if (!IsRandomNumberGeneratorStarted())

throw ParameterIncorrect (SRC_POS);

volumeSize, 0, encryptedAreaStart, 0, TC_SYSENC_KEYSCOPE_MIN_REQ_PROG_VERSION, TC_HEADER_FLAG_ENCRYPTED_SYSTEM, TC_SECTOR_SIZE_BIOS, FALSE) != 0);

finally_do_arg (PCRYPTO_INFO*, &cryptoInfo, { crypto_close (*finally_arg); });

// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)

memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));

throw ParameterIncorrect (SRC_POS);

DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);

SystemDriveConfiguration config = GetSystemDriveConfiguration ();

Device device (config.DevicePath);

device.CheckOpened (SRC_POS);

}

device.SeekAt (headerOffset);

PCRYPTO_INFO cryptoInfo = NULL;

#endif

{

int nReturnCode = ERR_PASSWORD_WRONG;

int i, effectivePim;

void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);

void AddLegacyPasswordToCache (PasswordLegacy *password, int pim);

void WipeCache (void);

return 0;

}

{

switch (mode)

{

return L"XTS";

}

}

#endif // TC_WINDOWS_BOOT

}

#ifndef TC_WINDOWS_BOOT

{

keyInfo->keyLength = nUserKeyLen;

burn (keyInfo->userKey, sizeof (keyInfo->userKey));

BOOL IsCpuRngSupported ()

{

if (HasRDSEED() || HasRDRAND())

return TRUE;

else

return FALSE;

}

return index;

}

/* declaration of variables and functions used for RAM encryption on 64-bit build */

static uint8* pbKeyDerivationArea = NULL;

static ULONG cbKeyDerivationArea = 0;

int noIterations; /* Number of times to iterate (PKCS-5) */

int keyLength; /* Length of the key */

uint64 dummy; /* Dummy field to ensure 16-byte alignment of this structure */

} KEY_INFO, *PKEY_INFO;

#endif

PCRYPTO_INFO crypto_open (void);

#ifndef TC_WINDOWS_BOOT

void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo);

#endif

void crypto_close (PCRYPTO_INFO cryptoInfo);

int EAGetFirstMode (int ea);

int EAGetNextMode (int ea, int previousModeId);

#ifndef TC_WINDOWS_BOOT

#endif

int EAGetKeyScheduleSize (int ea);

int EAGetLargestKey ();

WINTRUST_DATA WVTData = {0};

wchar_t filePath [TC_MAX_PATH + 1024];

// Strip quotation marks (if any)

if (path [0] == L'"')

{

InitOSVersionInfo();

{

}

SetDefaultDllDirectoriesFn = (SetDefaultDllDirectoriesPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDefaultDllDirectories");

*/

{

int thid, i;

char *tmp_salt = {"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF\x01\x23\x45\x67\x89\xAB\xCD\xEF\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"};

for (thid = FIRST_PRF_ID; thid <= LAST_PRF_ID; thid++)

case SHA512:

/* PKCS-5 test with HMAC-SHA-512 used as the PRF */

break;

case SHA256:

/* PKCS-5 test with HMAC-SHA-256 used as the PRF */

break;

#ifndef WOLFCRYPT_BACKEND

case BLAKE2S:

/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */

break;

case WHIRLPOOL:

/* PKCS-5 test with HMAC-Whirlpool used as the PRF */

break;

case STREEBOG:

/* PKCS-5 test with HMAC-STREEBOG used as the PRF */

break;

}

#endif

else

{

if (bEncrypt)

{

int volumeType;

wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];

wchar_t szDosDevice[TC_MAX_PATH];

LARGE_INTEGER headerOffset;

DWORD dwResult;

DISK_GEOMETRY_EX deviceGeometry;

}

{

CRYPTO_INFO *newCryptoInfo = NULL;

BOOL DoDriverInstall (HWND hwndDlg);

int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);

void CloseVolume (OpenVolumeContext *context);

BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);

BOOL IsPagingFileWildcardActive ();

BOOL DisablePagingFile ();

{

TC_EVENT *CompletionEvent;

LONG *CompletionFlag;

int IterationCount;

TC_EVENT *NoOutstandingWorkItemEvent;

LONG *OutstandingWorkItemCount;

int PasswordLength;

int Pkcs5Prf;

} KeyDerivation;

}

{

EncryptionThreadPoolWorkItem *workItem;

size_t GetCpuCount (WORD* pGroupCount);

#endif

void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);

void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, uint8 *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);

BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);

PCRYPTO_INFO cryptoInfo = NULL;

HANDLE dev = INVALID_HANDLE_VALUE;

DWORD dwError;

unsigned __int64 num_sectors, startSector;

fatparams ft;

FILETIME ftCreationTime;

int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;

wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];

wchar_t szDosDevice[TC_MAX_PATH];

PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;

void *dev = INVALID_HANDLE_VALUE;

DWORD dwError;

sha256_ctx ctx;

sha256_ctx inner_digest_ctx; /*pre-computed inner digest context */

sha256_ctx outer_digest_ctx; /*pre-computed outer digest context */

} hmac_sha256_ctx;

void hmac_sha256_internal

(

int ld, /* length of input data in bytes */

hmac_sha256_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */

)

memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha256_ctx));

/**** Restore Precomputed Outer Digest Context ****/

memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha256_ctx));

}

#ifndef TC_WINDOWS_BOOT

void hmac_sha256

(

int lk, /* length of the key in bytes */

int ld /* length of data in bytes */

)

{

hmac_sha256_ctx hmac;

sha256_ctx* ctx;

int b;

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

#endif

/* If the key is longer than the hash algorithm block size,

let key = sha256(key), as per HMAC specifications. */

sha256_ctx tctx;

sha256_begin (&tctx);

k = key;

lk = SHA256_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x36, SHA256_BLOCKSIZE - lk);

/**** Precompute HMAC Outer Digest ****/

sha256_begin (ctx);

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk);

hmac_sha256_internal(d, ld, &hmac);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent leaks */

}

#endif

{

uint32 c;

int i;

#ifdef TC_WINDOWS_BOOT

/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */

memset (&k[salt_len], 0, 3);

#else

b = bswap_32 (b);

memcpy (&k[salt_len], &b, 4);

}

{

hmac_sha256_ctx hmac;

sha256_ctx* ctx;

int b, l, r;

#ifndef TC_WINDOWS_BOOT

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

#endif

/* If the password is longer than the hash algorithm block size,

let pwd = sha256(pwd), as per HMAC specifications. */

sha256_ctx tctx;

sha256_begin (&tctx);

pwd = key;

pwd_len = SHA256_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x36, SHA256_BLOCKSIZE - pwd_len);

/**** Precompute HMAC Outer Digest ****/

sha256_begin (ctx);

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x5C, SHA256_BLOCKSIZE - pwd_len);

/* first l - 1 blocks */

for (b = 1; b < l; b++)

derive_u_sha256 (salt, salt_len, iterations, b, &hmac);

memcpy (dk, hmac.u, r);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent possible leaks. */

sha512_ctx ctx;

sha512_ctx inner_digest_ctx; /*pre-computed inner digest context */

sha512_ctx outer_digest_ctx; /*pre-computed outer digest context */

} hmac_sha512_ctx;

void hmac_sha512_internal

(

int ld, /* length of data in bytes */

hmac_sha512_ctx* hmac

)

memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha512_ctx));

/**** Restore Precomputed Outer Digest Context ****/

memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha512_ctx));

}

void hmac_sha512

(

int lk, /* length of the key in bytes */

int ld /* length of data in bytes */

)

{

hmac_sha512_ctx hmac;

sha512_ctx* ctx;

int b;

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

#endif

/* If the key is longer than the hash algorithm block size,

sha512_ctx tctx;

sha512_begin (&tctx);

k = key;

lk = SHA512_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x36, SHA512_BLOCKSIZE - lk);

/**** Precompute HMAC Outer Digest ****/

sha512_begin (ctx);

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x5C, SHA512_BLOCKSIZE - lk);

hmac_sha512_internal (d, ld, &hmac);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent leaks */

burn (key, sizeof(key));

}

{

uint32 c, i;

/* iteration 1 */

}

{

hmac_sha512_ctx hmac;

sha512_ctx* ctx;

int b, l, r;

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

#endif

/* If the password is longer than the hash algorithm block size,

sha512_ctx tctx;

sha512_begin (&tctx);

pwd = key;

pwd_len = SHA512_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x36, SHA512_BLOCKSIZE - pwd_len);

/**** Precompute HMAC Outer Digest ****/

sha512_begin (ctx);

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x5C, SHA512_BLOCKSIZE - pwd_len);

/* first l - 1 blocks */

for (b = 1; b < l; b++)

derive_u_sha512 (salt, salt_len, iterations, b, &hmac);

memcpy (dk, hmac.u, r);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent possible leaks. */

blake2s_state ctx;

blake2s_state inner_digest_ctx; /*pre-computed inner digest context */

blake2s_state outer_digest_ctx; /*pre-computed outer digest context */

} hmac_blake2s_ctx;

void hmac_blake2s_internal

(

int ld, /* length of input data in bytes */

hmac_blake2s_ctx* hmac /* HMAC-BLAKE2S context which holds temporary variables */

)

blake2s_update (ctx, d, ld);

/**** Restore Precomputed Outer Digest Context ****/

blake2s_update (ctx, d, BLAKE2S_DIGESTSIZE);

}

#ifndef TC_WINDOWS_BOOT

void hmac_blake2s

(

int lk, /* length of the key in bytes */

int ld /* length of data in bytes */

)

{

hmac_blake2s_ctx hmac;

blake2s_state* ctx;

int b;

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

#endif

/* If the key is longer than the hash algorithm block size,

let key = blake2s(key), as per HMAC specifications. */

blake2s_init (&tctx);

blake2s_update (&tctx, k, lk);

k = key;

lk = BLAKE2S_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk);

/**** Precompute HMAC Outer Digest ****/

blake2s_init (ctx);

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x5C, BLAKE2S_BLOCKSIZE - lk);

hmac_blake2s_internal(d, ld, &hmac);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent leaks */

}

#endif

{

uint32 c;

int i;

#ifdef TC_WINDOWS_BOOT

/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */

memset (&k[salt_len], 0, 3);

#else

b = bswap_32 (b);

memcpy (&k[salt_len], &b, 4);

}

{

hmac_blake2s_ctx hmac;

blake2s_state* ctx;

int b, l, r;

#ifndef TC_WINDOWS_BOOT

NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

XSTATE_SAVE SaveState;

if (IsCpuIntel() && HasSAVX())

saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);

KFLOATING_SAVE floatingPointState;

if (HasSSE2())

saveStatus = KeSaveFloatingPointState (&floatingPointState);

#endif

/* If the password is longer than the hash algorithm block size,

let pwd = blake2s(pwd), as per HMAC specifications. */

if (pwd_len > BLAKE2S_BLOCKSIZE)

blake2s_init (&tctx);

blake2s_update (&tctx, pwd, pwd_len);

pwd = key;

pwd_len = BLAKE2S_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len);

blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);

blake2s_init (ctx);

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len);

blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);

derive_u_blake2s (salt, salt_len, iterations, b, &hmac);

memcpy (dk, hmac.u, r);

if (NT_SUCCESS (saveStatus))

KeRestoreExtendedProcessorStateVC(&SaveState);

#endif

/* Prevent possible leaks. */

WHIRLPOOL_CTX ctx;

WHIRLPOOL_CTX inner_digest_ctx; /*pre-computed inner digest context */

WHIRLPOOL_CTX outer_digest_ctx; /*pre-computed outer digest context */

} hmac_whirlpool_ctx;

void hmac_whirlpool_internal

(

int ld, /* length of input data in bytes */

hmac_whirlpool_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */

)

memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (WHIRLPOOL_CTX));

/**** Restore Precomputed Outer Digest Context ****/

memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (WHIRLPOOL_CTX));

}

void hmac_whirlpool

(

int lk, /* length of the key in bytes */

int ld /* length of data in bytes */

)

{

hmac_whirlpool_ctx hmac;

WHIRLPOOL_CTX* ctx;

int b;

/* If the key is longer than the hash algorithm block size,

let key = whirlpool(key), as per HMAC specifications. */

if (lk > WHIRLPOOL_BLOCKSIZE)

WHIRLPOOL_CTX tctx;

WHIRLPOOL_init (&tctx);

k = key;

lk = WHIRLPOOL_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x36, WHIRLPOOL_BLOCKSIZE - lk);

/**** Precompute HMAC Outer Digest ****/

WHIRLPOOL_init (ctx);

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x5C, WHIRLPOOL_BLOCKSIZE - lk);

hmac_whirlpool_internal(d, ld, &hmac);

/* Prevent leaks */

burn(&hmac, sizeof(hmac));

}

{

uint32 c, i;

/* iteration 1 */

}

}

{

hmac_whirlpool_ctx hmac;

WHIRLPOOL_CTX* ctx;

int b, l, r;

/* If the password is longer than the hash algorithm block size,

let pwd = whirlpool(pwd), as per HMAC specifications. */

if (pwd_len > WHIRLPOOL_BLOCKSIZE)

WHIRLPOOL_CTX tctx;

WHIRLPOOL_init (&tctx);

pwd = key;

pwd_len = WHIRLPOOL_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x36, WHIRLPOOL_BLOCKSIZE - pwd_len);

/**** Precompute HMAC Outer Digest ****/

WHIRLPOOL_init (ctx);

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x5C, WHIRLPOOL_BLOCKSIZE - pwd_len);

/* first l - 1 blocks */

for (b = 1; b < l; b++)

derive_u_whirlpool (salt, salt_len, iterations, b, &hmac);

memcpy (dk, hmac.u, r);

/* Prevent possible leaks. */

burn (&hmac, sizeof(hmac));

burn (key, sizeof(key));

STREEBOG_CTX ctx;

STREEBOG_CTX inner_digest_ctx; /*pre-computed inner digest context */

STREEBOG_CTX outer_digest_ctx; /*pre-computed outer digest context */

} hmac_streebog_ctx;

void hmac_streebog_internal

(

int ld, /* length of input data in bytes */

hmac_streebog_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */

)

memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (STREEBOG_CTX));

/**** Restore Precomputed Outer Digest Context ****/

memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (STREEBOG_CTX));

}

void hmac_streebog

(

int lk, /* length of the key in bytes */

int ld /* length of data in bytes */

)

{

hmac_streebog_ctx hmac;

STREEBOG_CTX* ctx;

int b;

/* If the key is longer than the hash algorithm block size,

let key = streebog(key), as per HMAC specifications. */

if (lk > STREEBOG_BLOCKSIZE)

STREEBOG_CTX tctx;

STREEBOG_init (&tctx);

k = key;

lk = STREEBOG_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x36, STREEBOG_BLOCKSIZE - lk);

/**** Precompute HMAC Outer Digest ****/

STREEBOG_init (ctx);

for (b = 0; b < lk; ++b)

memset (&buf[lk], 0x5C, STREEBOG_BLOCKSIZE - lk);

hmac_streebog_internal(d, ld, &hmac);

/* Prevent leaks */

burn(&hmac, sizeof(hmac));

}

{

uint32 c, i;

/* iteration 1 */

}

}

{

hmac_streebog_ctx hmac;

STREEBOG_CTX* ctx;

int b, l, r;

/* If the password is longer than the hash algorithm block size,

let pwd = streebog(pwd), as per HMAC specifications. */

if (pwd_len > STREEBOG_BLOCKSIZE)

STREEBOG_CTX tctx;

STREEBOG_init (&tctx);

pwd = key;

pwd_len = STREEBOG_DIGESTSIZE;

/* Pad the key for inner digest */

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x36, STREEBOG_BLOCKSIZE - pwd_len);

/**** Precompute HMAC Outer Digest ****/

STREEBOG_init (ctx);

for (b = 0; b < pwd_len; ++b)

memset (&buf[pwd_len], 0x5C, STREEBOG_BLOCKSIZE - pwd_len);

/* first l - 1 blocks */

for (b = 1; b < l; b++)

derive_u_streebog (salt, salt_len, iterations, b, &hmac);

memcpy (dk, hmac.u, r);

/* Prevent possible leaks. */

burn (&hmac, sizeof(hmac));

burn (key, sizeof(key));

{

#endif

/* output written to input_digest which must be at lease 32 bytes long */

/* output written to d which must be at lease 32 bytes long */

#ifndef TC_WINDOWS_BOOT

/* output written to d which must be at lease 64 bytes long */

/* output written to d which must be at lease 64 bytes long */

int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot);

wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id);

#include <ntddk.h> /* Standard header file for nt drivers */

#include <ntdddisk.h> /* Standard I/O control codes */

extern ULONG AllocTag;

#define TCfree(memblock) ExFreePoolWithTag( memblock, AllocTag )

#define DEVICE_DRIVER

return count;

}

{

CRYPTOPP_ALIGN_DATA (16) unsigned char input[256];

unsigned char output[64];

unsigned char digest[64];

unsigned long i = 0, inputLen, outputLen, digestLen;

BOOL bRet = TRUE;

while (vector[i].hexInput && vector[i].hexOutput)

{

inputLen = HexStringToByteArray (vector[i].hexInput, input);

i++;

}

return bRet;

}

unsigned char ks_tmp[MAX_EXPANDED_KEY];

{

switch (cipher)

{

static BOOL DoAutoTestAlgorithms (void)

{

PCRYPTO_INFO ci;

unsigned char tmp[16];

BOOL bFailed = FALSE;

int i;

{

uint8 testData[1024];

uint32 origCrc;

for (i = 0; i < sizeof (testData); ++i)

{

for (i = 0; i < sizeof (hmac_sha256_test_data) / sizeof(char *); i++)

{

size_t dataLen = strlen (hmac_sha256_test_data[i]);

if (dataLen <= sizeof(digest))

{

memcpy (digest, hmac_sha256_test_data[i], dataLen);

if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0)

return FALSE;

else

for (i = 0; i < sizeof (hmac_sha512_test_data) / sizeof(char *); i++)

{

size_t dataLen = strlen (hmac_sha512_test_data[i]);

if (dataLen <= sizeof(digest))

{

memcpy (digest, hmac_sha512_test_data[i], dataLen );

if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0)

return FALSE;

else

for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++)

{

size_t dataLen = strlen (hmac_blake2s_test_data[i]);

if (dataLen <= sizeof(digest))

{

memcpy (digest, hmac_blake2s_test_data[i], dataLen);

if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)

return FALSE;

else

unsigned char digest[1024]; /* large enough to hold digets and test vector inputs */

memcpy (digest, hmac_whirlpool_test_data, strlen (hmac_whirlpool_test_data));

if (memcmp (digest, hmac_whirlpool_test_vectors, WHIRLPOOL_DIGESTSIZE) != 0)

return FALSE;

#ifndef WOLFCRYPT_BACKEND

BOOL test_hmac_streebog ()

{

memcpy (digest, gost3411_2012_hmac_m1, sizeof (gost3411_2012_hmac_m1));

if (memcmp (digest, gost3411_2012_hmac_r1, STREEBOG_DIGESTSIZE) != 0)

return FALSE;

BOOL test_pkcs5 ()

{

/* HMAC-SHA-256 tests */

if (!test_hmac_sha256())

return FALSE;

/* Blake2s hash tests */

return FALSE;

/* HMAC-Whirlpool tests */

return FALSE;

/* STREEBOG hash tests */

return FALSE;

#endif

/* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */

if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-SHA-256 used as the PRF (https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors) */

if (memcmp (dk, "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32) != 0)

return FALSE;

/* PKCS-5 test 3 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */

if (memcmp (dk, "\xf2\xa0\x4f\xb2", 4) != 0)

return FALSE;

/* PKCS-5 test 4 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */

if (memcmp (dk, "\xf2\xa0\x4f\xb2\xd3\xe9\xa5\xd8\x51\x0b\x5c\x06\xdf\x70\x8e\x24\xe9\xc7\xd9\x15\x3d\x22\xcd\xde\xb8\xa6\xdb\xfd\x71\x85\xc6\x99\x32\xc0\xee\x37\x27\xf7\x24\xcf\xea\xa6\xac\x73\xa1\x4c\x4e\x52\x9b\x94\xf3\x54\x06\xfc\x04\x65\xa1\x0a\x24\xfe\xf0\x98\x1d\xa6\x22\x28\xeb\x24\x55\x74\xce\x6a\x3a\x28\xe2\x04\x3a\x59\x13\xec\x3f\xf2\xdb\xcf\x58\xdd\x53\xd9\xf9\x17\xf6\xda\x74\x06\x3c\x0b\x66\xf5\x0f\xf5\x58\xa3\x27\x52\x8c\x5b\x07\x91\xd0\x81\xeb\xb6\xbc\x30\x69\x42\x71\xf2\xd7\x18\x42\xbe\xe8\x02\x93\x70\x66\xad\x35\x65\xbc\xf7\x96\x8e\x64\xf1\xc6\x92\xda\xe0\xdc\x1f\xb5\xf4", 144) != 0)

return FALSE;

/* PKCS-5 test 1 with HMAC-SHA-512 used as the PRF */

if (memcmp (dk, "\x13\x64\xae\xf8", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-SHA-512 used as the PRF (derives a key longer than the underlying

hash output size and block size) */

if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)

return FALSE;

#ifndef WOLFCRYPT_BACKEND

/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */

if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */

if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)

return FALSE;

/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */

if (memcmp (dk, "\x50\x7c\x36\x6f", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-Whirlpool used as the PRF (derives a key longer than the underlying hash) */

if (memcmp (dk, "\x50\x7c\x36\x6f\xee\x10\x2e\x9a\xe2\x8a\xd5\x82\x72\x7d\x27\x0f\xe8\x4d\x7f\x68\x7a\xcf\xb5\xe7\x43\x67\xaa\x98\x93\x52\x2b\x09\x6e\x42\xdf\x2c\x59\x4a\x91\x6d\x7e\x10\xae\xb2\x1a\x89\x8f\xb9\x8f\xe6\x31\xa9\xd8\x9f\x98\x26\xf4\xda\xcd\x7d\x65\x65\xde\x10\x95\x91\xb4\x84\x26\xae\x43\xa1\x00\x5b\x1e\xb8\x38\x97\xa4\x1e\x4b\xd2\x65\x64\xbc\xfa\x1f\x35\x85\xdb\x4f\x97\x65\x6f\xbd\x24", 96) != 0)

return FALSE;

/* PKCS-5 test 1 with HMAC-STREEBOG used as the PRF */

if (memcmp (dk, "\xd0\x53\xa2\x30", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-STREEBOG used as the PRF (derives a key longer than the underlying hash) */

if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0)

return FALSE;

#endif

extern unsigned char ks_tmp[MAX_EXPANDED_KEY];

BOOL test_hmac_sha512 (void);

BOOL test_hmac_blake2s (void);

BOOL test_hmac_whirlpool (void);

typedef struct

{

BOOL Free;

LONG KeyReady;

int Pkcs5Prf;

BOOL ReadVolumeHeaderRecoveryMode = FALSE;

{

unsigned char* keyInfoBuffer = NULL;

int keyInfoBufferSize = sizeof (KEY_INFO) + 16;

size_t keyInfoBufferOffset;

PKEY_INFO keyInfo;

PCRYPTO_INFO cryptoInfo;

int enqPkcs5Prf, pkcs5_prf;

uint16 headerVersion;

int status = ERR_PARAMETER_INCORRECT;

#else // TC_WINDOWS_BOOT

{

#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE

#else

#endif

PCRYPTO_INFO cryptoInfo;

// Creates a volume header in memory

#if defined(_UEFI)

int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,

unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,

unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)

#else

int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,

unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,

unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)

#endif // !defined(_UEFI)

{

static CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo;

int nUserKeyLen = password? password->Length : 0;

uint32 GetHeaderField32 (uint8 *header, int offset);

UINT64_STRUCT GetHeaderField64 (uint8 *header, int offset);

#if defined(TC_WINDOWS_BOOT)

#elif defined(_UEFI)

BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll);

#else

#if defined(_WIN32) && !defined(_UEFI)

void ComputeBootloaderFingerprint (uint8 *bootLoaderBuf, unsigned int bootLoaderSize, uint8* fingerprint);

#endif

#endif

#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) && !defined(_UEFI)

BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, uint8 *header, DWORD *bytesRead);

BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, uint8 *header);

int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly);

#include "Wipe.h"

// Fill buffer with wipe patterns defined in "National Industrial Security Program Operating Manual", US DoD 5220.22-M.

// Return: FALSE = buffer must be filled with random data

{

case TC_WIPE_1_RAND:

case TC_WIPE_256:

case TC_WIPE_3_DOD_5220:

return Wipe3Dod5220 (pass, buffer, size);