Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: Exclude Argon2 for System Encryption and from automatic detection

Browse Source 
Bootloader doesn't support Argon2 yet. We don't want to add overhead to automatic detection for now.
This commit is contained in:
Mounir IDRASSI
2024-08-24 17:53:44 +02:00
parent 7735b983bf
commit e5a0bf22b1
9 changed files with 41 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Common/BootEncryption.cpp
View File

@@ -1741,6 +1741,10 @@ namespace VeraCrypt
if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256) if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256)
throw ParameterIncorrect (SRC_POS); throw ParameterIncorrect (SRC_POS);
// we don't support Argon2 for system encryption for now
if (pkcs5_prf == ARGON2)
throw ParameterIncorrect (SRC_POS);
int bootSectorId = 0; int bootSectorId = 0;
int bootLoaderId = 0; int bootLoaderId = 0;

5
src/Common/Crypto.c
View File

@@ -822,6 +822,11 @@ BOOL HashForSystemEncryption (int hashId)
} }
BOOL HashIsAvailable (int hashId)
{
return (hashId != ARGON2) && (HashGet(hashId) != 0); // Argon2 is not a hash function
}
// Returns the largest key size needed by an EA for the specified mode of operation // Returns the largest key size needed by an EA for the specified mode of operation
int EAGetLargestKeyForMode (int mode) int EAGetLargestKeyForMode (int mode)
{ {

1
src/Common/Crypto.h
View File

@@ -378,6 +378,7 @@ Hash *HashGet (int id);
void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId); void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId);
BOOL HashIsDeprecated (int hashId); BOOL HashIsDeprecated (int hashId);
BOOL HashForSystemEncryption (int hashId); BOOL HashForSystemEncryption (int hashId);
BOOL HashIsAvailable (int hashId);
int GetMaxPkcs5OutSize (void); int GetMaxPkcs5OutSize (void);
#endif #endif

8
src/Common/Dlgcode.c
View File

@@ -6289,6 +6289,10 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
{ {
if (benchmarkPreBoot && !benchmarkGPT && !HashForSystemEncryption (thid)) if (benchmarkPreBoot && !benchmarkGPT && !HashForSystemEncryption (thid))
continue; continue;
// we don't support Argon2 for system encryption
if (benchmarkPreBoot && thid == ARGON2)
continue;
if (QueryPerformanceCounter (&performanceCountStart) == 0) if (QueryPerformanceCounter (&performanceCountStart) == 0)
goto counter_error; goto counter_error;
@@ -6800,7 +6804,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA
SendMessage (hComboBox, CB_RESETCONTENT, 0, 0); SendMessage (hComboBox, CB_RESETCONTENT, 0, 0);
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{ {
if (!HashIsDeprecated (hid)) if (!HashIsDeprecated (hid) && HashIsAvailable (hid))
AddComboPair (hComboBox, HashGetName(hid), hid); AddComboPair (hComboBox, HashGetName(hid), hid);
} }
SelectAlgo (hComboBox, &hash_algo); SelectAlgo (hComboBox, &hash_algo);
@@ -6995,7 +6999,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
SendMessage (hComboBox, CB_RESETCONTENT, 0, 0); SendMessage (hComboBox, CB_RESETCONTENT, 0, 0);
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{ {
if (!HashIsDeprecated (hid)) if (!HashIsDeprecated (hid) && HashIsAvailable (hid))
AddComboPair (hComboBox, HashGetName(hid), hid); AddComboPair (hComboBox, HashGetName(hid), hid);
} }
SelectAlgo (hComboBox, &hash_algo); SelectAlgo (hComboBox, &hash_algo);

4
src/Common/Pkcs5.c
View File

@@ -1349,6 +1349,9 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType)
|| (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID)) || (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID))
) )
return 0; return 0;
// we don't support Argon2 in pre-boot authentication
if ((bootType == PRF_BOOT_MBR || bootType == PRF_BOOT_GPT) && pkcs5_prf_id == ARGON2)
return 0;
return 1; return 1;
@@ -1358,6 +1361,7 @@ void derive_key_argon2(char *pwd, int pwd_len, char *salt, int salt_len, uint32
{ {
//TODO: Implement Argon2 derivation //TODO: Implement Argon2 derivation
// In case of failure, just fill the derived key dk with zeroes // In case of failure, just fill the derived key dk with zeroes
memset(dk, 0, dklen);
} }
void get_argon2_params(int pim, int* pIterations, int* pMemcost) void get_argon2_params(int pim, int* pIterations, int* pMemcost)

3
src/Common/Random.c
View File

@@ -364,7 +364,8 @@ BOOL Randmix ()
break; break;
#ifndef WOLFCRYPT_BACKEND #ifndef WOLFCRYPT_BACKEND
case BLAKE2S: case ARGON2: // in case of Argon2, we use Blake2s
case BLAKE2S:
burn (&bctx, sizeof(bctx)); burn (&bctx, sizeof(bctx));
break; break;

15
src/Common/Volumes.c
View File

@@ -308,6 +308,14 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
// if a PRF is specified, we skip all other PRFs // if a PRF is specified, we skip all other PRFs
if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf) if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf)
continue; continue;
// we don't support Argon2 in pre-boot authentication
if (bBoot && (enqPkcs5Prf == ARGON2))
continue;
// For now, we don't included Argon2 in automatic detection
if (selected_pkcs5_prf == 0 && enqPkcs5Prf == ARGON2)
continue;
#if !defined(_UEFI) #if !defined(_UEFI)
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
@@ -923,6 +931,13 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
if (pim < 0) if (pim < 0)
pim = 0; pim = 0;
// we don't support Argon2 in pre-boot authentication
if (bBoot && (pkcs5_prf == ARGON2))
{
crypto_close (cryptoInfo);
return ERR_PARAMETER_INCORRECT;
}
memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE); memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
#if !defined(_UEFI) #if !defined(_UEFI)
VirtualLock (&keyInfo, sizeof (keyInfo)); VirtualLock (&keyInfo, sizeof (keyInfo));

4
src/Format/Tcformat.c
View File

@@ -4195,7 +4195,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{ {
if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid))) if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)) && (hid != ARGON2)) // We don't support Argon2 for system encryption
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid); AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
} }
} }
@@ -5988,7 +5988,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{ {
HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO); HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO);
int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0); int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
if (!bSystemIsGPT && !HashForSystemEncryption(selectedAlgo)) if ((!bSystemIsGPT && !HashForSystemEncryption(selectedAlgo)) || (selectedAlgo == ARGON2))
{ {
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT); RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);

4
src/Mount/Mount.c
View File

@@ -2749,7 +2749,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
if (new_hash_algo_id != 0 && !bSystemIsGPT && !HashForSystemEncryption(new_hash_algo_id)) if (new_hash_algo_id != 0 && (!bSystemIsGPT && !HashForSystemEncryption(new_hash_algo_id)) || (new_hash_algo_id == ARGON2))
{ {
int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT; int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg); Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
@@ -3094,7 +3094,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{ {
if (bSystemIsGPT || HashForSystemEncryption(i)) if ((bSystemIsGPT || HashForSystemEncryption(i)) && (i != ARGON2))
{ {
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);