From 751a454e6c9de93c3954b839b0d9dfde03494d48 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 3 Jun 2014 09:12:42 +0200 Subject: Correct issue in handling hidden system partitions that made it impossible to verify their password. --- src/Common/Pkcs5.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) (limited to 'src/Common/Pkcs5.c') diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index f02364ea..00cf7941 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -393,7 +393,7 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int char init[128]; char counter[4]; int c, i, l; - int EnhanceSecurityLoops = (bNotTest)? 10 : 1; + int EnhanceSecurityLoops = (bNotTest)? 20 : 1; /* iteration 1 */ memset (counter, 0, 4); @@ -417,6 +417,21 @@ void derive_u_ripemd160 (BOOL bNotTest, char *pwd, int pwd_len, char *salt, int } } + /* add extra 10 loops to ensure backward compatibilty with the previous count (327661 for boot, 655331 for normal) */ + if (iterations == 32767) + { + /* case of normal partition : add 10 iterations to have a total of 655331 = (32767 - 1)*20 + 1 + 10 */ + for (c = 0; c < 10; c++) + { + hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k); + for (i = 0; i < RIPEMD160_DIGESTSIZE; i++) + { + u[i] ^= k[i]; + j[i] = k[i]; + } + } + } + /* Prevent possible leaks. */ burn (j, sizeof(j)); burn (k, sizeof(k)); @@ -624,13 +639,11 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) { switch (pkcs5_prf_id) { -#ifdef TC_WINDOWS_BOOT - case RIPEMD160: - return 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */ -#else case RIPEMD160: - return bBoot? 32767 : 65534; /* we multiply this number by 10 inside derive_u_ripemd160 */ + return bBoot? 16384 : 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */ + +#ifndef TC_WINDOWS_BOOT case SHA512: return 500000; -- cgit v1.2.3