nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-10 13:13:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows driver: remove volumes master keys from CRYPTO_INFO since they are not needed after their key schedule is created

Browse Source
This commit is contained in:
Mounir IDRASSI 2019-01-21 00:42:53 +01:00
parent 27b3fee02d
commit ee0a2659da
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
11 changed files with 62 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Common/Crypto.c
View File

@ -532,13 +532,13 @@ int EAInit (int ea, unsigned char *key, unsigned __int8 *ks)
#ifndef TC_WINDOWS_BOOT
BOOL EAInitMode (PCRYPTO_INFO ci)
BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2)
{
switch (ci->mode)
{
case XTS:
// Secondary key schedule
if (EAInit (ci->ea, ci->k2, ci->ks2) != ERR_SUCCESS)
if (EAInit (ci->ea, key2, ci->ks2) != ERR_SUCCESS)
return FALSE;
/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
@ -889,8 +889,12 @@ void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo)
{
burn (cryptoInfo->ks, sizeof (cryptoInfo->ks));
burn (cryptoInfo->ks2, sizeof (cryptoInfo->ks2));
#ifdef TC_WINDOWS_DRIVER
burn (cryptoInfo->master_keydata_hash, sizeof (cryptoInfo->master_keydata_hash));
#else
burn (cryptoInfo->master_keydata, sizeof (cryptoInfo->master_keydata));
burn (cryptoInfo->k2, sizeof (cryptoInfo->k2));
#endif
burn (&cryptoInfo->noIterations, sizeof (cryptoInfo->noIterations));
burn (&cryptoInfo->volumePim, sizeof (cryptoInfo->volumePim));
}

6
src/Common/Crypto.h
View File

@ -245,8 +245,12 @@ typedef struct CRYPTO_INFO_t
#ifndef TC_WINDOWS_BOOT
uint16 HeaderVersion;
#ifdef TC_WINDOWS_DRIVER
unsigned __int8 master_keydata_hash[SHA512_DIGESTSIZE];
#else
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
#endif
int noIterations;
BOOL bTrueCryptMode;
@ -320,7 +324,7 @@ int EAInit (int ea, unsigned char *key, unsigned char *ks);
#else
int EAInit (unsigned char *key, unsigned char *ks);
#endif
BOOL EAInitMode (PCRYPTO_INFO ci);
BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2);
void EncipherBlock(int cipher, void *data, void *ks);
void DecipherBlock(int cipher, void *data, void *ks);
#ifndef TC_WINDOWS_BOOT

6
src/Common/Dlgcode.c
View File

@ -5724,7 +5724,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
if (!EAInit (ci->ea, ci->master_keydata, ci->ks))
{
ci->mode = FIRST_MODE_OF_OPERATION_ID;
if (EAInitMode (ci))
if (EAInitMode (ci, ci->k2))
{
int i;
@ -5745,7 +5745,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
goto counter_error;
ci->mode = FIRST_MODE_OF_OPERATION_ID;
if (!EAInitMode (ci))
if (!EAInitMode (ci, ci->k2))
goto counter_error;
if (QueryPerformanceCounter (&performanceCountStart) == 0)
@ -6931,7 +6931,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
}
memcpy (&ci->k2, secondaryKey, sizeof (secondaryKey));
if (!EAInitMode (ci))
if (!EAInitMode (ci, ci->k2))
{
crypto_close (ci);
return 1;

2
src/Common/Fat.c
View File

@ -416,7 +416,7 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
burn (temporaryKey, sizeof(temporaryKey));
return retVal;
}
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
burn (temporaryKey, sizeof(temporaryKey));
return ERR_MODE_INIT_FAILED;

4
src/Common/Format.c
View File

@ -801,7 +801,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
if (retVal != ERR_SUCCESS)
goto fail;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;
@ -829,7 +829,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
retVal = EAInit (cryptoInfo->ea, cryptoInfo->master_keydata, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
goto fail;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;

17
src/Common/Tests.c
View File

@ -275,9 +275,7 @@ BOOL XTSAesTest (PCRYPTO_INFO ci)
if (EAInit (ci->ea, XTS_vectors[i].key1, ci->ks) != ERR_SUCCESS)
return FALSE;
memcpy (&ci->k2, XTS_vectors[i].key2, sizeof (XTS_vectors[i].key2));
if (!EAInitMode (ci))
if (!EAInitMode (ci, XTS_vectors[i].key2))
return FALSE;
memcpy (p, XTS_vectors[i].plaintext, sizeof (p));
@ -685,6 +683,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92,
0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
};
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 key2[MASTER_KEYDATA_SIZE];
/* Encryption/decryption of data units (typically, volume data sectors) */
@ -713,12 +712,12 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
return FALSE;
for (i = 0; i < sizeof (ci->k2); i++)
ci->k2[i] = (unsigned char) i;
for (i = 0; i < sizeof (key2); i++)
key2[i] = (unsigned char) i;
memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
if (!EAInitMode (ci))
if (!EAInitMode (ci, key2))
return FALSE;
// Each data unit will contain the same plaintext
@ -1189,9 +1188,9 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
return FALSE;
memcpy (&ci->k2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
memcpy (key2, XTS_vectors[XTS_TEST_COUNT-1].key2, sizeof (XTS_vectors[XTS_TEST_COUNT-1].key2));
if (!EAInitMode (ci))
if (!EAInitMode (ci, key2))
return FALSE;
// Each data unit will contain the same plaintext

64
src/Common/Volumes.c
View File

@ -392,11 +392,12 @@ KeyReady: ;
if (cryptoInfo->mode == XTS)
{
#ifndef TC_WINDOWS_DRIVER
// Copy the secondary key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
#endif
// Secondary key schedule
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, dk + EAGetKeySize (cryptoInfo->ea)))
{
status = ERR_MODE_INIT_FAILED;
goto err;
@ -526,8 +527,17 @@ KeyReady: ;
// Master key data
memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
#ifdef TC_WINDOWS_DRIVER
{
sha512_ctx sha2;
sha512_begin (&sha2);
sha512_hash (keyInfo.master_keydata, MASTER_KEYDATA_SIZE, &sha2);
sha512_hash (header, sizeof(header), &sha2);
sha512_end (cryptoInfo->master_keydata_hash, &sha2);
}
#else
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
#endif
// PKCS #5
cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations;
@ -538,17 +548,11 @@ KeyReady: ;
status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE)
goto err;
switch (cryptoInfo->mode)
{
default:
// The secondary master key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
}
if (!EAInitMode (cryptoInfo))
#ifndef TC_WINDOWS_DRIVER
// The secondary master key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
#endif
if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea)))
{
status = ERR_MODE_INIT_FAILED;
goto err;
@ -1031,14 +1035,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
/* Header encryption */
switch (mode)
{
default:
// The secondary key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
primaryKeyOffset = 0;
}
#ifndef TC_WINDOWS_DRIVER
// The secondary key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
primaryKeyOffset = 0;
#endif
retVal = EAInit (cryptoInfo->ea, dk + primaryKeyOffset, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
@ -1048,7 +1049,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
}
// Mode of operation
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, dk + EAGetKeySize (cryptoInfo->ea)))
{
crypto_close (cryptoInfo);
retVal = ERR_OUTOFMEMORY;
@ -1074,16 +1075,13 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
switch (cryptoInfo->mode)
{
default:
// The secondary master key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
}
#ifndef TC_WINDOWS_DRIVER
// The secondary master key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
#endif
// Mode of operation
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea)))
{
crypto_close (cryptoInfo);
retVal = ERR_OUTOFMEMORY;
@ -1282,7 +1280,7 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
if (nStatus != ERR_SUCCESS)
goto final_seq;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
nStatus = ERR_MODE_INIT_FAILED;
goto final_seq;
@ -1344,7 +1342,7 @@ int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO
if (nStatus != ERR_SUCCESS)
goto final_seq;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
nStatus = ERR_MODE_INIT_FAILED;
goto final_seq;

4
src/Driver/DriveFilter.c
View File

@ -2181,10 +2181,8 @@ static VOID DecoySystemWipeThreadProc (PVOID threadArg)
DecoySystemWipeResult = STATUS_INVALID_PARAMETER;
goto ret;
}
memcpy (wipeCryptoInfo->k2, WipeDecoyRequest.WipeKey + EAGetKeySize (ea), EAGetKeySize (ea));
if (!EAInitMode (wipeCryptoInfo))
if (!EAInitMode (wipeCryptoInfo, WipeDecoyRequest.WipeKey + EAGetKeySize (ea)))
{
DecoySystemWipeResult = STATUS_INVALID_PARAMETER;
goto err;

2
src/Driver/Ntvol.c
View File

@ -663,7 +663,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (Extension->cryptoInfo->hiddenVolume && IsHiddenSystemRunning())
{
// Prevent mount of a hidden system partition if the system hosted on it is currently running
if (memcmp (Extension->cryptoInfo->master_keydata, GetSystemDriveCryptoInfo()->master_keydata, EAGetKeySize (Extension->cryptoInfo->ea)) == 0)
if (memcmp (Extension->cryptoInfo->master_keydata_hash, GetSystemDriveCryptoInfo()->master_keydata_hash, sizeof(Extension->cryptoInfo->master_keydata_hash)) == 0)
{
mount->nReturnCode = ERR_VOL_ALREADY_MOUNTED;
ntStatus = STATUS_SUCCESS;

4
src/ExpandVolume/InitDataArea.c
View File

@ -97,7 +97,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
if (retVal != ERR_SUCCESS)
goto fail;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;
@ -125,7 +125,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, __int64 num_sectors,
retVal = EAInit (cryptoInfo->ea, cryptoInfo->master_keydata, cryptoInfo->ks);
if (retVal != ERR_SUCCESS)
goto fail;
if (!EAInitMode (cryptoInfo))
if (!EAInitMode (cryptoInfo, cryptoInfo->k2))
{
retVal = ERR_MODE_INIT_FAILED;
goto fail;

4
src/Mount/Mount.c
View File

@ -10500,7 +10500,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const wchar_t *
goto error;
}
if (EAInit (volume.CryptoInfo->ea, temporaryKey, volume.CryptoInfo->ks) != ERR_SUCCESS || !EAInitMode (volume.CryptoInfo))
if (EAInit (volume.CryptoInfo->ea, temporaryKey, volume.CryptoInfo->ks) != ERR_SUCCESS || !EAInitMode (volume.CryptoInfo, volume.CryptoInfo->k2))
{
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
@ -10509,7 +10509,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const wchar_t *
EncryptBuffer (backup, backupFileSize, volume.CryptoInfo);
memcpy (volume.CryptoInfo->k2, originalK2, sizeof (volume.CryptoInfo->k2));
if (EAInit (volume.CryptoInfo->ea, volume.CryptoInfo->master_keydata, volume.CryptoInfo->ks) != ERR_SUCCESS || !EAInitMode (volume.CryptoInfo))
if (EAInit (volume.CryptoInfo->ea, volume.CryptoInfo->master_keydata, volume.CryptoInfo->ks) != ERR_SUCCESS || !EAInitMode (volume.CryptoInfo, volume.CryptoInfo->k2))
{
nStatus = ERR_PARAMETER_INCORRECT;
goto error;