void VolumeHeader::EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf)
{
if (newHeaderBuffer.Size() != HeaderSize || newSalt.Size() != SaltSize)
throw ParameterIncorrect (SRC_POS);
shared_ptr <EncryptionMode> mode = EA->GetMode()->GetNew();
shared_ptr <EncryptionAlgorithm> ea = EA->GetNew();
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
mode->SetKey (newHeaderKey.GetRange (EA->GetKeySize(), EA->GetKeySize()));
ea->SetKey (newHeaderKey.GetRange (0, ea->GetKeySize()));
}
else
{
mode->SetKey (newHeaderKey.GetRange (0, mode->GetKeySize()));
ea->SetKey (newHeaderKey.GetRange (LegacyEncryptionModeKeyAreaSize, ea->GetKeySize()));
}
ea->SetMode (mode);
newHeaderBuffer.CopyFrom (newSalt);
BufferPtr headerData = newHeaderBuffer.GetRange (EncryptedHeaderDataOffset, EncryptedHeaderDataSize);
Serialize (headerData);
ea->Encrypt (headerData);
if (newPkcs5Kdf)
Pkcs5 = newPkcs5Kdf;
}
bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
{
if (password.Size() < 1)
throw PasswordEmpty (SRC_POS);
ConstBufferPtr salt (encryptedData.GetRange (SaltOffset, SaltSize));
SecureBuffer header (EncryptedHeaderDataSize);
SecureBuffer headerKey (GetLargestSerializedKeySize());
foreach (shared_ptr <Pkcs5Kdf> pkcs5, keyDerivationFunctions)
{
pkcs5->DeriveKey (headerKey, password, salt);
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
if (typeid (*mode) != typeid (EncryptionModeXTS))
mode->SetKey (headerKey.GetRange (0, mode->GetKeySize()));
foreach (shared_ptr <EncryptionAlgorithm> ea, encryptionAlgorithms)
{
if (!ea->IsModeSupported (mode))
continue;
/*
printf("trying %ls, %ls, %ls\n", pkcs5->GetName().c_str(),
mode->GetName().c_str(),
ea->GetName().c_str()
);
*/
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
ea->SetKey (headerKey.GetRange (0, ea->GetKeySize()));
mode = mode->GetNew();
mode->SetKey (headerKey.GetRange (ea->GetKeySize(), ea->GetKeySize()));
}
else
{
ea->SetKey (headerKey.GetRange (LegacyEncryptionModeKeyAreaSize, ea->GetKeySize()));
}
ea->SetMode (mode);
header.CopyFrom (encryptedData.GetRange (EncryptedHeaderDataOffset, EncryptedHeaderDataSize));
ea->Decrypt (header);
if (Deserialize (header, ea, mode))
{
EA = ea;
Pkcs5 = pkcs5;
return true;
}
}
}
}
void EncryptionAlgorithm::SetKey (const ConstBufferPtr &key)
{
if (Ciphers.size() < 1)
throw NotInitialized (SRC_POS);
if (GetKeySize() != key.Size())
throw ParameterIncorrect (SRC_POS);
size_t keyOffset = 0;
foreach_ref (Cipher &c, Ciphers)
{
c.SetKey (key.GetRange (keyOffset, c.GetKeySize()));
keyOffset += c.GetKeySize();
}
uint64 MemoryStream::Read (const BufferPtr &buffer)
{
if (Data.size() == 0)
throw ParameterIncorrect (SRC_POS);
ConstBufferPtr streamBuf (*this);
size_t len = buffer.Size();
if (streamBuf.Size() - ReadPosition < len)
len = streamBuf.Size() - ReadPosition;
BufferPtr(buffer).CopyFrom (streamBuf.GetRange (ReadPosition, len));
ReadPosition += len;
return len;
}
bool VolumeHeader::Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode, bool truecryptMode)
{
if (header.Size() != EncryptedHeaderDataSize)
throw ParameterIncorrect (SRC_POS);
if (truecryptMode && (header[0] != 'T' ||
header[1] != 'R' ||
header[2] != 'U' ||
header[3] != 'E'))
return false;
if (!truecryptMode && (header[0] != 'V' ||
header[1] != 'E' ||
header[2] != 'R' ||
header[3] != 'A'))
return false;
size_t offset = 4;
HeaderVersion = DeserializeEntry <uint16> (header, offset);
if (HeaderVersion < MinAllowedHeaderVersion)
return false;
if (HeaderVersion > CurrentHeaderVersion)
throw HigherVersionRequired (SRC_POS);
if (HeaderVersion >= 4
&& Crc32::ProcessBuffer (header.GetRange (0, TC_HEADER_OFFSET_HEADER_CRC - TC_HEADER_OFFSET_MAGIC))
!= DeserializeEntryAt <uint32> (header, TC_HEADER_OFFSET_HEADER_CRC - TC_HEADER_OFFSET_MAGIC))
{
return false;
}
RequiredMinProgramVersion = DeserializeEntry <uint16> (header, offset);
if (!truecryptMode && (RequiredMinProgramVersion > Version::Number()))
throw HigherVersionRequired (SRC_POS);
if (truecryptMode)
{
if (RequiredMinProgramVersion < 0x600 || RequiredMinProgramVersion > 0x71a)
throw UnsupportedTrueCryptFormat (SRC_POS);
RequiredMinProgramVersion = CurrentRequiredMinProgramVersion;
}
VolumeKeyAreaCrc32 = DeserializeEntry <uint32> (header, offset);
VolumeCreationTime = DeserializeEntry <uint64> (header, offset);
HeaderCreationTime = DeserializeEntry <uint64> (header, offset);
HiddenVolumeDataSize = DeserializeEntry <uint64> (header, offset);
mVolumeType = (HiddenVolumeDataSize != 0 ? VolumeType::Hidden : VolumeType::Normal);
VolumeDataSize = DeserializeEntry <uint64> (header, offset);
EncryptedAreaStart = DeserializeEntry <uint64> (header, offset);
EncryptedAreaLength = DeserializeEntry <uint64> (header, offset);
Flags = DeserializeEntry <uint32> (header, offset);
SectorSize = DeserializeEntry <uint32> (header, offset);
if (HeaderVersion < 5)
SectorSize = TC_SECTOR_SIZE_LEGACY;
if (SectorSize < TC_MIN_VOLUME_SECTOR_SIZE
|| SectorSize > TC_MAX_VOLUME_SECTOR_SIZE
|| SectorSize % ENCRYPTION_DATA_UNIT_SIZE != 0)
{
throw ParameterIncorrect (SRC_POS);
}
#if !(defined (TC_WINDOWS) || defined (TC_LINUX) || defined (TC_MACOSX))
if (SectorSize != TC_SECTOR_SIZE_LEGACY)
throw UnsupportedSectorSize (SRC_POS);
#endif
offset = DataAreaKeyOffset;
if (VolumeKeyAreaCrc32 != Crc32::ProcessBuffer (header.GetRange (offset, DataKeyAreaMaxSize)))
return false;
DataAreaKey.CopyFrom (header.GetRange (offset, DataKeyAreaMaxSize));
ea = ea->GetNew();
mode = mode->GetNew();
if (typeid (*mode) == typeid (EncryptionModeXTS))
{
ea->SetKey (header.GetRange (offset, ea->GetKeySize()));
mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
}
else
{
mode->SetKey (header.GetRange (offset, mode->GetKeySize()));
ea->SetKey (header.GetRange (offset + LegacyEncryptionModeKeyAreaSize, ea->GetKeySize()));
}
ea->SetMode (mode);
return true;
}
