bool RarVolume::DecryptRar5Prepare(uint8 kdfCount, const uint8 salt[16])
{
if (kdfCount > 24) return false;
int iterations = 1 << kdfCount;
#ifdef HAVE_OPENSSL
if (!PKCS5_PBKDF2_HMAC(m_password, m_password.Length(), salt, 16,
iterations, EVP_sha256(), sizeof(m_decryptKey), m_decryptKey)) return false;
return true;
#elif defined(HAVE_NETTLE)
pbkdf2_hmac_sha256(m_password.Length(), (const uint8_t*)*m_password,
iterations, 16, salt, sizeof(m_decryptKey), m_decryptKey);
return true;
#else
return false;
#endif
}
static
int dcrypt_gnutls_pbkdf2(const unsigned char *password, size_t password_len, const unsigned char *salt, size_t salt_len, const char *algorithm,
unsigned int rounds, buffer_t *result, unsigned int result_len, const char **error_r)
{
unsigned char buf[result_len];
/* only sha1 or sha256 is supported */
if (strncasecmp(algorithm, "sha1", 4) == 0) {
pbkdf2_hmac_sha1(password_len, password, rounds, salt_len, salt, result_len, buf);
} else if (strncasecmp(algorithm, "sha256", 6) == 0) {
pbkdf2_hmac_sha256(password_len, password, rounds, salt_len, salt, result_len, buf);
} else if (strncasecmp(algorithm, "sha512", 6) == 0) {
struct hmac_sha512_ctx ctx;
hmac_sha512_set_key(&ctx, password_len, password);
PBKDF2(&ctx, hmac_sha512_update, hmac_sha512_digest, 64, rounds, salt_len, salt, result_len, buf);
i_zero(&ctx);
} else {
*error_r = "Unsupported algorithm";
return -1;
}
buffer_append(result, buf, result_len);
memset(buf, 0, sizeof(buf));
return 0;
}
