diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-14 17:14:54 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:23:53 +0100 |
commit | 68f16dae244752e8bdf112e8feeb6a0839088a3e (patch) | |
tree | 94b1f5ab11b4d08661d838704bf08c14eb2e46a4 /src/Common/BootEncryption.cpp | |
parent | f38cf0b6943da24c802424f53588b54aada48fd8 (diff) | |
download | VeraCrypt-68f16dae244752e8bdf112e8feeb6a0839088a3e.tar.gz VeraCrypt-68f16dae244752e8bdf112e8feeb6a0839088a3e.zip |
Implement support for creating and booting encrypted partition using SHA-256. Support SHA-256 for normal volumes as well.
Diffstat (limited to 'src/Common/BootEncryption.cpp')
-rw-r--r-- | src/Common/BootEncryption.cpp | 76 |
1 files changed, 66 insertions, 10 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 9f848fc7..be521fd6 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -375,6 +375,7 @@ namespace VeraCrypt RescueIsoImage (nullptr),
RescueVolumeHeaderValid (false),
SelectedEncryptionAlgorithmId (0),
+ SelectedPrfAlgorithmId (0),
VolumeHeaderValid (false)
{
HiddenOSCandidatePartition.IsGPT = FALSE;
@@ -975,11 +976,16 @@ namespace VeraCrypt ZeroMemory (buffer, bufferSize);
int ea = 0;
+ int pkcs5_prf = 0;
if (GetStatus().DriveMounted)
{
try
{
GetBootEncryptionAlgorithmNameRequest request;
+ // since we added new field to GetBootEncryptionAlgorithmNameRequest since version 1.0f
+ // we zero all the structure so that if we are talking to an older driver, the field
+ // BootPrfAlgorithmName will be an empty string
+ ZeroMemory(&request, sizeof(request));
CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME, NULL, 0, &request, sizeof (request));
if (_stricmp (request.BootEncryptionAlgorithmName, "AES") == 0)
@@ -988,6 +994,13 @@ namespace VeraCrypt ea = SERPENT;
else if (_stricmp (request.BootEncryptionAlgorithmName, "Twofish") == 0)
ea = TWOFISH;
+
+ if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
+ pkcs5_prf = SHA256;
+ else if (_stricmp(request.BootPrfAlgorithmName, "RIPEMD-160") == 0)
+ pkcs5_prf = RIPEMD160;
+ else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
+ pkcs5_prf = RIPEMD160;
}
catch (...)
{
@@ -996,36 +1009,77 @@ namespace VeraCrypt VOLUME_PROPERTIES_STRUCT properties;
GetVolumeProperties (&properties);
ea = properties.ea;
+ pkcs5_prf = properties.pkcs5;
}
catch (...) { }
}
}
else
{
- if (SelectedEncryptionAlgorithmId == 0)
+ if (SelectedEncryptionAlgorithmId == 0 || SelectedPrfAlgorithmId == 0)
throw ParameterIncorrect (SRC_POS);
ea = SelectedEncryptionAlgorithmId;
+ pkcs5_prf = SelectedPrfAlgorithmId;
}
- int bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR : IDR_BOOT_SECTOR;
- int bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER : IDR_BOOT_LOADER;
+ // Only RIPEMD160 and SHA-256 are supported for boot loader
+ if (pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
+ throw ParameterIncorrect (SRC_POS);
+
+ int bootSectorId = 0;
+ int bootLoaderId = 0;
+
+ if (pkcs5_prf == SHA256)
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SHA2 : IDR_BOOT_SECTOR_SHA2;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SHA2 : IDR_BOOT_LOADER_SHA2;
+ }
+ else
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR : IDR_BOOT_SECTOR;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER : IDR_BOOT_LOADER;
+ }
switch (ea)
{
case AES:
- bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES : IDR_BOOT_SECTOR_AES;
- bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES : IDR_BOOT_LOADER_AES;
+ if (pkcs5_prf == SHA256)
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES_SHA2 : IDR_BOOT_SECTOR_AES_SHA2;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES_SHA2 : IDR_BOOT_LOADER_AES_SHA2;
+ }
+ else
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES : IDR_BOOT_SECTOR_AES;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES : IDR_BOOT_LOADER_AES;
+ }
break;
case SERPENT:
- bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT : IDR_BOOT_SECTOR_SERPENT;
- bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT : IDR_BOOT_LOADER_SERPENT;
+ if (pkcs5_prf == SHA256)
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT_SHA2 : IDR_BOOT_SECTOR_SERPENT_SHA2;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT_SHA2 : IDR_BOOT_LOADER_SERPENT_SHA2;
+ }
+ else
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT : IDR_BOOT_SECTOR_SERPENT;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT : IDR_BOOT_LOADER_SERPENT;
+ }
break;
case TWOFISH:
- bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH : IDR_BOOT_SECTOR_TWOFISH;
- bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH : IDR_BOOT_LOADER_TWOFISH;
+ if (pkcs5_prf == SHA256)
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH_SHA2 : IDR_BOOT_SECTOR_TWOFISH_SHA2;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH_SHA2 : IDR_BOOT_LOADER_TWOFISH_SHA2;
+ }
+ else
+ {
+ bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH : IDR_BOOT_SECTOR_TWOFISH;
+ bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH : IDR_BOOT_LOADER_TWOFISH;
+ }
break;
}
@@ -1084,7 +1138,7 @@ namespace VeraCrypt buffer[TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE;
}
- else if (!rescueDisk && bootLoaderId != IDR_BOOT_LOADER)
+ else if (!rescueDisk && bootLoaderId != IDR_BOOT_LOADER && bootLoaderId != IDR_BOOT_LOADER_SHA2)
{
throw ParameterIncorrect (SRC_POS);
}
@@ -2253,6 +2307,7 @@ namespace VeraCrypt BackupSystemLoader();
SelectedEncryptionAlgorithmId = ea;
+ SelectedPrfAlgorithmId = pkcs5;
}
@@ -2307,6 +2362,7 @@ namespace VeraCrypt }
SelectedEncryptionAlgorithmId = ea;
+ SelectedPrfAlgorithmId = pkcs5;
CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5);
if (!rescueIsoImagePath.empty())
|