From 6b2e97c2438e85ddf2f166cf7c56f6c923ffcac4 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sat, 22 Jun 2013 17:38:33 +0200
Subject: Enhance security by rising the iterations used in PBKDF2 : 327670
 instead of 1000 when booting in encrypted system partition, and 2000000
 instead of 2000 when using encrypted containers and partitions

---
 src/Common/Dlgcode.c              |  2 +-
 src/Common/EncryptionThreadPool.c |  2 +-
 src/Common/Pkcs5.c                | 37 ++++++++++++++++++++++---------------
 src/Common/Pkcs5.h                |  4 ++--
 src/Common/Tests.c                |  4 ++--
 src/Common/Volumes.c              |  8 ++++----
 6 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index cd71d0b1..c8864372 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -4399,7 +4399,7 @@ static BOOL PerformBenchmark(HWND hwndDlg)
 
 				case RIPEMD160:
 					/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
-					derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
+					derive_key_ripemd160 (FALSE, "passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE);
 					break;
 
 				case WHIRLPOOL:
diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c
index bd6b7b1b..fdedf36f 100644
--- a/src/Common/EncryptionThreadPool.c
+++ b/src/Common/EncryptionThreadPool.c
@@ -159,7 +159,7 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
 			switch (workItem->KeyDerivation.Pkcs5Prf)
 			{
 			case RIPEMD160:
-				derive_key_ripemd160 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
+				derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
 					workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
 				break;
 
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index dacdd623..0fa7f713 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -387,12 +387,13 @@ void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)
 	burn (&context, sizeof(context));
 }
 
-void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
+void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b)
 {
 	char j[RIPEMD160_DIGESTSIZE], k[RIPEMD160_DIGESTSIZE];
 	char init[128];
 	char counter[4];
-	int c, i;
+	int c, i, l;
+   int EnhanceSecurityLoops = (bNotTest)? 10 : 1;
 
 	/* iteration 1 */
 	memset (counter, 0, 4);
@@ -403,13 +404,16 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
 	memcpy (u, j, RIPEMD160_DIGESTSIZE);
 
 	/* remaining iterations */
-	for (c = 1; c < iterations; c++)
+	for (l = 0; l < EnhanceSecurityLoops; l++)
 	{
-		hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
-		for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
+		for (c = 1; c < iterations; c++)
 		{
-			u[i] ^= k[i];
-			j[i] = k[i];
+			hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
+			for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
+			{
+				u[i] ^= k[i];
+				j[i] = k[i];
+			}
 		}
 	}
 
@@ -418,7 +422,7 @@ void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
 	burn (k, sizeof(k));
 }
 
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
 {
 	char u[RIPEMD160_DIGESTSIZE];
 	int b, l, r;
@@ -437,13 +441,13 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int
 	/* first l - 1 blocks */
 	for (b = 1; b < l; b++)
 	{
-		derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
+		derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
 		memcpy (dk, u, RIPEMD160_DIGESTSIZE);
 		dk += RIPEMD160_DIGESTSIZE;
 	}
 
 	/* last block */
-	derive_u_ripemd160 (pwd, pwd_len, salt, salt_len, iterations, u, b);
+	derive_u_ripemd160 (bNotTest, pwd, pwd_len, salt, salt_len, iterations, u, b);
 	memcpy (dk, u, r);
 
 
@@ -620,19 +624,22 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)
 {
 	switch (pkcs5_prf_id)
 	{
+#ifdef TC_WINDOWS_BOOT
 	case RIPEMD160:	
-		return (bBoot ? 1000 : 2000);
+		return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */
 
-#ifndef TC_WINDOWS_BOOT
+#else
+	case RIPEMD160:	
+		return bBoot? 32767 : 200000; /* we multiply this number by 10 inside derive_u_ripemd160 */
 
 	case SHA512:	
-		return 1000;			
+		return 1000000;			
 
 	case SHA1:		// Deprecated/legacy		
-		return 2000;			
+		return 2000000;			
 
 	case WHIRLPOOL:	
-		return 1000;
+		return 1000000;
 #endif
 
 	default:		
diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h
index cc3b3c80..5a286fb5 100644
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -26,8 +26,8 @@ void hmac_sha1 (char *k, int lk, char *d, int ld, char *out, int t);
 void derive_u_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
 void derive_key_sha1 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
 void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest);
-void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
+void derive_key_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
 void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);
 void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);
 void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index ebb27ac6..dd4f1621 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -1699,12 +1699,12 @@ BOOL test_pkcs5 ()
 #endif
 
 	/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */
-	derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
+	derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);
 	if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)
 		return FALSE;
 
 	/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */
-	derive_key_ripemd160 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
+	derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);
 	if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)
 		return FALSE;
 
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 01ebdf55..3b2c0ca7 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -299,7 +299,7 @@ KeyReady:	;
 			switch (pkcs5_prf)
 			{
 			case RIPEMD160:
-				derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+				derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 					PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 				break;
 
@@ -595,8 +595,8 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
 		cryptoInfo = *retInfo = crypto_open ();
 
 	// PKCS5 PRF
-	derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
-		PKCS5_SALT_SIZE, bBoot ? 1000 : 2000, dk, sizeof (dk));
+	derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
+		PKCS5_SALT_SIZE, 32767, dk, sizeof (dk));
 
 	// Mode of operation
 	cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
@@ -771,7 +771,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass
 		break;
 
 	case RIPEMD160:
-		derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
+		derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
 			PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
 		break;
 
-- 
cgit v1.2.3