diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-14 17:09:18 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:23:50 +0100 |
| commit | f38cf0b6943da24c802424f53588b54aada48fd8 (patch) | |
| tree | 6cf5ff0e6d51e6a022b6be29780f215195a403f6 /src/Common/Crypto.c | |
| parent | bd7d151abf2c51e24a0dc60f7400c0388904c9f1 (diff) | |
| download | VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.tar.gz VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.zip | |
Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160.
Diffstat (limited to 'src/Common/Crypto.c')
| -rw-r--r-- | src/Common/Crypto.c | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index a63bc954..9fc69022 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -90,11 +90,12 @@ static EncryptionAlgorithm EncryptionAlgorithms[] = // Hash algorithms
static Hash Hashes[] =
{ // ID Name Deprecated System Encryption
- { RIPEMD160, "RIPEMD-160", FALSE, TRUE },
#ifndef TC_WINDOWS_BOOT
{ SHA512, "SHA-512", FALSE, FALSE },
{ WHIRLPOOL, "Whirlpool", FALSE, FALSE },
#endif
+ { SHA256, "SHA-256", FALSE, TRUE },
+ { RIPEMD160, "RIPEMD-160", TRUE, TRUE },
{ 0, 0, 0 }
};
@@ -651,17 +652,42 @@ char *HashGetName (int hashId) #endif
}
+#ifndef TC_WINDOWS_BOOT
+void HashGetName2 (char *buf, int hashId)
+{
+ Hash* pHash = HashGet(hashId);
+ if (pHash)
+ strcpy(buf, pHash -> Name);
+ else
+ buf[0] = '\0';
+}
BOOL HashIsDeprecated (int hashId)
{
-#ifdef TC_WINDOWS_BOOT
- return HashGet(hashId) -> Deprecated;
-#else
Hash* pHash = HashGet(hashId);
return pHash? pHash -> Deprecated : FALSE;
-#endif
+
}
+BOOL HashForSystemEncryption (int hashId)
+{
+ Hash* pHash = HashGet(hashId);
+ return pHash? pHash -> SystemEncryption : FALSE;
+
+}
+
+// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5)
+int GetMaxPkcs5OutSize (void)
+{
+ int size = 32;
+
+ size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys
+
+ return size;
+}
+
+#endif
+
#endif // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
@@ -904,17 +930,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s }
-// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5)
-int GetMaxPkcs5OutSize (void)
-{
- int size = 32;
-
- size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys
-
- return size;
-}
-
-
#else // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
|