VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Volumes.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-10-14 17:09:18 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:23:50 +0100
commitf38cf0b6943da24c802424f53588b54aada48fd8 (patch)
tree6cf5ff0e6d51e6a022b6be29780f215195a403f6 /src/Common/Volumes.c
parentbd7d151abf2c51e24a0dc60f7400c0388904c9f1 (diff)
downloadVeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.tar.gz
VeraCrypt-f38cf0b6943da24c802424f53588b54aada48fd8.zip
Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160.
Diffstat (limited to 'src/Common/Volumes.c')
-rw-r--r--src/Common/Volumes.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 9a0d3efc..2b7b01ab 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -316,6 +316,11 @@ KeyReady: ;
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
+ case SHA256:
+ derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
+ break;
+
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -561,8 +566,13 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
cryptoInfo = *retInfo = crypto_open ();
// PKCS5 PRF
+#ifdef TC_WINDOWS_BOOT_SHA2
+ derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+ PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
+#else
derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
+#endif
// Mode of operation
cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
@@ -606,6 +616,12 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// Flags
cryptoInfo->HeaderFlags = GetHeaderField32 (header, TC_HEADER_OFFSET_FLAGS);
+#ifdef TC_WINDOWS_BOOT_SHA2
+ cryptoInfo->pkcs5 = SHA256;
+#else
+ cryptoInfo->pkcs5 = RIPEMD160;
+#endif
+
memcpy (masterKey, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (masterKey));
EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
@@ -703,6 +719,9 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
// User selected encryption algorithm
cryptoInfo->ea = ea;
+ // User selected PRF
+ cryptoInfo->pkcs5 = pkcs5_prf;
+
// Mode of operation
cryptoInfo->mode = mode;
@@ -718,6 +737,11 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
+ case SHA256:
+ derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
+ break;
+
case RIPEMD160:
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());