From f05f6a00a6b0f150b0a0b51cd7b44b9c9193e3de Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 14 Oct 2014 21:19:53 +0200 Subject: [PATCH] Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 . --- src/Volume/Hash.cpp | 29 +++++++++++++++++++++++++++-- src/Volume/Hash.h | 22 ++++++++++++++++++++++ src/Volume/Pkcs5Kdf.cpp | 17 +++++++++++++++-- src/Volume/Pkcs5Kdf.h | 31 +++++++++++++++++++++++++++++++ src/Volume/VolumeLayout.cpp | 3 ++- 5 files changed, 97 insertions(+), 5 deletions(-) diff --git a/src/Volume/Hash.cpp b/src/Volume/Hash.cpp index b917a8e5..cc582b92 100644 --- a/src/Volume/Hash.cpp +++ b/src/Volume/Hash.cpp @@ -17,10 +17,11 @@ namespace VeraCrypt HashList Hash::GetAvailableAlgorithms () { HashList l; - - l.push_back (shared_ptr (new Ripemd160 ())); + l.push_back (shared_ptr (new Sha512 ())); l.push_back (shared_ptr (new Whirlpool ())); + l.push_back (shared_ptr (new Sha256 ())); + l.push_back (shared_ptr (new Ripemd160 ())); return l; } @@ -60,6 +61,30 @@ namespace VeraCrypt if_debug (ValidateDataParameters (data)); RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size()); } + + // SHA-256 + Sha256::Sha256 () + { + Context.Allocate (sizeof (sha256_ctx)); + Init(); + } + + void Sha256::GetDigest (const BufferPtr &buffer) + { + if_debug (ValidateDigestParameters (buffer)); + sha256_end (buffer, (sha256_ctx *) Context.Ptr()); + } + + void Sha256::Init () + { + sha256_begin ((sha256_ctx *) Context.Ptr()); + } + + void Sha256::ProcessData (const ConstBufferPtr &data) + { + if_debug (ValidateDataParameters (data)); + sha256_hash (data.Get(), (int) data.Size(), (sha256_ctx *) Context.Ptr()); + } // SHA-512 Sha512::Sha512 () diff --git a/src/Volume/Hash.h b/src/Volume/Hash.h index 70872d54..3df9f5b7 100644 --- a/src/Volume/Hash.h +++ b/src/Volume/Hash.h @@ -64,6 +64,28 @@ namespace VeraCrypt Ripemd160 (const Ripemd160 &); Ripemd160 &operator= (const Ripemd160 &); }; + + // SHA-256 + class Sha256 : public Hash + { + public: + Sha256 (); + virtual ~Sha256 () { } + + virtual void GetDigest (const BufferPtr &buffer); + virtual size_t GetBlockSize () const { return 64; } + virtual size_t GetDigestSize () const { return 256 / 8; } + virtual wstring GetName () const { return L"SHA-256"; } + virtual shared_ptr GetNew () const { return shared_ptr (new Sha256); } + virtual void Init (); + virtual void ProcessData (const ConstBufferPtr &data); + + protected: + + private: + Sha256 (const Sha256 &); + Sha256 &operator= (const Sha256 &); + }; // SHA-512 class Sha512 : public Hash diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index 6521e71a..b81cc7c4 100644 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -49,10 +49,11 @@ namespace VeraCrypt Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms () { Pkcs5KdfList l; - - l.push_back (shared_ptr (new Pkcs5HmacRipemd160 ())); + l.push_back (shared_ptr (new Pkcs5HmacSha512 ())); l.push_back (shared_ptr (new Pkcs5HmacWhirlpool ())); + l.push_back (shared_ptr (new Pkcs5HmacSha256 ())); + l.push_back (shared_ptr (new Pkcs5HmacRipemd160 ())); return l; } @@ -74,6 +75,18 @@ namespace VeraCrypt ValidateParameters (key, password, salt, iterationCount); derive_key_ripemd160 (bNotTest, (char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); } + + void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const + { + ValidateParameters (key, password, salt, iterationCount); + derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + } + + void Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const + { + ValidateParameters (key, password, salt, iterationCount); + derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size()); + } void Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const { diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 00e7a0a9..23de2c8c 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -74,7 +74,38 @@ namespace VeraCrypt Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &); Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &); }; + + class Pkcs5HmacSha256_Boot : public Pkcs5Kdf + { + public: + Pkcs5HmacSha256_Boot () { } + virtual ~Pkcs5HmacSha256_Boot () { } + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const; + virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } + virtual int GetIterationCount () const { return 200000; } + virtual wstring GetName () const { return L"HMAC-SHA-256"; } + + private: + Pkcs5HmacSha256_Boot (const Pkcs5HmacSha256_Boot &); + Pkcs5HmacSha256_Boot &operator= (const Pkcs5HmacSha256_Boot &); + }; + + class Pkcs5HmacSha256 : public Pkcs5Kdf + { + public: + Pkcs5HmacSha256 () { } + virtual ~Pkcs5HmacSha256 () { } + + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const; + virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } + virtual int GetIterationCount () const { return 500000; } + virtual wstring GetName () const { return L"HMAC-SHA-256"; } + + private: + Pkcs5HmacSha256 (const Pkcs5HmacSha256 &); + Pkcs5HmacSha256 &operator= (const Pkcs5HmacSha256 &); + }; class Pkcs5HmacSha512 : public Pkcs5Kdf { diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index a3ecab02..fb75a869 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -229,7 +229,8 @@ namespace VeraCrypt Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const { Pkcs5KdfList l; - + + l.push_back (shared_ptr (new Pkcs5HmacSha256_Boot ())); l.push_back (shared_ptr (new Pkcs5HmacRipemd160_1000 ())); return l; }