diff options
Diffstat (limited to 'src/Common/Crypto.h')
-rw-r--r-- | src/Common/Crypto.h | 66 |
1 files changed, 49 insertions, 17 deletions
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 1d0c96e5..178e08e1 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -53,7 +53,7 @@ enum SHA512 = FIRST_PRF_ID, WHIRLPOOL, SHA256, - RIPEMD160, + BLAKE2S, STREEBOG, HASH_ENUM_END_ID }; @@ -61,8 +61,8 @@ enum // The last PRF to try when mounting and also the number of implemented PRFs #define LAST_PRF_ID (HASH_ENUM_END_ID - 1) -#define RIPEMD160_BLOCKSIZE 64 -#define RIPEMD160_DIGESTSIZE 20 +#define BLAKE2S_BLOCKSIZE 64 +#define BLAKE2S_DIGESTSIZE 32 #define SHA256_BLOCKSIZE 64 #define SHA256_DIGESTSIZE 32 @@ -112,7 +112,6 @@ enum SERPENT, TWOFISH, CAMELLIA, - GOST89, KUZNYECHIK }; @@ -173,7 +172,7 @@ typedef struct #ifdef TC_WINDOWS_BOOT #define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS) #else -#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS), KUZNYECHIK_KS) +#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS) #endif #endif @@ -200,14 +199,19 @@ typedef struct #endif #include "Twofish.h" -#include "Rmd160.h" +#include "blake2.h" #ifndef TC_WINDOWS_BOOT # include "Sha2.h" # include "Whirlpool.h" # include "Streebog.h" -# include "GostCipher.h" # include "kuznyechik.h" # include "Camellia.h" +#if !defined (_UEFI) +# include "chachaRng.h" +# ifdef _WIN64 +# include "t1ha.h" +# endif +#endif #else # include "CamelliaSmall.h" #endif @@ -245,18 +249,16 @@ typedef struct CRYPTO_INFO_t #ifndef TC_WINDOWS_BOOT uint16 HeaderVersion; - GfCtx gf_ctx; - +#ifdef TC_WINDOWS_DRIVER + unsigned __int8 master_keydata_hash[BLAKE2S_DIGESTSIZE]; +#else CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */ CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */ - unsigned __int8 salt[PKCS5_SALT_SIZE]; +#endif + int noIterations; - BOOL bTrueCryptMode; int volumePim; - uint64 volume_creation_time; // Legacy - uint64 header_creation_time; // Legacy - BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount). @@ -306,6 +308,7 @@ typedef struct BOOT_CRYPTO_HEADER_t PCRYPTO_INFO crypto_open (void); #ifndef TC_WINDOWS_BOOT void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen); +void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo); #endif void crypto_close (PCRYPTO_INFO cryptoInfo); @@ -324,7 +327,7 @@ int EAInit (int ea, unsigned char *key, unsigned char *ks); #else int EAInit (unsigned char *key, unsigned char *ks); #endif -BOOL EAInitMode (PCRYPTO_INFO ci); +BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2); void EncipherBlock(int cipher, void *data, void *ks); void DecipherBlock(int cipher, void *data, void *ks); #ifndef TC_WINDOWS_BOOT @@ -336,7 +339,7 @@ int EAGetFirst (); int EAGetCount (void); int EAGetNext (int previousEA); #ifndef TC_WINDOWS_BOOT -wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay); +wchar_t * EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay); int EAGetByName (wchar_t *name); #endif int EAGetKeySize (int ea); @@ -367,7 +370,7 @@ const wchar_t *HashGetName (int hash_algo_id); int HashGetIdByName (wchar_t *name); #endif Hash *HashGet (int id); -void HashGetName2 (wchar_t *buf, int hashId); +void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId); BOOL HashIsDeprecated (int hashId); BOOL HashForSystemEncryption (int hashId); int GetMaxPkcs5OutSize (void); @@ -381,10 +384,39 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo); void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo); +#if defined(_WIN64) && !defined (_UEFI) +BOOL InitializeSecurityParameters(GetRandSeedFn rngCallback); +void ClearSecurityParameters(); +#ifdef TC_WINDOWS_DRIVER +void VcProtectMemory (uint64 encID, unsigned char* pbData, size_t cbData, unsigned char* pbData2, size_t cbData2); +#else +void VcProtectMemory (uint64 encID, unsigned char* pbData, size_t cbData, + unsigned char* pbData2, size_t cbData2, + unsigned char* pbData3, size_t cbData3, + unsigned char* pbData4, size_t cbData4); +#endif +uint64 VcGetEncryptionID (PCRYPTO_INFO pCryptoInfo); +void VcProtectKeys (PCRYPTO_INFO pCryptoInfo, uint64 encID); +void VcUnprotectKeys (PCRYPTO_INFO pCryptoInfo, uint64 encID); +void EncryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci); +void DecryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci); +#else +#define EncryptDataUnitsCurrentThreadEx EncryptDataUnitsCurrentThread +#define DecryptDataUnitsCurrentThreadEx DecryptDataUnitsCurrentThread +#endif + BOOL IsAesHwCpuSupported (); void EnableHwEncryption (BOOL enable); BOOL IsHwEncryptionEnabled (); +BOOL IsCpuRngSupported (); +void EnableCpuRng (BOOL enable); +BOOL IsCpuRngEnabled (); + +BOOL IsRamEncryptionSupported (); +void EnableRamEncryption (BOOL enable); +BOOL IsRamEncryptionEnabled (); + #ifdef __cplusplus } #endif |