 5, 6
- gost_round2 7, 0
-
- gost_round2 1, 2
- gost_round2 3, 4
- gost_round2 5, 6
- gost_round2 7, 0
-
- gost_round2 1, 2
- gost_round2 3, 4
- gost_round2 5, 6
- gost_round2 7, 7
-
- gost_round2 6, 5
- gost_round2 4, 3
- gost_round2 2, 1
- gost_round2 0, 0
-
- shl r13, 32 ; combine
- or r13, r14
-
- shl r10, 32 ; combine
- or r10, r11
- ret
-
-; input: r8 - &key, rcx - &IN
-; returns: (r13) & (r10)
-GostDecrypt2x64:
- ; 1st
- mov r13d, [rcx]
- mov r14, [rcx]
- shr r14, 32
-
- ; 2nd
- mov r10d, [rcx + 16]
- mov r11, [rcx + 16]
- shr r11, 32
-
- mov ecx, [r8]
- mov eax, ecx
-
- gost_round2 1, 2
- gost_round2 3, 4
- gost_round2 5, 6
- gost_round2 7, 7
-
- gost_round2 6, 5
- gost_round2 4, 3
- gost_round2 2, 1
- gost_round2 0, 7
-
- gost_round2 6, 5
- gost_round2 4, 3
- gost_round2 2, 1
- gost_round2 0, 7
-
- gost_round2 6, 5
- gost_round2 4, 3
- gost_round2 2, 1
- gost_round2 0, 0
-
- shl r13, 32 ; combine
- or r13, r14
-
- shl r10, 32 ; combine
- or r10, r11
-ret
-
-;///////////////////////////////////////////////////////////////////
-;// Crypting 1 block
-;///////////////////////////////////////////////////////////////////
-%macro gost_round1 2 ; 1 - pos1, 2 - pos2
- ; 1-2 byte
- add ecx, r13d ; add key
- movzx edi, cl
- movzx esi, ch
- xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
- xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
- shr ecx, 16
- ; 3-4 байт
- movzx edi, cl
- xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
- movzx esi, ch
- xor r14d, dword [r8 + 32 + rsi*4]
- mov edx, [r8 + %1*4] ; read key for second step
-
- ; second step
- ; 1-2 byte
- add edx, r14d ; add key
- movzx edi, dl
- movzx esi, dh
- xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
- xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
- shr edx, 16
- ; 3-4 байт
- movzx edi, dl
- xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
- movzx esi, dh
- xor r13d, dword [r8 + 32 + rsi*4]
- mov ecx, [r8 + %2*4] ; read key
-%endmacro
-
-; input: r8 - &gost_kds rcx - &IN
-; returns: r13
-GostEncrypt1x64:
- mov r13d, [rcx]
- mov r14, [rcx]
- shr r14, 32
- mov ecx, [r8]
-
- gost_round1 1, 2
- gost_round1 3, 4
- gost_round1 5, 6
- gost_round1 7, 0
-
- gost_round1 1, 2
- gost_round1 3, 4
- gost_round1 5, 6
- gost_round1 7, 0
-
- gost_round1 1, 2
- gost_round1 3, 4
- gost_round1 5, 6
- gost_round1 7, 7
-
- gost_round1 6, 5
- gost_round1 4, 3
- gost_round1 2, 1
- gost_round1 0, 0
-
- shl r13, 32 ; combine
- or r13, r14
-ret
-
-; input: r8 - &gost_kds rcx - IN
-; returns: r13
-GostDecrypt1x64:
- mov r13d, [rcx]
- mov r14, [rcx]
- shr r14, 32
- mov ecx, [r8]
-
- gost_round1 1, 2
- gost_round1 3, 4
- gost_round1 5, 6
- gost_round1 7, 7
-
- gost_round1 6, 5
- gost_round1 4, 3
- gost_round1 2, 1
- gost_round1 0, 7
-
- gost_round1 6, 5
- gost_round1 4, 3
- gost_round1 2, 1
- gost_round1 0, 7
-
- gost_round1 6, 5
- gost_round1 4, 3
- gost_round1 2, 1
- gost_round1 0, 0
-
- shl r13, 32 ; combine
- or r13, r14
-ret
-
-global gost_encrypt_128_CBC_asm ; gost_encrypt_128_CBC_asm(uint64* in, uint64* out, gost_kds* kds, uint64 count);
-; rcx - &in
-; rdx - &out
-; r8 - &gost_kds
-; r9 - count
-gost_encrypt_128_CBC_asm:
- SaveRegs ; Saving
-
- sub rsp, 32
- mov [rsp], rdx ; Save out addr
- mov [rsp + 8], rcx ; Save in addr
- mov [rsp + 16], r8 ; key addr
-
-.do:
- mov [rsp + 24], r9 ; Save count
- cmp r9, 2
- jge .blk2
- cmp r9, 1
- jge .blk1
- jmp .end
-
-; One 128 block encryption
-.blk1:
- mov rcx, [rsp + 8] ; set in addr
- call GostEncrypt1x64
-
- mov rdx, [rsp] ; Restore out
- mov rcx, [rsp + 8] ; restore in
-
- mov [rdx], r13
- mov rax, [rcx + 8]
- xor rax, r13 ; CBC
-
- add rdx, 8 ;next 8 bytes
- mov [rdx], rax
-
- mov rcx, rdx
- call GostEncrypt1x64
-
- mov rdx, [rsp] ; Restore out addr
- mov rcx, [rsp+8] ; Restore in addr
-
- mov [rdx + 8], r13
-
- add rdx,16
- mov [rsp], rdx
-
- add rcx, 16
- mov [rsp+8], rcx
-
- mov r9, [rsp + 24]
- dec r9
-
- jmp .do
-
-.blk2:
- mov rcx, [rsp + 8] ; set in addr
- call GostEncrypt2x64
-
- mov rdx, [rsp] ; Restore out
- mov rcx, [rsp + 8] ; restore in
-
- mov [rdx], r13
-
- mov rax, [rcx + 8]
- xor rax, r13 ; CBC
-
- mov [rdx + 16], r10
-
- mov rbx, [rcx + 24]
- xor rbx, r10 ; CBC
-
- mov [rdx + 8], rax
- mov [rdx + 24], rbx
-
- add rdx, 8 ;next 8 bytes
-
- mov rcx, rdx
- call GostEncrypt2x64
-
- mov rdx, [rsp] ; Restore out addr
- mov rcx, [rsp+8] ; Restore in addr
-
- mov [rdx + 8], r13
- mov [rdx + 24], r10
-
- add rdx,32
- mov [rsp], rdx
-
- add rcx, 32
- mov [rsp+8], rcx
-
- mov r9, [rsp + 24]
- sub r9, 2
-
- jmp .do
-
-.end:
- add rsp, 32 ; Load out addr
- RestoreRegs ; Load
-ret
-
-global gost_decrypt_128_CBC_asm ; gost_decrypt_128_CBC_asm(uint64* in, uint64* out, const gost_kds* kds, uint64 count);
-; rcx - &in
-; rdx - &out
-; r8 - &gost_kds
-; r9 - count
-gost_decrypt_128_CBC_asm:
- SaveRegs ; Saving
-
- sub rsp, 32
- mov [rsp], rdx ; Save out addr
- mov [rsp+8], rcx ; Save in addr
- mov [rsp+16], r8 ; key addr
-
-.do:
- mov [rsp + 24], r9 ; Save count
- cmp r9, 2
- jge .blk2
- cmp r9, 1
- jge .blk1
- jmp .end
-
-; One 128 block decryption
-.blk1:
- add rcx, 8
- call GostDecrypt1x64
- mov rdx, [rsp] ; Restore out
- mov rcx, [rsp + 8] ; Restore in
- mov rax, [rcx]
- xor rax, r13 ; CBC
- mov [rdx + 8], rax
-
- call GostDecrypt1x64
-
- mov rdx, [rsp] ; Restore out addr
- mov rcx, [rsp+8] ; Restore in addr
-
- mov [rdx], r13
-
- add rdx,16
- mov [rsp], rdx
-
- add rcx, 16
- mov [rsp+8], rcx
-
- mov r9, [rsp + 24]
- dec r9
-
- jmp .do
-
-.blk2:
- add rcx, 8
- call GostDecrypt2x64
- mov rdx, [rsp] ; Restore out
- mov rcx, [rsp + 8] ; Restore in
-
- mov rax, [rcx]
- xor rax, r13 ; CBC
- mov [rdx + 8], rax
-
- mov rbx, [rcx+16]
- xor rbx, r10 ; CBC
- mov [rdx + 24], rbx
-
- call GostDecrypt2x64
-
- mov rdx, [rsp] ; Restore out addr
- mov rcx, [rsp+8] ; Restore in addr
-
- mov [rdx], r13
- mov [rdx+16], r10
-
- add rdx,32
- mov [rsp], rdx
-
- add rcx,32
- mov [rsp+8], rcx
-
- mov r9, [rsp + 24]
- sub r9, 2
-
- jmp .do
-
-.end:
- add rsp, 32 ; Load out addr
- RestoreRegs ; Load
-ret
diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj
index 58a21d3d..7c92f05b 100644
--- a/src/Driver/Driver.vcxproj
+++ b/src/Driver/Driver.vcxproj
@@ -192,6 +192,10 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
<ItemDefinitionGroup>
</ItemDefinitionGroup>
<ItemGroup>
+ <ClCompile Include="..\Crypto\blake2s.c" />
+ <ClCompile Include="..\Crypto\blake2s_SSE2.c" />
+ <ClCompile Include="..\Crypto\blake2s_SSE41.c" />
+ <ClCompile Include="..\Crypto\blake2s_SSSE3.c" />
<ClCompile Include="..\Crypto\Camellia.c" />
<ClCompile Include="..\Crypto\chacha-xmm.c" />
<ClCompile Include="..\Crypto\chacha256.c" />
@@ -223,7 +227,6 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
<ClCompile Include="..\Common\Xts.c" />
<ClCompile Include="..\Crypto\Aeskey.c" />
<ClCompile Include="..\Crypto\Aestab.c" />
- <ClCompile Include="..\Crypto\Rmd160.c" />
<ClCompile Include="..\Crypto\Sha2.c" />
<ClCompile Include="..\Crypto\Twofish.c" />
<ClCompile Include="..\Crypto\Whirlpool.c" />
diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters
index f260fb56..41d7a8c4 100644
--- a/src/Driver/Driver.vcxproj.filters
+++ b/src/Driver/Driver.vcxproj.filters
@@ -87,9 +87,6 @@
<ClCompile Include="..\Crypto\Aestab.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
- <ClCompile Include="..\Crypto\Rmd160.c">
- <Filter>Source Files\Crypto</Filter>
- </ClCompile>
<ClCompile Include="..\Crypto\Sha2.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
@@ -135,6 +132,18 @@
<ClCompile Include="..\Crypto\t1ha2_selfcheck.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
+ <ClCompile Include="..\Crypto\blake2s.c">
+ <Filter>Source Files\Crypto</Filter>
+ </ClCompile>
+ <ClCompile Include="..\Crypto\blake2s_SSE2.c">
+ <Filter>Source Files\Crypto</Filter>
+ </ClCompile>
+ <ClCompile Include="..\Crypto\blake2s_SSE41.c">
+ <Filter>Source Files\Crypto</Filter>
+ </ClCompile>
+ <ClCompile Include="..\Crypto\blake2s_SSSE3.c">
+ <Filter>Source Files\Crypto</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="..\Crypto\Aes_hw_cpu.asm">
diff --git a/src/Driver/veracrypt_vs2019.vcxproj b/src/Driver/veracrypt_vs2019.vcxproj
index 4c09db94..f06f8974 100644
--- a/src/Driver/veracrypt_vs2019.vcxproj
+++ b/src/Driver/veracrypt_vs2019.vcxproj
@@ -33,12 +33,12 @@
<ClCompile Include="..\Crypto\Aescrypt.c" />
<ClCompile Include="..\Crypto\Aeskey.c" />
<ClCompile Include="..\Crypto\Aestab.c" />
+ <ClCompile Include="..\Crypto\blake2s.c" />
<ClCompile Include="..\Crypto\Camellia.c" />
<ClCompile Include="..\Crypto\chacha-xmm.c" />
<ClCompile Include="..\Crypto\chacha256.c" />
<ClCompile Include="..\Crypto\chachaRng.c" />
<ClCompile Include="..\Crypto\cpu.c" />
- <ClCompile Include="..\Crypto\GostCipher.c" />
<ClCompile Include="..\Crypto\jitterentropy-base.c" />
<ClCompile Include="..\Crypto\kuznyechik.c" />
<ClCompile Include="..\Crypto\kuznyechik_simd.c">
@@ -53,7 +53,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</ClCompile>
- <ClCompile Include="..\Crypto\Rmd160.c" />
<ClCompile Include="..\Crypto\SerpentFast.c" />
<ClCompile Include="..\Crypto\SerpentFast_simd.cpp">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
@@ -310,14 +309,6 @@
</CustomBuild>
</ItemGroup>
<ItemGroup>
- <CustomBuild Include="..\Crypto\Gost89_x64.asm">
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
- <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
- </CustomBuild>
- </ItemGroup>
- <ItemGroup>
<CustomBuild Include="..\Crypto\Twofish_x64.S">
<FileType>Document</FileType>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
diff --git a/src/Driver/veracrypt_vs2019.vcxproj.filters b/src/Driver/veracrypt_vs2019.vcxproj.filters
index 468c686f..2940815c 100644
--- a/src/Driver/veracrypt_vs2019.vcxproj.filters
+++ b/src/Driver/veracrypt_vs2019.vcxproj.filters
@@ -67,9 +67,6 @@
<ClCompile Include="..\Crypto\cpu.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
- <ClCompile Include="..\Crypto\GostCipher.c">
- <Filter>Crypto\Source Files</Filter>
- </ClCompile>
<ClCompile Include="..\Crypto\jitterentropy-base.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
@@ -82,9 +79,6 @@
<ClCompile Include="..\Crypto\rdrand.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
- <ClCompile Include="..\Crypto\Rmd160.c">
- <Filter>Crypto\Source Files</Filter>
- </ClCompile>
<ClCompile Include="..\Crypto\SerpentFast.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
@@ -151,6 +145,9 @@
<ClCompile Include="Ntdriver.c">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="..\Crypto\blake2s.c">
+ <Filter>Crypto\Source Files</Filter>
+ </ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="DriveFilter.h">
@@ -269,9 +266,6 @@
<CustomBuild Include="..\Crypto\Aes_x86.asm">
<Filter>Crypto\Source Files</Filter>
</CustomBuild>
- <CustomBuild Include="..\Crypto\Gost89_x64.asm">
- <Filter>Crypto\Source Files</Filter>
- </CustomBuild>
<CustomBuild Include="..\Crypto\Twofish_x64.S">
<Filter>Crypto\Source Files</Filter>
</CustomBuild>
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 9143e8c5..477306ea 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -4183,8 +4183,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{
- // For now, we keep RIPEMD160 for system encryption
- if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
+ if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
}
}
@@ -5605,8 +5604,6 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
Applink ("serpent");
else if (wcscmp (name, L"Twofish") == 0)
Applink ("twofish");
- else if (wcscmp (name, L"GOST89") == 0)
- Applink ("gost89");
else if (wcscmp (name, L"Kuznyechik") == 0)
Applink ("kuznyechik");
else if (wcscmp (name, L"Camellia") == 0)
@@ -9250,8 +9247,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdVolumePkcs5 = SHA512;
else if (_wcsicmp(szTmp, L"sha256") == 0)
CmdVolumePkcs5 = SHA256;
- else if (_wcsicmp(szTmp, L"ripemd160") == 0)
- CmdVolumePkcs5 = RIPEMD160;
+ else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0))
+ CmdVolumePkcs5 = BLAKE2S;
else
{
/* match using internal hash names */
diff --git a/src/Makefile b/src/Makefile
index 05ea3f61..c1ea2bae 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -145,6 +145,9 @@ export CPU_ARCH ?= unknown
export SIMD_SUPPORTED := 0
export DISABLE_AESNI ?= 0
+export GCC_GTEQ_440 := 0
+export GCC_GTEQ_430 := 0
+
ARCH ?= $(shell uname -m)
ifneq (,$(filter i386 i486 i586 i686 x86,$(ARCH)))
@@ -201,12 +204,13 @@ ifeq "$(shell uname -s)" "Linux"
CFLAGS += -msse2
CXXFLAGS += -msse2
+ GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400)
+ GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300)
+
ifeq "$(DISABLE_AESNI)" "1"
CFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI
CXXFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI
else
- GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400)
- GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300)
ifeq "$(GCC_GTEQ_440)" "1"
CFLAGS += -maes
CXXFLAGS += -maes
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index e93b9203..0428b8fd 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -963,7 +963,7 @@ namespace VeraCrypt
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
- if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1) || (i == RIPEMD160))
+ if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1))
{
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5b964d4e..a0370861 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -9598,8 +9598,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdVolumePkcs5 = SHA512;
else if (_wcsicmp(szTmp, L"sha256") == 0)
CmdVolumePkcs5 = SHA256;
- else if (_wcsicmp(szTmp, L"ripemd160") == 0)
- CmdVolumePkcs5 = RIPEMD160;
+ else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0))
+ CmdVolumePkcs5 = BLAKE2S;
else
{
/* match using internal hash names */
diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp
index 02ee6989..8c6ce390 100644
--- a/src/Volume/Cipher.cpp
+++ b/src/Volume/Cipher.cpp
@@ -16,7 +16,6 @@
#include "Crypto/SerpentFast.h"
#include "Crypto/Twofish.h"
#include "Crypto/Camellia.h"
-#include "Crypto/GostCipher.h"
#include "Crypto/kuznyechik.h"
#ifdef TC_AES_HW_CPU
@@ -98,7 +97,6 @@ namespace VeraCrypt
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
- l.push_back (shared_ptr <Cipher> (new CipherGost89 ()));
l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
return l;
@@ -399,48 +397,6 @@ namespace VeraCrypt
#endif
}
- // GOST89
- void CipherGost89::Decrypt (byte *data) const
- {
- gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
- }
-
- void CipherGost89::Encrypt (byte *data) const
- {
- gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
- }
-
- size_t CipherGost89::GetScheduledKeySize () const
- {
- return GOST_KS;
- }
-
- void CipherGost89::SetCipherKey (const byte *key)
- {
- gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1);
- }
-
- // GOST89 with static SBOX
- void CipherGost89StaticSBOX::Decrypt (byte *data) const
- {
- gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
- }
-
- void CipherGost89StaticSBOX::Encrypt (byte *data) const
- {
- gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
- }
-
- size_t CipherGost89StaticSBOX::GetScheduledKeySize () const
- {
- return GOST_KS;
- }
-
- void CipherGost89StaticSBOX::SetCipherKey (const byte *key)
- {
- gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0);
- }
-
// Kuznyechik
void CipherKuznyechik::Decrypt (byte *data) const
{
diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h
index 061dcc38..31a519a5 100644
--- a/src/Volume/Cipher.h
+++ b/src/Volume/Cipher.h
@@ -108,9 +108,6 @@ namespace VeraCrypt
#undef TC_CIPHER_ADD_METHODS
#define TC_CIPHER_ADD_METHODS
- TC_CIPHER (Gost89, 16, 32);
- TC_CIPHER (Gost89StaticSBOX, 16, 32);
-
#undef TC_CIPHER
diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp
index b94f69fa..85d9be1c 100644
--- a/src/Volume/EncryptionAlgorithm.cpp
+++ b/src/Volume/EncryptionAlgorithm.cpp
@@ -65,7 +65,6 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
- l.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@@ -301,17 +300,6 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
-
- // GOST89
- GOST89::GOST89 ()
- {
- Deprecated = true;
-
- Ciphers.push_back (shared_ptr <Cipher> (new CipherGost89()));
-
- SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
- }
-
// Kuznyechik
Kuznyechik::Kuznyechik ()
{
diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h
index a701e700..56642146 100644
--- a/src/Volume/EncryptionAlgorithm.h
+++ b/src/Volume/EncryptionAlgorithm.h
@@ -86,7 +86,6 @@ namespace VeraCrypt
TC_ENCRYPTION_ALGORITHM (TwofishSerpent);
TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES);
TC_ENCRYPTION_ALGORITHM (Camellia);
- TC_ENCRYPTION_ALGORITHM (GOST89);
TC_ENCRYPTION_ALGORITHM (Kuznyechik);
TC_ENCRYPTION_ALGORITHM (KuznyechikTwofish);
TC_ENCRYPTION_ALGORITHM (KuznyechikAES);
diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp
index 22aea220..5c251bd5 100644
--- a/src/Volume/EncryptionTest.cpp
+++ b/src/Volume/EncryptionTest.cpp
@@ -123,23 +123,7 @@ namespace VeraCrypt
}
}
};
-
- static const CipherTestVector GOST89TestVectors[] =
- {
- {
- {
- 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
- 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
- },
- {
- 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88
- },
- {
- 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F
- }
- }
- };
-
+
static const CipherTestVector KuznyechikTestVectors[] =
{
{
@@ -215,9 +199,6 @@ namespace VeraCrypt
CipherCamellia camellia;
TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors));
- CipherGost89StaticSBOX gost89;
- TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors));
-
CipherKuznyechik kuznyechik;
TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
}
@@ -653,32 +634,6 @@ namespace VeraCrypt
break;
}
}
- else if (typeid (ea) == typeid (GOST89))
- {
- switch (testCase)
- {
- case 0:
- if (crc != 0x12194ef5)
- throw TestFailed (SRC_POS);
- nTestsPerformed++;
- break;
- case 1:
- if (crc != 0xda8d429b)
- throw TestFailed (SRC_POS);
- nTestsPerformed++;
- break;
- case 2:
- if (crc != 0xdbf0b12e)
- throw TestFailed (SRC_POS);
- nTestsPerformed++;
- break;
- case 3:
- if (crc != 0xb986eb4a)
- throw TestFailed (SRC_POS);
- nTestsPerformed++;
- break;
- }
- }
else if (typeid (ea) == typeid (Kuznyechik))
{
switch (testCase)
@@ -1037,12 +992,6 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
- else if (typeid (ea) == typeid (GOST89))
- {
- if (crc != 0x9e8653cb)
- throw TestFailed (SRC_POS);
- nTestsPerformed++;
- }
else if (typeid (ea) == typeid (Kuznyechik))
{
if (crc != 0xd6d39cdb)
@@ -1121,7 +1070,7 @@ namespace VeraCrypt
nTestsPerformed++;
}
- if (nTestsPerformed != 160)
+ if (nTestsPerformed != 150)
throw TestFailed (SRC_POS);
}
@@ -1132,9 +1081,9 @@ namespace VeraCrypt
ConstBufferPtr salt (saltData, sizeof (saltData));
Buffer derivedKey (4);
- Pkcs5HmacRipemd160 pkcs5HmacRipemd160(false);
- pkcs5HmacRipemd160.DeriveKey (derivedKey, password, salt, 5);
- if (memcmp (derivedKey.Ptr(), "\x7a\x3d\x7c\x03", 4) != 0)
+ Pkcs5HmacBlake2s pkcs5HmacBlake2s;
+ pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
+ if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
throw TestFailed (SRC_POS);
Pkcs5HmacSha512 pkcs5HmacSha512(false);
diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp
index 3925dde6..aad900c1 100644
--- a/src/Volume/Hash.cpp
+++ b/src/Volume/Hash.cpp
@@ -12,7 +12,7 @@
#include "Hash.h"
-#include "Crypto/Rmd160.h"
+#include "Crypto/blake2.h"
#include "Crypto/Sha2.h"
#include "Crypto/Whirlpool.h"
#include "Crypto/Streebog.h"
@@ -25,9 +25,9 @@ namespace VeraCrypt
l.push_back (shared_ptr <Hash> (new Sha512 ()));
l.push_back (shared_ptr <Hash> (new Whirlpool ()));
+ l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Sha256 ()));
l.push_back (shared_ptr <Hash> (new Streebog ()));
- l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
return l;
}
@@ -45,28 +45,27 @@ namespace VeraCrypt
}
// RIPEMD-160
- Ripemd160::Ripemd160 ()
+ Blake2s::Blake2s ()
{
- Deprecated = true; // Mark RIPEMD-160 as deprecated like on Windows.
- Context.Allocate (sizeof (RMD160_CTX), 32);
+ Context.Allocate (sizeof (blake2s_state), 32);
Init();
}
- void Ripemd160::GetDigest (const BufferPtr &buffer)
+ void Blake2s::GetDigest (const BufferPtr &buffer)
{
if_debug (ValidateDigestParameters (buffer));
- RMD160Final (buffer, (RMD160_CTX *) Context.Ptr());
+ blake2s_final ((blake2s_state *) Context.Ptr(), buffer);
}
- void Ripemd160::Init ()
+ void Blake2s::Init ()
{
- RMD160Init ((RMD160_CTX *) Context.Ptr());
+ blake2s_init ((blake2s_state *) Context.Ptr());
}
- void Ripemd160::ProcessData (const ConstBufferPtr &data)
+ void Blake2s::ProcessData (const ConstBufferPtr &data)
{
if_debug (ValidateDataParameters (data));
- RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
+ blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
}
// SHA-256
diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h
index c76a6896..0e464b37 100644
--- a/src/Volume/Hash.h
+++ b/src/Volume/Hash.h
@@ -48,27 +48,27 @@ namespace VeraCrypt
Hash &operator= (const Hash &);
};
- // RIPEMD-160
- class Ripemd160 : public Hash
+ // Blake2s
+ class Blake2s : public Hash
{
public:
- Ripemd160 ();
- virtual ~Ripemd160 () { }
+ Blake2s ();
+ virtual ~Blake2s () { }
virtual void GetDigest (const BufferPtr &buffer);
virtual size_t GetBlockSize () const { return 64; }
- virtual size_t GetDigestSize () const { return 160 / 8; }
- virtual wstring GetName () const { return L"RIPEMD-160"; }
- virtual wstring GetAltName () const { return L"RIPEMD160"; }
- virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Ripemd160); }
+ virtual size_t GetDigestSize () const { return 32; }
+ virtual wstring GetName () const { return L"BLAKE2s-256"; }
+ virtual wstring GetAltName () const { return L"BLAKE2s"; }
+ virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Blake2s); }
virtual void Init ();
virtual void ProcessData (const ConstBufferPtr &data);
protected:
private:
- Ripemd160 (const Ripemd160 &);
- Ripemd160 &operator= (const Ripemd160 &);
+ Blake2s (const Blake2s &);
+ Blake2s &operator= (const Blake2s &);
};
// SHA-256
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index ba5f46dd..fee057a8 100644
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -58,14 +58,13 @@ namespace VeraCrypt
{
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (true)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (true)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (true)));
}
else
{
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
}
@@ -78,16 +77,16 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
- void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
+ void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
- derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
- void Pkcs5HmacRipemd160_1000::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
+ void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
- derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+ derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index 76cc56a0..25ad76e8 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -51,38 +51,38 @@ namespace VeraCrypt
Pkcs5Kdf &operator= (const Pkcs5Kdf &);
};
- class Pkcs5HmacRipemd160 : public Pkcs5Kdf
+ class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
{
public:
- Pkcs5HmacRipemd160 (bool truecryptMode) : Pkcs5Kdf (truecryptMode) { }
- virtual ~Pkcs5HmacRipemd160 () { }
+ Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf(false) { }
+ virtual ~Pkcs5HmacBlake2s_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
- virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
- virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; }
- virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
- virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); }
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
+ virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s_Boot(); }
private:
- Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &);
- Pkcs5HmacRipemd160 &operator= (const Pkcs5HmacRipemd160 &);
+ Pkcs5HmacBlake2s_Boot (const Pkcs5HmacBlake2s_Boot &);
+ Pkcs5HmacBlake2s_Boot &operator= (const Pkcs5HmacBlake2s_Boot &);
};
- class Pkcs5HmacRipemd160_1000 : public Pkcs5Kdf
+ class Pkcs5HmacBlake2s : public Pkcs5Kdf
{
public:
- Pkcs5HmacRipemd160_1000 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { }
- virtual ~Pkcs5HmacRipemd160_1000 () { }
+ Pkcs5HmacBlake2s () : Pkcs5Kdf(false) { }
+ virtual ~Pkcs5HmacBlake2s () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
- virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
- virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); }
- virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
- virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); }
+ virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
+ virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s(); }
private:
- Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &);
- Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &);
+ Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
+ Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
};
class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make
index a7f9ef0a..91f40fb7 100644
--- a/src/Volume/Volume.make
+++ b/src/Volume/Volume.make
@@ -71,17 +71,25 @@ else
OBJS += ../Crypto/Aescrypt.o
endif
+ifeq "$(GCC_GTEQ_430)" "1"
+OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
+OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
+else
+OBJS += ../Crypto/blake2s_SSE41.o
+OBJS += ../Crypto/blake2s_SSSE3.o
+endif
+
OBJS += ../Crypto/Aeskey.o
OBJS += ../Crypto/Aestab.o
OBJS += ../Crypto/cpu.o
-OBJS += ../Crypto/Rmd160.o
+OBJS += ../Crypto/blake2s.o
+OBJS += ../Crypto/blake2s_SSE2.o
OBJS += ../Crypto/SerpentFast.o
OBJS += ../Crypto/SerpentFast_simd.o
OBJS += ../Crypto/Sha2.o
OBJS += ../Crypto/Twofish.o
OBJS += ../Crypto/Whirlpool.o
OBJS += ../Crypto/Camellia.o
-OBJS += ../Crypto/GostCipher.o
OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o
diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp
index 0eaed427..3045ba83 100644
--- a/src/Volume/VolumeLayout.cpp
+++ b/src/Volume/VolumeLayout.cpp
@@ -100,7 +100,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
- SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@@ -146,7 +145,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
- SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@@ -199,7 +197,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
- SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@@ -229,10 +226,9 @@ namespace VeraCrypt
{
Pkcs5KdfList l;
if (!truecryptMode)
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
- l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 (truecryptMode)));
- if (!truecryptMode)
{
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
+ l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));