VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Crypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common/Crypto.h')
-rw-r--r--src/Common/Crypto.h66
1 files changed, 49 insertions, 17 deletions
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 1d0c96e5..178e08e1 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -53,7 +53,7 @@ enum
SHA512 = FIRST_PRF_ID,
WHIRLPOOL,
SHA256,
- RIPEMD160,
+ BLAKE2S,
STREEBOG,
HASH_ENUM_END_ID
};
@@ -61,8 +61,8 @@ enum
// The last PRF to try when mounting and also the number of implemented PRFs
#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
-#define RIPEMD160_BLOCKSIZE 64
-#define RIPEMD160_DIGESTSIZE 20
+#define BLAKE2S_BLOCKSIZE 64
+#define BLAKE2S_DIGESTSIZE 32
#define SHA256_BLOCKSIZE 64
#define SHA256_DIGESTSIZE 32
@@ -112,7 +112,6 @@ enum
SERPENT,
TWOFISH,
CAMELLIA,
- GOST89,
KUZNYECHIK
};
@@ -173,7 +172,7 @@ typedef struct
#ifdef TC_WINDOWS_BOOT
#define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
#else
-#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS), KUZNYECHIK_KS)
+#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
#endif
#endif
@@ -200,14 +199,19 @@ typedef struct
#endif
#include "Twofish.h"
-#include "Rmd160.h"
+#include "blake2.h"
#ifndef TC_WINDOWS_BOOT
# include "Sha2.h"
# include "Whirlpool.h"
# include "Streebog.h"
-# include "GostCipher.h"
# include "kuznyechik.h"
# include "Camellia.h"
+#if !defined (_UEFI)
+# include "chachaRng.h"
+# ifdef _WIN64
+# include "t1ha.h"
+# endif
+#endif
#else
# include "CamelliaSmall.h"
#endif
@@ -245,18 +249,16 @@ typedef struct CRYPTO_INFO_t
#ifndef TC_WINDOWS_BOOT
uint16 HeaderVersion;
- GfCtx gf_ctx;
-
+#ifdef TC_WINDOWS_DRIVER
+ unsigned __int8 master_keydata_hash[BLAKE2S_DIGESTSIZE];
+#else
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
- unsigned __int8 salt[PKCS5_SALT_SIZE];
+#endif
+
int noIterations;
- BOOL bTrueCryptMode;
int volumePim;
- uint64 volume_creation_time; // Legacy
- uint64 header_creation_time; // Legacy
-
BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting
BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
@@ -306,6 +308,7 @@ typedef struct BOOT_CRYPTO_HEADER_t
PCRYPTO_INFO crypto_open (void);
#ifndef TC_WINDOWS_BOOT
void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
+void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo);
#endif
void crypto_close (PCRYPTO_INFO cryptoInfo);
@@ -324,7 +327,7 @@ int EAInit (int ea, unsigned char *key, unsigned char *ks);
#else
int EAInit (unsigned char *key, unsigned char *ks);
#endif
-BOOL EAInitMode (PCRYPTO_INFO ci);
+BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2);
void EncipherBlock(int cipher, void *data, void *ks);
void DecipherBlock(int cipher, void *data, void *ks);
#ifndef TC_WINDOWS_BOOT
@@ -336,7 +339,7 @@ int EAGetFirst ();
int EAGetCount (void);
int EAGetNext (int previousEA);
#ifndef TC_WINDOWS_BOOT
-wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
+wchar_t * EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay);
int EAGetByName (wchar_t *name);
#endif
int EAGetKeySize (int ea);
@@ -367,7 +370,7 @@ const wchar_t *HashGetName (int hash_algo_id);
int HashGetIdByName (wchar_t *name);
#endif
Hash *HashGet (int id);
-void HashGetName2 (wchar_t *buf, int hashId);
+void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId);
BOOL HashIsDeprecated (int hashId);
BOOL HashForSystemEncryption (int hashId);
int GetMaxPkcs5OutSize (void);
@@ -381,10 +384,39 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
+#if defined(_WIN64) && !defined (_UEFI)
+BOOL InitializeSecurityParameters(GetRandSeedFn rngCallback);
+void ClearSecurityParameters();
+#ifdef TC_WINDOWS_DRIVER
+void VcProtectMemory (uint64 encID, unsigned char* pbData, size_t cbData, unsigned char* pbData2, size_t cbData2);
+#else
+void VcProtectMemory (uint64 encID, unsigned char* pbData, size_t cbData,
+ unsigned char* pbData2, size_t cbData2,
+ unsigned char* pbData3, size_t cbData3,
+ unsigned char* pbData4, size_t cbData4);
+#endif
+uint64 VcGetEncryptionID (PCRYPTO_INFO pCryptoInfo);
+void VcProtectKeys (PCRYPTO_INFO pCryptoInfo, uint64 encID);
+void VcUnprotectKeys (PCRYPTO_INFO pCryptoInfo, uint64 encID);
+void EncryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
+void DecryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
+#else
+#define EncryptDataUnitsCurrentThreadEx EncryptDataUnitsCurrentThread
+#define DecryptDataUnitsCurrentThreadEx DecryptDataUnitsCurrentThread
+#endif
+
BOOL IsAesHwCpuSupported ();
void EnableHwEncryption (BOOL enable);
BOOL IsHwEncryptionEnabled ();
+BOOL IsCpuRngSupported ();
+void EnableCpuRng (BOOL enable);
+BOOL IsCpuRngEnabled ();
+
+BOOL IsRamEncryptionSupported ();
+void EnableRamEncryption (BOOL enable);
+BOOL IsRamEncryptionEnabled ();
+
#ifdef __cplusplus
}
#endif