Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 .

src/Volume/Hash.cpp

@@ -17,10 +17,11 @@ namespace VeraCrypt
 	HashList Hash::GetAvailableAlgorithms ()
 	{
 		HashList l;
-
+		
-		l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
 		l.push_back (shared_ptr <Hash> (new Sha512 ()));
 		l.push_back (shared_ptr <Hash> (new Whirlpool ()));
+		l.push_back (shared_ptr <Hash> (new Sha256 ()));
+		l.push_back (shared_ptr <Hash> (new Ripemd160 ()));
 
 		return l;
 	}
@@ -60,6 +61,30 @@ namespace VeraCrypt
 		if_debug (ValidateDataParameters (data));
 		RMD160Update ((RMD160_CTX *) Context.Ptr(), data.Get(), (int) data.Size());
 	}
+	
+	// SHA-256
+	Sha256::Sha256 ()
+	{
+		Context.Allocate (sizeof (sha256_ctx));
+		Init();
+	}
+
+	void Sha256::GetDigest (const BufferPtr &buffer)
+	{
+		if_debug (ValidateDigestParameters (buffer));
+		sha256_end (buffer, (sha256_ctx *) Context.Ptr());
+	}
+
+	void Sha256::Init ()
+	{
+		sha256_begin ((sha256_ctx *) Context.Ptr());
+	}
+
+	void Sha256::ProcessData (const ConstBufferPtr &data)
+	{
+		if_debug (ValidateDataParameters (data));
+		sha256_hash (data.Get(), (int) data.Size(), (sha256_ctx *) Context.Ptr());
+	}
 
 	// SHA-512
 	Sha512::Sha512 ()

src/Volume/Hash.h

@@ -64,6 +64,28 @@ namespace VeraCrypt
 		Ripemd160 (const Ripemd160 &);
 		Ripemd160 &operator= (const Ripemd160 &);
 	};
+	
+	// SHA-256
+	class Sha256 : public Hash
+	{
+	public:
+		Sha256 ();
+		virtual ~Sha256 () { }
+
+		virtual void GetDigest (const BufferPtr &buffer);
+		virtual size_t GetBlockSize () const { return 64; }
+		virtual size_t GetDigestSize () const { return 256 / 8; }
+		virtual wstring GetName () const { return L"SHA-256"; }
+		virtual shared_ptr <Hash> GetNew () const { return shared_ptr <Hash> (new Sha256); }
+		virtual void Init ();
+		virtual void ProcessData (const ConstBufferPtr &data);
+
+	protected:
+
+	private:
+		Sha256 (const Sha256 &);
+		Sha256 &operator= (const Sha256 &);
+	};
 
 	// SHA-512
 	class Sha512 : public Hash

src/Volume/Pkcs5Kdf.cpp

@@ -49,10 +49,11 @@ namespace VeraCrypt
 	Pkcs5KdfList Pkcs5Kdf::GetAvailableAlgorithms ()
 	{
 		Pkcs5KdfList l;
-		
+				
-		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha512 ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacWhirlpool ()));
+		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256 ()));
+		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160 ()));
 
 		return l;
 	}
@@ -74,6 +75,18 @@ namespace VeraCrypt
 		ValidateParameters (key, password, salt, iterationCount);
 		derive_key_ripemd160 (bNotTest, (char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
 	}
+	
+	void Pkcs5HmacSha256_Boot::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
+	{
+		ValidateParameters (key, password, salt, iterationCount);
+		derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+	}
+	
+	void Pkcs5HmacSha256::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
+	{
+		ValidateParameters (key, password, salt, iterationCount);
+		derive_key_sha256 ((char *) password.DataPtr(), (int) password.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.Get(), (int) key.Size());
+	}
 
 	void Pkcs5HmacSha512::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest) const
 	{

src/Volume/Pkcs5Kdf.h

@@ -74,7 +74,38 @@ namespace VeraCrypt
 		Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &);
 		Pkcs5HmacRipemd160_1000 &operator= (const Pkcs5HmacRipemd160_1000 &);
 	};
+	
+	class Pkcs5HmacSha256_Boot : public Pkcs5Kdf
+	{
+	public:
+		Pkcs5HmacSha256_Boot () { }
+		virtual ~Pkcs5HmacSha256_Boot () { }
 
+		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const;
+		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
+		virtual int GetIterationCount () const { return 200000; }
+		virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+
+	private:
+		Pkcs5HmacSha256_Boot (const Pkcs5HmacSha256_Boot &);
+		Pkcs5HmacSha256_Boot &operator= (const Pkcs5HmacSha256_Boot &);
+	};
+
+	class Pkcs5HmacSha256 : public Pkcs5Kdf
+	{
+	public:
+		Pkcs5HmacSha256 () { }
+		virtual ~Pkcs5HmacSha256 () { }
+
+		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount, BOOL bNotTest = TRUE) const;
+		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
+		virtual int GetIterationCount () const { return 500000; }
+		virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+
+	private:
+		Pkcs5HmacSha256 (const Pkcs5HmacSha256 &);
+		Pkcs5HmacSha256 &operator= (const Pkcs5HmacSha256 &);
+	};
 
 	class Pkcs5HmacSha512 : public Pkcs5Kdf
 	{

src/Volume/VolumeLayout.cpp

@@ -229,7 +229,8 @@ namespace VeraCrypt
 	Pkcs5KdfList VolumeLayoutSystemEncryption::GetSupportedKeyDerivationFunctions () const
 	{
 		Pkcs5KdfList l;
-		
+
+		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacSha256_Boot ()));
 		l.push_back (shared_ptr <Pkcs5Kdf> (new Pkcs5HmacRipemd160_1000 ()));
 		return l;
 	}