From 751a454e6c9de93c3954b839b0d9dfde03494d48 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 3 Jun 2014 09:12:42 +0200 Subject: Correct issue in handling hidden system partitions that made it impossible to verify their password. --- src/Common/Pkcs5.c | 25 +++++++++++++++++++------ src/Common/Volumes.c | 4 ++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index f02364ea..00cf7941 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -393,7 +393,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int char init[128]; char counter[4]; int c, i, l; - int EnhanceSecurityLoops = (bNotTest)? 10 : 1; + int EnhanceSecurityLoops = (bNotTest)? 20 : 1; /* iteration 1 */ memset (counter, 0, 4); @@ -417,6 +417,21 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int } } + /* add extra 10 loops to ensure backward compatibilty with the previous count (327661 for boot, 655331 for normal) */ + if (iterations == 32767) + { + /* case of normal partition : add 10 iterations to have a total of 655331 = (32767 - 1)*20 + 1 + 10 */ + for (c = 0; c < 10; c++) + { + hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k); + for (i = 0; i < RIPEMD160_DIGESTSIZE; i++) + { + u[i] ^= k[i]; + j[i] = k[i]; + } + } + } + /* Prevent possible leaks. */ burn (j, sizeof(j)); burn (k, sizeof(k)); @@ -624,13 +639,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) { switch (pkcs5_prf_id) { -#ifdef TC_WINDOWS_BOOT - case RIPEMD160: - return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */ -#else case RIPEMD160: - return bBoot? 32767 : 65534; /* we multiply this number by 10 inside derive_u_ripemd160 */ + return bBoot? 16384 : 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */ + +#ifndef TC_WINDOWS_BOOT case SHA512: return 500000; diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 8f60bfc0..10f9d08a 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -41,7 +41,7 @@ // Unencrypted: // 0 64 Salt // Encrypted: -// 64 4 ASCII string 'TRUE' +// 64 4 ASCII string 'VERA' // 68 2 Header version // 70 2 Required program version // 72 4 CRC-32 checksum of the (decrypted) bytes 256-511 @@ -596,7 +596,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO // PKCS5 PRF derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, - PKCS5_SALT_SIZE, 32767, dk, sizeof (dk)); + PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk)); // Mode of operation cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID; -- cgit v1.2.3