nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-24 03:53:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89.

Browse Source
This commit is contained in:
Mounir IDRASSI 2022-03-07 00:45:30 +01:00
parent 2dee49d3c8
commit 36795a688f
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
50 changed files with 481 additions and 1943 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Boot/Windows/Boot.vcxproj
View File

@ -222,6 +222,7 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH</NMakeReBuildCommandLine>
<ItemDefinitionGroup>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\..\Crypto\blake2s-ref.c" />
<ClCompile Include="BootConfig.cpp" />
<ClCompile Include="BootConsoleIo.cpp" />
<ClCompile Include="BootDebug.cpp" />
@ -240,7 +241,6 @@ nmake.exe /nologo RELEASE=1 SINGLE_CIPHER=TWOFISH</NMakeReBuildCommandLine>
<ClCompile Include="..\..\Common\Xts.c" />
<ClCompile Include="..\..\Crypto\AesSmall.c" />
<ClCompile Include="..\..\Crypto\CamelliaSmall.c" />
<ClCompile Include="..\..\Crypto\Rmd160.c" />
<ClCompile Include="..\..\Crypto\Serpent.c" />
<ClCompile Include="..\..\Crypto\Sha2Small.c" />
<ClCompile Include="..\..\Crypto\Twofish.c" />

6
src/Boot/Windows/Boot.vcxproj.filters
View File

@ -74,9 +74,6 @@
<ClCompile Include="..\..\Crypto\CamelliaSmall.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\..\Crypto\Rmd160.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\..\Crypto\Serpent.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
@ -86,6 +83,9 @@
<ClCompile Include="..\..\Crypto\Twofish.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\..\Crypto\blake2s-ref.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="BootCrt.asm">

4
src/Boot/Windows/Makefile
View File

@ -46,7 +46,7 @@ CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE /D TC_WINDOWS_BOOT_$(SI
OBJDIR = $(OBJDIR)_$(SINGLE_PRF)
CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_$(SINGLE_PRF)
!else
CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_RIPEMD160
CFLAGS = $(CFLAGS) /D TC_WINDOWS_BOOT_BLAKE2S
!endif
OUTDIR = $(OBJDIR)
@ -85,7 +85,7 @@ OBJS = $(OBJS) $(OUTDIR)\Xts.obj
!if "$(SINGLE_PRF)" == "SHA2"
OBJS = $(OBJS) $(OUTDIR)\Sha2Small.obj
!else
OBJS = $(OBJS) $(OUTDIR)\Rmd160.obj
OBJS = $(OBJS) $(OUTDIR)\blake2s-ref.obj
!endif
!if !DEFINED (SINGLE_CIPHER)

24
src/Build/Include/Makefile.inc
View File

@ -14,7 +14,7 @@ $(NAME): $(NAME).a
clean:
@echo Cleaning $(NAME)
rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) *.gch
rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d) *.gch
%.o: %.c
@echo Compiling $(<F)
@ -23,11 +23,27 @@ clean:
%.o0: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -O0 -c $< -o $@
%.osse41: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -mssse3 -msse4.1 -c $< -o $@
%.ossse3: %.c
@echo Compiling $(<F)
$(CC) $(CFLAGS) -mssse3 -c $< -o $@
%.o: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -c $< -o $@
%.osse41: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -mssse3 -msse4.1 -c $< -o $@
%.ossse3: %.cpp
@echo Compiling $(<F)
$(CXX) $(CXXFLAGS) -mssse3 -c $< -o $@
%.o: %.S
@echo Compiling $(<F)
$(CC) $(CFLAGS) -c $< -o $@
@ -72,10 +88,10 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr
# Dependencies
-include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d)
-include $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d)
$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT)
$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3)
@echo Updating library $@
$(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT)
$(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSSSE41) $(OBJSSSSE3)
$(RANLIB) $@

18
src/Common/BootEncryption.cpp
View File

@ -1705,15 +1705,11 @@ namespace VeraCrypt
ea = TWOFISH;
else if (_stricmp (request.BootEncryptionAlgorithmName, "Camellia") == 0)
ea = CAMELLIA;
#if defined(CIPHER_GOST89)
else if (_stricmp (request.BootEncryptionAlgorithmName, "GOST89") == 0)
ea = GOST89;
#endif
if (_stricmp(request.BootPrfAlgorithmName, "SHA-256") == 0)
pkcs5_prf = SHA256;
else if (_stricmp(request.BootPrfAlgorithmName, "RIPEMD-160") == 0)
pkcs5_prf = RIPEMD160;
else if (_stricmp(request.BootPrfAlgorithmName, "BLAKE2s-256") == 0)
pkcs5_prf = BLAKE2S;
else if (_stricmp(request.BootPrfAlgorithmName, "SHA-512") == 0)
pkcs5_prf = SHA512;
else if (_stricmp(request.BootPrfAlgorithmName, "Whirlpool") == 0)
@ -1721,7 +1717,7 @@ namespace VeraCrypt
else if (_stricmp(request.BootPrfAlgorithmName, "Streebog") == 0)
pkcs5_prf = STREEBOG;
else if (strlen(request.BootPrfAlgorithmName) == 0) // case of version < 1.0f
pkcs5_prf = RIPEMD160;
pkcs5_prf = BLAKE2S;
}
catch (...)
{
@ -1747,8 +1743,8 @@ namespace VeraCrypt
pkcs5_prf = SelectedPrfAlgorithmId;
}
// Only RIPEMD160 and SHA-256 are supported for MBR boot loader
if (!bIsGPT && pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
// Only BLAKE2s and SHA-256 are supported for MBR boot loader
if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256)
throw ParameterIncorrect (SRC_POS);
int bootSectorId = 0;
@ -2222,7 +2218,7 @@ namespace VeraCrypt
EfiBootConf::EfiBootConf() : passwordType (0),
passwordMsg ("Password: "),
passwordPicture ("login.bmp"),
hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: "),
hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: "),
hashAlgo (0),
requestHash (0),
pimMsg ("PIM (Leave empty for default): "),
@ -2339,7 +2335,7 @@ namespace VeraCrypt
passwordType = ReadConfigInteger (configContent, "PasswordType", 0);
passwordMsg = ReadConfigString (configContent, "PasswordMsg", "Password: ", buffer, sizeof (buffer));
passwordPicture = ReadConfigString (configContent, "PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", buffer, sizeof (buffer));
//hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
//hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) BLAKE2S (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
hashAlgo = ReadConfigInteger (configContent, "Hash", 0);
requestHash = ReadConfigInteger (configContent, "HashRqt", 1);
pimMsg = ReadConfigString (configContent, "PimMsg", "PIM: ", buffer, sizeof (buffer));

26
src/Common/Crypto.c
View File

@ -64,9 +64,6 @@ static Cipher Ciphers[] =
{ SERPENT, L"Serpent", 16, 32, 140*4 },
{ TWOFISH, L"Twofish", 16, 32, TWOFISH_KS },
{ CAMELLIA, L"Camellia", 16, 32, CAMELLIA_KS },
#if defined(CIPHER_GOST89)
{ GOST89, L"GOST89", 16, 32, GOST_KS },
#endif // defined(CIPHER_GOST89)
{ KUZNYECHIK, L"Kuznyechik",16, 32, KUZNYECHIK_KS },
#endif
{ 0, 0, 0, 0, 0 }
@ -85,9 +82,6 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
{ { SERPENT, 0 }, { XTS, 0 }, 1, 1 },
{ { TWOFISH, 0 }, { XTS, 0 }, 1, 1 },
{ { CAMELLIA, 0 }, { XTS, 0 }, 1, 1 },
#if defined(CIPHER_GOST89)
{ { GOST89, 0 }, { XTS, 0 }, 0, 0 },
#endif // defined(CIPHER_GOST89)
{ { KUZNYECHIK, 0 }, { XTS, 0 }, 0, 1 },
{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1, 1 },
@ -126,8 +120,8 @@ static Hash Hashes[] =
{ // ID Name Deprecated System Encryption
{ SHA512, L"SHA-512", FALSE, FALSE },
{ WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
{ BLAKE2S, L"BLAKE2s-256", FALSE, TRUE },
{ SHA256, L"SHA-256", FALSE, TRUE },
{ RIPEMD160, L"RIPEMD-160", TRUE, TRUE },
{ STREEBOG, L"Streebog", FALSE, FALSE },
{ 0, 0, 0 }
};
@ -168,11 +162,6 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
#endif
#if !defined(TC_WINDOWS_BOOT)
#if defined(CIPHER_GOST89)
case GOST89:
gost_set_key(key, (gost_kds*)ks, 1);
break;
#endif // && defined(CIPHER_GOST89)
case KUZNYECHIK:
kuznyechik_set_key(key, (kuznyechik_kds*)ks);
break;
@ -206,9 +195,6 @@ void EncipherBlock(int cipher, void *data, void *ks)
case CAMELLIA: camellia_encrypt (data, data, ks); break;
#endif
#if !defined(TC_WINDOWS_BOOT)
#if defined(CIPHER_GOST89)
case GOST89: gost_encrypt(data, data, ks, 1); break;
#endif // defined(CIPHER_GOST89)
case KUZNYECHIK: kuznyechik_encrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
@ -281,9 +267,6 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
else if (cipher == GOST89) {
gost_encrypt(data, data, ks, (int)blockCount);
}
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@ -307,9 +290,6 @@ void DecipherBlock(int cipher, void *data, void *ks)
case CAMELLIA: camellia_decrypt (data, data, ks); break;
#endif
#if !defined(TC_WINDOWS_BOOT)
#if defined(CIPHER_GOST89)
case GOST89: gost_decrypt(data, data, ks, 1); break;
#endif // defined(CIPHER_GOST89)
case KUZNYECHIK: kuznyechik_decrypt_block(data, data, ks); break;
#endif // !defined(TC_WINDOWS_BOOT)
@ -398,9 +378,6 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#endif
}
#endif
else if (cipher == GOST89) {
gost_decrypt(data, data, ks, (int)blockCount);
}
else
{
size_t blockSize = CipherGetBlockSize (cipher);
@ -466,7 +443,6 @@ int CipherGetKeyScheduleSize (int cipherId)
BOOL CipherSupportsIntraDataUnitParallelization (int cipher)
{
return (cipher == AES && IsAesHwCpuSupported())
|| (cipher == GOST89)
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
|| (cipher == SERPENT && HasSSE2())
|| (cipher == KUZNYECHIK && HasSSE2())

14
src/Common/Crypto.h
View File

@ -53,7 +53,7 @@ enum
SHA512 = FIRST_PRF_ID,
WHIRLPOOL,
SHA256,
RIPEMD160,
BLAKE2S,
STREEBOG,
HASH_ENUM_END_ID
};
@ -61,8 +61,8 @@ enum
// The last PRF to try when mounting and also the number of implemented PRFs
#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
#define RIPEMD160_BLOCKSIZE 64
#define RIPEMD160_DIGESTSIZE 20
#define BLAKE2S_BLOCKSIZE 64
#define BLAKE2S_DIGESTSIZE 32
#define SHA256_BLOCKSIZE 64
#define SHA256_DIGESTSIZE 32
@ -112,7 +112,6 @@ enum
SERPENT,
TWOFISH,
CAMELLIA,
GOST89,
KUZNYECHIK
};
@ -173,7 +172,7 @@ typedef struct
#ifdef TC_WINDOWS_BOOT
#define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
#else
#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
#define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
#endif
#endif
@ -200,12 +199,11 @@ typedef struct
#endif
#include "Twofish.h"
#include "Rmd160.h"
#include "blake2.h"
#ifndef TC_WINDOWS_BOOT
# include "Sha2.h"
# include "Whirlpool.h"
# include "Streebog.h"
# include "GostCipher.h"
# include "kuznyechik.h"
# include "Camellia.h"
#if !defined (_UEFI)
@ -252,7 +250,7 @@ typedef struct CRYPTO_INFO_t
uint16 HeaderVersion;
#ifdef TC_WINDOWS_DRIVER
unsigned __int8 master_keydata_hash[RIPEMD160_DIGESTSIZE];
unsigned __int8 master_keydata_hash[BLAKE2S_DIGESTSIZE];
#else
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */

19
src/Common/Dlgcode.c
View File

@ -6412,7 +6412,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
{
BYTE digest [MAX_DIGESTSIZE];
WHIRLPOOL_CTX wctx;
RMD160_CTX rctx;
blake2s_state bctx;
sha512_ctx s2ctx;
sha256_ctx s256ctx;
STREEBOG_CTX stctx;
@ -6441,10 +6441,10 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
sha256_end ((unsigned char *) digest, &s256ctx);
break;
case RIPEMD160:
RMD160Init(&rctx);
RMD160Update(&rctx, lpTestBuffer, benchmarkBufferSize);
RMD160Final((unsigned char *) digest, &rctx);
case BLAKE2S:
blake2s_init(&bctx);
blake2s_update(&bctx, lpTestBuffer, benchmarkBufferSize);
blake2s_final(&bctx, (unsigned char *) digest);
break;
case WHIRLPOOL:
@ -6509,9 +6509,9 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
case BLAKE2S:
/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:
@ -7895,9 +7895,6 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000");
if (idTestCipher == AES || idTestCipher == SERPENT || idTestCipher == TWOFISH || idTestCipher == CAMELLIA
#if defined(CIPHER_GOST89)
|| idTestCipher == GOST89
#endif
|| idTestCipher == KUZNYECHIK
)
{

4
src/Common/EncryptionThreadPool.c
View File

@ -248,8 +248,8 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
case DeriveKeyWork:
switch (workItem->KeyDerivation.Pkcs5Prf)
{
case RIPEMD160:
derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
case BLAKE2S:
derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;

292
src/Common/Pkcs5.c
View File

@ -16,7 +16,7 @@
#include <memory.h>
#include <stdlib.h>
#endif
#include "Rmd160.h"
#include "blake2.h"
#ifndef TC_WINDOWS_BOOT
#include "Sha2.h"
#include "Whirlpool.h"
@ -550,100 +550,131 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32
#endif // TC_WINDOWS_BOOT
#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_RIPEMD160)
#if !defined(TC_WINDOWS_BOOT) || defined(TC_WINDOWS_BOOT_BLAKE2S)
typedef struct hmac_ripemd160_ctx_struct
typedef struct hmac_blake2s_ctx_struct
{
RMD160_CTX context;
RMD160_CTX inner_digest_ctx; /*pre-computed inner digest context */
RMD160_CTX outer_digest_ctx; /*pre-computed outer digest context */
char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the RIPEMD-160 hash */
char u[RIPEMD160_DIGESTSIZE];
} hmac_ripemd160_ctx;
blake2s_state ctx;
blake2s_state inner_digest_ctx; /*pre-computed inner digest context */
blake2s_state outer_digest_ctx; /*pre-computed outer digest context */
char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */
char u[BLAKE2S_DIGESTSIZE];
} hmac_blake2s_ctx;
void hmac_ripemd160_internal (char *input_digest, int len, hmac_ripemd160_ctx* hmac)
void hmac_blake2s_internal
(
char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */
int ld, /* length of input data in bytes */
hmac_blake2s_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */
)
{
RMD160_CTX* context = &(hmac->context);
blake2s_state* ctx = &(hmac->ctx);
/**** Restore Precomputed Inner Digest Context ****/
memcpy (context, &(hmac->inner_digest_ctx), sizeof (RMD160_CTX));
memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (blake2s_state));
RMD160Update(context, (const unsigned char *) input_digest, len); /* then text of datagram */
RMD160Final((unsigned char *) input_digest, context); /* finish up 1st pass */
blake2s_update (ctx, d, ld);
blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */
/**** Restore Precomputed Outer Digest Context ****/
memcpy (context, &(hmac->outer_digest_ctx), sizeof (RMD160_CTX));
memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state));
/* results of 1st hash */
RMD160Update(context, (const unsigned char *) input_digest, RIPEMD160_DIGESTSIZE);
RMD160Final((unsigned char *) input_digest, context); /* finish up 2nd pass */
blake2s_update (ctx, d, SHA256_DIGESTSIZE);
blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */
}
#ifndef TC_WINDOWS_BOOT
void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
void hmac_blake2s
(
char *k, /* secret key */
int lk, /* length of the key in bytes */
char *d, /* data */
int ld /* length of data in bytes */
)
{
hmac_ripemd160_ctx hmac;
RMD160_CTX* ctx;
unsigned char* k_pad = (unsigned char*) hmac.k; /* inner/outer padding - key XORd with ipad */
unsigned char tk[RIPEMD160_DIGESTSIZE];
int i;
/* If the key is longer than the hash algorithm block size,
let key = ripemd160(key), as per HMAC specifications. */
if (keylen > RIPEMD160_BLOCKSIZE)
hmac_blake2s_ctx hmac;
blake2s_state* ctx;
char* buf = hmac.k;
int b;
char key[BLAKE2S_DIGESTSIZE];
#if defined (DEVICE_DRIVER)
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
#ifdef _WIN64
XSTATE_SAVE SaveState;
if (IsCpuIntel() && HasSAVX())
saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
#else
KFLOATING_SAVE floatingPointState;
if (HasSSE2())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
#endif
/* If the key is longer than the hash algorithm block size,
let key = blake2s(key), as per HMAC specifications. */
if (lk > BLAKE2S_BLOCKSIZE)
{
RMD160_CTX tctx;
blake2s_state tctx;
RMD160Init(&tctx);
RMD160Update(&tctx, (const unsigned char *) key, keylen);
RMD160Final(tk, &tctx);
blake2s_init (&tctx);
blake2s_update (&tctx, k, lk);
blake2s_final (&tctx, (unsigned char *) key);
key = (char *) tk;
keylen = RIPEMD160_DIGESTSIZE;
k = key;
lk = BLAKE2S_DIGESTSIZE;
burn (&tctx, sizeof(tctx)); // Prevent leaks
}
burn (&tctx, sizeof(tctx)); // Prevent leaks
}
/**** Precompute HMAC Inner Digest ****/
/* perform inner RIPEMD-160 */
ctx = &(hmac.inner_digest_ctx);
/* start out by storing key in pads */
memset(k_pad, 0x36, 64);
/* XOR key with ipad and opad values */
for (i=0; i<keylen; i++)
{
k_pad[i] ^= key[i];
}
blake2s_init (ctx);
RMD160Init(ctx); /* init context for 1st pass */
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
/* Pad the key for inner digest */
for (b = 0; b < lk; ++b)
buf[b] = (char) (k[b] ^ 0x36);
memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk);
blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
/**** Precompute HMAC Outer Digest ****/
/* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
memset(k_pad, 0x5c, 64);
for (i=0; i<keylen; i++)
{
k_pad[i] ^= key[i];
}
blake2s_init (ctx);
RMD160Init(ctx); /* init context for 2nd pass */
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
for (b = 0; b < lk; ++b)
buf[b] = (char) (k[b] ^ 0x5C);
memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk);
hmac_ripemd160_internal (input_digest, len, &hmac);
blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE);
burn (&hmac, sizeof(hmac));
burn (tk, sizeof(tk));
hmac_blake2s_internal(d, ld, &hmac);
#if defined (DEVICE_DRIVER)
if (NT_SUCCESS (saveStatus))
#ifdef _WIN64
KeRestoreExtendedProcessorStateVC(&SaveState);
#else
KeRestoreFloatingPointState (&floatingPointState);
#endif
#endif
/* Prevent leaks */
burn(&hmac, sizeof(hmac));
burn(key, sizeof(key));
}
#endif
static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int b, hmac_ripemd160_ctx* hmac)
static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
{
char* k = hmac->k;
char* u = hmac->u;
uint32 c;
int i;
int i;
#ifdef TC_WINDOWS_BOOT
/* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
@ -653,11 +684,11 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
c = iterations >> 16;
i = ((int) iterations) & 0x01;
if (i)
c = (c == 0)? 327661 : c << 11;
c = (c == 0)? 200000 : c << 11;
else
c = (c == 0)? 655331 : 15000 + c * 1000;
c = (c == 0)? 500000 : 15000 + c * 1000;
#else
c = iterations;
c = iterations;
#endif
/* iteration 1 */
@ -665,7 +696,7 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
/* big-endian block number */
#ifdef TC_WINDOWS_BOOT
/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256*/
/* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */
memset (&k[salt_len], 0, 3);
k[salt_len + 3] = (char) b;
#else
@ -673,14 +704,14 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
memcpy (&k[salt_len], &b, 4);
#endif
hmac_ripemd160_internal (k, salt_len + 4, hmac);
memcpy (u, k, RIPEMD160_DIGESTSIZE);
hmac_blake2s_internal (k, salt_len + 4, hmac);
memcpy (u, k, BLAKE2S_DIGESTSIZE);
/* remaining iterations */
while ( c > 1)
while (c > 1)
{
hmac_ripemd160_internal (k, RIPEMD160_DIGESTSIZE, hmac);
for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
hmac_blake2s_internal (k, BLAKE2S_DIGESTSIZE, hmac);
for (i = 0; i < BLAKE2S_DIGESTSIZE; i++)
{
u[i] ^= k[i];
}
@ -688,86 +719,107 @@ static void derive_u_ripemd160 (char *salt, int salt_len, uint32 iterations, int
}
}
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
hmac_blake2s_ctx hmac;
blake2s_state* ctx;
char* buf = hmac.k;
int b, l, r;
hmac_ripemd160_ctx hmac;
RMD160_CTX* ctx;
unsigned char* k_pad = (unsigned char*) hmac.k;
#ifndef TC_WINDOWS_BOOT
unsigned char tk[RIPEMD160_DIGESTSIZE];
char key[BLAKE2S_DIGESTSIZE];
#if defined (DEVICE_DRIVER)
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
#ifdef _WIN64
XSTATE_SAVE SaveState;
if (IsCpuIntel() && HasSAVX())
saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState);
#else
KFLOATING_SAVE floatingPointState;
if (HasSSE2())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
#endif
/* If the password is longer than the hash algorithm block size,
let password = ripemd160(password), as per HMAC specifications. */
if (pwd_len > RIPEMD160_BLOCKSIZE)
let pwd = blake2s(pwd), as per HMAC specifications. */
if (pwd_len > BLAKE2S_BLOCKSIZE)
{
RMD160_CTX tctx;
blake2s_state tctx;
RMD160Init(&tctx);
RMD160Update(&tctx, (const unsigned char *) pwd, pwd_len);
RMD160Final(tk, &tctx);
blake2s_init (&tctx);
blake2s_update (&tctx, pwd, pwd_len);
blake2s_final (&tctx, (unsigned char *) key);
pwd = (char *) tk;
pwd_len = RIPEMD160_DIGESTSIZE;
pwd = key;
pwd_len = SHA256_DIGESTSIZE;
burn (&tctx, sizeof(tctx)); // Prevent leaks
}
burn (&tctx, sizeof(tctx)); // Prevent leaks
}
#endif
if (dklen % RIPEMD160_DIGESTSIZE)
if (dklen % BLAKE2S_DIGESTSIZE)
{
l = 1 + dklen / RIPEMD160_DIGESTSIZE;
l = 1 + dklen / BLAKE2S_DIGESTSIZE;
}
else
{
l = dklen / RIPEMD160_DIGESTSIZE;
l = dklen / BLAKE2S_DIGESTSIZE;
}
r = dklen - (l - 1) * RIPEMD160_DIGESTSIZE;
r = dklen - (l - 1) * BLAKE2S_DIGESTSIZE;
/**** Precompute HMAC Inner Digest ****/
/* perform inner RIPEMD-160 */
ctx = &(hmac.inner_digest_ctx);
/* start out by storing key in pads */
memset(k_pad, 0x36, 64);
/* XOR key with ipad and opad values */
for (b=0; b<pwd_len; b++)
{
k_pad[b] ^= pwd[b];
}
blake2s_init (ctx);
RMD160Init(ctx); /* init context for 1st pass */
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with inner pad */
/* Pad the key for inner digest */
for (b = 0; b < pwd_len; ++b)
buf[b] = (char) (pwd[b] ^ 0x36);
memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len);
blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
/**** Precompute HMAC Outer Digest ****/
/* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
memset(k_pad, 0x5c, 64);
for (b=0; b<pwd_len; b++)
{
k_pad[b] ^= pwd[b];
}
blake2s_init (ctx);
RMD160Init(ctx); /* init context for 2nd pass */
RMD160Update(ctx, k_pad, RIPEMD160_BLOCKSIZE); /* start with outer pad */
for (b = 0; b < pwd_len; ++b)
buf[b] = (char) (pwd[b] ^ 0x5C);
memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len);
blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE);
/* first l - 1 blocks */
for (b = 1; b < l; b++)
{
derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
memcpy (dk, hmac.u, RIPEMD160_DIGESTSIZE);
dk += RIPEMD160_DIGESTSIZE;
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
memcpy (dk, hmac.u, BLAKE2S_DIGESTSIZE);
dk += BLAKE2S_DIGESTSIZE;
}
/* last block */
derive_u_ripemd160 (salt, salt_len, iterations, b, &hmac);
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
memcpy (dk, hmac.u, r);
#if defined (DEVICE_DRIVER)
if (NT_SUCCESS (saveStatus))
#ifdef _WIN64
KeRestoreExtendedProcessorStateVC(&SaveState);
#else
KeRestoreFloatingPointState (&floatingPointState);
#endif
#endif
/* Prevent possible leaks. */
burn (&hmac, sizeof(hmac));
#ifndef TC_WINDOWS_BOOT
burn (tk, sizeof(tk));
burn (key, sizeof(key));
#endif
}
#endif // TC_WINDOWS_BOOT
#endif
#ifndef TC_WINDOWS_BOOT
@ -1210,8 +1262,8 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id)
case SHA256:
return L"HMAC-SHA-256";
case RIPEMD160:
return L"HMAC-RIPEMD-160";
case BLAKE2S:
return L"HMAC-BLAKE2s";
case WHIRLPOOL:
return L"HMAC-Whirlpool";
@ -1238,11 +1290,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
switch (pkcs5_prf_id)
{
case RIPEMD160:
case BLAKE2S:
if (truecryptMode)
return bBoot ? 1000 : 2000;
return 0; // BLAKE2s not supported by TrueCrypt
else if (pim == 0)
return bBoot? 327661 : 655331;
return bBoot? 200000 : 500000;
else
{
return bBoot? pim * 2048 : 15000 + pim * 1000;
@ -1290,14 +1342,14 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE
if (truecryptMode)
{
if ( (bootType == PRF_BOOT_GPT)
|| (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160)
|| (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL && pkcs5_prf_id != RIPEMD160)
|| (bootType == PRF_BOOT_MBR)
|| (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL)
)
return 0;
}
else
{
if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != RIPEMD160 && pkcs5_prf_id != SHA256)
if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256)
|| (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID))
)
return 0;

6
src/Common/Pkcs5.h
View File

@ -20,9 +20,9 @@
extern "C"
{
#endif
/* output written to input_digest which must be at lease 20 bytes long */
void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len);
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to input_digest which must be at lease 32 bytes long */
void hmac_blake2s (char *key, int keylen, char *input_digest, int len);
void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to d which must be at lease 32 bytes long */
void hmac_sha256 (char *k, int lk, char *d, int ld);

18
src/Common/Random.c
View File

@ -263,7 +263,7 @@ BOOL Randmix ()
{
unsigned char hashOutputBuffer [MAX_DIGESTSIZE];
WHIRLPOOL_CTX wctx;
RMD160_CTX rctx;
blake2s_state bctx;
sha512_ctx sctx;
sha256_ctx s256ctx;
STREEBOG_CTX stctx;
@ -271,8 +271,8 @@ BOOL Randmix ()
switch (HashFunction)
{
case RIPEMD160:
digestSize = RIPEMD160_DIGESTSIZE;
case BLAKE2S:
digestSize = BLAKE2S_DIGESTSIZE;
break;
case SHA512:
@ -303,10 +303,10 @@ BOOL Randmix ()
/* Compute the message digest of the entire pool using the selected hash function. */
switch (HashFunction)
{
case RIPEMD160:
RMD160Init(&rctx);
RMD160Update(&rctx, pRandPool, RNG_POOL_SIZE);
RMD160Final(hashOutputBuffer, &rctx);
case BLAKE2S:
blake2s_init(&bctx);
blake2s_update(&bctx, pRandPool, RNG_POOL_SIZE);
blake2s_final(&bctx, hashOutputBuffer);
break;
case SHA512:
@ -349,8 +349,8 @@ BOOL Randmix ()
burn (hashOutputBuffer, MAX_DIGESTSIZE);
switch (HashFunction)
{
case RIPEMD160:
burn (&rctx, sizeof(rctx));
case BLAKE2S:
burn (&bctx, sizeof(bctx));
break;
case SHA512:

2
src/Common/Random.h
View File

@ -21,7 +21,7 @@ extern "C" {
/* RNG defines & pool pointers */
#define RNG_POOL_SIZE 320 // Must be divisible by the size of the output of each of the implemented hash functions. (in bytes)
#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % RIPEMD160_DIGESTSIZE
#if RNG_POOL_SIZE % SHA512_DIGESTSIZE || RNG_POOL_SIZE % WHIRLPOOL_DIGESTSIZE || RNG_POOL_SIZE % BLAKE2S_DIGESTSIZE
#error RNG_POOL_SIZE must be divisible by the size of the output of each of the implemented hash functions.
#endif

6
src/Common/Tcdefs.h
View File

@ -52,6 +52,10 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#endif // defined(_UEFI)
#ifdef TC_WINDOWS_BOOT
#include <stddef.h>
#endif
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
@ -92,6 +96,7 @@ typedef __int8 int8;
typedef __int16 int16;
typedef __int32 int32;
typedef unsigned __int8 byte;
typedef unsigned __int8 uint8;
typedef unsigned __int16 uint16;
typedef unsigned __int32 uint32;
@ -118,6 +123,7 @@ typedef int16_t int16;
typedef int32_t int32;
typedef int64_t int64;
typedef uint8_t byte;
typedef uint8_t uint8;
typedef uint16_t uint16;
typedef uint32_t uint32;
typedef uint64_t uint64;

186
src/Common/Tests.c
View File

@ -374,27 +374,6 @@ CAMELLIA_TEST camellia_vectors[CAMELLIA_TEST_COUNT] = {
0xAD, 0x5C, 0x4D, 0x84
}
};
#if defined(CIPHER_GOST89)
// GOST89 ECB test vectors
#define GOST89_TEST_COUNT 1
typedef struct {
unsigned char key[32];
unsigned char plaintext[16];
unsigned char ciphertext[16];
} GOST89_TEST;
GOST89_TEST gost89_vectors[GOST89_TEST_COUNT] = {
{
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44,
0x33, 0x22, 0x11, 0x00, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xFE, 0xDC, 0xBA, 0x98,
0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF,
0x02, 0x9D, 0xBD, 0x9F
}
};
#endif
// Kuznyechik ECB test vectors
#define KUZNYECHIK_TEST_COUNT 4
@ -503,22 +482,34 @@ char *hmac_sha512_test_vectors[] =
"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
};
char *hmac_ripemd160_test_keys[] =
char *hmac_blake2s_test_keys[] =
{
"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",
"\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33",
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
"Jefe",
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19",
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
};
char *hmac_ripemd160_test_data[] =
char *hmac_blake2s_test_data[] =
{
"message digest",
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
"Hi There",
"what do ya want for nothing?",
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
"Test Using Larger Than Block-Size Key - Hash Key First",
"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
};
char *hmac_ripemd160_test_vectors[] =
char *hmac_blake2s_test_vectors[] =
{
"\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34",
"\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9",
"\x65\xa8\xb7\xc5\xcc\x91\x36\xd4\x24\xe8\x2c\x37\xe2\x70\x7e\x74\xe9\x13\xc0\x65\x5b\x99\xc7\x5f\x40\xed\xf3\x87\x45\x3a\x32\x60",
"\x90\xb6\x28\x1e\x2f\x30\x38\xc9\x05\x6a\xf0\xb4\xa7\xe7\x63\xca\xe6\xfe\x5d\x9e\xb4\x38\x6a\x0e\xc9\x52\x37\x89\x0c\x10\x4f\xf0",
"\xfc\xc4\xf5\x95\x29\x50\x2e\x34\xc3\xd8\xda\x3f\xfd\xab\x82\x96\x6a\x2c\xb6\x37\xff\x5e\x9b\xd7\x01\x13\x5c\x2e\x94\x69\xe7\x90",
"\x46\x44\x34\xdc\xbe\xce\x09\x5d\x45\x6a\x1d\x62\xd6\xec\x56\xf8\x98\xe6\x25\xa3\x9e\x5c\x52\xbd\xf9\x4d\xaf\x11\x1b\xad\x83\xaa",
"\xd2\x3d\x79\x39\x4f\x53\xd5\x36\xa0\x96\xe6\x51\x44\x47\xee\xaa\xbb\x05\xde\xd0\x1b\xe3\x2c\x19\x37\xda\x6a\x8f\x71\x03\xbc\x4e",
"\xcb\x60\xf6\xa7\x91\xf1\x40\xbf\x8a\xa2\xe5\x1f\xf3\x58\xcd\xb2\xcc\x5c\x03\x33\x04\x5b\x7f\xb7\x7a\xba\x7a\xb3\xb0\xcf\xb2\x37",
};
char *hmac_whirlpool_test_key =
@ -628,6 +619,32 @@ HashTestVector Streebog512TestVectors[] = {
{NULL, NULL}
};
/* https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt */
HashTestVector Blake2sTestVectors[] = {
{"",
"69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9"
},
{"61",
"4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90"
},
{"616263",
"508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982"
},
{"6d65737361676520646967657374",
"fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c"
},
{"6162636465666768696a6b6c6d6e6f707172737475767778797a",
"bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12"
},
{"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839",
"c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b"
},
{"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930",
"fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66"
},
{NULL, NULL}
};
unsigned char ks_tmp[MAX_EXPANDED_KEY];
void CipherInit2(int cipher, void* key, void* ks, int key_len)
@ -650,11 +667,6 @@ void CipherInit2(int cipher, void* key, void* ks, int key_len)
case CAMELLIA:
CipherInit(cipher,key,ks);
break;
#if defined(CIPHER_GOST89)
case GOST89:
CipherInit(cipher,key,ks);
break;
#endif // defined(CIPHER_GOST89)
case KUZNYECHIK:
CipherInit(cipher, key, ks);
break;
@ -850,34 +862,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
break;
}
}
#if defined(CIPHER_GOST89)
else if (wcscmp (name, L"GOST89") == 0)
{
switch (testCase)
{
case 0:
if (crc != 0x12194ef5)
return FALSE;
nTestsPerformed++;
break;
case 1:
if (crc != 0xda8d429b)
return FALSE;
nTestsPerformed++;
break;
case 2:
if (crc != 0xdbf0b12e)
return FALSE;
nTestsPerformed++;
break;
case 3:
if (crc != 0xb986eb4a)
return FALSE;
nTestsPerformed++;
break;
}
}
#endif
else if (wcscmp (name, L"Kuznyechik") == 0)
{
switch (testCase)
@ -1234,14 +1218,6 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
return FALSE;
nTestsPerformed++;
}
#if defined(CIPHER_GOST89)
else if (wcscmp (name, L"GOST89") == 0)
{
if (crc != 0x9e8653cb)
return FALSE;
nTestsPerformed++;
}
#endif
else if (wcscmp (name, L"Kuznyechik") == 0)
{
if (crc != 0xd6d39cdb)
@ -1319,11 +1295,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
nTestsPerformed++;
}
#if defined(CIPHER_GOST89)
return (nTestsPerformed == 160);
#else
return (nTestsPerformed == 155);
#endif
return (nTestsPerformed == 150);
}
static BOOL DoAutoTestAlgorithms (void)
@ -1466,28 +1438,6 @@ static BOOL DoAutoTestAlgorithms (void)
if (i != KUZNYECHIK_TEST_COUNT)
bFailed = TRUE;
#if defined(CIPHER_GOST89)
/* GOST89 */
for (i = 0; i < GOST89_TEST_COUNT; i++)
{
int cipher = GOST89;
memcpy(key, gost89_vectors[i].key, 32);
memcpy(tmp, gost89_vectors[i].plaintext, 16);
gost_set_key(key, (gost_kds*)ks_tmp, 0);
EncipherBlock(cipher, tmp, ks_tmp);
if (memcmp(gost89_vectors[i].ciphertext, tmp, 16) != 0)
break;
DecipherBlock(cipher, tmp, ks_tmp);
if (memcmp(gost89_vectors[i].plaintext, tmp, 16) != 0)
break;
}
if (i != GOST89_TEST_COUNT)
bFailed = TRUE;
#endif
/* PKCS #5 and HMACs */
if (!test_pkcs5 ())
bFailed = TRUE;
@ -1599,23 +1549,29 @@ BOOL test_hmac_sha512 ()
return (nTestsPerformed == 6);
}
BOOL test_hmac_ripemd160 ()
BOOL test_hmac_blake2s ()
{
int nTestsPerformed = 0;
unsigned int i;
int nTestsPerformed = 0;
for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++)
for (i = 0; i < sizeof (hmac_blake2s_test_data) / sizeof(char *); i++)
{
char digest[1024]; /* large enough to hold digets and test vector inputs */
memcpy (digest, hmac_ripemd160_test_data[i], strlen (hmac_ripemd160_test_data[i]));
hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, digest, (int) strlen (hmac_ripemd160_test_data[i]));
if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0)
memcpy (digest, hmac_blake2s_test_data[i], strlen (hmac_blake2s_test_data[i]));
hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) strlen (hmac_blake2s_test_data[i]));
if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
return FALSE;
else
nTestsPerformed++;
}
return (nTestsPerformed == 2);
return (nTestsPerformed == 6);
}
int __cdecl Blake2sHash (unsigned char* input, unsigned long inputLen, unsigned char* output)
{
blake2s(output, input, (size_t) inputLen);
return BLAKE2S_DIGESTSIZE;
}
BOOL test_hmac_whirlpool ()
@ -1686,8 +1642,12 @@ BOOL test_pkcs5 ()
if (!test_hmac_sha512())
return FALSE;
/* HMAC-RIPEMD-160 tests */
if (test_hmac_ripemd160() == FALSE)
/* HMAC-BLAKE2s tests */
if (test_hmac_blake2s() == FALSE)
return FALSE;
/* Blake2s hash tests */
if (RunHashTest (Blake2sHash, Blake2sTestVectors, (HasSSE2())? TRUE : FALSE) == FALSE)
return FALSE;
/* HMAC-Whirlpool tests */
@ -1733,14 +1693,14 @@ BOOL test_pkcs5 ()
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
return FALSE;
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
return FALSE;
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
/* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */
derive_key_blake2s ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)
return FALSE;
/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */

2
src/Common/Tests.h
View File

@ -19,7 +19,7 @@ extern unsigned char ks_tmp[MAX_EXPANDED_KEY];
void CipherInit2(int cipher, void* key, void* ks, int key_len);
BOOL test_hmac_sha512 (void);
BOOL test_hmac_ripemd160 (void);
BOOL test_hmac_blake2s (void);
BOOL test_hmac_whirlpool (void);
BOOL test_pkcs5 (void);
BOOL TestSectorBufEncryption ();

34
src/Common/Volumes.c
View File

@ -27,6 +27,8 @@
#ifndef DEVICE_DRIVER
#include "Random.h"
#else
#include "cpu.h"
#endif
#endif // !defined(_UEFI)
@ -378,8 +380,8 @@ KeyReady: ;
switch (pkcs5_prf)
{
case RIPEMD160:
derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
case BLAKE2S:
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break;
@ -577,12 +579,22 @@ KeyReady: ;
memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
#ifdef TC_WINDOWS_DRIVER
{
RMD160_CTX ctx;
RMD160Init (&ctx);
RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
RMD160Update (&ctx, header, sizeof(header));
RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
blake2s_state ctx;
#ifndef _WIN64
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
KFLOATING_SAVE floatingPointState;
if (HasSSE2())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
blake2s_init (&ctx);
blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
blake2s_update (&ctx, header, sizeof(header));
blake2s_final (&ctx, cryptoInfo->master_keydata_hash);
burn(&ctx, sizeof (ctx));
#ifndef _WIN64
if (NT_SUCCESS (saveStatus))
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#else
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
@ -709,7 +721,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#else
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
derive_key_blake2s (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#endif
@ -792,7 +804,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCR
#ifdef TC_WINDOWS_BOOT_SHA2
cryptoInfo->pkcs5 = SHA256;
#else
cryptoInfo->pkcs5 = RIPEMD160;
cryptoInfo->pkcs5 = BLAKE2S;
#endif
memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk));
@ -981,8 +993,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
case RIPEMD160:
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
case BLAKE2S:
derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;

6
src/Core/RandomNumberGenerator.cpp
View File

@ -252,7 +252,7 @@ namespace VeraCrypt
void RandomNumberGenerator::Test ()
{
shared_ptr <Hash> origPoolHash = PoolHash;
PoolHash.reset (new Ripemd160());
PoolHash.reset (new Blake2s());
Pool.Zero();
Buffer buffer (1);
@ -262,14 +262,14 @@ namespace VeraCrypt
AddToPool (buffer);
}
if (Crc32::ProcessBuffer (Pool) != 0x2de46d17)
if (Crc32::ProcessBuffer (Pool) != 0x9ae2fff8)
throw TestFailed (SRC_POS);
buffer.Allocate (PoolSize);
buffer.CopyFrom (PeekPool());
AddToPool (buffer);
if (Crc32::ProcessBuffer (Pool) != 0xcb88e019)
if (Crc32::ProcessBuffer (Pool) != 0x391135a7)
throw TestFailed (SRC_POS);
PoolHash = origPoolHash;

3
src/Core/Unix/Linux/CoreLinux.cpp
View File

@ -303,8 +303,7 @@ namespace VeraCrypt
void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const
{
bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS));
bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (GOST89))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))
|| (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))

21
src/Crypto/Crypto.vcxproj
View File

@ -197,16 +197,6 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win32 -Ox --prefix _ -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
@ -214,12 +204,15 @@
<ItemGroup>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
<ClCompile Include="blake2s.c" />
<ClCompile Include="blake2s_SSE2.c" />
<ClCompile Include="blake2s_SSE41.c" />
<ClCompile Include="blake2s_SSSE3.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
<ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@ -227,7 +220,6 @@
<ClCompile Include="kuznyechik.c" />
<ClCompile Include="kuznyechik_simd.c" />
<ClCompile Include="rdrand.c" />
<ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@ -243,6 +235,9 @@
<ClInclude Include="Aes_hw_cpu.h" />
<ClInclude Include="Aesopt.h" />
<ClInclude Include="Aestab.h" />
<ClInclude Include="blake2s-load-sse2.h" />
<ClInclude Include="blake2s-load-sse41.h" />
<ClInclude Include="blake2s-round.h" />
<ClInclude Include="Camellia.h" />
<ClInclude Include="chacha256.h" />
<ClInclude Include="chachaRng.h" />
@ -250,13 +245,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
<ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
<ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />

36
src/Crypto/Crypto.vcxproj.filters
View File

@ -24,9 +24,6 @@
<ClCompile Include="cpu.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Rmd160.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Sha2.c">
<Filter>Source Files</Filter>
</ClCompile>
@ -36,9 +33,6 @@
<ClCompile Include="Whirlpool.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="GostCipher.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="kuznyechik.c">
<Filter>Source Files</Filter>
</ClCompile>
@ -81,6 +75,18 @@
<ClCompile Include="t1ha2_selfcheck.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSE2.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSE41.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="blake2s_SSSE3.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Aes.h">
@ -107,9 +113,6 @@
<ClInclude Include="misc.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Rmd160.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Sha2.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -119,9 +122,6 @@
<ClInclude Include="Whirlpool.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="GostCipher.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="kuznyechik.h">
<Filter>Header Files</Filter>
</ClInclude>
@ -164,6 +164,15 @@
<ClInclude Include="t1ha_selfcheck.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-load-sse2.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-load-sse41.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="blake2s-round.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="Aes_hw_cpu.asm">
@ -175,9 +184,6 @@
<CustomBuild Include="Aes_x86.asm">
<Filter>Source Files</Filter>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<Filter>Source Files</Filter>
</CustomBuild>
<CustomBuild Include="Twofish_x64.S">
<Filter>Source Files</Filter>
</CustomBuild>

23
src/Crypto/Crypto_vs2019.vcxproj
View File

@ -297,24 +297,6 @@
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
</CustomBuild>
<CustomBuild Include="Gost89_x64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Command Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"
</Command>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
</CustomBuild>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Aescrypt.c">
@ -325,12 +307,12 @@
</ClCompile>
<ClCompile Include="Aeskey.c" />
<ClCompile Include="Aestab.c" />
<ClCompile Include="blake2s.c" />
<ClCompile Include="Camellia.c" />
<ClCompile Include="chacha-xmm.c" />
<ClCompile Include="chacha256.c" />
<ClCompile Include="chachaRng.c" />
<ClCompile Include="cpu.c" />
<ClCompile Include="GostCipher.c" />
<ClCompile Include="jitterentropy-base.c">
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Disabled</Optimization>
<Optimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Disabled</Optimization>
@ -345,7 +327,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="Rmd160.c" />
<ClCompile Include="SerpentFast.c" />
<ClCompile Include="SerpentFast_simd.cpp" />
<ClCompile Include="Sha2.c" />
@ -368,13 +349,11 @@
<ClInclude Include="chacha_u4.h" />
<ClInclude Include="config.h" />
<ClInclude Include="cpu.h" />
<ClInclude Include="GostCipher.h" />
<ClInclude Include="jitterentropy-base-user.h" />
<ClInclude Include="jitterentropy.h" />
<ClInclude Include="kuznyechik.h" />
<ClInclude Include="misc.h" />
<ClInclude Include="rdrand.h" />
<ClInclude Include="Rmd160.h" />
<ClInclude Include="SerpentFast.h" />
<ClInclude Include="SerpentFast_sbox.h" />
<ClInclude Include="Sha2.h" />

265
src/Crypto/GostCipher.c
View File

@ -1,265 +0,0 @@
/** @file
GOST89 implementation
Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the Apache License, Version 2.0.
The full text of the license may be found at
https://opensource.org/licenses/Apache-2.0
Dynamic SBOX idea is from GostCrypt project. Copyright (c) 2008-2011 TrueCrypt Developers Association
**/
#include "GostCipher.h"
#include "Streebog.h"
#include "cpu.h"
#if defined(CIPHER_GOST89)
// Crypto Pro
byte S_CryptoPro[8][16] = {
{0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC},
{0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB},
{0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3},
{0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5},
{0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3},
{0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD},
{0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8},
{0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF}
};
// TC26
byte S_TC26[8][16] =
{
{ 0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, 0x1 },
{ 0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, 0xf },
{ 0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, 0x0 },
{ 0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, 0xb },
{ 0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, 0xc },
{ 0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, 0x0 },
{ 0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, 0x7 },
{ 0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, 0x2 },
};
void gost_prepare_kds(gost_kds* kds) {
uint32 i;
// Build substitution tables.
for (i = 0; i < 256; ++i) {
uint32 p;
p = kds->sbox[7][i >> 4] << 4 | kds->sbox[6][i & 15];
p = p << 24; p = p << 11 | p >> 21;
kds->sbox_cvt[i] = p; // S87
p = kds->sbox[5][i >> 4] << 4 | kds->sbox[4][i & 15];
p = p << 16; p = p << 11 | p >> 21;
kds->sbox_cvt[256 + i] = p; // S65
p = kds->sbox[3][i >> 4] << 4 | kds->sbox[2][i & 15];
p = p << 8; p = p << 11 | p >> 21;
kds->sbox_cvt[256 * 2 + i] = p; // S43
p = kds->sbox[1][i >> 4] << 4 | kds->sbox[0][i & 15];
p = p << 11 | p >> 21;
kds->sbox_cvt[256 * 3 + i] = p; // S21
}
}
static void xor_s_box(byte s_box[8][16], byte *seed)
{
int i;
for (i = 0; i < 16; i++)
{
s_box[0][i] ^= (seed[ (i * 4) + 0 ] ) & 0xF;
s_box[1][i] ^= (seed[ (i * 4) + 0 ]>>4) & 0xF;
s_box[2][i] ^= (seed[ (i * 4) + 1 ] ) & 0xF;
s_box[3][i] ^= (seed[ (i * 4) + 1 ]>>4) & 0xF;
s_box[4][i] ^= (seed[ (i * 4) + 2 ] ) & 0xF;
s_box[5][i] ^= (seed[ (i * 4) + 2 ]>>4) & 0xF;
s_box[6][i] ^= (seed[ (i * 4) + 3 ] ) & 0xF;
s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF;
}
}
void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox)
{
memcpy(ks->key, key, GOST_KEYSIZE);
memcpy(ks->sbox, S_TC26, sizeof(ks->sbox));
if (useDynamicSbox)
{
STREEBOG_CTX sctx;
byte sbox_seed[64];
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
if (HasSSE2() || HasSSE41())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
//Generate pseudorandom data based on the key
STREEBOG_init(&sctx);
STREEBOG_add(&sctx, ks->key, 32);
STREEBOG_finalize(&sctx, sbox_seed);
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
if (NT_SUCCESS (saveStatus))
KeRestoreFloatingPointState (&floatingPointState);
#endif
xor_s_box(ks->sbox, sbox_seed);
}
gost_prepare_kds(ks);
}
static uint32 f(uint32 v, uint32* sbox){
byte* x =(byte*) &v;
/* Do substitutions */
return sbox[x[3]] | sbox[256 + x[2]] | sbox[256*2 + x[1]] | sbox[256*3 + x[0]];
}
void gost_encrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
uint32* in = (uint32*)&in_;
uint32* out = (uint32*)out_;
uint32* key = (uint32*)kds->key;
uint32* sbox = kds->sbox_cvt;
// As named in the GOST
uint32 n1 = in[0];
uint32 n2 = in[1];
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
// There is no swap after the last round
out[0] = n2;
out[1] = n1;
}
void gost_decrypt_block(uint64 in_, uint64* out_, gost_kds* kds) {
uint32* in = (uint32*)&in_;
uint32* out = (uint32*)out_;
uint32* key = (uint32*)kds->key;
uint32* sbox = kds->sbox_cvt;
// As named in the GOST
uint32 n1 = in[0];
uint32 n2 = in[1];
n2 ^= f(n1+key[0], sbox);
n1 ^= f(n2+key[1], sbox);
n2 ^= f(n1+key[2], sbox);
n1 ^= f(n2+key[3], sbox);
n2 ^= f(n1+key[4], sbox);
n1 ^= f(n2+key[5], sbox);
n2 ^= f(n1+key[6], sbox);
n1 ^= f(n2+key[7], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
n2 ^= f(n1+key[7], sbox);
n1 ^= f(n2+key[6], sbox);
n2 ^= f(n1+key[5], sbox);
n1 ^= f(n2+key[4], sbox);
n2 ^= f(n1+key[3], sbox);
n1 ^= f(n2+key[2], sbox);
n2 ^= f(n1+key[1], sbox);
n1 ^= f(n2+key[0], sbox);
out[0] = n2;
out[1] = n1;
}
#if defined(_M_AMD64)
void gost_encrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
void gost_decrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count);
#endif
void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count) {
#if defined(_M_AMD64)
gost_encrypt_128_CBC_asm(in, out, ks, (uint64)count);
#else
while (count > 0) {
// encrypt two blocks in CBC mode
gost_encrypt_block(*((uint64*)in), (uint64*)out, ks);
*((gst_udword*)(out + 8)) = *((gst_udword*)(in + 8)) ^ *((gst_udword*)(out));
*((gst_udword*)(out + 12)) = *((gst_udword*)(in + 12)) ^ *((gst_udword*)(out + 4));
gost_encrypt_block(*((uint64*)(out + 8)), (uint64*)(out + 8), ks);
count--;
in += 16;
out += 16;
}
#endif
}
void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count) {
#if defined(_M_AMD64)
gost_decrypt_128_CBC_asm(in, out, ks, (uint64)count);
#else
while (count > 0) {
// decrypt two blocks in CBC mode
gost_decrypt_block(*((uint64*)(in + 8)), (uint64*)(out + 8), ks);
*((gst_udword*)(out + 8)) ^= *((gst_udword*)(in));;
*((gst_udword*)(out + 12)) ^= *((gst_udword*)(in + 4));;
gost_decrypt_block(*((uint64*)(in)), (uint64*)(out), ks);
count--;
in += 16;
out += 16;
}
#endif
}
#endif

68
src/Crypto/GostCipher.h
View File

@ -1,68 +0,0 @@
/*
Copyright (c) 2008-2011 TrueCrypt Developers Association. All rights reserved.
Governed by the TrueCrypt License 3.0 the full text of which is contained in
the file License.txt included in TrueCrypt binary and source code distribution
packages.
*/
#ifndef GOST_CIPHER_H
#define GOST_CIPHER_H
#include "Common/Tcdefs.h"
#include "config.h"
#include "misc.h"
#ifdef __cplusplus
extern "C" {
#endif
//In unsigned chars
#define GOST_KEYSIZE 32
#define GOST_BLOCKSIZE 8
#define GOST_SBOX_SIZE 16
//Production setting, but can be turned off to compare the algorithm with other implementations
#define CIPHER_GOST89
#define GOST_DYNAMIC_SBOXES
#if defined(CIPHER_GOST89)
#ifdef GST_WINDOWS_BOOT
typedef int gst_word;
typedef long gst_dword;
typedef unsigned int gst_uword;
typedef unsigned long gst_udword;
#else
typedef short gst_word;
typedef int gst_dword;
typedef unsigned short gst_uword;
typedef unsigned int gst_udword;
#endif
typedef struct gost_kds
{
CRYPTOPP_ALIGN_DATA(16) byte key[32];
gst_udword sbox_cvt[256 * 4];
byte sbox[8][16];
} gost_kds;
#define GOST_KS (sizeof(gost_kds))
void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count);
void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count);
void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox);
#else
#define GOST_KS (0)
#endif
#ifdef __cplusplus
}
#endif
#endif

3
src/Crypto/Makefile.inc
View File

@ -16,9 +16,6 @@ VC_MLEXE = ml64.exe
TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj": gost89_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).lst" gost89_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)

500
src/Crypto/Rmd160.c
View File

@ -1,500 +0,0 @@
// RIPEMD-160 written and placed in the public domain by Wei Dai
/*
* This code implements the MD4 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*/
/* Adapted for TrueCrypt */
/* Adapted for VeraCrypt */
#if !defined(_UEFI)
#include <memory.h>
#endif // !defined(_UEFI)
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Rmd160.h"
#define F(x, y, z) (x ^ y ^ z)
#define G(x, y, z) (z ^ (x & (y^z)))
#define H(x, y, z) (z ^ (x | ~y))
#define I(x, y, z) (y ^ (z & (x^y)))
#define J(x, y, z) (x ^ (y | ~z))
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (byte) ((value) >> 56); \
(cp)[6] = (byte) ((value) >> 48); \
(cp)[5] = (byte) ((value) >> 40); \
(cp)[4] = (byte) ((value) >> 32); \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#ifndef TC_MINIMIZE_CODE_SIZE
static byte PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
#else
static byte PADDING[64];
#endif
void RMD160Init (RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xefcdab89;
ctx->state[2] = 0x98badcfe;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xc3d2e1f0;
PADDING[0] = 0x80;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg)
{
#ifndef TC_WINDOWS_BOOT
uint64 len = lenArg;
#else
uint32 len = lenArg;
#endif
unsigned int have, need;
/* Check how many bytes we already have and how many more we need. */
have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
need = RIPEMD160_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += len;
if (len >= need) {
if (have != 0) {
memcpy (ctx->buffer + have, input, (size_t) need);
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */
while (len >= RIPEMD160_BLOCK_LENGTH) {
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input);
input += RIPEMD160_BLOCK_LENGTH;
len -= RIPEMD160_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
memcpy (ctx->buffer + have, input, (size_t) len);
}
/*
* Pad pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
static void RMD160Pad(RMD160_CTX *ctx)
{
byte count[8];
uint32 padlen;
/* Convert count to 8 bytes in little endian order. */
#ifndef TC_WINDOWS_BOOT
uint64 bitcount = ctx->count << 3;
PUT_64BIT_LE(count, bitcount);
#else
*(uint32 *) (count + 4) = 0;
*(uint32 *) (count + 0) = ctx->count << 3;
#endif
/* Pad out to 56 mod 64. */
padlen = RIPEMD160_BLOCK_LENGTH -
(uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
padlen += RIPEMD160_BLOCK_LENGTH;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, count, 8);
}
/*
* Final wrapup--call RMD160Pad, fill in digest and zero out ctx.
*/
void RMD160Final(unsigned char *digest, RMD160_CTX *ctx)
{
int i;
RMD160Pad(ctx);
if (digest) {
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
#ifndef TC_WINDOWS_BOOT
burn (ctx, sizeof(*ctx));
#endif
}
}
#ifndef TC_MINIMIZE_CODE_SIZE
#define word32 unsigned __int32
#define k0 0
#define k1 0x5a827999UL
#define k2 0x6ed9eba1UL
#define k3 0x8f1bbcdcUL
#define k4 0xa953fd4eUL
#define k5 0x50a28be6UL
#define k6 0x5c4dd124UL
#define k7 0x6d703ef3UL
#define k8 0x7a6d76e9UL
#define k9 0
static word32 rotlFixed (word32 x, unsigned int y)
{
return (word32)((x<<y) | (x>>(sizeof(word32)*8-y)));
}
#define Subround(f, a, b, c, d, e, x, s, k) \
a += f(b, c, d) + x + k;\
a = rotlFixed((word32)a, s) + e;\
c = rotlFixed((word32)c, 10U)
void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data)
{
#if BYTE_ORDER == LITTLE_ENDIAN
const word32 *X = data;
#else
word32 X[16];
int i;
#endif
word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
a1 = a2 = digest[0];
b1 = b2 = digest[1];
c1 = c2 = digest[2];
d1 = d2 = digest[3];
e1 = e2 = digest[4];
#if BYTE_ORDER == BIG_ENDIAN
for (i = 0; i < 16; i++)
{
X[i] = LE32 (data[i]);
}
#endif
Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0);
Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0);
Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0);
Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0);
Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0);
Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0);
Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0);
Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0);
Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1);
Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1);
Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1);
Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1);
Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1);
Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1);
Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1);
Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2);
Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2);
Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2);
Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2);
Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2);
Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2);
Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2);
Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3);
Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3);
Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3);
Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3);
Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3);
Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3);
Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3);
Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3);
Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4);
Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4);
Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4);
Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4);
Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4);
Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4);
Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4);
Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4);
Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4);
Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5);
Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5);
Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5);
Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5);
Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5);
Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5);
Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5);
Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5);
Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6);
Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6);
Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6);
Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6);
Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6);
Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6);
Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6);
Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7);
Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7);
Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7);
Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7);
Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7);
Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7);
Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8);
Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8);
Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8);
Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8);
Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8);
Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8);
Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8);
Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8);
Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8);
Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8);
Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9);
Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9);
Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9);
Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9);
Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9);
Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9);
Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9);
c1 = digest[1] + c1 + d2;
digest[1] = digest[2] + d1 + e2;
digest[2] = digest[3] + e1 + a2;
digest[3] = digest[4] + a1 + b2;
digest[4] = digest[0] + b1 + c2;
digest[0] = c1;
}
#else // TC_MINIMIZE_CODE_SIZE
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic (_lrotl)
static const byte OrderTab[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
};
static const byte RolTab[] = {
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
};
static const uint32 KTab[] = {
0x00000000UL,
0x5A827999UL,
0x6ED9EBA1UL,
0x8F1BBCDCUL,
0xA953FD4EUL,
0x50A28BE6UL,
0x5C4DD124UL,
0x6D703EF3UL,
0x7A6D76E9UL,
0x00000000UL
};
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data)
{
uint32 a, b, c, d, e;
uint32 a2, b2, c2, d2, e2;
byte pos;
uint32 tmp;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
for (pos = 0; pos < 160; ++pos)
{
tmp = a + data[OrderTab[pos]] + KTab[pos >> 4];
switch (pos >> 4)
{
case 0: case 9: tmp += F (b, c, d); break;
case 1: case 8: tmp += G (b, c, d); break;
case 2: case 7: tmp += H (b, c, d); break;
case 3: case 6: tmp += I (b, c, d); break;
case 4: case 5: tmp += J (b, c, d); break;
}
tmp = _lrotl (tmp, RolTab[pos]) + e;
a = e;
e = d;
d = _lrotl (c, 10);
c = b;
b = tmp;
if (pos == 79)
{
a2 = a;
b2 = b;
c2 = c;
d2 = d;
e2 = e;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
}
}
tmp = state[1] + c2 + d;
state[1] = state[2] + d2 + e;
state[2] = state[3] + e2 + a;
state[3] = state[4] + a2 + b;
state[4] = state[0] + b2 + c;
state[0] = tmp;
}
#endif // TC_MINIMIZE_CODE_SIZE

33
src/Crypto/Rmd160.h
View File

@ -1,33 +0,0 @@
#ifndef TC_HEADER_Crypto_Ripemd160
#define TC_HEADER_Crypto_Ripemd160
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define RIPEMD160_BLOCK_LENGTH 64
typedef struct RMD160Context
{
unsigned __int32 state[5];
#ifndef TC_WINDOWS_BOOT
uint64 count;
#else
uint32 count;
#endif
unsigned char buffer[RIPEMD160_BLOCK_LENGTH];
} RMD160_CTX;
void RMD160Init (RMD160_CTX *ctx);
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data);
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len);
void RMD160Final (unsigned char *digest, RMD160_CTX *ctx);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Ripemd160

8
src/Crypto/Sources
View File

@ -7,7 +7,6 @@ NTTARGETFILES = \
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj" \
"$(OBJ_PATH)\$(O)\rdrand_ml.obj" \
"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Twofish_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Camellia_aesni_$(TC_ARCH).obj" \
@ -22,19 +21,21 @@ NTTARGETFILES = \
SOURCES = \
Aes_$(TC_ARCH).asm \
gost89_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
rdrand_ml.asm \
rdseed_ml.asm \
Aeskey.c \
Aestab.c \
blake2s.c \
blake2s_SSE2.c \
blake2s_SSE41.c \
blake2s_SSSE3.c \
chacha-xmm.c \
chacha256.c \
chachaRng.c \
cpu.c \
jitterentropy-base.c \
rdrand.c \
Rmd160.c \
SerpentFast.c \
SerpentFast_simd.cpp \
Sha2.c \
@ -43,7 +44,6 @@ SOURCES = \
t1ha2_selfcheck.c \
Twofish.c \
Twofish_$(TC_ARCH).S \
GostCipher.c \
Streebog.c \
kuznyechik.c \
kuznyechik_simd.c \

6
src/Crypto/config.h
View File

@ -128,6 +128,12 @@
#define CRYPTOPP_SSSE3_AVAILABLE 0
# endif
#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64)
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1
#else
#define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0
#endif
#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__))
#define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
#else

11
src/Crypto/cpu.h
View File

@ -134,6 +134,11 @@ extern __m128i _mm_slli_epi16(__m128i _A, int _Count);
extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8);
extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0);
extern __m128i _mm_set1_epi64x (__int64 a);
extern __m128i _mm_castps_si128(__m128);
extern __m128 _mm_castsi128_ps(__m128i);
extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8);
extern __m128i _mm_srli_si128(__m128i _A, int _Imm);
extern __m128i _mm_slli_si128(__m128i _A, int _Imm);
#define _mm_xor_si64 _m_pxor
#define _mm_empty _m_empty
#define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \
@ -148,12 +153,12 @@ extern __m128i _mm_set1_epi64x (__int64 a);
#endif
#if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER)
#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
extern __m128i _mm_alignr_epi8 (__m128i a, __m128i b, int n);
#if defined(__cplusplus)
}
#endif
@ -162,13 +167,14 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#endif
#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER)
#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER)
#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)
#if defined(__cplusplus)
extern "C" {
#endif
extern int _mm_extract_epi32(__m128i src, const int ndx);
extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx);
extern __m128i _mm_blend_epi16 (__m128i v1, __m128i v2, const int mask);
#if defined(_M_X64)
extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx);
#endif
@ -200,7 +206,6 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
#include <wmmintrin.h>
#endif
#endif
#endif
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64

483
src/Crypto/gost89_x64.asm
View File

@ -1,483 +0,0 @@
;
; GOST89 implementation x64
;
; Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov
;
; This program and the accompanying materials
; are licensed and made available under the terms and conditions
; of the Apache License, Version 2.0.
;
; The full text of the license may be found at
; https://opensource.org/licenses/Apache-2.0
;
; Some ideas from article https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/
;
[section .bss align=16]
;///////////////////////////////////////////////////////////////////
;// Win64 registers to save
;///////////////////////////////////////////////////////////////////
%macro SaveRegs 0
sub rsp,8*8+10*16
mov [rsp], rbx
mov [rsp+8], rbp
mov [rsp+8*2], rdi
mov [rsp+8*3], rsi
mov [rsp+8*4], r12
mov [rsp+8*5], r13
mov [rsp+8*6], r14
mov [rsp+8*7], r15
%endmacro
%macro RestoreRegs 0
mov rbx, [rsp]
mov rbp, [rsp+8]
mov rdi, [rsp+8*2]
mov rsi, [rsp+8*3]
mov r12, [rsp+8*4]
mov r13, [rsp+8*5]
mov r14, [rsp+8*6]
mov r15, [rsp+8*7]
add rsp,8*8+10*16
%endmacro
[section .text align=16]
;///////////////////////////////////////////////////////////////////
;// Crypting 2 blocks
;///////////////////////////////////////////////////////////////////
%macro gost_round2 2 ; 1 - pos1, 2 - pos2
; 1st
; 1-2 byte
add ecx, r13d ; add key
movzx edi, cl
movzx esi, ch
xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr ecx, 16
; 3-4 áàéò
movzx edi, cl
xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, ch
xor r14d, dword [r8 + 32 + rsi*4]
mov edx, [r8 + %1*4] ; read key for second step
; 2nd
; 1-2 byte
add eax, r10d ; read key
movzx r15d, al
movzx ebp, ah
xor r11d, dword [r8 + 32 + 256*3*4 + r15*4]
xor r11d, dword [r8 + 32 + 256*2*4 + rbp*4]
shr eax, 16
; 3-4 áàéò
movzx r15d, al
xor r11d, dword [r8 + 32 + 256*4 + r15*4]
movzx ebp, ah
xor r11d, dword [r8 + 32 + rbp*4]
mov ebx, [r8 + %1*4] ; read key for second step
; second step
; 1st
; 1-2 byte
add edx, r14d ; add key
movzx edi, dl
movzx esi, dh
xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr edx, 16
; 3-4 áàéò
movzx edi, dl
xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, dh
xor r13d, dword [r8 + 32 + rsi*4]
mov ecx, [r8 + %2*4] ; read key
; 2nd
; 1-2 byte
add ebx, r11d; ; add key
movzx r15d, bl;
movzx ebp, bh;
xor r10d, dword [r8 + 32 + 256*3*4 + r15*4]
xor r10d, dword [r8 + 32 + 256*2*4 + rbp*4]
shr ebx, 16
; 3-4 áàéò
movzx r15d, bl
xor r10d, dword [r8 + 32 + 256*4 + r15*4]
movzx ebp, bh
xor r10d, dword [r8 + 32 + rbp*4]
mov eax, [r8 + %2*4] ; read key
%endmacro
; input: r8 - &key, rcx - &IN
; returns: (r13) & (r10)
GostEncrypt2x64:
; 1st
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
; 2nd
mov r10d, [rcx + 16]
mov r11, [rcx + 16]
shr r11, 32
mov ecx, [r8]
mov eax, ecx
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 0
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 0
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 0
shl r13, 32 ; combine
or r13, r14
shl r10, 32 ; combine
or r10, r11
ret
; input: r8 - &key, rcx - &IN
; returns: (r13) & (r10)
GostDecrypt2x64:
; 1st
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
; 2nd
mov r10d, [rcx + 16]
mov r11, [rcx + 16]
shr r11, 32
mov ecx, [r8]
mov eax, ecx
gost_round2 1, 2
gost_round2 3, 4
gost_round2 5, 6
gost_round2 7, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 7
gost_round2 6, 5
gost_round2 4, 3
gost_round2 2, 1
gost_round2 0, 0
shl r13, 32 ; combine
or r13, r14
shl r10, 32 ; combine
or r10, r11
ret
;///////////////////////////////////////////////////////////////////
;// Crypting 1 block
;///////////////////////////////////////////////////////////////////
%macro gost_round1 2 ; 1 - pos1, 2 - pos2
; 1-2 byte
add ecx, r13d ; add key
movzx edi, cl
movzx esi, ch
xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr ecx, 16
; 3-4 áàéò
movzx edi, cl
xor r14d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, ch
xor r14d, dword [r8 + 32 + rsi*4]
mov edx, [r8 + %1*4] ; read key for second step
; second step
; 1-2 byte
add edx, r14d ; add key
movzx edi, dl
movzx esi, dh
xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4]
xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4]
shr edx, 16
; 3-4 áàéò
movzx edi, dl
xor r13d, dword [r8 + 32 + 256*4 + rdi*4]
movzx esi, dh
xor r13d, dword [r8 + 32 + rsi*4]
mov ecx, [r8 + %2*4] ; read key
%endmacro
; input: r8 - &gost_kds rcx - &IN
; returns: r13
GostEncrypt1x64:
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
mov ecx, [r8]
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 0
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 0
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 0
shl r13, 32 ; combine
or r13, r14
ret
; input: r8 - &gost_kds rcx - IN
; returns: r13
GostDecrypt1x64:
mov r13d, [rcx]
mov r14, [rcx]
shr r14, 32
mov ecx, [r8]
gost_round1 1, 2
gost_round1 3, 4
gost_round1 5, 6
gost_round1 7, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 7
gost_round1 6, 5
gost_round1 4, 3
gost_round1 2, 1
gost_round1 0, 0
shl r13, 32 ; combine
or r13, r14
ret
global gost_encrypt_128_CBC_asm ; gost_encrypt_128_CBC_asm(uint64* in, uint64* out, gost_kds* kds, uint64 count);
; rcx - &in
; rdx - &out
; r8 - &gost_kds
; r9 - count
gost_encrypt_128_CBC_asm:
SaveRegs ; Saving
sub rsp, 32
mov [rsp], rdx ; Save out addr
mov [rsp + 8], rcx ; Save in addr
mov [rsp + 16], r8 ; key addr
.do:
mov [rsp + 24], r9 ; Save count
cmp r9, 2
jge .blk2
cmp r9, 1
jge .blk1
jmp .end
; One 128 block encryption
.blk1:
mov rcx, [rsp + 8] ; set in addr
call GostEncrypt1x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; restore in
mov [rdx], r13
mov rax, [rcx + 8]
xor rax, r13 ; CBC
add rdx, 8 ;next 8 bytes
mov [rdx], rax
mov rcx, rdx
call GostEncrypt1x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx + 8], r13
add rdx,16
mov [rsp], rdx
add rcx, 16
mov [rsp+8], rcx
mov r9, [rsp + 24]
dec r9
jmp .do
.blk2:
mov rcx, [rsp + 8] ; set in addr
call GostEncrypt2x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; restore in
mov [rdx], r13
mov rax, [rcx + 8]
xor rax, r13 ; CBC
mov [rdx + 16], r10
mov rbx, [rcx + 24]
xor rbx, r10 ; CBC
mov [rdx + 8], rax
mov [rdx + 24], rbx
add rdx, 8 ;next 8 bytes
mov rcx, rdx
call GostEncrypt2x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx + 8], r13
mov [rdx + 24], r10
add rdx,32
mov [rsp], rdx
add rcx, 32
mov [rsp+8], rcx
mov r9, [rsp + 24]
sub r9, 2
jmp .do
.end:
add rsp, 32 ; Load out addr
RestoreRegs ; Load
ret
global gost_decrypt_128_CBC_asm ; gost_decrypt_128_CBC_asm(uint64* in, uint64* out, const gost_kds* kds, uint64 count);
; rcx - &in
; rdx - &out
; r8 - &gost_kds
; r9 - count
gost_decrypt_128_CBC_asm:
SaveRegs ; Saving
sub rsp, 32
mov [rsp], rdx ; Save out addr
mov [rsp+8], rcx ; Save in addr
mov [rsp+16], r8 ; key addr
.do:
mov [rsp + 24], r9 ; Save count
cmp r9, 2
jge .blk2
cmp r9, 1
jge .blk1
jmp .end
; One 128 block decryption
.blk1:
add rcx, 8
call GostDecrypt1x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; Restore in
mov rax, [rcx]
xor rax, r13 ; CBC
mov [rdx + 8], rax
call GostDecrypt1x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx], r13
add rdx,16
mov [rsp], rdx
add rcx, 16
mov [rsp+8], rcx
mov r9, [rsp + 24]
dec r9
jmp .do
.blk2:
add rcx, 8
call GostDecrypt2x64
mov rdx, [rsp] ; Restore out
mov rcx, [rsp + 8] ; Restore in
mov rax, [rcx]
xor rax, r13 ; CBC
mov [rdx + 8], rax
mov rbx, [rcx+16]
xor rbx, r10 ; CBC
mov [rdx + 24], rbx
call GostDecrypt2x64
mov rdx, [rsp] ; Restore out addr
mov rcx, [rsp+8] ; Restore in addr
mov [rdx], r13
mov [rdx+16], r10
add rdx,32
mov [rsp], rdx
add rcx,32
mov [rsp+8], rcx
mov r9, [rsp + 24]
sub r9, 2
jmp .do
.end:
add rsp, 32 ; Load out addr
RestoreRegs ; Load
ret

5
src/Driver/Driver.vcxproj
View File

@ -192,6 +192,10 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
<ItemDefinitionGroup>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Crypto\blake2s.c" />
<ClCompile Include="..\Crypto\blake2s_SSE2.c" />
<ClCompile Include="..\Crypto\blake2s_SSE41.c" />
<ClCompile Include="..\Crypto\blake2s_SSSE3.c" />
<ClCompile Include="..\Crypto\Camellia.c" />
<ClCompile Include="..\Crypto\chacha-xmm.c" />
<ClCompile Include="..\Crypto\chacha256.c" />
@ -223,7 +227,6 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
<ClCompile Include="..\Common\Xts.c" />
<ClCompile Include="..\Crypto\Aeskey.c" />
<ClCompile Include="..\Crypto\Aestab.c" />
<ClCompile Include="..\Crypto\Rmd160.c" />
<ClCompile Include="..\Crypto\Sha2.c" />
<ClCompile Include="..\Crypto\Twofish.c" />
<ClCompile Include="..\Crypto\Whirlpool.c" />

15
src/Driver/Driver.vcxproj.filters
View File

@ -87,9 +87,6 @@
<ClCompile Include="..\Crypto\Aestab.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\Rmd160.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\Sha2.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
@ -135,6 +132,18 @@
<ClCompile Include="..\Crypto\t1ha2_selfcheck.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\blake2s.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\blake2s_SSE2.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\blake2s_SSE41.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\blake2s_SSSE3.c">
<Filter>Source Files\Crypto</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<None Include="..\Crypto\Aes_hw_cpu.asm">

11
src/Driver/veracrypt_vs2019.vcxproj
View File

@ -33,12 +33,12 @@
<ClCompile Include="..\Crypto\Aescrypt.c" />
<ClCompile Include="..\Crypto\Aeskey.c" />
<ClCompile Include="..\Crypto\Aestab.c" />
<ClCompile Include="..\Crypto\blake2s.c" />
<ClCompile Include="..\Crypto\Camellia.c" />
<ClCompile Include="..\Crypto\chacha-xmm.c" />
<ClCompile Include="..\Crypto\chacha256.c" />
<ClCompile Include="..\Crypto\chachaRng.c" />
<ClCompile Include="..\Crypto\cpu.c" />
<ClCompile Include="..\Crypto\GostCipher.c" />
<ClCompile Include="..\Crypto\jitterentropy-base.c" />
<ClCompile Include="..\Crypto\kuznyechik.c" />
<ClCompile Include="..\Crypto\kuznyechik_simd.c">
@ -53,7 +53,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</ClCompile>
<ClCompile Include="..\Crypto\Rmd160.c" />
<ClCompile Include="..\Crypto\SerpentFast.c" />
<ClCompile Include="..\Crypto\SerpentFast_simd.cpp">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
@ -309,14 +308,6 @@
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</CustomBuild>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\Crypto\Gost89_x64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
</CustomBuild>
</ItemGroup>
<ItemGroup>
<CustomBuild Include="..\Crypto\Twofish_x64.S">
<FileType>Document</FileType>

12
src/Driver/veracrypt_vs2019.vcxproj.filters
View File

@ -67,9 +67,6 @@
<ClCompile Include="..\Crypto\cpu.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\GostCipher.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\jitterentropy-base.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
@ -82,9 +79,6 @@
<ClCompile Include="..\Crypto\rdrand.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\Rmd160.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\SerpentFast.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
@ -151,6 +145,9 @@
<ClCompile Include="Ntdriver.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\Crypto\blake2s.c">
<Filter>Crypto\Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="DriveFilter.h">
@ -269,9 +266,6 @@
<CustomBuild Include="..\Crypto\Aes_x86.asm">
<Filter>Crypto\Source Files</Filter>
</CustomBuild>
<CustomBuild Include="..\Crypto\Gost89_x64.asm">
<Filter>Crypto\Source Files</Filter>
</CustomBuild>
<CustomBuild Include="..\Crypto\Twofish_x64.S">
<Filter>Crypto\Source Files</Filter>
</CustomBuild>

9
src/Format/Tcformat.c
View File

@ -4183,8 +4183,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{
// For now, we keep RIPEMD160 for system encryption
if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
}
}
@ -5605,8 +5604,6 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
Applink ("serpent");
else if (wcscmp (name, L"Twofish") == 0)
Applink ("twofish");
else if (wcscmp (name, L"GOST89") == 0)
Applink ("gost89");
else if (wcscmp (name, L"Kuznyechik") == 0)
Applink ("kuznyechik");
else if (wcscmp (name, L"Camellia") == 0)
@ -9250,8 +9247,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdVolumePkcs5 = SHA512;
else if (_wcsicmp(szTmp, L"sha256") == 0)
CmdVolumePkcs5 = SHA256;
else if (_wcsicmp(szTmp, L"ripemd160") == 0)
CmdVolumePkcs5 = RIPEMD160;
else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0))
CmdVolumePkcs5 = BLAKE2S;
else
{
/* match using internal hash names */

8
src/Makefile
View File

@ -145,6 +145,9 @@ export CPU_ARCH ?= unknown
export SIMD_SUPPORTED := 0
export DISABLE_AESNI ?= 0
export GCC_GTEQ_440 := 0
export GCC_GTEQ_430 := 0
ARCH ?= $(shell uname -m)
ifneq (,$(filter i386 i486 i586 i686 x86,$(ARCH)))
@ -201,12 +204,13 @@ ifeq "$(shell uname -s)" "Linux"
CFLAGS += -msse2
CXXFLAGS += -msse2
GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400)
GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300)
ifeq "$(DISABLE_AESNI)" "1"
CFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI
CXXFLAGS += -mno-aes -DCRYPTOPP_DISABLE_AESNI
else
GCC_GTEQ_440 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40400)
GCC_GTEQ_430 := $(shell expr `$(CC) -dumpversion | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/' -e 's/^[0-9]\{1,2\}$$/&0000/'` \>= 40300)
ifeq "$(GCC_GTEQ_440)" "1"
CFLAGS += -maes
CXXFLAGS += -maes

2
src/Mount/Favorites.cpp
View File

@ -963,7 +963,7 @@ namespace VeraCrypt
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1) || (i == RIPEMD160))
if (!favorite.SystemEncryption || (favorite.TrueCryptMode != 1))
{
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);

4
src/Mount/Mount.c
View File

@ -9598,8 +9598,8 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
CmdVolumePkcs5 = SHA512;
else if (_wcsicmp(szTmp, L"sha256") == 0)
CmdVolumePkcs5 = SHA256;
else if (_wcsicmp(szTmp, L"ripemd160") == 0)
CmdVolumePkcs5 = RIPEMD160;
else if ((_wcsicmp(szTmp, L"blake2s") == 0) || (_wcsicmp(szTmp, L"blake2s-256") == 0))
CmdVolumePkcs5 = BLAKE2S;
else
{
/* match using internal hash names */

44
src/Volume/Cipher.cpp
View File

@ -16,7 +16,6 @@
#include "Crypto/SerpentFast.h"
#include "Crypto/Twofish.h"
#include "Crypto/Camellia.h"
#include "Crypto/GostCipher.h"
#include "Crypto/kuznyechik.h"
#ifdef TC_AES_HW_CPU
@ -98,7 +97,6 @@ namespace VeraCrypt
l.push_back (shared_ptr <Cipher> (new CipherSerpent ()));
l.push_back (shared_ptr <Cipher> (new CipherTwofish ()));
l.push_back (shared_ptr <Cipher> (new CipherCamellia ()));
l.push_back (shared_ptr <Cipher> (new CipherGost89 ()));
l.push_back (shared_ptr <Cipher> (new CipherKuznyechik ()));
return l;
@ -399,48 +397,6 @@ namespace VeraCrypt
#endif
}
// GOST89
void CipherGost89::Decrypt (byte *data) const
{
gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
}
void CipherGost89::Encrypt (byte *data) const
{
gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
}
size_t CipherGost89::GetScheduledKeySize () const
{
return GOST_KS;
}
void CipherGost89::SetCipherKey (const byte *key)
{
gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 1);
}
// GOST89 with static SBOX
void CipherGost89StaticSBOX::Decrypt (byte *data) const
{
gost_decrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
}
void CipherGost89StaticSBOX::Encrypt (byte *data) const
{
gost_encrypt (data, data, (gost_kds *) ScheduledKey.Ptr(), 1);
}
size_t CipherGost89StaticSBOX::GetScheduledKeySize () const
{
return GOST_KS;
}
void CipherGost89StaticSBOX::SetCipherKey (const byte *key)
{
gost_set_key (key, (gost_kds *) ScheduledKey.Ptr(), 0);
}
// Kuznyechik
void CipherKuznyechik::Decrypt (byte *data) const
{

3
src/Volume/Cipher.h
View File

@ -108,9 +108,6 @@ namespace VeraCrypt
#undef TC_CIPHER_ADD_METHODS
#define TC_CIPHER_ADD_METHODS
TC_CIPHER (Gost89, 16, 32);
TC_CIPHER (Gost89StaticSBOX, 16, 32);
#undef TC_CIPHER

12
src/Volume/EncryptionAlgorithm.cpp
View File

@ -65,7 +65,6 @@ namespace VeraCrypt
l.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
l.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@ -301,17 +300,6 @@ namespace VeraCrypt
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
// GOST89
GOST89::GOST89 ()
{
Deprecated = true;
Ciphers.push_back (shared_ptr <Cipher> (new CipherGost89()));
SupportedModes.push_back (shared_ptr <EncryptionMode> (new EncryptionModeXTS ()));
}
// Kuznyechik
Kuznyechik::Kuznyechik ()
{

1
src/Volume/EncryptionAlgorithm.h
View File

@ -86,7 +86,6 @@ namespace VeraCrypt
TC_ENCRYPTION_ALGORITHM (TwofishSerpent);
TC_ENCRYPTION_ALGORITHM (SerpentTwofishAES);
TC_ENCRYPTION_ALGORITHM (Camellia);
TC_ENCRYPTION_ALGORITHM (GOST89);
TC_ENCRYPTION_ALGORITHM (Kuznyechik);
TC_ENCRYPTION_ALGORITHM (KuznyechikTwofish);
TC_ENCRYPTION_ALGORITHM (KuznyechikAES);

61
src/Volume/EncryptionTest.cpp
View File

@ -123,23 +123,7 @@ namespace VeraCrypt
}
}
};
static const CipherTestVector GOST89TestVectors[] =
{
{
{
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF
},
{
0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88
},
{
0x8F, 0xC6, 0xFE, 0xB8, 0x91, 0x51, 0x4C, 0x37, 0x4D, 0x51, 0x46, 0xEF, 0x02, 0x9D, 0xBD, 0x9F
}
}
};
static const CipherTestVector KuznyechikTestVectors[] =
{
{
@ -215,9 +199,6 @@ namespace VeraCrypt
CipherCamellia camellia;
TestCipher (camellia, CamelliaTestVectors, array_capacity (CamelliaTestVectors));
CipherGost89StaticSBOX gost89;
TestCipher (gost89, GOST89TestVectors, array_capacity (GOST89TestVectors));
CipherKuznyechik kuznyechik;
TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors));
}
@ -653,32 +634,6 @@ namespace VeraCrypt
break;
}
}
else if (typeid (ea) == typeid (GOST89))
{
switch (testCase)
{
case 0:
if (crc != 0x12194ef5)
throw TestFailed (SRC_POS);
nTestsPerformed++;
break;
case 1:
if (crc != 0xda8d429b)
throw TestFailed (SRC_POS);
nTestsPerformed++;
break;
case 2:
if (crc != 0xdbf0b12e)
throw TestFailed (SRC_POS);
nTestsPerformed++;
break;
case 3:
if (crc != 0xb986eb4a)
throw TestFailed (SRC_POS);
nTestsPerformed++;
break;
}
}
else if (typeid (ea) == typeid (Kuznyechik))
{
switch (testCase)
@ -1037,12 +992,6 @@ namespace VeraCrypt
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
else if (typeid (ea) == typeid (GOST89))
{
if (crc != 0x9e8653cb)
throw TestFailed (SRC_POS);
nTestsPerformed++;
}
else if (typeid (ea) == typeid (Kuznyechik))
{
if (crc != 0xd6d39cdb)
@ -1121,7 +1070,7 @@ namespace VeraCrypt
nTestsPerformed++;
}
if (nTestsPerformed != 160)
if (nTestsPerformed != 150)
throw TestFailed (SRC_POS);
}
@ -1132,9 +1081,9 @@ namespace VeraCrypt
ConstBufferPtr salt (saltData, sizeof (saltData));
Buffer derivedKey (4);
Pkcs5HmacRipemd160 pkcs5HmacRipemd160(false);
pkcs5HmacRipemd160.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x7a\x3d\x7c\x03", 4) != 0)
Pkcs5HmacBlake2s pkcs5HmacBlake2s;
pkcs5HmacBlake2s.DeriveKey (derivedKey, password, salt, 5);
if (memcmp (derivedKey.Ptr(), "\x8d\x51\xfa\x31", 4) != 0)
throw TestFailed (SRC_POS);
Pkcs5HmacSha512 pkcs5HmacSha512(false);

21
src/Volume/Hash.cpp
View File

@ -12,7 +12,7 @@
#include "Hash.h"
#include "Crypto/Rmd160.h"
#include "Crypto/blake2.h"
#include "Crypto/Sha2.h"
#include "Crypto/Whirlpool.h"
#include "Crypto/Streebog.h"
@ -25,9 +25,9 @@ namespace VeraCrypt
l.push_back (shared_ptr <Hash> (new Sha512 ()));
l.push_back (shared_ptr <Hash> (new Whirlpool ()));
l.push_back (shared_ptr <Hash> (new Blake2s ()));
l.push_back (shared_ptr <Hash> (new Sha256 ()));
l.push_back (shared_ptr <Hash> (new Streebog ()));
l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
return l;
}
@ -45,28 +45,27 @@ namespace VeraCrypt
}
// RIPEMD-160
Ripemd160::Ripemd160 ()
Blake2s::Blake2s ()
{
Deprecated = true; // Mark RIPEMD-160 as deprecated like on Windows.
Context.Allocate (sizeof (RMD160_CTX), 32);
Context.Allocate (sizeof (blake2s_state), 32);
Init();
}
void Ripemd160::GetDigest (const BufferPtr &buffer)
void Blake2s::GetDigest (const BufferPtr &buffer)
{
if_debug (ValidateDigestParameters (buffer));
RMD160Final (buffer, (RMD160_CTX *) Context.Ptr());
blake2s_final ((blake2s_state *) Context.Ptr(), buffer);
}
void Ripemd160::Init ()
void Blake2s::Init ()
{
RMD160Init ((RMD160_CTX *) Context.Ptr());
blake2s_init ((blake2s_state *) Context.Ptr());
}
void Ripemd160::ProcessData (const ConstBufferPtr &data)
void Blake2s::ProcessData (const ConstBufferPtr &data)
{
if_debug (ValidateDataParameters (data));
RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
blake2s_update ((blake2s_state *) Context.Ptr(), data.Get(), data.Size());
}
// SHA-256

20
src/Volume/Hash.h
View File

@ -48,27 +48,27 @@ namespace VeraCrypt
Hash &operator= (const Hash &);
};
// RIPEMD-160
class Ripemd160 : public Hash
// Blake2s
class Blake2s : public Hash
{
public:
Ripemd160 ();
virtual ~Ripemd160 () { }
Blake2s ();
virtual ~Blake2s () { }
virtual void GetDigest (const BufferPtr &buffer);
virtual size_t GetBlockSize () const { return 64; }
virtual size_t GetDigestSize () const { return 160 / 8; }
virtual wstring GetName () const { return L"RIPEMD-160"; }
virtual wstring GetAltName () const { return L"RIPEMD160"; }
virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Ripemd160); }
virtual size_t GetDigestSize () const { return 32; }
virtual wstring GetName () const { return L"BLAKE2s-256"; }
virtual wstring GetAltName () const { return L"BLAKE2s"; }
virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Blake2s); }
virtual void Init ();
virtual void ProcessData (const ConstBufferPtr &data);
protected:
private:
Ripemd160 (const Ripemd160 &);
Ripemd160 &operator= (const Ripemd160 &);
Blake2s (const Blake2s &);
Blake2s &operator= (const Blake2s &);
};
// SHA-256

11
src/Volume/Pkcs5Kdf.cpp
View File

@ -58,14 +58,13 @@ namespace VeraCrypt
{
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (true)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (true)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (true)));
}
else
{
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));
}
@ -78,16 +77,16 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
void Pkcs5HmacBlake2s_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
void Pkcs5HmacRipemd160_1000::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
void Pkcs5HmacBlake2s::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
derive_key_ripemd160 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
derive_key_blake2s ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
}
void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const

36
src/Volume/Pkcs5Kdf.h
View File

@ -51,38 +51,38 @@ namespace VeraCrypt
Pkcs5Kdf &operator= (const Pkcs5Kdf &);
};
class Pkcs5HmacRipemd160 : public Pkcs5Kdf
class Pkcs5HmacBlake2s_Boot : public Pkcs5Kdf
{
public:
Pkcs5HmacRipemd160 (bool truecryptMode) : Pkcs5Kdf (truecryptMode) { }
virtual ~Pkcs5HmacRipemd160 () { }
Pkcs5HmacBlake2s_Boot () : Pkcs5Kdf(false) { }
virtual ~Pkcs5HmacBlake2s_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); }
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s_Boot(); }
private:
Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &);
Pkcs5HmacRipemd160 &operator= (const Pkcs5HmacRipemd160 &);
Pkcs5HmacBlake2s_Boot (const Pkcs5HmacBlake2s_Boot &);
Pkcs5HmacBlake2s_Boot &operator= (const Pkcs5HmacBlake2s_Boot &);
};
class Pkcs5HmacRipemd160_1000 : public Pkcs5Kdf
class Pkcs5HmacBlake2s : public Pkcs5Kdf
{
public:
Pkcs5HmacRipemd160_1000 (bool truecryptMode) : Pkcs5Kdf(truecryptMode) { }
virtual ~Pkcs5HmacRipemd160_1000 () { }
Pkcs5HmacBlake2s () : Pkcs5Kdf(false) { }
virtual ~Pkcs5HmacBlake2s () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); }
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Blake2s); }
virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
virtual wstring GetName () const { return L"HMAC-BLAKE2s-256"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacBlake2s(); }
private:
Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &);
Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &);
Pkcs5HmacBlake2s (const Pkcs5HmacBlake2s &);
Pkcs5HmacBlake2s &operator= (const Pkcs5HmacBlake2s &);
};
class Pkcs5HmacSha256_Boot : public Pkcs5Kdf

12
src/Volume/Volume.make
View File

@ -71,17 +71,25 @@ else
OBJS += ../Crypto/Aescrypt.o
endif
ifeq "$(GCC_GTEQ_430)" "1"
OBJSSSE41 += ../Crypto/blake2s_SSE41.osse41
OBJSSSSE3 += ../Crypto/blake2s_SSSE3.ossse3
else
OBJS += ../Crypto/blake2s_SSE41.o
OBJS += ../Crypto/blake2s_SSSE3.o
endif
OBJS += ../Crypto/Aeskey.o
OBJS += ../Crypto/Aestab.o
OBJS += ../Crypto/cpu.o
OBJS += ../Crypto/Rmd160.o
OBJS += ../Crypto/blake2s.o
OBJS += ../Crypto/blake2s_SSE2.o
OBJS += ../Crypto/SerpentFast.o
OBJS += ../Crypto/SerpentFast_simd.o
OBJS += ../Crypto/Sha2.o
OBJS += ../Crypto/Twofish.o
OBJS += ../Crypto/Whirlpool.o
OBJS += ../Crypto/Camellia.o
OBJS += ../Crypto/GostCipher.o
OBJS += ../Crypto/Streebog.o
OBJS += ../Crypto/kuznyechik.o
OBJS += ../Crypto/kuznyechik_simd.o

8
src/Volume/VolumeLayout.cpp
View File

@ -100,7 +100,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@ -146,7 +145,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@ -199,7 +197,6 @@ namespace VeraCrypt
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Serpent ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Twofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Camellia ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new GOST89 ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new Kuznyechik ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofish ()));
SupportedEncryptionAlgorithms.push_back (shared_ptr <EncryptionAlgorithm> (new AESTwofishSerpent ()));
@ -228,11 +225,10 @@ namespace VeraCrypt
Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions (bool truecryptMode) const
{
Pkcs5KdfList l;
if (!truecryptMode)
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 (truecryptMode)));
if (!truecryptMode)
{
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacBlake2s_Boot ()));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool (false)));
l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacStreebog ()));