Bootloader code optimization: remove code in HMAC implementation in case of boot compilation that is never called since passwords are always less than 64-byte length. We leave it in Windows compilation because it is used to check the implementation against test vectors.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2014-10-26 00:28:51 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2014-11-08 23:24:17 +0100
commit: c61f8c70de2179a27f7c40c80b65ce1ee5253286 (patch)
tree: 8f4e05326774319e73327ce05967d5f1d8977bb7 /src
parent: e1a0826ef52d8a8650fdac7f36a58a2b1fd68c77 (diff)
download: VeraCrypt-c61f8c70de2179a27f7c40c80b65ce1ee5253286.tar.gz
VeraCrypt-c61f8c70de2179a27f7c40c80b65ce1ee5253286.zip
1 files changed, 24 insertions, 4 deletions
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index 2901d6a1..ba1054e0 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -46,12 +46,15 @@ void hmac_sha256
 )
 {
 	sha256_ctx ictx, octx;
 	char isha[SHA256_DIGESTSIZE], osha[SHA256_DIGESTSIZE];
+#ifndef TC_WINDOWS_BOOT
 	char key[SHA256_DIGESTSIZE];
+#endif
 	char buf[SHA256_BLOCKSIZE];
 	int i;
 
+#ifndef TC_WINDOWS_BOOT
     /* If the key is longer than the hash algorithm block size,
 	   let key = sha256(key), as per HMAC specifications. */
 	if (lk > SHA256_BLOCKSIZE)
 	{
@@ -65,9 +68,9 @@ void hmac_sha256
 		lk = SHA256_DIGESTSIZE;
 
 		burn (&tctx, sizeof(tctx));		// Prevent leaks
 	}
-
+#endif
 	/**** Inner Digest ****/
 
 	sha256_begin (&ictx);
 
@@ -104,9 +107,11 @@ void hmac_sha256
 	burn (&octx, sizeof(octx));
 	burn (isha, sizeof(isha));
 	burn (osha, sizeof(osha));
 	burn (buf, sizeof(buf));
+#ifndef TC_WINDOWS_BOOT
 	burn (key, sizeof(key));
+#endif
 }
 
 
 void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
@@ -196,12 +201,15 @@ void hmac_sha512
 )
 {
 	sha512_ctx ictx, octx;
 	char isha[SHA512_DIGESTSIZE], osha[SHA512_DIGESTSIZE];
+#ifndef TC_WINDOWS_BOOT
 	char key[SHA512_DIGESTSIZE];
+#endif
 	char buf[SHA512_BLOCKSIZE];
 	int i;
 
+#ifndef TC_WINDOWS_BOOT
     /* If the key is longer than the hash algorithm block size,
 	   let key = sha512(key), as per HMAC specifications. */
 	if (lk > SHA512_BLOCKSIZE)
 	{
@@ -215,9 +223,9 @@ void hmac_sha512
 		lk = SHA512_DIGESTSIZE;
 
 		burn (&tctx, sizeof(tctx));		// Prevent leaks
 	}
-
+#endif
 	/**** Inner Digest ****/
 
 	sha512_begin (&ictx);
 
@@ -255,9 +263,11 @@ void hmac_sha512
 	burn (&octx, sizeof(octx));
 	burn (isha, sizeof(isha));
 	burn (osha, sizeof(osha));
 	burn (buf, sizeof(buf));
+#ifndef TC_WINDOWS_BOOT
 	burn (key, sizeof(key));
+#endif
 }
 
 
 void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
@@ -333,11 +343,14 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
 {
     RMD160_CTX context;
     unsigned char k_ipad[65];  /* inner padding - key XORd with ipad */
     unsigned char k_opad[65];  /* outer padding - key XORd with opad */
+#ifndef TC_WINDOWS_BOOT
     unsigned char tk[RIPEMD160_DIGESTSIZE];
+#endif
     int i;
 
+#ifndef TC_WINDOWS_BOOT
     /* If the key is longer than the hash algorithm block size,
 	   let key = ripemd160(key), as per HMAC specifications. */
     if (keylen > RIPEMD160_BLOCKSIZE) 
 	{
@@ -351,9 +364,9 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
         keylen = RIPEMD160_DIGESTSIZE;
 
 		burn (&tctx, sizeof(tctx));	// Prevent leaks
     }
-
+#endif
 	/*
 
 	RMD160(K XOR opad, RMD160(K XOR ipad, text))
 
@@ -390,9 +403,11 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
 
 	/* Prevent possible leaks. */
     burn (k_ipad, sizeof(k_ipad));
     burn (k_opad, sizeof(k_opad));
+#ifndef TC_WINDOWS_BOOT
 	burn (tk, sizeof(tk));
+#endif
 	burn (&context, sizeof(context));
 }
 
 void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
@@ -487,12 +502,15 @@ void hmac_whirlpool
 )
 {
 	WHIRLPOOL_CTX ictx, octx;
 	char iwhi[WHIRLPOOL_DIGESTSIZE], owhi[WHIRLPOOL_DIGESTSIZE];
+#ifndef TC_WINDOWS_BOOT
 	char key[WHIRLPOOL_DIGESTSIZE];
+#endif
 	char buf[WHIRLPOOL_BLOCKSIZE];
 	int i;
 
+#ifndef TC_WINDOWS_BOOT
     /* If the key is longer than the hash algorithm block size,
 	   let key = whirlpool(key), as per HMAC specifications. */
 	if (lk > WHIRLPOOL_BLOCKSIZE)
 	{
@@ -506,9 +524,9 @@ void hmac_whirlpool
 		lk = WHIRLPOOL_DIGESTSIZE;
 
 		burn (&tctx, sizeof(tctx));		// Prevent leaks
 	}
-
+#endif
 	/**** Inner Digest ****/
 
 	WHIRLPOOL_init (&ictx);
 
@@ -546,9 +564,11 @@ void hmac_whirlpool
 	burn (&octx, sizeof(octx));
 	burn (owhi, sizeof(owhi));
 	burn (iwhi, sizeof(iwhi));
 	burn (buf, sizeof(buf));
+#ifndef TC_WINDOWS_BOOT
 	burn (key, sizeof(key));
+#endif
 }
 
 void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
 {
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2014-10-26 00:28:51 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2014-11-08 23:24:17 +0100
commit	c61f8c70de2179a27f7c40c80b65ce1ee5253286 (patch)
tree	8f4e05326774319e73327ce05967d5f1d8977bb7 /src
parent	e1a0826ef52d8a8650fdac7f36a58a2b1fd68c77 (diff)
download	VeraCrypt-c61f8c70de2179a27f7c40c80b65ce1ee5253286.tar.gz VeraCrypt-c61f8c70de2179a27f7c40c80b65ce1ee5253286.zip