diff options
Diffstat (limited to 'src/Common/Pkcs5.c')
| -rw-r--r-- | src/Common/Pkcs5.c | 512 |
1 files changed, 203 insertions, 309 deletions
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index d81078e8..fbe22275 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -4,11 +4,11 @@ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License Agreement for Encryption for the Masses' Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ #include "Tcdefs.h" @@ -41,75 +41,69 @@ typedef struct hmac_sha256_ctx_struct { sha256_ctx ctx; sha256_ctx inner_digest_ctx; /*pre-computed inner digest context */ sha256_ctx outer_digest_ctx; /*pre-computed outer digest context */ - char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */ - char u[SHA256_DIGESTSIZE]; + unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */ + unsigned char u[SHA256_DIGESTSIZE]; } hmac_sha256_ctx; void hmac_sha256_internal ( - char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ + unsigned char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ int ld, /* length of input data in bytes */ hmac_sha256_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */ ) { sha256_ctx* ctx = &(hmac->ctx); /**** Restore Precomputed Inner Digest Context ****/ memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha256_ctx)); - sha256_hash ((unsigned char *) d, ld, ctx); + sha256_hash (d, ld, ctx); - sha256_end ((unsigned char *) d, ctx); /* d = inner digest */ + sha256_end (d, ctx); /* d = inner digest */ /**** Restore Precomputed Outer Digest Context ****/ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha256_ctx)); - sha256_hash ((unsigned char *) d, SHA256_DIGESTSIZE, ctx); + sha256_hash (d, SHA256_DIGESTSIZE, ctx); - sha256_end ((unsigned char *) d, ctx); /* d = outer digest */ + sha256_end (d, ctx); /* d = outer digest */ } #ifndef TC_WINDOWS_BOOT void hmac_sha256 ( - char *k, /* secret key */ + unsigned char *k, /* secret key */ int lk, /* length of the key in bytes */ - char *d, /* data */ + unsigned char *d, /* data */ int ld /* length of data in bytes */ ) { hmac_sha256_ctx hmac; sha256_ctx* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b; - char key[SHA256_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[SHA256_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSE2()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the key is longer than the hash algorithm block size, let key = sha256(key), as per HMAC specifications. */ if (lk > SHA256_BLOCKSIZE) { sha256_ctx tctx; sha256_begin (&tctx); - sha256_hash ((unsigned char *) k, lk, &tctx); - sha256_end ((unsigned char *) key, &tctx); + sha256_hash (k, lk, &tctx); + sha256_end (key, &tctx); k = key; lk = SHA256_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -120,47 +114,43 @@ void hmac_sha256 ctx = &(hmac.inner_digest_ctx); sha256_begin (ctx); /* Pad the key for inner digest */ for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x36); + buf[b] = (unsigned char) (k[b] ^ 0x36); memset (&buf[lk], 0x36, SHA256_BLOCKSIZE - lk); - sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx); + sha256_hash (buf, SHA256_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); sha256_begin (ctx); for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x5C); + buf[b] = (unsigned char) (k[b] ^ 0x5C); memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk); - sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx); + sha256_hash (buf, SHA256_BLOCKSIZE, ctx); hmac_sha256_internal(d, ld, &hmac); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent leaks */ burn(&hmac, sizeof(hmac)); burn(key, sizeof(key)); } #endif -static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac) +static void derive_u_sha256 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac) { - char* k = hmac->k; - char* u = hmac->u; + unsigned char* k = hmac->k; + unsigned char* u = hmac->u; uint32 c; int i; #ifdef TC_WINDOWS_BOOT /* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise) @@ -182,11 +172,11 @@ static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b, /* big-endian block number */ #ifdef TC_WINDOWS_BOOT /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */ memset (&k[salt_len], 0, 3); - k[salt_len + 3] = (char) b; + k[salt_len + 3] = (unsigned char) b; #else b = bswap_32 (b); memcpy (&k[salt_len], &b, 4); #endif @@ -204,39 +194,33 @@ static void derive_u_sha256 (char *salt, int salt_len, uint32 iterations, int b, c--; } } -void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) +void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen) { hmac_sha256_ctx hmac; sha256_ctx* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b, l, r; #ifndef TC_WINDOWS_BOOT - char key[SHA256_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[SHA256_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSE2()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the password is longer than the hash algorithm block size, let pwd = sha256(pwd), as per HMAC specifications. */ if (pwd_len > SHA256_BLOCKSIZE) { sha256_ctx tctx; sha256_begin (&tctx); - sha256_hash ((unsigned char *) pwd, pwd_len, &tctx); - sha256_end ((unsigned char *) key, &tctx); + sha256_hash (pwd, pwd_len, &tctx); + sha256_end (key, &tctx); pwd = key; pwd_len = SHA256_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -259,25 +243,25 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 ctx = &(hmac.inner_digest_ctx); sha256_begin (ctx); /* Pad the key for inner digest */ for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x36); + buf[b] = (unsigned char) (pwd[b] ^ 0x36); memset (&buf[pwd_len], 0x36, SHA256_BLOCKSIZE - pwd_len); - sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx); + sha256_hash (buf, SHA256_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); sha256_begin (ctx); for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x5C); + buf[b] = (unsigned char) (pwd[b] ^ 0x5C); memset (&buf[pwd_len], 0x5C, SHA256_BLOCKSIZE - pwd_len); - sha256_hash ((unsigned char *) buf, SHA256_BLOCKSIZE, ctx); + sha256_hash (buf, SHA256_BLOCKSIZE, ctx); /* first l - 1 blocks */ for (b = 1; b < l; b++) { derive_u_sha256 (salt, salt_len, iterations, b, &hmac); @@ -287,17 +271,13 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 /* last block */ derive_u_sha256 (salt, salt_len, iterations, b, &hmac); memcpy (dk, hmac.u, r); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent possible leaks. */ burn (&hmac, sizeof(hmac)); #ifndef TC_WINDOWS_BOOT @@ -312,75 +292,69 @@ void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 typedef struct hmac_sha512_ctx_struct { sha512_ctx ctx; sha512_ctx inner_digest_ctx; /*pre-computed inner digest context */ sha512_ctx outer_digest_ctx; /*pre-computed outer digest context */ - char k[SHA512_BLOCKSIZE]; /* enough to hold (salt_len + 4) and also the SHA512 hash */ - char u[SHA512_DIGESTSIZE]; + unsigned char k[SHA512_BLOCKSIZE]; /* enough to hold (salt_len + 4) and also the SHA512 hash */ + unsigned char u[SHA512_DIGESTSIZE]; } hmac_sha512_ctx; void hmac_sha512_internal ( - char *d, /* data and also output buffer of at least 64 bytes */ + unsigned char *d, /* data and also output buffer of at least 64 bytes */ int ld, /* length of data in bytes */ hmac_sha512_ctx* hmac ) { sha512_ctx* ctx = &(hmac->ctx); /**** Restore Precomputed Inner Digest Context ****/ memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (sha512_ctx)); - sha512_hash ((unsigned char *) d, ld, ctx); + sha512_hash (d, ld, ctx); - sha512_end ((unsigned char *) d, ctx); + sha512_end (d, ctx); /**** Restore Precomputed Outer Digest Context ****/ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (sha512_ctx)); - sha512_hash ((unsigned char *) d, SHA512_DIGESTSIZE, ctx); + sha512_hash (d, SHA512_DIGESTSIZE, ctx); - sha512_end ((unsigned char *) d, ctx); + sha512_end (d, ctx); } void hmac_sha512 ( - char *k, /* secret key */ + unsigned char *k, /* secret key */ int lk, /* length of the key in bytes */ - char *d, /* data and also output buffer of at least 64 bytes */ + unsigned char *d, /* data and also output buffer of at least 64 bytes */ int ld /* length of data in bytes */ ) { hmac_sha512_ctx hmac; sha512_ctx* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b; - char key[SHA512_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[SHA512_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSSE3() && HasMMX()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the key is longer than the hash algorithm block size, let key = sha512(key), as per HMAC specifications. */ if (lk > SHA512_BLOCKSIZE) { sha512_ctx tctx; sha512_begin (&tctx); - sha512_hash ((unsigned char *) k, lk, &tctx); - sha512_end ((unsigned char *) key, &tctx); + sha512_hash (k, lk, &tctx); + sha512_end (key, &tctx); k = key; lk = SHA512_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -391,46 +365,42 @@ void hmac_sha512 ctx = &(hmac.inner_digest_ctx); sha512_begin (ctx); /* Pad the key for inner digest */ for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x36); + buf[b] = (unsigned char) (k[b] ^ 0x36); memset (&buf[lk], 0x36, SHA512_BLOCKSIZE - lk); - sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx); + sha512_hash (buf, SHA512_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); sha512_begin (ctx); for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x5C); + buf[b] = (unsigned char) (k[b] ^ 0x5C); memset (&buf[lk], 0x5C, SHA512_BLOCKSIZE - lk); - sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx); + sha512_hash (buf, SHA512_BLOCKSIZE, ctx); hmac_sha512_internal (d, ld, &hmac); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent leaks */ burn (&hmac, sizeof(hmac)); burn (key, sizeof(key)); } -static void derive_u_sha512 (char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac) +static void derive_u_sha512 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac) { - char* k = hmac->k; - char* u = hmac->u; + unsigned char* k = hmac->k; + unsigned char* u = hmac->u; uint32 c, i; /* iteration 1 */ memcpy (k, salt, salt_len); /* salt */ /* big-endian block number */ @@ -450,39 +420,33 @@ static void derive_u_sha512 (char *salt, int salt_len, uint32 iterations, int b, } } } -void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) +void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen) { hmac_sha512_ctx hmac; sha512_ctx* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b, l, r; - char key[SHA512_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[SHA512_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSSE3() && HasMMX()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the password is longer than the hash algorithm block size, let pwd = sha512(pwd), as per HMAC specifications. */ if (pwd_len > SHA512_BLOCKSIZE) { sha512_ctx tctx; sha512_begin (&tctx); - sha512_hash ((unsigned char *) pwd, pwd_len, &tctx); - sha512_end ((unsigned char *) key, &tctx); + sha512_hash (pwd, pwd_len, &tctx); + sha512_end (key, &tctx); pwd = key; pwd_len = SHA512_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -504,25 +468,25 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 ctx = &(hmac.inner_digest_ctx); sha512_begin (ctx); /* Pad the key for inner digest */ for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x36); + buf[b] = (unsigned char) (pwd[b] ^ 0x36); memset (&buf[pwd_len], 0x36, SHA512_BLOCKSIZE - pwd_len); - sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx); + sha512_hash (buf, SHA512_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); sha512_begin (ctx); for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x5C); + buf[b] = (unsigned char) (pwd[b] ^ 0x5C); memset (&buf[pwd_len], 0x5C, SHA512_BLOCKSIZE - pwd_len); - sha512_hash ((unsigned char *) buf, SHA512_BLOCKSIZE, ctx); + sha512_hash (buf, SHA512_BLOCKSIZE, ctx); /* first l - 1 blocks */ for (b = 1; b < l; b++) { derive_u_sha512 (salt, salt_len, iterations, b, &hmac); @@ -532,17 +496,13 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 /* last block */ derive_u_sha512 (salt, salt_len, iterations, b, &hmac); memcpy (dk, hmac.u, r); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent possible leaks. */ burn (&hmac, sizeof(hmac)); burn (key, sizeof(key)); @@ -555,17 +515,17 @@ void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 typedef struct hmac_blake2s_ctx_struct { blake2s_state ctx; blake2s_state inner_digest_ctx; /*pre-computed inner digest context */ blake2s_state outer_digest_ctx; /*pre-computed outer digest context */ - char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Blake2s hash */ - char u[BLAKE2S_DIGESTSIZE]; + unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Blake2s hash */ + unsigned char u[BLAKE2S_DIGESTSIZE]; } hmac_blake2s_ctx; void hmac_blake2s_internal ( - char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ + unsigned char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ int ld, /* length of input data in bytes */ hmac_blake2s_ctx* hmac /* HMAC-BLAKE2S context which holds temporary variables */ ) { blake2s_state* ctx = &(hmac->ctx); @@ -574,56 +534,50 @@ void hmac_blake2s_internal memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (blake2s_state)); blake2s_update (ctx, d, ld); - blake2s_final (ctx, (unsigned char*) d); /* d = inner digest */ + blake2s_final (ctx, d); /* d = inner digest */ /**** Restore Precomputed Outer Digest Context ****/ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state)); blake2s_update (ctx, d, BLAKE2S_DIGESTSIZE); - blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */ + blake2s_final (ctx, d); /* d = outer digest */ } #ifndef TC_WINDOWS_BOOT void hmac_blake2s ( - char *k, /* secret key */ + unsigned char *k, /* secret key */ int lk, /* length of the key in bytes */ - char *d, /* data */ + unsigned char *d, /* data */ int ld /* length of data in bytes */ ) { hmac_blake2s_ctx hmac; blake2s_state* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b; - char key[BLAKE2S_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[BLAKE2S_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSE2()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the key is longer than the hash algorithm block size, let key = blake2s(key), as per HMAC specifications. */ if (lk > BLAKE2S_BLOCKSIZE) { blake2s_state tctx; blake2s_init (&tctx); blake2s_update (&tctx, k, lk); - blake2s_final (&tctx, (unsigned char *) key); + blake2s_final (&tctx, key); k = key; lk = BLAKE2S_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -634,47 +588,43 @@ void hmac_blake2s ctx = &(hmac.inner_digest_ctx); blake2s_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x36); + buf[b] = (unsigned char) (k[b] ^ 0x36); memset (&buf[lk], 0x36, BLAKE2S_BLOCKSIZE - lk); - blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE); + blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); blake2s_init (ctx); for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x5C); + buf[b] = (unsigned char) (k[b] ^ 0x5C); memset (&buf[lk], 0x5C, BLAKE2S_BLOCKSIZE - lk); - blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE); + blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE); hmac_blake2s_internal(d, ld, &hmac); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent leaks */ burn(&hmac, sizeof(hmac)); burn(key, sizeof(key)); } #endif -static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac) +static void derive_u_blake2s (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac) { - char* k = hmac->k; - char* u = hmac->u; + unsigned char* k = hmac->k; + unsigned char* u = hmac->u; uint32 c; int i; #ifdef TC_WINDOWS_BOOT /* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise) @@ -696,11 +646,11 @@ static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b /* big-endian block number */ #ifdef TC_WINDOWS_BOOT /* specific case of 16-bit bootloader: b is a 16-bit integer that is always < 256 */ memset (&k[salt_len], 0, 3); - k[salt_len + 3] = (char) b; + k[salt_len + 3] = (unsigned char) b; #else b = bswap_32 (b); memcpy (&k[salt_len], &b, 4); #endif @@ -718,39 +668,33 @@ static void derive_u_blake2s (char *salt, int salt_len, uint32 iterations, int b c--; } } -void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) +void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen) { hmac_blake2s_ctx hmac; blake2s_state* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b, l, r; #ifndef TC_WINDOWS_BOOT - char key[BLAKE2S_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) + unsigned char key[BLAKE2S_DIGESTSIZE]; +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; -#ifdef _WIN64 XSTATE_SAVE SaveState; if (IsCpuIntel() && HasSAVX()) - saveStatus = KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState); -#else - KFLOATING_SAVE floatingPointState; - if (HasSSE2()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + saveStatus = KeSaveExtendedProcessorState(XSTATE_MASK_GSSE, &SaveState); #endif /* If the password is longer than the hash algorithm block size, let pwd = blake2s(pwd), as per HMAC specifications. */ if (pwd_len > BLAKE2S_BLOCKSIZE) { blake2s_state tctx; blake2s_init (&tctx); blake2s_update (&tctx, pwd, pwd_len); - blake2s_final (&tctx, (unsigned char *) key); + blake2s_final (&tctx, key); pwd = key; pwd_len = BLAKE2S_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -773,22 +717,22 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3 ctx = &(hmac.inner_digest_ctx); blake2s_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x36); + buf[b] = (unsigned char) (pwd[b] ^ 0x36); memset (&buf[pwd_len], 0x36, BLAKE2S_BLOCKSIZE - pwd_len); blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); blake2s_init (ctx); for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x5C); + buf[b] = (unsigned char) (pwd[b] ^ 0x5C); memset (&buf[pwd_len], 0x5C, BLAKE2S_BLOCKSIZE - pwd_len); blake2s_update (ctx, buf, BLAKE2S_BLOCKSIZE); /* first l - 1 blocks */ @@ -801,17 +745,13 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3 /* last block */ derive_u_blake2s (salt, salt_len, iterations, b, &hmac); memcpy (dk, hmac.u, r); -#if defined (DEVICE_DRIVER) +#if defined (DEVICE_DRIVER) && !defined(_M_ARM64) if (NT_SUCCESS (saveStatus)) -#ifdef _WIN64 - KeRestoreExtendedProcessorStateVC(&SaveState); -#else - KeRestoreFloatingPointState (&floatingPointState); -#endif + KeRestoreExtendedProcessorState(&SaveState); #endif /* Prevent possible leaks. */ burn (&hmac, sizeof(hmac)); #ifndef TC_WINDOWS_BOOT @@ -826,68 +766,62 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3 typedef struct hmac_whirlpool_ctx_struct { WHIRLPOOL_CTX ctx; WHIRLPOOL_CTX inner_digest_ctx; /*pre-computed inner digest context */ WHIRLPOOL_CTX outer_digest_ctx; /*pre-computed outer digest context */ - CRYPTOPP_ALIGN_DATA(16) char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Whirlpool hash */ - char u[WHIRLPOOL_DIGESTSIZE]; + CRYPTOPP_ALIGN_DATA(16) unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Whirlpool hash */ + unsigned char u[WHIRLPOOL_DIGESTSIZE]; } hmac_whirlpool_ctx; void hmac_whirlpool_internal ( - char *d, /* input/output data. d pointer is guaranteed to be at least 64-bytes long */ + unsigned char *d, /* input/output data. d pointer is guaranteed to be at least 64-bytes long */ int ld, /* length of input data in bytes */ hmac_whirlpool_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */ ) { WHIRLPOOL_CTX* ctx = &(hmac->ctx); /**** Restore Precomputed Inner Digest Context ****/ memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (WHIRLPOOL_CTX)); - WHIRLPOOL_add ((unsigned char *) d, ld, ctx); + WHIRLPOOL_add (d, ld, ctx); - WHIRLPOOL_finalize (ctx, (unsigned char *) d); + WHIRLPOOL_finalize (ctx, d); /**** Restore Precomputed Outer Digest Context ****/ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (WHIRLPOOL_CTX)); - WHIRLPOOL_add ((unsigned char *) d, WHIRLPOOL_DIGESTSIZE, ctx); + WHIRLPOOL_add (d, WHIRLPOOL_DIGESTSIZE, ctx); - WHIRLPOOL_finalize (ctx, (unsigned char *) d); + WHIRLPOOL_finalize (ctx, d); } void hmac_whirlpool ( - char *k, /* secret key */ + unsigned char *k, /* secret key */ int lk, /* length of the key in bytes */ - char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ + unsigned char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ int ld /* length of data in bytes */ ) { hmac_whirlpool_ctx hmac; WHIRLPOOL_CTX* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b; - char key[WHIRLPOOL_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasISSE()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + unsigned char key[WHIRLPOOL_DIGESTSIZE]; /* If the key is longer than the hash algorithm block size, let key = whirlpool(key), as per HMAC specifications. */ if (lk > WHIRLPOOL_BLOCKSIZE) { WHIRLPOOL_CTX tctx; WHIRLPOOL_init (&tctx); - WHIRLPOOL_add ((unsigned char *) k, lk, &tctx); - WHIRLPOOL_finalize (&tctx, (unsigned char *) key); + WHIRLPOOL_add (k, lk, &tctx); + WHIRLPOOL_finalize (&tctx, key); k = key; lk = WHIRLPOOL_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -898,40 +832,36 @@ void hmac_whirlpool ctx = &(hmac.inner_digest_ctx); WHIRLPOOL_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x36); + buf[b] = (unsigned char) (k[b] ^ 0x36); memset (&buf[lk], 0x36, WHIRLPOOL_BLOCKSIZE - lk); - WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx); + WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); WHIRLPOOL_init (ctx); for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x5C); + buf[b] = (unsigned char) (k[b] ^ 0x5C); memset (&buf[lk], 0x5C, WHIRLPOOL_BLOCKSIZE - lk); - WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx); + WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx); hmac_whirlpool_internal(d, ld, &hmac); -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif /* Prevent leaks */ burn(&hmac, sizeof(hmac)); } -static void derive_u_whirlpool (char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac) +static void derive_u_whirlpool (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac) { - char* u = hmac->u; - char* k = hmac->k; + unsigned char* u = hmac->u; + unsigned char* k = hmac->k; uint32 c, i; /* iteration 1 */ memcpy (k, salt, salt_len); /* salt */ /* big-endian block number */ @@ -950,32 +880,26 @@ static void derive_u_whirlpool (char *salt, int salt_len, uint32 iterations, int u[i] ^= k[i]; } } } -void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) +void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen) { hmac_whirlpool_ctx hmac; WHIRLPOOL_CTX* ctx; - char* buf = hmac.k; - char key[WHIRLPOOL_DIGESTSIZE]; + unsigned char* buf = hmac.k; + unsigned char key[WHIRLPOOL_DIGESTSIZE]; int b, l, r; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasISSE()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif /* If the password is longer than the hash algorithm block size, let pwd = whirlpool(pwd), as per HMAC specifications. */ if (pwd_len > WHIRLPOOL_BLOCKSIZE) { WHIRLPOOL_CTX tctx; WHIRLPOOL_init (&tctx); - WHIRLPOOL_add ((unsigned char *) pwd, pwd_len, &tctx); - WHIRLPOOL_finalize (&tctx, (unsigned char *) key); + WHIRLPOOL_add (pwd, pwd_len, &tctx); + WHIRLPOOL_finalize (&tctx, key); pwd = key; pwd_len = WHIRLPOOL_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -997,25 +921,25 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin ctx = &(hmac.inner_digest_ctx); WHIRLPOOL_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x36); + buf[b] = (unsigned char) (pwd[b] ^ 0x36); memset (&buf[pwd_len], 0x36, WHIRLPOOL_BLOCKSIZE - pwd_len); - WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx); + WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); WHIRLPOOL_init (ctx); for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x5C); + buf[b] = (unsigned char) (pwd[b] ^ 0x5C); memset (&buf[pwd_len], 0x5C, WHIRLPOOL_BLOCKSIZE - pwd_len); - WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE, ctx); + WHIRLPOOL_add (buf, WHIRLPOOL_BLOCKSIZE, ctx); /* first l - 1 blocks */ for (b = 1; b < l; b++) { derive_u_whirlpool (salt, salt_len, iterations, b, &hmac); @@ -1025,15 +949,10 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin /* last block */ derive_u_whirlpool (salt, salt_len, iterations, b, &hmac); memcpy (dk, hmac.u, r); -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif - /* Prevent possible leaks. */ burn (&hmac, sizeof(hmac)); burn (key, sizeof(key)); } @@ -1041,68 +960,62 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin typedef struct hmac_streebog_ctx_struct { STREEBOG_CTX ctx; STREEBOG_CTX inner_digest_ctx; /*pre-computed inner digest context */ STREEBOG_CTX outer_digest_ctx; /*pre-computed outer digest context */ - CRYPTOPP_ALIGN_DATA(16) char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Streebog hash */ - char u[STREEBOG_DIGESTSIZE]; + CRYPTOPP_ALIGN_DATA(16) unsigned char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Streebog hash */ + unsigned char u[STREEBOG_DIGESTSIZE]; } hmac_streebog_ctx; void hmac_streebog_internal ( - char *d, /* input/output data. d pointer is guaranteed to be at least 64-bytes long */ + unsigned char *d, /* input/output data. d pointer is guaranteed to be at least 64-bytes long */ int ld, /* length of input data in bytes */ hmac_streebog_ctx* hmac /* HMAC-Whirlpool context which holds temporary variables */ ) { STREEBOG_CTX* ctx = &(hmac->ctx); /**** Restore Precomputed Inner Digest Context ****/ memcpy (ctx, &(hmac->inner_digest_ctx), sizeof (STREEBOG_CTX)); - STREEBOG_add (ctx, (unsigned char *) d, ld); + STREEBOG_add (ctx, d, ld); - STREEBOG_finalize (ctx, (unsigned char *) d); + STREEBOG_finalize (ctx, d); /**** Restore Precomputed Outer Digest Context ****/ memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (STREEBOG_CTX)); - STREEBOG_add (ctx, (unsigned char *) d, STREEBOG_DIGESTSIZE); + STREEBOG_add (ctx, d, STREEBOG_DIGESTSIZE); - STREEBOG_finalize (ctx, (unsigned char *) d); + STREEBOG_finalize (ctx, d); } void hmac_streebog ( - char *k, /* secret key */ + unsigned char *k, /* secret key */ int lk, /* length of the key in bytes */ - char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ + unsigned char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ int ld /* length of data in bytes */ ) { hmac_streebog_ctx hmac; STREEBOG_CTX* ctx; - char* buf = hmac.k; + unsigned char* buf = hmac.k; int b; - CRYPTOPP_ALIGN_DATA(16) char key[STREEBOG_DIGESTSIZE]; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasSSE2() || HasSSE41()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif + CRYPTOPP_ALIGN_DATA(16) unsigned char key[STREEBOG_DIGESTSIZE]; /* If the key is longer than the hash algorithm block size, let key = streebog(key), as per HMAC specifications. */ if (lk > STREEBOG_BLOCKSIZE) { STREEBOG_CTX tctx; STREEBOG_init (&tctx); - STREEBOG_add (&tctx, (unsigned char *) k, lk); - STREEBOG_finalize (&tctx, (unsigned char *) key); + STREEBOG_add (&tctx, k, lk); + STREEBOG_finalize (&tctx, key); k = key; lk = STREEBOG_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -1113,40 +1026,36 @@ void hmac_streebog ctx = &(hmac.inner_digest_ctx); STREEBOG_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x36); + buf[b] = (unsigned char) (k[b] ^ 0x36); memset (&buf[lk], 0x36, STREEBOG_BLOCKSIZE - lk); - STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE); + STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); STREEBOG_init (ctx); for (b = 0; b < lk; ++b) - buf[b] = (char) (k[b] ^ 0x5C); + buf[b] = (unsigned char) (k[b] ^ 0x5C); memset (&buf[lk], 0x5C, STREEBOG_BLOCKSIZE - lk); - STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE); + STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE); hmac_streebog_internal(d, ld, &hmac); -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif /* Prevent leaks */ burn(&hmac, sizeof(hmac)); } -static void derive_u_streebog (char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac) +static void derive_u_streebog (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac) { - char* u = hmac->u; - char* k = hmac->k; + unsigned char* u = hmac->u; + unsigned char* k = hmac->k; uint32 c, i; /* iteration 1 */ memcpy (k, salt, salt_len); /* salt */ /* big-endian block number */ @@ -1165,32 +1074,26 @@ static void derive_u_streebog (char *salt, int salt_len, uint32 iterations, int u[i] ^= k[i]; } } } -void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen) +void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen) { hmac_streebog_ctx hmac; STREEBOG_CTX* ctx; - char* buf = hmac.k; - char key[STREEBOG_DIGESTSIZE]; + unsigned char* buf = hmac.k; + unsigned char key[STREEBOG_DIGESTSIZE]; int b, l, r; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasSSE2() || HasSSE41()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif /* If the password is longer than the hash algorithm block size, let pwd = streebog(pwd), as per HMAC specifications. */ if (pwd_len > STREEBOG_BLOCKSIZE) { STREEBOG_CTX tctx; STREEBOG_init (&tctx); - STREEBOG_add (&tctx, (unsigned char *) pwd, pwd_len); - STREEBOG_finalize (&tctx, (unsigned char *) key); + STREEBOG_add (&tctx, pwd, pwd_len); + STREEBOG_finalize (&tctx, key); pwd = key; pwd_len = STREEBOG_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks @@ -1212,25 +1115,25 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint ctx = &(hmac.inner_digest_ctx); STREEBOG_init (ctx); /* Pad the key for inner digest */ for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x36); + buf[b] = (unsigned char) (pwd[b] ^ 0x36); memset (&buf[pwd_len], 0x36, STREEBOG_BLOCKSIZE - pwd_len); - STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE); + STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE); /**** Precompute HMAC Outer Digest ****/ ctx = &(hmac.outer_digest_ctx); STREEBOG_init (ctx); for (b = 0; b < pwd_len; ++b) - buf[b] = (char) (pwd[b] ^ 0x5C); + buf[b] = (unsigned char) (pwd[b] ^ 0x5C); memset (&buf[pwd_len], 0x5C, STREEBOG_BLOCKSIZE - pwd_len); - STREEBOG_add (ctx, (unsigned char *) buf, STREEBOG_BLOCKSIZE); + STREEBOG_add (ctx, buf, STREEBOG_BLOCKSIZE); /* first l - 1 blocks */ for (b = 1; b < l; b++) { derive_u_streebog (salt, salt_len, iterations, b, &hmac); @@ -1240,15 +1143,10 @@ void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint /* last block */ derive_u_streebog (salt, salt_len, iterations, b, &hmac); memcpy (dk, hmac.u, r); -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif - /* Prevent possible leaks. */ burn (&hmac, sizeof(hmac)); burn (key, sizeof(key)); } @@ -1276,57 +1174,53 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id) } } -int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot) +int get_pkcs5_iteration_count(int pkcs5_prf_id, int pim, BOOL bBoot) { - if ( (pim < 0) - ) - { - return 0; - } + int iteration_count = 0; - switch (pkcs5_prf_id) + if (pim >= 0) { - - case BLAKE2S: - if (pim == 0) - return bBoot? 200000 : 500000; - else - { - return bBoot? pim * 2048 : 15000 + pim * 1000; - } - - case SHA512: - return ((pim == 0)? 500000 : 15000 + pim * 1000); - - case WHIRLPOOL: - return ((pim == 0)? 500000 : 15000 + pim * 1000); - - case SHA256: - if (pim == 0) - return bBoot? 200000 : 500000; - else - { - return bBoot? pim * 2048 : 15000 + pim * 1000; - } - - case STREEBOG: - if (pim == 0) - return bBoot? 200000 : 500000; - else + switch (pkcs5_prf_id) { - return bBoot? pim * 2048 : 15000 + pim * 1000; + case BLAKE2S: + if (pim == 0) + iteration_count = bBoot ? 200000 : 500000; + else + iteration_count = bBoot ? pim * 2048 : 15000 + pim * 1000; + break; + + case SHA512: + iteration_count = (pim == 0) ? 500000 : 15000 + pim * 1000; + break; + + case WHIRLPOOL: + iteration_count = (pim == 0) ? 500000 : 15000 + pim * 1000; + break; + + case SHA256: + if (pim == 0) + iteration_count = bBoot ? 200000 : 500000; + else + iteration_count = bBoot ? pim * 2048 : 15000 + pim * 1000; + break; + + case STREEBOG: + if (pim == 0) + iteration_count = bBoot ? 200000 : 500000; + else + iteration_count = bBoot ? pim * 2048 : 15000 + pim * 1000; + break; + + default: + TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID } - - default: - TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID } -#if _MSC_VER < 1900 - return 0; -#endif + + return iteration_count; } int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType) { if (pkcs5_prf_id == 0) // auto-detection always supported |