Change to SHA512

ChubbyAnt · Sep 16, 2019 · ce105ba · ce105ba
1 parent b9bb696
commit ce105ba
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 254 deletions.
diff --git a/Common/DtaHashPwd.cpp b/Common/DtaHashPwd.cpp
@@ -28,7 +28,7 @@ along with sedutil.  If not, see <http://www.gnu.org/licenses/>.
 
 extern "C" {
 #include "pbkdf2.h"
-#include "sha1.h"
+#include "sha2.h"
 }
 using namespace std;
 
@@ -54,7 +54,7 @@ void DtaHashPassword(vector<uint8_t> &hash, char * password, vector<uint8_t> sal
 		salt.data(), salt.size(),
 		iter,
 		hash.data(), hash.size(),
-		&cf_sha1);
+		&cf_sha512);
 
 //	gc_pbkdf2_sha1(password, strnlen(password, 256), (const char *)salt.data(), salt.size(), iter,
 //		(char *)hash.data(), hash.size());

diff --git a/Common/DtaHashPwd.h b/Common/DtaHashPwd.h
@@ -33,7 +33,7 @@ using namespace std;
  * @param device the device where the password is to be used
  */
 void DtaHashPwd(vector<uint8_t> &hash, char * password, DtaDev * device);
-/** Hash a passwor using the PBDKF2<SHA1> function 
+/** Hash a passwor using the PBDKF2<SHA2> function 
  *
  * @param hash Field where hash returned
  * @param password password to be hashed
@@ -42,6 +42,6 @@ void DtaHashPwd(vector<uint8_t> &hash, char * password, DtaDev * device);
  * @param hashsize size of hash to be returned
  */
 void DtaHashPassword(vector<uint8_t> &hash, char * password, vector<uint8_t> salt,
-        unsigned int iter = 75000, uint8_t hashsize = 32);
+        unsigned int iter = 500000, uint8_t hashsize = 32);
 /** Test the hshing function using publicly available test cased and report */
 int TestPBKDF2();
diff --git a/Common/pbkdf2/sha1.c b/Common/pbkdf2/sha1.c
diff --git a/Common/pbkdf2/sha1.h b/Common/pbkdf2/sha1.h
diff --git a/LinuxPBA/LinuxPBA.cpp b/LinuxPBA/LinuxPBA.cpp
@@ -36,11 +36,11 @@ int main(int argc, char** argv) {
     CLog::Level() = CLog::FromInt(0);
     LOG(D4) << "Legacy PBA start" << endl;
 //    system ("tput clear");
-    printf("DTA LINUX Pre Boot Authorization \n");
-    string p = GetPassPhrase("Please enter pass-phrase to unlock OPAL drives: ");
+    printf("Boot Authorization \n");
+    string p = GetPassPhrase("Password: ");
     UnlockSEDs((char *)p.c_str());
     if (strcmp(p.c_str(), "debug")) {
-        printf("Starting OS \n");
+        printf("\n Access granted. Starting the system... \n");
         sync();
         reboot(RB_AUTOBOOT);
     }

diff --git a/README.md b/README.md
@@ -1,6 +1,8 @@
 ![alt tag](https://avatars0.githubusercontent.com/u/13870012?v=3&s=200)
 
-Intel and AMD Ryzen: This SEDutil fork includes supprt for intel and AMD Ryzen systems
+Intel and AMD Ryzen: This SEDutil fork includes support for intel and AMD Ryzen systems with SHA-512 password authentication
+
+Note: This version of SEDutil is not compatible with SHA-1 versions of SEDutil
 
 This software is Copyright 2014-2017 Bright Plaza Inc. <[email protected]>
 
@@ -107,7 +109,7 @@ The various recovery and boot images will be located in the `images` directory.
 
 ## Testing
 
-I have only tested the boot images/release files on a HP x360 Envy AMD 3700u with a Samsung EVO 970 Plus 2TB NVMe drive. My testing has also focused only on the 64 bit UEFI images. While the other variants might work, you should exercise caution, and if possible, test the release on a computer with data that is expendable.
+This version has only been verified to boot on a HP x360 Envy AMD 3700u with a Samsung EVO 970 Plus 2TB NVMe drive. My testing has also focused only on the 64 bit UEFI images. While the other variants might work, you should exercise caution, and if possible, test the release on a computer with data that is expendable.
 
 Follow the instructions here:  
 https://github.com/Drive-Trust-Alliance/sedutil/wiki/Encrypting-your-drive  
diff --git a/windows/CLI/CLI.sln b/windows/CLI/CLI.sln
@@ -13,8 +13,8 @@ Global
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x64.ActiveCfg = Debug|x64
-		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x64.Build.0 = Debug|x64
+		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x64.ActiveCfg = Release|x64
+		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x64.Build.0 = Release|x64
 		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x86.ActiveCfg = Debug|Win32
 		{267E9D28-7245-4182-9740-F386F4299E83}.Debug|x86.Build.0 = Debug|Win32
 		{267E9D28-7245-4182-9740-F386F4299E83}.Release|x64.ActiveCfg = Release|x64

diff --git a/windows/CLI/CLI.vcxproj b/windows/CLI/CLI.vcxproj
@@ -43,7 +43,7 @@
     <ClInclude Include="..\..\Common\pbkdf2\handy.h" />
     <ClInclude Include="..\..\Common\pbkdf2\hmac.h" />
     <ClInclude Include="..\..\Common\pbkdf2\pbkdf2.h" />
-    <ClInclude Include="..\..\Common\pbkdf2\sha1.h" />
+    <ClInclude Include="..\..\Common\pbkdf2\sha2.h" />
     <ClInclude Include="..\..\Common\pbkdf2\tassert.h" />
     <ClInclude Include="..\DtaDevOS.h" />
     <ClInclude Include="..\DtaDiskATA.h" />
@@ -70,7 +70,7 @@
     <ClCompile Include="..\..\Common\pbkdf2\chash.c" />
     <ClCompile Include="..\..\Common\pbkdf2\hmac.c" />
     <ClCompile Include="..\..\Common\pbkdf2\pbkdf2.c" />
-    <ClCompile Include="..\..\Common\pbkdf2\sha1.c" />
+    <ClCompile Include="..\..\Common\pbkdf2\sha512.c" />
     <ClCompile Include="..\..\Common\sedutil.cpp" />
     <ClCompile Include="..\DtaDevOS.cpp" />
     <ClCompile Include="..\DtaDiskATA.cpp" />