From f38cf0b6943da24c802424f53588b54aada48fd8 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 14 Oct 2014 17:09:18 +0200 Subject: Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160. --- src/Common/Crypto.c | 47 +++++++++++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 16 deletions(-) (limited to 'src/Common/Crypto.c') diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index a63bc954..9fc69022 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -90,11 +90,12 @@ static EncryptionAlgorithm EncryptionAlgorithms[] = // Hash algorithms static Hash Hashes[] = { // ID Name Deprecated System Encryption - { RIPEMD160, "RIPEMD-160", FALSE, TRUE }, #ifndef TC_WINDOWS_BOOT { SHA512, "SHA-512", FALSE, FALSE }, { WHIRLPOOL, "Whirlpool", FALSE, FALSE }, #endif + { SHA256, "SHA-256", FALSE, TRUE }, + { RIPEMD160, "RIPEMD-160", TRUE, TRUE }, { 0, 0, 0 } }; @@ -651,17 +652,42 @@ char *HashGetName (int hashId) #endif } +#ifndef TC_WINDOWS_BOOT +void HashGetName2 (char *buf, int hashId) +{ + Hash* pHash = HashGet(hashId); + if (pHash) + strcpy(buf, pHash -> Name); + else + buf[0] = '\0'; +} BOOL HashIsDeprecated (int hashId) { -#ifdef TC_WINDOWS_BOOT - return HashGet(hashId) -> Deprecated; -#else Hash* pHash = HashGet(hashId); return pHash? pHash -> Deprecated : FALSE; -#endif + } +BOOL HashForSystemEncryption (int hashId) +{ + Hash* pHash = HashGet(hashId); + return pHash? pHash -> SystemEncryption : FALSE; + +} + +// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5) +int GetMaxPkcs5OutSize (void) +{ + int size = 32; + + size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys + + return size; +} + +#endif + #endif // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE @@ -904,17 +930,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s } -// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5) -int GetMaxPkcs5OutSize (void) -{ - int size = 32; - - size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys - - return size; -} - - #else // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE -- cgit v1.2.3