"Fossies" - the Fresh Open Source Software Archive

Member "src/Common/Crypto.h" (10 Oct 2018, 12642 Bytes) of package /windows/misc/VeraCrypt_1.23-Hotfix-2_Source.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "Crypto.h" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.21_Source_vs_1.22_Source.

    1 /*
    2  Legal Notice: Some portions of the source code contained in this file were
    3  derived from the source code of TrueCrypt 7.1a, which is 
    4  Copyright (c) 2003-2012 TrueCrypt Developers Association and which is 
    5  governed by the TrueCrypt License 3.0, also from the source code of
    6  Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
    7  and which is governed by the 'License Agreement for Encryption for the Masses' 
    8  Modifications and additions to the original source code (contained in this file) 
    9  and all other portions of this file are Copyright (c) 2013-2017 IDRIX
   10  and are governed by the Apache License 2.0 the full text of which is
   11  contained in the file License.txt included in VeraCrypt binary and source
   12  code distribution packages. */
   13 
   14 /* Update the following when adding a new cipher or EA:
   15 
   16    Crypto.h:
   17      ID #define
   18      MAX_EXPANDED_KEY #define
   19 
   20    Crypto.c:
   21      Ciphers[]
   22      EncryptionAlgorithms[]
   23      CipherInit()
   24      EncipherBlock()
   25      DecipherBlock()
   26 
   27 */
   28 
   29 #ifndef CRYPTO_H
   30 #define CRYPTO_H
   31 
   32 #include "Tcdefs.h"
   33 
   34 #ifdef __cplusplus
   35 extern "C" {
   36 #endif
   37 
   38 // Encryption data unit size, which may differ from the sector size and must always be 512
   39 #define ENCRYPTION_DATA_UNIT_SIZE   512
   40 
   41 // Size of the salt (in bytes)
   42 #define PKCS5_SALT_SIZE             64
   43 
   44 // Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
   45 #define MASTER_KEYDATA_SIZE         256
   46 
   47 // The first PRF to try when mounting
   48 #define FIRST_PRF_ID        1   
   49 
   50 // Hash algorithms (pseudorandom functions). 
   51 enum
   52 {
   53     SHA512 = FIRST_PRF_ID,
   54     WHIRLPOOL,
   55     SHA256,
   56     RIPEMD160,
   57     STREEBOG,
   58     HASH_ENUM_END_ID
   59 };
   60 
   61 // The last PRF to try when mounting and also the number of implemented PRFs
   62 #define LAST_PRF_ID         (HASH_ENUM_END_ID - 1)  
   63 
   64 #define RIPEMD160_BLOCKSIZE     64
   65 #define RIPEMD160_DIGESTSIZE    20
   66 
   67 #define SHA256_BLOCKSIZE        64
   68 #define SHA256_DIGESTSIZE       32
   69 
   70 #define SHA512_BLOCKSIZE        128
   71 #define SHA512_DIGESTSIZE       64
   72 
   73 #define WHIRLPOOL_BLOCKSIZE     64
   74 #define WHIRLPOOL_DIGESTSIZE    64
   75 
   76 #define STREEBOG_BLOCKSIZE 64
   77 #define STREEBOG_DIGESTSIZE 64
   78 
   79 #define MAX_DIGESTSIZE          WHIRLPOOL_DIGESTSIZE
   80 
   81 #define DEFAULT_HASH_ALGORITHM          FIRST_PRF_ID
   82 #define DEFAULT_HASH_ALGORITHM_BOOT     SHA256
   83 
   84 // The mode of operation used for newly created volumes and first to try when mounting
   85 #define FIRST_MODE_OF_OPERATION_ID      1
   86 
   87 // Modes of operation
   88 enum
   89 {
   90     /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
   91 
   92     XTS = FIRST_MODE_OF_OPERATION_ID,
   93     MODE_ENUM_END_ID
   94 };
   95 
   96 
   97 // The last mode of operation to try when mounting and also the number of implemented modes
   98 #define LAST_MODE_OF_OPERATION      (MODE_ENUM_END_ID - 1)
   99 
  100 // Ciphertext/plaintext block size for XTS mode (in bytes)
  101 #define BYTES_PER_XTS_BLOCK         16
  102 
  103 // Number of ciphertext/plaintext blocks per XTS data unit
  104 #define BLOCKS_PER_XTS_DATA_UNIT    (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)
  105 
  106 
  107 // Cipher IDs
  108 enum
  109 {
  110     NONE = 0,
  111     AES,
  112     SERPENT,            
  113     TWOFISH,
  114     CAMELLIA,
  115     GOST89,
  116     KUZNYECHIK
  117 };
  118 
  119 typedef struct
  120 {
  121     int Id;                 // Cipher ID
  122 #ifdef TC_WINDOWS_BOOT
  123     char *Name;             // Name
  124 #else
  125     wchar_t *Name;          // Name
  126 #endif
  127     int BlockSize;          // Block size (bytes)
  128     int KeySize;            // Key size (bytes)
  129     int KeyScheduleSize;    // Scheduled key size (bytes)
  130 } Cipher;
  131 
  132 typedef struct
  133 {
  134     int Ciphers[4];         // Null terminated array of ciphers used by encryption algorithm
  135     int Modes[LAST_MODE_OF_OPERATION + 1];          // Null terminated array of modes of operation
  136 #ifndef TC_WINDOWS_BOOT
  137     BOOL MbrSysEncEnabled;
  138 #endif
  139     int FormatEnabled;
  140 } EncryptionAlgorithm;
  141 
  142 #ifndef TC_WINDOWS_BOOT
  143 typedef struct
  144 {
  145     int Id;                 // Hash ID
  146     wchar_t *Name;              // Name
  147     BOOL Deprecated;
  148     BOOL SystemEncryption;  // Available for system encryption
  149 } Hash;
  150 #endif
  151 
  152 // Maxium length of scheduled key
  153 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
  154 #   define AES_KS               (sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx))
  155 #else
  156 #   define AES_KS               (sizeof(aes_context))
  157 #endif
  158 #define SERPENT_KS          (140 * 4)
  159 
  160 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
  161 
  162 #   ifdef TC_WINDOWS_BOOT_AES
  163 #       define MAX_EXPANDED_KEY AES_KS
  164 #   elif defined (TC_WINDOWS_BOOT_SERPENT)
  165 #       define MAX_EXPANDED_KEY SERPENT_KS
  166 #   elif defined (TC_WINDOWS_BOOT_TWOFISH)
  167 #       define MAX_EXPANDED_KEY TWOFISH_KS
  168 #   elif defined (TC_WINDOWS_BOOT_CAMELLIA)
  169 #       define MAX_EXPANDED_KEY CAMELLIA_KS
  170 #   endif
  171 
  172 #else
  173 #ifdef TC_WINDOWS_BOOT
  174 #define MAX_EXPANDED_KEY    VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
  175 #else
  176 #define MAX_EXPANDED_KEY    VC_MAX(VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
  177 #endif
  178 #endif
  179 
  180 #ifdef DEBUG
  181 #   define PRAND_DISK_WIPE_PASSES   3
  182 #else
  183 #   define PRAND_DISK_WIPE_PASSES   256
  184 #endif
  185 
  186 /* specific value for volume header wipe used only when drive is fully wiped. */
  187 #define PRAND_HEADER_WIPE_PASSES    3
  188 
  189 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
  190 #   include "Aes.h"
  191 #else
  192 #   include "AesSmall.h"
  193 #endif
  194 
  195 #include "Aes_hw_cpu.h"
  196 #if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI)
  197 #   include "SerpentFast.h"
  198 #else
  199 #   include "Serpent.h"
  200 #endif
  201 #include "Twofish.h"
  202 
  203 #include "Rmd160.h"
  204 #ifndef TC_WINDOWS_BOOT
  205 #   include "Sha2.h"
  206 #   include "Whirlpool.h"
  207 #   include "Streebog.h"
  208 #   include "GostCipher.h"
  209 #   include "kuznyechik.h"
  210 #   include "Camellia.h"
  211 #else
  212 #   include "CamelliaSmall.h"
  213 #endif
  214 
  215 #include "GfMul.h"
  216 #include "Password.h"
  217 
  218 #ifndef TC_WINDOWS_BOOT
  219 
  220 #include "config.h"
  221 
  222 typedef struct keyInfo_t
  223 {
  224     int noIterations;                   /* Number of times to iterate (PKCS-5) */
  225     int keyLength;                      /* Length of the key */
  226     uint64 dummy;                       /* Dummy field to ensure 16-byte alignment of this structure */
  227     __int8 salt[PKCS5_SALT_SIZE];       /* PKCS-5 salt */
  228     CRYPTOPP_ALIGN_DATA(16) __int8 master_keydata[MASTER_KEYDATA_SIZE];     /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
  229     CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD];       /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
  230 } KEY_INFO, *PKEY_INFO;
  231 
  232 #endif
  233 
  234 typedef struct CRYPTO_INFO_t
  235 {
  236     int ea;                                 /* Encryption algorithm ID */
  237     int mode;                               /* Mode of operation (e.g., XTS) */
  238     int pkcs5;                              /* PRF algorithm */
  239 
  240     unsigned __int8 ks[MAX_EXPANDED_KEY];   /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
  241     unsigned __int8 ks2[MAX_EXPANDED_KEY];  /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
  242 
  243     BOOL hiddenVolume;                      // Indicates whether the volume is mounted/mountable as hidden volume
  244 
  245 #ifndef TC_WINDOWS_BOOT
  246     uint16 HeaderVersion;
  247 
  248     GfCtx gf_ctx; 
  249 
  250     CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE];    /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
  251     CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE];                /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
  252     unsigned __int8 salt[PKCS5_SALT_SIZE];
  253     int noIterations;   
  254     BOOL bTrueCryptMode;
  255     int volumePim;
  256 
  257     uint64 volume_creation_time;    // Legacy
  258     uint64 header_creation_time;    // Legacy
  259 
  260     BOOL bProtectHiddenVolume;          // Indicates whether the volume contains a hidden volume to be protected against overwriting
  261     BOOL bHiddenVolProtectionAction;        // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
  262     
  263     uint64 volDataAreaOffset;       // Absolute position, in bytes, of the first data sector of the volume.
  264 
  265     uint64 hiddenVolumeSize;        // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.
  266     uint64 hiddenVolumeOffset;  // Absolute position, in bytes, of the first hidden volume data sector within the host volume (provided that there is a hidden volume within). This must be set for all hidden volumes; in case of a normal volume, this variable is only used when protecting a hidden volume within it.
  267     uint64 hiddenVolumeProtectedSize;
  268 
  269     BOOL bPartitionInInactiveSysEncScope;   // If TRUE, the volume is a partition located on an encrypted system drive and mounted without pre-boot authentication.
  270 
  271     UINT64_STRUCT FirstDataUnitNo;          // First data unit number of the volume. This is 0 for file-hosted and non-system partition-hosted volumes. For partitions within key scope of system encryption this reflects real physical offset within the device (this is used e.g. when such a partition is mounted as a regular volume without pre-boot authentication).
  272 
  273     uint16 RequiredProgramVersion;
  274     BOOL LegacyVolume;
  275 
  276     uint32 SectorSize;
  277 
  278 #endif // !TC_WINDOWS_BOOT
  279 
  280     UINT64_STRUCT VolumeSize;
  281 
  282     UINT64_STRUCT EncryptedAreaStart;
  283     UINT64_STRUCT EncryptedAreaLength;
  284 
  285     uint32 HeaderFlags;
  286 
  287 } CRYPTO_INFO, *PCRYPTO_INFO;
  288 
  289 #if defined(_WIN32) || defined(_UEFI)
  290 
  291 #pragma pack (push)
  292 #pragma pack(1)
  293 
  294 typedef struct BOOT_CRYPTO_HEADER_t
  295 {
  296     __int16 ea;                                 /* Encryption algorithm ID */
  297     __int16 mode;                               /* Mode of operation (e.g., XTS) */
  298     __int16 pkcs5;                              /* PRF algorithm */
  299 
  300 } BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER;
  301 
  302 #pragma pack (pop)
  303 
  304 #endif
  305 
  306 PCRYPTO_INFO crypto_open (void);
  307 #ifndef TC_WINDOWS_BOOT
  308 void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
  309 #endif
  310 void crypto_close (PCRYPTO_INFO cryptoInfo);
  311 
  312 int CipherGetBlockSize (int cipher);
  313 int CipherGetKeySize (int cipher);
  314 int CipherGetKeyScheduleSize (int cipher);
  315 BOOL CipherSupportsIntraDataUnitParallelization (int cipher);
  316 
  317 #ifndef TC_WINDOWS_BOOT
  318 const wchar_t * CipherGetName (int cipher);
  319 #endif
  320 
  321 int CipherInit (int cipher, unsigned char *key, unsigned char *ks);
  322 #ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
  323 int EAInit (int ea, unsigned char *key, unsigned char *ks);
  324 #else
  325 int EAInit (unsigned char *key, unsigned char *ks);
  326 #endif
  327 BOOL EAInitMode (PCRYPTO_INFO ci);
  328 void EncipherBlock(int cipher, void *data, void *ks);
  329 void DecipherBlock(int cipher, void *data, void *ks);
  330 #ifndef TC_WINDOWS_BOOT
  331 void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
  332 void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
  333 #endif
  334 
  335 int EAGetFirst ();
  336 int EAGetCount (void);
  337 int EAGetNext (int previousEA);
  338 #ifndef TC_WINDOWS_BOOT
  339 wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
  340 int EAGetByName (wchar_t *name);
  341 #endif
  342 int EAGetKeySize (int ea);
  343 int EAGetFirstMode (int ea);
  344 int EAGetNextMode (int ea, int previousModeId);
  345 #ifndef TC_WINDOWS_BOOT
  346 wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters);
  347 #endif
  348 int EAGetKeyScheduleSize (int ea);
  349 int EAGetLargestKey ();
  350 int EAGetLargestKeyForMode (int mode);
  351 
  352 int EAGetCipherCount (int ea);
  353 int EAGetFirstCipher (int ea);
  354 int EAGetLastCipher (int ea);
  355 int EAGetNextCipher (int ea, int previousCipherId);
  356 int EAGetPreviousCipher (int ea, int previousCipherId);
  357 #ifndef TC_WINDOWS_BOOT
  358 int EAIsFormatEnabled (int ea);
  359 int EAIsMbrSysEncEnabled (int ea);
  360 #endif
  361 BOOL EAIsModeSupported (int ea, int testedMode);
  362 
  363 
  364 #ifndef TC_WINDOWS_BOOT
  365 const wchar_t *HashGetName (int hash_algo_id);
  366 #ifdef _WIN32
  367 int HashGetIdByName (wchar_t *name);
  368 #endif
  369 Hash *HashGet (int id);
  370 void HashGetName2 (wchar_t *buf, int hashId);
  371 BOOL HashIsDeprecated (int hashId);
  372 BOOL HashForSystemEncryption (int hashId);
  373 int GetMaxPkcs5OutSize (void);
  374 #endif
  375 
  376 
  377 void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
  378 void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
  379 void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
  380 void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
  381 void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
  382 void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
  383 
  384 BOOL IsAesHwCpuSupported ();
  385 void EnableHwEncryption (BOOL enable);
  386 BOOL IsHwEncryptionEnabled ();
  387 
  388 #ifdef __cplusplus
  389 }
  390 #endif
  391 
  392 #endif      /* CRYPTO_H */