nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-12-02 16:03:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enhance security by rising the iterations used in PBKDF2 : 327670 instead of 1000 when booting in encrypted system partition, and 2000000 instead of 2000 when using encrypted containers and partitions

Browse Source
This commit is contained in:
Mounir IDRASSI 2013-06-22 17:38:33 +02:00
parent 03867fbf56
commit 6b2e97c243
6 changed files with 32 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Common/Dlgcode.c
View File

@ -4399,7 +4399,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
case RIPEMD160: case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */ /* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break; break;
case WHIRLPOOL: case WHIRLPOOL:

2
src/Common/EncryptionThreadPool.c
View File

@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
switch (workItem->KeyDerivation.Pkcs5Prf) switch (workItem->KeyDerivation.Pkcs5Prf)
{ {
case RIPEMD160: case RIPEMD160:
derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE, derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize()); workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break; break;

27
src/Common/Pkcs5.c
View File

@ -387,12 +387,13 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
burn (&context, sizeof(context)); burn (&context, sizeof(context));
} }
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b) void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
{ {
char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE]; char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
char init[128]; char init[128];
char counter[4]; char counter[4];
int c, i; int c, i, l;
int EnhanceSecurityLoops = (bNotTest)? 10 : 1;
/* iteration 1 */ /* iteration 1 */
memset (counter, 0, 4); memset (counter, 0, 4);
@ -403,6 +404,8 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
memcpy (u, j, RIPEMD160_DIGESTSIZE); memcpy (u, j, RIPEMD160_DIGESTSIZE);
/* remaining iterations */ /* remaining iterations */
for (l = 0; l < EnhanceSecurityLoops; l++)
{
for (c = 1; c < iterations; c++) for (c = 1; c < iterations; c++)
{ {
hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k); hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
@ -412,13 +415,14 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
j[i] = k[i]; j[i] = k[i];
} }
} }
}
/* Prevent possible leaks. */ /* Prevent possible leaks. */
burn (j, sizeof(j)); burn (j, sizeof(j));
burn (k, sizeof(k)); burn (k, sizeof(k));
} }
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen) void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
{ {
char u[RIPEMD160_DIGESTSIZE]; char u[RIPEMD160_DIGESTSIZE];
int b, l, r; int b, l, r;
@ -437,13 +441,13 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int
/* first l - 1 blocks */ /* first l - 1 blocks */
for (b = 1; b < l; b++) for (b = 1; b < l; b++)
{ {
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b); derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, RIPEMD160_DIGESTSIZE); memcpy (dk, u, RIPEMD160_DIGESTSIZE);
dk += RIPEMD160_DIGESTSIZE; dk += RIPEMD160_DIGESTSIZE;
} }
/* last block */ /* last block */
derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b); derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, r); memcpy (dk, u, r);
@ -620,19 +624,22 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
{ {
switch (pkcs5_prf_id) switch (pkcs5_prf_id)
{ {
#ifdef TC_WINDOWS_BOOT
case RIPEMD160: case RIPEMD160:
return (bBoot ? 1000 : 2000); return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */
#ifndef TC_WINDOWS_BOOT #else
case RIPEMD160:
return bBoot? 32767 : 200000; /* we multiply this number by 10 inside derive_u_ripemd160 */
case SHA512: case SHA512:
return 1000; return 1000000;
case SHA1: // Deprecated/legacy case SHA1: // Deprecated/legacy
return 2000; return 2000000;
case WHIRLPOOL: case WHIRLPOOL:
return 1000; return 1000000;
#endif #endif
default: default:

4
src/Common/Pkcs5.h
View File

@ -26,8 +26,8 @@ void hmac_sha1 (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest); void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t); void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);

4
src/Common/Tests.c
View File

@ -1699,12 +1699,12 @@ BOOL test_pkcs5 ()
#endif #endif
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */ /* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4); derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0) if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
return FALSE; return FALSE;
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */ /* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48); derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0) if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
return FALSE; return FALSE;

8
src/Common/Volumes.c
View File

@ -299,7 +299,7 @@ KeyReady: ;
switch (pkcs5_prf) switch (pkcs5_prf)
{ {
case RIPEMD160: case RIPEMD160:
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break; break;
@ -595,8 +595,8 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
cryptoInfo = *retInfo = crypto_open (); cryptoInfo = *retInfo = crypto_open ();
// PKCS5 PRF // PKCS5 PRF
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
PKCS5_SALT_SIZE, bBoot ? 1000 : 2000, dk, sizeof (dk)); PKCS5_SALT_SIZE, 32767, dk, sizeof (dk));
// Mode of operation // Mode of operation
cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID; cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
@ -771,7 +771,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
break; break;
case RIPEMD160: case RIPEMD160:
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break; break;