mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-11-28 05:53:29 +01:00
Windows: in case of In-Place encryption, encrypt random data instead of existing data when filling unused space like the other cases.
This commit is contained in:
parent
735657a254
commit
335f17b72f
@ -568,7 +568,7 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
|
|||||||
{
|
{
|
||||||
BOOL bUpdateBackup = FALSE;
|
BOOL bUpdateBackup = FALSE;
|
||||||
|
|
||||||
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE, FALSE);
|
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
|
||||||
|
|
||||||
if (nStatus != ERR_SUCCESS)
|
if (nStatus != ERR_SUCCESS)
|
||||||
goto error;
|
goto error;
|
||||||
|
@ -440,7 +440,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
|
|||||||
PCRYPTO_INFO dummyInfo = NULL;
|
PCRYPTO_INFO dummyInfo = NULL;
|
||||||
LARGE_INTEGER hiddenOffset;
|
LARGE_INTEGER hiddenOffset;
|
||||||
|
|
||||||
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader, FALSE);
|
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader);
|
||||||
if (nStatus != ERR_SUCCESS)
|
if (nStatus != ERR_SUCCESS)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
@ -1239,7 +1239,7 @@ BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header)
|
|||||||
// Writes randomly generated data to unused/reserved header areas.
|
// Writes randomly generated data to unused/reserved header areas.
|
||||||
// When bPrimaryOnly is TRUE, then only the primary header area (not the backup header area) is filled with random data.
|
// When bPrimaryOnly is TRUE, then only the primary header area (not the backup header area) is filled with random data.
|
||||||
// When bBackupOnly is TRUE, only the backup header area (not the primary header area) is filled with random data.
|
// When bBackupOnly is TRUE, only the backup header area (not the primary header area) is filled with random data.
|
||||||
int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc)
|
int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly)
|
||||||
{
|
{
|
||||||
char temporaryKey[MASTER_KEYDATA_SIZE];
|
char temporaryKey[MASTER_KEYDATA_SIZE];
|
||||||
char originalK2[MASTER_KEYDATA_SIZE];
|
char originalK2[MASTER_KEYDATA_SIZE];
|
||||||
@ -1298,12 +1298,8 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
|
|||||||
goto final_seq;
|
goto final_seq;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (backupHeaders || !bInPlaceEnc)
|
// encrypt random data instead of existing data for better entropy
|
||||||
{
|
RandgetBytesFull (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE, TRUE);
|
||||||
// encrypt random data instead of existing data for better entropy, except in case of primary
|
|
||||||
// header of an in-place encrypted disk
|
|
||||||
RandgetBytesFull (hwndDlg, buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, FALSE, TRUE);
|
|
||||||
}
|
|
||||||
|
|
||||||
EncryptBuffer (buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, cryptoInfo);
|
EncryptBuffer (buf + TC_VOLUME_HEADER_EFFECTIVE_SIZE, sizeof (buf) - TC_VOLUME_HEADER_EFFECTIVE_SIZE, cryptoInfo);
|
||||||
|
|
||||||
|
@ -147,7 +147,7 @@ void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderS
|
|||||||
int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
|
int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
|
||||||
BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead);
|
BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead);
|
||||||
BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header);
|
BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header);
|
||||||
int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly, BOOL bInPlaceEnc);
|
int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif // !TC_HEADER_Volume_VolumeHeader
|
#endif // !TC_HEADER_Volume_VolumeHeader
|
||||||
|
@ -837,7 +837,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
|
|||||||
PCRYPTO_INFO dummyInfo = NULL;
|
PCRYPTO_INFO dummyInfo = NULL;
|
||||||
LARGE_INTEGER hiddenOffset;
|
LARGE_INTEGER hiddenOffset;
|
||||||
|
|
||||||
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader, FALSE);
|
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
|
||||||
if (nStatus != ERR_SUCCESS)
|
if (nStatus != ERR_SUCCESS)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
@ -605,7 +605,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Fill the reserved sectors of the backup header area with random data
|
// Fill the reserved sectors of the backup header area with random data
|
||||||
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, TRUE, TRUE);
|
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, TRUE);
|
||||||
|
|
||||||
if (nStatus != ERR_SUCCESS)
|
if (nStatus != ERR_SUCCESS)
|
||||||
goto closing_seq;
|
goto closing_seq;
|
||||||
@ -1122,7 +1122,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Fill the reserved sectors of the header area with random data
|
// Fill the reserved sectors of the header area with random data
|
||||||
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE, TRUE);
|
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, headerCryptoInfo, masterCryptoInfo->VolumeSize.Value, TRUE, FALSE);
|
||||||
|
|
||||||
if (nStatus != ERR_SUCCESS)
|
if (nStatus != ERR_SUCCESS)
|
||||||
goto closing_seq;
|
goto closing_seq;
|
||||||
|
Loading…
Reference in New Issue
Block a user