Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 11:28:26 -06:00
Code Activity

Remove deprecated/legacy cryptographic algorithms and encryption modes that are never used by VeraCrypt. This will speed up volumes opening in many cases.

Browse Source
This commit is contained in:
Mounir IDRASSI
2014-07-20 05:11:10 +02:00
parent 0594532cf1
commit 75f7808719
21 changed files with 21 additions and 3979 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Common/Apidrvr.h
View File

@@ -133,10 +133,6 @@ typedef struct
BOOL readOnly;
BOOL removable;
BOOL partitionInInactiveSysEncScope;
#if 0
unsigned __int64 volumeCreationTime; // Deprecated in v6.0
unsigned __int64 headerCreationTime; // Deprecated in v6.0
#endif
uint32 volumeHeaderFlags;
unsigned __int64 totalBytesRead;
unsigned __int64 totalBytesWritten;

874
src/Common/Crypto.c
View File

@@ -45,38 +45,27 @@ static Cipher Ciphers[] =
{ AES, "AES", 16, 32, AES_KS },
{ SERPENT, "Serpent", 16, 32, 140*4 },
{ TWOFISH, "Twofish", 16, 32, TWOFISH_KS },
#ifndef TC_WINDOWS_BOOT
{ BLOWFISH, "Blowfish", 8, 56, sizeof (BF_KEY) }, // Deprecated/legacy
{ CAST, "CAST5", 8, 16, sizeof (CAST_KEY) }, // Deprecated/legacy
{ TRIPLEDES,"Triple DES", 8, 8*3, sizeof (TDES_KEY) }, // Deprecated/legacy
#endif
{ 0, 0, 0, 0, 0 }
};
// Encryption algorithm configuration
// The following modes have been deprecated (legacy): LRW, CBC, INNER_CBC, OUTER_CBC
static EncryptionAlgorithm EncryptionAlgorithms[] =
{
// Cipher(s) Modes FormatEnabled
#ifndef TC_WINDOWS_BOOT
{ { 0, 0 }, { 0, 0, 0, 0 }, 0 }, // Must be all-zero
{ { AES, 0 }, { XTS, LRW, CBC, 0 }, 1 },
{ { SERPENT, 0 }, { XTS, LRW, CBC, 0 }, 1 },
{ { TWOFISH, 0 }, { XTS, LRW, CBC, 0 }, 1 },
{ { TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 },
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 },
{ { AES, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 },
{ { AES, TWOFISH, SERPENT, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 },
{ { SERPENT, TWOFISH, 0 }, { XTS, LRW, OUTER_CBC, 0 }, 1 },
{ { BLOWFISH, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
{ { CAST, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
{ { TRIPLEDES, 0 }, { LRW, CBC, 0, 0 }, 0 }, // Deprecated/legacy
{ { BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
{ { SERPENT, BLOWFISH, AES, 0 }, { INNER_CBC, 0, 0, 0 }, 0 }, // Deprecated/legacy
{ { 0, 0 }, { 0, 0, 0, 0 }, 0 } // Must be all-zero
{ { 0, 0 }, { 0, 0}, 0 }, // Must be all-zero
{ { AES, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, 0 }, { XTS, 0 }, 1 },
{ { TWOFISH, 0 }, { XTS, 0 }, 1 },
{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
{ { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },
{ { 0, 0 }, { 0, 0}, 0 } // Must be all-zero
#else // TC_WINDOWS_BOOT
@@ -105,7 +94,6 @@ static Hash Hashes[] =
#ifndef TC_WINDOWS_BOOT
{ SHA512, "SHA-512", FALSE, FALSE },
{ WHIRLPOOL, "Whirlpool", FALSE, FALSE },
{ SHA1, "SHA-1", TRUE, FALSE }, // Deprecated/legacy
#endif
{ 0, 0, 0 }
};
@@ -138,32 +126,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8);
break;
#ifndef TC_WINDOWS_BOOT
case BLOWFISH:
/* Deprecated/legacy */
BlowfishSetKey ((BF_KEY *)ks, CipherGetKeySize(BLOWFISH), key);
break;
case CAST:
/* Deprecated/legacy */
Cast5SetKey ((CAST_KEY *) ks, CipherGetKeySize(CAST), key);
break;
case TRIPLEDES:
/* Deprecated/legacy */
TripleDesSetKey (key, CipherGetKeySize (TRIPLEDES), (TDES_KEY *) ks);
// Verify whether all three DES keys are mutually different
if (((*((__int64 *) key) ^ *((__int64 *) key+1)) & 0xFEFEFEFEFEFEFEFEULL) == 0
|| ((*((__int64 *) key+1) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0
|| ((*((__int64 *) key) ^ *((__int64 *) key+2)) & 0xFEFEFEFEFEFEFEFEULL) == 0)
retVal = ERR_CIPHER_INIT_WEAK_KEY; // Non-fatal error
break;
#endif // TC_WINDOWS_BOOT
default:
// Unknown/wrong cipher ID
return ERR_CIPHER_INIT_FAILURE;
@@ -188,11 +150,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
case TWOFISH: twofish_encrypt (ks, data, data); break;
case SERPENT: serpent_encrypt (data, data, ks); break;
#ifndef TC_WINDOWS_BOOT
case BLOWFISH: BlowfishEncryptLE (data, data, ks, 1); break; // Deprecated/legacy
case CAST: Cast5Encrypt (data, data, ks); break; // Deprecated/legacy
case TRIPLEDES: TripleDesEncrypt (data, data, ks, 1); break; // Deprecated/legacy
#endif
default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
}
@@ -256,9 +213,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));
break;
case BLOWFISH: BlowfishEncryptLE (data, data, ks, 0); break; // Deprecated/legacy
case CAST: Cast5Decrypt (data, data, ks); break; // Deprecated/legacy
case TRIPLEDES: TripleDesEncrypt (data, data, ks, 0); break; // Deprecated/legacy
#else
case AES: aes_decrypt (data, data, ks); break;
#endif
@@ -427,28 +381,6 @@ BOOL EAInitMode (PCRYPTO_INFO ci)
that the size of each of the volumes is 1024 terabytes). */
break;
case LRW:
switch (CipherGetBlockSize (EAGetFirstCipher (ci->ea)))
{
case 8:
/* Deprecated/legacy */
return Gf64TabInit (ci->k2, &ci->gf_ctx);
case 16:
return Gf128Tab64Init (ci->k2, &ci->gf_ctx);
default:
TC_THROW_FATAL_EXCEPTION;
}
break;
case CBC:
case INNER_CBC:
case OUTER_CBC:
// The mode does not need to be initialized or is initialized elsewhere
return TRUE;
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -537,37 +469,6 @@ char *EAGetModeName (int ea, int mode, BOOL capitalLetters)
return "XTS";
case LRW:
/* Deprecated/legacy */
return "LRW";
case CBC:
{
/* Deprecated/legacy */
char eaName[100];
EAGetName (eaName, ea);
if (strcmp (eaName, "Triple DES") == 0)
return capitalLetters ? "Outer-CBC" : "outer-CBC";
return "CBC";
}
case OUTER_CBC:
/* Deprecated/legacy */
return capitalLetters ? "Outer-CBC" : "outer-CBC";
case INNER_CBC:
/* Deprecated/legacy */
return capitalLetters ? "Inner-CBC" : "inner-CBC";
}
return "[unknown]";
}
@@ -805,441 +706,6 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
#ifndef TC_NO_COMPILER_INT64
void Xor128 (unsigned __int64 *a, unsigned __int64 *b)
{
*a++ ^= *b++;
*a ^= *b;
}
void Xor64 (unsigned __int64 *a, unsigned __int64 *b)
{
*a ^= *b;
}
void EncryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
{
/* Deprecated/legacy */
int cipher = EAGetFirstCipher (cryptoInfo->ea);
int cipherCount = EAGetCipherCount (cryptoInfo->ea);
unsigned __int8 *p = buffer;
unsigned __int8 *ks = cryptoInfo->ks;
unsigned __int8 i[8];
unsigned __int8 t[16];
unsigned __int64 b;
*(unsigned __int64 *)i = BE64(blockIndex);
if (length % 16)
TC_THROW_FATAL_EXCEPTION;
// Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
for (b = 0; b < length >> 4; b++)
{
Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
if (cipherCount > 1)
{
// Cipher cascade
for (cipher = EAGetFirstCipher (cryptoInfo->ea);
cipher != 0;
cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
{
EncipherBlock (cipher, p, ks);
ks += CipherGetKeyScheduleSize (cipher);
}
ks = cryptoInfo->ks;
}
else
{
EncipherBlock (cipher, p, ks);
}
Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
p += 16;
if (i[7] != 0xff)
i[7]++;
else
*(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
}
FAST_ERASE64 (t, sizeof(t));
}
void EncryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
{
/* Deprecated/legacy */
int cipher = EAGetFirstCipher (cryptoInfo->ea);
unsigned __int8 *p = buffer;
unsigned __int8 *ks = cryptoInfo->ks;
unsigned __int8 i[8];
unsigned __int8 t[8];
unsigned __int64 b;
*(unsigned __int64 *)i = BE64(blockIndex);
if (length % 8)
TC_THROW_FATAL_EXCEPTION;
for (b = 0; b < length >> 3; b++)
{
Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
EncipherBlock (cipher, p, ks);
Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
p += 8;
if (i[7] != 0xff)
i[7]++;
else
*(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
}
FAST_ERASE64 (t, sizeof(t));
}
void DecryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
{
/* Deprecated/legacy */
int cipher = EAGetFirstCipher (cryptoInfo->ea);
int cipherCount = EAGetCipherCount (cryptoInfo->ea);
unsigned __int8 *p = buffer;
unsigned __int8 *ks = cryptoInfo->ks;
unsigned __int8 i[8];
unsigned __int8 t[16];
unsigned __int64 b;
*(unsigned __int64 *)i = BE64(blockIndex);
if (length % 16)
TC_THROW_FATAL_EXCEPTION;
// Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
for (b = 0; b < length >> 4; b++)
{
Gf128MulBy64Tab (i, t, &cryptoInfo->gf_ctx);
Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
if (cipherCount > 1)
{
// Cipher cascade
ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
for (cipher = EAGetLastCipher (cryptoInfo->ea);
cipher != 0;
cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
{
ks -= CipherGetKeyScheduleSize (cipher);
DecipherBlock (cipher, p, ks);
}
}
else
{
DecipherBlock (cipher, p, ks);
}
Xor128 ((unsigned __int64 *)p, (unsigned __int64 *)t);
p += 16;
if (i[7] != 0xff)
i[7]++;
else
*(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
}
FAST_ERASE64 (t, sizeof(t));
}
void DecryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo)
{
/* Deprecated/legacy */
int cipher = EAGetFirstCipher (cryptoInfo->ea);
unsigned __int8 *p = buffer;
unsigned __int8 *ks = cryptoInfo->ks;
unsigned __int8 i[8];
unsigned __int8 t[8];
unsigned __int64 b;
*(unsigned __int64 *)i = BE64(blockIndex);
if (length % 8)
TC_THROW_FATAL_EXCEPTION;
for (b = 0; b < length >> 3; b++)
{
Gf64MulTab (i, t, &cryptoInfo->gf_ctx);
Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
DecipherBlock (cipher, p, ks);
Xor64 ((unsigned __int64 *)p, (unsigned __int64 *)t);
p += 8;
if (i[7] != 0xff)
i[7]++;
else
*(unsigned __int64 *)i = BE64 ( BE64(*(unsigned __int64 *)i) + 1 );
}
FAST_ERASE64 (t, sizeof(t));
}
// Initializes IV and whitening values for sector encryption/decryption in CBC mode.
// IMPORTANT: This function has been deprecated (legacy).
static void
InitSectorIVAndWhitening (unsigned __int64 unitNo,
int blockSize,
unsigned __int32 *iv,
unsigned __int64 *ivSeed,
unsigned __int32 *whitening)
{
/* IMPORTANT: This function has been deprecated (legacy) */
unsigned __int64 iv64[4];
unsigned __int32 *iv32 = (unsigned __int32 *) iv64;
iv64[0] = ivSeed[0] ^ LE64(unitNo);
iv64[1] = ivSeed[1] ^ LE64(unitNo);
iv64[2] = ivSeed[2] ^ LE64(unitNo);
if (blockSize == 16)
{
iv64[3] = ivSeed[3] ^ LE64(unitNo);
}
iv[0] = iv32[0];
iv[1] = iv32[1];
switch (blockSize)
{
case 16:
// 128-bit block
iv[2] = iv32[2];
iv[3] = iv32[3];
whitening[0] = LE32( crc32int ( &iv32[4] ) ^ crc32int ( &iv32[7] ) );
whitening[1] = LE32( crc32int ( &iv32[5] ) ^ crc32int ( &iv32[6] ) );
break;
case 8:
// 64-bit block
whitening[0] = LE32( crc32int ( &iv32[2] ) ^ crc32int ( &iv32[5] ) );
whitening[1] = LE32( crc32int ( &iv32[3] ) ^ crc32int ( &iv32[4] ) );
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
}
// EncryptBufferCBC (deprecated/legacy)
//
// data: data to be encrypted
// len: number of bytes to encrypt (must be divisible by the largest cipher block size)
// ks: scheduled key
// iv: IV
// whitening: whitening constants
// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
static void
EncryptBufferCBC (unsigned __int32 *data,
unsigned int len,
unsigned __int8 *ks,
unsigned __int32 *iv,
unsigned __int32 *whitening,
int ea,
int cipher)
{
/* IMPORTANT: This function has been deprecated (legacy) */
unsigned __int32 bufIV[4];
unsigned __int64 i;
int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
if (len % blockSize)
TC_THROW_FATAL_EXCEPTION;
// IV
bufIV[0] = iv[0];
bufIV[1] = iv[1];
if (blockSize == 16)
{
bufIV[2] = iv[2];
bufIV[3] = iv[3];
}
// Encrypt each block
for (i = 0; i < len/blockSize; i++)
{
// CBC
data[0] ^= bufIV[0];
data[1] ^= bufIV[1];
if (blockSize == 16)
{
data[2] ^= bufIV[2];
data[3] ^= bufIV[3];
}
if (ea != 0)
{
// Outer-CBC
for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
{
EncipherBlock (cipher, data, ks);
ks += CipherGetKeyScheduleSize (cipher);
}
ks -= EAGetKeyScheduleSize (ea);
}
else
{
// CBC/inner-CBC
EncipherBlock (cipher, data, ks);
}
// CBC
bufIV[0] = data[0];
bufIV[1] = data[1];
if (blockSize == 16)
{
bufIV[2] = data[2];
bufIV[3] = data[3];
}
// Whitening
data[0] ^= whitening[0];
data[1] ^= whitening[1];
if (blockSize == 16)
{
data[2] ^= whitening[0];
data[3] ^= whitening[1];
}
data += blockSize / sizeof(*data);
}
}
// DecryptBufferCBC (deprecated/legacy)
//
// data: data to be decrypted
// len: number of bytes to decrypt (must be divisible by the largest cipher block size)
// ks: scheduled key
// iv: IV
// whitening: whitening constants
// ea: outer-CBC cascade ID (0 = CBC/inner-CBC)
// cipher: CBC/inner-CBC cipher ID (0 = outer-CBC)
static void
DecryptBufferCBC (unsigned __int32 *data,
unsigned int len,
unsigned __int8 *ks,
unsigned __int32 *iv,
unsigned __int32 *whitening,
int ea,
int cipher)
{
/* IMPORTANT: This function has been deprecated (legacy) */
unsigned __int32 bufIV[4];
unsigned __int64 i;
unsigned __int32 ct[4];
int blockSize = CipherGetBlockSize (ea != 0 ? EAGetFirstCipher (ea) : cipher);
if (len % blockSize)
TC_THROW_FATAL_EXCEPTION;
// IV
bufIV[0] = iv[0];
bufIV[1] = iv[1];
if (blockSize == 16)
{
bufIV[2] = iv[2];
bufIV[3] = iv[3];
}
// Decrypt each block
for (i = 0; i < len/blockSize; i++)
{
// Dewhitening
data[0] ^= whitening[0];
data[1] ^= whitening[1];
if (blockSize == 16)
{
data[2] ^= whitening[0];
data[3] ^= whitening[1];
}
// CBC
ct[0] = data[0];
ct[1] = data[1];
if (blockSize == 16)
{
ct[2] = data[2];
ct[3] = data[3];
}
if (ea != 0)
{
// Outer-CBC
ks += EAGetKeyScheduleSize (ea);
for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
{
ks -= CipherGetKeyScheduleSize (cipher);
DecipherBlock (cipher, data, ks);
}
}
else
{
// CBC/inner-CBC
DecipherBlock (cipher, data, ks);
}
// CBC
data[0] ^= bufIV[0];
data[1] ^= bufIV[1];
bufIV[0] = ct[0];
bufIV[1] = ct[1];
if (blockSize == 16)
{
data[2] ^= bufIV[2];
data[3] ^= bufIV[3];
bufIV[2] = ct[2];
bufIV[3] = ct[3];
}
data += blockSize / sizeof(*data);
}
}
#endif // #ifndef TC_NO_COMPILER_INT64
// EncryptBuffer
//
@@ -1275,100 +741,12 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
}
break;
#ifndef TC_NO_COMPILER_INT64
case LRW:
/* Deprecated/legacy */
switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
{
case 8:
EncryptBufferLRW64 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
break;
case 16:
EncryptBufferLRW128 ((unsigned __int8 *)buf, (unsigned __int64) len, 1, cryptoInfo);
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
break;
case CBC:
case INNER_CBC:
{
/* Deprecated/legacy */
unsigned __int8 *ks = cryptoInfo->ks;
int cipher;
for (cipher = EAGetFirstCipher (cryptoInfo->ea);
cipher != 0;
cipher = EAGetNextCipher (cryptoInfo->ea, cipher))
{
EncryptBufferCBC ((unsigned __int32 *) buf,
(unsigned int) len,
ks,
(unsigned __int32 *) cryptoInfo->k2,
(unsigned __int32 *) &cryptoInfo->k2[8],
0,
cipher);
ks += CipherGetKeyScheduleSize (cipher);
}
}
break;
case OUTER_CBC:
/* Deprecated/legacy */
EncryptBufferCBC ((unsigned __int32 *) buf,
(unsigned int) len,
cryptoInfo->ks,
(unsigned __int32 *) cryptoInfo->k2,
(unsigned __int32 *) &cryptoInfo->k2[8],
cryptoInfo->ea,
0);
break;
#endif // #ifndef TC_NO_COMPILER_INT64
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
}
#ifndef TC_NO_COMPILER_INT64
// Converts a data unit number to the index of the first LRW block in the data unit.
// Note that the maximum supported volume size is 8589934592 GB (i.e., 2^63 bytes).
uint64 DataUnit2LRWIndex (uint64 dataUnit, int blockSize, PCRYPTO_INFO ci)
{
/* Deprecated/legacy */
if (ci->hiddenVolume)
dataUnit -= ci->hiddenVolumeOffset / ENCRYPTION_DATA_UNIT_SIZE;
else
dataUnit -= TC_VOLUME_HEADER_SIZE_LEGACY / ENCRYPTION_DATA_UNIT_SIZE; // Compensate for the volume header size
switch (blockSize)
{
case 8:
return (dataUnit << 6) | 1;
case 16:
return (dataUnit << 5) | 1;
default:
TC_THROW_FATAL_EXCEPTION;
}
return 0;
}
#endif // #ifndef TC_NO_COMPILER_INT64
// buf: data to be encrypted
// unitNo: sequential number of the data unit with which the buffer starts
@@ -1387,14 +765,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
unsigned __int8 *ks2 = ci->ks2;
int cipher;
#ifndef TC_NO_COMPILER_INT64
void *iv = ci->k2; // Deprecated/legacy
unsigned __int64 unitNo = structUnitNo->Value;
unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
unsigned __int32 sectorIV[4]; // Deprecated/legacy
unsigned __int32 secWhitening[2]; // Deprecated/legacy
#endif
switch (ci->mode)
{
case XTS:
@@ -1413,81 +783,6 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
}
break;
#ifndef TC_NO_COMPILER_INT64
case LRW:
/* Deprecated/legacy */
switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
{
case 8:
EncryptBufferLRW64 (buf,
(unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
DataUnit2LRWIndex (unitNo, 8, ci),
ci);
break;
case 16:
EncryptBufferLRW128 (buf,
(unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
DataUnit2LRWIndex (unitNo, 16, ci),
ci);
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
break;
case CBC:
case INNER_CBC:
/* Deprecated/legacy */
while (nbrUnits--)
{
for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))
{
InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
EncryptBufferCBC ((unsigned __int32 *) buf,
ENCRYPTION_DATA_UNIT_SIZE,
ks,
sectorIV,
secWhitening,
0,
cipher);
ks += CipherGetKeyScheduleSize (cipher);
}
ks -= EAGetKeyScheduleSize (ea);
buf += ENCRYPTION_DATA_UNIT_SIZE;
unitNo++;
}
break;
case OUTER_CBC:
/* Deprecated/legacy */
while (nbrUnits--)
{
InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
EncryptBufferCBC ((unsigned __int32 *) buf,
ENCRYPTION_DATA_UNIT_SIZE,
ks,
sectorIV,
secWhitening,
ea,
0);
buf += ENCRYPTION_DATA_UNIT_SIZE;
unitNo++;
}
break;
#endif // #ifndef TC_NO_COMPILER_INT64
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -1528,65 +823,6 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
}
break;
#ifndef TC_NO_COMPILER_INT64
case LRW:
/* Deprecated/legacy */
switch (CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea)))
{
case 8:
DecryptBufferLRW64 (buf, (unsigned __int64) len, 1, cryptoInfo);
break;
case 16:
DecryptBufferLRW128 (buf, (unsigned __int64) len, 1, cryptoInfo);
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
break;
case CBC:
case INNER_CBC:
{
/* Deprecated/legacy */
unsigned __int8 *ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);
int cipher;
for (cipher = EAGetLastCipher (cryptoInfo->ea);
cipher != 0;
cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))
{
ks -= CipherGetKeyScheduleSize (cipher);
DecryptBufferCBC ((unsigned __int32 *) buf,
(unsigned int) len,
ks,
(unsigned __int32 *) cryptoInfo->k2,
(unsigned __int32 *) &cryptoInfo->k2[8],
0,
cipher);
}
}
break;
case OUTER_CBC:
/* Deprecated/legacy */
DecryptBufferCBC ((unsigned __int32 *) buf,
(unsigned int) len,
cryptoInfo->ks,
(unsigned __int32 *) cryptoInfo->k2,
(unsigned __int32 *) &cryptoInfo->k2[8],
cryptoInfo->ea,
0);
break;
#endif // #ifndef TC_NO_COMPILER_INT64
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -1610,14 +846,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
unsigned __int8 *ks2 = ci->ks2;
int cipher;
#ifndef TC_NO_COMPILER_INT64
void *iv = ci->k2; // Deprecated/legacy
unsigned __int64 unitNo = structUnitNo->Value;
unsigned __int64 *iv64 = (unsigned __int64 *) iv; // Deprecated/legacy
unsigned __int32 sectorIV[4]; // Deprecated/legacy
unsigned __int32 secWhitening[2]; // Deprecated/legacy
#endif // #ifndef TC_NO_COMPILER_INT64
switch (ci->mode)
{
@@ -1640,81 +868,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
}
break;
#ifndef TC_NO_COMPILER_INT64
case LRW:
/* Deprecated/legacy */
switch (CipherGetBlockSize (EAGetFirstCipher (ea)))
{
case 8:
DecryptBufferLRW64 (buf,
(unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
DataUnit2LRWIndex (unitNo, 8, ci),
ci);
break;
case 16:
DecryptBufferLRW128 (buf,
(unsigned __int64) nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,
DataUnit2LRWIndex (unitNo, 16, ci),
ci);
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
break;
case CBC:
case INNER_CBC:
/* Deprecated/legacy */
while (nbrUnits--)
{
ks += EAGetKeyScheduleSize (ea);
for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))
{
InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (cipher), sectorIV, iv64, secWhitening);
ks -= CipherGetKeyScheduleSize (cipher);
DecryptBufferCBC ((unsigned __int32 *) buf,
ENCRYPTION_DATA_UNIT_SIZE,
ks,
sectorIV,
secWhitening,
0,
cipher);
}
buf += ENCRYPTION_DATA_UNIT_SIZE;
unitNo++;
}
break;
case OUTER_CBC:
/* Deprecated/legacy */
while (nbrUnits--)
{
InitSectorIVAndWhitening (unitNo, CipherGetBlockSize (EAGetFirstCipher (ea)), sectorIV, iv64, secWhitening);
DecryptBufferCBC ((unsigned __int32 *) buf,
ENCRYPTION_DATA_UNIT_SIZE,
ks,
sectorIV,
secWhitening,
ea,
0);
buf += ENCRYPTION_DATA_UNIT_SIZE;
unitNo++;
}
break;
#endif // #ifndef TC_NO_COMPILER_INT64
default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
@@ -1729,13 +882,6 @@ int GetMaxPkcs5OutSize (void)
size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys
#ifndef TC_WINDOWS_BOOT
size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (LRW)); // Deprecated/legacy
size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (CBC)); // Deprecated/legacy
size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (OUTER_CBC)); // Deprecated/legacy
size = max (size, LEGACY_VOL_IV_SIZE + EAGetLargestKeyForMode (INNER_CBC)); // Deprecated/legacy
#endif
return size;
}

28
src/Common/Crypto.h
View File

@@ -42,9 +42,6 @@ extern "C" {
// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
#define MASTER_KEYDATA_SIZE 256
// Size of the deprecated volume header item containing either an IV seed (CBC mode) or tweak key (LRW mode)
#define LEGACY_VOL_IV_SIZE 32
// The first PRF to try when mounting
#define FIRST_PRF_ID 1
@@ -55,7 +52,6 @@ enum
#ifndef TC_WINDOWS_BOOT
SHA512,
WHIRLPOOL,
SHA1, // Deprecated/legacy
#endif
HASH_ENUM_END_ID
};
@@ -89,12 +85,6 @@ enum
/* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
XTS = FIRST_MODE_OF_OPERATION_ID,
#ifndef TC_WINDOWS_BOOT
LRW, // Deprecated/legacy
CBC, // Deprecated/legacy
OUTER_CBC, // Deprecated/legacy
INNER_CBC, // Deprecated/legacy
#endif
MODE_ENUM_END_ID
};
@@ -115,12 +105,7 @@ enum
NONE = 0,
AES,
SERPENT,
TWOFISH,
#ifndef TC_WINDOWS_BOOT
BLOWFISH, // Deprecated/legacy
CAST, // Deprecated/legacy
TRIPLEDES // Deprecated/legacy
#endif
TWOFISH
};
typedef struct
@@ -184,15 +169,11 @@ typedef struct
#endif
#include "Aes_hw_cpu.h"
#include "Blowfish.h"
#include "Cast.h"
#include "Des.h"
#include "Serpent.h"
#include "Twofish.h"
#include "Rmd160.h"
#ifndef TC_WINDOWS_BOOT
# include "Sha1.h"
# include "Sha2.h"
# include "Whirlpool.h"
#endif
@@ -313,13 +294,6 @@ void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo,
void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
#ifndef TC_NO_COMPILER_INT64
void EncryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
void DecryptBufferLRW128 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
void EncryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
void DecryptBufferLRW64 (byte *buffer, uint64 length, uint64 blockIndex, PCRYPTO_INFO cryptoInfo);
uint64 DataUnit2LRWIndex (uint64 dataUnit, int blockSize, PCRYPTO_INFO ci);
#endif // #ifndef TC_NO_COMPILER_INT64
BOOL IsAesHwCpuSupported ();
void EnableHwEncryption (BOOL enable);

53
src/Common/Dlgcode.c
View File

@@ -5366,15 +5366,6 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
}
else
{
if (idTestCipher == BLOWFISH)
{
/* Deprecated/legacy */
/* Convert to little-endian, this is needed here and not in
above auto-tests because BF_ecb_encrypt above correctly converts
from big to little endian, and EncipherBlock does not! */
LongReverse((unsigned int *) tmp, pt);
}
CipherInit2(idTestCipher, key, ks_tmp, ks);
@@ -5387,13 +5378,6 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
DecipherBlock(idTestCipher, tmp, ks_tmp);
}
if (idTestCipher == BLOWFISH)
{
/* Deprecated/legacy */
/* Convert back to big-endian */
LongReverse((unsigned int *) tmp, pt);
}
}
*szTmp = 0;
@@ -5464,43 +5448,6 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), "0000000000000000000000000000000000000000000000000000000000000000");
SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), "0");
if (idTestCipher == BLOWFISH)
{
/* Deprecated/legacy */
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "448");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 56);
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "256");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 32);
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "128");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 16);
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "64");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 8);
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, 0,0);
SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
}
if (idTestCipher == CAST)
{
/* Deprecated/legacy */
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "128");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 16);
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, ndx,0);
SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "00000000000000000000000000000000");
}
if (idTestCipher == TRIPLEDES)
{
/* Deprecated/legacy */
ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "168");
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 24);
SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, ndx,0);
SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "000000000000000000000000000000000000000000000000");
}
SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), "0000000000000000");
SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), "0000000000000000");

5
src/Common/EncryptionThreadPool.c
View File

@@ -173,11 +173,6 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
case SHA1:
derive_key_sha1 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
default:
TC_THROW_FATAL_EXCEPTION;
}

110
src/Common/GfMul.c
View File

@@ -651,43 +651,6 @@ int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx)
return TRUE;
}
int Gf64TabInit (unsigned __int8 *a, GfCtx *ctx)
{
/* Deprecated/legacy */
GfCtx4k64 *ctx4k;
unsigned __int8 am[8];
int i, j;
ctx4k = (GfCtx4k64 *) TCalloc (sizeof (GfCtx4k64));
if (!ctx4k)
return FALSE;
memcpy (am, a, 8);
MirrorBits64 (am);
compile_4k_table64 (am, ctx4k);
/* Convert LSB-first table to MSB-first */
for (i = 0; i < 16; i++)
{
for (j = 0; j < 16; j++)
{
int jm = 0;
jm |= (j & 0x1) << 3;
jm |= (j & 0x2) << 1;
jm |= (j & 0x4) >> 1;
jm |= (j & 0x8) >> 3;
memcpy (&ctx->gf_t64[i][jm], (unsigned char *)&ctx4k->gf_t4k[15-i][j], 8);
MirrorBits64 ((unsigned char *)&ctx->gf_t64[i][jm]);
}
}
burn (ctx4k,sizeof (*ctx4k));
burn (am, sizeof (am));
TCfree (ctx4k);
return TRUE;
}
#define xor_8kt64(i) \
xor_block_aligned(r, ctx->gf_t128[i + i][a[i] & 15]); \
@@ -718,36 +681,6 @@ void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx)
move_block_aligned(p, r);
}
#define xor_8k64(i) \
xor_block_aligned64(r, ctx->gf_t64[i + i][a[i] & 15]); \
xor_block_aligned64(r, ctx->gf_t64[i + i + 1][a[i] >> 4])
/* Multiply two 64-bit numbers in the finite field GF(2^64) */
void Gf64MulTab (unsigned char a[8], unsigned char p[8], GfCtx *ctx)
{
/* Deprecated/legacy */
unsigned __int32 r[CBLK_LEN8 >> 2];
move_block_aligned64(r, ctx->gf_t64[7*2][a[7] & 15]);
xor_block_aligned64(r, ctx->gf_t64[7*2+1][a[7] >> 4]);
if (*(unsigned __int16 *)a)
{
xor_8k64(0);
xor_8k64(1);
}
if (a[2])
{
xor_8k64(2);
}
xor_8k64(3);
xor_8k64(4);
xor_8k64(5);
xor_8k64(6);
move_block_aligned64(p, r);
}
/* Basic algorithms for testing of optimized algorithms */
@@ -809,32 +742,6 @@ static void shl64 (unsigned __int8 *a)
}
}
static void GfMul64Basic (unsigned __int8 *a, unsigned __int8 *b, unsigned __int8* p)
{
/* Deprecated/legacy */
int i;
unsigned __int8 la[8];
memcpy (la, a, 8);
memset (p, 0, 8);
for (i = 0; i < 64; i++)
{
if (IsBitSet64 (i, b))
xor64 ((uint64 *)p, (uint64 *)la);
if (la[0] & 0x80)
{
shl64 (la);
la[7] ^= 0x1b;
}
else
{
shl64 (la);
}
}
}
BOOL GfMulSelfTest ()
{
@@ -849,23 +756,6 @@ BOOL GfMulSelfTest ()
if (!gfCtx)
return FALSE;
/* GF(2^64) - deprecated/legacy */
for (i = 0; i < 0x100; i++)
{
for (j = 0; j < 8; j++)
{
a[j] = (unsigned __int8) i;
b[j] = a[j] ^ 0xff;
}
GfMul64Basic (a, b, p1);
Gf64TabInit (a, gfCtx);
Gf64MulTab (b, p2, gfCtx);
if (memcmp (p1, p2, 8) != 0)
result = FALSE;
}
/* GF(2^128) */
for (i = 0; i < 0x100; i++)

2
src/Common/GfMul.h
View File

@@ -63,8 +63,6 @@ void GfMul128 (void *a, const void* b);
void GfMul128Tab(unsigned char a[16], GfCtx8k *ctx);
int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx);
void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx);
int Gf64TabInit (unsigned __int8 *a, GfCtx *ctx);
void Gf64MulTab (unsigned char a[8], unsigned char p[8], GfCtx *ctx);
void MirrorBits128 (unsigned __int8 *a);
void MirrorBits64 (unsigned __int8 *a);
BOOL GfMulSelfTest ();

153
src/Common/Pkcs5.c
View File

@@ -14,7 +14,6 @@
#include <memory.h>
#include "Rmd160.h"
#ifndef TC_WINDOWS_BOOT
#include "Sha1.h"
#include "Sha2.h"
#include "Whirlpool.h"
#endif
@@ -175,150 +174,6 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int it
burn (u, sizeof(u));
}
/* Deprecated/legacy */
void hmac_sha1
(
char *k, /* secret key */
int lk, /* length of the key in bytes */
char *d, /* data */
int ld, /* length of data in bytes */
char *out, /* output buffer, at least "t" bytes */
int t
)
{
sha1_ctx ictx, octx;
char isha[SHA1_DIGESTSIZE], osha[SHA1_DIGESTSIZE];
char key[SHA1_DIGESTSIZE];
char buf[SHA1_BLOCKSIZE];
int i;
/* If the key is longer than the hash algorithm block size,
let key = sha1(key), as per HMAC specifications. */
if (lk > SHA1_BLOCKSIZE)
{
sha1_ctx tctx;
sha1_begin (&tctx);
sha1_hash ((unsigned char *) k, lk, &tctx);
sha1_end ((unsigned char *) key, &tctx);
k = key;
lk = SHA1_DIGESTSIZE;
burn (&tctx, sizeof(tctx)); // Prevent leaks
}
/**** Inner Digest ****/
sha1_begin (&ictx);
/* Pad the key for inner digest */
for (i = 0; i < lk; ++i)
buf[i] = (char) (k[i] ^ 0x36);
for (i = lk; i < SHA1_BLOCKSIZE; ++i)
buf[i] = 0x36;
sha1_hash ((unsigned char *) buf, SHA1_BLOCKSIZE, &ictx);
sha1_hash ((unsigned char *) d, ld, &ictx);
sha1_end ((unsigned char *) isha, &ictx);
/**** Outer Digest ****/
sha1_begin (&octx);
for (i = 0; i < lk; ++i)
buf[i] = (char) (k[i] ^ 0x5C);
for (i = lk; i < SHA1_BLOCKSIZE; ++i)
buf[i] = 0x5C;
sha1_hash ((unsigned char *) buf, SHA1_BLOCKSIZE, &octx);
sha1_hash ((unsigned char *) isha, SHA1_DIGESTSIZE, &octx);
sha1_end ((unsigned char *) osha, &octx);
/* truncate and print the results */
t = t > SHA1_DIGESTSIZE ? SHA1_DIGESTSIZE : t;
hmac_truncate (osha, out, t);
/* Prevent leaks */
burn (&ictx, sizeof(ictx));
burn (&octx, sizeof(octx));
burn (isha, sizeof(isha));
burn (osha, sizeof(osha));
burn (buf, sizeof(buf));
burn (key, sizeof(key));
}
/* Deprecated/legacy */
void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
{
char j[SHA1_DIGESTSIZE], k[SHA1_DIGESTSIZE];
char init[128];
char counter[4];
int c, i;
/* iteration 1 */
memset (counter, 0, 4);
counter[3] = (char) b;
memcpy (init, salt, salt_len); /* salt */
memcpy (&init[salt_len], counter, 4); /* big-endian block number */
hmac_sha1 (pwd, pwd_len, init, salt_len + 4, j, SHA1_DIGESTSIZE);
memcpy (u, j, SHA1_DIGESTSIZE);
/* remaining iterations */
for (c = 1; c < iterations; c++)
{
hmac_sha1 (pwd, pwd_len, j, SHA1_DIGESTSIZE, k, SHA1_DIGESTSIZE);
for (i = 0; i < SHA1_DIGESTSIZE; i++)
{
u[i] ^= k[i];
j[i] = k[i];
}
}
/* Prevent possible leaks. */
burn (j, sizeof(j));
burn (k, sizeof(k));
}
/* Deprecated/legacy */
void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
{
char u[SHA1_DIGESTSIZE];
int b, l, r;
if (dklen % SHA1_DIGESTSIZE)
{
l = 1 + dklen / SHA1_DIGESTSIZE;
}
else
{
l = dklen / SHA1_DIGESTSIZE;
}
r = dklen - (l - 1) * SHA1_DIGESTSIZE;
/* first l - 1 blocks */
for (b = 1; b < l; b++)
{
derive_u_sha1 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, SHA1_DIGESTSIZE);
dk += SHA1_DIGESTSIZE;
}
/* last block */
derive_u_sha1 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, r);
/* Prevent possible leaks. */
burn (u, sizeof(u));
}
#endif // TC_WINDOWS_BOOT
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
@@ -618,9 +473,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
case SHA512:
return "HMAC-SHA-512";
case SHA1: // Deprecated/legacy
return "HMAC-SHA-1";
case RIPEMD160:
return "HMAC-RIPEMD-160";
@@ -646,10 +498,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
#ifndef TC_WINDOWS_BOOT
case SHA512:
return 500000;
case SHA1: // Deprecated/legacy
return 1000000;
return 500000;
case WHIRLPOOL:
return 500000;

646
src/Common/Tests.c
View File

@@ -290,91 +290,6 @@ BOOL XTSAesTest (PCRYPTO_INFO ci)
return TRUE;
}
/* Blowfish Test Vectors (deprecated/legacy) */
/* Blowfish test vectors from www.counterpane.com/blowfish.html */
#define BF_TEST_COUNT 34
typedef struct {
unsigned char key[8];
unsigned char plaintext[8];
unsigned char ciphertext[8];
} BF_TEST;
#pragma warning(disable:4295)
BF_TEST bf_ecb_vectors[BF_TEST_COUNT] = {
"\x00\x00\x00\x00\x00\x00\x00\x00","\x00\x00\x00\x00\x00\x00\x00\x00","\x4E\xF9\x97\x45\x61\x98\xDD\x78",
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x51\x86\x6F\xD5\xB8\x5E\xCB\x8A",
"\x30\x00\x00\x00\x00\x00\x00\x00","\x10\x00\x00\x00\x00\x00\x00\x01","\x7D\x85\x6F\x9A\x61\x30\x63\xF2",
"\x11\x11\x11\x11\x11\x11\x11\x11","\x11\x11\x11\x11\x11\x11\x11\x11","\x24\x66\xDD\x87\x8B\x96\x3C\x9D",
"\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x11\x11\x11\x11\x11\x11\x11\x11","\x61\xF9\xC3\x80\x22\x81\xB0\x96",
"\x11\x11\x11\x11\x11\x11\x11\x11","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x7D\x0C\xC6\x30\xAF\xDA\x1E\xC7",
"\x00\x00\x00\x00\x00\x00\x00\x00","\x00\x00\x00\x00\x00\x00\x00\x00","\x4E\xF9\x97\x45\x61\x98\xDD\x78",
"\xFE\xDC\xBA\x98\x76\x54\x32\x10","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x0A\xCE\xAB\x0F\xC6\xA0\xA2\x8D",
"\x7C\xA1\x10\x45\x4A\x1A\x6E\x57","\x01\xA1\xD6\xD0\x39\x77\x67\x42","\x59\xC6\x82\x45\xEB\x05\x28\x2B",
"\x01\x31\xD9\x61\x9D\xC1\x37\x6E","\x5C\xD5\x4C\xA8\x3D\xEF\x57\xDA","\xB1\xB8\xCC\x0B\x25\x0F\x09\xA0",
"\x07\xA1\x13\x3E\x4A\x0B\x26\x86","\x02\x48\xD4\x38\x06\xF6\x71\x72","\x17\x30\xE5\x77\x8B\xEA\x1D\xA4",
"\x38\x49\x67\x4C\x26\x02\x31\x9E","\x51\x45\x4B\x58\x2D\xDF\x44\x0A","\xA2\x5E\x78\x56\xCF\x26\x51\xEB",
"\x04\xB9\x15\xBA\x43\xFE\xB5\xB6","\x42\xFD\x44\x30\x59\x57\x7F\xA2","\x35\x38\x82\xB1\x09\xCE\x8F\x1A",
"\x01\x13\xB9\x70\xFD\x34\xF2\xCE","\x05\x9B\x5E\x08\x51\xCF\x14\x3A","\x48\xF4\xD0\x88\x4C\x37\x99\x18",
"\x01\x70\xF1\x75\x46\x8F\xB5\xE6","\x07\x56\xD8\xE0\x77\x47\x61\xD2","\x43\x21\x93\xB7\x89\x51\xFC\x98",
"\x43\x29\x7F\xAD\x38\xE3\x73\xFE","\x76\x25\x14\xB8\x29\xBF\x48\x6A","\x13\xF0\x41\x54\xD6\x9D\x1A\xE5",
"\x07\xA7\x13\x70\x45\xDA\x2A\x16","\x3B\xDD\x11\x90\x49\x37\x28\x02","\x2E\xED\xDA\x93\xFF\xD3\x9C\x79",
"\x04\x68\x91\x04\xC2\xFD\x3B\x2F","\x26\x95\x5F\x68\x35\xAF\x60\x9A","\xD8\x87\xE0\x39\x3C\x2D\xA6\xE3",
"\x37\xD0\x6B\xB5\x16\xCB\x75\x46","\x16\x4D\x5E\x40\x4F\x27\x52\x32","\x5F\x99\xD0\x4F\x5B\x16\x39\x69",
"\x1F\x08\x26\x0D\x1A\xC2\x46\x5E","\x6B\x05\x6E\x18\x75\x9F\x5C\xCA","\x4A\x05\x7A\x3B\x24\xD3\x97\x7B",
"\x58\x40\x23\x64\x1A\xBA\x61\x76","\x00\x4B\xD6\xEF\x09\x17\x60\x62","\x45\x20\x31\xC1\xE4\xFA\xDA\x8E",
"\x02\x58\x16\x16\x46\x29\xB0\x07","\x48\x0D\x39\x00\x6E\xE7\x62\xF2","\x75\x55\xAE\x39\xF5\x9B\x87\xBD",
"\x49\x79\x3E\xBC\x79\xB3\x25\x8F","\x43\x75\x40\xC8\x69\x8F\x3C\xFA","\x53\xC5\x5F\x9C\xB4\x9F\xC0\x19",
"\x4F\xB0\x5E\x15\x15\xAB\x73\xA7","\x07\x2D\x43\xA0\x77\x07\x52\x92","\x7A\x8E\x7B\xFA\x93\x7E\x89\xA3",
"\x49\xE9\x5D\x6D\x4C\xA2\x29\xBF","\x02\xFE\x55\x77\x81\x17\xF1\x2A","\xCF\x9C\x5D\x7A\x49\x86\xAD\xB5",
"\x01\x83\x10\xDC\x40\x9B\x26\xD6","\x1D\x9D\x5C\x50\x18\xF7\x28\xC2","\xD1\xAB\xB2\x90\x65\x8B\xC7\x78",
"\x1C\x58\x7F\x1C\x13\x92\x4F\xEF","\x30\x55\x32\x28\x6D\x6F\x29\x5A","\x55\xCB\x37\x74\xD1\x3E\xF2\x01",
"\x01\x01\x01\x01\x01\x01\x01\x01","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xFA\x34\xEC\x48\x47\xB2\x68\xB2",
"\x1F\x1F\x1F\x1F\x0E\x0E\x0E\x0E","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xA7\x90\x79\x51\x08\xEA\x3C\xAE",
"\xE0\xFE\xE0\xFE\xF1\xFE\xF1\xFE","\x01\x23\x45\x67\x89\xAB\xCD\xEF","\xC3\x9E\x07\x2D\x9F\xAC\x63\x1D",
"\x00\x00\x00\x00\x00\x00\x00\x00","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x01\x49\x33\xE0\xCD\xAF\xF6\xE4",
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x00\x00\x00\x00\x00\x00\x00\x00","\xF2\x1E\x9A\x77\xB7\x1C\x49\xBC",
"\x01\x23\x45\x67\x89\xAB\xCD\xEF","\x00\x00\x00\x00\x00\x00\x00\x00","\x24\x59\x46\x88\x57\x54\x36\x9A",
"\xFE\xDC\xBA\x98\x76\x54\x32\x10","\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF","\x6B\x5C\x5A\x9C\x5D\x9E\x0A\x5A"
};
#define TRIPLEDES_TEST_COUNT 1
typedef struct {
unsigned char key[24];
unsigned char plaintext[8];
unsigned char ciphertext[8];
} TRIPLEDES_TEST;
TRIPLEDES_TEST tripledes_vectors[TRIPLEDES_TEST_COUNT] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98,
0x76, 0x54, 0x32, 0x10, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67,
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7,
0xde, 0x0b, 0x7c, 0x06, 0xae, 0x5e, 0x0e, 0xd5
};
/* CAST-128 Test Vectors from RFC2144 (deprecated/legacy) */
#define CAST_TEST_COUNT 1
typedef struct {
unsigned char key[16];
unsigned char plaintext[8];
unsigned char ciphertext[8];
} CAST_TEST;
CAST_TEST cast_ecb_vectors[CAST_TEST_COUNT] = {
"\x01\x23\x45\x67\x12\x34\x56\x78\x23\x45\x67\x89\x34\x56\x78\x9A",
"\x01\x23\x45\x67\x89\xAB\xCD\xEF",
"\x23\x8B\x4F\xE5\x84\x7E\x44\xB2"
};
// AES ECB test vectors FIPS-197
@@ -463,35 +378,6 @@ char *hmac_sha512_test_vectors[] =
"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
};
char *hmac_sha1_test_keys[] =
{
// Deprecated/legacy
"\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3",
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
"Jefe",
"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
};
char *hmac_sha1_test_data[] =
{
// Deprecated/legacy
"Sample #3",
"Hi There",
"what do ya want for nothing?",
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
};
char *hmac_sha1_test_vectors[] =
{
// Deprecated/legacy
"\xbc\xf4\x1e\xab\x8b\xb2\xd8\x02\xf3\xd0\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa",
"\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00",
"\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79",
"\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3"
};
char *hmac_ripemd160_test_keys[] =
{
"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",
@@ -534,29 +420,15 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
{
switch (cipher)
{
case BLOWFISH:
/* Deprecated/legacy */
BlowfishSetKey (ks, key_len, key);
break;
case AES:
CipherInit(cipher,key,ks);
break;
case CAST:
/* Deprecated/legacy */
CipherInit(cipher,key,ks);
break;
case SERPENT:
CipherInit(cipher,key,ks);
break;
case TRIPLEDES:
/* Deprecated/legacy */
CipherInit(cipher,key,ks);
break;
case TWOFISH:
CipherInit(cipher,key,ks);
break;
@@ -568,72 +440,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
}
/* Deprecated/legacy */
typedef struct {
unsigned __int8 key1[32];
unsigned __int8 key2[16];
unsigned __int8 index[16];
unsigned __int8 plaintext[16];
unsigned __int8 ciphertext[16];
} LRW_TEST;
#define LRW_TEST_COUNT 2
/* Deprecated/legacy */
LRW_TEST lrw_vectors[LRW_TEST_COUNT] = {
{
{ 0xf8, 0xd4, 0x76, 0xff, 0xd6, 0x46, 0xee, 0x6c, 0x23, 0x84, 0xcb, 0x1c, 0x77, 0xd6, 0x19, 0x5d,
0xfe, 0xf1, 0xa9, 0xf3, 0x7b, 0xbc, 0x8d, 0x21, 0xa7, 0x9c, 0x21, 0xf8, 0xcb, 0x90, 0x02, 0x89 },
{ 0xa8, 0x45, 0x34, 0x8e, 0xc8, 0xc5, 0xb5, 0xf1, 0x26, 0xf5, 0x0e, 0x76, 0xfe, 0xfd, 0x1b, 0x1e },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0xbd, 0x06, 0xb8, 0xe1, 0xdb, 0x98, 0x89, 0x9e, 0xc4, 0x98, 0xe4, 0x91, 0xcf, 0x1c, 0x70, 0x2b }
},
{
{ 0xfb, 0x76, 0x15, 0xb2, 0x3d, 0x80, 0x89, 0x1d, 0xd4, 0x70, 0x98, 0x0b, 0xc7, 0x95, 0x84, 0xc8,
0xb2, 0xfb, 0x64, 0xce, 0x60, 0x97, 0x87, 0x8d, 0x17, 0xfc, 0xe4, 0x5a, 0x49, 0xe8, 0x30, 0xb7 },
{ 0x6e, 0x78, 0x17, 0xe7, 0x2d, 0x5e, 0x12, 0xd4, 0x60, 0x64, 0x04, 0x7a, 0xf1, 0x2f, 0x9e, 0x0c },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0x5b, 0x90, 0x8e, 0xc1, 0xab, 0xdd, 0x67, 0x5f, 0x3d, 0x69, 0x8a, 0x95, 0x53, 0xc8, 0x9c, 0xe5 }
}
};
BOOL LRWAesTest (PCRYPTO_INFO ci)
{
/* Deprecated/legacy */
unsigned __int8 p[16];
int i;
for (i = 0; i < LRW_TEST_COUNT; i++)
{
ci->ea = EAGetByName ("AES");
if (ci->ea == 0)
return FALSE;
ci->mode = LRW;
if (EAInit (ci->ea, lrw_vectors[i].key1, ci->ks) != ERR_SUCCESS)
return FALSE;
memcpy (&ci->k2, lrw_vectors[i].key2, sizeof (lrw_vectors[i].key2));
if (!EAInitMode (ci))
return FALSE;
memcpy (p, lrw_vectors[i].plaintext, sizeof (p));
EncryptBufferLRW128 (p, sizeof (p), BE64(((unsigned __int64 *)(lrw_vectors[i].index))[1]), ci);
if (memcmp (lrw_vectors[i].ciphertext, p, sizeof (p)) != 0)
return FALSE;
}
return TRUE;
}
BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
{
unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 4];
@@ -653,15 +459,12 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
};
if (!TestLegacySectorBufEncryption (ci))
return FALSE;
/* Encryption/decryption of data units (typically, volume data sectors) */
nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE;
ci->mode = XTS; // Other modes of operation are tested in TestLegacySectorBufEncryption()
ci->mode = XTS; // we only implement XTS
/* The buffer can accommodate 4 data units and we'll test 4 cases by "scrolling". The data unit 0xFFFFFFFFFF
will "move" from the start of the buffer to its end. For a 512-byte data unit, the byte offset 562949953420800
@@ -1029,340 +832,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return (nTestsPerformed == 80);
}
BOOL TestLegacySectorBufEncryption (PCRYPTO_INFO ci)
{
unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 2];
unsigned int i;
char name[64];
unsigned __int32 crc;
UINT64_STRUCT unitNo;
uint32 nbrUnits;
int blockSize;
BOOL lrw64InitDone = FALSE;
BOOL lrw128InitDone = FALSE;
int nTestsPerformed = 0;
unitNo.Value = 0x0234567890ABCDEFull;
nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE;
for (i = 0; i < sizeof (buf); i++)
buf[i] = (unsigned char) i;
for (i = 0; i < sizeof (ci->k2); i++)
ci->k2[i] = (unsigned char) i;
// Test all EAs
for (ci->ea = EAGetFirst (); ci->ea != 0; ci->ea = EAGetNext (ci->ea))
{
EAGetName (name, ci->ea);
blockSize = CipherGetBlockSize (EAGetFirstCipher (ci->ea));
if (EAInit (ci->ea, (unsigned char *)buf, ci->ks) == ERR_CIPHER_INIT_FAILURE)
return FALSE;
// Test all deprecated modes of operation
for (ci->mode = EAGetFirstMode (ci->ea);
ci->mode != 0;
ci->mode = EAGetNextMode (ci->ea, ci->mode))
{
// Skip modes that are not deprecated
if (ci->mode == XTS)
continue;
if (ci->mode == LRW
&& (blockSize == 8 && !lrw64InitDone || blockSize == 16 && !lrw128InitDone ))
{
if (!EAInitMode (ci))
return FALSE;
if (blockSize == 8)
lrw64InitDone = TRUE;
else if (blockSize == 16)
lrw128InitDone = TRUE;
}
EncryptDataUnits (buf, &unitNo, nbrUnits, ci);
crc = GetCrc32 (buf, sizeof (buf));
switch (ci->mode)
{
case LRW: // Deprecated/legacy
if (strcmp (name, "AES") == 0)
{
if (crc != 0x5237acf9)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0xf94d5300)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
{
if (crc != 0x33971e82)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent") == 0)
{
if (crc != 0x7fb86805)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
{
if (crc != 0x2b20bb84)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Twofish") == 0)
{
if (crc != 0xa9de0f0b)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish") == 0)
{
if (crc != 0x4ed0fd80)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish-Serpent") == 0)
{
if (crc != 0xea04b3cf)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-AES") == 0)
{
if (crc != 0x0d33596a)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-Twofish-AES") == 0)
{
if (crc != 0x2845d0e3)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Twofish-Serpent") == 0)
{
if (crc != 0xca65c5cd)
return FALSE;
nTestsPerformed++;
}
break;
case CBC: // Deprecated/legacy
case INNER_CBC: // Deprecated/legacy
case OUTER_CBC: // Deprecated/legacy
if (strcmp (name, "AES") == 0)
{
if (crc != 0x2274f53d)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0x033899a1)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
{
if (crc != 0x331cecc7)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent") == 0)
{
if (crc != 0x42dff3d4)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
{
if (crc != 0xfe497d0c)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0xa7a80c84)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Blowfish-Serpent") == 0) // Deprecated/legacy
{
if (crc != 0xa0584562)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish") == 0)
{
if (crc != 0x3c226444)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish-Serpent") == 0)
{
if (crc != 0x5e5e77fd)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-AES") == 0)
{
if (crc != 0x57c612d5)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-Twofish-AES") == 0)
{
if (crc != 0x081e045a)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Twofish-Serpent") == 0)
{
if (crc != 0xa7b659f3)
return FALSE;
nTestsPerformed++;
}
break;
}
if (crc == 0xb70b4c26)
return FALSE;
DecryptDataUnits (buf, &unitNo, nbrUnits, ci);
if (GetCrc32 (buf, sizeof (buf)) != 0xb70b4c26)
return FALSE;
nTestsPerformed++;
EncryptBuffer (buf, sizeof (buf), ci);
crc = GetCrc32 (buf, sizeof (buf));
switch (ci->mode)
{
case LRW: // Deprecated/legacy
if (strcmp (name, "AES") == 0)
{
if (crc != 0x5ae1e3d8)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0x2738426f)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish-Serpent") == 0)
{
if (crc != 0x14f2948a)
return FALSE;
nTestsPerformed++;
}
break;
case CBC: // Deprecated/legacy
case INNER_CBC: // Deprecated/legacy
case OUTER_CBC: // Deprecated/legacy
if (strcmp (name, "AES") == 0)
{
if (crc != 0x960f740e)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0x7e1cfabb)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "CAST5") == 0) // Deprecated/legacy
{
if (crc != 0xeaae21c8)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent") == 0)
{
if (crc != 0xa8139d62)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Triple DES") == 0) // Deprecated/legacy
{
if (crc != 0xecf5d7d0)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Blowfish") == 0) // Deprecated/legacy
{
if (crc != 0xb70171b6)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Blowfish-Serpent") == 0) // Deprecated/legacy
{
if (crc != 0x1e749a87)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish") == 0)
{
if (crc != 0xb4b8bb9b)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "AES-Twofish-Serpent") == 0)
{
if (crc != 0x76b6c1cb)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-AES") == 0)
{
if (crc != 0x634f12ed)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Serpent-Twofish-AES") == 0)
{
if (crc != 0xe54bc1b9)
return FALSE;
nTestsPerformed++;
}
else if (strcmp (name, "Twofish-Serpent") == 0)
{
if (crc != 0x21cdb382)
return FALSE;
nTestsPerformed++;
}
break;
}
if (crc == 0xb70b4c26)
return FALSE;
DecryptBuffer (buf, sizeof (buf), ci);
if (GetCrc32 (buf, sizeof (buf)) != 0xb70b4c26)
return FALSE;
nTestsPerformed++;
}
}
return (nTestsPerformed == 86);
}
static BOOL DoAutoTestAlgorithms (void)
{
PCRYPTO_INFO ci;
@@ -1377,74 +846,6 @@ static BOOL DoAutoTestAlgorithms (void)
memset (ci, 0, sizeof (*ci));
/* Blowfish (deprecated/legacy) */
for (i=0;i<BF_TEST_COUNT;i++)
{
memcpy(key, bf_ecb_vectors[i].key, 8);
memcpy(tmp, bf_ecb_vectors[i].plaintext, 8);
CipherInit2(BLOWFISH, key, ks_tmp, 8);
((uint32 *)tmp)[0] = BE32 (((uint32 *)tmp)[0]);
((uint32 *)tmp)[1] = BE32 (((uint32 *)tmp)[1]);
BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,1);
BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,0);
BlowfishEncryptLE (tmp,tmp,(BF_KEY *)ks_tmp,1);
((uint32 *)tmp)[0] = BE32 (((uint32 *)tmp)[0]);
((uint32 *)tmp)[1] = BE32 (((uint32 *)tmp)[1]);
if (memcmp(bf_ecb_vectors[i].ciphertext,tmp,8)!=0)
break;
}
if (i != BF_TEST_COUNT)
bFailed = TRUE;
/* CAST5 (deprecated/legacy) */
for (i=0;i<CAST_TEST_COUNT;i++)
{
int cipher = CAST;
memcpy(key, cast_ecb_vectors[i].key, 16);
memcpy(tmp, cast_ecb_vectors[i].plaintext, 8);
CipherInit2(cipher, key, ks_tmp, 16);
EncipherBlock(cipher, tmp, ks_tmp);
DecipherBlock(cipher, tmp, ks_tmp);
EncipherBlock(cipher, tmp, ks_tmp);
if (memcmp(cast_ecb_vectors[i].ciphertext, tmp,8)!=0)
break;
}
if (i!=CAST_TEST_COUNT)
bFailed = TRUE;
/* Triple DES (TECB, EDE) - deprecated/legacy */
for (i = 0; i < TRIPLEDES_TEST_COUNT; i++)
{
int cipher = TRIPLEDES;
memcpy(key, tripledes_vectors[i].key, sizeof(tripledes_vectors->key));
memcpy(tmp, tripledes_vectors[i].plaintext, sizeof(tripledes_vectors->plaintext));
CipherInit(cipher, key, ks_tmp);
EncipherBlock(cipher, tmp, ks_tmp);
if (memcmp(tripledes_vectors[i].ciphertext, tmp, sizeof(tripledes_vectors->ciphertext)) != 0)
break;
DecipherBlock(cipher, tmp, ks_tmp);
if (memcmp(tripledes_vectors[i].plaintext, tmp, sizeof(tripledes_vectors->plaintext)) != 0)
break;
}
if (i != TRIPLEDES_TEST_COUNT)
bFailed = TRUE;
/* AES */
for (i = 0; i < AES_TEST_COUNT; i++)
@@ -1550,10 +951,6 @@ static BOOL DoAutoTestAlgorithms (void)
if (!XTSAesTest (ci))
bFailed = TRUE;
/* LRW-AES (deprecated/legacy) */
if (!LRWAesTest (ci))
bFailed = TRUE;
/* Sector and buffer related algorithms */
if (!TestSectorBufEncryption (ci))
bFailed = TRUE;
@@ -1601,26 +998,6 @@ BOOL test_hmac_sha512 ()
return (nTestsPerformed == 6);
}
BOOL test_hmac_sha1 ()
{
// Deprecated/legacy
int nTestsPerformed = 0;
int i;
for (i = 0; i < 3; i++)
{
char digest[SHA1_DIGESTSIZE];
hmac_sha1 (hmac_sha1_test_keys[i], (int) strlen (hmac_sha1_test_keys[i]), hmac_sha1_test_data[i], (int) strlen (hmac_sha1_test_data[i]), digest, SHA1_DIGESTSIZE);
if (memcmp (digest, hmac_sha1_test_vectors[i], SHA1_DIGESTSIZE) != 0)
return FALSE;
else
nTestsPerformed++;
}
return (nTestsPerformed == 3);
}
BOOL test_hmac_ripemd160 ()
{
int nTestsPerformed = 0;
@@ -1658,10 +1035,6 @@ BOOL test_pkcs5 ()
if (!test_hmac_sha512())
return FALSE;
/* HMAC-SHA-1 tests (deprecated/legacy) */
if (test_hmac_sha1() == FALSE)
return FALSE;
/* HMAC-RIPEMD-160 tests */
if (test_hmac_ripemd160() == FALSE)
return FALSE;
@@ -1681,23 +1054,6 @@ BOOL test_pkcs5 ()
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
return FALSE;
/* PKCS-5 test 1 with HMAC-SHA-1 (deprecated/legacy) used as the PRF (derives a key longer than the underlying hash) */
derive_key_sha1 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x5c\x75\xce\xf0\x1a\x96\x0d\xf7\x4c\xb6\xb4\x9b\x9e\x38\xe6\xb5\x3b\x11\x80\xe3\x2f\xf7\xe0\xdd\xaa\xca\x8f\x81\x27\xf6\x9f\x4f\x1d\xc8\x2f\x48\x2d\xdb\x1a\x0a\xca\x90\xcb\x80\xb9\x2e\x90\x9e", 48) != 0)
return FALSE;
/* PKCS-5 test 2 with HMAC-SHA-1 (deprecated/legacy) used as the PRF */
derive_key_sha1 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x5c\x75\xce\xf0", 4) != 0)
return FALSE;
#if 0 // This test is disabled because it uses 1200 iterations (to prevent startup slowdown)
/* PKCS-5 test 3 with HMAC-SHA-1 (deprecated/legacy) used as the PRF */
derive_key_sha1 ("password", 8, "ATHENA.MIT.EDUraeburn", 21, 1200, dk, 16);
if (memcmp (dk, "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", 16) != 0)
return FALSE;
#endif
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)

83
src/Common/Volumes.c
View File

@@ -240,10 +240,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR
// Test all available PKCS5 PRFs
for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
{
BOOL lrw64InitDone = FALSE; // Deprecated/legacy
BOOL lrw128InitDone = FALSE; // Deprecated/legacy
{
if (encryptionThreadCount > 1)
{
// Enqueue key derivation on thread pool
@@ -314,12 +311,6 @@ KeyReady: ;
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
case SHA1:
// Deprecated/legacy
derive_key_sha1 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
case WHIRLPOOL:
derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -338,16 +329,6 @@ KeyReady: ;
{
switch (cryptoInfo->mode)
{
case LRW:
case CBC:
case INNER_CBC:
case OUTER_CBC:
// For LRW (deprecated/legacy), copy the tweak key
// For CBC (deprecated/legacy), copy the IV/whitening seed
memcpy (cryptoInfo->k2, dk, LEGACY_VOL_IV_SIZE);
primaryKeyOffset = LEGACY_VOL_IV_SIZE;
break;
default:
primaryKeyOffset = 0;
@@ -383,21 +364,9 @@ KeyReady: ;
goto err;
}
}
else if (cryptoInfo->mode == LRW
&& (blockSize == 8 && !lrw64InitDone || blockSize == 16 && !lrw128InitDone))
else
{
// Deprecated/legacy
if (!EAInitMode (cryptoInfo))
{
status = ERR_MODE_INIT_FAILED;
goto err;
}
if (blockSize == 8)
lrw64InitDone = TRUE;
else if (blockSize == 16)
lrw128InitDone = TRUE;
continue;
}
// Copy the header for decryption
@@ -519,15 +488,6 @@ KeyReady: ;
switch (cryptoInfo->mode)
{
case LRW:
case CBC:
case INNER_CBC:
case OUTER_CBC:
// For LRW (deprecated/legacy), the tweak key
// For CBC (deprecated/legacy), the IV/whitening seed
memcpy (cryptoInfo->k2, keyInfo.master_keydata, LEGACY_VOL_IV_SIZE);
break;
default:
// The secondary master key (if cascade, multiple concatenated)
@@ -721,18 +681,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
switch (mode)
{
case LRW:
case CBC:
case INNER_CBC:
case OUTER_CBC:
// Deprecated/legacy modes of operation
bytesNeeded = LEGACY_VOL_IV_SIZE + EAGetKeySize (ea);
// In fact, this should never be the case since volumes being newly created are not
// supposed to use any deprecated mode of operation.
TC_THROW_FATAL_EXCEPTION;
break;
default:
bytesNeeded = EAGetKeySize (ea) * 2; // Size of primary + secondary key(s)
@@ -770,12 +718,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
case SHA1:
// Deprecated/legacy
derive_key_sha1 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
case RIPEMD160:
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
@@ -859,16 +801,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
switch (mode)
{
case LRW:
case CBC:
case INNER_CBC:
case OUTER_CBC:
// For LRW (deprecated/legacy), the tweak key
// For CBC (deprecated/legacy), the IV/whitening seed
memcpy (cryptoInfo->k2, dk, LEGACY_VOL_IV_SIZE);
primaryKeyOffset = LEGACY_VOL_IV_SIZE;
break;
default:
// The secondary key (if cascade, multiple concatenated)
@@ -902,15 +834,6 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
switch (cryptoInfo->mode)
{
case LRW:
case CBC:
case INNER_CBC:
case OUTER_CBC:
// For LRW (deprecated/legacy), the tweak key
// For CBC (deprecated/legacy), the IV/whitening seed
memcpy (cryptoInfo->k2, keyInfo.master_keydata, LEGACY_VOL_IV_SIZE);
break;
default:
// The secondary master key (if cascade, multiple concatenated)