VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Crypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common/Crypto.h')
-rw-r--r--src/Common/Crypto.h726
1 files changed, 363 insertions, 363 deletions
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index e081dc60..96f0a9a6 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -1,363 +1,363 @@
-/*
- Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
- governed by the TrueCrypt License 3.0, also from the source code of
- Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
- and all other portions of this file are Copyright (c) 2013-2016 IDRIX
- and are governed by the Apache License 2.0 the full text of which is
- contained in the file License.txt included in VeraCrypt binary and source
- code distribution packages. */
-
-/* Update the following when adding a new cipher or EA:
-
- Crypto.h:
- ID #define
- MAX_EXPANDED_KEY #define
-
- Crypto.c:
- Ciphers[]
- EncryptionAlgorithms[]
- CipherInit()
- EncipherBlock()
- DecipherBlock()
-
-*/
-
-#ifndef CRYPTO_H
-#define CRYPTO_H
-
-#include "Tcdefs.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-// Encryption data unit size, which may differ from the sector size and must always be 512
-#define ENCRYPTION_DATA_UNIT_SIZE 512
-
-// Size of the salt (in bytes)
-#define PKCS5_SALT_SIZE 64
-
-// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
-#define MASTER_KEYDATA_SIZE 256
-
-// The first PRF to try when mounting
-#define FIRST_PRF_ID 1
-
-// Hash algorithms (pseudorandom functions).
-enum
-{
- SHA512 = FIRST_PRF_ID,
- WHIRLPOOL,
- SHA256,
- RIPEMD160,
- HASH_ENUM_END_ID
-};
-
-// The last PRF to try when mounting and also the number of implemented PRFs
-#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
-
-#define RIPEMD160_BLOCKSIZE 64
-#define RIPEMD160_DIGESTSIZE 20
-
-#define SHA256_BLOCKSIZE 64
-#define SHA256_DIGESTSIZE 32
-
-#define SHA512_BLOCKSIZE 128
-#define SHA512_DIGESTSIZE 64
-
-#define WHIRLPOOL_BLOCKSIZE 64
-#define WHIRLPOOL_DIGESTSIZE 64
-
-#define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE
-
-#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID
-#define DEFAULT_HASH_ALGORITHM_BOOT SHA256
-
-// The mode of operation used for newly created volumes and first to try when mounting
-#define FIRST_MODE_OF_OPERATION_ID 1
-
-// Modes of operation
-enum
-{
- /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
-
- XTS = FIRST_MODE_OF_OPERATION_ID,
- MODE_ENUM_END_ID
-};
-
-
-// The last mode of operation to try when mounting and also the number of implemented modes
-#define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1)
-
-// Ciphertext/plaintext block size for XTS mode (in bytes)
-#define BYTES_PER_XTS_BLOCK 16
-
-// Number of ciphertext/plaintext blocks per XTS data unit
-#define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)
-
-
-// Cipher IDs
-enum
-{
- NONE = 0,
- AES,
- SERPENT,
- TWOFISH
-};
-
-typedef struct
-{
- int Id; // Cipher ID
-#ifdef TC_WINDOWS_BOOT
- char *Name; // Name
-#else
- wchar_t *Name; // Name
-#endif
- int BlockSize; // Block size (bytes)
- int KeySize; // Key size (bytes)
- int KeyScheduleSize; // Scheduled key size (bytes)
-} Cipher;
-
-typedef struct
-{
- int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm
- int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation
- int FormatEnabled;
-} EncryptionAlgorithm;
-
-#ifndef TC_WINDOWS_BOOT
-typedef struct
-{
- int Id; // Hash ID
- wchar_t *Name; // Name
- BOOL Deprecated;
- BOOL SystemEncryption; // Available for system encryption
-} Hash;
-#endif
-
-// Maxium length of scheduled key
-#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
-# define AES_KS (sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx))
-#else
-# define AES_KS (sizeof(aes_context))
-#endif
-#define SERPENT_KS (140 * 4)
-
-#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-
-# ifdef TC_WINDOWS_BOOT_AES
-# define MAX_EXPANDED_KEY AES_KS
-# elif defined (TC_WINDOWS_BOOT_SERPENT)
-# define MAX_EXPANDED_KEY SERPENT_KS
-# elif defined (TC_WINDOWS_BOOT_TWOFISH)
-# define MAX_EXPANDED_KEY TWOFISH_KS
-# endif
-
-#else
-
-#define MAX_EXPANDED_KEY (AES_KS + SERPENT_KS + TWOFISH_KS)
-
-#endif
-
-#ifdef DEBUG
-# define PRAND_DISK_WIPE_PASSES 3
-#else
-# define PRAND_DISK_WIPE_PASSES 256
-#endif
-
-/* specific value for volume header wipe used only when drive is fully wiped. */
-#define PRAND_HEADER_WIPE_PASSES 3
-
-#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
-# include "Aes.h"
-#else
-# include "AesSmall.h"
-#endif
-
-#include "Aes_hw_cpu.h"
-#include "Serpent.h"
-#include "Twofish.h"
-
-#include "Rmd160.h"
-#ifndef TC_WINDOWS_BOOT
-# include "Sha2.h"
-# include "Whirlpool.h"
-#endif
-
-#include "GfMul.h"
-#include "Password.h"
-
-#ifndef TC_WINDOWS_BOOT
-
-#include "config.h"
-
-typedef struct keyInfo_t
-{
- int noIterations; /* Number of times to iterate (PKCS-5) */
- int keyLength; /* Length of the key */
- uint64 dummy; /* Dummy field to ensure 16-byte alignment of this structure */
- __int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */
- __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
- CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
-} KEY_INFO, *PKEY_INFO;
-
-#endif
-
-typedef struct CRYPTO_INFO_t
-{
- int ea; /* Encryption algorithm ID */
- int mode; /* Mode of operation (e.g., XTS) */
- int pkcs5; /* PRF algorithm */
-
- unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
- unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
-
- BOOL hiddenVolume; // Indicates whether the volume is mounted/mountable as hidden volume
-
-#ifndef TC_WINDOWS_BOOT
- uint16 HeaderVersion;
-
- GfCtx gf_ctx;
-
- unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
- unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
- unsigned __int8 salt[PKCS5_SALT_SIZE];
- int noIterations;
- BOOL bTrueCryptMode;
- int volumePim;
-
- uint64 volume_creation_time; // Legacy
- uint64 header_creation_time; // Legacy
-
- BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting
- BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
-
- uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.
-
- uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.
- uint64 hiddenVolumeOffset; // Absolute position, in bytes, of the first hidden volume data sector within the host volume (provided that there is a hidden volume within). This must be set for all hidden volumes; in case of a normal volume, this variable is only used when protecting a hidden volume within it.
- uint64 hiddenVolumeProtectedSize;
-
- BOOL bPartitionInInactiveSysEncScope; // If TRUE, the volume is a partition located on an encrypted system drive and mounted without pre-boot authentication.
-
- UINT64_STRUCT FirstDataUnitNo; // First data unit number of the volume. This is 0 for file-hosted and non-system partition-hosted volumes. For partitions within key scope of system encryption this reflects real physical offset within the device (this is used e.g. when such a partition is mounted as a regular volume without pre-boot authentication).
-
- uint16 RequiredProgramVersion;
- BOOL LegacyVolume;
-
- uint32 SectorSize;
-
-#endif // !TC_WINDOWS_BOOT
-
- UINT64_STRUCT VolumeSize;
-
- UINT64_STRUCT EncryptedAreaStart;
- UINT64_STRUCT EncryptedAreaLength;
-
- uint32 HeaderFlags;
-
-} CRYPTO_INFO, *PCRYPTO_INFO;
-
-#ifdef _WIN32
-
-#pragma pack (push)
-#pragma pack(1)
-
-typedef struct BOOT_CRYPTO_HEADER_t
-{
- __int16 ea; /* Encryption algorithm ID */
- __int16 mode; /* Mode of operation (e.g., XTS) */
- __int16 pkcs5; /* PRF algorithm */
-
-} BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER;
-
-#pragma pack (pop)
-
-#endif
-
-PCRYPTO_INFO crypto_open (void);
-#ifndef TC_WINDOWS_BOOT
-void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
-#endif
-void crypto_close (PCRYPTO_INFO cryptoInfo);
-
-int CipherGetBlockSize (int cipher);
-int CipherGetKeySize (int cipher);
-int CipherGetKeyScheduleSize (int cipher);
-BOOL CipherSupportsIntraDataUnitParallelization (int cipher);
-
-#ifndef TC_WINDOWS_BOOT
-const wchar_t * CipherGetName (int cipher);
-#endif
-
-int CipherInit (int cipher, unsigned char *key, unsigned char *ks);
-#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
-int EAInit (int ea, unsigned char *key, unsigned char *ks);
-#else
-int EAInit (unsigned char *key, unsigned char *ks);
-#endif
-BOOL EAInitMode (PCRYPTO_INFO ci);
-void EncipherBlock(int cipher, void *data, void *ks);
-void DecipherBlock(int cipher, void *data, void *ks);
-#ifndef TC_WINDOWS_BOOT
-void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
-void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
-#endif
-
-int EAGetFirst ();
-int EAGetCount (void);
-int EAGetNext (int previousEA);
-#ifndef TC_WINDOWS_BOOT
-wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
-int EAGetByName (wchar_t *name);
-#endif
-int EAGetKeySize (int ea);
-int EAGetFirstMode (int ea);
-int EAGetNextMode (int ea, int previousModeId);
-#ifndef TC_WINDOWS_BOOT
-wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters);
-#endif
-int EAGetKeyScheduleSize (int ea);
-int EAGetLargestKey ();
-int EAGetLargestKeyForMode (int mode);
-
-int EAGetCipherCount (int ea);
-int EAGetFirstCipher (int ea);
-int EAGetLastCipher (int ea);
-int EAGetNextCipher (int ea, int previousCipherId);
-int EAGetPreviousCipher (int ea, int previousCipherId);
-int EAIsFormatEnabled (int ea);
-BOOL EAIsModeSupported (int ea, int testedMode);
-
-
-#ifndef TC_WINDOWS_BOOT
-const wchar_t *HashGetName (int hash_algo_id);
-
-Hash *HashGet (int id);
-void HashGetName2 (wchar_t *buf, int hashId);
-BOOL HashIsDeprecated (int hashId);
-BOOL HashForSystemEncryption (int hashId);
-int GetMaxPkcs5OutSize (void);
-#endif
-
-
-void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
-void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
-void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
-void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
-void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
-void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
-
-BOOL IsAesHwCpuSupported ();
-void EnableHwEncryption (BOOL enable);
-BOOL IsHwEncryptionEnabled ();
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* CRYPTO_H */
+/*
+ Legal Notice: Some portions of the source code contained in this file were
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ governed by the TrueCrypt License 3.0, also from the source code of
+ Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2016 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages. */
+
+/* Update the following when adding a new cipher or EA:
+
+ Crypto.h:
+ ID #define
+ MAX_EXPANDED_KEY #define
+
+ Crypto.c:
+ Ciphers[]
+ EncryptionAlgorithms[]
+ CipherInit()
+ EncipherBlock()
+ DecipherBlock()
+
+*/
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+#include "Tcdefs.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Encryption data unit size, which may differ from the sector size and must always be 512
+#define ENCRYPTION_DATA_UNIT_SIZE 512
+
+// Size of the salt (in bytes)
+#define PKCS5_SALT_SIZE 64
+
+// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
+#define MASTER_KEYDATA_SIZE 256
+
+// The first PRF to try when mounting
+#define FIRST_PRF_ID 1
+
+// Hash algorithms (pseudorandom functions).
+enum
+{
+ SHA512 = FIRST_PRF_ID,
+ WHIRLPOOL,
+ SHA256,
+ RIPEMD160,
+ HASH_ENUM_END_ID
+};
+
+// The last PRF to try when mounting and also the number of implemented PRFs
+#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
+
+#define RIPEMD160_BLOCKSIZE 64
+#define RIPEMD160_DIGESTSIZE 20
+
+#define SHA256_BLOCKSIZE 64
+#define SHA256_DIGESTSIZE 32
+
+#define SHA512_BLOCKSIZE 128
+#define SHA512_DIGESTSIZE 64
+
+#define WHIRLPOOL_BLOCKSIZE 64
+#define WHIRLPOOL_DIGESTSIZE 64
+
+#define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE
+
+#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID
+#define DEFAULT_HASH_ALGORITHM_BOOT SHA256
+
+// The mode of operation used for newly created volumes and first to try when mounting
+#define FIRST_MODE_OF_OPERATION_ID 1
+
+// Modes of operation
+enum
+{
+ /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
+
+ XTS = FIRST_MODE_OF_OPERATION_ID,
+ MODE_ENUM_END_ID
+};
+
+
+// The last mode of operation to try when mounting and also the number of implemented modes
+#define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1)
+
+// Ciphertext/plaintext block size for XTS mode (in bytes)
+#define BYTES_PER_XTS_BLOCK 16
+
+// Number of ciphertext/plaintext blocks per XTS data unit
+#define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)
+
+
+// Cipher IDs
+enum
+{
+ NONE = 0,
+ AES,
+ SERPENT,
+ TWOFISH
+};
+
+typedef struct
+{
+ int Id; // Cipher ID
+#ifdef TC_WINDOWS_BOOT
+ char *Name; // Name
+#else
+ wchar_t *Name; // Name
+#endif
+ int BlockSize; // Block size (bytes)
+ int KeySize; // Key size (bytes)
+ int KeyScheduleSize; // Scheduled key size (bytes)
+} Cipher;
+
+typedef struct
+{
+ int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm
+ int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation
+ int FormatEnabled;
+} EncryptionAlgorithm;
+
+#ifndef TC_WINDOWS_BOOT
+typedef struct
+{
+ int Id; // Hash ID
+ wchar_t *Name; // Name
+ BOOL Deprecated;
+ BOOL SystemEncryption; // Available for system encryption
+} Hash;
+#endif
+
+// Maxium length of scheduled key
+#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
+# define AES_KS (sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx))
+#else
+# define AES_KS (sizeof(aes_context))
+#endif
+#define SERPENT_KS (140 * 4)
+
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+
+# ifdef TC_WINDOWS_BOOT_AES
+# define MAX_EXPANDED_KEY AES_KS
+# elif defined (TC_WINDOWS_BOOT_SERPENT)
+# define MAX_EXPANDED_KEY SERPENT_KS
+# elif defined (TC_WINDOWS_BOOT_TWOFISH)
+# define MAX_EXPANDED_KEY TWOFISH_KS
+# endif
+
+#else
+
+#define MAX_EXPANDED_KEY (AES_KS + SERPENT_KS + TWOFISH_KS)
+
+#endif
+
+#ifdef DEBUG
+# define PRAND_DISK_WIPE_PASSES 3
+#else
+# define PRAND_DISK_WIPE_PASSES 256
+#endif
+
+/* specific value for volume header wipe used only when drive is fully wiped. */
+#define PRAND_HEADER_WIPE_PASSES 3
+
+#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
+# include "Aes.h"
+#else
+# include "AesSmall.h"
+#endif
+
+#include "Aes_hw_cpu.h"
+#include "Serpent.h"
+#include "Twofish.h"
+
+#include "Rmd160.h"
+#ifndef TC_WINDOWS_BOOT
+# include "Sha2.h"
+# include "Whirlpool.h"
+#endif
+
+#include "GfMul.h"
+#include "Password.h"
+
+#ifndef TC_WINDOWS_BOOT
+
+#include "config.h"
+
+typedef struct keyInfo_t
+{
+ int noIterations; /* Number of times to iterate (PKCS-5) */
+ int keyLength; /* Length of the key */
+ uint64 dummy; /* Dummy field to ensure 16-byte alignment of this structure */
+ __int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */
+ __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
+ CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
+} KEY_INFO, *PKEY_INFO;
+
+#endif
+
+typedef struct CRYPTO_INFO_t
+{
+ int ea; /* Encryption algorithm ID */
+ int mode; /* Mode of operation (e.g., XTS) */
+ int pkcs5; /* PRF algorithm */
+
+ unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
+ unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
+
+ BOOL hiddenVolume; // Indicates whether the volume is mounted/mountable as hidden volume
+
+#ifndef TC_WINDOWS_BOOT
+ uint16 HeaderVersion;
+
+ GfCtx gf_ctx;
+
+ unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
+ unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
+ unsigned __int8 salt[PKCS5_SALT_SIZE];
+ int noIterations;
+ BOOL bTrueCryptMode;
+ int volumePim;
+
+ uint64 volume_creation_time; // Legacy
+ uint64 header_creation_time; // Legacy
+
+ BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting
+ BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
+
+ uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.
+
+ uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.
+ uint64 hiddenVolumeOffset; // Absolute position, in bytes, of the first hidden volume data sector within the host volume (provided that there is a hidden volume within). This must be set for all hidden volumes; in case of a normal volume, this variable is only used when protecting a hidden volume within it.
+ uint64 hiddenVolumeProtectedSize;
+
+ BOOL bPartitionInInactiveSysEncScope; // If TRUE, the volume is a partition located on an encrypted system drive and mounted without pre-boot authentication.
+
+ UINT64_STRUCT FirstDataUnitNo; // First data unit number of the volume. This is 0 for file-hosted and non-system partition-hosted volumes. For partitions within key scope of system encryption this reflects real physical offset within the device (this is used e.g. when such a partition is mounted as a regular volume without pre-boot authentication).
+
+ uint16 RequiredProgramVersion;
+ BOOL LegacyVolume;
+
+ uint32 SectorSize;
+
+#endif // !TC_WINDOWS_BOOT
+
+ UINT64_STRUCT VolumeSize;
+
+ UINT64_STRUCT EncryptedAreaStart;
+ UINT64_STRUCT EncryptedAreaLength;
+
+ uint32 HeaderFlags;
+
+} CRYPTO_INFO, *PCRYPTO_INFO;
+
+#ifdef _WIN32
+
+#pragma pack (push)
+#pragma pack(1)
+
+typedef struct BOOT_CRYPTO_HEADER_t
+{
+ __int16 ea; /* Encryption algorithm ID */
+ __int16 mode; /* Mode of operation (e.g., XTS) */
+ __int16 pkcs5; /* PRF algorithm */
+
+} BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER;
+
+#pragma pack (pop)
+
+#endif
+
+PCRYPTO_INFO crypto_open (void);
+#ifndef TC_WINDOWS_BOOT
+void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
+#endif
+void crypto_close (PCRYPTO_INFO cryptoInfo);
+
+int CipherGetBlockSize (int cipher);
+int CipherGetKeySize (int cipher);
+int CipherGetKeyScheduleSize (int cipher);
+BOOL CipherSupportsIntraDataUnitParallelization (int cipher);
+
+#ifndef TC_WINDOWS_BOOT
+const wchar_t * CipherGetName (int cipher);
+#endif
+
+int CipherInit (int cipher, unsigned char *key, unsigned char *ks);
+#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+int EAInit (int ea, unsigned char *key, unsigned char *ks);
+#else
+int EAInit (unsigned char *key, unsigned char *ks);
+#endif
+BOOL EAInitMode (PCRYPTO_INFO ci);
+void EncipherBlock(int cipher, void *data, void *ks);
+void DecipherBlock(int cipher, void *data, void *ks);
+#ifndef TC_WINDOWS_BOOT
+void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
+void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
+#endif
+
+int EAGetFirst ();
+int EAGetCount (void);
+int EAGetNext (int previousEA);
+#ifndef TC_WINDOWS_BOOT
+wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
+int EAGetByName (wchar_t *name);
+#endif
+int EAGetKeySize (int ea);
+int EAGetFirstMode (int ea);
+int EAGetNextMode (int ea, int previousModeId);
+#ifndef TC_WINDOWS_BOOT
+wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters);
+#endif
+int EAGetKeyScheduleSize (int ea);
+int EAGetLargestKey ();
+int EAGetLargestKeyForMode (int mode);
+
+int EAGetCipherCount (int ea);
+int EAGetFirstCipher (int ea);
+int EAGetLastCipher (int ea);
+int EAGetNextCipher (int ea, int previousCipherId);
+int EAGetPreviousCipher (int ea, int previousCipherId);
+int EAIsFormatEnabled (int ea);
+BOOL EAIsModeSupported (int ea, int testedMode);
+
+
+#ifndef TC_WINDOWS_BOOT
+const wchar_t *HashGetName (int hash_algo_id);
+
+Hash *HashGet (int id);
+void HashGetName2 (wchar_t *buf, int hashId);
+BOOL HashIsDeprecated (int hashId);
+BOOL HashForSystemEncryption (int hashId);
+int GetMaxPkcs5OutSize (void);
+#endif
+
+
+void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
+void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
+void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
+void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
+void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
+void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
+
+BOOL IsAesHwCpuSupported ();
+void EnableHwEncryption (BOOL enable);
+BOOL IsHwEncryptionEnabled ();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CRYPTO_H */