Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160.

src/Common/Crypto.c

@@ -90,11 +90,12 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
 // Hash algorithms
 static Hash Hashes[] =
 {	// ID			Name			Deprecated		System Encryption
-	{ RIPEMD160,	"RIPEMD-160",	FALSE,			TRUE },
 #ifndef TC_WINDOWS_BOOT
 	{ SHA512,		"SHA-512",		FALSE,			FALSE },
 	{ WHIRLPOOL,	"Whirlpool",	FALSE,			FALSE },
 #endif
+	{ SHA256,		"SHA-256",		FALSE,			TRUE },
+	{ RIPEMD160,	"RIPEMD-160",	TRUE,			TRUE },
 	{ 0, 0, 0 }
 };
 
@@ -651,17 +652,42 @@ char *HashGetName (int hashId)
 #endif
 }
 
+#ifndef TC_WINDOWS_BOOT
+void HashGetName2 (char *buf, int hashId)
+{
+   Hash* pHash = HashGet(hashId);
+   if (pHash)
+		strcpy(buf, pHash -> Name);
+	else
+		buf[0] = '\0';
+}
 
 BOOL HashIsDeprecated (int hashId)
 {
-#ifdef TC_WINDOWS_BOOT
-	return HashGet(hashId) -> Deprecated;
-#else
    Hash* pHash = HashGet(hashId);
    return pHash? pHash -> Deprecated : FALSE;
-#endif
+
 }
 
+BOOL HashForSystemEncryption (int hashId)
+{
+   Hash* pHash = HashGet(hashId);
+   return pHash? pHash -> SystemEncryption : FALSE;
+
+}
+
+// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5)
+int GetMaxPkcs5OutSize (void)
+{
+	int size = 32;
+
+	size = max (size, EAGetLargestKeyForMode (XTS) * 2);	// Sizes of primary + secondary keys
+
+	return size;
+}
+
+#endif
+
 
 #endif // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
 
@@ -904,17 +930,6 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
 }
 
 
-// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5)
-int GetMaxPkcs5OutSize (void)
-{
-	int size = 32;
-
-	size = max (size, EAGetLargestKeyForMode (XTS) * 2);	// Sizes of primary + secondary keys
-
-	return size;
-}
-
-
 #else // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE