mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-11-10 13:13:34 +01:00
Simplify code handling iterations count: in boot mode, we'll set the correct iterations count inside derive_u_sha256 and derive_u_ripemd160 depending in the value of the iterations parameter. On normal mode, we use normal values of iterations count. Removes the special test parameter from RIPEMD160 functions.
This commit is contained in:
Mounir IDRASSI
parent
714a2ce0ae
commit
3f2e20e339
@ -4447,7 +4447,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
|
||||
|
||||
case RIPEMD160:
|
||||
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
|
||||
derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
|
||||
@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
|
||||
switch (workItem->KeyDerivation.Pkcs5Prf)
|
||||
{
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
|
||||
@ -122,10 +122,17 @@ void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iter
|
||||
uint32 c;
|
||||
int i;
|
||||
|
||||
if (iterations == 2000)
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
|
||||
* This enables us to save code space needed for implementing other features.
|
||||
*/
|
||||
if (iterations)
|
||||
c = 200000;
|
||||
else
|
||||
c = 500000;
|
||||
#else
|
||||
c = iterations;
|
||||
#endif
|
||||
|
||||
/* iteration 1 */
|
||||
memset (counter, 0, 4);
|
||||
@ -410,7 +417,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
|
||||
burn (&context, sizeof(context));
|
||||
}
|
||||
|
||||
void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
|
||||
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
|
||||
{
|
||||
char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
|
||||
char init[128];
|
||||
@ -418,17 +425,17 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
|
||||
uint32 c;
|
||||
int i;
|
||||
|
||||
if (bNotTest)
|
||||
{
|
||||
if (iterations == 32767)
|
||||
c = 655331;
|
||||
else
|
||||
c = 327661;
|
||||
}
|
||||
#ifdef TC_WINDOWS_BOOT
|
||||
/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
|
||||
* This enables us to save code space needed for implementing other features.
|
||||
*/
|
||||
if (iterations)
|
||||
c = 327661;
|
||||
else
|
||||
{
|
||||
c = iterations;
|
||||
}
|
||||
c = 655331;
|
||||
#else
|
||||
c = iterations;
|
||||
#endif
|
||||
|
||||
/* iteration 1 */
|
||||
memset (counter, 0, 4);
|
||||
@ -455,7 +462,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
|
||||
burn (k, sizeof(k));
|
||||
}
|
||||
|
||||
void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
|
||||
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
|
||||
{
|
||||
char u[RIPEMD160_DIGESTSIZE];
|
||||
int b, l, r;
|
||||
@ -474,13 +481,13 @@ void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, in
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
|
||||
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
|
||||
memcpy (dk, u, RIPEMD160_DIGESTSIZE);
|
||||
dk += RIPEMD160_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
|
||||
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
|
||||
memcpy (dk, u, r);
|
||||
|
||||
|
||||
@ -656,7 +663,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
|
||||
}
|
||||
}
|
||||
|
||||
#endif //!TC_WINDOWS_BOOT
|
||||
|
||||
|
||||
int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
|
||||
@ -665,22 +671,21 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
|
||||
{
|
||||
|
||||
case RIPEMD160:
|
||||
return bBoot? 16384 : 32767; /* it will be changed to 327661 and 655331 respectively inside derive_u_ripemd160 */
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
return bBoot? 327661 : 655331;
|
||||
|
||||
case SHA512:
|
||||
return 500000;
|
||||
|
||||
case WHIRLPOOL:
|
||||
return 500000;
|
||||
#endif
|
||||
|
||||
case SHA256:
|
||||
return bBoot? 2000 : 5000; /* it will be changed to 200000 and 500000 respectively inside derive_u_sha256 */
|
||||
return bBoot? 200000 : 500000;
|
||||
|
||||
default:
|
||||
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif //!TC_WINDOWS_BOOT
|
||||
@ -26,8 +26,8 @@ void hmac_sha512 (char *k, int lk, char *d, int ld, char *out, int t);
|
||||
void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
|
||||
void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
|
||||
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
|
||||
void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
|
||||
void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
|
||||
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
|
||||
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
|
||||
void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
|
||||
void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
|
||||
void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
|
||||
|
||||
@ -1055,12 +1055,12 @@ BOOL test_pkcs5 ()
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
|
||||
derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
|
||||
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
|
||||
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
|
||||
return FALSE;
|
||||
|
||||
|
||||
@ -302,7 +302,7 @@ KeyReady: ;
|
||||
switch (pkcs5_prf)
|
||||
{
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
@ -566,10 +566,10 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
|
||||
// PKCS5 PRF
|
||||
#ifdef TC_WINDOWS_BOOT_SHA2
|
||||
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
|
||||
PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
|
||||
#else
|
||||
derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
|
||||
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
|
||||
PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
|
||||
#endif
|
||||
|
||||
// Mode of operation
|
||||
@ -792,7 +792,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
|
||||
break;
|
||||
|
||||
case RIPEMD160:
|
||||
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
break;
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user