From 36795a688fd1d5bb9f497970938d9fcb08cfc330 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 7 Mar 2022 00:45:30 +0100 Subject: Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89. --- src/Boot/Windows/Boot.vcxproj | 2 +- src/Boot/Windows/Boot.vcxproj.filters | 6 +- src/Boot/Windows/Makefile | 4 +- src/Build/Include/Makefile.inc | 24 +- src/Common/BootEncryption.cpp | 18 +- src/Common/Crypto.c | 26 +- src/Common/Crypto.h | 14 +- src/Common/Dlgcode.c | 19 +- src/Common/EncryptionThreadPool.c | 4 +- src/Common/Pkcs5.c | 294 +++++++++------- src/Common/Pkcs5.h | 6 +- src/Common/Random.c | 18 +- src/Common/Random.h | 2 +- src/Common/Tcdefs.h | 6 + src/Common/Tests.c | 186 ++++------- src/Common/Tests.h | 2 +- src/Common/Volumes.c | 34 +- src/Core/RandomNumberGenerator.cpp | 6 +- src/Core/Unix/Linux/CoreLinux.cpp | 3 +- src/Crypto/Crypto.vcxproj | 21 +- src/Crypto/Crypto.vcxproj.filters | 36 +- src/Crypto/Crypto_vs2019.vcxproj | 23 +- src/Crypto/GostCipher.c | 265 --------------- src/Crypto/GostCipher.h | 68 ---- src/Crypto/Makefile.inc | 3 - src/Crypto/Rmd160.c | 500 ---------------------------- src/Crypto/Rmd160.h | 33 -- src/Crypto/Sources | 8 +- src/Crypto/config.h | 6 + src/Crypto/cpu.h | 11 +- src/Crypto/gost89_x64.asm | 483 --------------------------- src/Driver/Driver.vcxproj | 5 +- src/Driver/Driver.vcxproj.filters | 15 +- src/Driver/veracrypt_vs2019.vcxproj | 11 +- src/Driver/veracrypt_vs2019.vcxproj.filters | 12 +- src/Format/Tcformat.c | 9 +- src/Makefile | 8 +- src/Mount/Favorites.cpp | 2 +- src/Mount/Mount.c | 4 +- src/Volume/Cipher.cpp | 44 --- src/Volume/Cipher.h | 3 - src/Volume/EncryptionAlgorithm.cpp | 12 - src/Volume/EncryptionAlgorithm.h | 1 - src/Volume/EncryptionTest.cpp | 61 +--- src/Volume/Hash.cpp | 21 +- src/Volume/Hash.h | 20 +- src/Volume/Pkcs5Kdf.cpp | 11 +- src/Volume/Pkcs5Kdf.h | 36 +- src/Volume/Volume.make | 12 +- src/Volume/VolumeLayout.cpp | 8 +- 50 files changed, 482 insertions(+), 1944 deletions(-) delete mode 100644 src/Crypto/GostCipher.c delete mode 100644 src/Crypto/GostCipher.h delete mode 100644 src/Crypto/Rmd160.c delete mode 100644 src/Crypto/Rmd160.h delete mode 100644 src/Crypto/gost89_x64.asm (limited to 'src') diff --git a/src/Boot/Windows/Boot.vcxproj b/src/Boot/Windows/Boot.vcxproj index 68d5d270..b9a04d80 100644 --- a/src/Boot/Windows/Boot.vcxproj +++ b/src/Boot/Windows/Boot.vcxproj @@ -222,6 +222,7 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH + @@ -240,7 +241,6 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH - diff --git a/src/Boot/Windows/Boot.vcxproj.filters b/src/Boot/Windows/Boot.vcxproj.filters index 1a60ac81..24d23894 100644 --- a/src/Boot/Windows/Boot.vcxproj.filters +++ b/src/Boot/Windows/Boot.vcxproj.filters @@ -74,9 +74,6 @@ Source Files\Crypto - - Source Files\Crypto - Source Files\Crypto @@ -86,6 +83,9 @@ Source Files\Crypto + + Source Files\Crypto + diff --git a/src/Boot/Windows/Makefile b/src/Boot/Windows/Makefile index 9689b7cf..d08e1f50 100644 --- a/src/Boot/Windows/Makefile +++ b/src/Boot/Windows/Makefile @@ -46,7 +46,7 @@ CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE /D TC_WINDOWS_BOOT_$(SI OBJDIR = $(OBJDIR)_$(SINGLE_PRF) CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_$(SINGLE_PRF) !else -CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_RIPEMD160 +CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_BLAKE2S !endif OUTDIR = $(OBJDIR) @@ -85,7 +85,7 @@ OBJS = $(OBJS) $(OUTDIR)\Xts.obj !if "$(SINGLE_PRF)" == "SHA2" OBJS = $(OBJS) $(OUTDIR)\Sha2Small.obj !else -OBJS = $(OBJS) $(OUTDIR)\Rmd160.obj +OBJS = $(OBJS) $(OUTDIR)\blake2s-ref.obj !endif !if !DEFINED (SINGLE_CIPHER) diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc index 4c153657..b7ed20c9 100644 --- a/src/Build/Include/Makefile.inc +++ b/src/Build/Include/Makefile.inc @@ -14,7 +14,7 @@ $(NAME): $(NAME).a clean: @echo Cleaning $(NAME) - rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) *.gch + rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d) *.gch %.o: %.c @echo Compiling $(KeyDerivation.Pkcs5Prf) { - case RIPEMD160: - derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE, + case BLAKE2S: + derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE, workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize()); break; diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index 3ac3cc2c..10d33ff0 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -16,7 +16,7 @@ #include #include #endif -#include "Rmd160.h" +#include "blake2.h" #ifndef TC_WINDOWS_BOOT #include "Sha2.h" #include "Whirlpool.h" @@ -550,100 +550,131 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 #endif // TC_WINDOWS_BOOT -#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_RIPEMD160) +#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_BLAKE2S) -typedef struct hmac_ripemd160_ctx_struct +typedef struct hmac_blake2s_ctx_struct { - RMD160_CTX context; - RMD160_CTX inner_digest_ctx; /*pre-computed inner digest context */ - RMD160_CTX outer_digest_ctx; /*pre-computed outer digest context */ - char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the RIPEMD-160 hash */ - char u[RIPEMD160_DIGESTSIZE]; -} hmac_ripemd160_ctx; - -void hmac_ripemd160_internal (char *input_digest, int len, hmac_ripemd160_ctx* hmac) + blake2s_state ctx; + blake2s_state inner_digest_ctx; /*pre-computed inner digest context */ + blake2s_state outer_digest_ctx; /*pre-computed outer digest context */ + char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */ + char u[BLAKE2S_DIGESTSIZE]; +} hmac_blake2s_ctx; + +void hmac_blake2s_internal +( + char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ + int ld, /* length of input data in bytes */ + hmac_blake2s_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */ +) { - RMD160_CTX* context = &(hmac->context); + blake2s_state* ctx = &(hmac->ctx); /**** Restore Precomputed Inner Digest Context ****/ - memcpy (context, &(hmac->inner_digest_ctx), sizeof (RMD160_CTX)); + memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (blake2s_state)); - RMD160Update(context, (const unsigned char *) input_digest, len); /* then text of datagram */ - RMD160Final((unsigned char *) input_digest, context); /* finish up 1st pass */ + blake2s_update (ctx, d, ld); + + blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */ /**** Restore Precomputed Outer Digest Context ****/ - memcpy (context, &(hmac->outer_digest_ctx), sizeof (RMD160_CTX)); + memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state)); + + blake2s_update (ctx, d, SHA256_DIGESTSIZE); - /* results of 1st hash */ - RMD160Update(context, (const unsigned char *) input_digest, RIPEMD160_DIGESTSIZE); - RMD160Final((unsigned char *) input_digest, context); /* finish up 2nd pass */ + blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */ } #ifndef TC_WINDOWS_BOOT -void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len) +void hmac_blake2s +( + char *k, /* secret key */ + int lk, /* length of the key in bytes */ + char *d, /* data */ + int ld /* length of data in bytes */ +) { - hmac_ripemd160_ctx hmac; - RMD160_CTX* ctx; - unsigned char* k_pad = (unsigned char*) hmac.k; /* inner/outer padding - key XORd with ipad */ - unsigned char tk[RIPEMD160_DIGESTSIZE]; - int i; - - /* If the key is longer than the hash algorithm block size, - let key = ripemd160(key), as per HMAC specifications. */ - if (keylen > RIPEMD160_BLOCKSIZE) + hmac_blake2s_ctx hmac; + blake2s_state* ctx; + char* buf = hmac.k; + int b; + char key[BLAKE2S_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) + NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; +#ifdef _WIN64 + XSTATE_SAVE SaveState; + if (IsCpuIntel() && HasSAVX()) + saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); +#else + KFLOATING_SAVE floatingPointState; + if (HasSSE2()) + saveStatus = KeSaveFloatingPointState (&floatingPointState); +#endif +#endif + /* If the key is longer than the hash algorithm block size, + let key = blake2s(key), as per HMAC specifications. */ + if (lk > BLAKE2S_BLOCKSIZE) { - RMD160_CTX tctx; + blake2s_state tctx; - RMD160Init(&tctx); - RMD160Update(&tctx, (const unsigned char *) key, keylen); - RMD160Final(tk, &tctx); + blake2s_init (&tctx); + blake2s_update (&tctx, k, lk); + blake2s_final (&tctx, (unsigned char *) key); - key = (char *) tk; - keylen = RIPEMD160_DIGESTSIZE; + k = key; + lk = BLAKE2S_DIGESTSIZE; - burn (&tctx, sizeof(tctx)); // Prevent leaks - } + burn (&tctx, sizeof(tctx)); // Prevent leaks + } + + /**** Precompute HMAC Inner Digest ****/ - /* perform inner RIPEMD-160 */ ctx = &(hmac.inner_digest_ctx); - /* start out by storing key in pads */ - memset(k_pad, 0x36, 64); - /* XOR key with ipad and opad values */ - for (i=0; ik; char* u = hmac->u; uint32 c; - int i; + int i; #ifdef TC_WINDOWS_BOOT /* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise) @@ -653,11 +684,11 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int c = iterations >> 16; i = ((int) iterations) & 0x01; if (i) - c = (c == 0)? 327661 : c << 11; + c = (c == 0)? 200000 : c << 11; else - c = (c == 0)? 655331 : 15000 + c * 1000; + c = (c == 0)? 500000 : 15000 + c * 1000; #else - c = iterations; + c = iterations; #endif /* iteration 1 */ @@ -665,7 +696,7 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int /* big-endian block number */ #ifdef TC_WINDOWS_BOOT - /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256*/ + /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */ memset (&k[salt_len], 0, 3); k[salt_len + 3] = (char) b; #else @@ -673,14 +704,14 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int memcpy (&k[salt_len], &b, 4); #endif - hmac_ripemd160_internal (k, salt_len + 4, hmac); - memcpy (u, k, RIPEMD160_DIGESTSIZE); + hmac_blake2s_internal (k, salt_len + 4, hmac); + memcpy (u, k, BLAKE2S_DIGESTSIZE); /* remaining iterations */ - while ( c > 1) + while (c > 1) { - hmac_ripemd160_internal (k, RIPEMD160_DIGESTSIZE, hmac); - for (i = 0; i < RIPEMD160_DIGESTSIZE; i++) + hmac_blake2s_internal (k, BLAKE2S_DIGESTSIZE, hmac); + for (i = 0; i < BLAKE2S_DIGESTSIZE; i++) { u[i] ^= k[i]; } @@ -688,86 +719,107 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int } } -void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) + +void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) { + hmac_blake2s_ctx hmac; + blake2s_state* ctx; + char* buf = hmac.k; int b, l, r; - hmac_ripemd160_ctx hmac; - RMD160_CTX* ctx; - unsigned char* k_pad = (unsigned char*) hmac.k; #ifndef TC_WINDOWS_BOOT - unsigned char tk[RIPEMD160_DIGESTSIZE]; + char key[BLAKE2S_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) + NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; +#ifdef _WIN64 + XSTATE_SAVE SaveState; + if (IsCpuIntel() && HasSAVX()) + saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); +#else + KFLOATING_SAVE floatingPointState; + if (HasSSE2()) + saveStatus = KeSaveFloatingPointState (&floatingPointState); +#endif +#endif /* If the password is longer than the hash algorithm block size, - let password = ripemd160(password), as per HMAC specifications. */ - if (pwd_len > RIPEMD160_BLOCKSIZE) + let pwd = blake2s(pwd), as per HMAC specifications. */ + if (pwd_len > BLAKE2S_BLOCKSIZE) { - RMD160_CTX tctx; + blake2s_state tctx; - RMD160Init(&tctx); - RMD160Update(&tctx, (const unsigned char *) pwd, pwd_len); - RMD160Final(tk, &tctx); + blake2s_init (&tctx); + blake2s_update (&tctx, pwd, pwd_len); + blake2s_final (&tctx, (unsigned char *) key); - pwd = (char *) tk; - pwd_len = RIPEMD160_DIGESTSIZE; + pwd = key; + pwd_len = SHA256_DIGESTSIZE; - burn (&tctx, sizeof(tctx)); // Prevent leaks - } + burn (&tctx, sizeof(tctx)); // Prevent leaks + } #endif - if (dklen % RIPEMD160_DIGESTSIZE) + if (dklen % BLAKE2S_DIGESTSIZE) { - l = 1 + dklen / RIPEMD160_DIGESTSIZE; + l = 1 + dklen / BLAKE2S_DIGESTSIZE; } else { - l = dklen / RIPEMD160_DIGESTSIZE; + l = dklen / BLAKE2S_DIGESTSIZE; } - r = dklen - (l - 1) * RIPEMD160_DIGESTSIZE; + r = dklen - (l - 1) * BLAKE2S_DIGESTSIZE; + + /**** Precompute HMAC Inner Digest ****/ - /* perform inner RIPEMD-160 */ ctx = &(hmac.inner_digest_ctx); - /* start out by storing key in pads */ - memset(k_pad, 0x36, 64); - /* XOR key with ipad and opad values */ - for (b=0; b LAST_PRF_ID)) ) return 0; diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h index 98d8bf74..4a6b6882 100644 --- a/src/Common/Pkcs5.h +++ b/src/Common/Pkcs5.h @@ -20,9 +20,9 @@ extern "C" { #endif -/* output written to input_digest which must be at lease 20 bytes long */ -void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len); -void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen); +/* output written to input_digest which must be at lease 32 bytes long */ +void hmac_blake2s (char *key, int keylen, char *input_digest, int len); +void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen); /* output written to d which must be at lease 32 bytes long */ void hmac_sha256 (char *k, int lk, char *d, int ld); diff --git a/src/Common/Random.c b/src/Common/Random.c index 1080ce7e..c44c69d7 100644 --- a/src/Common/Random.c +++ b/src/Common/Random.c @@ -263,7 +263,7 @@ BOOL Randmix () { unsigned char hashOutputBuffer [MAX_DIGESTSIZE]; WHIRLPOOL_CTX wctx; - RMD160_CTX rctx; + blake2s_state bctx; sha512_ctx sctx; sha256_ctx s256ctx; STREEBOG_CTX stctx; @@ -271,8 +271,8 @@ BOOL Randmix () switch (HashFunction) { - case RIPEMD160: - digestSize = RIPEMD160_DIGESTSIZE; + case BLAKE2S: + digestSize = BLAKE2S_DIGESTSIZE; break; case SHA512: @@ -303,10 +303,10 @@ BOOL Randmix () /* Compute the message digest of the entire pool using the selected hash function. */ switch (HashFunction) { - case RIPEMD160: - RMD160Init(&rctx); - RMD160Update(&rctx, pRandPool, RNG_POOL_SIZE); - RMD160Final(hashOutputBuffer, &rctx); + case BLAKE2S: + blake2s_init(&bctx); + blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE); + blake2s_final(&bctx, hashOutputBuffer); break; case SHA512: @@ -349,8 +349,8 @@ BOOL Randmix () burn (hashOutputBuffer, MAX_DIGESTSIZE); switch (HashFunction) { - case RIPEMD160: - burn (&rctx, sizeof(rctx)); + case BLAKE2S: + burn (&bctx, sizeof(bctx)); break; case SHA512: diff --git a/src/Common/Random.h b/src/Common/Random.h index 88dd041b..68758782 100644 --- a/src/Common/Random.h +++ b/src/Common/Random.h @@ -21,7 +21,7 @@ extern "C" { /* RNG defines & pool pointers */ #define RNG_POOL_SIZE 320 // Must be divisible by the size of the output of each of the implemented hash functions. (in bytes) -#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % RIPEMD160_DIGESTSIZE +#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % BLAKE2S_DIGESTSIZE #error RNG_POOL_SIZE must be divisible by the size of the output of each of the implemented hash functions. #endif diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 0b3025ed..8a0a1e2f 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -52,6 +52,10 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift); #endif // defined(_UEFI) +#ifdef TC_WINDOWS_BOOT +#include +#endif + #define TC_APP_NAME "VeraCrypt" // Version displayed to user @@ -92,6 +96,7 @@ typedef __int8 int8; typedef __int16 int16; typedef __int32 int32; typedef unsigned __int8 byte; +typedef unsigned __int8 uint8; typedef unsigned __int16 uint16; typedef unsigned __int32 uint32; @@ -118,6 +123,7 @@ typedef int16_t int16; typedef int32_t int32; typedef int64_t int64; typedef uint8_t byte; +typedef uint8_t uint8; typedef uint16_t uint16; typedef uint32_t uint32; typedef uint64_t uint64; diff --git a/src/Common/Tests.c b/src/Common/Tests.c index a66c7b54..0fcd93ce 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -374,27 +374,6 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = { 0xAD, 0x5C, 0x4D, 0x84 } }; -#if defined(CIPHER_GOST89) -// GOST89 ECB test vectors -#define GOST89_TEST_COUNT 1 - -typedef struct { - unsigned char key[32]; - unsigned char plaintext[16]; - unsigned char ciphertext[16]; - } GOST89_TEST; - -GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = { -{ - 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, - 0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, - 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98, - 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, - 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, - 0x02, 0x9D, 0xBD, 0x9F -} -}; -#endif // Kuznyechik ECB test vectors #define KUZNYECHIK_TEST_COUNT 4 @@ -503,22 +482,34 @@ char *hmac_sha512_test_vectors[] = "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58", }; -char *hmac_ripemd160_test_keys[] = +char *hmac_blake2s_test_keys[] = { - "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67", - "\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33", + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "Jefe", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", }; -char *hmac_ripemd160_test_data[] = +char *hmac_blake2s_test_data[] = { - "message digest", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", + "Hi There", + "what do ya want for nothing?", + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd", + "Test Using Larger Than Block-Size Key - Hash Key First", + "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.", }; -char *hmac_ripemd160_test_vectors[] = +char *hmac_blake2s_test_vectors[] = { - "\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34", - "\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9", + "\x65\xa8\xb7\xc5\xcc\x91\x36\xd4\x24\xe8\x2c\x37\xe2\x70\x7e\x74\xe9\x13\xc0\x65\x5b\x99\xc7\x5f\x40\xed\xf3\x87\x45\x3a\x32\x60", + "\x90\xb6\x28\x1e\x2f\x30\x38\xc9\x05\x6a\xf0\xb4\xa7\xe7\x63\xca\xe6\xfe\x5d\x9e\xb4\x38\x6a\x0e\xc9\x52\x37\x89\x0c\x10\x4f\xf0", + "\xfc\xc4\xf5\x95\x29\x50\x2e\x34\xc3\xd8\xda\x3f\xfd\xab\x82\x96\x6a\x2c\xb6\x37\xff\x5e\x9b\xd7\x01\x13\x5c\x2e\x94\x69\xe7\x90", + "\x46\x44\x34\xdc\xbe\xce\x09\x5d\x45\x6a\x1d\x62\xd6\xec\x56\xf8\x98\xe6\x25\xa3\x9e\x5c\x52\xbd\xf9\x4d\xaf\x11\x1b\xad\x83\xaa", + "\xd2\x3d\x79\x39\x4f\x53\xd5\x36\xa0\x96\xe6\x51\x44\x47\xee\xaa\xbb\x05\xde\xd0\x1b\xe3\x2c\x19\x37\xda\x6a\x8f\x71\x03\xbc\x4e", + "\xcb\x60\xf6\xa7\x91\xf1\x40\xbf\x8a\xa2\xe5\x1f\xf3\x58\xcd\xb2\xcc\x5c\x03\x33\x04\x5b\x7f\xb7\x7a\xba\x7a\xb3\xb0\xcf\xb2\x37", }; char *hmac_whirlpool_test_key = @@ -628,6 +619,32 @@ HashTestVector Streebog512TestVectors[] = { {NULL, NULL} }; +/* https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt */ +HashTestVector Blake2sTestVectors[] = { + {"", + "69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9" + }, + {"61", + "4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90" + }, + {"616263", + "508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982" + }, + {"6d65737361676520646967657374", + "fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c" + }, + {"6162636465666768696a6b6c6d6e6f707172737475767778797a", + "bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12" + }, + {"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839", + "c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b" + }, + {"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930", + "fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66" + }, + {NULL, NULL} +}; + unsigned char ks_tmp[MAX_EXPANDED_KEY]; void CipherInit2(int cipher, void* key, void* ks, int key_len) @@ -650,11 +667,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len) case CAMELLIA: CipherInit(cipher,key,ks); break; -#if defined(CIPHER_GOST89) - case GOST89: - CipherInit(cipher,key,ks); - break; -#endif // defined(CIPHER_GOST89) case KUZNYECHIK: CipherInit(cipher, key, ks); break; @@ -850,34 +862,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) break; } } -#if defined(CIPHER_GOST89) - else if (wcscmp (name, L"GOST89") == 0) - { - switch (testCase) - { - case 0: - if (crc != 0x12194ef5) - return FALSE; - nTestsPerformed++; - break; - case 1: - if (crc != 0xda8d429b) - return FALSE; - nTestsPerformed++; - break; - case 2: - if (crc != 0xdbf0b12e) - return FALSE; - nTestsPerformed++; - break; - case 3: - if (crc != 0xb986eb4a) - return FALSE; - nTestsPerformed++; - break; - } - } -#endif else if (wcscmp (name, L"Kuznyechik") == 0) { switch (testCase) @@ -1234,14 +1218,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) return FALSE; nTestsPerformed++; } -#if defined(CIPHER_GOST89) - else if (wcscmp (name, L"GOST89") == 0) - { - if (crc != 0x9e8653cb) - return FALSE; - nTestsPerformed++; - } -#endif else if (wcscmp (name, L"Kuznyechik") == 0) { if (crc != 0xd6d39cdb) @@ -1319,11 +1295,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; } -#if defined(CIPHER_GOST89) - return (nTestsPerformed == 160); -#else - return (nTestsPerformed == 155); -#endif + return (nTestsPerformed == 150); } static BOOL DoAutoTestAlgorithms (void) @@ -1466,28 +1438,6 @@ static BOOL DoAutoTestAlgorithms (void) if (i != KUZNYECHIK_TEST_COUNT) bFailed = TRUE; -#if defined(CIPHER_GOST89) - /* GOST89 */ - - for (i = 0; i < GOST89_TEST_COUNT; i++) - { - int cipher = GOST89; - memcpy(key, gost89_vectors[i].key, 32); - memcpy(tmp, gost89_vectors[i].plaintext, 16); - gost_set_key(key, (gost_kds*)ks_tmp, 0); - - EncipherBlock(cipher, tmp, ks_tmp); - if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0) - break; - - DecipherBlock(cipher, tmp, ks_tmp); - if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0) - break; - } - if (i != GOST89_TEST_COUNT) - bFailed = TRUE; -#endif - /* PKCS #5 and HMACs */ if (!test_pkcs5 ()) bFailed = TRUE; @@ -1599,23 +1549,29 @@ BOOL test_hmac_sha512 () return (nTestsPerformed == 6); } -BOOL test_hmac_ripemd160 () +BOOL test_hmac_blake2s () { - int nTestsPerformed = 0; unsigned int i; + int nTestsPerformed = 0; - for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++) + for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++) { char digest[1024]; /* large enough to hold digets and test vector inputs */ - memcpy (digest, hmac_ripemd160_test_data[i], strlen (hmac_ripemd160_test_data[i])); - hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, digest, (int) strlen (hmac_ripemd160_test_data[i])); - if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0) + memcpy (digest, hmac_blake2s_test_data[i], strlen (hmac_blake2s_test_data[i])); + hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) strlen (hmac_blake2s_test_data[i])); + if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0) return FALSE; else nTestsPerformed++; } - return (nTestsPerformed == 2); + return (nTestsPerformed == 6); +} + +int __cdecl Blake2sHash (unsigned char* input, unsigned long inputLen, unsigned char* output) +{ + blake2s(output, input, (size_t) inputLen); + return BLAKE2S_DIGESTSIZE; } BOOL test_hmac_whirlpool () @@ -1686,8 +1642,12 @@ BOOL test_pkcs5 () if (!test_hmac_sha512()) return FALSE; - /* HMAC-RIPEMD-160 tests */ - if (test_hmac_ripemd160() == FALSE) + /* HMAC-BLAKE2s tests */ + if (test_hmac_blake2s() == FALSE) + return FALSE; + + /* Blake2s hash tests */ + if (RunHashTest (Blake2sHash, Blake2sTestVectors, (HasSSE2())? TRUE : FALSE) == FALSE) return FALSE; /* HMAC-Whirlpool tests */ @@ -1733,14 +1693,14 @@ BOOL test_pkcs5 () if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0) return FALSE; - /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); - if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0) + /* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */ + derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0) return FALSE; - /* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); - if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0) + /* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */ + derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); + if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0) return FALSE; /* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */ diff --git a/src/Common/Tests.h b/src/Common/Tests.h index 6aff505f..356d54f4 100644 --- a/src/Common/Tests.h +++ b/src/Common/Tests.h @@ -19,7 +19,7 @@ extern unsigned char ks_tmp[MAX_EXPANDED_KEY]; void CipherInit2(int cipher, void* key, void* ks, int key_len); BOOL test_hmac_sha512 (void); -BOOL test_hmac_ripemd160 (void); +BOOL test_hmac_blake2s (void); BOOL test_hmac_whirlpool (void); BOOL test_pkcs5 (void); BOOL TestSectorBufEncryption (); diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 7bfb8ec2..902c1699 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -27,6 +27,8 @@ #ifndef DEVICE_DRIVER #include "Random.h" +#else +#include "cpu.h" #endif #endif // !defined(_UEFI) @@ -378,8 +380,8 @@ KeyReady: ; switch (pkcs5_prf) { - case RIPEMD160: - derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + case BLAKE2S: + derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; @@ -577,12 +579,22 @@ KeyReady: ; memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE); #ifdef TC_WINDOWS_DRIVER { - RMD160_CTX ctx; - RMD160Init (&ctx); - RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE); - RMD160Update (&ctx, header, sizeof(header)); - RMD160Final (cryptoInfo->master_keydata_hash, &ctx); + blake2s_state ctx; +#ifndef _WIN64 + NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; + KFLOATING_SAVE floatingPointState; + if (HasSSE2()) + saveStatus = KeSaveFloatingPointState (&floatingPointState); +#endif + blake2s_init (&ctx); + blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE); + blake2s_update (&ctx, header, sizeof(header)); + blake2s_final (&ctx, cryptoInfo->master_keydata_hash); burn(&ctx, sizeof (ctx)); +#ifndef _WIN64 + if (NT_SUCCESS (saveStatus)) + KeRestoreFloatingPointState (&floatingPointState); +#endif } #else memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE); @@ -709,7 +721,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE, iterations, dk, sizeof (dk)); #else - derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, + derive_key_blake2s (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE, iterations, dk, sizeof (dk)); #endif @@ -792,7 +804,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR #ifdef TC_WINDOWS_BOOT_SHA2 cryptoInfo->pkcs5 = SHA256; #else - cryptoInfo->pkcs5 = RIPEMD160; + cryptoInfo->pkcs5 = BLAKE2S; #endif memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk)); @@ -981,8 +993,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break; - case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, + case BLAKE2S: + derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break; diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp index 91247d87..39753ee8 100644 --- a/src/Core/RandomNumberGenerator.cpp +++ b/src/Core/RandomNumberGenerator.cpp @@ -252,7 +252,7 @@ namespace VeraCrypt void RandomNumberGenerator::Test () { shared_ptr origPoolHash = PoolHash; - PoolHash.reset (new Ripemd160()); + PoolHash.reset (new Blake2s()); Pool.Zero(); Buffer buffer (1); @@ -262,14 +262,14 @@ namespace VeraCrypt AddToPool (buffer); } - if (Crc32::ProcessBuffer (Pool) != 0x2de46d17) + if (Crc32::ProcessBuffer (Pool) != 0x9ae2fff8) throw TestFailed (SRC_POS); buffer.Allocate (PoolSize); buffer.CopyFrom (PeekPool()); AddToPool (buffer); - if (Crc32::ProcessBuffer (Pool) != 0xcb88e019) + if (Crc32::ProcessBuffer (Pool) != 0x391135a7) throw TestFailed (SRC_POS); PoolHash = origPoolHash; diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index 47ec8fb8..e1da6dff 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -303,8 +303,7 @@ namespace VeraCrypt void CoreLinux::MountVolumeNative (shared_ptr volume, MountOptions &options, const DirectoryPath &auxMountPoint) const { bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS)); - bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (GOST89)) - || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) + bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES)) diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj index c6e0aac5..97a472f7 100644 --- a/src/Crypto/Crypto.vcxproj +++ b/src/Crypto/Crypto.vcxproj @@ -197,16 +197,6 @@ $(TargetDir)\%(Filename).obj;%(Outputs) true echo %(Filename)%(Extension) & nasm.exe -Xvc -f win32 -Ox --prefix _ -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - - - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" $(TargetDir)\%(Filename).obj;%(Outputs) @@ -214,12 +204,15 @@ + + + + - Disabled Disabled @@ -227,7 +220,6 @@ - @@ -243,6 +235,9 @@ + + + @@ -250,13 +245,11 @@ - - diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters index 541a0867..5d149bdd 100644 --- a/src/Crypto/Crypto.vcxproj.filters +++ b/src/Crypto/Crypto.vcxproj.filters @@ -24,9 +24,6 @@ Source Files - - Source Files - Source Files @@ -36,9 +33,6 @@ Source Files - - Source Files - Source Files @@ -81,6 +75,18 @@ Source Files + + Source Files + + + Source Files + + + Source Files + + + Source Files + @@ -107,9 +113,6 @@ Header Files - - Header Files - Header Files @@ -119,9 +122,6 @@ Header Files - - Header Files - Header Files @@ -164,6 +164,15 @@ Header Files + + Header Files + + + Header Files + + + Header Files + @@ -175,9 +184,6 @@ Source Files - - Source Files - Source Files diff --git a/src/Crypto/Crypto_vs2019.vcxproj b/src/Crypto/Crypto_vs2019.vcxproj index 8d9ce46e..aa75b9b8 100644 --- a/src/Crypto/Crypto_vs2019.vcxproj +++ b/src/Crypto/Crypto_vs2019.vcxproj @@ -297,24 +297,6 @@ $(TargetDir)\%(Filename).obj;%(Outputs) $(TargetDir)\%(Filename).obj;%(Outputs) - - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - $(TargetDir)\%(Filename).obj;%(Outputs) - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - $(TargetDir)\%(Filename).obj;%(Outputs) - true - true - @@ -325,12 +307,12 @@ + - Disabled Disabled @@ -345,7 +327,6 @@ true true - @@ -368,13 +349,11 @@ - - diff --git a/src/Crypto/GostCipher.c b/src/Crypto/GostCipher.c deleted file mode 100644 index ddd649cd..00000000 --- a/src/Crypto/GostCipher.c +++ /dev/null @@ -1,265 +0,0 @@ -/** @file -GOST89 implementation - -Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov - -This program and the accompanying materials -are licensed and made available under the terms and conditions -of the Apache License, Version 2.0. -The full text of the license may be found at -https://opensource.org/licenses/Apache-2.0 - -Dynamic SBOX idea is from GostCrypt project. Copyright (c) 2008-2011 TrueCrypt Developers Association -**/ - - - -#include "GostCipher.h" -#include "Streebog.h" -#include "cpu.h" - -#if defined(CIPHER_GOST89) - -// Crypto Pro -byte S_CryptoPro[8][16] = { - {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, - {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, - {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, - {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, - {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, - {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, - {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, - {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} - }; - -// TC26 -byte S_TC26[8][16] = -{ - { 0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, 0x1 }, - { 0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, 0xf }, - { 0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, 0x0 }, - { 0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, 0xb }, - { 0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, 0xc }, - { 0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, 0x0 }, - { 0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, 0x7 }, - { 0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, 0x2 }, -}; - -void gost_prepare_kds(gost_kds* kds) { - uint32 i; - // Build substitution tables. - for (i = 0; i < 256; ++i) { - uint32 p; - p = kds->sbox[7][i >> 4] << 4 | kds->sbox[6][i & 15]; - p = p << 24; p = p << 11 | p >> 21; - kds->sbox_cvt[i] = p; // S87 - - p = kds->sbox[5][i >> 4] << 4 | kds->sbox[4][i & 15]; - p = p << 16; p = p << 11 | p >> 21; - kds->sbox_cvt[256 + i] = p; // S65 - - p = kds->sbox[3][i >> 4] << 4 | kds->sbox[2][i & 15]; - p = p << 8; p = p << 11 | p >> 21; - kds->sbox_cvt[256 * 2 + i] = p; // S43 - - p = kds->sbox[1][i >> 4] << 4 | kds->sbox[0][i & 15]; - p = p << 11 | p >> 21; - kds->sbox_cvt[256 * 3 + i] = p; // S21 - } -} - - -static void xor_s_box(byte s_box[8][16], byte *seed) -{ - int i; - for (i = 0; i < 16; i++) - { - s_box[0][i] ^= (seed[ (i * 4) + 0 ] ) & 0xF; - s_box[1][i] ^= (seed[ (i * 4) + 0 ]>>4) & 0xF; - s_box[2][i] ^= (seed[ (i * 4) + 1 ] ) & 0xF; - s_box[3][i] ^= (seed[ (i * 4) + 1 ]>>4) & 0xF; - s_box[4][i] ^= (seed[ (i * 4) + 2 ] ) & 0xF; - s_box[5][i] ^= (seed[ (i * 4) + 2 ]>>4) & 0xF; - s_box[6][i] ^= (seed[ (i * 4) + 3 ] ) & 0xF; - s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF; - } -} - -void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox) -{ - memcpy(ks->key, key, GOST_KEYSIZE); - memcpy(ks->sbox, S_TC26, sizeof(ks->sbox)); - - if (useDynamicSbox) - { - STREEBOG_CTX sctx; - byte sbox_seed[64]; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasSSE2() || HasSSE41()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif - //Generate pseudorandom data based on the key - STREEBOG_init(&sctx); - STREEBOG_add(&sctx, ks->key, 32); - STREEBOG_finalize(&sctx, sbox_seed); - -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif - - xor_s_box(ks->sbox, sbox_seed); - } - - gost_prepare_kds(ks); -} - -static uint32 f(uint32 v, uint32* sbox){ - byte* x =(byte*) &v; - /* Do substitutions */ - return sbox[x[3]] | sbox[256 + x[2]] | sbox[256*2 + x[1]] | sbox[256*3 + x[0]]; -} - -void gost_encrypt_block(uint64 in_, uint64* out_, gost_kds* kds) { - uint32* in = (uint32*)&in_; - uint32* out = (uint32*)out_; - uint32* key = (uint32*)kds->key; - uint32* sbox = kds->sbox_cvt; - - // As named in the GOST - uint32 n1 = in[0]; - uint32 n2 = in[1]; - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - // There is no swap after the last round - out[0] = n2; - out[1] = n1; -} - -void gost_decrypt_block(uint64 in_, uint64* out_, gost_kds* kds) { - uint32* in = (uint32*)&in_; - uint32* out = (uint32*)out_; - uint32* key = (uint32*)kds->key; - uint32* sbox = kds->sbox_cvt; - - // As named in the GOST - uint32 n1 = in[0]; - uint32 n2 = in[1]; - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - out[0] = n2; - out[1] = n1; -} - -#if defined(_M_AMD64) -void gost_encrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count); -void gost_decrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count); -#endif - -void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count) { -#if defined(_M_AMD64) - gost_encrypt_128_CBC_asm(in, out, ks, (uint64)count); -#else - while (count > 0) { - // encrypt two blocks in CBC mode - gost_encrypt_block(*((uint64*)in), (uint64*)out, ks); - *((gst_udword*)(out + 8)) = *((gst_udword*)(in + 8)) ^ *((gst_udword*)(out)); - *((gst_udword*)(out + 12)) = *((gst_udword*)(in + 12)) ^ *((gst_udword*)(out + 4)); - gost_encrypt_block(*((uint64*)(out + 8)), (uint64*)(out + 8), ks); - count--; - in += 16; - out += 16; - } -#endif -} - -void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count) { -#if defined(_M_AMD64) - gost_decrypt_128_CBC_asm(in, out, ks, (uint64)count); -#else - while (count > 0) { - // decrypt two blocks in CBC mode - gost_decrypt_block(*((uint64*)(in + 8)), (uint64*)(out + 8), ks); - *((gst_udword*)(out + 8)) ^= *((gst_udword*)(in));; - *((gst_udword*)(out + 12)) ^= *((gst_udword*)(in + 4));; - gost_decrypt_block(*((uint64*)(in)), (uint64*)(out), ks); - count--; - in += 16; - out += 16; - } -#endif -} - -#endif diff --git a/src/Crypto/GostCipher.h b/src/Crypto/GostCipher.h deleted file mode 100644 index bcb77207..00000000 --- a/src/Crypto/GostCipher.h +++ /dev/null @@ -1,68 +0,0 @@ - -/* - Copyright (c) 2008-2011 TrueCrypt Developers Association. All rights reserved. - - Governed by the TrueCrypt License 3.0 the full text of which is contained in - the file License.txt included in TrueCrypt binary and source code distribution - packages. -*/ - - - -#ifndef GOST_CIPHER_H -#define GOST_CIPHER_H - -#include "Common/Tcdefs.h" -#include "config.h" -#include "misc.h" - -#ifdef __cplusplus -extern "C" { -#endif - -//In unsigned chars -#define GOST_KEYSIZE 32 -#define GOST_BLOCKSIZE 8 -#define GOST_SBOX_SIZE 16 - -//Production setting, but can be turned off to compare the algorithm with other implementations -#define CIPHER_GOST89 -#define GOST_DYNAMIC_SBOXES - -#if defined(CIPHER_GOST89) - -#ifdef GST_WINDOWS_BOOT -typedef int gst_word; -typedef long gst_dword; -typedef unsigned int gst_uword; -typedef unsigned long gst_udword; -#else -typedef short gst_word; -typedef int gst_dword; -typedef unsigned short gst_uword; -typedef unsigned int gst_udword; -#endif - -typedef struct gost_kds -{ - CRYPTOPP_ALIGN_DATA(16) byte key[32]; - gst_udword sbox_cvt[256 * 4]; - byte sbox[8][16]; -} gost_kds; - -#define GOST_KS (sizeof(gost_kds)) - -void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count); -void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count); -void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox); - -#else -#define GOST_KS (0) -#endif - -#ifdef __cplusplus -} -#endif - - -#endif diff --git a/src/Crypto/Makefile.inc b/src/Crypto/Makefile.inc index c8d2dfdf..e05d02ca 100644 --- a/src/Crypto/Makefile.inc +++ b/src/Crypto/Makefile.inc @@ -16,9 +16,6 @@ VC_MLEXE = ml64.exe TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log -"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj": gost89_$(TC_ARCH).asm - nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).lst" gost89_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG) - "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG) diff --git a/src/Crypto/Rmd160.c b/src/Crypto/Rmd160.c deleted file mode 100644 index 0c6ec839..00000000 --- a/src/Crypto/Rmd160.c +++ /dev/null @@ -1,500 +0,0 @@ -// RIPEMD-160 written and placed in the public domain by Wei Dai - -/* - * This code implements the MD4 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - */ - -/* Adapted for TrueCrypt */ -/* Adapted for VeraCrypt */ -#if !defined(_UEFI) -#include -#endif // !defined(_UEFI) - -#include "Common/Tcdefs.h" -#include "Common/Endian.h" -#include "Rmd160.h" - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define PUT_64BIT_LE(cp, value) do { \ - (cp)[7] = (byte) ((value) >> 56); \ - (cp)[6] = (byte) ((value) >> 48); \ - (cp)[5] = (byte) ((value) >> 40); \ - (cp)[4] = (byte) ((value) >> 32); \ - (cp)[3] = (byte) ((value) >> 24); \ - (cp)[2] = (byte) ((value) >> 16); \ - (cp)[1] = (byte) ((value) >> 8); \ - (cp)[0] = (byte) (value); } while (0) - -#define PUT_32BIT_LE(cp, value) do { \ - (cp)[3] = (byte) ((value) >> 24); \ - (cp)[2] = (byte) ((value) >> 16); \ - (cp)[1] = (byte) ((value) >> 8); \ - (cp)[0] = (byte) (value); } while (0) - -#ifndef TC_MINIMIZE_CODE_SIZE - -static byte PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -#else - -static byte PADDING[64]; - -#endif - -void RMD160Init (RMD160_CTX *ctx) -{ - ctx->count = 0; - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xefcdab89; - ctx->state[2] = 0x98badcfe; - ctx->state[3] = 0x10325476; - ctx->state[4] = 0xc3d2e1f0; - PADDING[0] = 0x80; -} - -/* -* Update context to reflect the concatenation of another buffer full -* of bytes. -*/ -void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg) -{ -#ifndef TC_WINDOWS_BOOT - uint64 len = lenArg; -#else - uint32 len = lenArg; -#endif - unsigned int have, need; - - /* Check how many bytes we already have and how many more we need. */ - have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1)); - need = RIPEMD160_BLOCK_LENGTH - have; - - /* Update bitcount */ - ctx->count += len; - - if (len >= need) { - if (have != 0) { - memcpy (ctx->buffer + have, input, (size_t) need); - RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer); - input += need; - len -= need; - have = 0; - } - - /* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */ - while (len >= RIPEMD160_BLOCK_LENGTH) { - RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input); - input += RIPEMD160_BLOCK_LENGTH; - len -= RIPEMD160_BLOCK_LENGTH; - } - } - - /* Handle any remaining bytes of data. */ - if (len != 0) - memcpy (ctx->buffer + have, input, (size_t) len); -} - -/* -* Pad pad to 64-byte boundary with the bit pattern -* 1 0* (64-bit count of bits processed, MSB-first) -*/ -static void RMD160Pad(RMD160_CTX *ctx) -{ - byte count[8]; - uint32 padlen; - - /* Convert count to 8 bytes in little endian order. */ - -#ifndef TC_WINDOWS_BOOT - uint64 bitcount = ctx->count << 3; - PUT_64BIT_LE(count, bitcount); -#else - *(uint32 *) (count + 4) = 0; - *(uint32 *) (count + 0) = ctx->count << 3; -#endif - - /* Pad out to 56 mod 64. */ - padlen = RIPEMD160_BLOCK_LENGTH - - (uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1)); - if (padlen < 1 + 8) - padlen += RIPEMD160_BLOCK_LENGTH; - RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ - RMD160Update(ctx, count, 8); -} - -/* -* Final wrapup--call RMD160Pad, fill in digest and zero out ctx. -*/ -void RMD160Final(unsigned char *digest, RMD160_CTX *ctx) -{ - int i; - - RMD160Pad(ctx); - if (digest) { - for (i = 0; i < 5; i++) - PUT_32BIT_LE(digest + i * 4, ctx->state[i]); -#ifndef TC_WINDOWS_BOOT - burn (ctx, sizeof(*ctx)); -#endif - } -} - - -#ifndef TC_MINIMIZE_CODE_SIZE - -#define word32 unsigned __int32 - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -static word32 rotlFixed (word32 x, unsigned int y) -{ - return (word32)((x<>(sizeof(word32)*8-y))); -} - -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - -void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data) -{ -#if BYTE_ORDER == LITTLE_ENDIAN - const word32 *X = data; -#else - word32 X[16]; - int i; -#endif - - word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - e1 = e2 = digest[4]; - -#if BYTE_ORDER == BIG_ENDIAN - for (i = 0; i < 16; i++) - { - X[i] = LE32 (data[i]); - } -#endif - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + e2; - digest[2] = digest[3] + e1 + a2; - digest[3] = digest[4] + a1 + b2; - digest[4] = digest[0] + b1 + c2; - digest[0] = c1; -} - -#else // TC_MINIMIZE_CODE_SIZE - -/* - Derived from source code of TrueCrypt 7.1a, which is - Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed - by the TrueCrypt License 3.0. - - Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX - and are governed by the Apache License 2.0 the full text of which is - contained in the file License.txt included in VeraCrypt binary and source - code distribution packages. -*/ - -#pragma optimize ("tl", on) - -typedef unsigned __int32 uint32; -typedef unsigned __int8 byte; - -#include -#pragma intrinsic (_lrotl) - -static const byte OrderTab[] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13, - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -}; - -static const byte RolTab[] = { - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6, - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -}; - -static const uint32 KTab[] = { - 0x00000000UL, - 0x5A827999UL, - 0x6ED9EBA1UL, - 0x8F1BBCDCUL, - 0xA953FD4EUL, - 0x50A28BE6UL, - 0x5C4DD124UL, - 0x6D703EF3UL, - 0x7A6D76E9UL, - 0x00000000UL -}; - - -void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data) -{ - uint32 a, b, c, d, e; - uint32 a2, b2, c2, d2, e2; - byte pos; - uint32 tmp; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - for (pos = 0; pos < 160; ++pos) - { - tmp = a + data[OrderTab[pos]] + KTab[pos >> 4]; - - switch (pos >> 4) - { - case 0: case 9: tmp += F (b, c, d); break; - case 1: case 8: tmp += G (b, c, d); break; - case 2: case 7: tmp += H (b, c, d); break; - case 3: case 6: tmp += I (b, c, d); break; - case 4: case 5: tmp += J (b, c, d); break; - } - - tmp = _lrotl (tmp, RolTab[pos]) + e; - a = e; - e = d; - d = _lrotl (c, 10); - c = b; - b = tmp; - - if (pos == 79) - { - a2 = a; - b2 = b; - c2 = c; - d2 = d; - e2 = e; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - } - } - - tmp = state[1] + c2 + d; - state[1] = state[2] + d2 + e; - state[2] = state[3] + e2 + a; - state[3] = state[4] + a2 + b; - state[4] = state[0] + b2 + c; - state[0] = tmp; -} - -#endif // TC_MINIMIZE_CODE_SIZE diff --git a/src/Crypto/Rmd160.h b/src/Crypto/Rmd160.h deleted file mode 100644 index 81b5d6f0..00000000 --- a/src/Crypto/Rmd160.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef TC_HEADER_Crypto_Ripemd160 -#define TC_HEADER_Crypto_Ripemd160 - -#include "Common/Tcdefs.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#define RIPEMD160_BLOCK_LENGTH 64 - -typedef struct RMD160Context -{ - unsigned __int32 state[5]; -#ifndef TC_WINDOWS_BOOT - uint64 count; -#else - uint32 count; -#endif - unsigned char buffer[RIPEMD160_BLOCK_LENGTH]; -} RMD160_CTX; - -void RMD160Init (RMD160_CTX *ctx); -void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data); -void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len); -void RMD160Final (unsigned char *digest, RMD160_CTX *ctx); - -#if defined(__cplusplus) -} -#endif - -#endif // TC_HEADER_Crypto_Ripemd160 diff --git a/src/Crypto/Sources b/src/Crypto/Sources index 9a1bef14..9542d4b6 100644 --- a/src/Crypto/Sources +++ b/src/Crypto/Sources @@ -7,7 +7,6 @@ NTTARGETFILES = \ "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj" \ "$(OBJ_PATH)\$(O)\rdrand_ml.obj" \ - "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Twofish_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Camellia_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Camellia_aesni_$(TC_ARCH).obj" \ @@ -22,19 +21,21 @@ NTTARGETFILES = \ SOURCES = \ Aes_$(TC_ARCH).asm \ - gost89_$(TC_ARCH).asm \ Aes_hw_cpu.asm \ rdrand_ml.asm \ rdseed_ml.asm \ Aeskey.c \ Aestab.c \ + blake2s.c \ + blake2s_SSE2.c \ + blake2s_SSE41.c \ + blake2s_SSSE3.c \ chacha-xmm.c \ chacha256.c \ chachaRng.c \ cpu.c \ jitterentropy-base.c \ rdrand.c \ - Rmd160.c \ SerpentFast.c \ SerpentFast_simd.cpp \ Sha2.c \ @@ -43,7 +44,6 @@ SOURCES = \ t1ha2_selfcheck.c \ Twofish.c \ Twofish_$(TC_ARCH).S \ - GostCipher.c \ Streebog.c \ kuznyechik.c \ kuznyechik_simd.c \ diff --git a/src/Crypto/config.h b/src/Crypto/config.h index 8e1e41fc..7ed6aabf 100644 --- a/src/Crypto/config.h +++ b/src/Crypto/config.h @@ -128,6 +128,12 @@ #define CRYPTOPP_SSSE3_AVAILABLE 0 # endif +#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64) + #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0 +#endif + #if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__)) #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 #else diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h index 1a3efcee..157aeaef 100644 --- a/src/Crypto/cpu.h +++ b/src/Crypto/cpu.h @@ -134,6 +134,11 @@ extern __m128i _mm_slli_epi16(__m128i _A, int _Count); extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8); extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0); extern __m128i _mm_set1_epi64x (__int64 a); +extern __m128i _mm_castps_si128(__m128); +extern __m128 _mm_castsi128_ps(__m128i); +extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8); +extern __m128i _mm_srli_si128(__m128i _A, int _Imm); +extern __m128i _mm_slli_si128(__m128i _A, int _Imm); #define _mm_xor_si64 _m_pxor #define _mm_empty _m_empty #define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \ @@ -148,12 +153,12 @@ extern __m128i _mm_set1_epi64x (__int64 a); #endif #if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER) -#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT) #if defined(TC_WINDOWS_DRIVER) || defined (_UEFI) #if defined(__cplusplus) extern "C" { #endif extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b); +extern __m128i _mm_alignr_epi8 (__m128i a, __m128i b, int n); #if defined(__cplusplus) } #endif @@ -162,13 +167,14 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b); #endif #endif -#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER) +#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER) #if defined(TC_WINDOWS_DRIVER) || defined (_UEFI) #if defined(__cplusplus) extern "C" { #endif extern int _mm_extract_epi32(__m128i src, const int ndx); extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx); +extern __m128i _mm_blend_epi16 (__m128i v1, __m128i v2, const int mask); #if defined(_M_X64) extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx); #endif @@ -200,7 +206,6 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey); #include #endif #endif -#endif #if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 diff --git a/src/Crypto/gost89_x64.asm b/src/Crypto/gost89_x64.asm deleted file mode 100644 index 5f5892fe..00000000 --- a/src/Crypto/gost89_x64.asm +++ /dev/null @@ -1,483 +0,0 @@ -; -; GOST89 implementation x64 -; -; Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov -; -; This program and the accompanying materials -; are licensed and made available under the terms and conditions -; of the Apache License, Version 2.0. -; -; The full text of the license may be found at -; https://opensource.org/licenses/Apache-2.0 -; -; Some ideas from article https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/ -; - -[section .bss align=16] - -;/////////////////////////////////////////////////////////////////// -;// Win64 registers to save -;/////////////////////////////////////////////////////////////////// -%macro SaveRegs 0 - sub rsp,8*8+10*16 - mov [rsp], rbx - mov [rsp+8], rbp - mov [rsp+8*2], rdi - mov [rsp+8*3], rsi - mov [rsp+8*4], r12 - mov [rsp+8*5], r13 - mov [rsp+8*6], r14 - mov [rsp+8*7], r15 -%endmacro - -%macro RestoreRegs 0 - mov rbx, [rsp] - mov rbp, [rsp+8] - mov rdi, [rsp+8*2] - mov rsi, [rsp+8*3] - mov r12, [rsp+8*4] - mov r13, [rsp+8*5] - mov r14, [rsp+8*6] - mov r15, [rsp+8*7] - add rsp,8*8+10*16 -%endmacro - -[section .text align=16] -;/////////////////////////////////////////////////////////////////// -;// Crypting 2 blocks -;/////////////////////////////////////////////////////////////////// -%macro gost_round2 2 ; 1 - pos1, 2 - pos2 - ; 1st - ; 1-2 byte - add ecx, r13d ; add key - movzx edi, cl - movzx esi, ch - xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr ecx, 16 - ; 3-4 байт - movzx edi, cl - xor r14d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, ch - xor r14d, dword [r8 + 32 + rsi*4] - mov edx, [r8 + %1*4] ; read key for second step - - ; 2nd - ; 1-2 byte - add eax, r10d ; read key - movzx r15d, al - movzx ebp, ah - xor r11d, dword [r8 + 32 + 256*3*4 + r15*4] - xor r11d, dword [r8 + 32 + 256*2*4 + rbp*4] - shr eax, 16 - ; 3-4 байт - movzx r15d, al - xor r11d, dword [r8 + 32 + 256*4 + r15*4] - movzx ebp, ah - xor r11d, dword [r8 + 32 + rbp*4] - mov ebx, [r8 + %1*4] ; read key for second step - - ; second step - ; 1st - ; 1-2 byte - add edx, r14d ; add key - movzx edi, dl - movzx esi, dh - xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr edx, 16 - ; 3-4 байт - movzx edi, dl - xor r13d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, dh - xor r13d, dword [r8 + 32 + rsi*4] - mov ecx, [r8 + %2*4] ; read key - - ; 2nd - ; 1-2 byte - add ebx, r11d; ; add key - movzx r15d, bl; - movzx ebp, bh; - xor r10d, dword [r8 + 32 + 256*3*4 + r15*4] - xor r10d, dword [r8 + 32 + 256*2*4 + rbp*4] - shr ebx, 16 - ; 3-4 байт - movzx r15d, bl - xor r10d, dword [r8 + 32 + 256*4 + r15*4] - movzx ebp, bh - xor r10d, dword [r8 + 32 + rbp*4] - mov eax, [r8 + %2*4] ; read key -%endmacro - -; input: r8 - &key, rcx - &IN -; returns: (r13) & (r10) -GostEncrypt2x64: - ; 1st - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - - ; 2nd - mov r10d, [rcx + 16] - mov r11, [rcx + 16] - shr r11, 32 - - mov ecx, [r8] - mov eax, ecx - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 0 - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 0 - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 0 - - shl r13, 32 ; combine - or r13, r14 - - shl r10, 32 ; combine - or r10, r11 - ret - -; input: r8 - &key, rcx - &IN -; returns: (r13) & (r10) -GostDecrypt2x64: - ; 1st - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - - ; 2nd - mov r10d, [rcx + 16] - mov r11, [rcx + 16] - shr r11, 32 - - mov ecx, [r8] - mov eax, ecx - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 0 - - shl r13, 32 ; combine - or r13, r14 - - shl r10, 32 ; combine - or r10, r11 -ret - -;/////////////////////////////////////////////////////////////////// -;// Crypting 1 block -;/////////////////////////////////////////////////////////////////// -%macro gost_round1 2 ; 1 - pos1, 2 - pos2 - ; 1-2 byte - add ecx, r13d ; add key - movzx edi, cl - movzx esi, ch - xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr ecx, 16 - ; 3-4 байт - movzx edi, cl - xor r14d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, ch - xor r14d, dword [r8 + 32 + rsi*4] - mov edx, [r8 + %1*4] ; read key for second step - - ; second step - ; 1-2 byte - add edx, r14d ; add key - movzx edi, dl - movzx esi, dh - xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr edx, 16 - ; 3-4 байт - movzx edi, dl - xor r13d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, dh - xor r13d, dword [r8 + 32 + rsi*4] - mov ecx, [r8 + %2*4] ; read key -%endmacro - -; input: r8 - &gost_kds rcx - &IN -; returns: r13 -GostEncrypt1x64: - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - mov ecx, [r8] - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 0 - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 0 - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 0 - - shl r13, 32 ; combine - or r13, r14 -ret - -; input: r8 - &gost_kds rcx - IN -; returns: r13 -GostDecrypt1x64: - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - mov ecx, [r8] - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 0 - - shl r13, 32 ; combine - or r13, r14 -ret - -global gost_encrypt_128_CBC_asm ; gost_encrypt_128_CBC_asm(uint64* in, uint64* out, gost_kds* kds, uint64 count); -; rcx - &in -; rdx - &out -; r8 - &gost_kds -; r9 - count -gost_encrypt_128_CBC_asm: - SaveRegs ; Saving - - sub rsp, 32 - mov [rsp], rdx ; Save out addr - mov [rsp + 8], rcx ; Save in addr - mov [rsp + 16], r8 ; key addr - -.do: - mov [rsp + 24], r9 ; Save count - cmp r9, 2 - jge .blk2 - cmp r9, 1 - jge .blk1 - jmp .end - -; One 128 block encryption -.blk1: - mov rcx, [rsp + 8] ; set in addr - call GostEncrypt1x64 - - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; restore in - - mov [rdx], r13 - mov rax, [rcx + 8] - xor rax, r13 ; CBC - - add rdx, 8 ;next 8 bytes - mov [rdx], rax - - mov rcx, rdx - call GostEncrypt1x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx + 8], r13 - - add rdx,16 - mov [rsp], rdx - - add rcx, 16 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - dec r9 - - jmp .do - -.blk2: - mov rcx, [rsp + 8] ; set in addr - call GostEncrypt2x64 - - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; restore in - - mov [rdx], r13 - - mov rax, [rcx + 8] - xor rax, r13 ; CBC - - mov [rdx + 16], r10 - - mov rbx, [rcx + 24] - xor rbx, r10 ; CBC - - mov [rdx + 8], rax - mov [rdx + 24], rbx - - add rdx, 8 ;next 8 bytes - - mov rcx, rdx - call GostEncrypt2x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx + 8], r13 - mov [rdx + 24], r10 - - add rdx,32 - mov [rsp], rdx - - add rcx, 32 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - sub r9, 2 - - jmp .do - -.end: - add rsp, 32 ; Load out addr - RestoreRegs ; Load -ret - -global gost_decrypt_128_CBC_asm ; gost_decrypt_128_CBC_asm(uint64* in, uint64* out, const gost_kds* kds, uint64 count); -; rcx - &in -; rdx - &out -; r8 - &gost_kds -; r9 - count -gost_decrypt_128_CBC_asm: - SaveRegs ; Saving - - sub rsp, 32 - mov [rsp], rdx ; Save out addr - mov [rsp+8], rcx ; Save in addr - mov [rsp+16], r8 ; key addr - -.do: - mov [rsp + 24], r9 ; Save count - cmp r9, 2 - jge .blk2 - cmp r9, 1 - jge .blk1 - jmp .end - -; One 128 block decryption -.blk1: - add rcx, 8 - call GostDecrypt1x64 - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; Restore in - mov rax, [rcx] - xor rax, r13 ; CBC - mov [rdx + 8], rax - - call GostDecrypt1x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx], r13 - - add rdx,16 - mov [rsp], rdx - - add rcx, 16 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - dec r9 - - jmp .do - -.blk2: - add rcx, 8 - call GostDecrypt2x64 - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; Restore in - - mov rax, [rcx] - xor rax, r13 ; CBC - mov [rdx + 8], rax - - mov rbx, [rcx+16] - xor rbx, r10 ; CBC - mov [rdx + 24], rbx - - call GostDecrypt2x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx], r13 - mov [rdx+16], r10 - - add rdx,32 - mov [rsp], rdx - - add rcx,32 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - sub r9, 2 - - jmp .do - -.end: - add rsp, 32 ; Load out addr - RestoreRegs ; Load -ret diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj index 58a21d3d..7c92f05b 100644 --- a/src/Driver/Driver.vcxproj +++ b/src/Driver/Driver.vcxproj @@ -192,6 +192,10 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry + + + + @@ -223,7 +227,6 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry - diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters index f260fb56..41d7a8c4 100644 --- a/src/Driver/Driver.vcxproj.filters +++ b/src/Driver/Driver.vcxproj.filters @@ -87,9 +87,6 @@ Source Files\Crypto - - Source Files\Crypto - Source Files\Crypto @@ -135,6 +132,18 @@ Source Files\Crypto + + Source Files\Crypto + + + Source Files\Crypto + + + Source Files\Crypto + + + Source Files\Crypto + diff --git a/src/Driver/veracrypt_vs2019.vcxproj b/src/Driver/veracrypt_vs2019.vcxproj index 4c09db94..f06f8974 100644 --- a/src/Driver/veracrypt_vs2019.vcxproj +++ b/src/Driver/veracrypt_vs2019.vcxproj @@ -33,12 +33,12 @@ + - @@ -53,7 +53,6 @@ true true - true @@ -309,14 +308,6 @@ true - - - true - true - true - true - - Document diff --git a/src/Driver/veracrypt_vs2019.vcxproj.filters b/src/Driver/veracrypt_vs2019.vcxproj.filters index 468c686f..2940815c 100644 --- a/src/Driver/veracrypt_vs2019.vcxproj.filters +++ b/src/Driver/veracrypt_vs2019.vcxproj.filters @@ -67,9 +67,6 @@ Crypto\Source Files - - Crypto\Source Files - Crypto\Source Files @@ -82,9 +79,6 @@ Crypto\Source Files - - Crypto\Source Files - Crypto\Source Files @@ -151,6 +145,9 @@ Source Files + + Crypto\Source Files + @@ -269,9 +266,6 @@ Crypto\Source Files - - Crypto\Source Files - Crypto\Source Files diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 9143e8c5..477306ea 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -4183,8 +4183,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) { - // For now, we keep RIPEMD160 for system encryption - if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid))) + if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid))) AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid); } } @@ -5605,8 +5604,6 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa Applink ("serpent"); else if (wcscmp (name, L"Twofish") == 0) Applink ("twofish"); - else if (wcscmp (name, L"GOST89") == 0) - Applink ("gost89"); else if (wcscmp (name, L"Kuznyechik") == 0) Applink ("kuznyechik"); else if (wcscmp (name, L"Camellia") == 0) @@ -9250,8 +9247,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) CmdVolumePkcs5 = SHA512; else if (_wcsicmp(szTmp, L"sha256") == 0) CmdVolumePkcs5 = SHA256; - else if (_wcsicmp(szTmp, L"ripemd160") == 0) - CmdVolumePkcs5 = RIPEMD160; + else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0)) + CmdVolumePkcs5 = BLAKE2S; else { /* match using internal hash names */ diff --git a/src/Makefile b/src/Makefile index 05ea3f61..c1ea2bae 100644 --- a/src/Makefile +++ b/src/Makefile @@ -145,6 +145,9 @@ export CPU_ARCH ?= unknown export SIMD_SUPPORTED := 0 export DISABLE_AESNI ?= 0 +export GCC_GTEQ_440 := 0 +export GCC_GTEQ_430 := 0 + ARCH ?= $(shell uname -m) ifneq (,$(filter i386 i486 i586 i686 x86,$(ARCH))) @@ -201,12 +204,13 @@ ifeq "$(shell uname -s)" "Linux" CFLAGS += -msse2 CXXFLAGS += -msse2 + GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400) + GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300) + ifeq "$(DISABLE_AESNI)" "1" CFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI CXXFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI else - GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400) - GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300) ifeq "$(GCC_GTEQ_440)" "1" CFLAGS += -maes CXXFLAGS += -maes diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp index e93b9203..0428b8fd 100644 --- a/src/Mount/Favorites.cpp +++ b/src/Mount/Favorites.cpp @@ -963,7 +963,7 @@ namespace VeraCrypt for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) { - if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1) || (i == RIPEMD160)) + if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1)) { nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 5b964d4e..a0370861 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -9598,8 +9598,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine) CmdVolumePkcs5 = SHA512; else if (_wcsicmp(szTmp, L"sha256") == 0) CmdVolumePkcs5 = SHA256; - else if (_wcsicmp(szTmp, L"ripemd160") == 0) - CmdVolumePkcs5 = RIPEMD160; + else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0)) + CmdVolumePkcs5 = BLAKE2S; else { /* match using internal hash names */ diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 02ee6989..8c6ce390 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -16,7 +16,6 @@ #include "Crypto/SerpentFast.h" #include "Crypto/Twofish.h" #include "Crypto/Camellia.h" -#include "Crypto/GostCipher.h" #include "Crypto/kuznyechik.h" #ifdef TC_AES_HW_CPU @@ -98,7 +97,6 @@ namespace VeraCrypt l.push_back (shared_ptr (new CipherSerpent ())); l.push_back (shared_ptr (new CipherTwofish ())); l.push_back (shared_ptr (new CipherCamellia ())); - l.push_back (shared_ptr (new CipherGost89 ())); l.push_back (shared_ptr (new CipherKuznyechik ())); return l; @@ -399,48 +397,6 @@ namespace VeraCrypt #endif } - // GOST89 - void CipherGost89::Decrypt (byte *data) const - { - gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - void CipherGost89::Encrypt (byte *data) const - { - gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - size_t CipherGost89::GetScheduledKeySize () const - { - return GOST_KS; - } - - void CipherGost89::SetCipherKey (const byte *key) - { - gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - // GOST89 with static SBOX - void CipherGost89StaticSBOX::Decrypt (byte *data) const - { - gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - void CipherGost89StaticSBOX::Encrypt (byte *data) const - { - gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1); - } - - size_t CipherGost89StaticSBOX::GetScheduledKeySize () const - { - return GOST_KS; - } - - void CipherGost89StaticSBOX::SetCipherKey (const byte *key) - { - gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0); - } - // Kuznyechik void CipherKuznyechik::Decrypt (byte *data) const { diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 061dcc38..31a519a5 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -108,9 +108,6 @@ namespace VeraCrypt #undef TC_CIPHER_ADD_METHODS #define TC_CIPHER_ADD_METHODS - TC_CIPHER (Gost89, 16, 32); - TC_CIPHER (Gost89StaticSBOX, 16, 32); - #undef TC_CIPHER diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index b94f69fa..85d9be1c 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -65,7 +65,6 @@ namespace VeraCrypt l.push_back (shared_ptr (new Serpent ())); l.push_back (shared_ptr (new Twofish ())); l.push_back (shared_ptr (new Camellia ())); - l.push_back (shared_ptr (new GOST89 ())); l.push_back (shared_ptr (new Kuznyechik ())); l.push_back (shared_ptr (new AESTwofish ())); l.push_back (shared_ptr (new AESTwofishSerpent ())); @@ -301,17 +300,6 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); } - - // GOST89 - GOST89::GOST89 () - { - Deprecated = true; - - Ciphers.push_back (shared_ptr (new CipherGost89())); - - SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); - } - // Kuznyechik Kuznyechik::Kuznyechik () { diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index a701e700..56642146 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -86,7 +86,6 @@ namespace VeraCrypt TC_ENCRYPTION_ALGORITHM (TwofishSerpent); TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES); TC_ENCRYPTION_ALGORITHM (Camellia); - TC_ENCRYPTION_ALGORITHM (GOST89); TC_ENCRYPTION_ALGORITHM (Kuznyechik); TC_ENCRYPTION_ALGORITHM (KuznyechikTwofish); TC_ENCRYPTION_ALGORITHM (KuznyechikAES); diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index 22aea220..5c251bd5 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -123,23 +123,7 @@ namespace VeraCrypt } } }; - - static const CipherTestVector GOST89TestVectors[] = - { - { - { - 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, - 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF - }, - { - 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88 - }, - { - 0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F - } - } - }; - + static const CipherTestVector KuznyechikTestVectors[] = { { @@ -215,9 +199,6 @@ namespace VeraCrypt CipherCamellia camellia; TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors)); - CipherGost89StaticSBOX gost89; - TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors)); - CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); } @@ -653,32 +634,6 @@ namespace VeraCrypt break; } } - else if (typeid (ea) == typeid (GOST89)) - { - switch (testCase) - { - case 0: - if (crc != 0x12194ef5) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 1: - if (crc != 0xda8d429b) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 2: - if (crc != 0xdbf0b12e) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - case 3: - if (crc != 0xb986eb4a) - throw TestFailed (SRC_POS); - nTestsPerformed++; - break; - } - } else if (typeid (ea) == typeid (Kuznyechik)) { switch (testCase) @@ -1037,12 +992,6 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } - else if (typeid (ea) == typeid (GOST89)) - { - if (crc != 0x9e8653cb) - throw TestFailed (SRC_POS); - nTestsPerformed++; - } else if (typeid (ea) == typeid (Kuznyechik)) { if (crc != 0xd6d39cdb) @@ -1121,7 +1070,7 @@ namespace VeraCrypt nTestsPerformed++; } - if (nTestsPerformed != 160) + if (nTestsPerformed != 150) throw TestFailed (SRC_POS); } @@ -1132,9 +1081,9 @@ namespace VeraCrypt ConstBufferPtr salt (saltData, sizeof (saltData)); Buffer derivedKey (4); - Pkcs5HmacRipemd160 pkcs5HmacRipemd160(false); - pkcs5HmacRipemd160.DeriveKey (derivedKey, password, salt, 5); - if (memcmp (derivedKey.Ptr(), "\x7a\x3d\x7c\x03", 4) != 0) + Pkcs5HmacBlake2s pkcs5HmacBlake2s; + pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5); + if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0) throw TestFailed (SRC_POS); Pkcs5HmacSha512 pkcs5HmacSha512(false); diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index 3925dde6..aad900c1 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -12,7 +12,7 @@ #include "Hash.h" -#include "Crypto/Rmd160.h" +#include "Crypto/blake2.h" #include "Crypto/Sha2.h" #include "Crypto/Whirlpool.h" #include "Crypto/Streebog.h" @@ -25,9 +25,9 @@ namespace VeraCrypt l.push_back (shared_ptr (new Sha512 ())); l.push_back (shared_ptr (new Whirlpool ())); + l.push_back (shared_ptr (new Blake2s ())); l.push_back (shared_ptr (new Sha256 ())); l.push_back (shared_ptr (new Streebog ())); - l.push_back (shared_ptr (new Ripemd160 ())); return l; } @@ -45,28 +45,27 @@ namespace VeraCrypt } // RIPEMD-160 - Ripemd160::Ripemd160 () + Blake2s::Blake2s () { - Deprecated = true; // Mark RIPEMD-160 as deprecated like on Windows. - Context.Allocate (sizeof (RMD160_CTX), 32); + Context.Allocate (sizeof (blake2s_state), 32); Init(); } - void Ripemd160::GetDigest (const BufferPtr &buffer) + void Blake2s::GetDigest (const BufferPtr &buffer) { if_debug (ValidateDigestParameters (buffer)); - RMD160Final (buffer, (RMD160_CTX *) Context.Ptr()); + blake2s_final ((blake2s_state *) Context.Ptr(), buffer); } - void Ripemd160::Init () + void Blake2s::Init () { - RMD160Init ((RMD160_CTX *) Context.Ptr()); + blake2s_init ((blake2s_state *) Context.Ptr()); } - void Ripemd160::ProcessData (const ConstBufferPtr &data) + void Blake2s::ProcessData (const ConstBufferPtr &data) { if_debug (ValidateDataParameters (data)); - RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); + blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size()); } // SHA-256 diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index c76a6896..0e464b37 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -48,27 +48,27 @@ namespace VeraCrypt Hash &operator= (const Hash &); }; - // RIPEMD-160 - class Ripemd160 : public Hash + // Blake2s + class Blake2s : public Hash { public: - Ripemd160 (); - virtual ~Ripemd160 () { } + Blake2s (); + virtual ~Blake2s () { } virtual void GetDigest (const BufferPtr &buffer); virtual size_t GetBlockSize () const { return 64; } - virtual size_t GetDigestSize () const { return 160 / 8; } - virtual wstring GetName () const { return L"RIPEMD-160"; } - virtual wstring GetAltName () const { return L"RIPEMD160"; } - virtual shared_ptr GetNew () const { return shared_ptr (new Ripemd160); } + virtual size_t GetDigestSize () const { return 32; } + virtual wstring GetName () const { return L"BLAKE2s-256"; } + virtual wstring GetAltName () const { return L"BLAKE2s"; } + virtual shared_ptr GetNew () const { return shared_ptr (new Blake2s); } virtual void Init (); virtual void ProcessData (const ConstBufferPtr &data); protected: private: - Ripemd160 (const Ripemd160 &); - Ripemd160 &operator= (const Ripemd160 &); + Blake2s (const Blake2s &); + Blake2s &operator= (const Blake2s &); }; // SHA-256 diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index ba5f46dd..fee057a8 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -58,14 +58,13 @@ namespace VeraCrypt { l.push_back (shared_ptr (new Pkcs5HmacSha512 (true))); l.push_back (shared_ptr (new Pkcs5HmacWhirlpool (true))); - l.push_back (shared_ptr (new Pkcs5HmacRipemd160 (true))); } else { l.push_back (shared_ptr (new Pkcs5HmacSha512 (false))); l.push_back (shared_ptr (new Pkcs5HmacSha256 ())); + l.push_back (shared_ptr (new Pkcs5HmacBlake2s ())); l.push_back (shared_ptr (new Pkcs5HmacWhirlpool (false))); - l.push_back (shared_ptr (new Pkcs5HmacRipemd160 (false))); l.push_back (shared_ptr (new Pkcs5HmacStreebog ())); } @@ -78,16 +77,16 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } - void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } - void Pkcs5HmacRipemd160_1000::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const + void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const { ValidateParameters (key, password, salt, iterationCount); - derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 76cc56a0..25ad76e8 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -51,38 +51,38 @@ namespace VeraCrypt Pkcs5Kdf &operator= (const Pkcs5Kdf &); }; - class Pkcs5HmacRipemd160 : public Pkcs5Kdf + class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf { public: - Pkcs5HmacRipemd160 (bool truecryptMode) : Pkcs5Kdf (truecryptMode) { } - virtual ~Pkcs5HmacRipemd160 () { } + Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf(false) { } + virtual ~Pkcs5HmacBlake2s_Boot () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; - virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; } - virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); } + virtual shared_ptr GetHash () const { return shared_ptr (new Blake2s); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); } + virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s_Boot(); } private: - Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &); - Pkcs5HmacRipemd160 &operator= (const Pkcs5HmacRipemd160 &); + Pkcs5HmacBlake2s_Boot (const Pkcs5HmacBlake2s_Boot &); + Pkcs5HmacBlake2s_Boot &operator= (const Pkcs5HmacBlake2s_Boot &); }; - class Pkcs5HmacRipemd160_1000 : public Pkcs5Kdf + class Pkcs5HmacBlake2s : public Pkcs5Kdf { public: - Pkcs5HmacRipemd160_1000 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { } - virtual ~Pkcs5HmacRipemd160_1000 () { } + Pkcs5HmacBlake2s () : Pkcs5Kdf(false) { } + virtual ~Pkcs5HmacBlake2s () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; - virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); } - virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } - virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); } + virtual shared_ptr GetHash () const { return shared_ptr (new Blake2s); } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } + virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s(); } private: - Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &); - Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &); + Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &); + Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &); }; class Pkcs5HmacSha256_Boot : public Pkcs5Kdf diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index a7f9ef0a..91f40fb7 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -71,17 +71,25 @@ else OBJS += ../Crypto/Aescrypt.o endif +ifeq "$(GCC_GTEQ_430)" "1" +OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41 +OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3 +else +OBJS += ../Crypto/blake2s_SSE41.o +OBJS += ../Crypto/blake2s_SSSE3.o +endif + OBJS += ../Crypto/Aeskey.o OBJS += ../Crypto/Aestab.o OBJS += ../Crypto/cpu.o -OBJS += ../Crypto/Rmd160.o +OBJS += ../Crypto/blake2s.o +OBJS += ../Crypto/blake2s_SSE2.o OBJS += ../Crypto/SerpentFast.o OBJS += ../Crypto/SerpentFast_simd.o OBJS += ../Crypto/Sha2.o OBJS += ../Crypto/Twofish.o OBJS += ../Crypto/Whirlpool.o OBJS += ../Crypto/Camellia.o -OBJS += ../Crypto/GostCipher.o OBJS += ../Crypto/Streebog.o OBJS += ../Crypto/kuznyechik.o OBJS += ../Crypto/kuznyechik_simd.o diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index 0eaed427..3045ba83 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -100,7 +100,6 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); @@ -146,7 +145,6 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); @@ -199,7 +197,6 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Serpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); - SupportedEncryptionAlgorithms.push_back (shared_ptr (new GOST89 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); @@ -228,11 +225,10 @@ namespace VeraCrypt Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions (bool truecryptMode) const { Pkcs5KdfList l; - if (!truecryptMode) - l.push_back (shared_ptr (new Pkcs5HmacSha256_Boot ())); - l.push_back (shared_ptr (new Pkcs5HmacRipemd160_1000 (truecryptMode))); if (!truecryptMode) { + l.push_back (shared_ptr (new Pkcs5HmacSha256_Boot ())); + l.push_back (shared_ptr (new Pkcs5HmacBlake2s_Boot ())); l.push_back (shared_ptr (new Pkcs5HmacSha512 (false))); l.push_back (shared_ptr (new Pkcs5HmacWhirlpool (false))); l.push_back (shared_ptr (new Pkcs5HmacStreebog ())); -- cgit v1.2.3