diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-26 00:57:44 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:24:25 +0100 |
commit | 3f2e20e33941c51b3956adc4e653c2ec7457238e (patch) | |
tree | 7e7bb522b3eba823f1e0e30b03e5ccf386c8f204 /src | |
parent | 714a2ce0ae7e8b2cee32b0d6245a59e787758fc5 (diff) | |
download | VeraCrypt-3f2e20e33941c51b3956adc4e653c2ec7457238e.tar.gz VeraCrypt-3f2e20e33941c51b3956adc4e653c2ec7457238e.zip |
Simplify code handling iterations count: in boot mode, we'll set the correct iterations count inside derive_u_sha256 and derive_u_ripemd160 depending in the value of the iterations parameter. On normal mode, we use normal values of iterations count. Removes the special test parameter from RIPEMD160 functions.
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/Dlgcode.c | 2 | ||||
-rw-r--r-- | src/Common/EncryptionThreadPool.c | 2 | ||||
-rw-r--r-- | src/Common/Pkcs5.c | 47 | ||||
-rw-r--r-- | src/Common/Pkcs5.h | 4 | ||||
-rw-r--r-- | src/Common/Tests.c | 4 | ||||
-rw-r--r-- | src/Common/Volumes.c | 10 |
6 files changed, 37 insertions, 32 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index c19e1992..a0c425c5 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -4447,7 +4447,7 @@ static BOOL PerformBenchmark(HWND hwndDlg) case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c index 1ec78139..268f6b50 100644 --- a/src/Common/EncryptionThreadPool.c +++ b/src/Common/EncryptionThreadPool.c @@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg) switch (workItem->KeyDerivation.Pkcs5Prf)
{
case RIPEMD160:
- derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
+ derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index ba1054e0..e3f8031b 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -122,10 +122,17 @@ void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iter uint32 c;
int i;
- if (iterations == 2000)
+#ifdef TC_WINDOWS_BOOT
+ /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ * This enables us to save code space needed for implementing other features.
+ */
+ if (iterations)
c = 200000;
else
c = 500000;
+#else
+ c = iterations;
+#endif
/* iteration 1 */
memset (counter, 0, 4);
@@ -410,7 +417,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest) burn (&context, sizeof(context));
}
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
{
char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
char init[128];
@@ -418,17 +425,17 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int uint32 c;
int i;
- if (bNotTest)
- {
- if (iterations == 32767)
- c = 655331;
- else
- c = 327661;
- }
+#ifdef TC_WINDOWS_BOOT
+ /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ * This enables us to save code space needed for implementing other features.
+ */
+ if (iterations)
+ c = 327661;
else
- {
- c = iterations;
- }
+ c = 655331;
+#else
+ c = iterations;
+#endif
/* iteration 1 */
memset (counter, 0, 4);
@@ -455,7 +462,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int burn (k, sizeof(k));
}
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
{
char u[RIPEMD160_DIGESTSIZE];
int b, l, r;
@@ -474,13 +481,13 @@ void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, in /* first l - 1 blocks */
for (b = 1; b < l; b++)
{
- derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+ derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, RIPEMD160_DIGESTSIZE);
dk += RIPEMD160_DIGESTSIZE;
}
/* last block */
- derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+ derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, r);
@@ -656,7 +663,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id) }
}
-#endif //!TC_WINDOWS_BOOT
int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
@@ -665,22 +671,21 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) {
case RIPEMD160:
- return bBoot? 16384 : 32767; /* it will be changed to 327661 and 655331 respectively inside derive_u_ripemd160 */
-
-#ifndef TC_WINDOWS_BOOT
+ return bBoot? 327661 : 655331;
case SHA512:
return 500000;
case WHIRLPOOL:
return 500000;
-#endif
case SHA256:
- return bBoot? 2000 : 5000; /* it will be changed to 200000 and 500000 respectively inside derive_u_sha256 */
+ return bBoot? 200000 : 500000;
default:
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
return 0;
}
+
+#endif //!TC_WINDOWS_BOOT
\ No newline at end of file diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h index aff36cc4..be8c8cdb 100644 --- a/src/Common/Pkcs5.h +++ b/src/Common/Pkcs5.h @@ -26,8 +26,8 @@ void hmac_sha512 (char *k, int lk, char *d, int ld, char *out, int t); void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
diff --git a/src/Common/Tests.c b/src/Common/Tests.c index 226b3e09..b34073ed 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -1055,12 +1055,12 @@ BOOL test_pkcs5 () return FALSE;
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+ derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
return FALSE;
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
- derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+ derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
return FALSE;
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 1c0f2485..2bd870bc 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -302,7 +302,7 @@ KeyReady: ; switch (pkcs5_prf)
{
case RIPEMD160:
- derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
@@ -566,10 +566,10 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO // PKCS5 PRF
#ifdef TC_WINDOWS_BOOT_SHA2
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
+ PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#else
- derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
+ derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+ PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#endif
// Mode of operation
@@ -792,7 +792,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass break;
case RIPEMD160:
- derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
|