diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-06-03 09:12:42 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:19:15 +0100 |
commit | 751a454e6c9de93c3954b839b0d9dfde03494d48 (patch) | |
tree | 0f150c24a774e7b44d3fd065c5f20763fd2558f8 /src/Common/Pkcs5.c | |
parent | 9b19baf73e8c9dbd60ee36bcd1cb910bf01fa3d7 (diff) | |
download | VeraCrypt-751a454e6c9de93c3954b839b0d9dfde03494d48.tar.gz VeraCrypt-751a454e6c9de93c3954b839b0d9dfde03494d48.zip |
Correct issue in handling hidden system partitions that made it impossible to verify their password.
Diffstat (limited to 'src/Common/Pkcs5.c')
-rw-r--r-- | src/Common/Pkcs5.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index f02364ea..00cf7941 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -393,7 +393,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int char init[128];
char counter[4];
int c, i, l;
- int EnhanceSecurityLoops = (bNotTest)? 10 : 1;
+ int EnhanceSecurityLoops = (bNotTest)? 20 : 1;
/* iteration 1 */
memset (counter, 0, 4);
@@ -417,6 +417,21 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int }
}
+ /* add extra 10 loops to ensure backward compatibilty with the previous count (327661 for boot, 655331 for normal) */
+ if (iterations == 32767)
+ {
+ /* case of normal partition : add 10 iterations to have a total of 655331 = (32767 - 1)*20 + 1 + 10 */
+ for (c = 0; c < 10; c++)
+ {
+ hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
+ for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
+ {
+ u[i] ^= k[i];
+ j[i] = k[i];
+ }
+ }
+ }
+
/* Prevent possible leaks. */
burn (j, sizeof(j));
burn (k, sizeof(k));
@@ -624,13 +639,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) {
switch (pkcs5_prf_id)
{
-#ifdef TC_WINDOWS_BOOT
- case RIPEMD160:
- return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */
-#else
case RIPEMD160:
- return bBoot? 32767 : 65534; /* we multiply this number by 10 inside derive_u_ripemd160 */
+ return bBoot? 16384 : 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */
+
+#ifndef TC_WINDOWS_BOOT
case SHA512:
return 500000;
|