Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Implement support for creating and booting encrypted partition using SHA-256. Support SHA-256 for normal volumes as well.

Browse Source
This commit is contained in:
Mounir IDRASSI
2014-10-14 17:14:54 +02:00
parent f38cf0b694
commit 68f16dae24
9 changed files with 137 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Common/Apidrvr.h
View File

@@ -241,6 +241,7 @@ typedef struct
typedef struct typedef struct
{ {
char BootEncryptionAlgorithmName[256]; char BootEncryptionAlgorithmName[256];
char BootPrfAlgorithmName[256];
} GetBootEncryptionAlgorithmNameRequest; } GetBootEncryptionAlgorithmNameRequest;
typedef struct typedef struct

64
src/Common/BootEncryption.cpp
View File

@@ -375,6 +375,7 @@ namespace VeraCrypt
RescueIsoImage (nullptr), RescueIsoImage (nullptr),
RescueVolumeHeaderValid (false), RescueVolumeHeaderValid (false),
SelectedEncryptionAlgorithmId (0), SelectedEncryptionAlgorithmId (0),
SelectedPrfAlgorithmId (0),
VolumeHeaderValid (false) VolumeHeaderValid (false)
{ {
HiddenOSCandidatePartition.IsGPT = FALSE; HiddenOSCandidatePartition.IsGPT = FALSE;
@@ -975,11 +976,16 @@ namespace VeraCrypt
ZeroMemory (buffer, bufferSize); ZeroMemory (buffer, bufferSize);
int ea = 0; int ea = 0;
int pkcs5_prf = 0;
if (GetStatus().DriveMounted) if (GetStatus().DriveMounted)
{ {
try try
{ {
GetBootEncryptionAlgorithmNameRequest request; GetBootEncryptionAlgorithmNameRequest request;
// since we added new field to GetBootEncryptionAlgorithmNameRequest since version 1.0f
// we zero all the structure so that if we are talking to an older driver, the field
// BootPrfAlgorithmName will be an empty string
ZeroMemory(&request, sizeof(request));
CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME, NULL, 0, &request, sizeof (request)); CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME, NULL, 0, &request, sizeof (request));
if (_stricmp (request.BootEncryptionAlgorithmName, "AES") == 0) if (_stricmp (request.BootEncryptionAlgorithmName, "AES") == 0)
@@ -988,6 +994,13 @@ namespace VeraCrypt
ea = SERPENT; ea = SERPENT;
else if (_stricmp (request.BootEncryptionAlgorithmName, "Twofish") == 0) else if (_stricmp (request.BootEncryptionAlgorithmName, "Twofish") == 0)
ea = TWOFISH; ea = TWOFISH;
if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
pkcs5_prf = SHA256;
else if (_stricmp(request.BootPrfAlgorithmName, "RIPEMD-160") == 0)
pkcs5_prf = RIPEMD160;
else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
pkcs5_prf = RIPEMD160;
} }
catch (...) catch (...)
{ {
@@ -996,36 +1009,77 @@ namespace VeraCrypt
VOLUME_PROPERTIES_STRUCT properties; VOLUME_PROPERTIES_STRUCT properties;
GetVolumeProperties (&properties); GetVolumeProperties (&properties);
ea = properties.ea; ea = properties.ea;
pkcs5_prf = properties.pkcs5;
} }
catch (...) { } catch (...) { }
} }
} }
else else
{ {
if (SelectedEncryptionAlgorithmId == 0) if (SelectedEncryptionAlgorithmId == 0 || SelectedPrfAlgorithmId == 0)
throw ParameterIncorrect (SRC_POS); throw ParameterIncorrect (SRC_POS);
ea = SelectedEncryptionAlgorithmId; ea = SelectedEncryptionAlgorithmId;
pkcs5_prf = SelectedPrfAlgorithmId;
} }
int bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR : IDR_BOOT_SECTOR; // Only RIPEMD160 and SHA-256 are supported for boot loader
int bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER : IDR_BOOT_LOADER; if (pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
throw ParameterIncorrect (SRC_POS);
int bootSectorId = 0;
int bootLoaderId = 0;
if (pkcs5_prf == SHA256)
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SHA2 : IDR_BOOT_SECTOR_SHA2;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SHA2 : IDR_BOOT_LOADER_SHA2;
}
else
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR : IDR_BOOT_SECTOR;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER : IDR_BOOT_LOADER;
}
switch (ea) switch (ea)
{ {
case AES: case AES:
if (pkcs5_prf == SHA256)
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES_SHA2 : IDR_BOOT_SECTOR_AES_SHA2;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES_SHA2 : IDR_BOOT_LOADER_AES_SHA2;
}
else
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES : IDR_BOOT_SECTOR_AES; bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_AES : IDR_BOOT_SECTOR_AES;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES : IDR_BOOT_LOADER_AES; bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_AES : IDR_BOOT_LOADER_AES;
}
break; break;
case SERPENT: case SERPENT:
if (pkcs5_prf == SHA256)
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT_SHA2 : IDR_BOOT_SECTOR_SERPENT_SHA2;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT_SHA2 : IDR_BOOT_LOADER_SERPENT_SHA2;
}
else
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT : IDR_BOOT_SECTOR_SERPENT; bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_SERPENT : IDR_BOOT_SECTOR_SERPENT;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT : IDR_BOOT_LOADER_SERPENT; bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_SERPENT : IDR_BOOT_LOADER_SERPENT;
}
break; break;
case TWOFISH: case TWOFISH:
if (pkcs5_prf == SHA256)
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH_SHA2 : IDR_BOOT_SECTOR_TWOFISH_SHA2;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH_SHA2 : IDR_BOOT_LOADER_TWOFISH_SHA2;
}
else
{
bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH : IDR_BOOT_SECTOR_TWOFISH; bootSectorId = rescueDisk ? IDR_RESCUE_BOOT_SECTOR_TWOFISH : IDR_BOOT_SECTOR_TWOFISH;
bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH : IDR_BOOT_LOADER_TWOFISH; bootLoaderId = rescueDisk ? IDR_RESCUE_LOADER_TWOFISH : IDR_BOOT_LOADER_TWOFISH;
}
break; break;
} }
@@ -1084,7 +1138,7 @@ namespace VeraCrypt
buffer[TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE; buffer[TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_BACKUP_LOADER_AVAILABLE;
} }
else if (!rescueDisk && bootLoaderId != IDR_BOOT_LOADER) else if (!rescueDisk && bootLoaderId != IDR_BOOT_LOADER && bootLoaderId != IDR_BOOT_LOADER_SHA2)
{ {
throw ParameterIncorrect (SRC_POS); throw ParameterIncorrect (SRC_POS);
} }
@@ -2253,6 +2307,7 @@ namespace VeraCrypt
BackupSystemLoader(); BackupSystemLoader();
SelectedEncryptionAlgorithmId = ea; SelectedEncryptionAlgorithmId = ea;
SelectedPrfAlgorithmId = pkcs5;
} }
@@ -2307,6 +2362,7 @@ namespace VeraCrypt
} }
SelectedEncryptionAlgorithmId = ea; SelectedEncryptionAlgorithmId = ea;
SelectedPrfAlgorithmId = pkcs5;
CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5); CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5);
if (!rescueIsoImagePath.empty()) if (!rescueIsoImagePath.empty())

1
src/Common/BootEncryption.h
View File

@@ -215,6 +215,7 @@ namespace VeraCrypt
HWND ParentWindow; HWND ParentWindow;
SystemDriveConfiguration DriveConfig; SystemDriveConfiguration DriveConfig;
int SelectedEncryptionAlgorithmId; int SelectedEncryptionAlgorithmId;
int SelectedPrfAlgorithmId;
Partition HiddenOSCandidatePartition; Partition HiddenOSCandidatePartition;
byte *RescueIsoImage; byte *RescueIsoImage;
byte RescueVolumeHeader[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; byte RescueVolumeHeader[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];

20
src/Common/Common.rc
View File

@@ -449,6 +449,17 @@ IDR_BOOT_LOADER BIN "..\\Boot\\Windows\\Release\\Boo
IDR_BOOT_LOADER_AES BIN "..\\Boot\\Windows\\Release_AES\\BootLoader.com.gz" IDR_BOOT_LOADER_AES BIN "..\\Boot\\Windows\\Release_AES\\BootLoader.com.gz"
IDR_BOOT_LOADER_SERPENT BIN "..\\Boot\\Windows\\Release_Serpent\\BootLoader.com.gz" IDR_BOOT_LOADER_SERPENT BIN "..\\Boot\\Windows\\Release_Serpent\\BootLoader.com.gz"
IDR_BOOT_LOADER_TWOFISH BIN "..\\Boot\\Windows\\Release_Twofish\\BootLoader.com.gz" IDR_BOOT_LOADER_TWOFISH BIN "..\\Boot\\Windows\\Release_Twofish\\BootLoader.com.gz"
IDR_BOOT_SECTOR_SHA2 BIN "..\\Boot\\Windows\\Release_SHA2\\BootSector.bin"
IDR_BOOT_SECTOR_AES_SHA2 BIN "..\\Boot\\Windows\\Release_AES_SHA2\\BootSector.bin"
IDR_BOOT_SECTOR_SERPENT_SHA2 BIN "..\\Boot\\Windows\\Release_Serpent_SHA2\\BootSector.bin"
IDR_BOOT_SECTOR_TWOFISH_SHA2 BIN "..\\Boot\\Windows\\Release_Twofish_SHA2\\BootSector.bin"
IDR_BOOT_LOADER_SHA2 BIN "..\\Boot\\Windows\\Release_SHA2\\BootLoader.com.gz"
IDR_BOOT_LOADER_AES_SHA2 BIN "..\\Boot\\Windows\\Release_AES_SHA2\\BootLoader.com.gz"
IDR_BOOT_LOADER_SERPENT_SHA2 BIN "..\\Boot\\Windows\\Release_Serpent_SHA2\\BootLoader.com.gz"
IDR_BOOT_LOADER_TWOFISH_SHA2 BIN "..\\Boot\\Windows\\Release_Twofish_SHA2\\BootLoader.com.gz"
IDR_RESCUE_BOOT_SECTOR BIN "..\\Boot\\Windows\\Rescue\\BootSector.bin" IDR_RESCUE_BOOT_SECTOR BIN "..\\Boot\\Windows\\Rescue\\BootSector.bin"
IDR_RESCUE_BOOT_SECTOR_AES BIN "..\\Boot\\Windows\\Rescue_AES\\BootSector.bin" IDR_RESCUE_BOOT_SECTOR_AES BIN "..\\Boot\\Windows\\Rescue_AES\\BootSector.bin"
IDR_RESCUE_BOOT_SECTOR_SERPENT BIN "..\\Boot\\Windows\\Rescue_Serpent\\BootSector.bin" IDR_RESCUE_BOOT_SECTOR_SERPENT BIN "..\\Boot\\Windows\\Rescue_Serpent\\BootSector.bin"
@@ -458,6 +469,15 @@ IDR_RESCUE_LOADER_AES BIN "..\\Boot\\Windows\\Rescue_AES\\
IDR_RESCUE_LOADER_SERPENT BIN "..\\Boot\\Windows\\Rescue_Serpent\\BootLoader.com.gz" IDR_RESCUE_LOADER_SERPENT BIN "..\\Boot\\Windows\\Rescue_Serpent\\BootLoader.com.gz"
IDR_RESCUE_LOADER_TWOFISH BIN "..\\Boot\\Windows\\Rescue_Twofish\\BootLoader.com.gz" IDR_RESCUE_LOADER_TWOFISH BIN "..\\Boot\\Windows\\Rescue_Twofish\\BootLoader.com.gz"
IDR_RESCUE_BOOT_SECTOR_SHA2 BIN "..\\Boot\\Windows\\Rescue_SHA2\\BootSector.bin"
IDR_RESCUE_BOOT_SECTOR_AES_SHA2 BIN "..\\Boot\\Windows\\Rescue_AES_SHA2\\BootSector.bin"
IDR_RESCUE_BOOT_SECTOR_SERPENT_SHA2 BIN "..\\Boot\\Windows\\Rescue_Serpent_SHA2\\BootSector.bin"
IDR_RESCUE_BOOT_SECTOR_TWOFISH_SHA2 BIN "..\\Boot\\Windows\\Rescue_Twofish_SHA2\\BootSector.bin"
IDR_RESCUE_LOADER_SHA2 BIN "..\\Boot\\Windows\\Rescue_SHA2\\BootLoader.com.gz"
IDR_RESCUE_LOADER_AES_SHA2 BIN "..\\Boot\\Windows\\Rescue_AES_SHA2\\BootLoader.com.gz"
IDR_RESCUE_LOADER_SERPENT_SHA2 BIN "..\\Boot\\Windows\\Rescue_Serpent_SHA2\\BootLoader.com.gz"
IDR_RESCUE_LOADER_TWOFISH_SHA2 BIN "..\\Boot\\Windows\\Rescue_Twofish_SHA2\\BootLoader.com.gz"
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
// //
// XML // XML

12
src/Common/Dlgcode.c
View File

@@ -4363,6 +4363,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
WHIRLPOOL_CTX wctx; WHIRLPOOL_CTX wctx;
RMD160_CTX rctx; RMD160_CTX rctx;
sha512_ctx s2ctx; sha512_ctx s2ctx;
sha256_ctx s256ctx;
int hid; int hid;
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
@@ -4379,6 +4380,12 @@ static BOOL PerformBenchmark(HWND hwndDlg)
sha512_end ((unsigned char *) digest, &s2ctx); sha512_end ((unsigned char *) digest, &s2ctx);
break; break;
case SHA256:
sha256_begin (&s256ctx);
sha256_hash (lpTestBuffer, benchmarkBufferSize, &s256ctx);
sha256_end ((unsigned char *) digest, &s256ctx);
break;
case RIPEMD160: case RIPEMD160:
RMD160Init(&rctx); RMD160Init(&rctx);
RMD160Update(&rctx, lpTestBuffer, benchmarkBufferSize); RMD160Update(&rctx, lpTestBuffer, benchmarkBufferSize);
@@ -4433,6 +4440,11 @@ static BOOL PerformBenchmark(HWND hwndDlg)
derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break; break;
case SHA256:
/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case RIPEMD160: case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */ /* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);

5
src/Common/EncryptionThreadPool.c
View File

@@ -173,6 +173,11 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize()); workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break; break;
case SHA256:
derive_key_sha256 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
default: default:
TC_THROW_FATAL_EXCEPTION; TC_THROW_FATAL_EXCEPTION;
} }

15
src/Common/Random.c
View File

@@ -210,6 +210,7 @@ BOOL Randmix ()
WHIRLPOOL_CTX wctx; WHIRLPOOL_CTX wctx;
RMD160_CTX rctx; RMD160_CTX rctx;
sha512_ctx sctx; sha512_ctx sctx;
sha256_ctx s256ctx;
int poolIndex, digestIndex, digestSize; int poolIndex, digestIndex, digestSize;
switch (HashFunction) switch (HashFunction)
@@ -222,6 +223,10 @@ BOOL Randmix ()
digestSize = SHA512_DIGESTSIZE; digestSize = SHA512_DIGESTSIZE;
break; break;
case SHA256:
digestSize = SHA256_DIGESTSIZE;
break;
case WHIRLPOOL: case WHIRLPOOL:
digestSize = WHIRLPOOL_DIGESTSIZE; digestSize = WHIRLPOOL_DIGESTSIZE;
break; break;
@@ -250,6 +255,12 @@ BOOL Randmix ()
sha512_end (hashOutputBuffer, &sctx); sha512_end (hashOutputBuffer, &sctx);
break; break;
case SHA256:
sha256_begin (&s256ctx);
sha256_hash (pRandPool, RNG_POOL_SIZE, &s256ctx);
sha256_end (hashOutputBuffer, &s256ctx);
break;
case WHIRLPOOL: case WHIRLPOOL:
WHIRLPOOL_init (&wctx); WHIRLPOOL_init (&wctx);
WHIRLPOOL_add (pRandPool, RNG_POOL_SIZE * 8, &wctx); WHIRLPOOL_add (pRandPool, RNG_POOL_SIZE * 8, &wctx);
@@ -280,6 +291,10 @@ BOOL Randmix ()
burn (&sctx, sizeof(sctx)); burn (&sctx, sizeof(sctx));
break; break;
case SHA256:
burn (&s256ctx, sizeof(s256ctx));
break;
case WHIRLPOOL: case WHIRLPOOL:
burn (&wctx, sizeof(wctx)); burn (&wctx, sizeof(wctx));
break; break;

16
src/Common/Resource.h
View File

@@ -43,6 +43,22 @@
#define IDD_NEW_TOKEN_KEYFILE 539 #define IDD_NEW_TOKEN_KEYFILE 539
#define IDD_RANDOM_POOL_ENRICHMENT 540 #define IDD_RANDOM_POOL_ENRICHMENT 540
#define IDI_TRUECRYPT_MOUNTED_ICON 541 #define IDI_TRUECRYPT_MOUNTED_ICON 541
#define IDR_BOOT_SECTOR_SHA2 542
#define IDR_BOOT_SECTOR_AES_SHA2 543
#define IDR_BOOT_SECTOR_SERPENT_SHA2 544
#define IDR_BOOT_SECTOR_TWOFISH_SHA2 545
#define IDR_BOOT_LOADER_SHA2 546
#define IDR_BOOT_LOADER_AES_SHA2 547
#define IDR_BOOT_LOADER_SERPENT_SHA2 548
#define IDR_BOOT_LOADER_TWOFISH_SHA2 549
#define IDR_RESCUE_BOOT_SECTOR_SHA2 550
#define IDR_RESCUE_BOOT_SECTOR_AES_SHA2 551
#define IDR_RESCUE_BOOT_SECTOR_SERPENT_SHA2 552
#define IDR_RESCUE_BOOT_SECTOR_TWOFISH_SHA2 553
#define IDR_RESCUE_LOADER_SHA2 554
#define IDR_RESCUE_LOADER_AES_SHA2 555
#define IDR_RESCUE_LOADER_SERPENT_SHA2 556
#define IDR_RESCUE_LOADER_TWOFISH_SHA2 557
#define IDC_HW_AES_LABEL_LINK 5000 #define IDC_HW_AES_LABEL_LINK 5000
#define IDC_HW_AES 5001 #define IDC_HW_AES 5001
#define IDC_PARALLELIZATION_LABEL_LINK 5002 #define IDC_PARALLELIZATION_LABEL_LINK 5002

1
src/Driver/DriveFilter.c
View File

@@ -1621,6 +1621,7 @@ void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp)
{ {
GetBootEncryptionAlgorithmNameRequest *request = (GetBootEncryptionAlgorithmNameRequest *) irp->AssociatedIrp.SystemBuffer; GetBootEncryptionAlgorithmNameRequest *request = (GetBootEncryptionAlgorithmNameRequest *) irp->AssociatedIrp.SystemBuffer;
EAGetName (request->BootEncryptionAlgorithmName, BootDriveFilterExtension->Queue.CryptoInfo->ea); EAGetName (request->BootEncryptionAlgorithmName, BootDriveFilterExtension->Queue.CryptoInfo->ea);
HashGetName2 (request->BootPrfAlgorithmName, BootDriveFilterExtension->Queue.CryptoInfo->pkcs5);
irp->IoStatus.Information = sizeof (GetBootEncryptionAlgorithmNameRequest); irp->IoStatus.Information = sizeof (GetBootEncryptionAlgorithmNameRequest);
irp->IoStatus.Status = STATUS_SUCCESS; irp->IoStatus.Status = STATUS_SUCCESS;