/* Legal Notice: Some portions of the source code contained in this file were derived from the source code of TrueCrypt 7.1a, which is Copyright (c) 2003-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License Agreement for Encryption for the Masses' Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2017 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ /* Update the following when adding a new cipher or EA: Crypto.h: ID #define MAX_EXPANDED_KEY #define Crypto.c: Ciphers[] EncryptionAlgorithms[] CipherInit() EncipherBlock() DecipherBlock() */ #ifndef CRYPTO_H #define CRYPTO_H #include "Tcdefs.h" #ifdef __cplusplus extern "C" { #endif // Encryption data unit size, which may differ from the sector size and must always be 512 #define ENCRYPTION_DATA_UNIT_SIZE 512 // Size of the salt (in bytes) #define PKCS5_SALT_SIZE 64 // Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode) #define MASTER_KEYDATA_SIZE 256 // The first PRF to try when mounting #define FIRST_PRF_ID 1 // Hash algorithms (pseudorandom functions). enum { SHA512 = FIRST_PRF_ID, WHIRLPOOL, SHA256, RIPEMD160, STREEBOG, HASH_ENUM_END_ID }; // The last PRF to try when mounting and also the number of implemented PRFs #define LAST_PRF_ID (HASH_ENUM_END_ID - 1) #define RIPEMD160_BLOCKSIZE 64 #define RIPEMD160_DIGESTSIZE 20 #define SHA256_BLOCKSIZE 64 #define SHA256_DIGESTSIZE 32 #define SHA512_BLOCKSIZE 128 #define SHA512_DIGESTSIZE 64 #define WHIRLPOOL_BLOCKSIZE 64 #define WHIRLPOOL_DIGESTSIZE 64 #define STREEBOG_BLOCKSIZE 64 #define STREEBOG_DIGESTSIZE 64 #define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE #define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID #define DEFAULT_HASH_ALGORITHM_BOOT SHA256 // The mode of operation used for newly created volumes and first to try when mounting #define FIRST_MODE_OF_OPERATION_ID 1 // Modes of operation enum { /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */ XTS = FIRST_MODE_OF_OPERATION_ID, MODE_ENUM_END_ID }; // The last mode of operation to try when mounting and also the number of implemented modes #define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1) // Ciphertext/plaintext block size for XTS mode (in bytes) #define BYTES_PER_XTS_BLOCK 16 // Number of ciphertext/plaintext blocks per XTS data unit #define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK) // Cipher IDs enum { NONE = 0, AES, SERPENT, TWOFISH, CAMELLIA, GOST89, KUZNYECHIK }; typedef struct { int Id; // Cipher ID #ifdef TC_WINDOWS_BOOT char *Name; // Name #else wchar_t *Name; // Name #endif int BlockSize; // Block size (bytes) int KeySize; // Key size (bytes) int KeyScheduleSize; // Scheduled key size (bytes) } Cipher; typedef struct { int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation #ifndef TC_WINDOWS_BOOT BOOL MbrSysEncEnabled; #endif int FormatEnabled; } EncryptionAlgorithm; #ifndef TC_WINDOWS_BOOT typedef struct { int Id; // Hash ID wchar_t *Name; // Name BOOL Deprecated; BOOL SystemEncryption; // Available for system encryption } Hash; #endif // Maxium length of scheduled key #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES) # define AES_KS (sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx)) #else # define AES_KS (sizeof(aes_context)) #endif #define SERPENT_KS (140 * 4) #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE # ifdef TC_WINDOWS_BOOT_AES # define MAX_EXPANDED_KEY AES_KS # elif defined (TC_WINDOWS_BOOT_SERPENT) # define MAX_EXPANDED_KEY SERPENT_KS # elif defined (TC_WINDOWS_BOOT_TWOFISH) # define MAX_EXPANDED_KEY TWOFISH_KS # elif defined (TC_WINDOWS_BOOT_CAMELLIA) # define MAX_EXPANDED_KEY CAMELLIA_KS # endif #else #ifdef TC_WINDOWS_BOOT #define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS) #else #define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS), KUZNYECHIK_KS) #endif #endif #ifdef DEBUG # define PRAND_DISK_WIPE_PASSES 3 #else # define PRAND_DISK_WIPE_PASSES 256 #endif /* specific value for volume header wipe used only when drive is fully wiped. */ #define PRAND_HEADER_WIPE_PASSES 3 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES) # include "Aes.h" #else # include "AesSmall.h" #endif #include "Aes_hw_cpu.h" #if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI) # include "SerpentFast.h" #else # include "Serpent.h" #endif #include "Twofish.h" #include "Rmd160.h" #ifndef TC_WINDOWS_BOOT # include "Sha2.h" # include "Whirlpool.h" # include "Streebog.h" # include "GostCipher.h" # include "kuznyechik.h" # include "Camellia.h" #else # include "CamelliaSmall.h" #endif #include "GfMul.h" #include "Password.h" #ifndef TC_WINDOWS_BOOT #include "config.h" typedef struct keyInfo_t { int noIterations; /* Number of times to iterate (PKCS-5) */ int keyLength; /* Length of the key */ uint64 dummy; /* Dummy field to ensure 16-byte alignment of this structure */ __int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */ CRYPTOPP_ALIGN_DATA(16) __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */ CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */ } KEY_INFO, *PKEY_INFO; #endif typedef struct CRYPTO_INFO_t { int ea; /* Encryption algorithm ID */ int mode; /* Mode of operation (e.g., XTS) */ int pkcs5; /* PRF algorithm */ unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */ unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */ BOOL hiddenVolume; // Indicates whether the volume is mounted/mountable as hidden volume #ifndef TC_WINDOWS_BOOT uint16 HeaderVersion; GfCtx gf_ctx; CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */ CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */ unsigned __int8 salt[PKCS5_SALT_SIZE]; int noIterations; BOOL bTrueCryptMode; int volumePim; uint64 volume_creation_time; // Legacy uint64 header_creation_time; // Legacy BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount). uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume. uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes. uint64 hiddenVolumeOffset; // Absolute position, in bytes, of the first hidden volume data sector within the host volume (provided that there is a hidden volume within). This must be set for all hidden volumes; in case of a normal volume, this variable is only used when protecting a hidden volume within it. uint64 hiddenVolumeProtectedSize; BOOL bPartitionInInactiveSysEncScope; // If TRUE, the volume is a partition located on an encrypted system drive and mounted without pre-boot authentication. UINT64_STRUCT FirstDataUnitNo; // First data unit number of the volume. This is 0 for file-hosted and non-system partition-hosted volumes. For partitions within key scope of system encryption this reflects real physical offset within the device (this is used e.g. when such a partition is mounted as a regular volume without pre-boot authentication). uint16 RequiredProgramVersion; BOOL LegacyVolume; uint32 SectorSize; #endif // !TC_WINDOWS_BOOT UINT64_STRUCT VolumeSize; UINT64_STRUCT EncryptedAreaStart; UINT64_STRUCT EncryptedAreaLength; uint32 HeaderFlags; } CRYPTO_INFO, *PCRYPTO_INFO; #if defined(_WIN32) || defined(_UEFI) #pragma pack (push) #pragma pack(1) typedef struct BOOT_CRYPTO_HEADER_t { __int16 ea; /* Encryption algorithm ID */ __int16 mode; /* Mode of operation (e.g., XTS) */ __int16 pkcs5; /* PRF algorithm */ } BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER; #pragma pack (pop) #endif PCRYPTO_INFO crypto_open (void); #ifndef TC_WINDOWS_BOOT void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen); #endif void crypto_close (PCRYPTO_INFO cryptoInfo); int CipherGetBlockSize (int cipher); int CipherGetKeySize (int cipher); int CipherGetKeyScheduleSize (int cipher); BOOL CipherSupportsIntraDataUnitParallelization (int cipher); #ifndef TC_WINDOWS_BOOT const wchar_t * CipherGetName (int cipher); #endif int CipherInit (int cipher, unsigned char *key, unsigned char *ks); #ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE int EAInit (int ea, unsigned char *key, unsigned char *ks); #else int EAInit (unsigned char *key, unsigned char *ks); #endif BOOL EAInitMode (PCRYPTO_INFO ci); void EncipherBlock(int cipher, void *data, void *ks); void DecipherBlock(int cipher, void *data, void *ks); #ifndef TC_WINDOWS_BOOT void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount); void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount); #endif int EAGetFirst (); int EAGetCount (void); int EAGetNext (int previousEA); #ifndef TC_WINDOWS_BOOT wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay); int EAGetByName (wchar_t *name); #endif int EAGetKeySize (int ea); int EAGetFirstMode (int ea); int EAGetNextMode (int ea, int previousModeId); #ifndef TC_WINDOWS_BOOT wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters); #endif int EAGetKeyScheduleSize (int ea); int EAGetLargestKey (); int EAGetLargestKeyForMode (int mode); int EAGetCipherCount (int ea); int EAGetFirstCipher (int ea); int EAGetLastCipher (int ea); int EAGetNextCipher (int ea, int previousCipherId); int EAGetPreviousCipher (int ea, int previousCipherId); #ifndef TC_WINDOWS_BOOT int EAIsFormatEnabled (int ea); int EAIsMbrSysEncEnabled (int ea); #endif BOOL EAIsModeSupported (int ea, int testedMode); #ifndef TC_WINDOWS_BOOT const wchar_t *HashGetName (int hash_algo_id); #ifdef _WIN32 int HashGetIdByName (wchar_t *name); #endif Hash *HashGet (int id); void HashGetName2 (wchar_t *buf, int hashId); BOOL HashIsDeprecated (int hashId); BOOL HashForSystemEncryption (int hashId); int GetMaxPkcs5OutSize (void); #endif void EncryptDataUnit
;
; Derived from source code of TrueCrypt 7.1a, which is
; Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
; by the TrueCrypt License 3.0.
;
; Modifications and additions to the original source code (contained in this file)
; and all other portions of this file are Copyright (c) 2013-2017 IDRIX
; and are governed by the Apache License 2.0 the full text of which is
; contained in the file License.txt included in VeraCrypt binary and source
; code distribution packages.
;

.MODEL tiny
.386
_TEXT SEGMENT USE16

INCLUDE BootDefs.i

ORG 7C00h	; Standard boot sector offset

start:
	; BIOS executes boot sector from 0:7C00 or 7C0:0000 (default CD boot loader address).
	; Far jump to the next instruction sets IP to the standard offset 7C00.
	db 0EAh				; jmp 0:main
	dw main, 0

loader_name_msg:
	db ' VeraCrypt Boot Loader', 13, 10, 0

main:
	cli
	xor ax, ax
	mov ds, ax
	mov ss, ax
	mov sp, 7C00h
	sti

	; Display boot loader name
	test byte ptr [start + TC_BOOT_SECTOR_USER_CONFIG_OFFSET], TC_BOOT_USER_CFG_FLAG_SILENT_MODE
	jnz skip_loader_name_msg

	lea si, loader_name_msg
	call print
skip_loader_name_msg:

    ; Determine boot loader segment
    mov ax, word ptr [ds:413h]      ;available kB from BIOS
    sub ax, TC_BOOT_MEMORY_REQUIRED ;minus TC_BOOT_MEMORY_REQUIRED
    jc mem_toolow
    and ax, 0FFE0h                  ;32K align
    shl ax, 6                       ;convert kB to segment addr (*1024/16)
    cmp ax, 8000h
    jb mem_toolow                   ;we can't load below 8000h
    cmp ax, TC_BOOT_LOADER_SEGMENT
    jbe memory_ok                   ;don't load above TC_BOOT_LOADER_SEGMENT (9000h)
    mov ax, TC_BOOT_LOADER_SEGMENT
    jmp memory_ok

mem_toolow:
    mov ax, TC_BOOT_LOADER_LOWMEM_SEGMENT

memory_ok:
    mov es, ax

	; Clear BSS section
	xor al, al
	mov di, TC_COM_EXECUTABLE_OFFSET
	mov cx, TC_BOOT_MEMORY_REQUIRED * 1024 - TC_COM_EXECUTABLE_OFFSET - 1
	cld
	rep stosb

	mov ax, es
	sub ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16	; Decompressor segment
	mov es, ax

	; Load decompressor
	mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR
retry_backup:
	mov al, TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT
	mov bx, TC_COM_EXECUTABLE_OFFSET
	call read_sectors

	; Decompressor checksum
	xor ebx, ebx
	mov si, TC_COM_EXECUTABLE_OFFSET
	mov cx, TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT * TC_LB_SIZE
	call checksum
	push ebx

	; Load compressed boot loader
	mov bx, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET
	mov cl, TC_BOOT_LOADER_START_SECTOR
	mov al, TC_MAX_BOOT_LOADER_SECTOR_COUNT

	test backup_loader_used, 1
	jz non_backup
	mov al, TC_BOOT_LOADER_BACKUP_SECTOR_COUNT - TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT
	mov cl, TC_BOOT_LOADER_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

non_backup:
	call read_sectors

	; Boot loader checksum
	pop ebx
	mov si, TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET
	mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]
	call checksum

	; Verify checksum
	cmp ebx, dword ptr [start + TC_BOOT_SECTOR_LOADER_CHECKSUM_OFFSET]
	je checksum_ok

	; Checksum incorrect - try using backup if available
	test backup_loader_used, 1
	jnz loader_damaged

	mov backup_loader_used, 1
	mov cl, TC_BOOT_LOADER_DECOMPRESSOR_START_SECTOR + TC_BOOT_LOADER_BACKUP_SECTOR_COUNT

	test TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]
	jnz retry_backup

loader_damaged:
	lea si, loader_damaged_msg
	call print
	lea si, loader_name_msg
	call print
	jmp $
checksum_ok:

	; Set up decompressor segment
	mov ax, es
	mov ds, ax
	cli
	mov ss, ax
	mov sp, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE
	sti

	push dx

	; Decompress boot loader
	mov cx, word ptr cs:[start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]
	sub cx, TC_GZIP_HEADER_SIZE
	push cx																		; Compressed data size
	push TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET + TC_GZIP_HEADER_SIZE			; Compressed data
	push TC_MAX_BOOT_LOADER_DECOMPRESSED_SIZE									; Output buffer size
	push TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE + TC_COM_EXECUTABLE_OFFSET		; Output buffer

	push cs
	push decompressor_ret
	push es
	push TC_COM_EXECUTABLE_OFFSET
	retf
decompressor_ret:

	add sp, 8
	pop dx

	; Restore boot sector segment
	push cs
	pop ds

	; Check decompression result
	test ax, ax
	jz decompression_ok

	lea si, loader_damaged_msg
	call print
	jmp $
decompression_ok:

	; DH = boot sector flags
	mov dh, byte ptr [start + TC_BOOT_SECTOR_CONFIG_OFFSET]

	; Set up boot loader segment
	mov ax, es
	add ax, TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE / 16
	mov es, ax
	mov ds, ax
	cli
	mov ss, ax
	mov sp, TC_BOOT_LOADER_STACK_TOP
	sti

	; Execute boot loader
	push es
	push TC_COM_EXECUTABLE_OFFSET
	retf

	; Print string
print:
	xor bx, bx
	mov ah, 0eh
	cld

@@:	lodsb
	test al, al
	jz print_end

	int 10h
	jmp @B

print_end:
	ret

	; Read sectors of the first cylinder
read_sectors:
	mov ch, 0           ; Cylinder
	mov dh, 0           ; Head
						; DL = drive number passed from BIOS
	mov ah, 2
	int 13h
	jnc read_ok

	lea si, disk_error_msg
	call print
read_ok:
	ret

	; Calculate checksum
checksum:
	push ds
	push es
	pop ds
	xor eax, eax
	cld

@@:	lodsb
	add ebx, eax
	rol ebx, 1
	loop @B

	pop ds
	ret

backup_loader_used		db 0

disk_error_msg			db 'Disk error', 13, 10, 7, 0
loader_damaged_msg		db 7, 'Loader damaged! Repair with Rescue Disk', 0

ORG 7C00h + 510
	dw 0AA55h			; Boot sector signature

_TEXT ENDS
END start