mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-09-20 04:46:21 +02:00
Windows: Exclude Argon2 for System Encryption and from automatic detection
Bootloader doesn't support Argon2 yet. We don't want to add overhead to automatic detection for now.
This commit is contained in:
parent
4dfe046390
commit
d317fb2f19
@ -1741,6 +1741,10 @@ namespace VeraCrypt
|
||||
if (!bIsGPT && pkcs5_prf != BLAKE2S && pkcs5_prf != SHA256)
|
||||
throw ParameterIncorrect (SRC_POS);
|
||||
|
||||
// we don't support Argon2 for system encryption for now
|
||||
if (pkcs5_prf == ARGON2)
|
||||
throw ParameterIncorrect (SRC_POS);
|
||||
|
||||
int bootSectorId = 0;
|
||||
int bootLoaderId = 0;
|
||||
|
||||
|
@ -822,6 +822,11 @@ BOOL HashForSystemEncryption (int hashId)
|
||||
|
||||
}
|
||||
|
||||
BOOL HashIsAvailable (int hashId)
|
||||
{
|
||||
return (hashId != ARGON2) && (HashGet(hashId) != 0); // Argon2 is not a hash function
|
||||
}
|
||||
|
||||
// Returns the largest key size needed by an EA for the specified mode of operation
|
||||
int EAGetLargestKeyForMode (int mode)
|
||||
{
|
||||
|
@ -378,6 +378,7 @@ Hash *HashGet (int id);
|
||||
void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId);
|
||||
BOOL HashIsDeprecated (int hashId);
|
||||
BOOL HashForSystemEncryption (int hashId);
|
||||
BOOL HashIsAvailable (int hashId);
|
||||
int GetMaxPkcs5OutSize (void);
|
||||
#endif
|
||||
|
||||
|
@ -6249,6 +6249,10 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
|
||||
{
|
||||
if (benchmarkPreBoot && !benchmarkGPT && !HashForSystemEncryption (thid))
|
||||
continue;
|
||||
|
||||
// we don't support Argon2 for system encryption
|
||||
if (benchmarkPreBoot && thid == ARGON2)
|
||||
continue;
|
||||
|
||||
if (QueryPerformanceCounter (&performanceCountStart) == 0)
|
||||
goto counter_error;
|
||||
@ -6760,7 +6764,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA
|
||||
SendMessage (hComboBox, CB_RESETCONTENT, 0, 0);
|
||||
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
|
||||
{
|
||||
if (!HashIsDeprecated (hid))
|
||||
if (!HashIsDeprecated (hid) && HashIsAvailable (hid))
|
||||
AddComboPair (hComboBox, HashGetName(hid), hid);
|
||||
}
|
||||
SelectAlgo (hComboBox, &hash_algo);
|
||||
@ -6955,7 +6959,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
|
||||
SendMessage (hComboBox, CB_RESETCONTENT, 0, 0);
|
||||
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
|
||||
{
|
||||
if (!HashIsDeprecated (hid))
|
||||
if (!HashIsDeprecated (hid) && HashIsAvailable (hid))
|
||||
AddComboPair (hComboBox, HashGetName(hid), hid);
|
||||
}
|
||||
SelectAlgo (hComboBox, &hash_algo);
|
||||
|
@ -1349,6 +1349,9 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType)
|
||||
|| (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID))
|
||||
)
|
||||
return 0;
|
||||
// we don't support Argon2 in pre-boot authentication
|
||||
if ((bootType == PRF_BOOT_MBR || bootType == PRF_BOOT_GPT) && pkcs5_prf_id == ARGON2)
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
|
||||
@ -1358,6 +1361,7 @@ void derive_key_argon2(char *pwd, int pwd_len, char *salt, int salt_len, uint32
|
||||
{
|
||||
//TODO: Implement Argon2 derivation
|
||||
// In case of failure, just fill the derived key dk with zeroes
|
||||
memset(dk, 0, dklen);
|
||||
}
|
||||
|
||||
void get_argon2_params(int pim, int* pIterations, int* pMemcost)
|
||||
|
@ -364,7 +364,8 @@ BOOL Randmix ()
|
||||
break;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
case ARGON2: // in case of Argon2, we use Blake2s
|
||||
case BLAKE2S:
|
||||
burn (&bctx, sizeof(bctx));
|
||||
break;
|
||||
|
||||
|
@ -308,6 +308,14 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||
// if a PRF is specified, we skip all other PRFs
|
||||
if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf)
|
||||
continue;
|
||||
|
||||
// we don't support Argon2 in pre-boot authentication
|
||||
if (bBoot && (enqPkcs5Prf == ARGON2))
|
||||
continue;
|
||||
|
||||
// For now, we don't included Argon2 in automatic detection
|
||||
if (selected_pkcs5_prf == 0 && enqPkcs5Prf == ARGON2)
|
||||
continue;
|
||||
|
||||
#if !defined(_UEFI)
|
||||
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
||||
@ -923,6 +931,13 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
|
||||
if (pim < 0)
|
||||
pim = 0;
|
||||
|
||||
// we don't support Argon2 in pre-boot authentication
|
||||
if (bBoot && (pkcs5_prf == ARGON2))
|
||||
{
|
||||
crypto_close (cryptoInfo);
|
||||
return ERR_PARAMETER_INCORRECT;
|
||||
}
|
||||
|
||||
memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
|
||||
#if !defined(_UEFI)
|
||||
VirtualLock (&keyInfo, sizeof (keyInfo));
|
||||
|
@ -4195,7 +4195,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
|
||||
|
||||
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
|
||||
{
|
||||
if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)))
|
||||
if ((!HashIsDeprecated (hid)) && (bSystemIsGPT || HashForSystemEncryption (hid)) && (hid != ARGON2)) // We don't support Argon2 for system encryption
|
||||
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
|
||||
}
|
||||
}
|
||||
@ -5988,7 +5988,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
|
||||
{
|
||||
HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO);
|
||||
int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
|
||||
if (!bSystemIsGPT && !HashForSystemEncryption(selectedAlgo))
|
||||
if ((!bSystemIsGPT && !HashForSystemEncryption(selectedAlgo)) || (selectedAlgo == ARGON2))
|
||||
{
|
||||
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
|
||||
RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);
|
||||
|
@ -2749,7 +2749,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
|
||||
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
|
||||
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
|
||||
|
||||
if (new_hash_algo_id != 0 && !bSystemIsGPT && !HashForSystemEncryption(new_hash_algo_id))
|
||||
if (new_hash_algo_id != 0 && (!bSystemIsGPT && !HashForSystemEncryption(new_hash_algo_id)) || (new_hash_algo_id == ARGON2))
|
||||
{
|
||||
int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
|
||||
Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
|
||||
@ -3094,7 +3094,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
|
||||
|
||||
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
|
||||
{
|
||||
if (bSystemIsGPT || HashForSystemEncryption(i))
|
||||
if ((bSystemIsGPT || HashForSystemEncryption(i)) && (i != ARGON2))
|
||||
{
|
||||
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
|
||||
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
|
||||
|
Loading…
Reference in New Issue
Block a user