diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-03-02 10:14:21 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-03-02 10:23:39 +0100 |
| commit | 321715202aed04dd9892d1c0686d080763ab212d (patch) | |
| tree | 770d69a4a7bbb992ab0aaf4cb4625e07d2a5255b /src/Format | |
| parent | edd1b00126fa39396fbb76c73cc3ea17aa955fc8 (diff) | |
| download | VeraCrypt-321715202aed04dd9892d1c0686d080763ab212d.tar.gz VeraCrypt-321715202aed04dd9892d1c0686d080763ab212d.zip | |
Windows: Generalize RAM encryption for keys to VeraCrypt binaries, especially Format and Expander
Diffstat (limited to 'src/Format')
| -rw-r--r-- | src/Format/InPlace.c | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c index b2f1b386..7117a8a4 100644 --- a/src/Format/InPlace.c +++ b/src/Format/InPlace.c @@ -869,6 +869,13 @@ int EncryptPartitionInPlaceResume (HANDLE dev, if (nStatus != ERR_SUCCESS) goto closing_seq; +#ifdef _WIN64 + if (IsRamEncryptionEnabled ()) + { + VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo)); + VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo)); + } +#endif remainingBytes = masterCryptoInfo->VolumeSize.Value - masterCryptoInfo->EncryptedAreaLength.Value; @@ -1389,6 +1396,13 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile if (nStatus != ERR_SUCCESS) goto closing_seq; +#ifdef _WIN64 + if (IsRamEncryptionEnabled ()) + { + VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo)); + VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo)); + } +#endif if (masterCryptoInfo->LegacyVolume) { @@ -1784,6 +1798,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN DWORD dwError; uint32 headerCrc32; byte *fieldPos; + PCRYPTO_INFO pCryptoInfo = headerCryptoInfo; header = (byte *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE); @@ -1804,8 +1819,23 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN goto closing_seq; } +#ifdef _WIN64 + if (IsRamEncryptionEnabled()) + { + pCryptoInfo = crypto_open(); + if (!pCryptoInfo) + { + nStatus = ERR_OUTOFMEMORY; + goto closing_seq; + } + + memcpy (pCryptoInfo, headerCryptoInfo, sizeof (CRYPTO_INFO)); + VcUnprotectKeys (pCryptoInfo, VcGetEncryptionID (headerCryptoInfo)); + } +#endif + - DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, headerCryptoInfo); + DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo); if (GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241) { @@ -1828,7 +1858,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN fieldPos = (byte *) header + TC_HEADER_OFFSET_HEADER_CRC; mputLong (fieldPos, headerCrc32); - EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, headerCryptoInfo); + EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo); if (SetFilePointerEx (dev, offset, NULL, FILE_BEGIN) == 0 @@ -1843,6 +1873,13 @@ closing_seq: dwError = GetLastError(); +#ifdef _WIN64 + if (IsRamEncryptionEnabled() && pCryptoInfo) + { + crypto_close(pCryptoInfo); + } +#endif + burn (header, TC_VOLUME_HEADER_EFFECTIVE_SIZE); VirtualUnlock (header, TC_VOLUME_HEADER_EFFECTIVE_SIZE); TCfree (header); |