VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-01-21 00:42:53 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-01-21 00:45:31 +0100
commitee0a2659da24b4b7543f52647fb2d8cbbd12408c (patch)
tree2977c82ee2d24d4c0bfd18a30b3f0fe7b4b25601 /src/Common
parent27b3fee02d5242e743f87dd15db61d89073e8caa (diff)
downloadVeraCrypt-ee0a2659da24b4b7543f52647fb2d8cbbd12408c.tar.gz
VeraCrypt-ee0a2659da24b4b7543f52647fb2d8cbbd12408c.zip
Windows driver: remove volumes master keys from CRYPTO_INFO since they are not needed after their key schedule is created
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Crypto.c8
-rw-r--r--src/Common/Crypto.h6
-rw-r--r--src/Common/Dlgcode.c6
-rw-r--r--src/Common/Fat.c2
-rw-r--r--src/Common/Format.c4
-rw-r--r--src/Common/Tests.c17
-rw-r--r--src/Common/Volumes.c64
7 files changed, 56 insertions, 51 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index f63062a3..299595bd 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -532,13 +532,13 @@ int EAInit (int ea, unsigned char *key, unsigned __int8 *ks)
#ifndef TC_WINDOWS_BOOT
-BOOL EAInitMode (PCRYPTO_INFO ci)
+BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2)
{
switch (ci->mode)
{
case XTS:
// Secondary key schedule
- if (EAInit (ci->ea, ci->k2, ci->ks2) != ERR_SUCCESS)
+ if (EAInit (ci->ea, key2, ci->ks2) != ERR_SUCCESS)
return FALSE;
/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
@@ -889,8 +889,12 @@ void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo)
{
burn (cryptoInfo->ks, sizeof (cryptoInfo->ks));
burn (cryptoInfo->ks2, sizeof (cryptoInfo->ks2));
+#ifdef TC_WINDOWS_DRIVER
+ burn (cryptoInfo->master_keydata_hash, sizeof (cryptoInfo->master_keydata_hash));
+#else
burn (cryptoInfo->master_keydata, sizeof (cryptoInfo->master_keydata));
burn (cryptoInfo->k2, sizeof (cryptoInfo->k2));
+#endif
burn (&cryptoInfo->noIterations, sizeof (cryptoInfo->noIterations));
burn (&cryptoInfo->volumePim, sizeof (cryptoInfo->volumePim));
}
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 6021c42f..27bc723f 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -245,8 +245,12 @@ typedef struct CRYPTO_INFO_t
#ifndef TC_WINDOWS_BOOT
uint16 HeaderVersion;
+#ifdef TC_WINDOWS_DRIVER
+ unsigned __int8 master_keydata_hash[SHA512_DIGESTSIZE];
+#else
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
+#endif
int noIterations;
BOOL bTrueCryptMode;
@@ -320,7 +324,7 @@ int EAInit (int ea, unsigned char *key, unsigned char *ks);
#else
int EAInit (unsigned char *key, unsigned char *ks);
#endif
-BOOL EAInitMode (PCRYPTO_INFO ci);
+BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2);
void EncipherBlock(int cipher, void *data, void *ks);
void DecipherBlock(int cipher, void *data, void *ks);
#ifndef TC_WINDOWS_BOOT
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 448ee1ab..4480f426 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -5724,7 +5724,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
if (!EAInit (ci->ea, ci->master_keydata, ci->ks))
{
ci->mode = FIRST_MODE_OF_OPERATION_ID;
- if (EAInitMode (ci))
+ if (EAInitMode (ci, ci->k2))
{
int i;
@@ -5745,7 +5745,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
goto counter_error;
ci->mode = FIRST_MODE_OF_OPERATION_ID;
- if (!EAInitMode (ci))
+ if (!EAInitMode (ci, ci->k2))
goto counter_error;
if (QueryPerformanceCounter (&performanceCountStart) == 0)
@@ -6931,7 +6931,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
}
memcpy (&ci->k2, secondaryKey, sizeof (secondaryKey));
- if (!EAInitMode (ci))
+ if (!EAInitMode (ci, ci->k2))
{
crypto_close (ci);
return 1;
diff --git a/src/Common/Fat.c b/src/Common/Fat.c
index 0d195614..b47e531c 100644
--- a/src/Common/Fat.c
+++ b/src/Common/Fat.c
@@ -416,7 +416,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
burn (temporaryKey, sizeof(temporaryKey));
return retVal;
}
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
burn (temporaryKey, sizeof(temporaryKey));
return ERR_MODE_INIT_FAILED;
diff --git a/src/Common/Format.c b/src/Common/Format.c
index 17b29ec6..b67ac511 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -801,7 +801,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
if (retVal != ERR_SUCCESS)
goto fail;
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;
@@ -829,7 +829,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
retVal = EAInit (cryptoInfo->ea, cryptoInfo->master_keydata, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
goto fail;
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index e83f556f..be0018a8 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -275,9 +275,7 @@ BOOL XTSAesTest (PCRYPTO_INFO ci)
if (EAInit (ci->ea, XTS_vectors[i].key1, ci->ks) != ERR_SUCCESS)
return FALSE;
- memcpy (&ci->k2, XTS_vectors[i].key2, sizeof (XTS_vectors[i].key2));
-
- if (!EAInitMode (ci))
+ if (!EAInitMode (ci, XTS_vectors[i].key2))
return FALSE;
memcpy (p, XTS_vectors[i].plaintext, sizeof (p));
@@ -685,6 +683,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92,
0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
};
+ CRYPTOPP_ALIGN_DATA(16) unsigned __int8 key2[MASTER_KEYDATA_SIZE];
/* Encryption/decryption of data units (typically, volume data sectors) */
@@ -713,12 +712,12 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
return FALSE;
- for (i = 0; i < sizeof (ci->k2); i++)
- ci->k2[i] = (unsigned char) i;
+ for (i = 0; i < sizeof (key2); i++)
+ key2[i] = (unsigned char) i;
- memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
+ memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
- if (!EAInitMode (ci))
+ if (!EAInitMode (ci, key2))
return FALSE;
// Each data unit will contain the same plaintext
@@ -1189,9 +1188,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
return FALSE;
- memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
+ memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
- if (!EAInitMode (ci))
+ if (!EAInitMode (ci, key2))
return FALSE;
// Each data unit will contain the same plaintext
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index bcd5c40c..111a2287 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -392,11 +392,12 @@ KeyReady: ;
if (cryptoInfo->mode == XTS)
{
+#ifndef TC_WINDOWS_DRIVER
// Copy the secondary key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
-
+#endif
// Secondary key schedule
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, dk + EAGetKeySize (cryptoInfo->ea)))
{
status = ERR_MODE_INIT_FAILED;
goto err;
@@ -526,8 +527,17 @@ KeyReady: ;
// Master key data
memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
+#ifdef TC_WINDOWS_DRIVER
+ {
+ sha512_ctx sha2;
+ sha512_begin (&sha2);
+ sha512_hash (keyInfo.master_keydata, MASTER_KEYDATA_SIZE, &sha2);
+ sha512_hash (header, sizeof(header), &sha2);
+ sha512_end (cryptoInfo->master_keydata_hash, &sha2);
+ }
+#else
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
-
+#endif
// PKCS #5
cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations;
@@ -538,17 +548,11 @@ KeyReady: ;
status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE)
goto err;
-
- switch (cryptoInfo->mode)
- {
-
- default:
- // The secondary master key (if cascade, multiple concatenated)
- memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
-
- }
-
- if (!EAInitMode (cryptoInfo))
+#ifndef TC_WINDOWS_DRIVER
+ // The secondary master key (if cascade, multiple concatenated)
+ memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
+#endif
+ if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea)))
{
status = ERR_MODE_INIT_FAILED;
goto err;
@@ -1031,14 +1035,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
/* Header encryption */
- switch (mode)
- {
-
- default:
- // The secondary key (if cascade, multiple concatenated)
- memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
- primaryKeyOffset = 0;
- }
+#ifndef TC_WINDOWS_DRIVER
+ // The secondary key (if cascade, multiple concatenated)
+ memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
+ primaryKeyOffset = 0;
+#endif
retVal = EAInit (cryptoInfo->ea, dk + primaryKeyOffset, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
@@ -1048,7 +1049,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
}
// Mode of operation
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, dk + EAGetKeySize (cryptoInfo->ea)))
{
crypto_close (cryptoInfo);
retVal = ERR_OUTOFMEMORY;
@@ -1074,16 +1075,13 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
- switch (cryptoInfo->mode)
- {
-
- default:
- // The secondary master key (if cascade, multiple concatenated)
- memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
- }
+#ifndef TC_WINDOWS_DRIVER
+ // The secondary master key (if cascade, multiple concatenated)
+ memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
+#endif
// Mode of operation
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea)))
{
crypto_close (cryptoInfo);
retVal = ERR_OUTOFMEMORY;
@@ -1282,7 +1280,7 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
if (nStatus != ERR_SUCCESS)
goto final_seq;
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
nStatus = ERR_MODE_INIT_FAILED;
goto final_seq;
@@ -1344,7 +1342,7 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
if (nStatus != ERR_SUCCESS)
goto final_seq;
- if (!EAInitMode (cryptoInfo))
+ if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
nStatus = ERR_MODE_INIT_FAILED;
goto final_seq;