diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-08-15 00:37:26 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-08-15 01:09:20 +0200 |
commit | 24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3 (patch) | |
tree | 95294e19bbd61d330e57d35b844c1321303c8b38 /src/Common | |
parent | 67031da928735e1d3b6bfca8d393a07d98e478dd (diff) | |
download | VeraCrypt-24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3.tar.gz VeraCrypt-24560eae1d434e57cde1aa5c7ca2d3fa0d7c42a3.zip |
Windows: fill unused/reserved header areas with the result of encryption of random data instead of the encryption of zeros for better entropy of resulting random data.
Diffstat (limited to 'src/Common')
-rw-r--r-- | src/Common/Format.c | 2 | ||||
-rw-r--r-- | src/Common/Password.c | 2 | ||||
-rw-r--r-- | src/Common/Volumes.c | 9 | ||||
-rw-r--r-- | src/Common/Volumes.h | 2 |
4 files changed, 11 insertions, 4 deletions
diff --git a/src/Common/Format.c b/src/Common/Format.c index ead65463..4df27c1e 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -568,7 +568,7 @@ begin_format: { BOOL bUpdateBackup = FALSE; - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE, FALSE); if (nStatus != ERR_SUCCESS) goto error; diff --git a/src/Common/Password.c b/src/Common/Password.c index 1c9083a3..b0f44384 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -440,7 +440,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, PCRYPTO_INFO dummyInfo = NULL; LARGE_INTEGER hiddenOffset; - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader, FALSE); if (nStatus != ERR_SUCCESS) goto error; diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 35ba5bd2..3228aadc 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -1239,7 +1239,7 @@ BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header) // Writes randomly generated data to unused/reserved header areas. // When bPrimaryOnly is TRUE, then only the primary header area (not the backup header area) is filled with random data. // When bBackupOnly is TRUE, only the backup header area (not the primary header area) is filled with random data. -int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly) +int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc) { char temporaryKey[MASTER_KEYDATA_SIZE]; char originalK2[MASTER_KEYDATA_SIZE]; @@ -1298,6 +1298,13 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO goto final_seq; } + if (backupHeaders || !bInPlaceEnc) + { + // encrypt random data instead of existing data for better entropy, except in case of primary + // header of an in-place encrypted disk + RandgetBytes (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE); + } + EncryptBuffer (buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, cryptoInfo); if (!SetFilePointerEx (dev, offset, NULL, FILE_BEGIN)) diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 3fe3a450..68ba6720 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -147,7 +147,7 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode); BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead); BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header); -int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly); +int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc); #endif #endif // !TC_HEADER_Volume_VolumeHeader |