"Fossies" - the Fresh Open Source Software Archive 
1 /*
2 Legal Notice: Some portions of the source code contained in this file were
3 derived from the source code of TrueCrypt 7.1a, which is
4 Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
5 governed by the TrueCrypt License 3.0, also from the source code of
6 Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
7 and which is governed by the 'License Agreement for Encryption for the Masses'
8 Modifications and additions to the original source code (contained in this file)
9 and all other portions of this file are Copyright (c) 2013-2017 IDRIX
10 and are governed by the Apache License 2.0 the full text of which is
11 contained in the file License.txt included in VeraCrypt binary and source
12 code distribution packages. */
13
14 /* Update the following when adding a new cipher or EA:
15
16 Crypto.h:
17 ID #define
18 MAX_EXPANDED_KEY #define
19
20 Crypto.c:
21 Ciphers[]
22 EncryptionAlgorithms[]
23 CipherInit()
24 EncipherBlock()
25 DecipherBlock()
26
27 */
28
29 #ifndef CRYPTO_H
30 #define CRYPTO_H
31
32 #include "Tcdefs.h"
33
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37
38 // Encryption data unit size, which may differ from the sector size and must always be 512
39 #define ENCRYPTION_DATA_UNIT_SIZE 512
40
41 // Size of the salt (in bytes)
42 #define PKCS5_SALT_SIZE 64
43
44 // Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)
45 #define MASTER_KEYDATA_SIZE 256
46
47 // The first PRF to try when mounting
48 #define FIRST_PRF_ID 1
49
50 // Hash algorithms (pseudorandom functions).
51 enum
52 {
53 SHA512 = FIRST_PRF_ID,
54 WHIRLPOOL,
55 SHA256,
56 RIPEMD160,
57 STREEBOG,
58 HASH_ENUM_END_ID
59 };
60
61 // The last PRF to try when mounting and also the number of implemented PRFs
62 #define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
63
64 #define RIPEMD160_BLOCKSIZE 64
65 #define RIPEMD160_DIGESTSIZE 20
66
67 #define SHA256_BLOCKSIZE 64
68 #define SHA256_DIGESTSIZE 32
69
70 #define SHA512_BLOCKSIZE 128
71 #define SHA512_DIGESTSIZE 64
72
73 #define WHIRLPOOL_BLOCKSIZE 64
74 #define WHIRLPOOL_DIGESTSIZE 64
75
76 #define STREEBOG_BLOCKSIZE 64
77 #define STREEBOG_DIGESTSIZE 64
78
79 #define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE
80
81 #define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID
82 #define DEFAULT_HASH_ALGORITHM_BOOT SHA256
83
84 // The mode of operation used for newly created volumes and first to try when mounting
85 #define FIRST_MODE_OF_OPERATION_ID 1
86
87 // Modes of operation
88 enum
89 {
90 /* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */
91
92 XTS = FIRST_MODE_OF_OPERATION_ID,
93 MODE_ENUM_END_ID
94 };
95
96
97 // The last mode of operation to try when mounting and also the number of implemented modes
98 #define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1)
99
100 // Ciphertext/plaintext block size for XTS mode (in bytes)
101 #define BYTES_PER_XTS_BLOCK 16
102
103 // Number of ciphertext/plaintext blocks per XTS data unit
104 #define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)
105
106
107 // Cipher IDs
108 enum
109 {
110 NONE = 0,
111 AES,
112 SERPENT,
113 TWOFISH,
114 CAMELLIA,
115 GOST89,
116 KUZNYECHIK
117 };
118
119 typedef struct
120 {
121 int Id; // Cipher ID
122 #ifdef TC_WINDOWS_BOOT
123 char *Name; // Name
124 #else
125 wchar_t *Name; // Name
126 #endif
127 int BlockSize; // Block size (bytes)
128 int KeySize; // Key size (bytes)
129 int KeyScheduleSize; // Scheduled key size (bytes)
130 } Cipher;
131
132 typedef struct
133 {
134 int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm
135 int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation
136 #ifndef TC_WINDOWS_BOOT
137 BOOL MbrSysEncEnabled;
138 #endif
139 int FormatEnabled;
140 } EncryptionAlgorithm;
141
142 #ifndef TC_WINDOWS_BOOT
143 typedef struct
144 {
145 int Id; // Hash ID
146 wchar_t *Name; // Name
147 BOOL Deprecated;
148 BOOL SystemEncryption; // Available for system encryption
149 } Hash;
150 #endif
151
152 // Maxium length of scheduled key
153 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
154 # define AES_KS (sizeof(aes_encrypt_ctx) + sizeof(aes_decrypt_ctx))
155 #else
156 # define AES_KS (sizeof(aes_context))
157 #endif
158 #define SERPENT_KS (140 * 4)
159
160 #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
161
162 # ifdef TC_WINDOWS_BOOT_AES
163 # define MAX_EXPANDED_KEY AES_KS
164 # elif defined (TC_WINDOWS_BOOT_SERPENT)
165 # define MAX_EXPANDED_KEY SERPENT_KS
166 # elif defined (TC_WINDOWS_BOOT_TWOFISH)
167 # define MAX_EXPANDED_KEY TWOFISH_KS
168 # elif defined (TC_WINDOWS_BOOT_CAMELLIA)
169 # define MAX_EXPANDED_KEY CAMELLIA_KS
170 # endif
171
172 #else
173 #ifdef TC_WINDOWS_BOOT
174 #define MAX_EXPANDED_KEY VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), CAMELLIA_KS)
175 #else
176 #define MAX_EXPANDED_KEY VC_MAX(VC_MAX(VC_MAX(VC_MAX((AES_KS + SERPENT_KS + TWOFISH_KS), GOST_KS), CAMELLIA_KS + KUZNYECHIK_KS + SERPENT_KS), KUZNYECHIK_KS + TWOFISH_KS), AES_KS + KUZNYECHIK_KS)
177 #endif
178 #endif
179
180 #ifdef DEBUG
181 # define PRAND_DISK_WIPE_PASSES 3
182 #else
183 # define PRAND_DISK_WIPE_PASSES 256
184 #endif
185
186 /* specific value for volume header wipe used only when drive is fully wiped. */
187 #define PRAND_HEADER_WIPE_PASSES 3
188
189 #if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)
190 # include "Aes.h"
191 #else
192 # include "AesSmall.h"
193 #endif
194
195 #include "Aes_hw_cpu.h"
196 #if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI)
197 # include "SerpentFast.h"
198 #else
199 # include "Serpent.h"
200 #endif
201 #include "Twofish.h"
202
203 #include "Rmd160.h"
204 #ifndef TC_WINDOWS_BOOT
205 # include "Sha2.h"
206 # include "Whirlpool.h"
207 # include "Streebog.h"
208 # include "GostCipher.h"
209 # include "kuznyechik.h"
210 # include "Camellia.h"
211 #else
212 # include "CamelliaSmall.h"
213 #endif
214
215 #include "GfMul.h"
216 #include "Password.h"
217
218 #ifndef TC_WINDOWS_BOOT
219
220 #include "config.h"
221
222 typedef struct keyInfo_t
223 {
224 int noIterations; /* Number of times to iterate (PKCS-5) */
225 int keyLength; /* Length of the key */
226 uint64 dummy; /* Dummy field to ensure 16-byte alignment of this structure */
227 __int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */
228 CRYPTOPP_ALIGN_DATA(16) __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
229 CRYPTOPP_ALIGN_DATA(16) __int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */
230 } KEY_INFO, *PKEY_INFO;
231
232 #endif
233
234 typedef struct CRYPTO_INFO_t
235 {
236 int ea; /* Encryption algorithm ID */
237 int mode; /* Mode of operation (e.g., XTS) */
238 int pkcs5; /* PRF algorithm */
239
240 unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
241 unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
242
243 BOOL hiddenVolume; // Indicates whether the volume is mounted/mountable as hidden volume
244
245 #ifndef TC_WINDOWS_BOOT
246 uint16 HeaderVersion;
247
248 GfCtx gf_ctx;
249
250 CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
251 CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
252 unsigned __int8 salt[PKCS5_SALT_SIZE];
253 int noIterations;
254 BOOL bTrueCryptMode;
255 int volumePim;
256
257 uint64 volume_creation_time; // Legacy
258 uint64 header_creation_time; // Legacy
259
260 BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting
261 BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
262
263 uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.
264
265 uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.
266 uint64 hiddenVolumeOffset; // Absolute position, in bytes, of the first hidden volume data sector within the host volume (provided that there is a hidden volume within). This must be set for all hidden volumes; in case of a normal volume, this variable is only used when protecting a hidden volume within it.
267 uint64 hiddenVolumeProtectedSize;
268
269 BOOL bPartitionInInactiveSysEncScope; // If TRUE, the volume is a partition located on an encrypted system drive and mounted without pre-boot authentication.
270
271 UINT64_STRUCT FirstDataUnitNo; // First data unit number of the volume. This is 0 for file-hosted and non-system partition-hosted volumes. For partitions within key scope of system encryption this reflects real physical offset within the device (this is used e.g. when such a partition is mounted as a regular volume without pre-boot authentication).
272
273 uint16 RequiredProgramVersion;
274 BOOL LegacyVolume;
275
276 uint32 SectorSize;
277
278 #endif // !TC_WINDOWS_BOOT
279
280 UINT64_STRUCT VolumeSize;
281
282 UINT64_STRUCT EncryptedAreaStart;
283 UINT64_STRUCT EncryptedAreaLength;
284
285 uint32 HeaderFlags;
286
287 } CRYPTO_INFO, *PCRYPTO_INFO;
288
289 #if defined(_WIN32) || defined(_UEFI)
290
291 #pragma pack (push)
292 #pragma pack(1)
293
294 typedef struct BOOT_CRYPTO_HEADER_t
295 {
296 __int16 ea; /* Encryption algorithm ID */
297 __int16 mode; /* Mode of operation (e.g., XTS) */
298 __int16 pkcs5; /* PRF algorithm */
299
300 } BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER;
301
302 #pragma pack (pop)
303
304 #endif
305
306 PCRYPTO_INFO crypto_open (void);
307 #ifndef TC_WINDOWS_BOOT
308 void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen);
309 #endif
310 void crypto_close (PCRYPTO_INFO cryptoInfo);
311
312 int CipherGetBlockSize (int cipher);
313 int CipherGetKeySize (int cipher);
314 int CipherGetKeyScheduleSize (int cipher);
315 BOOL CipherSupportsIntraDataUnitParallelization (int cipher);
316
317 #ifndef TC_WINDOWS_BOOT
318 const wchar_t * CipherGetName (int cipher);
319 #endif
320
321 int CipherInit (int cipher, unsigned char *key, unsigned char *ks);
322 #ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
323 int EAInit (int ea, unsigned char *key, unsigned char *ks);
324 #else
325 int EAInit (unsigned char *key, unsigned char *ks);
326 #endif
327 BOOL EAInitMode (PCRYPTO_INFO ci);
328 void EncipherBlock(int cipher, void *data, void *ks);
329 void DecipherBlock(int cipher, void *data, void *ks);
330 #ifndef TC_WINDOWS_BOOT
331 void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
332 void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount);
333 #endif
334
335 int EAGetFirst ();
336 int EAGetCount (void);
337 int EAGetNext (int previousEA);
338 #ifndef TC_WINDOWS_BOOT
339 wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
340 int EAGetByName (wchar_t *name);
341 #endif
342 int EAGetKeySize (int ea);
343 int EAGetFirstMode (int ea);
344 int EAGetNextMode (int ea, int previousModeId);
345 #ifndef TC_WINDOWS_BOOT
346 wchar_t * EAGetModeName (int ea, int mode, BOOL capitalLetters);
347 #endif
348 int EAGetKeyScheduleSize (int ea);
349 int EAGetLargestKey ();
350 int EAGetLargestKeyForMode (int mode);
351
352 int EAGetCipherCount (int ea);
353 int EAGetFirstCipher (int ea);
354 int EAGetLastCipher (int ea);
355 int EAGetNextCipher (int ea, int previousCipherId);
356 int EAGetPreviousCipher (int ea, int previousCipherId);
357 #ifndef TC_WINDOWS_BOOT
358 int EAIsFormatEnabled (int ea);
359 int EAIsMbrSysEncEnabled (int ea);
360 #endif
361 BOOL EAIsModeSupported (int ea, int testedMode);
362
363
364 #ifndef TC_WINDOWS_BOOT
365 const wchar_t *HashGetName (int hash_algo_id);
366 #ifdef _WIN32
367 int HashGetIdByName (wchar_t *name);
368 #endif
369 Hash *HashGet (int id);
370 void HashGetName2 (wchar_t *buf, int hashId);
371 BOOL HashIsDeprecated (int hashId);
372 BOOL HashForSystemEncryption (int hashId);
373 int GetMaxPkcs5OutSize (void);
374 #endif
375
376
377 void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
378 void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
379 void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);
380 void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);
381 void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
382 void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
383
384 BOOL IsAesHwCpuSupported ();
385 void EnableHwEncryption (BOOL enable);
386 BOOL IsHwEncryptionEnabled ();
387
388 #ifdef __cplusplus
389 }
390 #endif
391
392 #endif /* CRYPTO_H */
1.21_Source_vs_1.22_Source.