diff options
Diffstat (limited to 'src/Common/Pkcs5.c')
-rw-r--r-- | src/Common/Pkcs5.c | 50 |
1 files changed, 16 insertions, 34 deletions
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index 36e491a0..d81078e8 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -557,7 +557,7 @@ typedef struct hmac_blake2s_ctx_struct blake2s_state ctx; blake2s_state inner_digest_ctx; /*pre-computed inner digest context */ blake2s_state outer_digest_ctx; /*pre-computed outer digest context */ - char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the SHA256 hash */ + char k[PKCS5_SALT_SIZE + 4]; /* enough to hold (salt_len + 4) and also the Blake2s hash */ char u[BLAKE2S_DIGESTSIZE]; } hmac_blake2s_ctx; @@ -565,7 +565,7 @@ void hmac_blake2s_internal ( char *d, /* input data. d pointer is guaranteed to be at least 32-bytes long */ int ld, /* length of input data in bytes */ - hmac_blake2s_ctx* hmac /* HMAC-SHA256 context which holds temporary variables */ + hmac_blake2s_ctx* hmac /* HMAC-BLAKE2S context which holds temporary variables */ ) { blake2s_state* ctx = &(hmac->ctx); @@ -582,7 +582,7 @@ void hmac_blake2s_internal memcpy (ctx, &(hmac->outer_digest_ctx), sizeof (blake2s_state)); - blake2s_update (ctx, d, SHA256_DIGESTSIZE); + blake2s_update (ctx, d, BLAKE2S_DIGESTSIZE); blake2s_final (ctx, (unsigned char *) d); /* d = outer digest */ } @@ -648,7 +648,7 @@ void hmac_blake2s for (b = 0; b < lk; ++b) buf[b] = (char) (k[b] ^ 0x5C); - memset (&buf[lk], 0x5C, SHA256_BLOCKSIZE - lk); + memset (&buf[lk], 0x5C, BLAKE2S_BLOCKSIZE - lk); blake2s_update (ctx, (unsigned char *) buf, BLAKE2S_BLOCKSIZE); @@ -751,7 +751,7 @@ void derive_key_blake2s (char *pwd, int pwd_len, char *salt, int salt_len, uint3 blake2s_final (&tctx, (unsigned char *) key); pwd = key; - pwd_len = SHA256_DIGESTSIZE; + pwd_len = BLAKE2S_DIGESTSIZE; burn (&tctx, sizeof(tctx)); // Prevent leaks } @@ -1278,10 +1278,9 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id) -int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BOOL bBoot) +int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot) { if ( (pim < 0) - || (truecryptMode && pim > 0) /* No PIM for TrueCrypt mode */ ) { return 0; @@ -1291,9 +1290,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO { case BLAKE2S: - if (truecryptMode) - return 0; // BLAKE2s not supported by TrueCrypt - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1301,15 +1298,13 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO } case SHA512: - return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000); + return ((pim == 0)? 500000 : 15000 + pim * 1000); case WHIRLPOOL: - return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000); + return ((pim == 0)? 500000 : 15000 + pim * 1000); case SHA256: - if (truecryptMode) - return 0; // SHA-256 not supported by TrueCrypt - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1317,9 +1312,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO } case STREEBOG: - if (truecryptMode) - return 1000; - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1334,26 +1327,15 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO #endif } -int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE bootType) +int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType) { if (pkcs5_prf_id == 0) // auto-detection always supported return 1; - if (truecryptMode) - { - if ( (bootType == PRF_BOOT_GPT) - || (bootType == PRF_BOOT_MBR) - || (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL) - ) - return 0; - } - else - { - if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256) - || (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID)) - ) - return 0; - } + if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256) + || (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID)) + ) + return 0; return 1; |