Windows: Better implementation of PRF autodetection optimization.
This commit is contained in:
parent
aeba32ba8b
commit
4b98ff0e98
|
@ -102,10 +102,10 @@ typedef struct EncryptionThreadPoolWorkItemStruct
|
||||||
int IterationCount;
|
int IterationCount;
|
||||||
TC_EVENT *NoOutstandingWorkItemEvent;
|
TC_EVENT *NoOutstandingWorkItemEvent;
|
||||||
LONG *OutstandingWorkItemCount;
|
LONG *OutstandingWorkItemCount;
|
||||||
CRYPTOPP_ALIGN_DATA(16) char Password[MAX_PASSWORD];
|
char *Password;
|
||||||
int PasswordLength;
|
int PasswordLength;
|
||||||
int Pkcs5Prf;
|
int Pkcs5Prf;
|
||||||
char Salt[PKCS5_SALT_SIZE];
|
char *Salt;
|
||||||
|
|
||||||
} KeyDerivation;
|
} KeyDerivation;
|
||||||
|
|
||||||
|
@ -114,6 +114,8 @@ typedef struct EncryptionThreadPoolWorkItemStruct
|
||||||
TC_EVENT *KeyDerivationCompletedEvent;
|
TC_EVENT *KeyDerivationCompletedEvent;
|
||||||
TC_EVENT *NoOutstandingWorkItemEvent;
|
TC_EVENT *NoOutstandingWorkItemEvent;
|
||||||
LONG *outstandingWorkItemCount;
|
LONG *outstandingWorkItemCount;
|
||||||
|
void* keyInfoBuffer;
|
||||||
|
int keyInfoBufferSize;
|
||||||
void* keyDerivationWorkItems;
|
void* keyDerivationWorkItems;
|
||||||
int keyDerivationWorkItemsSize;
|
int keyDerivationWorkItemsSize;
|
||||||
|
|
||||||
|
@ -275,12 +277,6 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
|
||||||
TC_THROW_FATAL_EXCEPTION;
|
TC_THROW_FATAL_EXCEPTION;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(DEVICE_DRIVER)
|
|
||||||
burn (workItem->KeyDerivation.Password, sizeof(workItem->KeyDerivation.Password));
|
|
||||||
burn (workItem->KeyDerivation.Salt, sizeof(workItem->KeyDerivation.Salt));
|
|
||||||
VirtualUnlock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation));
|
|
||||||
#endif
|
|
||||||
|
|
||||||
InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);
|
InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);
|
||||||
TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);
|
TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);
|
||||||
|
|
||||||
|
@ -297,9 +293,21 @@ static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
|
||||||
if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems)
|
if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems)
|
||||||
{
|
{
|
||||||
burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
|
burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
|
||||||
|
#if !defined(DEVICE_DRIVER)
|
||||||
|
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
|
||||||
|
#endif
|
||||||
TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems);
|
TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer)
|
||||||
|
{
|
||||||
|
burn (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
|
||||||
|
#if !defined(DEVICE_DRIVER)
|
||||||
|
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
|
||||||
|
#endif
|
||||||
|
TCfree (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer);
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(DEVICE_DRIVER)
|
#if !defined(DEVICE_DRIVER)
|
||||||
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent));
|
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent));
|
||||||
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent));
|
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent));
|
||||||
|
@ -516,14 +524,6 @@ void EncryptionThreadPoolStop ()
|
||||||
|
|
||||||
for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i)
|
for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i)
|
||||||
{
|
{
|
||||||
#if !defined(DEVICE_DRIVER)
|
|
||||||
if (WorkItemQueue[i].Type == DeriveKeyWork)
|
|
||||||
{
|
|
||||||
burn (WorkItemQueue[i].KeyDerivation.Password, sizeof(WorkItemQueue[i].KeyDerivation.Password));
|
|
||||||
burn (WorkItemQueue[i].KeyDerivation.Salt, sizeof(WorkItemQueue[i].KeyDerivation.Salt));
|
|
||||||
VirtualUnlock (&WorkItemQueue[i].KeyDerivation, sizeof (WorkItemQueue[i].KeyDerivation));
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
if (WorkItemQueue[i].ItemCompletedEvent)
|
if (WorkItemQueue[i].ItemCompletedEvent)
|
||||||
CloseHandle (WorkItemQueue[i].ItemCompletedEvent);
|
CloseHandle (WorkItemQueue[i].ItemCompletedEvent);
|
||||||
}
|
}
|
||||||
|
@ -552,19 +552,16 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT
|
||||||
}
|
}
|
||||||
|
|
||||||
workItem->Type = DeriveKeyWork;
|
workItem->Type = DeriveKeyWork;
|
||||||
#if !defined(DEVICE_DRIVER)
|
|
||||||
VirtualLock (&workItem->KeyDerivation, sizeof (workItem->KeyDerivation));
|
|
||||||
#endif
|
|
||||||
workItem->KeyDerivation.CompletionEvent = completionEvent;
|
workItem->KeyDerivation.CompletionEvent = completionEvent;
|
||||||
workItem->KeyDerivation.CompletionFlag = completionFlag;
|
workItem->KeyDerivation.CompletionFlag = completionFlag;
|
||||||
workItem->KeyDerivation.DerivedKey = derivedKey;
|
workItem->KeyDerivation.DerivedKey = derivedKey;
|
||||||
workItem->KeyDerivation.IterationCount = iterationCount;
|
workItem->KeyDerivation.IterationCount = iterationCount;
|
||||||
workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
|
workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
|
||||||
workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount;
|
workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount;
|
||||||
memcpy (workItem->KeyDerivation.Password, password, passwordLength);
|
workItem->KeyDerivation.Password = password;
|
||||||
workItem->KeyDerivation.PasswordLength = passwordLength;
|
workItem->KeyDerivation.PasswordLength = passwordLength;
|
||||||
workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf;
|
workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf;
|
||||||
memcpy (workItem->KeyDerivation.Salt, salt, PKCS5_SALT_SIZE);
|
workItem->KeyDerivation.Salt = salt;
|
||||||
|
|
||||||
InterlockedIncrement (outstandingWorkItemCount);
|
InterlockedIncrement (outstandingWorkItemCount);
|
||||||
TC_CLEAR_EVENT (*noOutstandingWorkItemEvent);
|
TC_CLEAR_EVENT (*noOutstandingWorkItemEvent);
|
||||||
|
@ -574,7 +571,9 @@ void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT
|
||||||
TC_RELEASE_MUTEX (&EnqueueMutex);
|
TC_RELEASE_MUTEX (&EnqueueMutex);
|
||||||
}
|
}
|
||||||
|
|
||||||
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize)
|
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount,
|
||||||
|
void* keyInfoBuffer, int keyInfoBufferSize,
|
||||||
|
void* keyDerivationWorkItems, int keyDerivationWorkItemsSize)
|
||||||
{
|
{
|
||||||
EncryptionThreadPoolWorkItem *workItem;
|
EncryptionThreadPoolWorkItem *workItem;
|
||||||
|
|
||||||
|
@ -595,6 +594,8 @@ void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivat
|
||||||
workItem->Type = ReadVolumeHeaderFinalizationWork;
|
workItem->Type = ReadVolumeHeaderFinalizationWork;
|
||||||
workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
|
workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
|
||||||
workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent;
|
workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent;
|
||||||
|
workItem->ReadVolumeHeaderFinalization.keyInfoBuffer = keyInfoBuffer;
|
||||||
|
workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize = keyInfoBufferSize;
|
||||||
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems;
|
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems;
|
||||||
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize;
|
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize;
|
||||||
workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount;
|
workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount;
|
||||||
|
|
|
@ -33,7 +33,7 @@ size_t GetCpuCount (WORD* pGroupCount);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey);
|
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey);
|
||||||
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);
|
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);
|
||||||
void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);
|
void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo);
|
||||||
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);
|
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);
|
||||||
void EncryptionThreadPoolStop ();
|
void EncryptionThreadPoolStop ();
|
||||||
|
|
|
@ -170,7 +170,10 @@ BOOL ReadVolumeHeaderRecoveryMode = FALSE;
|
||||||
int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
|
int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
|
||||||
{
|
{
|
||||||
char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
|
char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
|
||||||
CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo;
|
unsigned char* keyInfoBuffer = NULL;
|
||||||
|
int keyInfoBufferSize = sizeof (KEY_INFO) + 16;
|
||||||
|
size_t keyInfoBufferOffset;
|
||||||
|
PKEY_INFO keyInfo;
|
||||||
PCRYPTO_INFO cryptoInfo;
|
PCRYPTO_INFO cryptoInfo;
|
||||||
CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE];
|
CRYPTOPP_ALIGN_DATA(16) char dk[MASTER_KEYDATA_SIZE];
|
||||||
int enqPkcs5Prf, pkcs5_prf;
|
int enqPkcs5Prf, pkcs5_prf;
|
||||||
|
@ -182,6 +185,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
TC_EVENT *keyDerivationCompletedEvent = NULL;
|
TC_EVENT *keyDerivationCompletedEvent = NULL;
|
||||||
TC_EVENT *noOutstandingWorkItemEvent = NULL;
|
TC_EVENT *noOutstandingWorkItemEvent = NULL;
|
||||||
KeyDerivationWorkItem *keyDerivationWorkItems = NULL;
|
KeyDerivationWorkItem *keyDerivationWorkItems = NULL;
|
||||||
|
int keyDerivationWorkItemsSize = 0;
|
||||||
KeyDerivationWorkItem *item;
|
KeyDerivationWorkItem *item;
|
||||||
size_t encryptionThreadCount = GetEncryptionThreadCount();
|
size_t encryptionThreadCount = GetEncryptionThreadCount();
|
||||||
LONG *outstandingWorkItemCount = NULL;
|
LONG *outstandingWorkItemCount = NULL;
|
||||||
|
@ -189,6 +193,17 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
#endif
|
#endif
|
||||||
size_t queuedWorkItems = 0;
|
size_t queuedWorkItems = 0;
|
||||||
|
|
||||||
|
// allocate 16-bytes aligned buffer to hold KEY_INFO in a portable way
|
||||||
|
keyInfoBuffer = TCalloc(keyInfoBufferSize);
|
||||||
|
if (!keyInfoBuffer)
|
||||||
|
return ERR_OUTOFMEMORY;
|
||||||
|
keyInfoBufferOffset = 16 - (((uint64) keyInfoBuffer) % 16);
|
||||||
|
keyInfo = (PKEY_INFO) (keyInfoBuffer + keyInfoBufferOffset);
|
||||||
|
|
||||||
|
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
|
||||||
|
VirtualLock (keyInfoBuffer, keyInfoBufferSize);
|
||||||
|
#endif
|
||||||
|
|
||||||
// if no PIM specified, use default value
|
// if no PIM specified, use default value
|
||||||
if (pim < 0)
|
if (pim < 0)
|
||||||
pim = 0;
|
pim = 0;
|
||||||
|
@ -237,7 +252,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
return ERR_OUTOFMEMORY;
|
return ERR_OUTOFMEMORY;
|
||||||
}
|
}
|
||||||
|
|
||||||
keyDerivationWorkItems = TCalloc (sizeof (KeyDerivationWorkItem) * pkcs5PrfCount);
|
keyDerivationWorkItemsSize = sizeof (KeyDerivationWorkItem) * pkcs5PrfCount;
|
||||||
|
keyDerivationWorkItems = TCalloc (keyDerivationWorkItemsSize);
|
||||||
if (!keyDerivationWorkItems)
|
if (!keyDerivationWorkItems)
|
||||||
{
|
{
|
||||||
TCfree(keyDerivationCompletedEvent);
|
TCfree(keyDerivationCompletedEvent);
|
||||||
|
@ -274,20 +290,21 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
TCfree(outstandingWorkItemCount);
|
TCfree(outstandingWorkItemCount);
|
||||||
return ERR_OUTOFMEMORY;
|
return ERR_OUTOFMEMORY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
VirtualLock (keyDerivationWorkItems, keyDerivationWorkItemsSize);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#if !defined(DEVICE_DRIVER)
|
#if !defined(DEVICE_DRIVER)
|
||||||
VirtualLock (&keyInfo, sizeof (keyInfo));
|
|
||||||
VirtualLock (&dk, sizeof (dk));
|
VirtualLock (&dk, sizeof (dk));
|
||||||
VirtualLock (&header, sizeof (header));
|
VirtualLock (&header, sizeof (header));
|
||||||
#endif
|
#endif
|
||||||
#endif // !defined(_UEFI)
|
#endif // !defined(_UEFI)
|
||||||
|
|
||||||
crypto_loadkey (&keyInfo, password->Text, (int) password->Length);
|
crypto_loadkey (keyInfo, password->Text, (int) password->Length);
|
||||||
|
|
||||||
// PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password
|
// PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password
|
||||||
memcpy (keyInfo.salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE);
|
memcpy (keyInfo->salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE);
|
||||||
|
|
||||||
// Test all available PKCS5 PRFs
|
// Test all available PKCS5 PRFs
|
||||||
for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
|
for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
|
||||||
|
@ -315,8 +332,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
item->Pkcs5Prf = enqPkcs5Prf;
|
item->Pkcs5Prf = enqPkcs5Prf;
|
||||||
|
|
||||||
EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent,
|
EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent,
|
||||||
&item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey,
|
&item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey,
|
||||||
keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey);
|
keyInfo->keyLength, keyInfo->salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey);
|
||||||
|
|
||||||
++queuedWorkItems;
|
++queuedWorkItems;
|
||||||
break;
|
break;
|
||||||
|
@ -338,7 +355,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
|
||||||
if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)
|
if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)
|
||||||
{
|
{
|
||||||
pkcs5_prf = item->Pkcs5Prf;
|
pkcs5_prf = item->Pkcs5Prf;
|
||||||
keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot);
|
keyInfo->noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot);
|
||||||
memcpy (dk, item->DerivedKey, sizeof (dk));
|
memcpy (dk, item->DerivedKey, sizeof (dk));
|
||||||
|
|
||||||
item->Free = TRUE;
|
item->Free = TRUE;
|
||||||
|
@ -357,33 +374,33 @@ KeyReady: ;
|
||||||
#endif // !defined(_UEFI)
|
#endif // !defined(_UEFI)
|
||||||
{
|
{
|
||||||
pkcs5_prf = enqPkcs5Prf;
|
pkcs5_prf = enqPkcs5Prf;
|
||||||
keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot);
|
keyInfo->noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot);
|
||||||
|
|
||||||
switch (pkcs5_prf)
|
switch (pkcs5_prf)
|
||||||
{
|
{
|
||||||
case RIPEMD160:
|
case RIPEMD160:
|
||||||
derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
derive_key_ripemd160 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SHA512:
|
case SHA512:
|
||||||
derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case WHIRLPOOL:
|
case WHIRLPOOL:
|
||||||
derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SHA256:
|
case SHA256:
|
||||||
derive_key_sha256 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case STREEBOG:
|
case STREEBOG:
|
||||||
derive_key_streebog(keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,
|
derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||||
PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());
|
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize());
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
// Unknown/wrong ID
|
// Unknown/wrong ID
|
||||||
|
@ -540,7 +557,7 @@ KeyReady: ;
|
||||||
if (retInfo == NULL)
|
if (retInfo == NULL)
|
||||||
{
|
{
|
||||||
cryptoInfo->pkcs5 = pkcs5_prf;
|
cryptoInfo->pkcs5 = pkcs5_prf;
|
||||||
cryptoInfo->noIterations = keyInfo.noIterations;
|
cryptoInfo->noIterations = keyInfo->noIterations;
|
||||||
cryptoInfo->bTrueCryptMode = truecryptMode;
|
cryptoInfo->bTrueCryptMode = truecryptMode;
|
||||||
cryptoInfo->volumePim = pim;
|
cryptoInfo->volumePim = pim;
|
||||||
goto ret;
|
goto ret;
|
||||||
|
@ -557,34 +574,34 @@ KeyReady: ;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Master key data
|
// Master key data
|
||||||
memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
|
memcpy (keyInfo->master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);
|
||||||
#ifdef TC_WINDOWS_DRIVER
|
#ifdef TC_WINDOWS_DRIVER
|
||||||
{
|
{
|
||||||
RMD160_CTX ctx;
|
RMD160_CTX ctx;
|
||||||
RMD160Init (&ctx);
|
RMD160Init (&ctx);
|
||||||
RMD160Update (&ctx, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
|
RMD160Update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
|
||||||
RMD160Update (&ctx, header, sizeof(header));
|
RMD160Update (&ctx, header, sizeof(header));
|
||||||
RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
|
RMD160Final (cryptoInfo->master_keydata_hash, &ctx);
|
||||||
burn(&ctx, sizeof (ctx));
|
burn(&ctx, sizeof (ctx));
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
|
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
|
||||||
#endif
|
#endif
|
||||||
// PKCS #5
|
// PKCS #5
|
||||||
cryptoInfo->pkcs5 = pkcs5_prf;
|
cryptoInfo->pkcs5 = pkcs5_prf;
|
||||||
cryptoInfo->noIterations = keyInfo.noIterations;
|
cryptoInfo->noIterations = keyInfo->noIterations;
|
||||||
cryptoInfo->bTrueCryptMode = truecryptMode;
|
cryptoInfo->bTrueCryptMode = truecryptMode;
|
||||||
cryptoInfo->volumePim = pim;
|
cryptoInfo->volumePim = pim;
|
||||||
|
|
||||||
// Init the cipher with the decrypted master key
|
// Init the cipher with the decrypted master key
|
||||||
status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);
|
status = EAInit (cryptoInfo->ea, keyInfo->master_keydata + primaryKeyOffset, cryptoInfo->ks);
|
||||||
if (status == ERR_CIPHER_INIT_FAILURE)
|
if (status == ERR_CIPHER_INIT_FAILURE)
|
||||||
goto err;
|
goto err;
|
||||||
#ifndef TC_WINDOWS_DRIVER
|
#ifndef TC_WINDOWS_DRIVER
|
||||||
// The secondary master key (if cascade, multiple concatenated)
|
// The secondary master key (if cascade, multiple concatenated)
|
||||||
memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
|
memcpy (cryptoInfo->k2, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));
|
||||||
#endif
|
#endif
|
||||||
if (!EAInitMode (cryptoInfo, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea)))
|
if (!EAInitMode (cryptoInfo, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea)))
|
||||||
{
|
{
|
||||||
status = ERR_MODE_INIT_FAILED;
|
status = ERR_MODE_INIT_FAILED;
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -604,13 +621,11 @@ err:
|
||||||
*retInfo = NULL;
|
*retInfo = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret:
|
ret:
|
||||||
burn (&keyInfo, sizeof (keyInfo));
|
|
||||||
burn (dk, sizeof(dk));
|
burn (dk, sizeof(dk));
|
||||||
burn (header, sizeof(header));
|
burn (header, sizeof(header));
|
||||||
|
|
||||||
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
|
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
|
||||||
VirtualUnlock (&keyInfo, sizeof (keyInfo));
|
|
||||||
VirtualUnlock (&dk, sizeof (dk));
|
VirtualUnlock (&dk, sizeof (dk));
|
||||||
VirtualUnlock (&header, sizeof (header));
|
VirtualUnlock (&header, sizeof (header));
|
||||||
#endif
|
#endif
|
||||||
|
@ -618,9 +633,19 @@ ret:
|
||||||
#if !defined(_UEFI)
|
#if !defined(_UEFI)
|
||||||
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
||||||
{
|
{
|
||||||
EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount, keyDerivationWorkItems, sizeof (KeyDerivationWorkItem) * pkcs5PrfCount);
|
EncryptionThreadPoolBeginReadVolumeHeaderFinalization (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, outstandingWorkItemCount,
|
||||||
|
keyInfoBuffer, keyInfoBufferSize,
|
||||||
|
keyDerivationWorkItems, keyDerivationWorkItemsSize);
|
||||||
}
|
}
|
||||||
|
else
|
||||||
#endif
|
#endif
|
||||||
|
{
|
||||||
|
burn (keyInfo, sizeof (KEY_INFO));
|
||||||
|
#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
|
||||||
|
VirtualUnlock (keyInfoBuffer, keyInfoBufferSize);
|
||||||
|
#endif
|
||||||
|
TCfree(keyInfoBuffer);
|
||||||
|
}
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue