mirrors
/
VeraCrypt
mirror of https://github.com/veracrypt/VeraCrypt.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Windows: Better implementation of PRF autodetection optimization.

This commit is contained in:
Mounir IDRASSI 2021-08-07 20:44:00 +02:00
parent aeba32ba8b
commit 4b98ff0e98
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
3 changed files with 80 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/Common/EncryptionThreadPool.c
View File

@ -102,10 +102,10 @@ typedef struct EncryptionThreadPoolWorkItemStruct
int IterationCount; int IterationCount;
TC_EVENT *NoOutstandingWorkItemEvent; TC_EVENT *NoOutstandingWorkItemEvent;
LONG *OutstandingWorkItemCount; LONG *OutstandingWorkItemCount;
CRYPTOPP_ALIGN_DATA(16) char Password[MAX_PASSWORD]; char *Password;
int PasswordLength; int PasswordLength;
int Pkcs5Prf; int Pkcs5Prf;
char Salt[PKCS5_SALT_SIZE]; char *Salt;
} KeyDerivation; } KeyDerivation;
@ -114,6 +114,8 @@ typedef struct EncryptionThreadPoolWorkItemStruct
TC_EVENT *KeyDerivationCompletedEvent; TC_EVENT *KeyDerivationCompletedEvent;
TC_EVENT *NoOutstandingWorkItemEvent; TC_EVENT *NoOutstandingWorkItemEvent;
LONG *outstandingWorkItemCount; LONG *outstandingWorkItemCount;
void* keyInfoBuffer;
int keyInfoBufferSize;
void* keyDerivationWorkItems; void* keyDerivationWorkItems;
int keyDerivationWorkItemsSize; int keyDerivationWorkItemsSize;
@ -275,12 +277,6 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
TC_THROW_FATAL_EXCEPTION; TC_THROW_FATAL_EXCEPTION;
} }
#if !defined(DEVICE_DRIVER)
burn (workItem->KeyDerivation.Password, sizeof(workItem->KeyDerivation.Password));
burn (workItem->KeyDerivation.Salt, sizeof(workItem->KeyDerivation.Salt));
VirtualUnlock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation));
#endif
InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE); InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);
TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent); TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);
@ -297,9 +293,21 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems) if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems)
{ {
burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize); burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
#if !defined(DEVICE_DRIVER)
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
#endif
TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems); TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems);
} }
if (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer)
{
burn (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
#if !defined(DEVICE_DRIVER)
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
#endif
TCfree (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer);
}
#if !defined(DEVICE_DRIVER) #if !defined(DEVICE_DRIVER)
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent)); CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent));
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent)); CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent));
@ -516,14 +524,6 @@ void EncryptionThreadPoolStop ()
for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i) for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i)
{ {
#if !defined(DEVICE_DRIVER)
if (WorkItemQueue[i].Type == DeriveKeyWork)
{
burn (WorkItemQueue[i].KeyDerivation.Password, sizeof(WorkItemQueue[i].KeyDerivation.Password));
burn (WorkItemQueue[i].KeyDerivation.Salt, sizeof(WorkItemQueue[i].KeyDerivation.Salt));
VirtualUnlock (&WorkItemQueue[i].KeyDerivation, sizeof (WorkItemQueue[i].KeyDerivation));
}
#endif
if (WorkItemQueue[i].ItemCompletedEvent) if (WorkItemQueue[i].ItemCompletedEvent)
CloseHandle (WorkItemQueue[i].ItemCompletedEvent); CloseHandle (WorkItemQueue[i].ItemCompletedEvent);
} }
@ -552,19 +552,16 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT
} }
workItem->Type = DeriveKeyWork; workItem->Type = DeriveKeyWork;
#if !defined(DEVICE_DRIVER)
VirtualLock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation));
#endif
workItem->KeyDerivation.CompletionEvent = completionEvent; workItem->KeyDerivation.CompletionEvent = completionEvent;
workItem->KeyDerivation.CompletionFlag = completionFlag; workItem->KeyDerivation.CompletionFlag = completionFlag;
workItem->KeyDerivation.DerivedKey = derivedKey; workItem->KeyDerivation.DerivedKey = derivedKey;
workItem->KeyDerivation.IterationCount = iterationCount; workItem->KeyDerivation.IterationCount = iterationCount;
workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent; workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount; workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount;
memcpy (workItem->KeyDerivation.Password, password, passwordLength); workItem->KeyDerivation.Password = password;
workItem->KeyDerivation.PasswordLength = passwordLength; workItem->KeyDerivation.PasswordLength = passwordLength;
workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf; workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf;
memcpy (workItem->KeyDerivation.Salt, salt, PKCS5_SALT_SIZE); workItem->KeyDerivation.Salt = salt;
InterlockedIncrement (outstandingWorkItemCount); InterlockedIncrement (outstandingWorkItemCount);
TC_CLEAR_EVENT (*noOutstandingWorkItemEvent); TC_CLEAR_EVENT (*noOutstandingWorkItemEvent);
@ -574,7 +571,9 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT
TC_RELEASE_MUTEX (&EnqueueMutex); TC_RELEASE_MUTEX (&EnqueueMutex);
} }
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize) void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount,
void* keyInfoBuffer, int keyInfoBufferSize,
void* keyDerivationWorkItems, int keyDerivationWorkItemsSize)
{ {
EncryptionThreadPoolWorkItem *workItem; EncryptionThreadPoolWorkItem *workItem;
@ -595,6 +594,8 @@ void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivat
workItem->Type = ReadVolumeHeaderFinalizationWork; workItem->Type = ReadVolumeHeaderFinalizationWork;
workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent; workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent; workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent;
workItem->ReadVolumeHeaderFinalization.keyInfoBuffer = keyInfoBuffer;
workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize = keyInfoBufferSize;
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems; workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems;
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize; workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize;
workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount; workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount;

2
src/Common/EncryptionThreadPool.h
View File

@ -33,7 +33,7 @@ size_t GetCpuCount (WORD* pGroupCount);
#endif #endif
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey); void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey);
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize); void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);
void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo); void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount); BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);
void EncryptionThreadPoolStop (); void EncryptionThreadPoolStop ();

87
src/Common/Volumes.c
View File

@ -170,7 +170,10 @@ BOOL ReadVolumeHeaderRecoveryMode = FALSE;
int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
{ {
char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE]; char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo; unsigned char* keyInfoBuffer = NULL;
int keyInfoBufferSize = sizeof (KEY_INFO) + 16;
size_t keyInfoBufferOffset;
PKEY_INFO keyInfo;
PCRYPTO_INFO cryptoInfo; PCRYPTO_INFO cryptoInfo;
CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE]; CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE];
int enqPkcs5Prf, pkcs5_prf; int enqPkcs5Prf, pkcs5_prf;
@ -182,6 +185,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
TC_EVENT *keyDerivationCompletedEvent = NULL; TC_EVENT *keyDerivationCompletedEvent = NULL;
TC_EVENT *noOutstandingWorkItemEvent = NULL; TC_EVENT *noOutstandingWorkItemEvent = NULL;
KeyDerivationWorkItem *keyDerivationWorkItems = NULL; KeyDerivationWorkItem *keyDerivationWorkItems = NULL;
int keyDerivationWorkItemsSize = 0;
KeyDerivationWorkItem *item; KeyDerivationWorkItem *item;
size_t encryptionThreadCount = GetEncryptionThreadCount(); size_t encryptionThreadCount = GetEncryptionThreadCount();
LONG *outstandingWorkItemCount = NULL; LONG *outstandingWorkItemCount = NULL;
@ -189,6 +193,17 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
#endif #endif
size_t queuedWorkItems = 0; size_t queuedWorkItems = 0;
// allocate 16-bytes aligned buffer to hold KEY_INFO in a portable way
keyInfoBuffer = TCalloc(keyInfoBufferSize);
if (!keyInfoBuffer)
return ERR_OUTOFMEMORY;
keyInfoBufferOffset = 16 - (((uint64) keyInfoBuffer) % 16);
keyInfo = (PKEY_INFO) (keyInfoBuffer + keyInfoBufferOffset);
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualLock (keyInfoBuffer, keyInfoBufferSize);
#endif
// if no PIM specified, use default value // if no PIM specified, use default value
if (pim < 0) if (pim < 0)
pim = 0; pim = 0;
@ -237,7 +252,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
return ERR_OUTOFMEMORY; return ERR_OUTOFMEMORY;
} }
keyDerivationWorkItems = TCalloc (sizeof (KeyDerivationWorkItem) * pkcs5PrfCount); keyDerivationWorkItemsSize = sizeof (KeyDerivationWorkItem) * pkcs5PrfCount;
keyDerivationWorkItems = TCalloc (keyDerivationWorkItemsSize);
if (!keyDerivationWorkItems) if (!keyDerivationWorkItems)
{ {
TCfree(keyDerivationCompletedEvent); TCfree(keyDerivationCompletedEvent);
@ -274,20 +290,21 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
TCfree(outstandingWorkItemCount); TCfree(outstandingWorkItemCount);
return ERR_OUTOFMEMORY; return ERR_OUTOFMEMORY;
} }
VirtualLock (keyDerivationWorkItems, keyDerivationWorkItemsSize);
#endif #endif
} }
#if !defined(DEVICE_DRIVER) #if !defined(DEVICE_DRIVER)
VirtualLock (&keyInfo, sizeof (keyInfo));
VirtualLock (&dk, sizeof (dk)); VirtualLock (&dk, sizeof (dk));
VirtualLock (&header, sizeof (header)); VirtualLock (&header, sizeof (header));
#endif #endif
#endif // !defined(_UEFI) #endif // !defined(_UEFI)
crypto_loadkey (&keyInfo, password->Text, (int) password->Length); crypto_loadkey (keyInfo, password->Text, (int) password->Length);
// PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password // PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password
memcpy (keyInfo.salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE); memcpy (keyInfo->salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE);
// Test all available PKCS5 PRFs // Test all available PKCS5 PRFs
for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf) for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
@ -315,8 +332,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
item->Pkcs5Prf = enqPkcs5Prf; item->Pkcs5Prf = enqPkcs5Prf;
EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent,
&item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey, &item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey,
keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey); keyInfo->keyLength, keyInfo->salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey);
++queuedWorkItems; ++queuedWorkItems;
break; break;
@ -338,7 +355,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE) if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)
{ {
pkcs5_prf = item->Pkcs5Prf; pkcs5_prf = item->Pkcs5Prf;
keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot); keyInfo->noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot);
memcpy (dk, item->DerivedKey, sizeof (dk)); memcpy (dk, item->DerivedKey, sizeof (dk));
item->Free = TRUE; item->Free = TRUE;
@ -357,33 +374,33 @@ KeyReady: ;
#endif // !defined(_UEFI) #endif // !defined(_UEFI)
{ {
pkcs5_prf = enqPkcs5Prf; pkcs5_prf = enqPkcs5Prf;
keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot); keyInfo->noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot);
switch (pkcs5_prf) switch (pkcs5_prf)
{ {
case RIPEMD160: case RIPEMD160:
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break; break;
case SHA512: case SHA512:
derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break; break;
case WHIRLPOOL: case WHIRLPOOL:
derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break; break;
case SHA256: case SHA256:
derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break; break;
case STREEBOG: case STREEBOG:
derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
break; break;
default: default:
// Unknown/wrong ID // Unknown/wrong ID
@ -540,7 +557,7 @@ KeyReady: ;
if (retInfo == NULL) if (retInfo == NULL)
{ {
cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations; cryptoInfo->noIterations = keyInfo->noIterations;
cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->bTrueCryptMode = truecryptMode;
cryptoInfo->volumePim = pim; cryptoInfo->volumePim = pim;
goto ret; goto ret;
@ -557,34 +574,34 @@ KeyReady: ;
} }
// Master key data // Master key data
memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE); memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
#ifdef TC_WINDOWS_DRIVER #ifdef TC_WINDOWS_DRIVER
{ {
RMD160_CTX ctx; RMD160_CTX ctx;
RMD160Init (&ctx); RMD160Init (&ctx);
RMD160Update (&ctx, keyInfo.master_keydata, MASTER_KEYDATA_SIZE); RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
RMD160Update (&ctx, header, sizeof(header)); RMD160Update (&ctx, header, sizeof(header));
RMD160Final (cryptoInfo->master_keydata_hash, &ctx); RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
burn(&ctx, sizeof (ctx)); burn(&ctx, sizeof (ctx));
} }
#else #else
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE); memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
#endif #endif
// PKCS #5 // PKCS #5
cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations; cryptoInfo->noIterations = keyInfo->noIterations;
cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->bTrueCryptMode = truecryptMode;
cryptoInfo->volumePim = pim; cryptoInfo->volumePim = pim;
// Init the cipher with the decrypted master key // Init the cipher with the decrypted master key
status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks); status = EAInit (cryptoInfo->ea, keyInfo->master_keydata + primaryKeyOffset, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE) if (status == ERR_CIPHER_INIT_FAILURE)
goto err; goto err;
#ifndef TC_WINDOWS_DRIVER #ifndef TC_WINDOWS_DRIVER
// The secondary master key (if cascade, multiple concatenated) // The secondary master key (if cascade, multiple concatenated)
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)); memcpy (cryptoInfo->k2, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
#endif #endif
if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea))) if (!EAInitMode (cryptoInfo, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea)))
{ {
status = ERR_MODE_INIT_FAILED; status = ERR_MODE_INIT_FAILED;
goto err; goto err;
@ -604,13 +621,11 @@ err:
*retInfo = NULL; *retInfo = NULL;
} }
ret: ret:
burn (&keyInfo, sizeof (keyInfo));
burn (dk, sizeof(dk)); burn (dk, sizeof(dk));
burn (header, sizeof(header)); burn (header, sizeof(header));
#if !defined(DEVICE_DRIVER) && !defined(_UEFI) #if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualUnlock (&keyInfo, sizeof (keyInfo));
VirtualUnlock (&dk, sizeof (dk)); VirtualUnlock (&dk, sizeof (dk));
VirtualUnlock (&header, sizeof (header)); VirtualUnlock (&header, sizeof (header));
#endif #endif
@ -618,9 +633,19 @@ ret:
#if !defined(_UEFI) #if !defined(_UEFI)
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
{ {
EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount, keyDerivationWorkItems, sizeof (KeyDerivationWorkItem) * pkcs5PrfCount); EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount,
keyInfoBuffer, keyInfoBufferSize,
keyDerivationWorkItems, keyDerivationWorkItemsSize);
} }
else
#endif #endif
{
burn (keyInfo, sizeof (KEY_INFO));
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualUnlock (keyInfoBuffer, keyInfoBufferSize);
#endif
TCfree(keyInfoBuffer);
}
return status; return status;
} }