VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Crypto.h
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-10-14 17:09:18 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:23:50 +0100
commitf38cf0b6943da24c802424f53588b54aada48fd8 (patch)
tree6cf5ff0e6d51e6a022b6be29780f215195a403f6 /src/Common/Crypto.h
parentbd7d151abf2c51e24a0dc60f7400c0388904c9f1 (diff)
downloadVeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.tar.gz
VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.zip
Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160.
Diffstat (limited to 'src/Common/Crypto.h')
-rw-r--r--src/Common/Crypto.h23
1 files changed, 15 insertions, 8 deletions
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 651da737..7875e1a5 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -48,11 +48,10 @@ extern "C" {
// Hash algorithms (pseudorandom functions).
enum
{
- RIPEMD160 = FIRST_PRF_ID,
-#ifndef TC_WINDOWS_BOOT
- SHA512,
+ SHA512 = FIRST_PRF_ID,
WHIRLPOOL,
-#endif
+ SHA256,
+ RIPEMD160,
HASH_ENUM_END_ID
};
@@ -62,6 +61,9 @@ enum
#define RIPEMD160_BLOCKSIZE 64
#define RIPEMD160_DIGESTSIZE 20
+#define SHA256_BLOCKSIZE 64
+#define SHA256_DIGESTSIZE 32
+
#define SHA512_BLOCKSIZE 128
#define SHA512_DIGESTSIZE 64
@@ -71,7 +73,7 @@ enum
#define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE
#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID
-#define DEFAULT_HASH_ALGORITHM_BOOT RIPEMD160
+#define DEFAULT_HASH_ALGORITHM_BOOT SHA256
// The mode of operation used for newly created volumes and first to try when mounting
#define FIRST_MODE_OF_OPERATION_ID 1
@@ -207,8 +209,7 @@ typedef struct CRYPTO_INFO_t
unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
unsigned __int8 salt[PKCS5_SALT_SIZE];
- int noIterations;
- int pkcs5;
+ int noIterations;
uint64 volume_creation_time; // Legacy
uint64 header_creation_time; // Legacy
@@ -239,6 +240,7 @@ typedef struct CRYPTO_INFO_t
UINT64_STRUCT EncryptedAreaLength;
uint32 HeaderFlags;
+ int pkcs5;
} CRYPTO_INFO, *PCRYPTO_INFO;
@@ -292,9 +294,14 @@ BOOL EAIsModeSupported (int ea, int testedMode);
const
#endif
char *HashGetName (int hash_algo_id);
-BOOL HashIsDeprecated (int hashId);
+#ifndef TC_WINDOWS_BOOT
+void HashGetName2 (char *buf, int hashId);
+BOOL HashIsDeprecated (int hashId);
+BOOL HashForSystemEncryption (int hashId);
int GetMaxPkcs5OutSize (void);
+#endif
+
void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);