VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common/Crypto.c')
-rw-r--r--src/Common/Crypto.c874
1 files changed, 10 insertions, 864 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index dd30e488..d8f8ae3a 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -45,38 +45,27 @@ static Cipher Ciphers[] =
45 { AES, "AES", 16, 32, AES_KS }, 45 { AES, "AES", 16, 32, AES_KS },
46 { SERPENT, "Serpent", 16, 32, 140*4 }, 46 { SERPENT, "Serpent", 16, 32, 140*4 },
47 { TWOFISH, "Twofish", 16, 32, TWOFISH_KS }, 47 { TWOFISH, "Twofish", 16, 32, TWOFISH_KS },
48#ifndef TC_WINDOWS_BOOT
49 { BLOWFISH, "Blowfish", 8, 56, sizeof (BF_KEY) }, // Deprecated/legacy
50 { CAST, "CAST5", 8, 16, sizeof (CAST_KEY) }, // Deprecated/legacy
51 { TRIPLEDES,"Triple DES", 8, 8*3, sizeof (TDES_KEY) }, // Deprecated/legacy
52#endif
53 { 0, 0, 0, 0, 0 } 48 { 0, 0, 0, 0, 0 }
54}; 49};
55 50
56 51
57// Encryption algorithm configuration 52// Encryption algorithm configuration
58// The following modes have been deprecated (legacy): LRW, CBC, INNER_CBC, OUTER_CBC
59static EncryptionAlgorithm EncryptionAlgorithms[] = 53static EncryptionAlgorithm EncryptionAlgorithms[] =
60{ 54{
61 // Cipher(s) Modes FormatEnabled 55 // Cipher(s) Modes FormatEnabled
62 56
63#ifndef TC_WINDOWS_BOOT 57#ifndef TC_WINDOWS_BOOT
64 58
65 { { 0, 0 }, { 0, 0, 0, 0 }, 0 }, // Must be all-zero 59 { { 0, 0 }, { 0, 0}, 0 }, // Must be all-zero
66 { { AES, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 60 { { AES, 0 }, { XTS, 0 }, 1 },
67 { { SERPENT, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 61 { { SERPENT, 0 }, { XTS, 0 }, 1 },
68 { { TWOFISH, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 62 { { TWOFISH, 0 }, { XTS, 0 }, 1 },
69 { { TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 63 { { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
70 { { SERPENT, TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 64 { { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
71 { { AES, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 65 { { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
72 { { AES, TWOFISH, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 66 { { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },
73 { { SERPENT, TWOFISH, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 67 { { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },
74 { { BLOWFISH, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy 68 { { 0, 0 }, { 0, 0}, 0 } // Must be all-zero
75 { { CAST, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
76 { { TRIPLEDES, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
77 { { BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
78 { { SERPENT, BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
79 { { 0, 0 }, { 0, 0, 0, 0 }, 0 } // Must be all-zero
80 69
81#else // TC_WINDOWS_BOOT 70#else // TC_WINDOWS_BOOT
82 71
@@ -105,7 +94,6 @@ static Hash Hashes[] =
105#ifndef TC_WINDOWS_BOOT 94#ifndef TC_WINDOWS_BOOT
106 { SHA512, "SHA-512", FALSE, FALSE }, 95 { SHA512, "SHA-512", FALSE, FALSE },
107 { WHIRLPOOL, "Whirlpool", FALSE, FALSE }, 96 { WHIRLPOOL, "Whirlpool", FALSE, FALSE },
108 { SHA1, "SHA-1", TRUE, FALSE }, // Deprecated/legacy
109#endif 97#endif
110 { 0, 0, 0 } 98 { 0, 0, 0 }
111}; 99};
@@ -138,32 +126,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
138 twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8); 126 twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8);
139 break; 127 break;
140 128
141#ifndef TC_WINDOWS_BOOT
142
143 case BLOWFISH:
144 /* Deprecated/legacy */
145 BlowfishSetKey ((BF_KEY *)ks, CipherGetKeySize(BLOWFISH), key);
146 break;
147
148 case CAST:
149 /* Deprecated/legacy */
150 Cast5SetKey ((CAST_KEY *) ks, CipherGetKeySize(CAST), key);
151 break;
152
153 case TRIPLEDES:
154 /* Deprecated/legacy */
155 TripleDesSetKey (key, CipherGetKeySize (TRIPLEDES), (TDES_KEY *) ks);
156
157 // Verify whether all three DES keys are mutually different
158 if (((*((__int64 *) key) ^ *((__int64 *) key+1)) & 0xFEFEFEFEFEFEFEFEULL) == 0
159 || ((*((__int64 *) key+1) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0
160 || ((*((__int64 *) key) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0)
161 retVal = ERR_CIPHER_INIT_WEAK_KEY; // Non-fatal error
162
163 break;
164
165#endif // TC_WINDOWS_BOOT
166
167 default: 129 default:
168 // Unknown/wrong cipher ID 130 // Unknown/wrong cipher ID
169 return ERR_CIPHER_INIT_FAILURE; 131 return ERR_CIPHER_INIT_FAILURE;
@@ -188,11 +150,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
188 150
189 case TWOFISH: twofish_encrypt (ks, data, data); break; 151 case TWOFISH: twofish_encrypt (ks, data, data); break;
190 case SERPENT: serpent_encrypt (data, data, ks); break; 152 case SERPENT: serpent_encrypt (data, data, ks); break;
191#ifndef TC_WINDOWS_BOOT
192 case BLOWFISH: BlowfishEncryptLE (data, data, ks, 1); break; // Deprecated/legacy
193 case CAST: Cast5Encrypt (data, data, ks); break; // Deprecated/legacy
194 case TRIPLEDES: TripleDesEncrypt (data, data, ks, 1); break; // Deprecated/legacy
195#endif
196 default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID 153 default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
197 } 154 }
198} 155}
@@ -256,9 +213,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
256 aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx))); 213 aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));
257 break; 214 break;
258 215
259 case BLOWFISH: BlowfishEncryptLE (data, data, ks, 0); break; // Deprecated/legacy
260 case CAST: Cast5Decrypt (data, data, ks); break; // Deprecated/legacy
261 case TRIPLEDES: TripleDesEncrypt (data, data, ks, 0); break; // Deprecated/legacy
262#else 216#else
263 case AES: aes_decrypt (data, data, ks); break; 217 case AES: aes_decrypt (data, data, ks); break;
264#endif 218#endif
@@ -427,28 +381,6 @@ BOOL EAInitMode (PCRYPTO_INFO ci)
427 that the size of each of the volumes is 1024 terabytes). */ 381 that the size of each of the volumes is 1024 terabytes). */
428 break; 382 break;
429 383
430 case LRW:
431 switch (CipherGetBlockSize (EAGetFirstCipher (ci->ea)))
432 {
433 case 8:
434 /* Deprecated/legacy */
435 return Gf64TabInit (ci->k2, &ci->gf_ctx);
436
437 case 16:
438 return Gf128Tab64Init (ci->k2, &ci->gf_ctx);
439
440 default:
441 TC_THROW_FATAL_EXCEPTION;
442 }
443
444 break;
445
446 case CBC:
447 case INNER_CBC:
448 case OUTER_CBC:
449 // The mode does not need to be initialized or is initialized elsewhere
450 return TRUE;
451
452 default: 384 default:
453 // Unknown/wrong ID 385 // Unknown/wrong ID
454 TC_THROW_FATAL_EXCEPTION; 386 TC_THROW_FATAL_EXCEPTION;
@@ -537,37 +469,6 @@ char *EAGetModeName (int ea, int mode, BOOL capitalLetters)
537 469
538 return "XTS"; 470 return "XTS";
539 471
540 case LRW:
541
542 /* Deprecated/legacy */
543
544 return "LRW";
545
546 case CBC:
547 {
548 /* Deprecated/legacy */
549
550 char eaName[100];
551 EAGetName (eaName, ea);
552
553 if (strcmp (eaName, "Triple DES") == 0)
554 return capitalLetters ? "Outer-CBC" : "outer-CBC";
555
556 return "CBC";
557 }
558
559 case OUTER_CBC:
560
561 /* Deprecated/legacy */
562
563 return capitalLetters ? "Outer-CBC" : "outer-CBC";
564
565 case INNER_CBC:
566
567 /* Deprecated/legacy */
568
569 return capitalLetters ? "Inner-CBC" : "inner-CBC";
570
571 } 472 }
572 return "[unknown]"; 473 return "[unknown]";
573} 474}
@@ -805,441 +706,6 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
805#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE 706#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
806 707
807 708
808#ifndef TC_NO_COMPILER_INT64
809void Xor128 (unsigned __int64 *a, unsigned __int64 *b)
810{
811 *a++ ^= *b++;
812 *a ^= *b;
813}
814
815
816void Xor64 (unsigned __int64 *a, unsigned __int64 *b)
817{
818 *a ^= *b;
819}
820
821
822void EncryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
823{
824 /* Deprecated/legacy */
825
826 int cipher = EAGetFirstCipher (cryptoInfo->ea);
827 int cipherCount = EAGetCipherCount (cryptoInfo->ea);
828 unsigned __int8 *p = buffer;
829 unsigned __int8 *ks = cryptoInfo->ks;
830 unsigned __int8 i[8];
831 unsigned __int8 t[16];
832 unsigned __int64 b;
833
834 *(unsigned __int64 *)i = BE64(blockIndex);
835
836 if (length % 16)
837 TC_THROW_FATAL_EXCEPTION;
838
839 // Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
840
841 for (b = 0; b < length >> 4; b++)
842 {
843 Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
844 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
845
846 if (cipherCount > 1)
847 {
848 // Cipher cascade
849 for (cipher = EAGetFirstCipher (cryptoInfo->ea);
850 cipher != 0;
851 cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
852 {
853 EncipherBlock (cipher, p, ks);
854 ks += CipherGetKeyScheduleSize (cipher);
855 }
856 ks = cryptoInfo->ks;
857 }
858 else
859 {
860 EncipherBlock (cipher, p, ks);
861 }
862
863 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
864
865 p += 16;
866
867 if (i[7] != 0xff)
868 i[7]++;
869 else
870 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
871 }
872
873 FAST_ERASE64 (t, sizeof(t));
874}
875
876
877void EncryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
878{
879 /* Deprecated/legacy */
880
881 int cipher = EAGetFirstCipher (cryptoInfo->ea);
882 unsigned __int8 *p = buffer;
883 unsigned __int8 *ks = cryptoInfo->ks;
884 unsigned __int8 i[8];
885 unsigned __int8 t[8];
886 unsigned __int64 b;
887
888 *(unsigned __int64 *)i = BE64(blockIndex);
889
890 if (length % 8)
891 TC_THROW_FATAL_EXCEPTION;
892
893 for (b = 0; b < length >> 3; b++)
894 {
895 Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
896 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
897
898 EncipherBlock (cipher, p, ks);
899
900 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
901
902 p += 8;
903
904 if (i[7] != 0xff)
905 i[7]++;
906 else
907 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
908 }
909
910 FAST_ERASE64 (t, sizeof(t));
911}
912
913
914void DecryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
915{
916 /* Deprecated/legacy */
917
918 int cipher = EAGetFirstCipher (cryptoInfo->ea);
919 int cipherCount = EAGetCipherCount (cryptoInfo->ea);
920 unsigned __int8 *p = buffer;
921 unsigned __int8 *ks = cryptoInfo->ks;
922 unsigned __int8 i[8];
923 unsigned __int8 t[16];
924 unsigned __int64 b;
925
926 *(unsigned __int64 *)i = BE64(blockIndex);
927
928 if (length % 16)
929 TC_THROW_FATAL_EXCEPTION;
930
931 // Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
932
933 for (b = 0; b < length >> 4; b++)
934 {
935 Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
936 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
937
938 if (cipherCount > 1)
939 {
940 // Cipher cascade
941 ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
942
943 for (cipher = EAGetLastCipher (cryptoInfo->ea);
944 cipher != 0;
945 cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
946 {
947 ks -= CipherGetKeyScheduleSize (cipher);
948 DecipherBlock (cipher, p, ks);
949 }
950 }
951 else
952 {
953 DecipherBlock (cipher, p, ks);
954 }
955
956 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
957
958 p += 16;
959
960 if (i[7] != 0xff)
961 i[7]++;
962 else
963 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
964 }
965
966 FAST_ERASE64 (t, sizeof(t));
967}
968
969
970
971void DecryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
972{
973 /* Deprecated/legacy */
974
975 int cipher = EAGetFirstCipher (cryptoInfo->ea);
976 unsigned __int8 *p = buffer;
977 unsigned __int8 *ks = cryptoInfo->ks;
978 unsigned __int8 i[8];
979 unsigned __int8 t[8];
980 unsigned __int64 b;
981
982 *(unsigned __int64 *)i = BE64(blockIndex);
983
984 if (length % 8)
985 TC_THROW_FATAL_EXCEPTION;
986
987 for (b = 0; b < length >> 3; b++)
988 {
989 Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
990 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
991
992 DecipherBlock (cipher, p, ks);
993
994 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
995
996 p += 8;
997
998 if (i[7] != 0xff)
999 i[7]++;
1000 else
1001 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
1002 }
1003
1004 FAST_ERASE64 (t, sizeof(t));
1005}
1006
1007
1008// Initializes IV and whitening values for sector encryption/decryption in CBC mode.
1009// IMPORTANT: This function has been deprecated (legacy).
1010static void
1011InitSectorIVAndWhitening (unsigned __int64 unitNo,
1012 int blockSize,
1013 unsigned __int32 *iv,
1014 unsigned __int64 *ivSeed,
1015 unsigned __int32 *whitening)
1016{
1017
1018 /* IMPORTANT: This function has been deprecated (legacy) */
1019
1020 unsigned __int64 iv64[4];
1021 unsigned __int32 *iv32 = (unsigned __int32 *) iv64;
1022
1023 iv64[0] = ivSeed[0] ^ LE64(unitNo);
1024 iv64[1] = ivSeed[1] ^ LE64(unitNo);
1025 iv64[2] = ivSeed[2] ^ LE64(unitNo);
1026 if (blockSize == 16)
1027 {
1028 iv64[3] = ivSeed[3] ^ LE64(unitNo);
1029 }
1030
1031 iv[0] = iv32[0];
1032 iv[1] = iv32[1];
1033
1034 switch (blockSize)
1035 {
1036 case 16:
1037
1038 // 128-bit block
1039
1040 iv[2] = iv32[2];
1041 iv[3] = iv32[3];
1042
1043 whitening[0] = LE32( crc32int ( &iv32[4] ) ^ crc32int ( &iv32[7] ) );
1044 whitening[1] = LE32( crc32int ( &iv32[5] ) ^ crc32int ( &iv32[6] ) );
1045 break;
1046
1047 case 8:
1048
1049 // 64-bit block
1050
1051 whitening[0] = LE32( crc32int ( &iv32[2] ) ^ crc32int ( &iv32[5] ) );
1052 whitening[1] = LE32( crc32int ( &iv32[3] ) ^ crc32int ( &iv32[4] ) );
1053 break;
1054
1055 default:
1056 TC_THROW_FATAL_EXCEPTION;
1057 }
1058}
1059
1060
1061// EncryptBufferCBC (deprecated/legacy)
1062//
1063// data: data to be encrypted
1064// len: number of bytes to encrypt (must be divisible by the largest cipher block size)
1065// ks: scheduled key
1066// iv: IV
1067// whitening: whitening constants
1068// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
1069// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
1070
1071static void
1072EncryptBufferCBC (unsigned __int32 *data,
1073 unsigned int len,
1074 unsigned __int8 *ks,
1075 unsigned __int32 *iv,
1076 unsigned __int32 *whitening,
1077 int ea,
1078 int cipher)
1079{
1080 /* IMPORTANT: This function has been deprecated (legacy) */
1081
1082 unsigned __int32 bufIV[4];
1083 unsigned __int64 i;
1084 int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
1085
1086 if (len % blockSize)
1087 TC_THROW_FATAL_EXCEPTION;
1088
1089 // IV
1090 bufIV[0] = iv[0];
1091 bufIV[1] = iv[1];
1092 if (blockSize == 16)
1093 {
1094 bufIV[2] = iv[2];
1095 bufIV[3] = iv[3];
1096 }
1097
1098 // Encrypt each block
1099 for (i = 0; i < len/blockSize; i++)
1100 {
1101 // CBC
1102 data[0] ^= bufIV[0];
1103 data[1] ^= bufIV[1];
1104 if (blockSize == 16)
1105 {
1106 data[2] ^= bufIV[2];
1107 data[3] ^= bufIV[3];
1108 }
1109
1110 if (ea != 0)
1111 {
1112 // Outer-CBC
1113 for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
1114 {
1115 EncipherBlock (cipher, data, ks);
1116 ks += CipherGetKeyScheduleSize (cipher);
1117 }
1118 ks -= EAGetKeyScheduleSize (ea);
1119 }
1120 else
1121 {
1122 // CBC/inner-CBC
1123 EncipherBlock (cipher, data, ks);
1124 }
1125
1126 // CBC
1127 bufIV[0] = data[0];
1128 bufIV[1] = data[1];
1129 if (blockSize == 16)
1130 {
1131 bufIV[2] = data[2];
1132 bufIV[3] = data[3];
1133 }
1134
1135 // Whitening
1136 data[0] ^= whitening[0];
1137 data[1] ^= whitening[1];
1138 if (blockSize == 16)
1139 {
1140 data[2] ^= whitening[0];
1141 data[3] ^= whitening[1];
1142 }
1143
1144 data += blockSize / sizeof(*data);
1145 }
1146}
1147
1148
1149// DecryptBufferCBC (deprecated/legacy)
1150//
1151// data: data to be decrypted
1152// len: number of bytes to decrypt (must be divisible by the largest cipher block size)
1153// ks: scheduled key
1154// iv: IV
1155// whitening: whitening constants
1156// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
1157// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
1158
1159static void
1160DecryptBufferCBC (unsigned __int32 *data,
1161 unsigned int len,
1162 unsigned __int8 *ks,
1163 unsigned __int32 *iv,
1164 unsigned __int32 *whitening,
1165 int ea,
1166 int cipher)
1167{
1168
1169 /* IMPORTANT: This function has been deprecated (legacy) */
1170
1171 unsigned __int32 bufIV[4];
1172 unsigned __int64 i;
1173 unsigned __int32 ct[4];
1174 int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
1175
1176 if (len % blockSize)
1177 TC_THROW_FATAL_EXCEPTION;
1178
1179 // IV
1180 bufIV[0] = iv[0];
1181 bufIV[1] = iv[1];
1182 if (blockSize == 16)
1183 {
1184 bufIV[2] = iv[2];
1185 bufIV[3] = iv[3];
1186 }
1187
1188 // Decrypt each block
1189 for (i = 0; i < len/blockSize; i++)
1190 {
1191 // Dewhitening
1192 data[0] ^= whitening[0];
1193 data[1] ^= whitening[1];
1194 if (blockSize == 16)
1195 {
1196 data[2] ^= whitening[0];
1197 data[3] ^= whitening[1];
1198 }
1199
1200 // CBC
1201 ct[0] = data[0];
1202 ct[1] = data[1];
1203 if (blockSize == 16)
1204 {
1205 ct[2] = data[2];
1206 ct[3] = data[3];
1207 }
1208
1209 if (ea != 0)
1210 {
1211 // Outer-CBC
1212 ks += EAGetKeyScheduleSize (ea);
1213 for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
1214 {
1215 ks -= CipherGetKeyScheduleSize (cipher);
1216 DecipherBlock (cipher, data, ks);
1217 }
1218 }
1219 else
1220 {
1221 // CBC/inner-CBC
1222 DecipherBlock (cipher, data, ks);
1223 }
1224
1225 // CBC
1226 data[0] ^= bufIV[0];
1227 data[1] ^= bufIV[1];
1228 bufIV[0] = ct[0];
1229 bufIV[1] = ct[1];
1230 if (blockSize == 16)
1231 {
1232 data[2] ^= bufIV[2];
1233 data[3] ^= bufIV[3];
1234 bufIV[2] = ct[2];
1235 bufIV[3] = ct[3];
1236 }
1237
1238 data += blockSize / sizeof(*data);
1239 }
1240}
1241#endif // #ifndef TC_NO_COMPILER_INT64
1242
1243 709
1244// EncryptBuffer 710// EncryptBuffer
1245// 711//
@@ -1275,100 +741,12 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
1275 } 741 }
1276 break; 742 break;
1277 743
1278#ifndef TC_NO_COMPILER_INT64
1279 case LRW:
1280
1281 /* Deprecated/legacy */
1282
1283 switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
1284 {
1285 case 8:
1286 EncryptBufferLRW64 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
1287 break;
1288
1289 case 16:
1290 EncryptBufferLRW128 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
1291 break;
1292
1293 default:
1294 TC_THROW_FATAL_EXCEPTION;
1295 }
1296 break;
1297
1298 case CBC:
1299 case INNER_CBC:
1300 {
1301 /* Deprecated/legacy */
1302
1303 unsigned __int8 *ks = cryptoInfo->ks;
1304 int cipher;
1305
1306 for (cipher = EAGetFirstCipher (cryptoInfo->ea);
1307 cipher != 0;
1308 cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
1309 {
1310 EncryptBufferCBC ((unsigned __int32 *) buf,
1311 (unsigned int) len,
1312 ks,
1313 (unsigned __int32 *) cryptoInfo->k2,
1314 (unsigned __int32 *) &cryptoInfo->k2[8],
1315 0,
1316 cipher);
1317
1318 ks += CipherGetKeyScheduleSize (cipher);
1319 }
1320 }
1321 break;
1322
1323 case OUTER_CBC:
1324
1325 /* Deprecated/legacy */
1326
1327 EncryptBufferCBC ((unsigned __int32 *) buf,
1328 (unsigned int) len,
1329 cryptoInfo->ks,
1330 (unsigned __int32 *) cryptoInfo->k2,
1331 (unsigned __int32 *) &cryptoInfo->k2[8],
1332 cryptoInfo->ea,
1333 0);
1334
1335 break;
1336#endif // #ifndef TC_NO_COMPILER_INT64
1337
1338 default: 744 default:
1339 // Unknown/wrong ID 745 // Unknown/wrong ID
1340 TC_THROW_FATAL_EXCEPTION; 746 TC_THROW_FATAL_EXCEPTION;
1341 } 747 }
1342} 748}
1343 749
1344#ifndef TC_NO_COMPILER_INT64
1345// Converts a data unit number to the index of the first LRW block in the data unit.
1346// Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
1347uint64 DataUnit2LRWIndex (uint64 dataUnit, int blockSize, PCRYPTO_INFO ci)
1348{
1349 /* Deprecated/legacy */
1350
1351 if (ci->hiddenVolume)
1352 dataUnit -= ci->hiddenVolumeOffset / ENCRYPTION_DATA_UNIT_SIZE;
1353 else
1354 dataUnit -= TC_VOLUME_HEADER_SIZE_LEGACY / ENCRYPTION_DATA_UNIT_SIZE; // Compensate for the volume header size
1355
1356 switch (blockSize)
1357 {
1358 case 8:
1359 return (dataUnit << 6) | 1;
1360
1361 case 16:
1362 return (dataUnit << 5) | 1;
1363
1364 default:
1365 TC_THROW_FATAL_EXCEPTION;
1366 }
1367
1368 return 0;
1369}
1370#endif // #ifndef TC_NO_COMPILER_INT64
1371
1372 750
1373// buf: data to be encrypted 751// buf: data to be encrypted
1374// unitNo: sequential number of the data unit with which the buffer starts 752// unitNo: sequential number of the data unit with which the buffer starts
@@ -1387,14 +765,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1387 unsigned __int8 *ks2 = ci->ks2; 765 unsigned __int8 *ks2 = ci->ks2;
1388 int cipher; 766 int cipher;
1389 767
1390#ifndef TC_NO_COMPILER_INT64
1391 void *iv = ci->k2; // Deprecated/legacy
1392 unsigned __int64 unitNo = structUnitNo->Value;
1393 unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
1394 unsigned __int32 sectorIV[4]; // Deprecated/legacy
1395 unsigned __int32 secWhitening[2]; // Deprecated/legacy
1396#endif
1397
1398 switch (ci->mode) 768 switch (ci->mode)
1399 { 769 {
1400 case XTS: 770 case XTS:
@@ -1413,81 +783,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1413 } 783 }
1414 break; 784 break;
1415 785
1416#ifndef TC_NO_COMPILER_INT64
1417 case LRW:
1418
1419 /* Deprecated/legacy */
1420
1421 switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
1422 {
1423 case 8:
1424 EncryptBufferLRW64 (buf,
1425 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1426 DataUnit2LRWIndex (unitNo, 8, ci),
1427 ci);
1428 break;
1429
1430 case 16:
1431 EncryptBufferLRW128 (buf,
1432 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1433 DataUnit2LRWIndex (unitNo, 16, ci),
1434 ci);
1435 break;
1436
1437 default:
1438 TC_THROW_FATAL_EXCEPTION;
1439 }
1440 break;
1441
1442 case CBC:
1443 case INNER_CBC:
1444
1445 /* Deprecated/legacy */
1446
1447 while (nbrUnits--)
1448 {
1449 for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
1450 {
1451 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
1452
1453 EncryptBufferCBC ((unsigned __int32 *) buf,
1454 ENCRYPTION_DATA_UNIT_SIZE,
1455 ks,
1456 sectorIV,
1457 secWhitening,
1458 0,
1459 cipher);
1460
1461 ks += CipherGetKeyScheduleSize (cipher);
1462 }
1463 ks -= EAGetKeyScheduleSize (ea);
1464 buf += ENCRYPTION_DATA_UNIT_SIZE;
1465 unitNo++;
1466 }
1467 break;
1468
1469 case OUTER_CBC:
1470
1471 /* Deprecated/legacy */
1472
1473 while (nbrUnits--)
1474 {
1475 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
1476
1477 EncryptBufferCBC ((unsigned __int32 *) buf,
1478 ENCRYPTION_DATA_UNIT_SIZE,
1479 ks,
1480 sectorIV,
1481 secWhitening,
1482 ea,
1483 0);
1484
1485 buf += ENCRYPTION_DATA_UNIT_SIZE;
1486 unitNo++;
1487 }
1488 break;
1489#endif // #ifndef TC_NO_COMPILER_INT64
1490
1491 default: 786 default:
1492 // Unknown/wrong ID 787 // Unknown/wrong ID
1493 TC_THROW_FATAL_EXCEPTION; 788 TC_THROW_FATAL_EXCEPTION;
@@ -1528,65 +823,6 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
1528 } 823 }
1529 break; 824 break;
1530 825
1531#ifndef TC_NO_COMPILER_INT64
1532 case LRW:
1533
1534 /* Deprecated/legacy */
1535
1536 switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
1537 {
1538 case 8:
1539 DecryptBufferLRW64 (buf, (unsigned __int64) len, 1, cryptoInfo);
1540 break;
1541
1542 case 16:
1543 DecryptBufferLRW128 (buf, (unsigned __int64) len, 1, cryptoInfo);
1544 break;
1545
1546 default:
1547 TC_THROW_FATAL_EXCEPTION;
1548 }
1549 break;
1550
1551 case CBC:
1552 case INNER_CBC:
1553 {
1554 /* Deprecated/legacy */
1555
1556 unsigned __int8 *ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
1557 int cipher;
1558 for (cipher = EAGetLastCipher (cryptoInfo->ea);
1559 cipher != 0;
1560 cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
1561 {
1562 ks -= CipherGetKeyScheduleSize (cipher);
1563
1564 DecryptBufferCBC ((unsigned __int32 *) buf,
1565 (unsigned int) len,
1566 ks,
1567 (unsigned __int32 *) cryptoInfo->k2,
1568 (unsigned __int32 *) &cryptoInfo->k2[8],
1569 0,
1570 cipher);
1571 }
1572 }
1573 break;
1574
1575 case OUTER_CBC:
1576
1577 /* Deprecated/legacy */
1578
1579 DecryptBufferCBC ((unsigned __int32 *) buf,
1580 (unsigned int) len,
1581 cryptoInfo->ks,
1582 (unsigned __int32 *) cryptoInfo->k2,
1583 (unsigned __int32 *) &cryptoInfo->k2[8],
1584 cryptoInfo->ea,
1585 0);
1586
1587 break;
1588#endif // #ifndef TC_NO_COMPILER_INT64
1589
1590 default: 826 default:
1591 // Unknown/wrong ID 827 // Unknown/wrong ID
1592 TC_THROW_FATAL_EXCEPTION; 828 TC_THROW_FATAL_EXCEPTION;
@@ -1610,14 +846,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1610 unsigned __int8 *ks2 = ci->ks2; 846 unsigned __int8 *ks2 = ci->ks2;
1611 int cipher; 847 int cipher;
1612 848
1613#ifndef TC_NO_COMPILER_INT64
1614 void *iv = ci->k2; // Deprecated/legacy
1615 unsigned __int64 unitNo = structUnitNo->Value;
1616 unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
1617 unsigned __int32 sectorIV[4]; // Deprecated/legacy
1618 unsigned __int32 secWhitening[2]; // Deprecated/legacy
1619#endif // #ifndef TC_NO_COMPILER_INT64
1620
1621 849
1622 switch (ci->mode) 850 switch (ci->mode)
1623 { 851 {
@@ -1640,81 +868,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1640 } 868 }
1641 break; 869 break;
1642 870
1643#ifndef TC_NO_COMPILER_INT64
1644 case LRW:
1645
1646 /* Deprecated/legacy */
1647
1648 switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
1649 {
1650 case 8:
1651 DecryptBufferLRW64 (buf,
1652 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1653 DataUnit2LRWIndex (unitNo, 8, ci),
1654 ci);
1655 break;
1656
1657 case 16:
1658 DecryptBufferLRW128 (buf,
1659 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1660 DataUnit2LRWIndex (unitNo, 16, ci),
1661 ci);
1662 break;
1663
1664 default:
1665 TC_THROW_FATAL_EXCEPTION;
1666 }
1667 break;
1668
1669 case CBC:
1670 case INNER_CBC:
1671
1672 /* Deprecated/legacy */
1673
1674 while (nbrUnits--)
1675 {
1676 ks += EAGetKeyScheduleSize (ea);
1677 for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
1678 {
1679 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
1680
1681 ks -= CipherGetKeyScheduleSize (cipher);
1682
1683 DecryptBufferCBC ((unsigned __int32 *) buf,
1684 ENCRYPTION_DATA_UNIT_SIZE,
1685 ks,
1686 sectorIV,
1687 secWhitening,
1688 0,
1689 cipher);
1690 }
1691 buf += ENCRYPTION_DATA_UNIT_SIZE;
1692 unitNo++;
1693 }
1694 break;
1695
1696 case OUTER_CBC:
1697
1698 /* Deprecated/legacy */
1699
1700 while (nbrUnits--)
1701 {
1702 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
1703
1704 DecryptBufferCBC ((unsigned __int32 *) buf,
1705 ENCRYPTION_DATA_UNIT_SIZE,
1706 ks,
1707 sectorIV,
1708 secWhitening,
1709 ea,
1710 0);
1711
1712 buf += ENCRYPTION_DATA_UNIT_SIZE;
1713 unitNo++;
1714 }
1715 break;
1716#endif // #ifndef TC_NO_COMPILER_INT64
1717
1718 default: 871 default:
1719 // Unknown/wrong ID 872 // Unknown/wrong ID
1720 TC_THROW_FATAL_EXCEPTION; 873 TC_THROW_FATAL_EXCEPTION;
@@ -1729,13 +882,6 @@ int GetMaxPkcs5OutSize (void)
1729 882
1730 size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys 883 size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys
1731 884
1732#ifndef TC_WINDOWS_BOOT
1733 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (LRW)); // Deprecated/legacy
1734 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (CBC)); // Deprecated/legacy
1735 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (OUTER_CBC)); // Deprecated/legacy
1736 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (INNER_CBC)); // Deprecated/legacy
1737#endif
1738
1739 return size; 885 return size;
1740} 886}
1741 887