VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Format
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-03-02 09:14:21 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-03-02 09:23:39 (GMT)
commit321715202aed04dd9892d1c0686d080763ab212d (patch)
tree770d69a4a7bbb992ab0aaf4cb4625e07d2a5255b /src/Format
parentedd1b00126fa39396fbb76c73cc3ea17aa955fc8 (diff)
downloadVeraCrypt-321715202aed04dd9892d1c0686d080763ab212d.zip
VeraCrypt-321715202aed04dd9892d1c0686d080763ab212d.tar.gz
Windows: Generalize RAM encryption for keys to VeraCrypt binaries, especially Format and Expander
Diffstat (limited to 'src/Format')
-rw-r--r--src/Format/InPlace.c41
1 files changed, 39 insertions, 2 deletions
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index b2f1b38..7117a8a 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -869,6 +869,13 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
if (nStatus != ERR_SUCCESS)
goto closing_seq;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
+ VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
+ }
+#endif
remainingBytes = masterCryptoInfo->VolumeSize.Value - masterCryptoInfo->EncryptedAreaLength.Value;
@@ -1389,6 +1396,13 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
if (nStatus != ERR_SUCCESS)
goto closing_seq;
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled ())
+ {
+ VcProtectKeys (masterCryptoInfo, VcGetEncryptionID (masterCryptoInfo));
+ VcProtectKeys (headerCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
+ }
+#endif
if (masterCryptoInfo->LegacyVolume)
{
@@ -1784,6 +1798,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
DWORD dwError;
uint32 headerCrc32;
byte *fieldPos;
+ PCRYPTO_INFO pCryptoInfo = headerCryptoInfo;
header = (byte *) TCalloc (TC_VOLUME_HEADER_EFFECTIVE_SIZE);
@@ -1804,8 +1819,23 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
goto closing_seq;
}
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled())
+ {
+ pCryptoInfo = crypto_open();
+ if (!pCryptoInfo)
+ {
+ nStatus = ERR_OUTOFMEMORY;
+ goto closing_seq;
+ }
+
+ memcpy (pCryptoInfo, headerCryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (pCryptoInfo, VcGetEncryptionID (headerCryptoInfo));
+ }
+#endif
+
- DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, headerCryptoInfo);
+ DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo);
if (GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241)
{
@@ -1828,7 +1858,7 @@ int FastVolumeHeaderUpdate (HANDLE dev, CRYPTO_INFO *headerCryptoInfo, CRYPTO_IN
fieldPos = (byte *) header + TC_HEADER_OFFSET_HEADER_CRC;
mputLong (fieldPos, headerCrc32);
- EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, headerCryptoInfo);
+ EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, pCryptoInfo);
if (SetFilePointerEx (dev, offset, NULL, FILE_BEGIN) == 0
@@ -1843,6 +1873,13 @@ closing_seq:
dwError = GetLastError();
+#ifdef _WIN64
+ if (IsRamEncryptionEnabled() && pCryptoInfo)
+ {
+ crypto_close(pCryptoInfo);
+ }
+#endif
+
burn (header, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
VirtualUnlock (header, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
TCfree (header);