diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-01-09 00:25:06 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-01-09 00:30:12 +0100 |
| commit | 652e989d238fff2ade0de5a33a0e307e233c06e0 (patch) | |
| tree | 21ead198c765bc51b839748ca06c7cdecea663d7 /src/Common | |
| parent | 7c2cf7889f96292d037c21c680b641f70a4d390f (diff) | |
| download | VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.tar.gz VeraCrypt-652e989d238fff2ade0de5a33a0e307e233c06e0.zip | |
Windows Security: Add new entry point in driver that allows emergency clearing of all encryption keys from memory. This entry point requires administrative privileges and it will caused BSDO when system encryption is active. It can be useful for example to applications that monitors physical access to the machine and which need to erase sensitive key material from RAM when unauthorized access is detected.
Diffstat (limited to 'src/Common')
| -rw-r--r-- | src/Common/Apidrvr.h | 2 | ||||
| -rw-r--r-- | src/Common/Crypto.c | 10 | ||||
| -rw-r--r-- | src/Common/Crypto.h | 1 |
3 files changed, 13 insertions, 0 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 2043a211..2d996d2c 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -123,6 +123,8 @@ // IN OUT - DISK_GEOMETRY_EX_STRUCT #define VC_IOCTL_GET_DRIVE_GEOMETRY_EX TC_IOCTL (40) +#define VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS TC_IOCTL (41) + // Legacy IOCTLs used before version 5.0 #define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968 #define TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES 466948 diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index 00d44a93..f63062a3 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -884,6 +884,16 @@ void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen) burn (keyInfo->userKey, sizeof (keyInfo->userKey)); memcpy (keyInfo->userKey, lpszUserKey, nUserKeyLen); } + +void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo) +{ + burn (cryptoInfo->ks, sizeof (cryptoInfo->ks)); + burn (cryptoInfo->ks2, sizeof (cryptoInfo->ks2)); + burn (cryptoInfo->master_keydata, sizeof (cryptoInfo->master_keydata)); + burn (cryptoInfo->k2, sizeof (cryptoInfo->k2)); + burn (&cryptoInfo->noIterations, sizeof (cryptoInfo->noIterations)); + burn (&cryptoInfo->volumePim, sizeof (cryptoInfo->volumePim)); +} #endif void crypto_close (PCRYPTO_INFO cryptoInfo) diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index e66cfbab..07f6c069 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -306,6 +306,7 @@ typedef struct BOOT_CRYPTO_HEADER_t PCRYPTO_INFO crypto_open (void); #ifndef TC_WINDOWS_BOOT void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen); +void crypto_eraseKeys (PCRYPTO_INFO cryptoInfo); #endif void crypto_close (PCRYPTO_INFO cryptoInfo); |