nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-28 14:03:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows Driver: save FPU state in 32-bit mode before run Whirlpool SSE implementation to avoid issues (https://msdn.microsoft.com/fr-fr/library/ff565388(v=vs.85).aspx)

Browse Source
This commit is contained in:
Mounir IDRASSI 2016-06-17 23:50:44 +02:00
parent bdc5782f16
commit 2faa1290c0
No known key found for this signature in database
GPG Key ID: DD0C382D5FCFB8FC
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/Common/Pkcs5.c
View File

@ -19,6 +19,7 @@
#ifndef TC_WINDOWS_BOOT #ifndef TC_WINDOWS_BOOT
#include "Sha2.h" #include "Sha2.h"
#include "Whirlpool.h" #include "Whirlpool.h"
#include "cpu.h"
#include "misc.h" #include "misc.h"
#else #else
#pragma optimize ("t", on) #pragma optimize ("t", on)
@ -744,6 +745,12 @@ void hmac_whirlpool
char* buf = hmac.k; char* buf = hmac.k;
int b; int b;
char key[WHIRLPOOL_DIGESTSIZE]; char key[WHIRLPOOL_DIGESTSIZE];
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
NTSTATUS saveStatus = STATUS_SUCCESS;
if (HasISSE())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
/* If the key is longer than the hash algorithm block size, /* If the key is longer than the hash algorithm block size,
let key = whirlpool(key), as per HMAC specifications. */ let key = whirlpool(key), as per HMAC specifications. */
if (lk > WHIRLPOOL_BLOCKSIZE) if (lk > WHIRLPOOL_BLOCKSIZE)
@ -784,6 +791,11 @@ void hmac_whirlpool
WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE * 8, ctx); WHIRLPOOL_add ((unsigned char *) buf, WHIRLPOOL_BLOCKSIZE * 8, ctx);
hmac_whirlpool_internal(k, lk, d, ld, &hmac); hmac_whirlpool_internal(k, lk, d, ld, &hmac);
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
if (NT_SUCCESS (saveStatus) && HasISSE())
KeRestoreFloatingPointState (&floatingPointState);
#endif
/* Prevent leaks */ /* Prevent leaks */
burn(&hmac, sizeof(hmac)); burn(&hmac, sizeof(hmac));
} }
@ -821,6 +833,12 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
char* buf = hmac.k; char* buf = hmac.k;
char key[WHIRLPOOL_DIGESTSIZE]; char key[WHIRLPOOL_DIGESTSIZE];
int b, l, r; int b, l, r;
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
NTSTATUS saveStatus = STATUS_SUCCESS;
if (HasISSE())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
/* If the password is longer than the hash algorithm block size, /* If the password is longer than the hash algorithm block size,
let pwd = whirlpool(pwd), as per HMAC specifications. */ let pwd = whirlpool(pwd), as per HMAC specifications. */
if (pwd_len > WHIRLPOOL_BLOCKSIZE) if (pwd_len > WHIRLPOOL_BLOCKSIZE)
@ -883,6 +901,10 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin
derive_u_whirlpool (pwd, pwd_len, salt, salt_len, iterations, b, &hmac); derive_u_whirlpool (pwd, pwd_len, salt, salt_len, iterations, b, &hmac);
memcpy (dk, hmac.u, r); memcpy (dk, hmac.u, r);
#if defined (DEVICE_DRIVER) && !defined (_WIN64)
if (NT_SUCCESS (saveStatus) && HasISSE())
KeRestoreFloatingPointState (&floatingPointState);
#endif
/* Prevent possible leaks. */ /* Prevent possible leaks. */
burn (&hmac, sizeof(hmac)); burn (&hmac, sizeof(hmac));

12
src/Driver/DriveFilter.c
View File

@ -27,6 +27,7 @@
#include "Wipe.h" #include "Wipe.h"
#include "DriveFilter.h" #include "DriveFilter.h"
#include "Boot/Windows/BootCommon.h" #include "Boot/Windows/BootCommon.h"
#include "cpu.h"
static BOOL DeviceFilterActive = FALSE; static BOOL DeviceFilterActive = FALSE;
@ -258,6 +259,12 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, byte*
status = TCReadDevice (LowerDeviceObject, ioBuffer, offset, TC_SECTOR_SIZE_BIOS); status = TCReadDevice (LowerDeviceObject, ioBuffer, offset, TC_SECTOR_SIZE_BIOS);
if (NT_SUCCESS (status)) if (NT_SUCCESS (status))
{ {
#if !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
NTSTATUS saveStatus = STATUS_SUCCESS;
if (HasISSE())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
WHIRLPOOL_add (ioBuffer, TC_BOOT_SECTOR_PIM_VALUE_OFFSET * 8, &whirlpool); WHIRLPOOL_add (ioBuffer, TC_BOOT_SECTOR_PIM_VALUE_OFFSET * 8, &whirlpool);
WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)) * 8, &whirlpool); WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)) * 8, &whirlpool);
WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1, (TC_MAX_MBR_BOOT_CODE_SIZE - (TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1)) * 8, &whirlpool); WHIRLPOOL_add (ioBuffer + TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1, (TC_MAX_MBR_BOOT_CODE_SIZE - (TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1)) * 8, &whirlpool);
@ -293,6 +300,11 @@ static void ComputeBootLoaderFingerprint(PDEVICE_OBJECT LowerDeviceObject, byte*
WHIRLPOOL_finalize (&whirlpool, BootLoaderFingerprint); WHIRLPOOL_finalize (&whirlpool, BootLoaderFingerprint);
sha512_end (&BootLoaderFingerprint [WHIRLPOOL_DIGESTSIZE], &sha2); sha512_end (&BootLoaderFingerprint [WHIRLPOOL_DIGESTSIZE], &sha2);
} }
#if !defined (_WIN64)
if (NT_SUCCESS (saveStatus) && HasISSE())
KeRestoreFloatingPointState (&floatingPointState);
#endif
} }
else else
{ {