VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Volumes.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-15 00:37:26 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-15 01:09:20 +0200
commit24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3 (patch)
tree95294e19bbd61d330e57d35b844c1321303c8b38 /src/Common/Volumes.c
parent67031da928735e1d3b6bfca8d393a07d98e478dd (diff)
downloadVeraCrypt-24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3.tar.gz
VeraCrypt-24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3.zip
Windows: fill unused/reserved header areas with the result of encryption of random data instead of the encryption of zeros for better entropy of resulting random data.
Diffstat (limited to 'src/Common/Volumes.c')
-rw-r--r--src/Common/Volumes.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 35ba5bd2..3228aadc 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -1239,7 +1239,7 @@ BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header)
// Writes randomly generated data to unused/reserved header areas.
// When bPrimaryOnly is TRUE, then only the primary header area (not the backup header area) is filled with random data.
// When bBackupOnly is TRUE, only the backup header area (not the primary header area) is filled with random data.
-int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly)
+int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc)
{
char temporaryKey[MASTER_KEYDATA_SIZE];
char originalK2[MASTER_KEYDATA_SIZE];
@@ -1298,6 +1298,13 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
goto final_seq;
}
+ if (backupHeaders || !bInPlaceEnc)
+ {
+ // encrypt random data instead of existing data for better entropy, except in case of primary
+ // header of an in-place encrypted disk
+ RandgetBytes (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE);
+ }
+
EncryptBuffer (buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, cryptoInfo);
if (!SetFilePointerEx (dev, offset, NULL, FILE_BEGIN))