VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Volumes.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-07 00:45:30 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-08 00:29:26 +0100
commit36795a688fd1d5bb9f497970938d9fcb08cfc330 (patch)
tree24ffb2320c1f72c16b96c13fa4dddda4267065ee /src/Common/Volumes.c
parent2dee49d3c8422aa1aa11c8630823aab3028cccd5 (diff)
downloadVeraCrypt-36795a688fd1d5bb9f497970938d9fcb08cfc330.tar.gz
VeraCrypt-36795a688fd1d5bb9f497970938d9fcb08cfc330.zip
Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.
Diffstat (limited to 'src/Common/Volumes.c')
-rw-r--r--src/Common/Volumes.c34
1 files changed, 23 insertions, 11 deletions
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 7bfb8ec2..902c1699 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -27,6 +27,8 @@
#ifndef DEVICE_DRIVER
#include "Random.h"
+#else
+#include "cpu.h"
#endif
#endif // !defined(_UEFI)
@@ -378,8 +380,8 @@ KeyReady: ;
switch (pkcs5_prf)
{
- case RIPEMD160:
- derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
+ case BLAKE2S:
+ derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
@@ -577,12 +579,22 @@ KeyReady: ;
memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
#ifdef TC_WINDOWS_DRIVER
{
- RMD160_CTX ctx;
- RMD160Init (&ctx);
- RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
- RMD160Update (&ctx, header, sizeof(header));
- RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
+ blake2s_state ctx;
+#ifndef _WIN64
+ NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+ KFLOATING_SAVE floatingPointState;
+ if (HasSSE2())
+ saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+ blake2s_init (&ctx);
+ blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
+ blake2s_update (&ctx, header, sizeof(header));
+ blake2s_final (&ctx, cryptoInfo->master_keydata_hash);
burn(&ctx, sizeof (ctx));
+#ifndef _WIN64
+ if (NT_SUCCESS (saveStatus))
+ KeRestoreFloatingPointState (&floatingPointState);
+#endif
}
#else
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
@@ -709,7 +721,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#else
- derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+ derive_key_blake2s (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#endif
@@ -792,7 +804,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
#ifdef TC_WINDOWS_BOOT_SHA2
cryptoInfo->pkcs5 = SHA256;
#else
- cryptoInfo->pkcs5 = RIPEMD160;
+ cryptoInfo->pkcs5 = BLAKE2S;
#endif
memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk));
@@ -981,8 +993,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
- case RIPEMD160:
- derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ case BLAKE2S:
+ derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;