From 6b2e97c2438e85ddf2f166cf7c56f6c923ffcac4 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 22 Jun 2013 17:38:33 +0200 Subject: [PATCH] Enhance security by rising the iterations used in PBKDF2 : 327670 instead of 1000 when booting in encrypted system partition, and 2000000 instead of 2000 when using encrypted containers and partitions --- src/Common/Dlgcode.c | 2 +- src/Common/EncryptionThreadPool.c | 2 +- src/Common/Pkcs5.c | 37 ++++++++++++++++++------------- src/Common/Pkcs5.h | 4 ++-- src/Common/Tests.c | 4 ++-- src/Common/Volumes.c | 8 +++---- 6 files changed, 32 insertions(+), 25 deletions(-) diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index cd71d0b1..c8864372 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -4399,7 +4399,7 @@ static BOOL PerformBenchmark(HWND hwndDlg) case RIPEMD160: /* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */ - derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); + derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); break; case WHIRLPOOL: diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c index bd6b7b1b..fdedf36f 100644 --- a/src/Common/EncryptionThreadPool.c +++ b/src/Common/EncryptionThreadPool.c @@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg) switch (workItem->KeyDerivation.Pkcs5Prf) { case RIPEMD160: - derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE, + derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE, workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize()); break; diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index dacdd623..0fa7f713 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -387,12 +387,13 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest) burn (&context, sizeof(context)); } -void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b) +void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b) { char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE]; char init[128]; char counter[4]; - int c, i; + int c, i, l; + int EnhanceSecurityLoops = (bNotTest)? 10 : 1; /* iteration 1 */ memset (counter, 0, 4); @@ -403,13 +404,16 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i memcpy (u, j, RIPEMD160_DIGESTSIZE); /* remaining iterations */ - for (c = 1; c < iterations; c++) + for (l = 0; l < EnhanceSecurityLoops; l++) { - hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k); - for (i = 0; i < RIPEMD160_DIGESTSIZE; i++) + for (c = 1; c < iterations; c++) { - u[i] ^= k[i]; - j[i] = k[i]; + hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k); + for (i = 0; i < RIPEMD160_DIGESTSIZE; i++) + { + u[i] ^= k[i]; + j[i] = k[i]; + } } } @@ -418,7 +422,7 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i burn (k, sizeof(k)); } -void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen) +void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen) { char u[RIPEMD160_DIGESTSIZE]; int b, l, r; @@ -437,13 +441,13 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int /* first l - 1 blocks */ for (b = 1; b < l; b++) { - derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b); + derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b); memcpy (dk, u, RIPEMD160_DIGESTSIZE); dk += RIPEMD160_DIGESTSIZE; } /* last block */ - derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b); + derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b); memcpy (dk, u, r); @@ -620,19 +624,22 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) { switch (pkcs5_prf_id) { +#ifdef TC_WINDOWS_BOOT case RIPEMD160: - return (bBoot ? 1000 : 2000); + return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */ -#ifndef TC_WINDOWS_BOOT +#else + case RIPEMD160: + return bBoot? 32767 : 200000; /* we multiply this number by 10 inside derive_u_ripemd160 */ case SHA512: - return 1000; + return 1000000; case SHA1: // Deprecated/legacy - return 2000; + return 2000000; case WHIRLPOOL: - return 1000; + return 1000000; #endif default: diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h index cc3b3c80..5a286fb5 100644 --- a/src/Common/Pkcs5.h +++ b/src/Common/Pkcs5.h @@ -26,8 +26,8 @@ void hmac_sha1 (char *k, int lk, char *d, int ld, char *out, int t); void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest); -void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); -void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); +void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); +void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t); void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); diff --git a/src/Common/Tests.c b/src/Common/Tests.c index ebb27ac6..dd4f1621 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -1699,12 +1699,12 @@ BOOL test_pkcs5 () #endif /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); + derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0) return FALSE; /* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */ - derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); + derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0) return FALSE; diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 01ebdf55..3b2c0ca7 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -299,7 +299,7 @@ KeyReady: ; switch (pkcs5_prf) { case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, + derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break; @@ -595,8 +595,8 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO cryptoInfo = *retInfo = crypto_open (); // PKCS5 PRF - derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, - PKCS5_SALT_SIZE, bBoot ? 1000 : 2000, dk, sizeof (dk)); + derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, + PKCS5_SALT_SIZE, 32767, dk, sizeof (dk)); // Mode of operation cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID; @@ -771,7 +771,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass break; case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, + derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break;