diff --git a/src/Common/EncryptionThreadPool.c b/src/Common/EncryptionThreadPool.c index f93bf269..3cb6b878 100644 --- a/src/Common/EncryptionThreadPool.c +++ b/src/Common/EncryptionThreadPool.c @@ -102,10 +102,10 @@ typedef struct EncryptionThreadPoolWorkItemStruct int IterationCount; TC_EVENT *NoOutstandingWorkItemEvent; LONG *OutstandingWorkItemCount; - CRYPTOPP_ALIGN_DATA(16) char Password[MAX_PASSWORD]; + char *Password; int PasswordLength; int Pkcs5Prf; - char Salt[PKCS5_SALT_SIZE]; + char *Salt; } KeyDerivation; @@ -114,6 +114,8 @@ typedef struct EncryptionThreadPoolWorkItemStruct TC_EVENT *KeyDerivationCompletedEvent; TC_EVENT *NoOutstandingWorkItemEvent; LONG *outstandingWorkItemCount; + void* keyInfoBuffer; + int keyInfoBufferSize; void* keyDerivationWorkItems; int keyDerivationWorkItemsSize; @@ -275,12 +277,6 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg) TC_THROW_FATAL_EXCEPTION; } -#if !defined(DEVICE_DRIVER) - burn (workItem->KeyDerivation.Password, sizeof(workItem->KeyDerivation.Password)); - burn (workItem->KeyDerivation.Salt, sizeof(workItem->KeyDerivation.Salt)); - VirtualUnlock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation)); -#endif - InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE); TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent); @@ -297,9 +293,21 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg) if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems) { burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize); +#if !defined(DEVICE_DRIVER) + VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize); +#endif TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems); } + if (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer) + { + burn (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize); +#if !defined(DEVICE_DRIVER) + VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize); +#endif + TCfree (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer); + } + #if !defined(DEVICE_DRIVER) CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent)); CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent)); @@ -516,14 +524,6 @@ void EncryptionThreadPoolStop () for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i) { -#if !defined(DEVICE_DRIVER) - if (WorkItemQueue[i].Type == DeriveKeyWork) - { - burn (WorkItemQueue[i].KeyDerivation.Password, sizeof(WorkItemQueue[i].KeyDerivation.Password)); - burn (WorkItemQueue[i].KeyDerivation.Salt, sizeof(WorkItemQueue[i].KeyDerivation.Salt)); - VirtualUnlock (&WorkItemQueue[i].KeyDerivation, sizeof (WorkItemQueue[i].KeyDerivation)); - } -#endif if (WorkItemQueue[i].ItemCompletedEvent) CloseHandle (WorkItemQueue[i].ItemCompletedEvent); } @@ -552,19 +552,16 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT } workItem->Type = DeriveKeyWork; -#if !defined(DEVICE_DRIVER) - VirtualLock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation)); -#endif workItem->KeyDerivation.CompletionEvent = completionEvent; workItem->KeyDerivation.CompletionFlag = completionFlag; workItem->KeyDerivation.DerivedKey = derivedKey; workItem->KeyDerivation.IterationCount = iterationCount; workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent; workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount; - memcpy (workItem->KeyDerivation.Password, password, passwordLength); + workItem->KeyDerivation.Password = password; workItem->KeyDerivation.PasswordLength = passwordLength; workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf; - memcpy (workItem->KeyDerivation.Salt, salt, PKCS5_SALT_SIZE); + workItem->KeyDerivation.Salt = salt; InterlockedIncrement (outstandingWorkItemCount); TC_CLEAR_EVENT (*noOutstandingWorkItemEvent); @@ -574,7 +571,9 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT TC_RELEASE_MUTEX (&EnqueueMutex); } -void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize) +void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, + void* keyInfoBuffer, int keyInfoBufferSize, + void* keyDerivationWorkItems, int keyDerivationWorkItemsSize) { EncryptionThreadPoolWorkItem *workItem; @@ -595,6 +594,8 @@ void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivat workItem->Type = ReadVolumeHeaderFinalizationWork; workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent; workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent; + workItem->ReadVolumeHeaderFinalization.keyInfoBuffer = keyInfoBuffer; + workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize = keyInfoBufferSize; workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems; workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize; workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount; diff --git a/src/Common/EncryptionThreadPool.h b/src/Common/EncryptionThreadPool.h index 9cb3ffa7..053d4107 100644 --- a/src/Common/EncryptionThreadPool.h +++ b/src/Common/EncryptionThreadPool.h @@ -33,7 +33,7 @@ size_t GetCpuCount (WORD* pGroupCount); #endif void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey); -void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize); +void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize); void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo); BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount); void EncryptionThreadPoolStop (); diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 37fa481c..7bfb8ec2 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -170,7 +170,10 @@ BOOL ReadVolumeHeaderRecoveryMode = FALSE; int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) { char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE]; - CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo; + unsigned char* keyInfoBuffer = NULL; + int keyInfoBufferSize = sizeof (KEY_INFO) + 16; + size_t keyInfoBufferOffset; + PKEY_INFO keyInfo; PCRYPTO_INFO cryptoInfo; CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE]; int enqPkcs5Prf, pkcs5_prf; @@ -182,6 +185,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int TC_EVENT *keyDerivationCompletedEvent = NULL; TC_EVENT *noOutstandingWorkItemEvent = NULL; KeyDerivationWorkItem *keyDerivationWorkItems = NULL; + int keyDerivationWorkItemsSize = 0; KeyDerivationWorkItem *item; size_t encryptionThreadCount = GetEncryptionThreadCount(); LONG *outstandingWorkItemCount = NULL; @@ -189,6 +193,17 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int #endif size_t queuedWorkItems = 0; + // allocate 16-bytes aligned buffer to hold KEY_INFO in a portable way + keyInfoBuffer = TCalloc(keyInfoBufferSize); + if (!keyInfoBuffer) + return ERR_OUTOFMEMORY; + keyInfoBufferOffset = 16 - (((uint64) keyInfoBuffer) % 16); + keyInfo = (PKEY_INFO) (keyInfoBuffer + keyInfoBufferOffset); + +#if !defined(DEVICE_DRIVER) && !defined(_UEFI) + VirtualLock (keyInfoBuffer, keyInfoBufferSize); +#endif + // if no PIM specified, use default value if (pim < 0) pim = 0; @@ -237,7 +252,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int return ERR_OUTOFMEMORY; } - keyDerivationWorkItems = TCalloc (sizeof (KeyDerivationWorkItem) * pkcs5PrfCount); + keyDerivationWorkItemsSize = sizeof (KeyDerivationWorkItem) * pkcs5PrfCount; + keyDerivationWorkItems = TCalloc (keyDerivationWorkItemsSize); if (!keyDerivationWorkItems) { TCfree(keyDerivationCompletedEvent); @@ -274,20 +290,21 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int TCfree(outstandingWorkItemCount); return ERR_OUTOFMEMORY; } + + VirtualLock (keyDerivationWorkItems, keyDerivationWorkItemsSize); #endif } #if !defined(DEVICE_DRIVER) - VirtualLock (&keyInfo, sizeof (keyInfo)); VirtualLock (&dk, sizeof (dk)); VirtualLock (&header, sizeof (header)); #endif #endif // !defined(_UEFI) - crypto_loadkey (&keyInfo, password->Text, (int) password->Length); + crypto_loadkey (keyInfo, password->Text, (int) password->Length); // PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password - memcpy (keyInfo.salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE); + memcpy (keyInfo->salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE); // Test all available PKCS5 PRFs for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf) @@ -315,8 +332,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int item->Pkcs5Prf = enqPkcs5Prf; EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, - &item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey, - keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey); + &item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey, + keyInfo->keyLength, keyInfo->salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey); ++queuedWorkItems; break; @@ -338,7 +355,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE) { pkcs5_prf = item->Pkcs5Prf; - keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot); + keyInfo->noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot); memcpy (dk, item->DerivedKey, sizeof (dk)); item->Free = TRUE; @@ -357,33 +374,33 @@ KeyReady: ; #endif // !defined(_UEFI) { pkcs5_prf = enqPkcs5Prf; - keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot); + keyInfo->noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot); switch (pkcs5_prf) { case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, - PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); + derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; case SHA512: - derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, - PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); + derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; case WHIRLPOOL: - derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, - PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); + derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; case SHA256: - derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, - PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); + derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; case STREEBOG: - derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, - PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); + derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt, + PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize()); break; default: // Unknown/wrong ID @@ -540,7 +557,7 @@ KeyReady: ; if (retInfo == NULL) { cryptoInfo->pkcs5 = pkcs5_prf; - cryptoInfo->noIterations = keyInfo.noIterations; + cryptoInfo->noIterations = keyInfo->noIterations; cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->volumePim = pim; goto ret; @@ -557,34 +574,34 @@ KeyReady: ; } // Master key data - memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE); + memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE); #ifdef TC_WINDOWS_DRIVER { RMD160_CTX ctx; RMD160Init (&ctx); - RMD160Update (&ctx, keyInfo.master_keydata, MASTER_KEYDATA_SIZE); + RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE); RMD160Update (&ctx, header, sizeof(header)); RMD160Final (cryptoInfo->master_keydata_hash, &ctx); burn(&ctx, sizeof (ctx)); } #else - memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE); + memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE); #endif // PKCS #5 cryptoInfo->pkcs5 = pkcs5_prf; - cryptoInfo->noIterations = keyInfo.noIterations; + cryptoInfo->noIterations = keyInfo->noIterations; cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->volumePim = pim; // Init the cipher with the decrypted master key - status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks); + status = EAInit (cryptoInfo->ea, keyInfo->master_keydata + primaryKeyOffset, cryptoInfo->ks); if (status == ERR_CIPHER_INIT_FAILURE) goto err; #ifndef TC_WINDOWS_DRIVER // The secondary master key (if cascade, multiple concatenated) - memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)); + memcpy (cryptoInfo->k2, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)); #endif - if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea))) + if (!EAInitMode (cryptoInfo, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea))) { status = ERR_MODE_INIT_FAILED; goto err; @@ -604,13 +621,11 @@ KeyReady: ; *retInfo = NULL; } -ret: - burn (&keyInfo, sizeof (keyInfo)); +ret: burn (dk, sizeof(dk)); burn (header, sizeof(header)); #if !defined(DEVICE_DRIVER) && !defined(_UEFI) - VirtualUnlock (&keyInfo, sizeof (keyInfo)); VirtualUnlock (&dk, sizeof (dk)); VirtualUnlock (&header, sizeof (header)); #endif @@ -618,9 +633,19 @@ KeyReady: ; #if !defined(_UEFI) if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { - EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount, keyDerivationWorkItems, sizeof (KeyDerivationWorkItem) * pkcs5PrfCount); + EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount, + keyInfoBuffer, keyInfoBufferSize, + keyDerivationWorkItems, keyDerivationWorkItemsSize); } + else #endif + { + burn (keyInfo, sizeof (KEY_INFO)); +#if !defined(DEVICE_DRIVER) && !defined(_UEFI) + VirtualUnlock (keyInfoBuffer, keyInfoBufferSize); +#endif + TCfree(keyInfoBuffer); + } return status; }