mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-06-17 01:56:10 -05:00
Linux/macOS: Implement missing Argon2 KDF support on Unix
This commit is contained in:
Mounir IDRASSI
@@ -21,9 +21,47 @@
|
||||
#endif
|
||||
#include "EncryptionTest.h"
|
||||
#include "Pkcs5Kdf.h"
|
||||
#include "VolumeHeader.h"
|
||||
|
||||
namespace VeraCrypt
|
||||
{
|
||||
#if !defined (WOLFCRYPT_BACKEND) && !defined (VC_DCS_DISABLE_ARGON2)
|
||||
class FailingArgon2Kdf : public Pkcs5Kdf
|
||||
{
|
||||
public:
|
||||
FailingArgon2Kdf () : Pkcs5Kdf() { }
|
||||
virtual ~FailingArgon2Kdf () { }
|
||||
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
|
||||
{
|
||||
(void) key;
|
||||
(void) password;
|
||||
(void) pim;
|
||||
(void) salt;
|
||||
return 1;
|
||||
}
|
||||
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
(void) key;
|
||||
(void) password;
|
||||
(void) salt;
|
||||
(void) iterationCount;
|
||||
return 1;
|
||||
}
|
||||
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2b); }
|
||||
virtual int GetIterationCount (int pim) const { return 1; }
|
||||
virtual wstring GetName () const { return L"Argon2"; }
|
||||
virtual Pkcs5Kdf* Clone () const { return new FailingArgon2Kdf(); }
|
||||
virtual bool IsArgon2 () const { return true; }
|
||||
|
||||
private:
|
||||
FailingArgon2Kdf (const FailingArgon2Kdf &);
|
||||
FailingArgon2Kdf &operator= (const FailingArgon2Kdf &);
|
||||
};
|
||||
#endif
|
||||
|
||||
void EncryptionTest::TestAll ()
|
||||
{
|
||||
TestAll (false);
|
||||
@@ -1127,37 +1165,131 @@ namespace VeraCrypt
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
Pkcs5HmacBlake2s pkcs5HmacBlake2s;
|
||||
pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
Pkcs5HmacSha512 pkcs5HmacSha512;
|
||||
pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\x13\x64\xae\xf8", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
Pkcs5HmacWhirlpool pkcs5HmacWhirlpool;
|
||||
pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacWhirlpool.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\x50\x7c\x36\x6f", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
Pkcs5HmacSha256 pkcs5HmacSha256;
|
||||
pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\xf2\xa0\x4f\xb2", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
Pkcs5HmacStreebog pkcs5HmacStreebog;
|
||||
pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacStreebog.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\xd0\x53\xa2\x30", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
#ifndef VC_DCS_DISABLE_ARGON2
|
||||
Pkcs5Argon2 pkcs5Argon2;
|
||||
static const uint8 argon2SaltData[] = { 's', 'o', 'm', 'e', 's', 'a', 'l', 't' };
|
||||
static const uint8 argon2Pim1DerivedKey[] =
|
||||
{
|
||||
0x9e, 0x87, 0x89, 0xc8, 0xb4, 0x28, 0x34, 0x22,
|
||||
0x0a, 0xfc, 0x00, 0x08, 0x5a, 0xc7, 0x3a, 0xcc,
|
||||
0x30, 0x86, 0x51, 0x21, 0x69, 0x94, 0xab, 0xbf,
|
||||
0xdd, 0xd6, 0x9b, 0x25, 0x92, 0x03, 0x2e, 0xfd
|
||||
};
|
||||
ConstBufferPtr argon2Salt (argon2SaltData, sizeof (argon2SaltData));
|
||||
Buffer argon2DerivedKey (sizeof (argon2Pim1DerivedKey));
|
||||
|
||||
// PIM 1 maps to Argon2id t=3, m=64 MiB, p=1.
|
||||
if (pkcs5Argon2.DeriveKey (argon2DerivedKey, password, 1, argon2Salt) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (argon2DerivedKey.Ptr(), argon2Pim1DerivedKey, sizeof (argon2Pim1DerivedKey)) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
try
|
||||
{
|
||||
if (pkcs5Argon2.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
throw TestFailed (SRC_POS);
|
||||
}
|
||||
catch (ParameterIncorrect&)
|
||||
{
|
||||
}
|
||||
|
||||
shared_ptr <Pkcs5Kdf> sha512Kdf (new Pkcs5HmacSha512);
|
||||
shared_ptr <Pkcs5Kdf> failingArgon2Kdf (new FailingArgon2Kdf);
|
||||
shared_ptr <EncryptionAlgorithm> ea (new AES);
|
||||
SecureBuffer headerBuffer (TC_VOLUME_HEADER_SIZE);
|
||||
SecureBuffer dataKey (ea->GetKeySize() * 2);
|
||||
SecureBuffer headerSalt (VolumeHeader::GetSaltSize());
|
||||
SecureBuffer headerKey (VolumeHeader::GetLargestSerializedKeySize());
|
||||
|
||||
for (size_t i = 0; i < dataKey.Size(); ++i)
|
||||
dataKey.Ptr()[i] = (uint8) (i + 1);
|
||||
|
||||
for (size_t i = 0; i < headerSalt.Size(); ++i)
|
||||
headerSalt.Ptr()[i] = (uint8) (i + 2);
|
||||
|
||||
if (sha512Kdf->DeriveKey (headerKey, password, 1, headerSalt) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
VolumeHeaderCreationOptions options;
|
||||
options.DataKey = dataKey;
|
||||
options.EA = ea;
|
||||
options.Kdf = sha512Kdf;
|
||||
options.HeaderKey = headerKey;
|
||||
options.Salt = headerSalt;
|
||||
options.SectorSize = TC_SECTOR_SIZE_FILE_HOSTED_VOLUME;
|
||||
options.VolumeDataStart = TC_VOLUME_HEADER_GROUP_SIZE;
|
||||
options.VolumeDataSize = TC_MIN_VOLUME_SIZE;
|
||||
options.Type = VolumeType::Normal;
|
||||
|
||||
VolumeHeader header (TC_VOLUME_HEADER_SIZE);
|
||||
header.Create (headerBuffer, options);
|
||||
|
||||
Pkcs5KdfList kdfs;
|
||||
kdfs.push_back (failingArgon2Kdf);
|
||||
kdfs.push_back (sha512Kdf);
|
||||
|
||||
EncryptionAlgorithmList encryptionAlgorithms;
|
||||
encryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AES));
|
||||
|
||||
EncryptionModeList encryptionModes;
|
||||
encryptionModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS));
|
||||
|
||||
VolumeHeader decryptedHeader (TC_VOLUME_HEADER_SIZE);
|
||||
if (!decryptedHeader.Decrypt (headerBuffer, password, 1, shared_ptr <Pkcs5Kdf> (), kdfs, encryptionAlgorithms, encryptionModes)
|
||||
|| decryptedHeader.GetPkcs5Kdf()->GetName() != sha512Kdf->GetName())
|
||||
{
|
||||
throw TestFailed (SRC_POS);
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
decryptedHeader.Decrypt (headerBuffer, password, 1, failingArgon2Kdf, kdfs, encryptionAlgorithms, encryptionModes);
|
||||
throw TestFailed (SRC_POS);
|
||||
}
|
||||
catch (ExternalException&)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
#else
|
||||
Pkcs5HmacSha256 pkcs5HmacSha256;
|
||||
pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacSha256.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\x64\xf3\xa5\xa3", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
|
||||
Pkcs5HmacSha512 pkcs5HmacSha512;
|
||||
pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5);
|
||||
if (pkcs5HmacSha512.DeriveKey (derivedKey, password, salt, 5) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
if (memcmp (derivedKey.Ptr(), "\x55\xa1\x76\xbb", 4) != 0)
|
||||
throw TestFailed (SRC_POS);
|
||||
#endif
|
||||
|
||||
+69
-11
@@ -11,8 +11,12 @@
|
||||
*/
|
||||
|
||||
#include "Common/Pkcs5.h"
|
||||
#include "Platform/StringConverter.h"
|
||||
#include "Pkcs5Kdf.h"
|
||||
#include "VolumePassword.h"
|
||||
#if !defined (WOLFCRYPT_BACKEND) && !defined (VC_DCS_DISABLE_ARGON2)
|
||||
#include "argon2.h"
|
||||
#endif
|
||||
|
||||
namespace VeraCrypt
|
||||
{
|
||||
@@ -24,16 +28,22 @@ namespace VeraCrypt
|
||||
{
|
||||
}
|
||||
|
||||
void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
|
||||
int Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
|
||||
{
|
||||
DeriveKey (key, password, salt, GetIterationCount(pim));
|
||||
return DeriveKey (key, password, salt, GetIterationCount(pim));
|
||||
}
|
||||
|
||||
wstring Pkcs5Kdf::GetDerivationFailureMessage (int result) const
|
||||
{
|
||||
(void) result;
|
||||
return L"Key derivation failed";
|
||||
}
|
||||
|
||||
shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name)
|
||||
{
|
||||
foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms())
|
||||
{
|
||||
if (kdf->GetName() == name)
|
||||
if (kdf->GetName() == name || (kdf->IsArgon2() && name == L"Argon2id"))
|
||||
return kdf;
|
||||
}
|
||||
throw ParameterIncorrect (SRC_POS);
|
||||
@@ -43,6 +53,9 @@ namespace VeraCrypt
|
||||
{
|
||||
foreach (shared_ptr <Pkcs5Kdf> kdf, GetAvailableAlgorithms())
|
||||
{
|
||||
if (kdf->IsArgon2())
|
||||
continue;
|
||||
|
||||
if (typeid (*kdf->GetHash()) == typeid (hash))
|
||||
return kdf;
|
||||
}
|
||||
@@ -60,6 +73,9 @@ namespace VeraCrypt
|
||||
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
|
||||
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
|
||||
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
|
||||
#ifndef VC_DCS_DISABLE_ARGON2
|
||||
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5Argon2 ()));
|
||||
#endif
|
||||
#endif
|
||||
return l;
|
||||
}
|
||||
@@ -71,54 +87,96 @@ namespace VeraCrypt
|
||||
}
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_blake2s (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_blake2s (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_sha256 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_sha256 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_sha512 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
void Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacWhirlpool::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_whirlpool (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
void Pkcs5HmacStreebog::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacStreebog::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_streebog (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef VC_DCS_DISABLE_ARGON2
|
||||
int Pkcs5Argon2::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
|
||||
{
|
||||
int iterationCount;
|
||||
int memoryCost;
|
||||
get_argon2_params (pim, &iterationCount, &memoryCost);
|
||||
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
return derive_key_argon2 (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, memoryCost, key.Get(), (int) key.Size(), NULL);
|
||||
}
|
||||
|
||||
int Pkcs5Argon2::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
(void) key;
|
||||
(void) password;
|
||||
(void) salt;
|
||||
(void) iterationCount;
|
||||
throw ParameterIncorrect (SRC_POS);
|
||||
}
|
||||
|
||||
wstring Pkcs5Argon2::GetDerivationFailureMessage (int result) const
|
||||
{
|
||||
return L"Argon2 key derivation failed: " + StringConverter::ToWide (argon2_error_message (result));
|
||||
}
|
||||
|
||||
int Pkcs5Argon2::GetIterationCount (int pim) const
|
||||
{
|
||||
int iterationCount;
|
||||
int memoryCost;
|
||||
get_argon2_params (pim, &iterationCount, &memoryCost);
|
||||
return iterationCount;
|
||||
}
|
||||
#endif
|
||||
|
||||
void Pkcs5HmacStreebog_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
int Pkcs5HmacStreebog_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
|
||||
{
|
||||
ValidateParameters (key, password, salt, iterationCount);
|
||||
derive_key_streebog (password.DataPtr(), (int) password.Size(), salt.Get(), (int) salt.Size(), iterationCount, key.Get(), (int) key.Size(), NULL);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
+47
-10
@@ -27,15 +27,22 @@ namespace VeraCrypt
|
||||
public:
|
||||
virtual ~Pkcs5Kdf ();
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0;
|
||||
static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name);
|
||||
static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash);
|
||||
static Pkcs5KdfList GetAvailableAlgorithms ();
|
||||
virtual shared_ptr <Hash> GetHash () const = 0;
|
||||
virtual wstring GetDerivationFailureMessage (int result) const;
|
||||
virtual int GetDefaultPim () const { return 485; }
|
||||
virtual const char *GetPimHelpMessageId () const { return "PIM_HELP"; }
|
||||
virtual const char *GetPimLargeWarningMessageId () const { return "PIM_LARGE_WARNING"; }
|
||||
virtual const char *GetPimSmallWarningMessageId () const { return "PIM_SMALL_WARNING"; }
|
||||
virtual const char *GetPimRequireLongPasswordMessageId () const { return "PIM_REQUIRE_LONG_PASSWORD"; }
|
||||
virtual int GetIterationCount (int pim) const = 0;
|
||||
virtual wstring GetName () const = 0;
|
||||
virtual Pkcs5Kdf* Clone () const = 0;
|
||||
virtual bool IsArgon2 () const { return false; }
|
||||
virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); }
|
||||
|
||||
protected:
|
||||
@@ -55,8 +62,9 @@ namespace VeraCrypt
|
||||
Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacBlake2s_Boot () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
|
||||
virtual int GetDefaultPim () const { return 98; }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
|
||||
virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
|
||||
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s_Boot(); }
|
||||
@@ -72,7 +80,7 @@ namespace VeraCrypt
|
||||
Pkcs5HmacBlake2s () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacBlake2s () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
|
||||
virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
|
||||
@@ -90,8 +98,9 @@ namespace VeraCrypt
|
||||
Pkcs5HmacSha256_Boot () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacSha256_Boot () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
|
||||
virtual int GetDefaultPim () const { return 98; }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
|
||||
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
|
||||
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); }
|
||||
@@ -107,7 +116,7 @@ namespace VeraCrypt
|
||||
Pkcs5HmacSha256 () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacSha256 () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
|
||||
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
|
||||
@@ -124,7 +133,7 @@ namespace VeraCrypt
|
||||
Pkcs5HmacSha512 () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacSha512 () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); }
|
||||
virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
|
||||
virtual wstring GetName () const { return L"HMAC-SHA-512"; }
|
||||
@@ -141,7 +150,7 @@ namespace VeraCrypt
|
||||
Pkcs5HmacWhirlpool () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacWhirlpool () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); }
|
||||
virtual int GetIterationCount (int pim) const { return (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
|
||||
virtual wstring GetName () const { return L"HMAC-Whirlpool"; }
|
||||
@@ -158,7 +167,7 @@ namespace VeraCrypt
|
||||
Pkcs5HmacStreebog () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacStreebog () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Streebog); }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
|
||||
virtual wstring GetName () const { return L"HMAC-Streebog"; }
|
||||
@@ -168,6 +177,33 @@ namespace VeraCrypt
|
||||
Pkcs5HmacStreebog (const Pkcs5HmacStreebog &);
|
||||
Pkcs5HmacStreebog &operator= (const Pkcs5HmacStreebog &);
|
||||
};
|
||||
|
||||
#ifndef VC_DCS_DISABLE_ARGON2
|
||||
class Pkcs5Argon2 : public Pkcs5Kdf
|
||||
{
|
||||
public:
|
||||
Pkcs5Argon2 () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5Argon2 () { }
|
||||
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual wstring GetDerivationFailureMessage (int result) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2b); }
|
||||
virtual int GetDefaultPim () const { return 12; }
|
||||
virtual const char *GetPimHelpMessageId () const { return "PIM_ARGON2_HELP"; }
|
||||
virtual const char *GetPimLargeWarningMessageId () const { return "PIM_ARGON2_LARGE_WARNING"; }
|
||||
virtual const char *GetPimSmallWarningMessageId () const { return "PIM_ARGON2_SMALL_WARNING"; }
|
||||
virtual const char *GetPimRequireLongPasswordMessageId () const { return "PIM_ARGON2_REQUIRE_LONG_PASSWORD"; }
|
||||
virtual int GetIterationCount (int pim) const;
|
||||
virtual wstring GetName () const { return L"Argon2"; }
|
||||
virtual Pkcs5Kdf* Clone () const { return new Pkcs5Argon2(); }
|
||||
virtual bool IsArgon2 () const { return true; }
|
||||
|
||||
private:
|
||||
Pkcs5Argon2 (const Pkcs5Argon2 &);
|
||||
Pkcs5Argon2 &operator= (const Pkcs5Argon2 &);
|
||||
};
|
||||
#endif
|
||||
|
||||
class Pkcs5HmacStreebog_Boot : public Pkcs5Kdf
|
||||
{
|
||||
@@ -175,8 +211,9 @@ namespace VeraCrypt
|
||||
Pkcs5HmacStreebog_Boot () : Pkcs5Kdf() { }
|
||||
virtual ~Pkcs5HmacStreebog_Boot () { }
|
||||
|
||||
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual int DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
|
||||
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Streebog); }
|
||||
virtual int GetDefaultPim () const { return 98; }
|
||||
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : pim * 2048; }
|
||||
virtual wstring GetName () const { return L"HMAC-Streebog"; }
|
||||
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacStreebog_Boot(); }
|
||||
|
||||
@@ -107,7 +107,14 @@ namespace VeraCrypt
|
||||
if (kdf && (kdf->GetName() != pkcs5->GetName()))
|
||||
continue;
|
||||
|
||||
pkcs5->DeriveKey (headerKey, password, pim, salt);
|
||||
int derivationResult = pkcs5->DeriveKey (headerKey, password, pim, salt);
|
||||
if (derivationResult != 0)
|
||||
{
|
||||
if (!kdf)
|
||||
continue;
|
||||
|
||||
throw ExternalException (SRC_POS, pkcs5->GetDerivationFailureMessage (derivationResult));
|
||||
}
|
||||
|
||||
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
|
||||
{
|
||||
|
||||
@@ -18,6 +18,7 @@ namespace VeraCrypt
|
||||
{
|
||||
const size_t VolumePassword::MaxLegacySize = 64;
|
||||
const size_t VolumePassword::MaxSize = 128;
|
||||
const size_t VolumePassword::SmallPimPasswordSizeThreshold = 20;
|
||||
const size_t VolumePassword::WarningSizeThreshold = 12;
|
||||
|
||||
VolumePassword::VolumePassword () : PasswordSize (0)
|
||||
|
||||
@@ -43,6 +43,7 @@ namespace VeraCrypt
|
||||
|
||||
static const size_t MaxLegacySize;
|
||||
static const size_t MaxSize;
|
||||
static const size_t SmallPimPasswordSizeThreshold;
|
||||
static const size_t WarningSizeThreshold;
|
||||
|
||||
protected:
|
||||
|
||||
Reference in New Issue
Block a user