From 335f17b72f567f1bdb9dbc84a1d42d2cf18f1245 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 3 Sep 2016 19:34:52 +0200 Subject: [PATCH] Windows: in case of In-Place encryption, encrypt random data instead of existing data when filling unused space like the other cases. --- src/Common/Format.c | 2 +- src/Common/Password.c | 2 +- src/Common/Volumes.c | 10 +++------- src/Common/Volumes.h | 2 +- src/ExpandVolume/ExpandVolume.c | 2 +- src/Format/InPlace.c | 4 ++-- 6 files changed, 9 insertions(+), 13 deletions(-) diff --git a/src/Common/Format.c b/src/Common/Format.c index 4df27c1e..ead65463 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -568,7 +568,7 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams) { BOOL bUpdateBackup = FALSE; - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE, FALSE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE); if (nStatus != ERR_SUCCESS) goto error; diff --git a/src/Common/Password.c b/src/Common/Password.c index b0f44384..1c9083a3 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -440,7 +440,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, PCRYPTO_INFO dummyInfo = NULL; LARGE_INTEGER hiddenOffset; - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader, FALSE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader); if (nStatus != ERR_SUCCESS) goto error; diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 67b072d6..178f47f0 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -1239,7 +1239,7 @@ BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header) // Writes randomly generated data to unused/reserved header areas. // When bPrimaryOnly is TRUE, then only the primary header area (not the backup header area) is filled with random data. // When bBackupOnly is TRUE, only the backup header area (not the primary header area) is filled with random data. -int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc) +int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly) { char temporaryKey[MASTER_KEYDATA_SIZE]; char originalK2[MASTER_KEYDATA_SIZE]; @@ -1298,12 +1298,8 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO goto final_seq; } - if (backupHeaders || !bInPlaceEnc) - { - // encrypt random data instead of existing data for better entropy, except in case of primary - // header of an in-place encrypted disk - RandgetBytesFull (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE, TRUE); - } + // encrypt random data instead of existing data for better entropy + RandgetBytesFull (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE, TRUE); EncryptBuffer (buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, cryptoInfo); diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 68ba6720..3fe3a450 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -147,7 +147,7 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode); BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead); BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header); -int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc); +int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly); #endif #endif // !TC_HEADER_Volume_VolumeHeader diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c index 2235af1a..82c4207e 100644 --- a/src/ExpandVolume/ExpandVolume.c +++ b/src/ExpandVolume/ExpandVolume.c @@ -837,7 +837,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas PCRYPTO_INFO dummyInfo = NULL; LARGE_INTEGER hiddenOffset; - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader, FALSE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader); if (nStatus != ERR_SUCCESS) goto error; diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c index cfae573f..f37cb8be 100644 --- a/src/Format/InPlace.c +++ b/src/Format/InPlace.c @@ -605,7 +605,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol } // Fill the reserved sectors of the backup header area with random data - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, TRUE, TRUE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, TRUE); if (nStatus != ERR_SUCCESS) goto closing_seq; @@ -1122,7 +1122,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev, } // Fill the reserved sectors of the header area with random data - nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE, TRUE); + nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE); if (nStatus != ERR_SUCCESS) goto closing_seq;