VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Common/Dlgcode.c2
-rw-r--r--src/Common/EncryptionThreadPool.c2
-rw-r--r--src/Common/Pkcs5.c47
-rw-r--r--src/Common/Pkcs5.h4
-rw-r--r--src/Common/Tests.c4
-rw-r--r--src/Common/Volumes.c10
6 files changed, 37 insertions, 32 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index c19e1992..a0c425c5 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -4447,7 +4447,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index 1ec78139..268f6b50 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
switch (workItem->KeyDerivation.Pkcs5Prf)
{
case RIPEMD160:
- derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
+ derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index ba1054e0..e3f8031b 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -122,10 +122,17 @@ void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iter
uint32 c;
int i;
- if (iterations == 2000)
+#ifdef TC_WINDOWS_BOOT
+ /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ * This enables us to save code space needed for implementing other features.
+ */
+ if (iterations)
c = 200000;
else
c = 500000;
+#else
+ c = iterations;
+#endif
/* iteration 1 */
memset (counter, 0, 4);
@@ -410,7 +417,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
burn (&context, sizeof(context));
}
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
{
char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
char init[128];
@@ -418,17 +425,17 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
uint32 c;
int i;
- if (bNotTest)
- {
- if (iterations == 32767)
- c = 655331;
- else
- c = 327661;
- }
+#ifdef TC_WINDOWS_BOOT
+ /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ * This enables us to save code space needed for implementing other features.
+ */
+ if (iterations)
+ c = 327661;
else
- {
- c = iterations;
- }
+ c = 655331;
+#else
+ c = iterations;
+#endif
/* iteration 1 */
memset (counter, 0, 4);
@@ -455,7 +462,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int
burn (k, sizeof(k));
}
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
{
char u[RIPEMD160_DIGESTSIZE];
int b, l, r;
@@ -474,13 +481,13 @@ void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, in
/* first l - 1 blocks */
for (b = 1; b < l; b++)
{
- derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+ derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, RIPEMD160_DIGESTSIZE);
dk += RIPEMD160_DIGESTSIZE;
}
/* last block */
- derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
+ derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
memcpy (dk, u, r);
@@ -656,7 +663,6 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
}
}
-#endif //!TC_WINDOWS_BOOT
int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
@@ -665,22 +671,21 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
{
case RIPEMD160:
- return bBoot? 16384 : 32767; /* it will be changed to 327661 and 655331 respectively inside derive_u_ripemd160 */
-
-#ifndef TC_WINDOWS_BOOT
+ return bBoot? 327661 : 655331;
case SHA512:
return 500000;
case WHIRLPOOL:
return 500000;
-#endif
case SHA256:
- return bBoot? 2000 : 5000; /* it will be changed to 200000 and 500000 respectively inside derive_u_sha256 */
+ return bBoot? 200000 : 500000;
default:
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
return 0;
}
+
+#endif //!TC_WINDOWS_BOOT \ No newline at end of file
diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h
index aff36cc4..be8c8cdb 100644
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -26,8 +26,8 @@ void hmac_sha512 (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
-void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
-void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index 226b3e09..b34073ed 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -1055,12 +1055,12 @@ BOOL test_pkcs5 ()
return FALSE;
/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+ derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
return FALSE;
/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
- derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+ derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
return FALSE;
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 1c0f2485..2bd870bc 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -302,7 +302,7 @@ KeyReady: ;
switch (pkcs5_prf)
{
case RIPEMD160:
- derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;
@@ -566,10 +566,10 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// PKCS5 PRF
#ifdef TC_WINDOWS_BOOT_SHA2
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot ? 2000 : 5000, dk, sizeof (dk));
+ PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#else
- derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot ? 16384 : 32767, dk, sizeof (dk));
+ derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+ PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
#endif
// Mode of operation
@@ -792,7 +792,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
break;
case RIPEMD160:
- derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+ derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
break;