Add option in select the number of passes for volume header over-writing. By default, it is set to 3 but it can be increased to 256 passes (which can lead to a delay of many hours for a single password change operation).

This commit is contained in:
Mounir IDRASSI 2014-07-27 02:36:23 +02:00
parent 97154aaf51
commit 1c11ee428d
16 changed files with 67 additions and 35 deletions

View File

@ -2060,7 +2060,7 @@ namespace VeraCrypt
}
int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5)
int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount)
{
BootEncryptionStatus encStatus = GetStatus();
@ -2125,7 +2125,7 @@ namespace VeraCrypt
UserEnrichRandomPool (ParentWindow);
WaitCursor();
/* The header will be re-encrypted PRAND_DISK_WIPE_PASSES times to prevent adversaries from using
/* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
@ -2145,7 +2145,7 @@ namespace VeraCrypt
BOOL backupHeader = FALSE;
while (TRUE)
{
for (int wipePass = 0; wipePass < PRAND_DISK_WIPE_PASSES; wipePass++)
for (int wipePass = 0; wipePass < wipePassCount; wipePass++)
{
PCRYPTO_INFO tmpCryptoInfo = NULL;
@ -2164,7 +2164,7 @@ namespace VeraCrypt
cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags | TC_HEADER_FLAG_ENCRYPTED_SYSTEM,
cryptoInfo->SectorSize,
wipePass < PRAND_DISK_WIPE_PASSES - 1);
wipePass < wipePassCount - 1);
if (tmpCryptoInfo)
crypto_close (tmpCryptoInfo);

View File

@ -141,7 +141,7 @@ namespace VeraCrypt
void AbortSetup ();
void AbortSetupWait ();
void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0);
int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5);
int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount);
void CheckDecoyOSWipeResult ();
void CheckEncryptionSetupResult ();
void CheckRequirements ();

View File

@ -1565,7 +1565,7 @@ SelectAlgo (HWND hComboBox, int *algo_id)
}
void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption)
void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, BOOL bHeaderWipe)
{
if (bNA)
{
@ -1573,14 +1573,20 @@ void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption)
}
else
{
if (bInPlaceEncryption)
AddComboPairW (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
else
AddComboPairW (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);
if (!bHeaderWipe)
{
if (bInPlaceEncryption)
AddComboPairW (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
else
AddComboPairW (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);
}
AddComboPairW (hComboBox, GetString ("WIPE_MODE_3_DOD_5220"), TC_WIPE_3_DOD_5220);
AddComboPairW (hComboBox, GetString ("WIPE_MODE_7_DOD_5220"), TC_WIPE_7_DOD_5220);
AddComboPairW (hComboBox, GetString ("WIPE_MODE_35_GUTMANN"), TC_WIPE_35_GUTMANN);
if (bHeaderWipe)
AddComboPairW (hComboBox, GetString ("WIPE_MODE_256"), TC_WIPE_256); // paranoid wipe for volume header
}
}
@ -1603,6 +1609,9 @@ wchar_t *GetWipeModeName (WipeAlgorithmId modeId)
case TC_WIPE_35_GUTMANN:
return GetString ("WIPE_MODE_35_GUTMANN");
case TC_WIPE_256:
return GetString ("WIPE_MODE_256");
default:
return GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE");
}

View File

@ -259,7 +259,7 @@ void HandCursor ();
void AddComboPair (HWND hComboBox, const char *lpszItem, int value);
void AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value);
void SelectAlgo ( HWND hComboBox , int *nCipher );
void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption);
void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, BOOL bHeaderWipe);
wchar_t *GetWipeModeName (WipeAlgorithmId modeId);
wchar_t *GetPathType (const char *path, BOOL bUpperCase, BOOL *bIsPartition);
LRESULT CALLBACK CustomDlgProc ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );

View File

@ -119,7 +119,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem)
return TRUE;
}
int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg)
int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@ -323,7 +323,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw
while (TRUE)
{
/* The header will be re-encrypted PRAND_DISK_WIPE_PASSES times to prevent adversaries from using
/* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
@ -335,7 +335,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw
of the header to differ substantially and in a random manner from the versions written during the
other passes. */
for (wipePass = 0; wipePass < PRAND_DISK_WIPE_PASSES; wipePass++)
for (wipePass = 0; wipePass < wipePassCount; wipePass++)
{
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (FALSE,
@ -353,7 +353,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw
cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags,
cryptoInfo->SectorSize,
wipePass < PRAND_DISK_WIPE_PASSES - 1);
wipePass < wipePassCount - 1);
if (ci != NULL)
crypto_close (ci);

View File

@ -35,7 +35,7 @@ typedef struct
void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);
BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg);
int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)

View File

@ -155,6 +155,9 @@ int GetWipePassCount (WipeAlgorithmId algorithm)
case TC_WIPE_35_GUTMANN:
return 35;
case TC_WIPE_256:
return 256;
default:
TC_THROW_FATAL_EXCEPTION;
}
@ -168,6 +171,7 @@ BOOL WipeBuffer (WipeAlgorithmId algorithm, byte randChars[TC_WIPE_RAND_CHAR_COU
switch (algorithm)
{
case TC_WIPE_1_RAND:
case TC_WIPE_256:
return Wipe1PseudoRandom (pass, buffer, size);
case TC_WIPE_3_DOD_5220:

View File

@ -24,7 +24,8 @@ typedef enum
TC_WIPE_1_RAND = 100,
TC_WIPE_3_DOD_5220 = 300,
TC_WIPE_7_DOD_5220 = 700,
TC_WIPE_35_GUTMANN = 3500
TC_WIPE_35_GUTMANN = 3500,
TC_WIPE_256 = 25600
} WipeAlgorithmId;

View File

@ -4102,7 +4102,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
TRUE);
TRUE,
FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
@ -4212,13 +4213,13 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
nWipeMode = TC_WIPE_NONE;
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), FALSE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
else
{
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), !bSystemEncryptionInProgress);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
@ -4283,7 +4284,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
ShowWindow (GetDlgItem (hwndDlg, IDC_MORE_INFO_SYS_ENCRYPTION), SW_HIDE);
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
break;
@ -4584,7 +4585,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("WIPE_MODE_INFO"));
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);

View File

@ -100,13 +100,13 @@ class TrueCryptMainCom : public ITrueCryptMainCom
return BaseCom::CallDriver (ioctl, input, output);
}
virtual int STDMETHODCALLTYPE ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, LONG_PTR hWnd)
virtual int STDMETHODCALLTYPE ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd)
{
USES_CONVERSION;
CW2A volumePathA(volumePath);
MainDlg = (HWND) hWnd;
if (volumePathA.m_psz)
return ::ChangePwd (volumePathA.m_psz, oldPassword, newPassword, pkcs5, (HWND) hWnd);
return ::ChangePwd (volumePathA.m_psz, oldPassword, newPassword, pkcs5, wipePassCount,(HWND) hWnd);
else
return ERR_OUTOFMEMORY;
}
@ -261,7 +261,7 @@ extern "C" int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume)
}
extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg)
extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
{
CComPtr<ITrueCryptMainCom> tc;
int r;
@ -269,7 +269,7 @@ extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *
if (ComGetInstance (hwndDlg, &tc))
{
WaitCursor ();
r = tc->ChangePassword (CComBSTR (lpszVolume), oldPassword, newPassword, pkcs5, (LONG_PTR) hwndDlg);
r = tc->ChangePassword (CComBSTR (lpszVolume), oldPassword, newPassword, pkcs5, wipePassCount, (LONG_PTR) hwndDlg);
NormalCursor ();
}
else

View File

@ -23,7 +23,7 @@ BOOL ComServerMain ();
void UacAnalyzeKernelMiniDump (HWND hwndDlg);
int UacBackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, char *lpszVolume);
int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume);
int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg);
int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
#ifdef __cplusplus
}

View File

@ -27,7 +27,7 @@ library TrueCryptMainCom
void AnalyzeKernelMiniDump (LONG_PTR hwndDlg);
int BackupVolumeHeader (LONG_PTR hwndDlg, BOOL bRequireConfirmation, BSTR lpszVolume);
DWORD CallDriver (DWORD ioctl, BSTR input, BSTR *output);
int ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, LONG_PTR hWnd);
int ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
DWORD CopyFile (BSTR sourceFile, BSTR destinationFile);
DWORD DeleteFile (BSTR file);
BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);

View File

@ -1396,6 +1396,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
LPARAM nIndex;
HWND hComboBox = GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID);
int i;
WipeAlgorithmId headerWipeMode = TC_WIPE_3_DOD_5220;
ZeroMemory (&newKeyFilesParam, sizeof (newKeyFilesParam));
@ -1427,6 +1428,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
SendMessage (hComboBox, CB_SETCURSEL, 0, 0);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE, TRUE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &headerWipeMode);
switch (pwdChangeDlgMode)
{
case PCDM_CHANGE_PKCS5_PRF:
@ -1751,6 +1755,11 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
HWND hParent = GetParent (hwndDlg);
Password oldPassword;
Password newPassword;
WipeAlgorithmId headerWiperMode = (WipeAlgorithmId) SendMessage (
GetDlgItem (hwndDlg, IDC_WIPE_MODE),
CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
0);
int nStatus;
int pkcs5 = SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
@ -1813,7 +1822,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
try
{
nStatus = BootEncObj->ChangePassword (&oldPassword, &newPassword, pkcs5);
nStatus = BootEncObj->ChangePassword (&oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode));
}
catch (Exception &e)
{
@ -1825,14 +1834,14 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
{
// Non-system
nStatus = ChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, hwndDlg);
nStatus = ChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode), hwndDlg);
if (nStatus == ERR_OS_ERROR
&& GetLastError () == ERROR_ACCESS_DENIED
&& IsUacSupported ()
&& IsVolumeDeviceHosted (szFileName))
{
nStatus = UacChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, hwndDlg);
nStatus = UacChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode), hwndDlg);
}
}

View File

@ -101,7 +101,7 @@ BEGIN
CONTROL "",IDC_VOLUME_PROPERTIES_LIST,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,7,6,269,154
END
IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 316, 162
IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 316, 183
STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Change Password or Keyfiles"
CLASS "CustomDlg"
@ -124,7 +124,9 @@ BEGIN
RTEXT "Confirm Password:",IDT_CONFIRM_PASSWORD,9,93,75,16
RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,9,137,74,10,SS_CENTERIMAGE
GROUPBOX "Current",IDT_CURRENT,6,3,238,58
GROUPBOX "New",IDT_NEW,6,63,238,93
GROUPBOX "New",IDT_NEW,6,63,238,113
COMBOBOX IDC_WIPE_MODE,89,155,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
RTEXT "Wipe mode:",IDT_WIPE_MODE,9,157,74,8,0,WS_EX_RIGHT
END
IDD_MOUNT_DLG DIALOGEX 0, 0, 375, 271
@ -351,7 +353,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 309
TOPMARGIN, 7
BOTTOMMARGIN, 155
BOTTOMMARGIN, 176
END
IDD_MOUNT_DLG, DIALOG
@ -593,7 +595,7 @@ BEGIN
MENUITEM "Beginner's Tutorial", IDM_ONLINE_TUTORIAL
MENUITEM "Frequently Asked Questions", IDM_FAQ
MENUITEM SEPARATOR
MENUITEM "VeraCrypt Website", IDM_WEBSITE
MENUITEM "VeraCrypt Website", IDM_WEBSITE
MENUITEM "Downloads", IDM_TC_DOWNLOADS
MENUITEM "News", IDM_NEWS
MENUITEM "Version History", IDM_VERSION_HISTORY

View File

@ -373,6 +373,10 @@
RelativePath="..\Common\Volumes.c"
>
</File>
<File
RelativePath="..\Common\Wipe.c"
>
</File>
<File
RelativePath="..\Common\Wipe.h"
>

View File

@ -106,11 +106,13 @@
#define IDC_SHOW_PASSWORD_CHPWD_ORI 1083
#define IDC_HK_DISMOUNT_PLAY_SOUND 1084
#define IDC_HOTKEY_ASSIGN 1085
#define IDC_WIPE_MODE 1085
#define IDC_HOTKEY_REMOVE 1086
#define IDC_HOTKEY_KEY 1087
#define IDT_HOTKEY_KEY 1088
#define IDC_HOTKEY_LIST 1089
#define IDC_RESET_HOTKEYS 1090
#define IDT_WIPE_MODE 1090
#define IDT_DISMOUNT_ACTION 1091
#define IDT_ASSIGN_HOTKEY 1092
#define IDC_HK_MOD_SHIFT 1093