diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-14 17:09:18 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:23:50 +0100 |
commit | f38cf0b6943da24c802424f53588b54aada48fd8 (patch) | |
tree | 6cf5ff0e6d51e6a022b6be29780f215195a403f6 /src/Common/Crypto.h | |
parent | bd7d151abf2c51e24a0dc60f7400c0388904c9f1 (diff) | |
download | VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.tar.gz VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.zip |
Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160.
Diffstat (limited to 'src/Common/Crypto.h')
-rw-r--r-- | src/Common/Crypto.h | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 651da737..7875e1a5 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -48,11 +48,10 @@ extern "C" { // Hash algorithms (pseudorandom functions).
enum
{
- RIPEMD160 = FIRST_PRF_ID,
-#ifndef TC_WINDOWS_BOOT
- SHA512,
+ SHA512 = FIRST_PRF_ID,
WHIRLPOOL,
-#endif
+ SHA256,
+ RIPEMD160,
HASH_ENUM_END_ID
};
@@ -62,6 +61,9 @@ enum #define RIPEMD160_BLOCKSIZE 64
#define RIPEMD160_DIGESTSIZE 20
+#define SHA256_BLOCKSIZE 64
+#define SHA256_DIGESTSIZE 32
+
#define SHA512_BLOCKSIZE 128
#define SHA512_DIGESTSIZE 64
@@ -71,7 +73,7 @@ enum #define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE
#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID
-#define DEFAULT_HASH_ALGORITHM_BOOT RIPEMD160
+#define DEFAULT_HASH_ALGORITHM_BOOT SHA256
// The mode of operation used for newly created volumes and first to try when mounting
#define FIRST_MODE_OF_OPERATION_ID 1
@@ -207,8 +209,7 @@ typedef struct CRYPTO_INFO_t unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
unsigned __int8 salt[PKCS5_SALT_SIZE];
- int noIterations;
- int pkcs5;
+ int noIterations;
uint64 volume_creation_time; // Legacy
uint64 header_creation_time; // Legacy
@@ -239,6 +240,7 @@ typedef struct CRYPTO_INFO_t UINT64_STRUCT EncryptedAreaLength;
uint32 HeaderFlags;
+ int pkcs5;
} CRYPTO_INFO, *PCRYPTO_INFO;
@@ -292,9 +294,14 @@ BOOL EAIsModeSupported (int ea, int testedMode); const
#endif
char *HashGetName (int hash_algo_id);
-BOOL HashIsDeprecated (int hashId);
+#ifndef TC_WINDOWS_BOOT
+void HashGetName2 (char *buf, int hashId);
+BOOL HashIsDeprecated (int hashId);
+BOOL HashForSystemEncryption (int hashId);
int GetMaxPkcs5OutSize (void);
+#endif
+
void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
|