mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 19:08:26 -06:00
Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.
This commit is contained in:
Mounir IDRASSI
@@ -1705,15 +1705,11 @@ namespace VeraCrypt
|
||||
ea = TWOFISH;
|
||||
else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
|
||||
ea = CAMELLIA;
|
||||
#if defined(CIPHER_GOST89)
|
||||
else if (_stricmp (request.BootEncryptionAlgorithmName, "GOST89") == 0)
|
||||
ea = GOST89;
|
||||
#endif
|
||||
|
||||
if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
|
||||
pkcs5_prf = SHA256;
|
||||
else if (_stricmp(request.BootPrfAlgorithmName, "RIPEMD-160") == 0)
|
||||
pkcs5_prf = RIPEMD160;
|
||||
else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
|
||||
pkcs5_prf = BLAKE2S;
|
||||
else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
|
||||
pkcs5_prf = SHA512;
|
||||
else if (_stricmp(request.BootPrfAlgorithmName, "Whirlpool") == 0)
|
||||
@@ -1721,7 +1717,7 @@ namespace VeraCrypt
|
||||
else if (_stricmp(request.BootPrfAlgorithmName, "Streebog") == 0)
|
||||
pkcs5_prf = STREEBOG;
|
||||
else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
|
||||
pkcs5_prf = RIPEMD160;
|
||||
pkcs5_prf = BLAKE2S;
|
||||
}
|
||||
catch (...)
|
||||
{
|
||||
@@ -1747,8 +1743,8 @@ namespace VeraCrypt
|
||||
pkcs5_prf = SelectedPrfAlgorithmId;
|
||||
}
|
||||
|
||||
// Only RIPEMD160 and SHA-256 are supported for MBR boot loader
|
||||
if (!bIsGPT && pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
|
||||
// Only BLAKE2s and SHA-256 are supported for MBR boot loader
|
||||
if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256)
|
||||
throw ParameterIncorrect (SRC_POS);
|
||||
|
||||
int bootSectorId = 0;
|
||||
@@ -2222,7 +2218,7 @@ namespace VeraCrypt
|
||||
EfiBootConf::EfiBootConf() : passwordType (0),
|
||||
passwordMsg ("Password: "),
|
||||
passwordPicture ("login.bmp"),
|
||||
hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: "),
|
||||
hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: "),
|
||||
hashAlgo (0),
|
||||
requestHash (0),
|
||||
pimMsg ("PIM (Leave empty for default): "),
|
||||
@@ -2339,7 +2335,7 @@ namespace VeraCrypt
|
||||
passwordType = ReadConfigInteger (configContent, "PasswordType", 0);
|
||||
passwordMsg = ReadConfigString (configContent, "PasswordMsg", "Password: ", buffer, sizeof (buffer));
|
||||
passwordPicture = ReadConfigString (configContent, "PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", buffer, sizeof (buffer));
|
||||
//hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
|
||||
//hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
|
||||
hashAlgo = ReadConfigInteger (configContent, "Hash", 0);
|
||||
requestHash = ReadConfigInteger (configContent, "HashRqt", 1);
|
||||
pimMsg = ReadConfigString (configContent, "PimMsg", "PIM: ", buffer, sizeof (buffer));
|
||||
|
||||
@@ -64,9 +64,6 @@ static Cipher Ciphers[] =
|
||||
{ SERPENT, L"Serpent", 16, 32, 140*4 },
|
||||
{ TWOFISH, L"Twofish", 16, 32, TWOFISH_KS },
|
||||
{ CAMELLIA, L"Camellia", 16, 32, CAMELLIA_KS },
|
||||
#if defined(CIPHER_GOST89)
|
||||
{ GOST89, L"GOST89", 16, 32, GOST_KS },
|
||||
#endif // defined(CIPHER_GOST89)
|
||||
{ KUZNYECHIK, L"Kuznyechik",16, 32, KUZNYECHIK_KS },
|
||||
#endif
|
||||
{ 0, 0, 0, 0, 0 }
|
||||
@@ -85,9 +82,6 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
|
||||
{ { SERPENT, 0 }, { XTS, 0 }, 1, 1 },
|
||||
{ { TWOFISH, 0 }, { XTS, 0 }, 1, 1 },
|
||||
{ { CAMELLIA, 0 }, { XTS, 0 }, 1, 1 },
|
||||
#if defined(CIPHER_GOST89)
|
||||
{ { GOST89, 0 }, { XTS, 0 }, 0, 0 },
|
||||
#endif // defined(CIPHER_GOST89)
|
||||
{ { KUZNYECHIK, 0 }, { XTS, 0 }, 0, 1 },
|
||||
{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
|
||||
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
|
||||
@@ -126,8 +120,8 @@ static Hash Hashes[] =
|
||||
{ // ID Name Deprecated System Encryption
|
||||
{ SHA512, L"SHA-512", FALSE, FALSE },
|
||||
{ WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
|
||||
{ BLAKE2S, L"BLAKE2s-256", FALSE, TRUE },
|
||||
{ SHA256, L"SHA-256", FALSE, TRUE },
|
||||
{ RIPEMD160, L"RIPEMD-160", TRUE, TRUE },
|
||||
{ STREEBOG, L"Streebog", FALSE, FALSE },
|
||||
{ 0, 0, 0 }
|
||||
};
|
||||
@@ -168,11 +162,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
|
||||
#endif
|
||||
|
||||
#if !defined(TC_WINDOWS_BOOT)
|
||||
#if defined(CIPHER_GOST89)
|
||||
case GOST89:
|
||||
gost_set_key(key, (gost_kds*)ks, 1);
|
||||
break;
|
||||
#endif // && defined(CIPHER_GOST89)
|
||||
case KUZNYECHIK:
|
||||
kuznyechik_set_key(key, (kuznyechik_kds*)ks);
|
||||
break;
|
||||
@@ -206,9 +195,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
|
||||
case CAMELLIA: camellia_encrypt (data, data, ks); break;
|
||||
#endif
|
||||
#if !defined(TC_WINDOWS_BOOT)
|
||||
#if defined(CIPHER_GOST89)
|
||||
case GOST89: gost_encrypt(data, data, ks, 1); break;
|
||||
#endif // defined(CIPHER_GOST89)
|
||||
case KUZNYECHIK: kuznyechik_encrypt_block(data, data, ks); break;
|
||||
#endif // !defined(TC_WINDOWS_BOOT)
|
||||
default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
|
||||
@@ -281,9 +267,6 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
else if (cipher == GOST89) {
|
||||
gost_encrypt(data, data, ks, (int)blockCount);
|
||||
}
|
||||
else
|
||||
{
|
||||
size_t blockSize = CipherGetBlockSize (cipher);
|
||||
@@ -307,9 +290,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
|
||||
case CAMELLIA: camellia_decrypt (data, data, ks); break;
|
||||
#endif
|
||||
#if !defined(TC_WINDOWS_BOOT)
|
||||
#if defined(CIPHER_GOST89)
|
||||
case GOST89: gost_decrypt(data, data, ks, 1); break;
|
||||
#endif // defined(CIPHER_GOST89)
|
||||
case KUZNYECHIK: kuznyechik_decrypt_block(data, data, ks); break;
|
||||
#endif // !defined(TC_WINDOWS_BOOT)
|
||||
|
||||
@@ -398,9 +378,6 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
else if (cipher == GOST89) {
|
||||
gost_decrypt(data, data, ks, (int)blockCount);
|
||||
}
|
||||
else
|
||||
{
|
||||
size_t blockSize = CipherGetBlockSize (cipher);
|
||||
@@ -466,7 +443,6 @@ int CipherGetKeyScheduleSize (int cipherId)
|
||||
BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
|
||||
{
|
||||
return (cipher == AES && IsAesHwCpuSupported())
|
||||
|| (cipher == GOST89)
|
||||
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
|
||||
|| (cipher == SERPENT && HasSSE2())
|
||||
|| (cipher == KUZNYECHIK && HasSSE2())
|
||||
|
||||
@@ -53,7 +53,7 @@ enum
|
||||
SHA512 = FIRST_PRF_ID,
|
||||
WHIRLPOOL,
|
||||
SHA256,
|
||||
RIPEMD160,
|
||||
BLAKE2S,
|
||||
STREEBOG,
|
||||
HASH_ENUM_END_ID
|
||||
};
|
||||
@@ -61,8 +61,8 @@ enum
|
||||
// The last PRF to try when mounting and also the number of implemented PRFs
|
||||
#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
|
||||
|
||||
#define RIPEMD160_BLOCKSIZE 64
|
||||
#define RIPEMD160_DIGESTSIZE 20
|
||||
#define BLAKE2S_BLOCKSIZE 64
|
||||
#define BLAKE2S_DIGESTSIZE 32
|
||||
|
||||
#define SHA256_BLOCKSIZE 64
|
||||
#define SHA256_DIGESTSIZE 32
|
||||
@@ -112,7 +112,6 @@ enum
|
||||
SERPENT,
|
||||
TWOFISH,
|
||||
CAMELLIA,
|
||||
GOST89,
|
||||
KUZNYECHIK
|
||||
};
|
||||
|
||||
@@ -173,7 +172,7 @@ typedef struct
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
#define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
|
||||
#else
|
||||
#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
|
||||
#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -200,12 +199,11 @@ typedef struct
|
||||
#endif
|
||||
#include "Twofish.h"
|
||||
|
||||
#include "Rmd160.h"
|
||||
#include "blake2.h"
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
# include "Sha2.h"
|
||||
# include "Whirlpool.h"
|
||||
# include "Streebog.h"
|
||||
# include "GostCipher.h"
|
||||
# include "kuznyechik.h"
|
||||
# include "Camellia.h"
|
||||
#if !defined (_UEFI)
|
||||
@@ -252,7 +250,7 @@ typedef struct CRYPTO_INFO_t
|
||||
uint16 HeaderVersion;
|
||||
|
||||
#ifdef TC_WINDOWS_DRIVER
|
||||
unsigned __int8 master_keydata_hash[RIPEMD160_DIGESTSIZE];
|
||||
unsigned __int8 master_keydata_hash[BLAKE2S_DIGESTSIZE];
|
||||
#else
|
||||
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
|
||||
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
|
||||
|
||||
@@ -6412,7 +6412,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
|
||||
{
|
||||
BYTE digest [MAX_DIGESTSIZE];
|
||||
WHIRLPOOL_CTX wctx;
|
||||
RMD160_CTX rctx;
|
||||
blake2s_state bctx;
|
||||
sha512_ctx s2ctx;
|
||||
sha256_ctx s256ctx;
|
||||
STREEBOG_CTX stctx;
|
||||
@@ -6441,10 +6441,10 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
|
||||
sha256_end ((unsigned char *) digest, &s256ctx);
|
||||
break;
|
||||
|
||||
case RIPEMD160:
|
||||
RMD160Init(&rctx);
|
||||
RMD160Update(&rctx, lpTestBuffer, benchmarkBufferSize);
|
||||
RMD160Final((unsigned char *) digest, &rctx);
|
||||
case BLAKE2S:
|
||||
blake2s_init(&bctx);
|
||||
blake2s_update(&bctx, lpTestBuffer, benchmarkBufferSize);
|
||||
blake2s_final(&bctx, (unsigned char *) digest);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
@@ -6509,9 +6509,9 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
|
||||
derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
|
||||
break;
|
||||
|
||||
case RIPEMD160:
|
||||
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
|
||||
derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
|
||||
case BLAKE2S:
|
||||
/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
|
||||
derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
@@ -7895,9 +7895,6 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
|
||||
SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000");
|
||||
|
||||
if (idTestCipher == AES || idTestCipher == SERPENT || idTestCipher == TWOFISH || idTestCipher == CAMELLIA
|
||||
#if defined(CIPHER_GOST89)
|
||||
|| idTestCipher == GOST89
|
||||
#endif
|
||||
|| idTestCipher == KUZNYECHIK
|
||||
)
|
||||
{
|
||||
|
||||
@@ -248,8 +248,8 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
|
||||
case DeriveKeyWork:
|
||||
switch (workItem->KeyDerivation.Pkcs5Prf)
|
||||
{
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
#include <memory.h>
|
||||
#include <stdlib.h>
|
||||
#endif
|
||||
#include "Rmd160.h"
|
||||
#include "blake2.h"
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
#include "Sha2.h"
|
||||
#include "Whirlpool.h"
|
||||
@@ -550,100 +550,131 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
|
||||
|
||||
#endif // TC_WINDOWS_BOOT
|
||||
|
||||
#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_RIPEMD160)
|
||||
#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_BLAKE2S)
|
||||
|
||||
typedef struct hmac_ripemd160_ctx_struct
|
||||
typedef struct hmac_blake2s_ctx_struct
|
||||
{
|
||||
RMD160_CTX context;
|
||||
RMD160_CTX inner_digest_ctx; /*pre-computed inner digest context */
|
||||
RMD160_CTX outer_digest_ctx; /*pre-computed outer digest context */
|
||||
char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the RIPEMD-160 hash */
|
||||
char u[RIPEMD160_DIGESTSIZE];
|
||||
} hmac_ripemd160_ctx;
|
||||
blake2s_state ctx;
|
||||
blake2s_state inner_digest_ctx; /*pre-computed inner digest context */
|
||||
blake2s_state outer_digest_ctx; /*pre-computed outer digest context */
|
||||
char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */
|
||||
char u[BLAKE2S_DIGESTSIZE];
|
||||
} hmac_blake2s_ctx;
|
||||
|
||||
void hmac_ripemd160_internal (char *input_digest, int len, hmac_ripemd160_ctx* hmac)
|
||||
void hmac_blake2s_internal
|
||||
(
|
||||
char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */
|
||||
int ld, /* length of input data in bytes */
|
||||
hmac_blake2s_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */
|
||||
)
|
||||
{
|
||||
RMD160_CTX* context = &(hmac->context);
|
||||
blake2s_state* ctx = &(hmac->ctx);
|
||||
|
||||
/**** Restore Precomputed Inner Digest Context ****/
|
||||
|
||||
memcpy (context, &(hmac->inner_digest_ctx), sizeof (RMD160_CTX));
|
||||
memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (blake2s_state));
|
||||
|
||||
RMD160Update(context, (const unsigned char *) input_digest, len); /* then text of datagram */
|
||||
RMD160Final((unsigned char *) input_digest, context); /* finish up 1st pass */
|
||||
blake2s_update (ctx, d, ld);
|
||||
|
||||
blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */
|
||||
|
||||
/**** Restore Precomputed Outer Digest Context ****/
|
||||
|
||||
memcpy (context, &(hmac->outer_digest_ctx), sizeof (RMD160_CTX));
|
||||
memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state));
|
||||
|
||||
/* results of 1st hash */
|
||||
RMD160Update(context, (const unsigned char *) input_digest, RIPEMD160_DIGESTSIZE);
|
||||
RMD160Final((unsigned char *) input_digest, context); /* finish up 2nd pass */
|
||||
blake2s_update (ctx, d, SHA256_DIGESTSIZE);
|
||||
|
||||
blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */
|
||||
}
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
|
||||
void hmac_blake2s
|
||||
(
|
||||
char *k, /* secret key */
|
||||
int lk, /* length of the key in bytes */
|
||||
char *d, /* data */
|
||||
int ld /* length of data in bytes */
|
||||
)
|
||||
{
|
||||
hmac_ripemd160_ctx hmac;
|
||||
RMD160_CTX* ctx;
|
||||
unsigned char* k_pad = (unsigned char*) hmac.k; /* inner/outer padding - key XORd with ipad */
|
||||
unsigned char tk[RIPEMD160_DIGESTSIZE];
|
||||
int i;
|
||||
|
||||
/* If the key is longer than the hash algorithm block size,
|
||||
let key = ripemd160(key), as per HMAC specifications. */
|
||||
if (keylen > RIPEMD160_BLOCKSIZE)
|
||||
hmac_blake2s_ctx hmac;
|
||||
blake2s_state* ctx;
|
||||
char* buf = hmac.k;
|
||||
int b;
|
||||
char key[BLAKE2S_DIGESTSIZE];
|
||||
#if defined (DEVICE_DRIVER)
|
||||
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
|
||||
#ifdef _WIN64
|
||||
XSTATE_SAVE SaveState;
|
||||
if (IsCpuIntel() && HasSAVX())
|
||||
saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
|
||||
#else
|
||||
KFLOATING_SAVE floatingPointState;
|
||||
if (HasSSE2())
|
||||
saveStatus = KeSaveFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
#endif
|
||||
/* If the key is longer than the hash algorithm block size,
|
||||
let key = blake2s(key), as per HMAC specifications. */
|
||||
if (lk > BLAKE2S_BLOCKSIZE)
|
||||
{
|
||||
RMD160_CTX tctx;
|
||||
blake2s_state tctx;
|
||||
|
||||
RMD160Init(&tctx);
|
||||
RMD160Update(&tctx, (const unsigned char *) key, keylen);
|
||||
RMD160Final(tk, &tctx);
|
||||
blake2s_init (&tctx);
|
||||
blake2s_update (&tctx, k, lk);
|
||||
blake2s_final (&tctx, (unsigned char *) key);
|
||||
|
||||
key = (char *) tk;
|
||||
keylen = RIPEMD160_DIGESTSIZE;
|
||||
k = key;
|
||||
lk = BLAKE2S_DIGESTSIZE;
|
||||
|
||||
burn (&tctx, sizeof(tctx)); // Prevent leaks
|
||||
}
|
||||
burn (&tctx, sizeof(tctx)); // Prevent leaks
|
||||
}
|
||||
|
||||
/**** Precompute HMAC Inner Digest ****/
|
||||
|
||||
/* perform inner RIPEMD-160 */
|
||||
ctx = &(hmac.inner_digest_ctx);
|
||||
/* start out by storing key in pads */
|
||||
memset(k_pad, 0x36, 64);
|
||||
/* XOR key with ipad and opad values */
|
||||
for (i=0; i<keylen; i++)
|
||||
{
|
||||
k_pad[i] ^= key[i];
|
||||
}
|
||||
blake2s_init (ctx);
|
||||
|
||||
RMD160Init(ctx); /* init context for 1st pass */
|
||||
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
|
||||
/* Pad the key for inner digest */
|
||||
for (b = 0; b < lk; ++b)
|
||||
buf[b] = (char) (k[b] ^ 0x36);
|
||||
memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk);
|
||||
|
||||
blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
|
||||
|
||||
/**** Precompute HMAC Outer Digest ****/
|
||||
|
||||
/* perform outer RIPEMD-160 */
|
||||
ctx = &(hmac.outer_digest_ctx);
|
||||
memset(k_pad, 0x5c, 64);
|
||||
for (i=0; i<keylen; i++)
|
||||
{
|
||||
k_pad[i] ^= key[i];
|
||||
}
|
||||
blake2s_init (ctx);
|
||||
|
||||
RMD160Init(ctx); /* init context for 2nd pass */
|
||||
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
|
||||
for (b = 0; b < lk; ++b)
|
||||
buf[b] = (char) (k[b] ^ 0x5C);
|
||||
memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk);
|
||||
|
||||
hmac_ripemd160_internal (input_digest, len, &hmac);
|
||||
blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
|
||||
|
||||
burn (&hmac, sizeof(hmac));
|
||||
burn (tk, sizeof(tk));
|
||||
hmac_blake2s_internal(d, ld, &hmac);
|
||||
|
||||
#if defined (DEVICE_DRIVER)
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
#ifdef _WIN64
|
||||
KeRestoreExtendedProcessorStateVC(&SaveState);
|
||||
#else
|
||||
KeRestoreFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Prevent leaks */
|
||||
burn(&hmac, sizeof(hmac));
|
||||
burn(key, sizeof(key));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int b, hmac_ripemd160_ctx* hmac)
|
||||
static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
|
||||
{
|
||||
char* k = hmac->k;
|
||||
char* u = hmac->u;
|
||||
uint32 c;
|
||||
int i;
|
||||
int i;
|
||||
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
/* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
|
||||
@@ -653,11 +684,11 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
|
||||
c = iterations >> 16;
|
||||
i = ((int) iterations) & 0x01;
|
||||
if (i)
|
||||
c = (c == 0)? 327661 : c << 11;
|
||||
c = (c == 0)? 200000 : c << 11;
|
||||
else
|
||||
c = (c == 0)? 655331 : 15000 + c * 1000;
|
||||
c = (c == 0)? 500000 : 15000 + c * 1000;
|
||||
#else
|
||||
c = iterations;
|
||||
c = iterations;
|
||||
#endif
|
||||
|
||||
/* iteration 1 */
|
||||
@@ -665,7 +696,7 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
|
||||
|
||||
/* big-endian block number */
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256*/
|
||||
/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */
|
||||
memset (&k[salt_len], 0, 3);
|
||||
k[salt_len + 3] = (char) b;
|
||||
#else
|
||||
@@ -673,14 +704,14 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
|
||||
memcpy (&k[salt_len], &b, 4);
|
||||
#endif
|
||||
|
||||
hmac_ripemd160_internal (k, salt_len + 4, hmac);
|
||||
memcpy (u, k, RIPEMD160_DIGESTSIZE);
|
||||
hmac_blake2s_internal (k, salt_len + 4, hmac);
|
||||
memcpy (u, k, BLAKE2S_DIGESTSIZE);
|
||||
|
||||
/* remaining iterations */
|
||||
while ( c > 1)
|
||||
while (c > 1)
|
||||
{
|
||||
hmac_ripemd160_internal (k, RIPEMD160_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
|
||||
hmac_blake2s_internal (k, BLAKE2S_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < BLAKE2S_DIGESTSIZE; i++)
|
||||
{
|
||||
u[i] ^= k[i];
|
||||
}
|
||||
@@ -688,86 +719,107 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
|
||||
}
|
||||
}
|
||||
|
||||
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
|
||||
|
||||
void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
|
||||
{
|
||||
hmac_blake2s_ctx hmac;
|
||||
blake2s_state* ctx;
|
||||
char* buf = hmac.k;
|
||||
int b, l, r;
|
||||
hmac_ripemd160_ctx hmac;
|
||||
RMD160_CTX* ctx;
|
||||
unsigned char* k_pad = (unsigned char*) hmac.k;
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
unsigned char tk[RIPEMD160_DIGESTSIZE];
|
||||
char key[BLAKE2S_DIGESTSIZE];
|
||||
#if defined (DEVICE_DRIVER)
|
||||
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
|
||||
#ifdef _WIN64
|
||||
XSTATE_SAVE SaveState;
|
||||
if (IsCpuIntel() && HasSAVX())
|
||||
saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
|
||||
#else
|
||||
KFLOATING_SAVE floatingPointState;
|
||||
if (HasSSE2())
|
||||
saveStatus = KeSaveFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
#endif
|
||||
/* If the password is longer than the hash algorithm block size,
|
||||
let password = ripemd160(password), as per HMAC specifications. */
|
||||
if (pwd_len > RIPEMD160_BLOCKSIZE)
|
||||
let pwd = blake2s(pwd), as per HMAC specifications. */
|
||||
if (pwd_len > BLAKE2S_BLOCKSIZE)
|
||||
{
|
||||
RMD160_CTX tctx;
|
||||
blake2s_state tctx;
|
||||
|
||||
RMD160Init(&tctx);
|
||||
RMD160Update(&tctx, (const unsigned char *) pwd, pwd_len);
|
||||
RMD160Final(tk, &tctx);
|
||||
blake2s_init (&tctx);
|
||||
blake2s_update (&tctx, pwd, pwd_len);
|
||||
blake2s_final (&tctx, (unsigned char *) key);
|
||||
|
||||
pwd = (char *) tk;
|
||||
pwd_len = RIPEMD160_DIGESTSIZE;
|
||||
pwd = key;
|
||||
pwd_len = SHA256_DIGESTSIZE;
|
||||
|
||||
burn (&tctx, sizeof(tctx)); // Prevent leaks
|
||||
}
|
||||
burn (&tctx, sizeof(tctx)); // Prevent leaks
|
||||
}
|
||||
#endif
|
||||
|
||||
if (dklen % RIPEMD160_DIGESTSIZE)
|
||||
if (dklen % BLAKE2S_DIGESTSIZE)
|
||||
{
|
||||
l = 1 + dklen / RIPEMD160_DIGESTSIZE;
|
||||
l = 1 + dklen / BLAKE2S_DIGESTSIZE;
|
||||
}
|
||||
else
|
||||
{
|
||||
l = dklen / RIPEMD160_DIGESTSIZE;
|
||||
l = dklen / BLAKE2S_DIGESTSIZE;
|
||||
}
|
||||
|
||||
r = dklen - (l - 1) * RIPEMD160_DIGESTSIZE;
|
||||
r = dklen - (l - 1) * BLAKE2S_DIGESTSIZE;
|
||||
|
||||
/**** Precompute HMAC Inner Digest ****/
|
||||
|
||||
/* perform inner RIPEMD-160 */
|
||||
ctx = &(hmac.inner_digest_ctx);
|
||||
/* start out by storing key in pads */
|
||||
memset(k_pad, 0x36, 64);
|
||||
/* XOR key with ipad and opad values */
|
||||
for (b=0; b<pwd_len; b++)
|
||||
{
|
||||
k_pad[b] ^= pwd[b];
|
||||
}
|
||||
blake2s_init (ctx);
|
||||
|
||||
RMD160Init(ctx); /* init context for 1st pass */
|
||||
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
|
||||
/* Pad the key for inner digest */
|
||||
for (b = 0; b < pwd_len; ++b)
|
||||
buf[b] = (char) (pwd[b] ^ 0x36);
|
||||
memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len);
|
||||
|
||||
blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
|
||||
|
||||
/**** Precompute HMAC Outer Digest ****/
|
||||
|
||||
/* perform outer RIPEMD-160 */
|
||||
ctx = &(hmac.outer_digest_ctx);
|
||||
memset(k_pad, 0x5c, 64);
|
||||
for (b=0; b<pwd_len; b++)
|
||||
{
|
||||
k_pad[b] ^= pwd[b];
|
||||
}
|
||||
blake2s_init (ctx);
|
||||
|
||||
RMD160Init(ctx); /* init context for 2nd pass */
|
||||
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
|
||||
for (b = 0; b < pwd_len; ++b)
|
||||
buf[b] = (char) (pwd[b] ^ 0x5C);
|
||||
memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len);
|
||||
|
||||
blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
|
||||
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
|
||||
memcpy (dk, hmac.u, RIPEMD160_DIGESTSIZE);
|
||||
dk += RIPEMD160_DIGESTSIZE;
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
|
||||
memcpy (dk, hmac.u, BLAKE2S_DIGESTSIZE);
|
||||
dk += BLAKE2S_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
#if defined (DEVICE_DRIVER)
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
#ifdef _WIN64
|
||||
KeRestoreExtendedProcessorStateVC(&SaveState);
|
||||
#else
|
||||
KeRestoreFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
burn (tk, sizeof(tk));
|
||||
burn (key, sizeof(key));
|
||||
#endif
|
||||
}
|
||||
#endif // TC_WINDOWS_BOOT
|
||||
|
||||
#endif
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
|
||||
@@ -1210,8 +1262,8 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id)
|
||||
case SHA256:
|
||||
return L"HMAC-SHA-256";
|
||||
|
||||
case RIPEMD160:
|
||||
return L"HMAC-RIPEMD-160";
|
||||
case BLAKE2S:
|
||||
return L"HMAC-BLAKE2s";
|
||||
|
||||
case WHIRLPOOL:
|
||||
return L"HMAC-Whirlpool";
|
||||
@@ -1238,11 +1290,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
|
||||
switch (pkcs5_prf_id)
|
||||
{
|
||||
|
||||
case RIPEMD160:
|
||||
case BLAKE2S:
|
||||
if (truecryptMode)
|
||||
return bBoot ? 1000 : 2000;
|
||||
return 0; // BLAKE2s not supported by TrueCrypt
|
||||
else if (pim == 0)
|
||||
return bBoot? 327661 : 655331;
|
||||
return bBoot? 200000 : 500000;
|
||||
else
|
||||
{
|
||||
return bBoot? pim * 2048 : 15000 + pim * 1000;
|
||||
@@ -1290,14 +1342,14 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE
|
||||
if (truecryptMode)
|
||||
{
|
||||
if ( (bootType == PRF_BOOT_GPT)
|
||||
|| (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160)
|
||||
|| (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL && pkcs5_prf_id != RIPEMD160)
|
||||
|| (bootType == PRF_BOOT_MBR)
|
||||
|| (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL)
|
||||
)
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160 && pkcs5_prf_id != SHA256)
|
||||
if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256)
|
||||
|| (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID))
|
||||
)
|
||||
return 0;
|
||||
|
||||
@@ -20,9 +20,9 @@
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
/* output written to input_digest which must be at lease 20 bytes long */
|
||||
void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len);
|
||||
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
|
||||
/* output written to input_digest which must be at lease 32 bytes long */
|
||||
void hmac_blake2s (char *key, int keylen, char *input_digest, int len);
|
||||
void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
|
||||
|
||||
/* output written to d which must be at lease 32 bytes long */
|
||||
void hmac_sha256 (char *k, int lk, char *d, int ld);
|
||||
|
||||
@@ -263,7 +263,7 @@ BOOL Randmix ()
|
||||
{
|
||||
unsigned char hashOutputBuffer [MAX_DIGESTSIZE];
|
||||
WHIRLPOOL_CTX wctx;
|
||||
RMD160_CTX rctx;
|
||||
blake2s_state bctx;
|
||||
sha512_ctx sctx;
|
||||
sha256_ctx s256ctx;
|
||||
STREEBOG_CTX stctx;
|
||||
@@ -271,8 +271,8 @@ BOOL Randmix ()
|
||||
|
||||
switch (HashFunction)
|
||||
{
|
||||
case RIPEMD160:
|
||||
digestSize = RIPEMD160_DIGESTSIZE;
|
||||
case BLAKE2S:
|
||||
digestSize = BLAKE2S_DIGESTSIZE;
|
||||
break;
|
||||
|
||||
case SHA512:
|
||||
@@ -303,10 +303,10 @@ BOOL Randmix ()
|
||||
/* Compute the message digest of the entire pool using the selected hash function. */
|
||||
switch (HashFunction)
|
||||
{
|
||||
case RIPEMD160:
|
||||
RMD160Init(&rctx);
|
||||
RMD160Update(&rctx, pRandPool, RNG_POOL_SIZE);
|
||||
RMD160Final(hashOutputBuffer, &rctx);
|
||||
case BLAKE2S:
|
||||
blake2s_init(&bctx);
|
||||
blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
|
||||
blake2s_final(&bctx, hashOutputBuffer);
|
||||
break;
|
||||
|
||||
case SHA512:
|
||||
@@ -349,8 +349,8 @@ BOOL Randmix ()
|
||||
burn (hashOutputBuffer, MAX_DIGESTSIZE);
|
||||
switch (HashFunction)
|
||||
{
|
||||
case RIPEMD160:
|
||||
burn (&rctx, sizeof(rctx));
|
||||
case BLAKE2S:
|
||||
burn (&bctx, sizeof(bctx));
|
||||
break;
|
||||
|
||||
case SHA512:
|
||||
|
||||
@@ -21,7 +21,7 @@ extern "C" {
|
||||
/* RNG defines & pool pointers */
|
||||
#define RNG_POOL_SIZE 320 // Must be divisible by the size of the output of each of the implemented hash functions. (in bytes)
|
||||
|
||||
#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % RIPEMD160_DIGESTSIZE
|
||||
#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % BLAKE2S_DIGESTSIZE
|
||||
#error RNG_POOL_SIZE must be divisible by the size of the output of each of the implemented hash functions.
|
||||
#endif
|
||||
|
||||
|
||||
@@ -52,6 +52,10 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
|
||||
|
||||
#endif // defined(_UEFI)
|
||||
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
#include <stddef.h>
|
||||
#endif
|
||||
|
||||
#define TC_APP_NAME "VeraCrypt"
|
||||
|
||||
// Version displayed to user
|
||||
@@ -92,6 +96,7 @@ typedef __int8 int8;
|
||||
typedef __int16 int16;
|
||||
typedef __int32 int32;
|
||||
typedef unsigned __int8 byte;
|
||||
typedef unsigned __int8 uint8;
|
||||
typedef unsigned __int16 uint16;
|
||||
typedef unsigned __int32 uint32;
|
||||
|
||||
@@ -118,6 +123,7 @@ typedef int16_t int16;
|
||||
typedef int32_t int32;
|
||||
typedef int64_t int64;
|
||||
typedef uint8_t byte;
|
||||
typedef uint8_t uint8;
|
||||
typedef uint16_t uint16;
|
||||
typedef uint32_t uint32;
|
||||
typedef uint64_t uint64;
|
||||
|
||||
@@ -374,27 +374,6 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = {
|
||||
0xAD, 0x5C, 0x4D, 0x84
|
||||
}
|
||||
};
|
||||
#if defined(CIPHER_GOST89)
|
||||
// GOST89 ECB test vectors
|
||||
#define GOST89_TEST_COUNT 1
|
||||
|
||||
typedef struct {
|
||||
unsigned char key[32];
|
||||
unsigned char plaintext[16];
|
||||
unsigned char ciphertext[16];
|
||||
} GOST89_TEST;
|
||||
|
||||
GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = {
|
||||
{
|
||||
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44,
|
||||
0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
|
||||
0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98,
|
||||
0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
|
||||
0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF,
|
||||
0x02, 0x9D, 0xBD, 0x9F
|
||||
}
|
||||
};
|
||||
#endif
|
||||
|
||||
// Kuznyechik ECB test vectors
|
||||
#define KUZNYECHIK_TEST_COUNT 4
|
||||
@@ -503,22 +482,34 @@ char *hmac_sha512_test_vectors[] =
|
||||
"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
|
||||
};
|
||||
|
||||
char *hmac_ripemd160_test_keys[] =
|
||||
char *hmac_blake2s_test_keys[] =
|
||||
{
|
||||
"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",
|
||||
"\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33",
|
||||
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
|
||||
"Jefe",
|
||||
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
|
||||
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
|
||||
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
|
||||
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
|
||||
};
|
||||
|
||||
char *hmac_ripemd160_test_data[] =
|
||||
char *hmac_blake2s_test_data[] =
|
||||
{
|
||||
"message digest",
|
||||
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
|
||||
"Hi There",
|
||||
"what do ya want for nothing?",
|
||||
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
|
||||
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
|
||||
"Test Using Larger Than Block-Size Key - Hash Key First",
|
||||
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
|
||||
};
|
||||
|
||||
char *hmac_ripemd160_test_vectors[] =
|
||||
char *hmac_blake2s_test_vectors[] =
|
||||
{
|
||||
"\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34",
|
||||
"\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9",
|
||||
"\x65\xa8\xb7\xc5\xcc\x91\x36\xd4\x24\xe8\x2c\x37\xe2\x70\x7e\x74\xe9\x13\xc0\x65\x5b\x99\xc7\x5f\x40\xed\xf3\x87\x45\x3a\x32\x60",
|
||||
"\x90\xb6\x28\x1e\x2f\x30\x38\xc9\x05\x6a\xf0\xb4\xa7\xe7\x63\xca\xe6\xfe\x5d\x9e\xb4\x38\x6a\x0e\xc9\x52\x37\x89\x0c\x10\x4f\xf0",
|
||||
"\xfc\xc4\xf5\x95\x29\x50\x2e\x34\xc3\xd8\xda\x3f\xfd\xab\x82\x96\x6a\x2c\xb6\x37\xff\x5e\x9b\xd7\x01\x13\x5c\x2e\x94\x69\xe7\x90",
|
||||
"\x46\x44\x34\xdc\xbe\xce\x09\x5d\x45\x6a\x1d\x62\xd6\xec\x56\xf8\x98\xe6\x25\xa3\x9e\x5c\x52\xbd\xf9\x4d\xaf\x11\x1b\xad\x83\xaa",
|
||||
"\xd2\x3d\x79\x39\x4f\x53\xd5\x36\xa0\x96\xe6\x51\x44\x47\xee\xaa\xbb\x05\xde\xd0\x1b\xe3\x2c\x19\x37\xda\x6a\x8f\x71\x03\xbc\x4e",
|
||||
"\xcb\x60\xf6\xa7\x91\xf1\x40\xbf\x8a\xa2\xe5\x1f\xf3\x58\xcd\xb2\xcc\x5c\x03\x33\x04\x5b\x7f\xb7\x7a\xba\x7a\xb3\xb0\xcf\xb2\x37",
|
||||
};
|
||||
|
||||
char *hmac_whirlpool_test_key =
|
||||
@@ -628,6 +619,32 @@ HashTestVector Streebog512TestVectors[] = {
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
/* https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt */
|
||||
HashTestVector Blake2sTestVectors[] = {
|
||||
{"",
|
||||
"69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9"
|
||||
},
|
||||
{"61",
|
||||
"4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90"
|
||||
},
|
||||
{"616263",
|
||||
"508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982"
|
||||
},
|
||||
{"6d65737361676520646967657374",
|
||||
"fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c"
|
||||
},
|
||||
{"6162636465666768696a6b6c6d6e6f707172737475767778797a",
|
||||
"bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12"
|
||||
},
|
||||
{"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839",
|
||||
"c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b"
|
||||
},
|
||||
{"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930",
|
||||
"fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66"
|
||||
},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
unsigned char ks_tmp[MAX_EXPANDED_KEY];
|
||||
|
||||
void CipherInit2(int cipher, void* key, void* ks, int key_len)
|
||||
@@ -650,11 +667,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
|
||||
case CAMELLIA:
|
||||
CipherInit(cipher,key,ks);
|
||||
break;
|
||||
#if defined(CIPHER_GOST89)
|
||||
case GOST89:
|
||||
CipherInit(cipher,key,ks);
|
||||
break;
|
||||
#endif // defined(CIPHER_GOST89)
|
||||
case KUZNYECHIK:
|
||||
CipherInit(cipher, key, ks);
|
||||
break;
|
||||
@@ -850,34 +862,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
|
||||
break;
|
||||
}
|
||||
}
|
||||
#if defined(CIPHER_GOST89)
|
||||
else if (wcscmp (name, L"GOST89") == 0)
|
||||
{
|
||||
switch (testCase)
|
||||
{
|
||||
case 0:
|
||||
if (crc != 0x12194ef5)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
break;
|
||||
case 1:
|
||||
if (crc != 0xda8d429b)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
break;
|
||||
case 2:
|
||||
if (crc != 0xdbf0b12e)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
break;
|
||||
case 3:
|
||||
if (crc != 0xb986eb4a)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
else if (wcscmp (name, L"Kuznyechik") == 0)
|
||||
{
|
||||
switch (testCase)
|
||||
@@ -1234,14 +1218,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
}
|
||||
#if defined(CIPHER_GOST89)
|
||||
else if (wcscmp (name, L"GOST89") == 0)
|
||||
{
|
||||
if (crc != 0x9e8653cb)
|
||||
return FALSE;
|
||||
nTestsPerformed++;
|
||||
}
|
||||
#endif
|
||||
else if (wcscmp (name, L"Kuznyechik") == 0)
|
||||
{
|
||||
if (crc != 0xd6d39cdb)
|
||||
@@ -1319,11 +1295,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
|
||||
|
||||
nTestsPerformed++;
|
||||
}
|
||||
#if defined(CIPHER_GOST89)
|
||||
return (nTestsPerformed == 160);
|
||||
#else
|
||||
return (nTestsPerformed == 155);
|
||||
#endif
|
||||
return (nTestsPerformed == 150);
|
||||
}
|
||||
|
||||
static BOOL DoAutoTestAlgorithms (void)
|
||||
@@ -1466,28 +1438,6 @@ static BOOL DoAutoTestAlgorithms (void)
|
||||
if (i != KUZNYECHIK_TEST_COUNT)
|
||||
bFailed = TRUE;
|
||||
|
||||
#if defined(CIPHER_GOST89)
|
||||
/* GOST89 */
|
||||
|
||||
for (i = 0; i < GOST89_TEST_COUNT; i++)
|
||||
{
|
||||
int cipher = GOST89;
|
||||
memcpy(key, gost89_vectors[i].key, 32);
|
||||
memcpy(tmp, gost89_vectors[i].plaintext, 16);
|
||||
gost_set_key(key, (gost_kds*)ks_tmp, 0);
|
||||
|
||||
EncipherBlock(cipher, tmp, ks_tmp);
|
||||
if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0)
|
||||
break;
|
||||
|
||||
DecipherBlock(cipher, tmp, ks_tmp);
|
||||
if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0)
|
||||
break;
|
||||
}
|
||||
if (i != GOST89_TEST_COUNT)
|
||||
bFailed = TRUE;
|
||||
#endif
|
||||
|
||||
/* PKCS #5 and HMACs */
|
||||
if (!test_pkcs5 ())
|
||||
bFailed = TRUE;
|
||||
@@ -1599,23 +1549,29 @@ BOOL test_hmac_sha512 ()
|
||||
return (nTestsPerformed == 6);
|
||||
}
|
||||
|
||||
BOOL test_hmac_ripemd160 ()
|
||||
BOOL test_hmac_blake2s ()
|
||||
{
|
||||
int nTestsPerformed = 0;
|
||||
unsigned int i;
|
||||
int nTestsPerformed = 0;
|
||||
|
||||
for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++)
|
||||
for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++)
|
||||
{
|
||||
char digest[1024]; /* large enough to hold digets and test vector inputs */
|
||||
memcpy (digest, hmac_ripemd160_test_data[i], strlen (hmac_ripemd160_test_data[i]));
|
||||
hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, digest, (int) strlen (hmac_ripemd160_test_data[i]));
|
||||
if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0)
|
||||
memcpy (digest, hmac_blake2s_test_data[i], strlen (hmac_blake2s_test_data[i]));
|
||||
hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) strlen (hmac_blake2s_test_data[i]));
|
||||
if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
|
||||
return FALSE;
|
||||
else
|
||||
nTestsPerformed++;
|
||||
}
|
||||
|
||||
return (nTestsPerformed == 2);
|
||||
return (nTestsPerformed == 6);
|
||||
}
|
||||
|
||||
int __cdecl Blake2sHash (unsigned char* input, unsigned long inputLen, unsigned char* output)
|
||||
{
|
||||
blake2s(output, input, (size_t) inputLen);
|
||||
return BLAKE2S_DIGESTSIZE;
|
||||
}
|
||||
|
||||
BOOL test_hmac_whirlpool ()
|
||||
@@ -1686,8 +1642,12 @@ BOOL test_pkcs5 ()
|
||||
if (!test_hmac_sha512())
|
||||
return FALSE;
|
||||
|
||||
/* HMAC-RIPEMD-160 tests */
|
||||
if (test_hmac_ripemd160() == FALSE)
|
||||
/* HMAC-BLAKE2s tests */
|
||||
if (test_hmac_blake2s() == FALSE)
|
||||
return FALSE;
|
||||
|
||||
/* Blake2s hash tests */
|
||||
if (RunHashTest (Blake2sHash, Blake2sTestVectors, (HasSSE2())? TRUE : FALSE) == FALSE)
|
||||
return FALSE;
|
||||
|
||||
/* HMAC-Whirlpool tests */
|
||||
@@ -1733,14 +1693,14 @@ BOOL test_pkcs5 ()
|
||||
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
|
||||
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
|
||||
/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
|
||||
derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
|
||||
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
|
||||
/* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
|
||||
if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */
|
||||
|
||||
@@ -19,7 +19,7 @@ extern unsigned char ks_tmp[MAX_EXPANDED_KEY];
|
||||
|
||||
void CipherInit2(int cipher, void* key, void* ks, int key_len);
|
||||
BOOL test_hmac_sha512 (void);
|
||||
BOOL test_hmac_ripemd160 (void);
|
||||
BOOL test_hmac_blake2s (void);
|
||||
BOOL test_hmac_whirlpool (void);
|
||||
BOOL test_pkcs5 (void);
|
||||
BOOL TestSectorBufEncryption ();
|
||||
|
||||
@@ -27,6 +27,8 @@
|
||||
|
||||
#ifndef DEVICE_DRIVER
|
||||
#include "Random.h"
|
||||
#else
|
||||
#include "cpu.h"
|
||||
#endif
|
||||
#endif // !defined(_UEFI)
|
||||
|
||||
@@ -378,8 +380,8 @@ KeyReady: ;
|
||||
|
||||
switch (pkcs5_prf)
|
||||
{
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
@@ -577,12 +579,22 @@ KeyReady: ;
|
||||
memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
|
||||
#ifdef TC_WINDOWS_DRIVER
|
||||
{
|
||||
RMD160_CTX ctx;
|
||||
RMD160Init (&ctx);
|
||||
RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
|
||||
RMD160Update (&ctx, header, sizeof(header));
|
||||
RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
|
||||
blake2s_state ctx;
|
||||
#ifndef _WIN64
|
||||
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
|
||||
KFLOATING_SAVE floatingPointState;
|
||||
if (HasSSE2())
|
||||
saveStatus = KeSaveFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
blake2s_init (&ctx);
|
||||
blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
|
||||
blake2s_update (&ctx, header, sizeof(header));
|
||||
blake2s_final (&ctx, cryptoInfo->master_keydata_hash);
|
||||
burn(&ctx, sizeof (ctx));
|
||||
#ifndef _WIN64
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
KeRestoreFloatingPointState (&floatingPointState);
|
||||
#endif
|
||||
}
|
||||
#else
|
||||
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
|
||||
@@ -709,7 +721,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
|
||||
#else
|
||||
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
derive_key_blake2s (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
|
||||
#endif
|
||||
|
||||
@@ -792,7 +804,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
|
||||
#ifdef TC_WINDOWS_BOOT_SHA2
|
||||
cryptoInfo->pkcs5 = SHA256;
|
||||
#else
|
||||
cryptoInfo->pkcs5 = RIPEMD160;
|
||||
cryptoInfo->pkcs5 = BLAKE2S;
|
||||
#endif
|
||||
|
||||
memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk));
|
||||
@@ -981,8 +993,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user