mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-06-09 22:36:59 -05:00
Windows: speedup PRF autodetection mode by implementing abort mechanism in PBKDF2/Argon2 primitives
This commit is contained in:
Mounir IDRASSI
@@ -6445,32 +6445,32 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
|
||||
|
||||
case SHA512:
|
||||
/* PKCS-5 test with HMAC-SHA-512 used as the PRF */
|
||||
derive_key_sha512 ((const unsigned char*) "passphrase-1234567890", 21, (const unsigned char*) tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_sha512 ((const unsigned char*) "passphrase-1234567890", 21, (const unsigned char*) tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
|
||||
derive_key_sha256 ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_sha256 ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
/* PKCS-5 test with HMAC-BLAKE2s used as the PRF */
|
||||
derive_key_blake2s ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_blake2s ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
/* PKCS-5 test with HMAC-Whirlpool used as the PRF */
|
||||
derive_key_whirlpool ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_whirlpool ((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
|
||||
case STREEBOG:
|
||||
/* PKCS-5 test with HMAC-STREEBOG used as the PRF */
|
||||
derive_key_streebog((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_streebog((const unsigned char*)"passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
|
||||
case ARGON2:
|
||||
/* test with ARGON2 used as the PRF */
|
||||
derive_key_argon2 ((const unsigned char*) "passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, memoryCost, dk, MASTER_KEYDATA_SIZE);
|
||||
derive_key_argon2 ((const unsigned char*) "passphrase-1234567890", 21, (const unsigned char*)tmp_salt, 64, iterations, memoryCost, dk, MASTER_KEYDATA_SIZE, NULL);
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -107,7 +107,7 @@ typedef struct EncryptionThreadPoolWorkItemStruct
|
||||
int PasswordLength;
|
||||
int Pkcs5Prf;
|
||||
unsigned char *Salt;
|
||||
|
||||
LONG volatile *pAbortKeyDerivation;
|
||||
} KeyDerivation;
|
||||
|
||||
struct
|
||||
@@ -245,32 +245,32 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
|
||||
{
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case SHA512:
|
||||
derive_key_sha512 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
derive_key_sha256 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case STREEBOG:
|
||||
derive_key_streebog(workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case ARGON2:
|
||||
derive_key_argon2(workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.Memorycost, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
|
||||
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.Memorycost, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize(), workItem->KeyDerivation.pAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
default:
|
||||
@@ -533,7 +533,7 @@ void EncryptionThreadPoolStop ()
|
||||
}
|
||||
|
||||
|
||||
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, int memoryCost, unsigned char *derivedKey)
|
||||
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, int memoryCost, unsigned char *derivedKey, LONG volatile *pAbortKeyDerivation)
|
||||
{
|
||||
EncryptionThreadPoolWorkItem *workItem;
|
||||
|
||||
@@ -563,6 +563,7 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT
|
||||
workItem->KeyDerivation.PasswordLength = passwordLength;
|
||||
workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf;
|
||||
workItem->KeyDerivation.Salt = salt;
|
||||
workItem->KeyDerivation.pAbortKeyDerivation = pAbortKeyDerivation;
|
||||
|
||||
InterlockedIncrement (outstandingWorkItemCount);
|
||||
TC_CLEAR_EVENT (*noOutstandingWorkItemEvent);
|
||||
|
||||
@@ -32,7 +32,7 @@ typedef enum
|
||||
size_t GetCpuCount (WORD* pGroupCount);
|
||||
#endif
|
||||
|
||||
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, int memoryCost, unsigned char *derivedKey);
|
||||
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, unsigned char *password, int passwordLength, unsigned char *salt, int iterationCount, int memoryCost, unsigned char *derivedKey, LONG volatile *pAbortKeyDerivation);
|
||||
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);
|
||||
void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, uint8 *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);
|
||||
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);
|
||||
|
||||
+109
-23
@@ -145,7 +145,11 @@ void hmac_sha256
|
||||
}
|
||||
#endif
|
||||
|
||||
static void derive_u_sha256 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac)
|
||||
static void derive_u_sha256 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
, long volatile *pAbortKeyDerivation
|
||||
#endif
|
||||
)
|
||||
{
|
||||
unsigned char* k = hmac->k;
|
||||
unsigned char* u = hmac->u;
|
||||
@@ -186,6 +190,11 @@ static void derive_u_sha256 (const unsigned char *salt, int salt_len, uint32 ite
|
||||
/* remaining iterations */
|
||||
while (c > 1)
|
||||
{
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
// CANCELLATION CHECK: Check every 1024 iterations
|
||||
if (pAbortKeyDerivation && (c & 1023) == 0 && *pAbortKeyDerivation == 1)
|
||||
return; // Abort derivation
|
||||
#endif
|
||||
hmac_sha256_internal (k, SHA256_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < SHA256_DIGESTSIZE; i++)
|
||||
{
|
||||
@@ -196,7 +205,11 @@ static void derive_u_sha256 (const unsigned char *salt, int salt_len, uint32 ite
|
||||
}
|
||||
|
||||
|
||||
void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
|
||||
void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
, long volatile *pAbortKeyDerivation
|
||||
#endif
|
||||
)
|
||||
{
|
||||
hmac_sha256_ctx hmac;
|
||||
sha256_ctx* ctx;
|
||||
@@ -264,20 +277,36 @@ void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned ch
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
derive_u_sha256 (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation == 1)
|
||||
goto cancelled;
|
||||
#else
|
||||
derive_u_sha256 (salt, salt_len, iterations, b, &hmac);
|
||||
#endif
|
||||
memcpy (dk, hmac.u, SHA256_DIGESTSIZE);
|
||||
dk += SHA256_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
derive_u_sha256 (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted (in case of only one block)
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation == 1)
|
||||
goto cancelled;
|
||||
#else
|
||||
derive_u_sha256 (salt, salt_len, iterations, b, &hmac);
|
||||
#endif
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
KeRestoreExtendedProcessorState(&SaveState);
|
||||
#endif
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
cancelled:
|
||||
#endif
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
@@ -395,7 +424,7 @@ void hmac_sha512
|
||||
burn (key, sizeof(key));
|
||||
}
|
||||
|
||||
static void derive_u_sha512 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac)
|
||||
static void derive_u_sha512 (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac, long volatile *pAbortKeyDerivation)
|
||||
{
|
||||
unsigned char* k = hmac->k;
|
||||
unsigned char* u = hmac->u;
|
||||
@@ -413,6 +442,9 @@ static void derive_u_sha512 (const unsigned char *salt, int salt_len, uint32 ite
|
||||
/* remaining iterations */
|
||||
for (c = 1; c < iterations; c++)
|
||||
{
|
||||
// CANCELLATION CHECK: Check every 1024 iterations
|
||||
if (pAbortKeyDerivation && (c & 1023) == 0 && *pAbortKeyDerivation == 1)
|
||||
return; // Abort derivation
|
||||
hmac_sha512_internal (k, SHA512_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < SHA512_DIGESTSIZE; i++)
|
||||
{
|
||||
@@ -422,7 +454,7 @@ static void derive_u_sha512 (const unsigned char *salt, int salt_len, uint32 ite
|
||||
}
|
||||
|
||||
|
||||
void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
|
||||
void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation)
|
||||
{
|
||||
hmac_sha512_ctx hmac;
|
||||
sha512_ctx* ctx;
|
||||
@@ -489,20 +521,26 @@ void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned ch
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
derive_u_sha512 (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_sha512 (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation == 1)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, SHA512_DIGESTSIZE);
|
||||
dk += SHA512_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
derive_u_sha512 (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_sha512 (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted (in case of only one block)
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation == 1)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
KeRestoreExtendedProcessorState(&SaveState);
|
||||
#endif
|
||||
|
||||
cancelled:
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
burn (key, sizeof(key));
|
||||
@@ -619,7 +657,11 @@ void hmac_blake2s
|
||||
}
|
||||
#endif
|
||||
|
||||
static void derive_u_blake2s (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac)
|
||||
static void derive_u_blake2s (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_blake2s_ctx* hmac
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
, volatile long *pAbortKeyDerivation
|
||||
#endif
|
||||
)
|
||||
{
|
||||
unsigned char* k = hmac->k;
|
||||
unsigned char* u = hmac->u;
|
||||
@@ -660,6 +702,11 @@ static void derive_u_blake2s (const unsigned char *salt, int salt_len, uint32 it
|
||||
/* remaining iterations */
|
||||
while (c > 1)
|
||||
{
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
// CANCELLATION CHECK: Check every 1024 iterations
|
||||
if (pAbortKeyDerivation && (c & 1023) == 0 && *pAbortKeyDerivation)
|
||||
return; // Abort derivation
|
||||
#endif
|
||||
hmac_blake2s_internal (k, BLAKE2S_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < BLAKE2S_DIGESTSIZE; i++)
|
||||
{
|
||||
@@ -670,7 +717,11 @@ static void derive_u_blake2s (const unsigned char *salt, int salt_len, uint32 it
|
||||
}
|
||||
|
||||
|
||||
void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
|
||||
void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
, volatile long *pAbortKeyDerivation
|
||||
#endif
|
||||
)
|
||||
{
|
||||
hmac_blake2s_ctx hmac;
|
||||
blake2s_state* ctx;
|
||||
@@ -738,20 +789,36 @@ void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned c
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
#else
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
|
||||
#endif
|
||||
memcpy (dk, hmac.u, BLAKE2S_DIGESTSIZE);
|
||||
dk += BLAKE2S_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted (in case of only one block)
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
#else
|
||||
derive_u_blake2s (salt, salt_len, iterations, b, &hmac);
|
||||
#endif
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
|
||||
if (NT_SUCCESS (saveStatus))
|
||||
KeRestoreExtendedProcessorState(&SaveState);
|
||||
#endif
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
cancelled:
|
||||
#endif
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
@@ -856,7 +923,7 @@ void hmac_whirlpool
|
||||
burn(&hmac, sizeof(hmac));
|
||||
}
|
||||
|
||||
static void derive_u_whirlpool (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac)
|
||||
static void derive_u_whirlpool (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac, volatile long *pAbortKeyDerivation)
|
||||
{
|
||||
unsigned char* u = hmac->u;
|
||||
unsigned char* k = hmac->k;
|
||||
@@ -874,6 +941,9 @@ static void derive_u_whirlpool (const unsigned char *salt, int salt_len, uint32
|
||||
/* remaining iterations */
|
||||
for (c = 1; c < iterations; c++)
|
||||
{
|
||||
// CANCELLATION CHECK: Check every 1024 iterations
|
||||
if (pAbortKeyDerivation && (c & 1023) == 0 && *pAbortKeyDerivation)
|
||||
return; // Abort derivation
|
||||
hmac_whirlpool_internal (k, WHIRLPOOL_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < WHIRLPOOL_DIGESTSIZE; i++)
|
||||
{
|
||||
@@ -882,7 +952,7 @@ static void derive_u_whirlpool (const unsigned char *salt, int salt_len, uint32
|
||||
}
|
||||
}
|
||||
|
||||
void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
|
||||
void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, volatile long *pAbortKeyDerivation)
|
||||
{
|
||||
hmac_whirlpool_ctx hmac;
|
||||
WHIRLPOOL_CTX* ctx;
|
||||
@@ -942,15 +1012,21 @@ void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
derive_u_whirlpool (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_whirlpool (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, WHIRLPOOL_DIGESTSIZE);
|
||||
dk += WHIRLPOOL_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
derive_u_whirlpool (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_whirlpool (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted (in case of only one block)
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
cancelled:
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
burn (key, sizeof(key));
|
||||
@@ -1050,7 +1126,7 @@ void hmac_streebog
|
||||
burn(&hmac, sizeof(hmac));
|
||||
}
|
||||
|
||||
static void derive_u_streebog (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac)
|
||||
static void derive_u_streebog (const unsigned char *salt, int salt_len, uint32 iterations, int b, hmac_streebog_ctx* hmac, volatile long *pAbortKeyDerivation)
|
||||
{
|
||||
unsigned char* u = hmac->u;
|
||||
unsigned char* k = hmac->k;
|
||||
@@ -1068,6 +1144,9 @@ static void derive_u_streebog (const unsigned char *salt, int salt_len, uint32 i
|
||||
/* remaining iterations */
|
||||
for (c = 1; c < iterations; c++)
|
||||
{
|
||||
// CANCELLATION CHECK: Check every 1024 iterations
|
||||
if (pAbortKeyDerivation && (c & 1023) == 0 && *pAbortKeyDerivation)
|
||||
return; // Abort derivation
|
||||
hmac_streebog_internal (k, STREEBOG_DIGESTSIZE, hmac);
|
||||
for (i = 0; i < STREEBOG_DIGESTSIZE; i++)
|
||||
{
|
||||
@@ -1076,7 +1155,7 @@ static void derive_u_streebog (const unsigned char *salt, int salt_len, uint32 i
|
||||
}
|
||||
}
|
||||
|
||||
void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen)
|
||||
void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, volatile long *pAbortKeyDerivation)
|
||||
{
|
||||
hmac_streebog_ctx hmac;
|
||||
STREEBOG_CTX* ctx;
|
||||
@@ -1136,15 +1215,21 @@ void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned
|
||||
/* first l - 1 blocks */
|
||||
for (b = 1; b < l; b++)
|
||||
{
|
||||
derive_u_streebog (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_streebog (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, STREEBOG_DIGESTSIZE);
|
||||
dk += STREEBOG_DIGESTSIZE;
|
||||
}
|
||||
|
||||
/* last block */
|
||||
derive_u_streebog (salt, salt_len, iterations, b, &hmac);
|
||||
derive_u_streebog (salt, salt_len, iterations, b, &hmac, pAbortKeyDerivation);
|
||||
// Check if the derivation was aborted (in case of only one block)
|
||||
if (pAbortKeyDerivation && *pAbortKeyDerivation)
|
||||
goto cancelled;
|
||||
memcpy (dk, hmac.u, r);
|
||||
|
||||
cancelled:
|
||||
/* Prevent possible leaks. */
|
||||
burn (&hmac, sizeof(hmac));
|
||||
burn (key, sizeof(key));
|
||||
@@ -1245,7 +1330,7 @@ int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType)
|
||||
|
||||
}
|
||||
|
||||
void derive_key_argon2(const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, uint32 memcost, unsigned char *dk, int dklen)
|
||||
void derive_key_argon2(const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, uint32 memcost, unsigned char *dk, int dklen, volatile long *pAbortKeyDerivation)
|
||||
{
|
||||
#if defined (DEVICE_DRIVER) && !defined(_M_ARM64)
|
||||
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
|
||||
@@ -1259,7 +1344,8 @@ void derive_key_argon2(const unsigned char *pwd, int pwd_len, const unsigned cha
|
||||
1, // parallelism factor (number of threads)
|
||||
pwd, pwd_len, // password and its length
|
||||
salt, salt_len, // salt and its length
|
||||
dk, dklen// derived key and its length
|
||||
dk, dklen,// derived key and its length
|
||||
pAbortKeyDerivation
|
||||
))
|
||||
{
|
||||
// If the Argon2 derivation fails, we fill the derived key with zeroes
|
||||
|
||||
+17
-7
@@ -20,30 +20,31 @@
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
/* output written to input_digest which must be at lease 32 bytes long */
|
||||
void hmac_blake2s (unsigned char *key, int keylen, unsigned char *input_digest, int len);
|
||||
void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
|
||||
/* output written to d which must be at lease 32 bytes long */
|
||||
void hmac_sha256 (unsigned char *k, int lk, unsigned char *d, int ld);
|
||||
void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
|
||||
#ifndef TC_WINDOWS_BOOT
|
||||
/* output written to d which must be at lease 64 bytes long */
|
||||
void hmac_sha512 (unsigned char *k, int lk, unsigned char *d, int ld);
|
||||
void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
void derive_key_sha512 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
|
||||
/* output written to d which must be at lease 64 bytes long */
|
||||
void hmac_whirlpool (unsigned char *k, int lk, unsigned char *d, int ld);
|
||||
void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
void derive_key_whirlpool (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
|
||||
void hmac_streebog (unsigned char *k, int lk, unsigned char *d, int ld);
|
||||
void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
void derive_key_streebog (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
|
||||
int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot, int* pMemoryCost);
|
||||
wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id);
|
||||
|
||||
void derive_key_argon2(const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, uint32 memcost, unsigned char *dk, int dklen);
|
||||
void derive_key_argon2(const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, uint32 memcost, unsigned char *dk, int dklen, long volatile *pAbortKeyDerivation);
|
||||
void get_argon2_params(int pim, int* pIterations, int* pMemcost);
|
||||
|
||||
/* check if given PRF supported.*/
|
||||
@@ -55,6 +56,15 @@ typedef enum
|
||||
} PRF_BOOT_TYPE;
|
||||
|
||||
int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType);
|
||||
#else // TC_WINDOWS_BOOT
|
||||
/* output written to input_digest which must be at lease 32 bytes long */
|
||||
void hmac_blake2s (unsigned char *key, int keylen, unsigned char *input_digest, int len);
|
||||
void derive_key_blake2s (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
|
||||
/* output written to d which must be at lease 32 bytes long */
|
||||
void hmac_sha256 (unsigned char *k, int lk, unsigned char *d, int ld);
|
||||
void derive_key_sha256 (const unsigned char *pwd, int pwd_len, const unsigned char *salt, int salt_len, uint32 iterations, unsigned char *dk, int dklen);
|
||||
|
||||
#endif
|
||||
|
||||
#if defined(__cplusplus)
|
||||
|
||||
+12
-12
@@ -1681,64 +1681,64 @@ BOOL test_pkcs5 ()
|
||||
return FALSE;
|
||||
#endif
|
||||
/* PKCS-5 test 1 with HMAC-SHA-256 used as the PRF (https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00) */
|
||||
derive_key_sha256 ((unsigned char*) "passwd", 6, (unsigned char*) "\x73\x61\x6C\x74", 4, 1, dk, 64);
|
||||
derive_key_sha256 ((unsigned char*) "passwd", 6, (unsigned char*) "\x73\x61\x6C\x74", 4, 1, dk, 64, NULL);
|
||||
if (memcmp (dk, "\x55\xac\x04\x6e\x56\xe3\x08\x9f\xec\x16\x91\xc2\x25\x44\xb6\x05\xf9\x41\x85\x21\x6d\xde\x04\x65\xe6\x8b\x9d\x57\xc2\x0d\xac\xbc\x49\xca\x9c\xcc\xf1\x79\xb6\x45\x99\x16\x64\xb3\x9d\x77\xef\x31\x7c\x71\xb8\x45\xb1\xe3\x0b\xd5\x09\x11\x20\x41\xd3\xa1\x97\x83", 64) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-SHA-256 used as the PRF (https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors) */
|
||||
derive_key_sha256 ((unsigned char*) "password", 8, (unsigned char*) "\x73\x61\x6C\x74", 4, 2, dk, 32);
|
||||
derive_key_sha256 ((unsigned char*) "password", 8, (unsigned char*) "\x73\x61\x6C\x74", 4, 2, dk, 32, NULL);
|
||||
if (memcmp (dk, "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 3 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */
|
||||
derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4, NULL);
|
||||
if (memcmp (dk, "\xf2\xa0\x4f\xb2", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 4 with HMAC-SHA-256 used as the PRF (MS CryptoAPI) */
|
||||
derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144);
|
||||
derive_key_sha256 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144, NULL);
|
||||
if (memcmp (dk, "\xf2\xa0\x4f\xb2\xd3\xe9\xa5\xd8\x51\x0b\x5c\x06\xdf\x70\x8e\x24\xe9\xc7\xd9\x15\x3d\x22\xcd\xde\xb8\xa6\xdb\xfd\x71\x85\xc6\x99\x32\xc0\xee\x37\x27\xf7\x24\xcf\xea\xa6\xac\x73\xa1\x4c\x4e\x52\x9b\x94\xf3\x54\x06\xfc\x04\x65\xa1\x0a\x24\xfe\xf0\x98\x1d\xa6\x22\x28\xeb\x24\x55\x74\xce\x6a\x3a\x28\xe2\x04\x3a\x59\x13\xec\x3f\xf2\xdb\xcf\x58\xdd\x53\xd9\xf9\x17\xf6\xda\x74\x06\x3c\x0b\x66\xf5\x0f\xf5\x58\xa3\x27\x52\x8c\x5b\x07\x91\xd0\x81\xeb\xb6\xbc\x30\x69\x42\x71\xf2\xd7\x18\x42\xbe\xe8\x02\x93\x70\x66\xad\x35\x65\xbc\xf7\x96\x8e\x64\xf1\xc6\x92\xda\xe0\xdc\x1f\xb5\xf4", 144) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-SHA-512 used as the PRF */
|
||||
derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4, NULL);
|
||||
if (memcmp (dk, "\x13\x64\xae\xf8", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-SHA-512 used as the PRF (derives a key longer than the underlying
|
||||
hash output size and block size) */
|
||||
derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144);
|
||||
derive_key_sha512 ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 144, NULL);
|
||||
if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)
|
||||
return FALSE;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
/* PKCS-5 test 1 with HMAC-BLAKE2s used as the PRF */
|
||||
derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4, NULL);
|
||||
if (memcmp (dk, "\x8d\x51\xfa\x31", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-BLAKE2s used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 48);
|
||||
derive_key_blake2s ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 48, NULL);
|
||||
if (memcmp (dk, "\x8d\x51\xfa\x31\x46\x25\x37\x67\xa3\x29\x6b\x3c\x6b\xc1\x5d\xb2\xee\xe1\x6c\x28\x00\x26\xea\x08\x65\x9c\x12\xf1\x07\xde\x0d\xb9\x9b\x4f\x39\xfa\xc6\x80\x26\xb1\x8f\x8e\x48\x89\x85\x2d\x24\x2d", 48) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */
|
||||
derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4, NULL);
|
||||
if (memcmp (dk, "\x50\x7c\x36\x6f", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-Whirlpool used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96);
|
||||
derive_key_whirlpool ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96, NULL);
|
||||
if (memcmp (dk, "\x50\x7c\x36\x6f\xee\x10\x2e\x9a\xe2\x8a\xd5\x82\x72\x7d\x27\x0f\xe8\x4d\x7f\x68\x7a\xcf\xb5\xe7\x43\x67\xaa\x98\x93\x52\x2b\x09\x6e\x42\xdf\x2c\x59\x4a\x91\x6d\x7e\x10\xae\xb2\x1a\x89\x8f\xb9\x8f\xe6\x31\xa9\xd8\x9f\x98\x26\xf4\xda\xcd\x7d\x65\x65\xde\x10\x95\x91\xb4\x84\x26\xae\x43\xa1\x00\x5b\x1e\xb8\x38\x97\xa4\x1e\x4b\xd2\x65\x64\xbc\xfa\x1f\x35\x85\xdb\x4f\x97\x65\x6f\xbd\x24", 96) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 1 with HMAC-STREEBOG used as the PRF */
|
||||
derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4);
|
||||
derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 4, NULL);
|
||||
if (memcmp (dk, "\xd0\x53\xa2\x30", 4) != 0)
|
||||
return FALSE;
|
||||
|
||||
/* PKCS-5 test 2 with HMAC-STREEBOG used as the PRF (derives a key longer than the underlying hash) */
|
||||
derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96);
|
||||
derive_key_streebog ((unsigned char*)"password", 8, (unsigned char*)"\x12\x34\x56\x78", 4, 5, dk, 96, NULL);
|
||||
if (memcmp (dk, "\xd0\x53\xa2\x30\x6f\x45\x81\xeb\xbc\x06\x81\xc5\xe7\x53\xa8\x5d\xc7\xf1\x23\x33\x1e\xbe\x64\x2c\x3b\x0f\x26\xd7\x00\xe1\x95\xc9\x65\x26\xb1\x85\xbe\x1e\xe2\xf4\x9b\xfc\x6b\x14\x84\xda\x24\x61\xa0\x1b\x9e\x79\x5c\xee\x69\x6e\xf9\x25\xb1\x1d\xca\xa0\x31\xba\x02\x6f\x9e\x99\x0f\xdb\x25\x01\x5b\xf1\xc7\x10\x19\x53\x3b\x29\x3f\x18\x00\xd6\xfc\x85\x03\xdc\xf2\xe5\xe9\x5a\xb1\x1e\x61\xde", 96) != 0)
|
||||
return FALSE;
|
||||
#endif
|
||||
|
||||
+46
-23
@@ -194,6 +194,7 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
int i;
|
||||
int iterationsCount = 0;
|
||||
int memoryCost = 0;
|
||||
LONG volatile abortKeyDerivation = 0;
|
||||
#endif
|
||||
size_t queuedWorkItems = 0;
|
||||
|
||||
@@ -331,7 +332,7 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
iterationsCount = get_pkcs5_iteration_count (enqPkcs5Prf, pim, bBoot, &memoryCost);
|
||||
EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent,
|
||||
&item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey,
|
||||
keyInfo->keyLength, keyInfo->salt, iterationsCount, memoryCost, item->DerivedKey);
|
||||
keyInfo->keyLength, keyInfo->salt, iterationsCount, memoryCost, item->DerivedKey, &abortKeyDerivation);
|
||||
|
||||
++queuedWorkItems;
|
||||
break;
|
||||
@@ -382,35 +383,35 @@ KeyReady: ;
|
||||
{
|
||||
case SHA512:
|
||||
derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
|
||||
|
||||
case STREEBOG:
|
||||
derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
|
||||
|
||||
case ARGON2:
|
||||
derive_key_argon2(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, keyInfo->memoryCost, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, keyInfo->memoryCost, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
@@ -615,6 +616,12 @@ KeyReady: ;
|
||||
}
|
||||
|
||||
status = ERR_SUCCESS;
|
||||
|
||||
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
||||
{
|
||||
// Signal other threads to stop
|
||||
InterlockedExchange(&abortKeyDerivation, 1);
|
||||
}
|
||||
goto ret;
|
||||
}
|
||||
}
|
||||
@@ -622,6 +629,8 @@ KeyReady: ;
|
||||
status = ERR_PASSWORD_WRONG;
|
||||
|
||||
err:
|
||||
// Signal threads to stop
|
||||
InterlockedExchange(&abortKeyDerivation, 1);
|
||||
if (cryptoInfo != retHeaderCryptoInfo)
|
||||
{
|
||||
crypto_close(cryptoInfo);
|
||||
@@ -640,19 +649,33 @@ ret:
|
||||
#if !defined(_UEFI)
|
||||
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
||||
{
|
||||
EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount,
|
||||
keyInfoBuffer, keyInfoBufferSize,
|
||||
keyDerivationWorkItems, keyDerivationWorkItemsSize);
|
||||
}
|
||||
else
|
||||
// Wait for all outstanding threads to finish or cancel
|
||||
TC_WAIT_EVENT(*noOutstandingWorkItemEvent);
|
||||
// Cleanup is now synchronous because we already waited for all threads to stop.
|
||||
// The asynchronous finalization is no longer needed.
|
||||
#if !defined(DEVICE_DRIVER)
|
||||
CloseHandle(*keyDerivationCompletedEvent);
|
||||
CloseHandle(*noOutstandingWorkItemEvent);
|
||||
#endif
|
||||
{
|
||||
burn (keyInfo, sizeof (KEY_INFO));
|
||||
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
|
||||
VirtualUnlock (keyInfoBuffer, keyInfoBufferSize);
|
||||
TCfree(keyDerivationCompletedEvent);
|
||||
TCfree(noOutstandingWorkItemEvent);
|
||||
TCfree(outstandingWorkItemCount);
|
||||
if (keyDerivationWorkItems)
|
||||
{
|
||||
burn(keyDerivationWorkItems, keyDerivationWorkItemsSize);
|
||||
#if !defined(DEVICE_DRIVER)
|
||||
VirtualUnlock(keyDerivationWorkItems, keyDerivationWorkItemsSize);
|
||||
#endif
|
||||
TCfree(keyInfoBuffer);
|
||||
TCfree(keyDerivationWorkItems);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
burn (keyInfo, sizeof (KEY_INFO));
|
||||
#if !defined(DEVICE_DRIVER)
|
||||
VirtualUnlock (keyInfoBuffer, keyInfoBufferSize);
|
||||
#endif
|
||||
TCfree(keyInfoBuffer);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -1018,33 +1041,33 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, unsigned char *header,
|
||||
{
|
||||
case SHA512:
|
||||
derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
|
||||
case STREEBOG:
|
||||
derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
|
||||
case ARGON2:
|
||||
derive_key_argon2(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, keyInfo.memoryCost, dk, GetMaxPkcs5OutSize());
|
||||
PKCS5_SALT_SIZE, keyInfo.noIterations, keyInfo.memoryCost, dk, GetMaxPkcs5OutSize(), NULL);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
|
||||
Reference in New Issue
Block a user