Simplify code handling iterations count: in boot mode, we'll set the correct iterations count inside derive_u_sha256 and derive_u_ripemd160 depending in the value of the iterations parameter. On normal mode, we use normal values of iterations count. Removes the special test parameter from RIPEMD160 functions.

This commit is contained in:
Mounir IDRASSI 2014-10-26 00:57:44 +02:00
parent 714a2ce0ae
commit 3f2e20e339
6 changed files with 37 additions and 32 deletions

View File

@ -4447,7 +4447,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:

View File

@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
switch (workItem->KeyDerivation.Pkcs5Prf)
{
case RIPEMD160:
derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;

View File

@ -122,10 +122,17 @@ void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iter
uint32 c;
int i;
if (iterations == 2000)
#ifdef TC_WINDOWS_BOOT
/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
* This enables us to save code space needed for implementing other features.
*/
if (iterations)
c = 200000;
else
c = 500000;
#else
c = iterations;
#endif
/* iteration 1 */
memset (counter, 0, 4);
@ -410,7 +417,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
burn (&context, sizeof(context));
}
void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
{
char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
char init[128];
@ -418,17 +425,17 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
uint32 c;
int i;
if (bNotTest)
{
if (iterations == 32767)
c = 655331;
else
c = 327661;
}
#ifdef TC_WINDOWS_BOOT
/* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
* This enables us to save code space needed for implementing other features.
*/
if (iterations)
c = 327661;
else
{
c = iterations;
}
c = 655331;
#else
c = iterations;
#endif
/* iteration 1 */
memset (counter, 0, 4);
@ -455,7 +462,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
burn (k, sizeof(k));
}
void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
{
char u[RIPEMD160_DIGESTSIZE];
int b, l, r;
@ -474,13 +481,13 @@ void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, in
/* first l - 1 blocks */
for (b = 1; b < l; b++)
{
derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, RIPEMD160_DIGESTSIZE);
dk += RIPEMD160_DIGESTSIZE;
}
/* last block */
derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, r);
@ -656,7 +663,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
}
}
#endif //!TC_WINDOWS_BOOT
int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
@ -665,22 +671,21 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
{
case RIPEMD160:
return bBoot? 16384 : 32767; /* it will be changed to 327661 and 655331 respectively inside derive_u_ripemd160 */
#ifndef TC_WINDOWS_BOOT
return bBoot? 327661 : 655331;
case SHA512:
return 500000;
case WHIRLPOOL:
return 500000;
#endif
case SHA256:
return bBoot? 2000 : 5000; /* it will be changed to 200000 and 500000 respectively inside derive_u_sha256 */
return bBoot? 200000 : 500000;
default:
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
return 0;
}
#endif //!TC_WINDOWS_BOOT

View File

@ -26,8 +26,8 @@ void hmac_sha512 (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);

View File

@ -1055,12 +1055,12 @@ BOOL test_pkcs5 ()
return FALSE;
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
return FALSE;
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
return FALSE;

View File

@ -302,7 +302,7 @@ KeyReady: ;
switch (pkcs5_prf)
{
case RIPEMD160:
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
@ -566,10 +566,10 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// PKCS5 PRF
#ifdef TC_WINDOWS_BOOT_SHA2
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#else
derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#endif
// Mode of operation
@ -792,7 +792,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
break;
case RIPEMD160:
derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;