*/

#ifndef CRYPTO_H

#define CRYPTO_H

#include "Tcdefs.h"

#ifdef __cplusplus

extern "C" {

#endif

// Encryption data unit size, which may differ from the sector size and must always be 512

#define ENCRYPTION_DATA_UNIT_SIZE 512

// Size of the salt (in bytes)

#define PKCS5_SALT_SIZE 64

// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)

#define MASTER_KEYDATA_SIZE 256

// The first PRF to try when mounting

#define FIRST_PRF_ID 1

// Hash algorithms (pseudorandom functions).

enum

{

RIPEMD160 = FIRST_PRF_ID,

#ifndef TC_WINDOWS_BOOT

SHA512,

WHIRLPOOL,

#endif

HASH_ENUM_END_ID

};

// The last PRF to try when mounting and also the number of implemented PRFs

#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)

#define RIPEMD160_BLOCKSIZE 64

#define RIPEMD160_DIGESTSIZE 20

#define SHA1_BLOCKSIZE 64

#define SHA1_DIGESTSIZE 20

#define SHA512_BLOCKSIZE 128

#define SHA512_DIGESTSIZE 64

#define WHIRLPOOL_BLOCKSIZE 64

#define WHIRLPOOL_DIGESTSIZE 64

#define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE

#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID

#define DEFAULT_HASH_ALGORITHM_BOOT RIPEMD160

// The mode of operation used for newly created volumes and first to try when mounting

#define FIRST_MODE_OF_OPERATION_ID 1

// Modes of operation

enum

{

/* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */

XTS = FIRST_MODE_OF_OPERATION_ID,

MODE_ENUM_END_ID

};

// The last mode of operation to try when mounting and also the number of implemented modes

#define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1)

// Ciphertext/plaintext block size for XTS mode (in bytes)

#define BYTES_PER_XTS_BLOCK 16

// Number of ciphertext/plaintext blocks per XTS data unit

#define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)

// Cipher IDs

enum

{

NONE = 0,

AES,

SERPENT,

};

typedef struct

{

int Id; // Cipher ID

char *Name; // Name

int BlockSize; // Block size (bytes)

int KeySize; // Key size (bytes)

int KeyScheduleSize; // Scheduled key size (bytes)

} Cipher;

typedef struct

{

int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm

int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation

int FormatEnabled;

} EncryptionAlgorithm;

typedef struct

{

#else

#define MAX_EXPANDED_KEY (AES_KS + SERPENT_KS + TWOFISH_KS)

#endif

#ifdef DEBUG

# define PRAND_DISK_WIPE_PASSES 3

#else

# define PRAND_DISK_WIPE_PASSES 256

#endif

#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)

# include "Aes.h"

#else

# include "AesSmall.h"

#endif

#include "Aes_hw_cpu.h"

#include "Serpent.h"

#include "Twofish.h"

#include "Rmd160.h"

#ifndef TC_WINDOWS_BOOT

# include "Sha2.h"

# include "Whirlpool.h"

#endif

#include "GfMul.h"

#include "Password.h"

typedef struct keyInfo_t

{

int noIterations; /* Number of times to iterate (PKCS-5) */

int keyLength; /* Length of the key */

__int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */

__int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */

__int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */

} KEY_INFO, *PKEY_INFO;

typedef struct CRYPTO_INFO_t

{

int ea; /* Encryption algorithm ID */

int mode; /* Mode of operation (e.g., XTS) */

int EAGetCipherCount (int ea);

int EAGetFirstCipher (int ea);

int EAGetLastCipher (int ea);

int EAGetNextCipher (int ea, int previousCipherId);

int EAGetPreviousCipher (int ea, int previousCipherId);

int EAIsFormatEnabled (int ea);

BOOL EAIsModeSupported (int ea, int testedMode);

const char *HashGetName (int hash_algo_id);

BOOL HashIsDeprecated (int hashId);

int GetMaxPkcs5OutSize (void);

void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);

void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);

void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);

void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

BOOL IsAesHwCpuSupported ();

void EnableHwEncryption (BOOL enable);

BOOL IsHwEncryptionEnabled ();

#ifdef __cplusplus

}

#endif

#endif /* CRYPTO_H */