VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Apidrvr.h4
-rw-r--r--src/Common/Crypto.c874
-rw-r--r--src/Common/Crypto.h28
-rw-r--r--src/Common/Dlgcode.c53
-rw-r--r--src/Common/EncryptionThreadPool.c5
-rw-r--r--src/Common/GfMul.c110
-rw-r--r--src/Common/GfMul.h2
-rw-r--r--src/Common/Pkcs5.c153
-rw-r--r--src/Common/Tests.c646
-rw-r--r--src/Common/Volumes.c83
10 files changed, 16 insertions, 1942 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 1c7460eb..1a28dec0 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -133,10 +133,6 @@ typedef struct
133 BOOL readOnly; 133 BOOL readOnly;
134 BOOL removable; 134 BOOL removable;
135 BOOL partitionInInactiveSysEncScope; 135 BOOL partitionInInactiveSysEncScope;
136#if 0
137 unsigned __int64 volumeCreationTime; // Deprecated in v6.0
138 unsigned __int64 headerCreationTime; // Deprecated in v6.0
139#endif
140 uint32 volumeHeaderFlags; 136 uint32 volumeHeaderFlags;
141 unsigned __int64 totalBytesRead; 137 unsigned __int64 totalBytesRead;
142 unsigned __int64 totalBytesWritten; 138 unsigned __int64 totalBytesWritten;
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index dd30e488..d8f8ae3a 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -45,38 +45,27 @@ static Cipher Ciphers[] =
45 { AES, "AES", 16, 32, AES_KS }, 45 { AES, "AES", 16, 32, AES_KS },
46 { SERPENT, "Serpent", 16, 32, 140*4 }, 46 { SERPENT, "Serpent", 16, 32, 140*4 },
47 { TWOFISH, "Twofish", 16, 32, TWOFISH_KS }, 47 { TWOFISH, "Twofish", 16, 32, TWOFISH_KS },
48#ifndef TC_WINDOWS_BOOT
49 { BLOWFISH, "Blowfish", 8, 56, sizeof (BF_KEY) }, // Deprecated/legacy
50 { CAST, "CAST5", 8, 16, sizeof (CAST_KEY) }, // Deprecated/legacy
51 { TRIPLEDES,"Triple DES", 8, 8*3, sizeof (TDES_KEY) }, // Deprecated/legacy
52#endif
53 { 0, 0, 0, 0, 0 } 48 { 0, 0, 0, 0, 0 }
54}; 49};
55 50
56 51
57// Encryption algorithm configuration 52// Encryption algorithm configuration
58// The following modes have been deprecated (legacy): LRW, CBC, INNER_CBC, OUTER_CBC
59static EncryptionAlgorithm EncryptionAlgorithms[] = 53static EncryptionAlgorithm EncryptionAlgorithms[] =
60{ 54{
61 // Cipher(s) Modes FormatEnabled 55 // Cipher(s) Modes FormatEnabled
62 56
63#ifndef TC_WINDOWS_BOOT 57#ifndef TC_WINDOWS_BOOT
64 58
65 { { 0, 0 }, { 0, 0, 0, 0 }, 0 }, // Must be all-zero 59 { { 0, 0 }, { 0, 0}, 0 }, // Must be all-zero
66 { { AES, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 60 { { AES, 0 }, { XTS, 0 }, 1 },
67 { { SERPENT, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 61 { { SERPENT, 0 }, { XTS, 0 }, 1 },
68 { { TWOFISH, 0 }, { XTS, LRW, CBC, 0 }, 1 }, 62 { { TWOFISH, 0 }, { XTS, 0 }, 1 },
69 { { TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 63 { { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
70 { { SERPENT, TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 64 { { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
71 { { AES, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 65 { { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
72 { { AES, TWOFISH, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 66 { { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },
73 { { SERPENT, TWOFISH, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 }, 67 { { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },
74 { { BLOWFISH, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy 68 { { 0, 0 }, { 0, 0}, 0 } // Must be all-zero
75 { { CAST, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
76 { { TRIPLEDES, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
77 { { BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
78 { { SERPENT, BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
79 { { 0, 0 }, { 0, 0, 0, 0 }, 0 } // Must be all-zero
80 69
81#else // TC_WINDOWS_BOOT 70#else // TC_WINDOWS_BOOT
82 71
@@ -105,7 +94,6 @@ static Hash Hashes[] =
105#ifndef TC_WINDOWS_BOOT 94#ifndef TC_WINDOWS_BOOT
106 { SHA512, "SHA-512", FALSE, FALSE }, 95 { SHA512, "SHA-512", FALSE, FALSE },
107 { WHIRLPOOL, "Whirlpool", FALSE, FALSE }, 96 { WHIRLPOOL, "Whirlpool", FALSE, FALSE },
108 { SHA1, "SHA-1", TRUE, FALSE }, // Deprecated/legacy
109#endif 97#endif
110 { 0, 0, 0 } 98 { 0, 0, 0 }
111}; 99};
@@ -138,32 +126,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
138 twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8); 126 twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8);
139 break; 127 break;
140 128
141#ifndef TC_WINDOWS_BOOT
142
143 case BLOWFISH:
144 /* Deprecated/legacy */
145 BlowfishSetKey ((BF_KEY *)ks, CipherGetKeySize(BLOWFISH), key);
146 break;
147
148 case CAST:
149 /* Deprecated/legacy */
150 Cast5SetKey ((CAST_KEY *) ks, CipherGetKeySize(CAST), key);
151 break;
152
153 case TRIPLEDES:
154 /* Deprecated/legacy */
155 TripleDesSetKey (key, CipherGetKeySize (TRIPLEDES), (TDES_KEY *) ks);
156
157 // Verify whether all three DES keys are mutually different
158 if (((*((__int64 *) key) ^ *((__int64 *) key+1)) & 0xFEFEFEFEFEFEFEFEULL) == 0
159 || ((*((__int64 *) key+1) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0
160 || ((*((__int64 *) key) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0)
161 retVal = ERR_CIPHER_INIT_WEAK_KEY; // Non-fatal error
162
163 break;
164
165#endif // TC_WINDOWS_BOOT
166
167 default: 129 default:
168 // Unknown/wrong cipher ID 130 // Unknown/wrong cipher ID
169 return ERR_CIPHER_INIT_FAILURE; 131 return ERR_CIPHER_INIT_FAILURE;
@@ -188,11 +150,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
188 150
189 case TWOFISH: twofish_encrypt (ks, data, data); break; 151 case TWOFISH: twofish_encrypt (ks, data, data); break;
190 case SERPENT: serpent_encrypt (data, data, ks); break; 152 case SERPENT: serpent_encrypt (data, data, ks); break;
191#ifndef TC_WINDOWS_BOOT
192 case BLOWFISH: BlowfishEncryptLE (data, data, ks, 1); break; // Deprecated/legacy
193 case CAST: Cast5Encrypt (data, data, ks); break; // Deprecated/legacy
194 case TRIPLEDES: TripleDesEncrypt (data, data, ks, 1); break; // Deprecated/legacy
195#endif
196 default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID 153 default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
197 } 154 }
198} 155}
@@ -256,9 +213,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
256 aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx))); 213 aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));
257 break; 214 break;
258 215
259 case BLOWFISH: BlowfishEncryptLE (data, data, ks, 0); break; // Deprecated/legacy
260 case CAST: Cast5Decrypt (data, data, ks); break; // Deprecated/legacy
261 case TRIPLEDES: TripleDesEncrypt (data, data, ks, 0); break; // Deprecated/legacy
262#else 216#else
263 case AES: aes_decrypt (data, data, ks); break; 217 case AES: aes_decrypt (data, data, ks); break;
264#endif 218#endif
@@ -427,28 +381,6 @@ BOOL EAInitMode (PCRYPTO_INFO ci)
427 that the size of each of the volumes is 1024 terabytes). */ 381 that the size of each of the volumes is 1024 terabytes). */
428 break; 382 break;
429 383
430 case LRW:
431 switch (CipherGetBlockSize (EAGetFirstCipher (ci->ea)))
432 {
433 case 8:
434 /* Deprecated/legacy */
435 return Gf64TabInit (ci->k2, &ci->gf_ctx);
436
437 case 16:
438 return Gf128Tab64Init (ci->k2, &ci->gf_ctx);
439
440 default:
441 TC_THROW_FATAL_EXCEPTION;
442 }
443
444 break;
445
446 case CBC:
447 case INNER_CBC:
448 case OUTER_CBC:
449 // The mode does not need to be initialized or is initialized elsewhere
450 return TRUE;
451
452 default: 384 default:
453 // Unknown/wrong ID 385 // Unknown/wrong ID
454 TC_THROW_FATAL_EXCEPTION; 386 TC_THROW_FATAL_EXCEPTION;
@@ -537,37 +469,6 @@ char *EAGetModeName (int ea, int mode, BOOL capitalLetters)
537 469
538 return "XTS"; 470 return "XTS";
539 471
540 case LRW:
541
542 /* Deprecated/legacy */
543
544 return "LRW";
545
546 case CBC:
547 {
548 /* Deprecated/legacy */
549
550 char eaName[100];
551 EAGetName (eaName, ea);
552
553 if (strcmp (eaName, "Triple DES") == 0)
554 return capitalLetters ? "Outer-CBC" : "outer-CBC";
555
556 return "CBC";
557 }
558
559 case OUTER_CBC:
560
561 /* Deprecated/legacy */
562
563 return capitalLetters ? "Outer-CBC" : "outer-CBC";
564
565 case INNER_CBC:
566
567 /* Deprecated/legacy */
568
569 return capitalLetters ? "Inner-CBC" : "inner-CBC";
570
571 } 472 }
572 return "[unknown]"; 473 return "[unknown]";
573} 474}
@@ -805,441 +706,6 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
805#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE 706#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
806 707
807 708
808#ifndef TC_NO_COMPILER_INT64
809void Xor128 (unsigned __int64 *a, unsigned __int64 *b)
810{
811 *a++ ^= *b++;
812 *a ^= *b;
813}
814
815
816void Xor64 (unsigned __int64 *a, unsigned __int64 *b)
817{
818 *a ^= *b;
819}
820
821
822void EncryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
823{
824 /* Deprecated/legacy */
825
826 int cipher = EAGetFirstCipher (cryptoInfo->ea);
827 int cipherCount = EAGetCipherCount (cryptoInfo->ea);
828 unsigned __int8 *p = buffer;
829 unsigned __int8 *ks = cryptoInfo->ks;
830 unsigned __int8 i[8];
831 unsigned __int8 t[16];
832 unsigned __int64 b;
833
834 *(unsigned __int64 *)i = BE64(blockIndex);
835
836 if (length % 16)
837 TC_THROW_FATAL_EXCEPTION;
838
839 // Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
840
841 for (b = 0; b < length >> 4; b++)
842 {
843 Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
844 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
845
846 if (cipherCount > 1)
847 {
848 // Cipher cascade
849 for (cipher = EAGetFirstCipher (cryptoInfo->ea);
850 cipher != 0;
851 cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
852 {
853 EncipherBlock (cipher, p, ks);
854 ks += CipherGetKeyScheduleSize (cipher);
855 }
856 ks = cryptoInfo->ks;
857 }
858 else
859 {
860 EncipherBlock (cipher, p, ks);
861 }
862
863 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
864
865 p += 16;
866
867 if (i[7] != 0xff)
868 i[7]++;
869 else
870 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
871 }
872
873 FAST_ERASE64 (t, sizeof(t));
874}
875
876
877void EncryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
878{
879 /* Deprecated/legacy */
880
881 int cipher = EAGetFirstCipher (cryptoInfo->ea);
882 unsigned __int8 *p = buffer;
883 unsigned __int8 *ks = cryptoInfo->ks;
884 unsigned __int8 i[8];
885 unsigned __int8 t[8];
886 unsigned __int64 b;
887
888 *(unsigned __int64 *)i = BE64(blockIndex);
889
890 if (length % 8)
891 TC_THROW_FATAL_EXCEPTION;
892
893 for (b = 0; b < length >> 3; b++)
894 {
895 Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
896 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
897
898 EncipherBlock (cipher, p, ks);
899
900 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
901
902 p += 8;
903
904 if (i[7] != 0xff)
905 i[7]++;
906 else
907 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
908 }
909
910 FAST_ERASE64 (t, sizeof(t));
911}
912
913
914void DecryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
915{
916 /* Deprecated/legacy */
917
918 int cipher = EAGetFirstCipher (cryptoInfo->ea);
919 int cipherCount = EAGetCipherCount (cryptoInfo->ea);
920 unsigned __int8 *p = buffer;
921 unsigned __int8 *ks = cryptoInfo->ks;
922 unsigned __int8 i[8];
923 unsigned __int8 t[16];
924 unsigned __int64 b;
925
926 *(unsigned __int64 *)i = BE64(blockIndex);
927
928 if (length % 16)
929 TC_THROW_FATAL_EXCEPTION;
930
931 // Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
932
933 for (b = 0; b < length >> 4; b++)
934 {
935 Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
936 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
937
938 if (cipherCount > 1)
939 {
940 // Cipher cascade
941 ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
942
943 for (cipher = EAGetLastCipher (cryptoInfo->ea);
944 cipher != 0;
945 cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
946 {
947 ks -= CipherGetKeyScheduleSize (cipher);
948 DecipherBlock (cipher, p, ks);
949 }
950 }
951 else
952 {
953 DecipherBlock (cipher, p, ks);
954 }
955
956 Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
957
958 p += 16;
959
960 if (i[7] != 0xff)
961 i[7]++;
962 else
963 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
964 }
965
966 FAST_ERASE64 (t, sizeof(t));
967}
968
969
970
971void DecryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
972{
973 /* Deprecated/legacy */
974
975 int cipher = EAGetFirstCipher (cryptoInfo->ea);
976 unsigned __int8 *p = buffer;
977 unsigned __int8 *ks = cryptoInfo->ks;
978 unsigned __int8 i[8];
979 unsigned __int8 t[8];
980 unsigned __int64 b;
981
982 *(unsigned __int64 *)i = BE64(blockIndex);
983
984 if (length % 8)
985 TC_THROW_FATAL_EXCEPTION;
986
987 for (b = 0; b < length >> 3; b++)
988 {
989 Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
990 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
991
992 DecipherBlock (cipher, p, ks);
993
994 Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
995
996 p += 8;
997
998 if (i[7] != 0xff)
999 i[7]++;
1000 else
1001 *(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
1002 }
1003
1004 FAST_ERASE64 (t, sizeof(t));
1005}
1006
1007
1008// Initializes IV and whitening values for sector encryption/decryption in CBC mode.
1009// IMPORTANT: This function has been deprecated (legacy).
1010static void
1011InitSectorIVAndWhitening (unsigned __int64 unitNo,
1012 int blockSize,
1013 unsigned __int32 *iv,
1014 unsigned __int64 *ivSeed,
1015 unsigned __int32 *whitening)
1016{
1017
1018 /* IMPORTANT: This function has been deprecated (legacy) */
1019
1020 unsigned __int64 iv64[4];
1021 unsigned __int32 *iv32 = (unsigned __int32 *) iv64;
1022
1023 iv64[0] = ivSeed[0] ^ LE64(unitNo);
1024 iv64[1] = ivSeed[1] ^ LE64(unitNo);
1025 iv64[2] = ivSeed[2] ^ LE64(unitNo);
1026 if (blockSize == 16)
1027 {
1028 iv64[3] = ivSeed[3] ^ LE64(unitNo);
1029 }
1030
1031 iv[0] = iv32[0];
1032 iv[1] = iv32[1];
1033
1034 switch (blockSize)
1035 {
1036 case 16:
1037
1038 // 128-bit block
1039
1040 iv[2] = iv32[2];
1041 iv[3] = iv32[3];
1042
1043 whitening[0] = LE32( crc32int ( &iv32[4] ) ^ crc32int ( &iv32[7] ) );
1044 whitening[1] = LE32( crc32int ( &iv32[5] ) ^ crc32int ( &iv32[6] ) );
1045 break;
1046
1047 case 8:
1048
1049 // 64-bit block
1050
1051 whitening[0] = LE32( crc32int ( &iv32[2] ) ^ crc32int ( &iv32[5] ) );
1052 whitening[1] = LE32( crc32int ( &iv32[3] ) ^ crc32int ( &iv32[4] ) );
1053 break;
1054
1055 default:
1056 TC_THROW_FATAL_EXCEPTION;
1057 }
1058}
1059
1060
1061// EncryptBufferCBC (deprecated/legacy)
1062//
1063// data: data to be encrypted
1064// len: number of bytes to encrypt (must be divisible by the largest cipher block size)
1065// ks: scheduled key
1066// iv: IV
1067// whitening: whitening constants
1068// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
1069// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
1070
1071static void
1072EncryptBufferCBC (unsigned __int32 *data,
1073 unsigned int len,
1074 unsigned __int8 *ks,
1075 unsigned __int32 *iv,
1076 unsigned __int32 *whitening,
1077 int ea,
1078 int cipher)
1079{
1080 /* IMPORTANT: This function has been deprecated (legacy) */
1081
1082 unsigned __int32 bufIV[4];
1083 unsigned __int64 i;
1084 int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
1085
1086 if (len % blockSize)
1087 TC_THROW_FATAL_EXCEPTION;
1088
1089 // IV
1090 bufIV[0] = iv[0];
1091 bufIV[1] = iv[1];
1092 if (blockSize == 16)
1093 {
1094 bufIV[2] = iv[2];
1095 bufIV[3] = iv[3];
1096 }
1097
1098 // Encrypt each block
1099 for (i = 0; i < len/blockSize; i++)
1100 {
1101 // CBC
1102 data[0] ^= bufIV[0];
1103 data[1] ^= bufIV[1];
1104 if (blockSize == 16)
1105 {
1106 data[2] ^= bufIV[2];
1107 data[3] ^= bufIV[3];
1108 }
1109
1110 if (ea != 0)
1111 {
1112 // Outer-CBC
1113 for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
1114 {
1115 EncipherBlock (cipher, data, ks);
1116 ks += CipherGetKeyScheduleSize (cipher);
1117 }
1118 ks -= EAGetKeyScheduleSize (ea);
1119 }
1120 else
1121 {
1122 // CBC/inner-CBC
1123 EncipherBlock (cipher, data, ks);
1124 }
1125
1126 // CBC
1127 bufIV[0] = data[0];
1128 bufIV[1] = data[1];
1129 if (blockSize == 16)
1130 {
1131 bufIV[2] = data[2];
1132 bufIV[3] = data[3];
1133 }
1134
1135 // Whitening
1136 data[0] ^= whitening[0];
1137 data[1] ^= whitening[1];
1138 if (blockSize == 16)
1139 {
1140 data[2] ^= whitening[0];
1141 data[3] ^= whitening[1];
1142 }
1143
1144 data += blockSize / sizeof(*data);
1145 }
1146}
1147
1148
1149// DecryptBufferCBC (deprecated/legacy)
1150//
1151// data: data to be decrypted
1152// len: number of bytes to decrypt (must be divisible by the largest cipher block size)
1153// ks: scheduled key
1154// iv: IV
1155// whitening: whitening constants
1156// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
1157// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
1158
1159static void
1160DecryptBufferCBC (unsigned __int32 *data,
1161 unsigned int len,
1162 unsigned __int8 *ks,
1163 unsigned __int32 *iv,
1164 unsigned __int32 *whitening,
1165 int ea,
1166 int cipher)
1167{
1168
1169 /* IMPORTANT: This function has been deprecated (legacy) */
1170
1171 unsigned __int32 bufIV[4];
1172 unsigned __int64 i;
1173 unsigned __int32 ct[4];
1174 int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
1175
1176 if (len % blockSize)
1177 TC_THROW_FATAL_EXCEPTION;
1178
1179 // IV
1180 bufIV[0] = iv[0];
1181 bufIV[1] = iv[1];
1182 if (blockSize == 16)
1183 {
1184 bufIV[2] = iv[2];
1185 bufIV[3] = iv[3];
1186 }
1187
1188 // Decrypt each block
1189 for (i = 0; i < len/blockSize; i++)
1190 {
1191 // Dewhitening
1192 data[0] ^= whitening[0];
1193 data[1] ^= whitening[1];
1194 if (blockSize == 16)
1195 {
1196 data[2] ^= whitening[0];
1197 data[3] ^= whitening[1];
1198 }
1199
1200 // CBC
1201 ct[0] = data[0];
1202 ct[1] = data[1];
1203 if (blockSize == 16)
1204 {
1205 ct[2] = data[2];
1206 ct[3] = data[3];
1207 }
1208
1209 if (ea != 0)
1210 {
1211 // Outer-CBC
1212 ks += EAGetKeyScheduleSize (ea);
1213 for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
1214 {
1215 ks -= CipherGetKeyScheduleSize (cipher);
1216 DecipherBlock (cipher, data, ks);
1217 }
1218 }
1219 else
1220 {
1221 // CBC/inner-CBC
1222 DecipherBlock (cipher, data, ks);
1223 }
1224
1225 // CBC
1226 data[0] ^= bufIV[0];
1227 data[1] ^= bufIV[1];
1228 bufIV[0] = ct[0];
1229 bufIV[1] = ct[1];
1230 if (blockSize == 16)
1231 {
1232 data[2] ^= bufIV[2];
1233 data[3] ^= bufIV[3];
1234 bufIV[2] = ct[2];
1235 bufIV[3] = ct[3];
1236 }
1237
1238 data += blockSize / sizeof(*data);
1239 }
1240}
1241#endif // #ifndef TC_NO_COMPILER_INT64
1242
1243 709
1244// EncryptBuffer 710// EncryptBuffer
1245// 711//
@@ -1275,100 +741,12 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
1275 } 741 }
1276 break; 742 break;
1277 743
1278#ifndef TC_NO_COMPILER_INT64
1279 case LRW:
1280
1281 /* Deprecated/legacy */
1282
1283 switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
1284 {
1285 case 8:
1286 EncryptBufferLRW64 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
1287 break;
1288
1289 case 16:
1290 EncryptBufferLRW128 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
1291 break;
1292
1293 default:
1294 TC_THROW_FATAL_EXCEPTION;
1295 }
1296 break;
1297
1298 case CBC:
1299 case INNER_CBC:
1300 {
1301 /* Deprecated/legacy */
1302
1303 unsigned __int8 *ks = cryptoInfo->ks;
1304 int cipher;
1305
1306 for (cipher = EAGetFirstCipher (cryptoInfo->ea);
1307 cipher != 0;
1308 cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
1309 {
1310 EncryptBufferCBC ((unsigned __int32 *) buf,
1311 (unsigned int) len,
1312 ks,
1313 (unsigned __int32 *) cryptoInfo->k2,
1314 (unsigned __int32 *) &cryptoInfo->k2[8],
1315 0,
1316 cipher);
1317
1318 ks += CipherGetKeyScheduleSize (cipher);
1319 }
1320 }
1321 break;
1322
1323 case OUTER_CBC:
1324
1325 /* Deprecated/legacy */
1326
1327 EncryptBufferCBC ((unsigned __int32 *) buf,
1328 (unsigned int) len,
1329 cryptoInfo->ks,
1330 (unsigned __int32 *) cryptoInfo->k2,
1331 (unsigned __int32 *) &cryptoInfo->k2[8],
1332 cryptoInfo->ea,
1333 0);
1334
1335 break;
1336#endif // #ifndef TC_NO_COMPILER_INT64
1337
1338 default: 744 default:
1339 // Unknown/wrong ID 745 // Unknown/wrong ID
1340 TC_THROW_FATAL_EXCEPTION; 746 TC_THROW_FATAL_EXCEPTION;
1341 } 747 }
1342} 748}
1343 749
1344#ifndef TC_NO_COMPILER_INT64
1345// Converts a data unit number to the index of the first LRW block in the data unit.
1346// Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
1347uint64 DataUnit2LRWIndex (uint64 dataUnit, int blockSize, PCRYPTO_INFO ci)
1348{
1349 /* Deprecated/legacy */
1350
1351 if (ci->hiddenVolume)
1352 dataUnit -= ci->hiddenVolumeOffset / ENCRYPTION_DATA_UNIT_SIZE;
1353 else
1354 dataUnit -= TC_VOLUME_HEADER_SIZE_LEGACY / ENCRYPTION_DATA_UNIT_SIZE; // Compensate for the volume header size
1355
1356 switch (blockSize)
1357 {
1358 case 8:
1359 return (dataUnit << 6) | 1;
1360
1361 case 16:
1362 return (dataUnit << 5) | 1;
1363
1364 default:
1365 TC_THROW_FATAL_EXCEPTION;
1366 }
1367
1368 return 0;
1369}
1370#endif // #ifndef TC_NO_COMPILER_INT64
1371
1372 750
1373// buf: data to be encrypted 751// buf: data to be encrypted
1374// unitNo: sequential number of the data unit with which the buffer starts 752// unitNo: sequential number of the data unit with which the buffer starts
@@ -1387,14 +765,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1387 unsigned __int8 *ks2 = ci->ks2; 765 unsigned __int8 *ks2 = ci->ks2;
1388 int cipher; 766 int cipher;
1389 767
1390#ifndef TC_NO_COMPILER_INT64
1391 void *iv = ci->k2; // Deprecated/legacy
1392 unsigned __int64 unitNo = structUnitNo->Value;
1393 unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
1394 unsigned __int32 sectorIV[4]; // Deprecated/legacy
1395 unsigned __int32 secWhitening[2]; // Deprecated/legacy
1396#endif
1397
1398 switch (ci->mode) 768 switch (ci->mode)
1399 { 769 {
1400 case XTS: 770 case XTS:
@@ -1413,81 +783,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1413 } 783 }
1414 break; 784 break;
1415 785
1416#ifndef TC_NO_COMPILER_INT64
1417 case LRW:
1418
1419 /* Deprecated/legacy */
1420
1421 switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
1422 {
1423 case 8:
1424 EncryptBufferLRW64 (buf,
1425 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1426 DataUnit2LRWIndex (unitNo, 8, ci),
1427 ci);
1428 break;
1429
1430 case 16:
1431 EncryptBufferLRW128 (buf,
1432 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1433 DataUnit2LRWIndex (unitNo, 16, ci),
1434 ci);
1435 break;
1436
1437 default:
1438 TC_THROW_FATAL_EXCEPTION;
1439 }
1440 break;
1441
1442 case CBC:
1443 case INNER_CBC:
1444
1445 /* Deprecated/legacy */
1446
1447 while (nbrUnits--)
1448 {
1449 for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
1450 {
1451 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
1452
1453 EncryptBufferCBC ((unsigned __int32 *) buf,
1454 ENCRYPTION_DATA_UNIT_SIZE,
1455 ks,
1456 sectorIV,
1457 secWhitening,
1458 0,
1459 cipher);
1460
1461 ks += CipherGetKeyScheduleSize (cipher);
1462 }
1463 ks -= EAGetKeyScheduleSize (ea);
1464 buf += ENCRYPTION_DATA_UNIT_SIZE;
1465 unitNo++;
1466 }
1467 break;
1468
1469 case OUTER_CBC:
1470
1471 /* Deprecated/legacy */
1472
1473 while (nbrUnits--)
1474 {
1475 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
1476
1477 EncryptBufferCBC ((unsigned __int32 *) buf,
1478 ENCRYPTION_DATA_UNIT_SIZE,
1479 ks,
1480 sectorIV,
1481 secWhitening,
1482 ea,
1483 0);
1484
1485 buf += ENCRYPTION_DATA_UNIT_SIZE;
1486 unitNo++;
1487 }
1488 break;
1489#endif // #ifndef TC_NO_COMPILER_INT64
1490
1491 default: 786 default:
1492 // Unknown/wrong ID 787 // Unknown/wrong ID
1493 TC_THROW_FATAL_EXCEPTION; 788 TC_THROW_FATAL_EXCEPTION;
@@ -1528,65 +823,6 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
1528 } 823 }
1529 break; 824 break;
1530 825
1531#ifndef TC_NO_COMPILER_INT64
1532 case LRW:
1533
1534 /* Deprecated/legacy */
1535
1536 switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
1537 {
1538 case 8:
1539 DecryptBufferLRW64 (buf, (unsigned __int64) len, 1, cryptoInfo);
1540 break;
1541
1542 case 16:
1543 DecryptBufferLRW128 (buf, (unsigned __int64) len, 1, cryptoInfo);
1544 break;
1545
1546 default:
1547 TC_THROW_FATAL_EXCEPTION;
1548 }
1549 break;
1550
1551 case CBC:
1552 case INNER_CBC:
1553 {
1554 /* Deprecated/legacy */
1555
1556 unsigned __int8 *ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
1557 int cipher;
1558 for (cipher = EAGetLastCipher (cryptoInfo->ea);
1559 cipher != 0;
1560 cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
1561 {
1562 ks -= CipherGetKeyScheduleSize (cipher);
1563
1564 DecryptBufferCBC ((unsigned __int32 *) buf,
1565 (unsigned int) len,
1566 ks,
1567 (unsigned __int32 *) cryptoInfo->k2,
1568 (unsigned __int32 *) &cryptoInfo->k2[8],
1569 0,
1570 cipher);
1571 }
1572 }
1573 break;
1574
1575 case OUTER_CBC:
1576
1577 /* Deprecated/legacy */
1578
1579 DecryptBufferCBC ((unsigned __int32 *) buf,
1580 (unsigned int) len,
1581 cryptoInfo->ks,
1582 (unsigned __int32 *) cryptoInfo->k2,
1583 (unsigned __int32 *) &cryptoInfo->k2[8],
1584 cryptoInfo->ea,
1585 0);
1586
1587 break;
1588#endif // #ifndef TC_NO_COMPILER_INT64
1589
1590 default: 826 default:
1591 // Unknown/wrong ID 827 // Unknown/wrong ID
1592 TC_THROW_FATAL_EXCEPTION; 828 TC_THROW_FATAL_EXCEPTION;
@@ -1610,14 +846,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1610 unsigned __int8 *ks2 = ci->ks2; 846 unsigned __int8 *ks2 = ci->ks2;
1611 int cipher; 847 int cipher;
1612 848
1613#ifndef TC_NO_COMPILER_INT64
1614 void *iv = ci->k2; // Deprecated/legacy
1615 unsigned __int64 unitNo = structUnitNo->Value;
1616 unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
1617 unsigned __int32 sectorIV[4]; // Deprecated/legacy
1618 unsigned __int32 secWhitening[2]; // Deprecated/legacy
1619#endif // #ifndef TC_NO_COMPILER_INT64
1620
1621 849
1622 switch (ci->mode) 850 switch (ci->mode)
1623 { 851 {
@@ -1640,81 +868,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
1640 } 868 }
1641 break; 869 break;
1642 870
1643#ifndef TC_NO_COMPILER_INT64
1644 case LRW:
1645
1646 /* Deprecated/legacy */
1647
1648 switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
1649 {
1650 case 8:
1651 DecryptBufferLRW64 (buf,
1652 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1653 DataUnit2LRWIndex (unitNo, 8, ci),
1654 ci);
1655 break;
1656
1657 case 16:
1658 DecryptBufferLRW128 (buf,
1659 (unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
1660 DataUnit2LRWIndex (unitNo, 16, ci),
1661 ci);
1662 break;
1663
1664 default:
1665 TC_THROW_FATAL_EXCEPTION;
1666 }
1667 break;
1668
1669 case CBC:
1670 case INNER_CBC:
1671
1672 /* Deprecated/legacy */
1673
1674 while (nbrUnits--)
1675 {
1676 ks += EAGetKeyScheduleSize (ea);
1677 for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
1678 {
1679 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
1680
1681 ks -= CipherGetKeyScheduleSize (cipher);
1682
1683 DecryptBufferCBC ((unsigned __int32 *) buf,
1684 ENCRYPTION_DATA_UNIT_SIZE,
1685 ks,
1686 sectorIV,
1687 secWhitening,
1688 0,
1689 cipher);
1690 }
1691 buf += ENCRYPTION_DATA_UNIT_SIZE;
1692 unitNo++;
1693 }
1694 break;
1695
1696 case OUTER_CBC:
1697
1698 /* Deprecated/legacy */
1699
1700 while (nbrUnits--)
1701 {
1702 InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
1703
1704 DecryptBufferCBC ((unsigned __int32 *) buf,
1705 ENCRYPTION_DATA_UNIT_SIZE,
1706 ks,
1707 sectorIV,
1708 secWhitening,
1709 ea,
1710 0);
1711
1712 buf += ENCRYPTION_DATA_UNIT_SIZE;
1713 unitNo++;
1714 }
1715 break;
1716#endif // #ifndef TC_NO_COMPILER_INT64
1717
1718 default: 871 default:
1719 // Unknown/wrong ID 872 // Unknown/wrong ID
1720 TC_THROW_FATAL_EXCEPTION; 873 TC_THROW_FATAL_EXCEPTION;
@@ -1729,13 +882,6 @@ int GetMaxPkcs5OutSize (void)
1729 882
1730 size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys 883 size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys
1731 884
1732#ifndef TC_WINDOWS_BOOT
1733 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (LRW)); // Deprecated/legacy
1734 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (CBC)); // Deprecated/legacy
1735 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (OUTER_CBC)); // Deprecated/legacy
1736 size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (INNER_CBC)); // Deprecated/legacy
1737#endif
1738
1739 return size; 885 return size;
1740} 886}
1741 887
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 4f47ec04..f183a436 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -42,9 +42,6 @@ extern "C" {
42// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode) 42// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
43#define MASTER_KEYDATA_SIZE 256 43#define MASTER_KEYDATA_SIZE 256
44 44
45// Size of the deprecated volume header item containing either an IV seed (CBC mode) or tweak key (LRW mode)
46#define LEGACY_VOL_IV_SIZE 32
47
48// The first PRF to try when mounting 45// The first PRF to try when mounting
49#define FIRST_PRF_ID 1 46#define FIRST_PRF_ID 1
50 47
@@ -55,7 +52,6 @@ enum
55#ifndef TC_WINDOWS_BOOT 52#ifndef TC_WINDOWS_BOOT
56 SHA512, 53 SHA512,
57 WHIRLPOOL, 54 WHIRLPOOL,
58 SHA1, // Deprecated/legacy
59#endif 55#endif
60 HASH_ENUM_END_ID 56 HASH_ENUM_END_ID
61}; 57};
@@ -89,12 +85,6 @@ enum
89 /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */ 85 /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
90 86
91 XTS = FIRST_MODE_OF_OPERATION_ID, 87 XTS = FIRST_MODE_OF_OPERATION_ID,
92#ifndef TC_WINDOWS_BOOT
93 LRW, // Deprecated/legacy
94 CBC, // Deprecated/legacy
95 OUTER_CBC, // Deprecated/legacy
96 INNER_CBC, // Deprecated/legacy
97#endif
98 MODE_ENUM_END_ID 88 MODE_ENUM_END_ID
99}; 89};
100 90
@@ -115,12 +105,7 @@ enum
115 NONE = 0, 105 NONE = 0,
116 AES, 106 AES,
117 SERPENT, 107 SERPENT,
118 TWOFISH, 108 TWOFISH
119#ifndef TC_WINDOWS_BOOT
120 BLOWFISH, // Deprecated/legacy
121 CAST, // Deprecated/legacy
122 TRIPLEDES // Deprecated/legacy
123#endif
124}; 109};
125 110
126typedef struct 111typedef struct
@@ -184,15 +169,11 @@ typedef struct
184#endif 169#endif
185 170
186#include "Aes_hw_cpu.h" 171#include "Aes_hw_cpu.h"
187#include "Blowfish.h"
188#include "Cast.h"
189#include "Des.h"
190#include "Serpent.h" 172#include "Serpent.h"
191#include "Twofish.h" 173#include "Twofish.h"
192 174
193#include "Rmd160.h" 175#include "Rmd160.h"
194#ifndef TC_WINDOWS_BOOT 176#ifndef TC_WINDOWS_BOOT
195# include "Sha1.h"
196# include "Sha2.h" 177# include "Sha2.h"
197# include "Whirlpool.h" 178# include "Whirlpool.h"
198#endif 179#endif
@@ -313,13 +294,6 @@ void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo,
313void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci); 294void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
314void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo); 295void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
315void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo); 296void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
316#ifndef TC_NO_COMPILER_INT64
317void EncryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
318void DecryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
319void EncryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
320void DecryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
321uint64 DataUnit2LRWIndex (uint64 dataUnit, int blockSize, PCRYPTO_INFO ci);
322#endif // #ifndef TC_NO_COMPILER_INT64
323 297
324BOOL IsAesHwCpuSupported (); 298BOOL IsAesHwCpuSupported ();
325void EnableHwEncryption (BOOL enable); 299void EnableHwEncryption (BOOL enable);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 071ed8e2..b40a41cd 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -5366,15 +5366,6 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
5366 } 5366 }
5367 else 5367 else
5368 { 5368 {
5369 if (idTestCipher == BLOWFISH)
5370 {
5371 /* Deprecated/legacy */
5372
5373 /* Convert to little-endian, this is needed here and not in
5374 above auto-tests because BF_ecb_encrypt above correctly converts
5375 from big to little endian, and EncipherBlock does not! */
5376 LongReverse((unsigned int *) tmp, pt);
5377 }
5378 5369
5379 CipherInit2(idTestCipher, key, ks_tmp, ks); 5370 CipherInit2(idTestCipher, key, ks_tmp, ks);
5380 5371
@@ -5387,13 +5378,6 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
5387 DecipherBlock(idTestCipher, tmp, ks_tmp); 5378 DecipherBlock(idTestCipher, tmp, ks_tmp);
5388 } 5379 }
5389 5380
5390 if (idTestCipher == BLOWFISH)
5391 {
5392 /* Deprecated/legacy */
5393
5394 /* Convert back to big-endian */
5395 LongReverse((unsigned int *) tmp, pt);
5396 }
5397 } 5381 }
5398 *szTmp = 0; 5382 *szTmp = 0;
5399 5383
@@ -5464,43 +5448,6 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
5464 5448
5465 SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), "0000000000000000000000000000000000000000000000000000000000000000"); 5449 SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), "0000000000000000000000000000000000000000000000000000000000000000");
5466 SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), "0"); 5450 SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), "0");
5467
5468 if (idTestCipher == BLOWFISH)
5469 {
5470 /* Deprecated/legacy */
5471
5472 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "448");
5473 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 56);
5474 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "256");
5475 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 32);
5476 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "128");
5477 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 16);
5478 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "64");
5479 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 8);
5480 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, 0,0);
5481 SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
5482 }
5483
5484
5485 if (idTestCipher == CAST)
5486 {
5487 /* Deprecated/legacy */
5488
5489 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "128");
5490 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 16);
5491 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, ndx,0);
5492 SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "00000000000000000000000000000000");
5493 }
5494
5495 if (idTestCipher == TRIPLEDES)
5496 {
5497 /* Deprecated/legacy */
5498
5499 ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "168");
5500 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 24);
5501 SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, ndx,0);
5502 SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "000000000000000000000000000000000000000000000000");
5503 }
5504 5451
5505 SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), "0000000000000000"); 5452 SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), "0000000000000000");
5506 SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), "0000000000000000"); 5453 SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), "0000000000000000");
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index fdedf36f..f213ea34 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -173,11 +173,6 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
173 workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize()); 173 workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
174 break; 174 break;
175 175
176 case SHA1:
177 derive_key_sha1 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
178 workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
179 break;
180
181 default: 176 default:
182 TC_THROW_FATAL_EXCEPTION; 177 TC_THROW_FATAL_EXCEPTION;
183 } 178 }
diff --git a/src/Common/GfMul.c b/src/Common/GfMul.c
index 7e170bc1..7cc36ec1 100644
--- a/src/Common/GfMul.c
+++ b/src/Common/GfMul.c
@@ -651,43 +651,6 @@ int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx)
651 return TRUE; 651 return TRUE;
652} 652}
653 653
654int Gf64TabInit (unsigned __int8 *a, GfCtx *ctx)
655{
656 /* Deprecated/legacy */
657
658 GfCtx4k64 *ctx4k;
659 unsigned __int8 am[8];
660 int i, j;
661
662 ctx4k = (GfCtx4k64 *) TCalloc (sizeof (GfCtx4k64));
663 if (!ctx4k)
664 return FALSE;
665
666 memcpy (am, a, 8);
667 MirrorBits64 (am);
668 compile_4k_table64 (am, ctx4k);
669
670 /* Convert LSB-first table to MSB-first */
671 for (i = 0; i < 16; i++)
672 {
673 for (j = 0; j < 16; j++)
674 {
675 int jm = 0;
676 jm |= (j & 0x1) << 3;
677 jm |= (j & 0x2) << 1;
678 jm |= (j & 0x4) >> 1;
679 jm |= (j & 0x8) >> 3;
680
681 memcpy (&ctx->gf_t64[i][jm], (unsigned char *)&ctx4k->gf_t4k[15-i][j], 8);
682 MirrorBits64 ((unsigned char *)&ctx->gf_t64[i][jm]);
683 }
684 }
685
686 burn (ctx4k,sizeof (*ctx4k));
687 burn (am, sizeof (am));
688 TCfree (ctx4k);
689 return TRUE;
690}
691 654
692#define xor_8kt64(i) \ 655#define xor_8kt64(i) \
693 xor_block_aligned(r, ctx->gf_t128[i + i][a[i] & 15]); \ 656 xor_block_aligned(r, ctx->gf_t128[i + i][a[i] & 15]); \
@@ -718,36 +681,6 @@ void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx)
718 move_block_aligned(p, r); 681 move_block_aligned(p, r);
719} 682}
720 683
721#define xor_8k64(i) \
722 xor_block_aligned64(r, ctx->gf_t64[i + i][a[i] & 15]); \
723 xor_block_aligned64(r, ctx->gf_t64[i + i + 1][a[i] >> 4])
724
725/* Multiply two 64-bit numbers in the finite field GF(2^64) */
726void Gf64MulTab (unsigned char a[8], unsigned char p[8], GfCtx *ctx)
727{
728 /* Deprecated/legacy */
729
730 unsigned __int32 r[CBLK_LEN8 >> 2];
731
732 move_block_aligned64(r, ctx->gf_t64[7*2][a[7] & 15]);
733 xor_block_aligned64(r, ctx->gf_t64[7*2+1][a[7] >> 4]);
734
735 if (*(unsigned __int16 *)a)
736 {
737 xor_8k64(0);
738 xor_8k64(1);
739 }
740 if (a[2])
741 {
742 xor_8k64(2);
743 }
744 xor_8k64(3);
745 xor_8k64(4);
746 xor_8k64(5);
747 xor_8k64(6);
748
749 move_block_aligned64(p, r);
750}
751 684
752 685
753/* Basic algorithms for testing of optimized algorithms */ 686/* Basic algorithms for testing of optimized algorithms */
@@ -809,32 +742,6 @@ static void shl64 (unsigned __int8 *a)
809 } 742 }
810} 743}
811 744
812static void GfMul64Basic (unsigned __int8 *a, unsigned __int8 *b, unsigned __int8* p)
813{
814 /* Deprecated/legacy */
815
816 int i;
817 unsigned __int8 la[8];
818 memcpy (la, a, 8);
819 memset (p, 0, 8);
820
821 for (i = 0; i < 64; i++)
822 {
823 if (IsBitSet64 (i, b))
824 xor64 ((uint64 *)p, (uint64 *)la);
825
826 if (la[0] & 0x80)
827 {
828 shl64 (la);
829 la[7] ^= 0x1b;
830 }
831 else
832 {
833 shl64 (la);
834 }
835 }
836}
837
838 745
839BOOL GfMulSelfTest () 746BOOL GfMulSelfTest ()
840{ 747{
@@ -849,23 +756,6 @@ BOOL GfMulSelfTest ()
849 if (!gfCtx) 756 if (!gfCtx)
850 return FALSE; 757 return FALSE;
851 758
852 /* GF(2^64) - deprecated/legacy */
853 for (i = 0; i < 0x100; i++)
854 {
855 for (j = 0; j < 8; j++)
856 {
857 a[j] = (unsigned __int8) i;
858 b[j] = a[j] ^ 0xff;
859 }
860
861 GfMul64Basic (a, b, p1);
862
863 Gf64TabInit (a, gfCtx);
864 Gf64MulTab (b, p2, gfCtx);
865
866 if (memcmp (p1, p2, 8) != 0)
867 result = FALSE;
868 }
869 759
870 /* GF(2^128) */ 760 /* GF(2^128) */
871 for (i = 0; i < 0x100; i++) 761 for (i = 0; i < 0x100; i++)
diff --git a/src/Common/GfMul.h b/src/Common/GfMul.h
index ce5aa022..12dc864f 100644
--- a/src/Common/GfMul.h
+++ b/src/Common/GfMul.h
@@ -63,8 +63,6 @@ void GfMul128 (void *a, const void* b);
63void GfMul128Tab(unsigned char a[16], GfCtx8k *ctx); 63void GfMul128Tab(unsigned char a[16], GfCtx8k *ctx);
64int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx); 64int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx);
65void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx); 65void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx);
66int Gf64TabInit (unsigned __int8 *a, GfCtx *ctx);
67void Gf64MulTab (unsigned char a[8], unsigned char p[8], GfCtx *ctx);
68void MirrorBits128 (unsigned __int8 *a); 66void MirrorBits128 (unsigned __int8 *a);
69void MirrorBits64 (unsigned __int8 *a); 67void MirrorBits64 (unsigned __int8 *a);
70BOOL GfMulSelfTest (); 68BOOL GfMulSelfTest ();
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index 00cf7941..8f21bb80 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -14,7 +14,6 @@
14#include <memory.h> 14#include <memory.h>
15#include "Rmd160.h" 15#include "Rmd160.h"
16#ifndef TC_WINDOWS_BOOT 16#ifndef TC_WINDOWS_BOOT
17#include "Sha1.h"
18#include "Sha2.h" 17#include "Sha2.h"
19#include "Whirlpool.h" 18#include "Whirlpool.h"
20#endif 19#endif
@@ -175,150 +174,6 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int it
175 burn (u, sizeof(u)); 174 burn (u, sizeof(u));
176} 175}
177 176
178
179/* Deprecated/legacy */
180void hmac_sha1
181(
182 char *k, /* secret key */
183 int lk, /* length of the key in bytes */
184 char *d, /* data */
185 int ld, /* length of data in bytes */
186 char *out, /* output buffer, at least "t" bytes */
187 int t
188)
189{
190 sha1_ctx ictx, octx;
191 char isha[SHA1_DIGESTSIZE], osha[SHA1_DIGESTSIZE];
192 char key[SHA1_DIGESTSIZE];
193 char buf[SHA1_BLOCKSIZE];
194 int i;
195
196 /* If the key is longer than the hash algorithm block size,
197 let key = sha1(key), as per HMAC specifications. */
198 if (lk > SHA1_BLOCKSIZE)
199 {
200 sha1_ctx tctx;
201
202 sha1_begin (&tctx);
203 sha1_hash ((unsigned char *) k, lk, &tctx);
204 sha1_end ((unsigned char *) key, &tctx);
205
206 k = key;
207 lk = SHA1_DIGESTSIZE;
208
209 burn (&tctx, sizeof(tctx)); // Prevent leaks
210 }
211
212 /**** Inner Digest ****/
213
214 sha1_begin (&ictx);
215
216 /* Pad the key for inner digest */
217 for (i = 0; i < lk; ++i)
218 buf[i] = (char) (k[i] ^ 0x36);
219 for (i = lk; i < SHA1_BLOCKSIZE; ++i)
220 buf[i] = 0x36;
221
222 sha1_hash ((unsigned char *) buf, SHA1_BLOCKSIZE, &ictx);
223 sha1_hash ((unsigned char *) d, ld, &ictx);
224
225 sha1_end ((unsigned char *) isha, &ictx);
226
227 /**** Outer Digest ****/
228
229 sha1_begin (&octx);
230
231 for (i = 0; i < lk; ++i)
232 buf[i] = (char) (k[i] ^ 0x5C);
233 for (i = lk; i < SHA1_BLOCKSIZE; ++i)
234 buf[i] = 0x5C;
235
236 sha1_hash ((unsigned char *) buf, SHA1_BLOCKSIZE, &octx);
237 sha1_hash ((unsigned char *) isha, SHA1_DIGESTSIZE, &octx);
238
239 sha1_end ((unsigned char *) osha, &octx);
240
241 /* truncate and print the results */
242 t = t > SHA1_DIGESTSIZE ? SHA1_DIGESTSIZE : t;
243 hmac_truncate (osha, out, t);
244
245 /* Prevent leaks */
246 burn (&ictx, sizeof(ictx));
247 burn (&octx, sizeof(octx));
248 burn (isha, sizeof(isha));
249 burn (osha, sizeof(osha));
250 burn (buf, sizeof(buf));
251 burn (key, sizeof(key));
252}
253
254
255/* Deprecated/legacy */
256void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
257{
258 char j[SHA1_DIGESTSIZE], k[SHA1_DIGESTSIZE];
259 char init[128];
260 char counter[4];
261 int c, i;
262
263 /* iteration 1 */
264 memset (counter, 0, 4);
265 counter[3] = (char) b;
266 memcpy (init, salt, salt_len); /* salt */
267 memcpy (&init[salt_len], counter, 4); /* big-endian block number */
268 hmac_sha1 (pwd, pwd_len, init, salt_len + 4, j, SHA1_DIGESTSIZE);
269 memcpy (u, j, SHA1_DIGESTSIZE);
270
271 /* remaining iterations */
272 for (c = 1; c < iterations; c++)
273 {
274 hmac_sha1 (pwd, pwd_len, j, SHA1_DIGESTSIZE, k, SHA1_DIGESTSIZE);
275 for (i = 0; i < SHA1_DIGESTSIZE; i++)
276 {
277 u[i] ^= k[i];
278 j[i] = k[i];
279 }
280 }
281
282 /* Prevent possible leaks. */
283 burn (j, sizeof(j));
284 burn (k, sizeof(k));
285}
286
287
288/* Deprecated/legacy */
289void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
290{
291 char u[SHA1_DIGESTSIZE];
292 int b, l, r;
293
294 if (dklen % SHA1_DIGESTSIZE)
295 {
296 l = 1 + dklen / SHA1_DIGESTSIZE;
297 }
298 else
299 {
300 l = dklen / SHA1_DIGESTSIZE;
301 }
302
303 r = dklen - (l - 1) * SHA1_DIGESTSIZE;
304
305 /* first l - 1 blocks */
306 for (b = 1; b < l; b++)
307 {
308 derive_u_sha1 (pwd, pwd_len, salt, salt_len, iterations, u, b);
309 memcpy (dk, u, SHA1_DIGESTSIZE);
310 dk += SHA1_DIGESTSIZE;
311 }
312
313 /* last block */
314 derive_u_sha1 (pwd, pwd_len, salt, salt_len, iterations, u, b);
315 memcpy (dk, u, r);
316
317
318 /* Prevent possible leaks. */
319 burn (u, sizeof(u));
320}
321
322#endif // TC_WINDOWS_BOOT 177#endif // TC_WINDOWS_BOOT
323 178
324void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest) 179void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
@@ -618,9 +473,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
618 case SHA512: 473 case SHA512:
619 return "HMAC-SHA-512"; 474 return "HMAC-SHA-512";
620 475
621 case SHA1: // Deprecated/legacy
622 return "HMAC-SHA-1";
623
624 case RIPEMD160: 476 case RIPEMD160:
625 return "HMAC-RIPEMD-160"; 477 return "HMAC-RIPEMD-160";
626 478
@@ -646,10 +498,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
646#ifndef TC_WINDOWS_BOOT 498#ifndef TC_WINDOWS_BOOT
647 499
648 case SHA512: 500 case SHA512:
649 return 500000; 501 return 500000;
650
651 case SHA1: // Deprecated/legacy
652 return 1000000;
653 502
654 case WHIRLPOOL: 503 case WHIRLPOOL:
655 return 500000; 504 return 500000;
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index dd4f1621..226b3e09 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -290,91 +290,6 @@ BOOL XTSAesTest (PCRYPTO_INFO ci)
290 return TRUE; 290 return TRUE;
291} 291}
292 292
293/* Blowfish Test Vectors (deprecated/legacy) */
294
295/* Blowfish test vectors from www.counterpane.com/blowfish.html */
296
297#define BF_TEST_COUNT 34
298
299typedef struct {
300 unsigned char key[8];
301 unsigned char plaintext[8];
302 unsigned char ciphertext[8];
303 } BF_TEST;
304
305#pragma warning(disable:4295)
306
307BF_TEST bf_ecb_vectors[BF_TEST_COUNT] = {
308"\x00\x00\x00\x00\x00\x00\x00\x00","\x00\x00\x00\x00\x00\x00\x00\x00","\x4E\xF9\x97\x45\x61\x98\xDD\x78",
309"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x51\x86\x6F\xD5\xB8\x5E\xCB\x8A",
310"\x30\x00\x00\x00\x00\x00\x00\x00","\x10\x00\x00\x00\x00\x00\x00\x01","\x7D\x85\x6F\x9A\x61\x30\x63\xF2",
311"\x11\x11\x11\x11\x11\x11\x11\x11","\x11\x11\x11\x11\x11\x11\x11\x11","\x24\x66\xDD\x87\x8B\x96\x3C\x9D",
312"\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x11\x11\x11\x11\x11\x11\x11\x11","\x61\xF9\xC3\x80\x22\x81\xB0\x96",
313"\x11\x11\x11\x11\x11\x11\x11\x11","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x7D\x0C\xC6\x30\xAF\xDA\x1E\xC7",
314"\x00\x00\x00\x00\x00\x00\x00\x00","\x00\x00\x00\x00\x00\x00\x00\x00","\x4E\xF9\x97\x45\x61\x98\xDD\x78",
315"\xFE\xDC\xBA\x98\x76\x54\x32\x10","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x0A\xCE\xAB\x0F\xC6\xA0\xA2\x8D",
316"\x7C\xA1\x10\x45\x4A\x1A\x6E\x57","\x01\xA1\xD6\xD0\x39\x77\x67\x42","\x59\xC6\x82\x45\xEB\x05\x28\x2B",
317"\x01\x31\xD9\x61\x9D\xC1\x37\x6E","\x5C\xD5\x4C\xA8\x3D\xEF\x57\xDA","\xB1\xB8\xCC\x0B\x25\x0F\x09\xA0",
318"\x07\xA1\x13\x3E\x4A\x0B\x26\x86","\x02\x48\xD4\x38\x06\xF6\x71\x72","\x17\x30\xE5\x77\x8B\xEA\x1D\xA4",
319"\x38\x49\x67\x4C\x26\x02\x31\x9E","\x51\x45\x4B\x58\x2D\xDF\x44\x0A","\xA2\x5E\x78\x56\xCF\x26\x51\xEB",
320"\x04\xB9\x15\xBA\x43\xFE\xB5\xB6","\x42\xFD\x44\x30\x59\x57\x7F\xA2","\x35\x38\x82\xB1\x09\xCE\x8F\x1A",
321"\x01\x13\xB9\x70\xFD\x34\xF2\xCE","\x05\x9B\x5E\x08\x51\xCF\x14\x3A","\x48\xF4\xD0\x88\x4C\x37\x99\x18",
322"\x01\x70\xF1\x75\x46\x8F\xB5\xE6","\x07\x56\xD8\xE0\x77\x47\x61\xD2","\x43\x21\x93\xB7\x89\x51\xFC\x98",
323"\x43\x29\x7F\xAD\x38\xE3\x73\xFE","\x76\x25\x14\xB8\x29\xBF\x48\x6A","\x13\xF0\x41\x54\xD6\x9D\x1A\xE5",
324"\x07\xA7\x13\x70\x45\xDA\x2A\x16","\x3B\xDD\x11\x90\x49\x37\x28\x02","\x2E\xED\xDA\x93\xFF\xD3\x9C\x79",
325"\x04\x68\x91\x04\xC2\xFD\x3B\x2F","\x26\x95\x5F\x68\x35\xAF\x60\x9A","\xD8\x87\xE0\x39\x3C\x2D\xA6\xE3",
326"\x37\xD0\x6B\xB5\x16\xCB\x75\x46","\x16\x4D\x5E\x40\x4F\x27\x52\x32","\x5F\x99\xD0\x4F\x5B\x16\x39\x69",
327"\x1F\x08\x26\x0D\x1A\xC2\x46\x5E","\x6B\x05\x6E\x18\x75\x9F\x5C\xCA","\x4A\x05\x7A\x3B\x24\xD3\x97\x7B",
328"\x58\x40\x23\x64\x1A\xBA\x61\x76","\x00\x4B\xD6\xEF\x09\x17\x60\x62","\x45\x20\x31\xC1\xE4\xFA\xDA\x8E",
329"\x02\x58\x16\x16\x46\x29\xB0\x07","\x48\x0D\x39\x00\x6E\xE7\x62\xF2","\x75\x55\xAE\x39\xF5\x9B\x87\xBD",
330"\x49\x79\x3E\xBC\x79\xB3\x25\x8F","\x43\x75\x40\xC8\x69\x8F\x3C\xFA","\x53\xC5\x5F\x9C\xB4\x9F\xC0\x19",
331"\x4F\xB0\x5E\x15\x15\xAB\x73\xA7","\x07\x2D\x43\xA0\x77\x07\x52\x92","\x7A\x8E\x7B\xFA\x93\x7E\x89\xA3",
332"\x49\xE9\x5D\x6D\x4C\xA2\x29\xBF","\x02\xFE\x55\x77\x81\x17\xF1\x2A","\xCF\x9C\x5D\x7A\x49\x86\xAD\xB5",
333"\x01\x83\x10\xDC\x40\x9B\x26\xD6","\x1D\x9D\x5C\x50\x18\xF7\x28\xC2","\xD1\xAB\xB2\x90\x65\x8B\xC7\x78",
334"\x1C\x58\x7F\x1C\x13\x92\x4F\xEF","\x30\x55\x32\x28\x6D\x6F\x29\x5A","\x55\xCB\x37\x74\xD1\x3E\xF2\x01",
335"\x01\x01\x01\x01\x01\x01\x01\x01","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xFA\x34\xEC\x48\x47\xB2\x68\xB2",
336"\x1F\x1F\x1F\x1F\x0E\x0E\x0E\x0E","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xA7\x90\x79\x51\x08\xEA\x3C\xAE",
337"\xE0\xFE\xE0\xFE\xF1\xFE\xF1\xFE","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xC3\x9E\x07\x2D\x9F\xAC\x63\x1D",
338"\x00\x00\x00\x00\x00\x00\x00\x00","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x01\x49\x33\xE0\xCD\xAF\xF6\xE4",
339"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x00\x00\x00\x00\x00\x00\x00\x00","\xF2\x1E\x9A\x77\xB7\x1C\x49\xBC",
340"\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x00\x00\x00\x00\x00\x00\x00\x00","\x24\x59\x46\x88\x57\x54\x36\x9A",
341"\xFE\xDC\xBA\x98\x76\x54\x32\x10","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x6B\x5C\x5A\x9C\x5D\x9E\x0A\x5A"
342};
343
344
345#define TRIPLEDES_TEST_COUNT 1
346
347typedef struct {
348 unsigned char key[24];
349 unsigned char plaintext[8];
350 unsigned char ciphertext[8];
351 } TRIPLEDES_TEST;
352
353TRIPLEDES_TEST tripledes_vectors[TRIPLEDES_TEST_COUNT] = {
3540x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98,
3550x76, 0x54, 0x32, 0x10, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67,
356
3570x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
358
3590xde, 0x0b, 0x7c, 0x06, 0xae, 0x5e, 0x0e, 0xd5
360};
361
362/* CAST-128 Test Vectors from RFC2144 (deprecated/legacy) */
363
364#define CAST_TEST_COUNT 1
365
366typedef struct {
367 unsigned char key[16];
368 unsigned char plaintext[8];
369 unsigned char ciphertext[8];
370 } CAST_TEST;
371
372
373CAST_TEST cast_ecb_vectors[CAST_TEST_COUNT] = {
374 "\x01\x23\x45\x67\x12\x34\x56\x78\x23\x45\x67\x89\x34\x56\x78\x9A",
375 "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
376 "\x23\x8B\x4F\xE5\x84\x7E\x44\xB2"
377 };
378 293
379// AES ECB test vectors FIPS-197 294// AES ECB test vectors FIPS-197
380 295
@@ -463,35 +378,6 @@ char *hmac_sha512_test_vectors[] =
463 "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58", 378 "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
464}; 379};
465 380
466char *hmac_sha1_test_keys[] =
467{
468 // Deprecated/legacy
469 "\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3",
470 "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
471 "Jefe",
472 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
473};
474
475char *hmac_sha1_test_data[] =
476{
477 // Deprecated/legacy
478 "Sample #3",
479 "Hi There",
480 "what do ya want for nothing?",
481 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
482 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
483 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
484};
485
486char *hmac_sha1_test_vectors[] =
487{
488 // Deprecated/legacy
489 "\xbc\xf4\x1e\xab\x8b\xb2\xd8\x02\xf3\xd0\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa",
490 "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00",
491 "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79",
492 "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3"
493};
494
495char *hmac_ripemd160_test_keys[] = 381char *hmac_ripemd160_test_keys[] =
496{ 382{
497 "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67", 383 "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",
@@ -534,29 +420,15 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
534{ 420{
535 switch (cipher) 421 switch (cipher)
536 { 422 {
537 case BLOWFISH:
538 /* Deprecated/legacy */
539 BlowfishSetKey (ks, key_len, key);
540 break;
541 423
542 case AES: 424 case AES:
543 CipherInit(cipher,key,ks); 425 CipherInit(cipher,key,ks);
544 break; 426 break;
545 427
546 case CAST:
547 /* Deprecated/legacy */
548 CipherInit(cipher,key,ks);
549 break;
550
551 case SERPENT: 428 case SERPENT:
552 CipherInit(cipher,key,ks); 429 CipherInit(cipher,key,ks);
553 break; 430 break;
554 431
555 case TRIPLEDES:
556 /* Deprecated/legacy */
557 CipherInit(cipher,key,ks);
558 break;
559
560 case TWOFISH: 432 case TWOFISH:
561 CipherInit(cipher,key,ks); 433 CipherInit(cipher,key,ks);
562 break; 434 break;
@@ -568,72 +440,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
568} 440}
569 441
570 442
571/* Deprecated/legacy */
572typedef struct {
573 unsigned __int8 key1[32];
574 unsigned __int8 key2[16];
575 unsigned __int8 index[16];
576 unsigned __int8 plaintext[16];
577 unsigned __int8 ciphertext[16];
578} LRW_TEST;
579
580#define LRW_TEST_COUNT 2
581
582/* Deprecated/legacy */
583LRW_TEST lrw_vectors[LRW_TEST_COUNT] = {
584 {
585 { 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c, 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
586 0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21, 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89 },
587 { 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1, 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
588 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
589 { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
590 { 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e, 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b }
591 },
592 {
593 { 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d, 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
594 0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d, 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7 },
595 { 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4, 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
596 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
597 { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
598 { 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f, 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 }
599 }
600};
601
602
603BOOL LRWAesTest (PCRYPTO_INFO ci)
604{
605 /* Deprecated/legacy */
606
607 unsigned __int8 p[16];
608 int i;
609
610 for (i = 0; i < LRW_TEST_COUNT; i++)
611 {
612 ci->ea = EAGetByName ("AES");
613 if (ci->ea == 0)
614 return FALSE;
615
616 ci->mode = LRW;
617
618 if (EAInit (ci->ea, lrw_vectors[i].key1, ci->ks) != ERR_SUCCESS)
619 return FALSE;
620
621 memcpy (&ci->k2, lrw_vectors[i].key2, sizeof (lrw_vectors[i].key2));
622 if (!EAInitMode (ci))
623 return FALSE;
624
625 memcpy (p, lrw_vectors[i].plaintext, sizeof (p));
626
627 EncryptBufferLRW128 (p, sizeof (p), BE64(((unsigned __int64 *)(lrw_vectors[i].index))[1]), ci);
628
629 if (memcmp (lrw_vectors[i].ciphertext, p, sizeof (p)) != 0)
630 return FALSE;
631 }
632
633 return TRUE;
634}
635
636
637BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) 443BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
638{ 444{
639 unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 4]; 445 unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 4];
@@ -653,15 +459,12 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
653 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 459 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
654 }; 460 };
655 461
656 if (!TestLegacySectorBufEncryption (ci))
657 return FALSE;
658
659 462
660 /* Encryption/decryption of data units (typically, volume data sectors) */ 463 /* Encryption/decryption of data units (typically, volume data sectors) */
661 464
662 nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE; 465 nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE;
663 466
664 ci->mode = XTS; // Other modes of operation are tested in TestLegacySectorBufEncryption() 467 ci->mode = XTS; // we only implement XTS
665 468
666 /* The buffer can accommodate 4 data units and we'll test 4 cases by "scrolling". The data unit 0xFFFFFFFFFF 469 /* The buffer can accommodate 4 data units and we'll test 4 cases by "scrolling". The data unit 0xFFFFFFFFFF
667 will "move" from the start of the buffer to its end. For a 512-byte data unit, the byte offset 562949953420800 470 will "move" from the start of the buffer to its end. For a 512-byte data unit, the byte offset 562949953420800
@@ -1029,340 +832,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
1029 return (nTestsPerformed == 80); 832 return (nTestsPerformed == 80);
1030} 833}
1031 834
1032
1033BOOL TestLegacySectorBufEncryption (PCRYPTO_INFO ci)
1034{
1035 unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 2];
1036 unsigned int i;
1037 char name[64];
1038 unsigned __int32 crc;
1039 UINT64_STRUCT unitNo;
1040 uint32 nbrUnits;
1041 int blockSize;
1042 BOOL lrw64InitDone = FALSE;
1043 BOOL lrw128InitDone = FALSE;
1044 int nTestsPerformed = 0;
1045
1046 unitNo.Value = 0x0234567890ABCDEFull;
1047 nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE;
1048
1049 for (i = 0; i < sizeof (buf); i++)
1050 buf[i] = (unsigned char) i;
1051
1052 for (i = 0; i < sizeof (ci->k2); i++)
1053 ci->k2[i] = (unsigned char) i;
1054
1055 // Test all EAs
1056 for (ci->ea = EAGetFirst (); ci->ea != 0; ci->ea = EAGetNext (ci->ea))
1057 {
1058 EAGetName (name, ci->ea);
1059 blockSize = CipherGetBlockSize (EAGetFirstCipher (ci->ea));
1060
1061 if (EAInit (ci->ea, (unsigned char *)buf, ci->ks) == ERR_CIPHER_INIT_FAILURE)
1062 return FALSE;
1063
1064 // Test all deprecated modes of operation
1065 for (ci->mode = EAGetFirstMode (ci->ea);
1066 ci->mode != 0;
1067 ci->mode = EAGetNextMode (ci->ea, ci->mode))
1068 {
1069 // Skip modes that are not deprecated
1070 if (ci->mode == XTS)
1071 continue;
1072
1073 if (ci->mode == LRW
1074 && (blockSize == 8 && !lrw64InitDone || blockSize == 16 && !lrw128InitDone ))
1075 {
1076 if (!EAInitMode (ci))
1077 return FALSE;
1078
1079 if (blockSize == 8)
1080 lrw64InitDone = TRUE;
1081 else if (blockSize == 16)
1082 lrw128InitDone = TRUE;
1083 }
1084
1085 EncryptDataUnits (buf, &unitNo, nbrUnits, ci);
1086 crc = GetCrc32 (buf, sizeof (buf));
1087
1088 switch (ci->mode)
1089 {
1090 case LRW: // Deprecated/legacy
1091 if (strcmp (name, "AES") == 0)
1092 {
1093 if (crc != 0x5237acf9)
1094 return FALSE;
1095 nTestsPerformed++;
1096 }
1097 else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
1098 {
1099 if (crc != 0xf94d5300)
1100 return FALSE;
1101 nTestsPerformed++;
1102 }
1103 else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
1104 {
1105 if (crc != 0x33971e82)
1106 return FALSE;
1107 nTestsPerformed++;
1108 }
1109 else if (strcmp (name, "Serpent") == 0)
1110 {
1111 if (crc != 0x7fb86805)
1112 return FALSE;
1113 nTestsPerformed++;
1114 }
1115 else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
1116 {
1117 if (crc != 0x2b20bb84)
1118 return FALSE;
1119 nTestsPerformed++;
1120 }
1121 else if (strcmp (name, "Twofish") == 0)
1122 {
1123 if (crc != 0xa9de0f0b)
1124 return FALSE;
1125 nTestsPerformed++;
1126 }
1127 else if (strcmp (name, "AES-Twofish") == 0)
1128 {
1129 if (crc != 0x4ed0fd80)
1130 return FALSE;
1131 nTestsPerformed++;
1132 }
1133 else if (strcmp (name, "AES-Twofish-Serpent") == 0)
1134 {
1135 if (crc != 0xea04b3cf)
1136 return FALSE;
1137 nTestsPerformed++;
1138 }
1139 else if (strcmp (name, "Serpent-AES") == 0)
1140 {
1141 if (crc != 0x0d33596a)
1142 return FALSE;
1143 nTestsPerformed++;
1144 }
1145 else if (strcmp (name, "Serpent-Twofish-AES") == 0)
1146 {
1147 if (crc != 0x2845d0e3)
1148 return FALSE;
1149 nTestsPerformed++;
1150 }
1151 else if (strcmp (name, "Twofish-Serpent") == 0)
1152 {
1153 if (crc != 0xca65c5cd)
1154 return FALSE;
1155 nTestsPerformed++;
1156 }
1157 break;
1158
1159 case CBC: // Deprecated/legacy
1160 case INNER_CBC: // Deprecated/legacy
1161 case OUTER_CBC: // Deprecated/legacy
1162 if (strcmp (name, "AES") == 0)
1163 {
1164 if (crc != 0x2274f53d)
1165 return FALSE;
1166 nTestsPerformed++;
1167 }
1168 else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
1169 {
1170 if (crc != 0x033899a1)
1171 return FALSE;
1172 nTestsPerformed++;
1173 }
1174 else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
1175 {
1176 if (crc != 0x331cecc7)
1177 return FALSE;
1178 nTestsPerformed++;
1179 }
1180 else if (strcmp (name, "Serpent") == 0)
1181 {
1182 if (crc != 0x42dff3d4)
1183 return FALSE;
1184 nTestsPerformed++;
1185 }
1186 else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
1187 {
1188 if (crc != 0xfe497d0c)
1189 return FALSE;
1190 nTestsPerformed++;
1191 }
1192 else if (strcmp (name, "AES-Blowfish") == 0) // Deprecated/legacy
1193 {
1194 if (crc != 0xa7a80c84)
1195 return FALSE;
1196 nTestsPerformed++;
1197 }
1198 else if (strcmp (name, "AES-Blowfish-Serpent") == 0) // Deprecated/legacy
1199 {
1200 if (crc != 0xa0584562)
1201 return FALSE;
1202 nTestsPerformed++;
1203 }
1204 else if (strcmp (name, "AES-Twofish") == 0)
1205 {
1206 if (crc != 0x3c226444)
1207 return FALSE;
1208 nTestsPerformed++;
1209 }
1210 else if (strcmp (name, "AES-Twofish-Serpent") == 0)
1211 {
1212 if (crc != 0x5e5e77fd)
1213 return FALSE;
1214 nTestsPerformed++;
1215 }
1216 else if (strcmp (name, "Serpent-AES") == 0)
1217 {
1218 if (crc != 0x57c612d5)
1219 return FALSE;
1220 nTestsPerformed++;
1221 }
1222 else if (strcmp (name, "Serpent-Twofish-AES") == 0)
1223 {
1224 if (crc != 0x081e045a)
1225 return FALSE;
1226 nTestsPerformed++;
1227 }
1228 else if (strcmp (name, "Twofish-Serpent") == 0)
1229 {
1230 if (crc != 0xa7b659f3)
1231 return FALSE;
1232 nTestsPerformed++;
1233 }
1234 break;
1235 }
1236
1237 if (crc == 0xb70b4c26)
1238 return FALSE;
1239
1240 DecryptDataUnits (buf, &unitNo, nbrUnits, ci);
1241
1242 if (GetCrc32 (buf, sizeof (buf)) != 0xb70b4c26)
1243 return FALSE;
1244
1245 nTestsPerformed++;
1246
1247 EncryptBuffer (buf, sizeof (buf), ci);
1248 crc = GetCrc32 (buf, sizeof (buf));
1249
1250 switch (ci->mode)
1251 {
1252 case LRW: // Deprecated/legacy
1253 if (strcmp (name, "AES") == 0)
1254 {
1255 if (crc != 0x5ae1e3d8)
1256 return FALSE;
1257 nTestsPerformed++;
1258 }
1259 else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
1260 {
1261 if (crc != 0x2738426f)
1262 return FALSE;
1263 nTestsPerformed++;
1264 }
1265 else if (strcmp (name, "AES-Twofish-Serpent") == 0)
1266 {
1267 if (crc != 0x14f2948a)
1268 return FALSE;
1269 nTestsPerformed++;
1270 }
1271 break;
1272
1273 case CBC: // Deprecated/legacy
1274 case INNER_CBC: // Deprecated/legacy
1275 case OUTER_CBC: // Deprecated/legacy
1276 if (strcmp (name, "AES") == 0)
1277 {
1278 if (crc != 0x960f740e)
1279 return FALSE;
1280 nTestsPerformed++;
1281 }
1282 else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
1283 {
1284 if (crc != 0x7e1cfabb)
1285 return FALSE;
1286 nTestsPerformed++;
1287 }
1288 else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
1289 {
1290 if (crc != 0xeaae21c8)
1291 return FALSE;
1292 nTestsPerformed++;
1293 }
1294 else if (strcmp (name, "Serpent") == 0)
1295 {
1296 if (crc != 0xa8139d62)
1297 return FALSE;
1298 nTestsPerformed++;
1299 }
1300 else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
1301 {
1302 if (crc != 0xecf5d7d0)
1303 return FALSE;
1304 nTestsPerformed++;
1305 }
1306 else if (strcmp (name, "AES-Blowfish") == 0) // Deprecated/legacy
1307 {
1308 if (crc != 0xb70171b6)
1309 return FALSE;
1310 nTestsPerformed++;
1311 }
1312 else if (strcmp (name, "AES-Blowfish-Serpent") == 0) // Deprecated/legacy
1313 {
1314 if (crc != 0x1e749a87)
1315 return FALSE;
1316 nTestsPerformed++;
1317 }
1318 else if (strcmp (name, "AES-Twofish") == 0)
1319 {
1320 if (crc != 0xb4b8bb9b)
1321 return FALSE;
1322 nTestsPerformed++;
1323 }
1324 else if (strcmp (name, "AES-Twofish-Serpent") == 0)
1325 {
1326 if (crc != 0x76b6c1cb)
1327 return FALSE;
1328 nTestsPerformed++;
1329 }
1330 else if (strcmp (name, "Serpent-AES") == 0)
1331 {
1332 if (crc != 0x634f12ed)
1333 return FALSE;
1334 nTestsPerformed++;
1335 }
1336 else if (strcmp (name, "Serpent-Twofish-AES") == 0)
1337 {
1338 if (crc != 0xe54bc1b9)
1339 return FALSE;
1340 nTestsPerformed++;
1341 }
1342 else if (strcmp (name, "Twofish-Serpent") == 0)
1343 {
1344 if (crc != 0x21cdb382)
1345 return FALSE;
1346 nTestsPerformed++;
1347 }
1348 break;
1349 }
1350
1351 if (crc == 0xb70b4c26)
1352 return FALSE;
1353
1354 DecryptBuffer (buf, sizeof (buf), ci);
1355
1356 if (GetCrc32 (buf, sizeof (buf)) != 0xb70b4c26)
1357 return FALSE;
1358
1359 nTestsPerformed++;
1360 }
1361 }
1362 return (nTestsPerformed == 86);
1363}
1364
1365
1366static BOOL DoAutoTestAlgorithms (void) 835static BOOL DoAutoTestAlgorithms (void)
1367{ 836{
1368 PCRYPTO_INFO ci; 837 PCRYPTO_INFO ci;
@@ -1377,74 +846,6 @@ static BOOL DoAutoTestAlgorithms (void)
1377 846
1378 memset (ci, 0, sizeof (*ci)); 847 memset (ci, 0, sizeof (*ci));
1379 848
1380 /* Blowfish (deprecated/legacy) */
1381
1382 for (i=0;i<BF_TEST_COUNT;i++)
1383 {
1384 memcpy(key, bf_ecb_vectors[i].key, 8);
1385 memcpy(tmp, bf_ecb_vectors[i].plaintext, 8);
1386 CipherInit2(BLOWFISH, key, ks_tmp, 8);
1387
1388 ((uint32 *)tmp)[0] = BE32 (((uint32 *)tmp)[0]);
1389 ((uint32 *)tmp)[1] = BE32 (((uint32 *)tmp)[1]);
1390
1391 BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,1);
1392 BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,0);
1393 BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,1);
1394
1395 ((uint32 *)tmp)[0] = BE32 (((uint32 *)tmp)[0]);
1396 ((uint32 *)tmp)[1] = BE32 (((uint32 *)tmp)[1]);
1397
1398 if (memcmp(bf_ecb_vectors[i].ciphertext,tmp,8)!=0)
1399 break;
1400 }
1401
1402 if (i != BF_TEST_COUNT)
1403 bFailed = TRUE;
1404
1405 /* CAST5 (deprecated/legacy) */
1406
1407 for (i=0;i<CAST_TEST_COUNT;i++)
1408 {
1409 int cipher = CAST;
1410 memcpy(key, cast_ecb_vectors[i].key, 16);
1411 memcpy(tmp, cast_ecb_vectors[i].plaintext, 8);
1412 CipherInit2(cipher, key, ks_tmp, 16);
1413
1414 EncipherBlock(cipher, tmp, ks_tmp);
1415 DecipherBlock(cipher, tmp, ks_tmp);
1416 EncipherBlock(cipher, tmp, ks_tmp);
1417
1418 if (memcmp(cast_ecb_vectors[i].ciphertext, tmp,8)!=0)
1419 break;
1420 }
1421
1422 if (i!=CAST_TEST_COUNT)
1423 bFailed = TRUE;
1424
1425
1426 /* Triple DES (TECB, EDE) - deprecated/legacy */
1427
1428 for (i = 0; i < TRIPLEDES_TEST_COUNT; i++)
1429 {
1430 int cipher = TRIPLEDES;
1431 memcpy(key, tripledes_vectors[i].key, sizeof(tripledes_vectors->key));
1432 memcpy(tmp, tripledes_vectors[i].plaintext, sizeof(tripledes_vectors->plaintext));
1433
1434 CipherInit(cipher, key, ks_tmp);
1435
1436 EncipherBlock(cipher, tmp, ks_tmp);
1437 if (memcmp(tripledes_vectors[i].ciphertext, tmp, sizeof(tripledes_vectors->ciphertext)) != 0)
1438 break;
1439
1440 DecipherBlock(cipher, tmp, ks_tmp);
1441 if (memcmp(tripledes_vectors[i].plaintext, tmp, sizeof(tripledes_vectors->plaintext)) != 0)
1442 break;
1443 }
1444 if (i != TRIPLEDES_TEST_COUNT)
1445 bFailed = TRUE;
1446
1447
1448 /* AES */ 849 /* AES */
1449 850
1450 for (i = 0; i < AES_TEST_COUNT; i++) 851 for (i = 0; i < AES_TEST_COUNT; i++)
@@ -1550,10 +951,6 @@ static BOOL DoAutoTestAlgorithms (void)
1550 if (!XTSAesTest (ci)) 951 if (!XTSAesTest (ci))
1551 bFailed = TRUE; 952 bFailed = TRUE;
1552 953
1553 /* LRW-AES (deprecated/legacy) */
1554 if (!LRWAesTest (ci))
1555 bFailed = TRUE;
1556
1557 /* Sector and buffer related algorithms */ 954 /* Sector and buffer related algorithms */
1558 if (!TestSectorBufEncryption (ci)) 955 if (!TestSectorBufEncryption (ci))
1559 bFailed = TRUE; 956 bFailed = TRUE;
@@ -1601,26 +998,6 @@ BOOL test_hmac_sha512 ()
1601 return (nTestsPerformed == 6); 998 return (nTestsPerformed == 6);
1602} 999}
1603 1000
1604BOOL test_hmac_sha1 ()
1605{
1606 // Deprecated/legacy
1607
1608 int nTestsPerformed = 0;
1609 int i;
1610
1611 for (i = 0; i < 3; i++)
1612 {
1613 char digest[SHA1_DIGESTSIZE];
1614 hmac_sha1 (hmac_sha1_test_keys[i], (int) strlen (hmac_sha1_test_keys[i]), hmac_sha1_test_data[i], (int) strlen (hmac_sha1_test_data[i]), digest, SHA1_DIGESTSIZE);
1615 if (memcmp (digest, hmac_sha1_test_vectors[i], SHA1_DIGESTSIZE) != 0)
1616 return FALSE;
1617 else
1618 nTestsPerformed++;
1619 }
1620
1621 return (nTestsPerformed == 3);
1622}
1623
1624BOOL test_hmac_ripemd160 () 1001BOOL test_hmac_ripemd160 ()
1625{ 1002{
1626 int nTestsPerformed = 0; 1003 int nTestsPerformed = 0;
@@ -1658,10 +1035,6 @@ BOOL test_pkcs5 ()
1658 if (!test_hmac_sha512()) 1035 if (!test_hmac_sha512())
1659 return FALSE; 1036 return FALSE;
1660 1037
1661 /* HMAC-SHA-1 tests (deprecated/legacy) */
1662 if (test_hmac_sha1() == FALSE)
1663 return FALSE;
1664
1665 /* HMAC-RIPEMD-160 tests */ 1038 /* HMAC-RIPEMD-160 tests */
1666 if (test_hmac_ripemd160() == FALSE) 1039 if (test_hmac_ripemd160() == FALSE)
1667 return FALSE; 1040 return FALSE;
@@ -1681,23 +1054,6 @@ BOOL test_pkcs5 ()
1681 if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0) 1054 if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
1682 return FALSE; 1055 return FALSE;
1683 1056
1684 /* PKCS-5 test 1 with HMAC-SHA-1 (deprecated/legacy) used as the PRF (derives a key longer than the underlying hash) */
1685 derive_key_sha1 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
1686 if (memcmp (dk, "\x5c\x75\xce\xf0\x1a\x96\x0d\xf7\x4c\xb6\xb4\x9b\x9e\x38\xe6\xb5\x3b\x11\x80\xe3\x2f\xf7\xe0\xdd\xaa\xca\x8f\x81\x27\xf6\x9f\x4f\x1d\xc8\x2f\x48\x2d\xdb\x1a\x0a\xca\x90\xcb\x80\xb9\x2e\x90\x9e", 48) != 0)
1687 return FALSE;
1688
1689 /* PKCS-5 test 2 with HMAC-SHA-1 (deprecated/legacy) used as the PRF */
1690 derive_key_sha1 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
1691 if (memcmp (dk, "\x5c\x75\xce\xf0", 4) != 0)
1692 return FALSE;
1693
1694#if 0 // This test is disabled because it uses 1200 iterations (to prevent startup slowdown)
1695 /* PKCS-5 test 3 with HMAC-SHA-1 (deprecated/legacy) used as the PRF */
1696 derive_key_sha1 ("password", 8, "ATHENA.MIT.EDUraeburn", 21, 1200, dk, 16);
1697 if (memcmp (dk, "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", 16) != 0)
1698 return FALSE;
1699#endif
1700
1701 /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */ 1057 /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
1702 derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); 1058 derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
1703 if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0) 1059 if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 15ee8fe6..9a0d3efc 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -240,10 +240,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR
240 240
241 // Test all available PKCS5 PRFs 241 // Test all available PKCS5 PRFs
242 for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf) 242 for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
243 { 243 {
244 BOOL lrw64InitDone = FALSE; // Deprecated/legacy
245 BOOL lrw128InitDone = FALSE; // Deprecated/legacy
246
247 if (encryptionThreadCount > 1) 244 if (encryptionThreadCount > 1)
248 { 245 {
249 // Enqueue key derivation on thread pool 246 // Enqueue key derivation on thread pool
@@ -314,12 +311,6 @@ KeyReady: ;
314 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); 311 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
315 break; 312 break;
316 313
317 case SHA1:
318 // Deprecated/legacy
319 derive_key_sha1 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
320 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
321 break;
322
323 case WHIRLPOOL: 314 case WHIRLPOOL:
324 derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, 315 derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
325 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); 316 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -338,16 +329,6 @@ KeyReady: ;
338 { 329 {
339 switch (cryptoInfo->mode) 330 switch (cryptoInfo->mode)
340 { 331 {
341 case LRW:
342 case CBC:
343 case INNER_CBC:
344 case OUTER_CBC:
345
346 // For LRW (deprecated/legacy), copy the tweak key
347 // For CBC (deprecated/legacy), copy the IV/whitening seed
348 memcpy (cryptoInfo->k2, dk, LEGACY_VOL_IV_SIZE);
349 primaryKeyOffset = LEGACY_VOL_IV_SIZE;
350 break;
351 332
352 default: 333 default:
353 primaryKeyOffset = 0; 334 primaryKeyOffset = 0;
@@ -383,21 +364,9 @@ KeyReady: ;
383 goto err; 364 goto err;
384 } 365 }
385 } 366 }
386 else if (cryptoInfo->mode == LRW 367 else
387 && (blockSize == 8 && !lrw64InitDone || blockSize == 16 && !lrw128InitDone))
388 { 368 {
389 // Deprecated/legacy 369 continue;
390
391 if (!EAInitMode (cryptoInfo))
392 {
393 status = ERR_MODE_INIT_FAILED;
394 goto err;
395 }
396
397 if (blockSize == 8)
398 lrw64InitDone = TRUE;
399 else if (blockSize == 16)
400 lrw128InitDone = TRUE;
401 } 370 }
402 371
403 // Copy the header for decryption 372 // Copy the header for decryption
@@ -519,15 +488,6 @@ KeyReady: ;
519 488
520 switch (cryptoInfo->mode) 489 switch (cryptoInfo->mode)
521 { 490 {
522 case LRW:
523 case CBC:
524 case INNER_CBC:
525 case OUTER_CBC:
526
527 // For LRW (deprecated/legacy), the tweak key
528 // For CBC (deprecated/legacy), the IV/whitening seed
529 memcpy (cryptoInfo->k2, keyInfo.master_keydata, LEGACY_VOL_IV_SIZE);
530 break;
531 491
532 default: 492 default:
533 // The secondary master key (if cascade, multiple concatenated) 493 // The secondary master key (if cascade, multiple concatenated)
@@ -721,18 +681,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
721 681
722 switch (mode) 682 switch (mode)
723 { 683 {
724 case LRW:
725 case CBC:
726 case INNER_CBC:
727 case OUTER_CBC:
728
729 // Deprecated/legacy modes of operation
730 bytesNeeded = LEGACY_VOL_IV_SIZE + EAGetKeySize (ea);
731
732 // In fact, this should never be the case since volumes being newly created are not
733 // supposed to use any deprecated mode of operation.
734 TC_THROW_FATAL_EXCEPTION;
735 break;
736 684
737 default: 685 default:
738 bytesNeeded = EAGetKeySize (ea) * 2; // Size of primary + secondary key(s) 686 bytesNeeded = EAGetKeySize (ea) * 2; // Size of primary + secondary key(s)
@@ -770,12 +718,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
770 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); 718 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
771 break; 719 break;
772 720
773 case SHA1:
774 // Deprecated/legacy
775 derive_key_sha1 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
776 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
777 break;
778
779 case RIPEMD160: 721 case RIPEMD160:
780 derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, 722 derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
781 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); 723 PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -859,16 +801,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
859 801
860 switch (mode) 802 switch (mode)
861 { 803 {
862 case LRW:
863 case CBC:
864 case INNER_CBC:
865 case OUTER_CBC:
866
867 // For LRW (deprecated/legacy), the tweak key
868 // For CBC (deprecated/legacy), the IV/whitening seed
869 memcpy (cryptoInfo->k2, dk, LEGACY_VOL_IV_SIZE);
870 primaryKeyOffset = LEGACY_VOL_IV_SIZE;
871 break;
872 804
873 default: 805 default:
874 // The secondary key (if cascade, multiple concatenated) 806 // The secondary key (if cascade, multiple concatenated)
@@ -902,15 +834,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
902 834
903 switch (cryptoInfo->mode) 835 switch (cryptoInfo->mode)
904 { 836 {
905 case LRW:
906 case CBC:
907 case INNER_CBC:
908 case OUTER_CBC:
909
910 // For LRW (deprecated/legacy), the tweak key
911 // For CBC (deprecated/legacy), the IV/whitening seed
912 memcpy (cryptoInfo->k2, keyInfo.master_keydata, LEGACY_VOL_IV_SIZE);
913 break;
914 837
915 default: 838 default:
916 // The secondary master key (if cascade, multiple concatenated) 839 // The secondary master key (if cascade, multiple concatenated)