From c27461572ca09705c16f26a1e9128ff3a4ebdda0 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 16 Dec 2014 00:14:42 +0100 Subject: Windows: Enhance performance by implementing the possibility to choose the correct hash algorithm of volumes during various operations (mount, change password...). In case of system encryption, slightly speedup Windows startup time by making the driver pickup the correct hash algorithm used for the encryption. --- src/Common/Apidrvr.h | 3 +++ src/Common/BootEncryption.cpp | 7 ++++--- src/Common/BootEncryption.h | 2 +- src/Common/Cache.c | 6 +++--- src/Common/Cache.h | 2 +- src/Common/Common.h | 1 + src/Common/Common.rc | 23 +++++++++++++---------- src/Common/Crypto.h | 20 +++++++++++++++++++- src/Common/Dlgcode.c | 17 +++++++++++++++-- src/Common/Dlgcode.h | 4 ++-- src/Common/Format.c | 2 +- src/Common/Language.xml | 3 +++ src/Common/Password.c | 4 ++-- src/Common/Password.h | 2 +- src/Common/Resource.h | 6 +++++- src/Common/Volumes.c | 13 +++++++++---- src/Common/Volumes.h | 4 ++++ 17 files changed, 87 insertions(+), 32 deletions(-) (limited to 'src/Common') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index ac6f3fbb..ac1689be 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -100,6 +100,8 @@ typedef struct Password ProtectedHidVolPassword; /* Password to the hidden volume to be protected against overwriting */ BOOL UseBackupHeader; BOOL RecoveryMode; + int pkcs5_prf; + int ProtectedHidVolPkcs5Prf; } MOUNT_STRUCT; typedef struct @@ -235,6 +237,7 @@ typedef struct typedef struct { Password VolumePassword; + int pkcs5_prf; } ReopenBootVolumeHeaderRequest; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 824e3b6d..47f6418f 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1638,7 +1638,7 @@ namespace VeraCrypt // Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize) memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader)); - ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, NULL, cryptoInfo); + ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, NULL, cryptoInfo); DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); @@ -2117,7 +2117,7 @@ namespace VeraCrypt } - int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount) + int BootEncryption::ChangePassword (Password *oldPassword, int old_pkcs5,Password *newPassword, int pkcs5, int wipePassCount) { BootEncryptionStatus encStatus = GetStatus(); @@ -2159,7 +2159,7 @@ namespace VeraCrypt PCRYPTO_INFO cryptoInfo = NULL; - int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, &cryptoInfo, NULL); + int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); if (status != 0) @@ -2257,6 +2257,7 @@ namespace VeraCrypt { ReopenBootVolumeHeaderRequest reopenRequest; reopenRequest.VolumePassword = *newPassword; + reopenRequest.pkcs5_prf = cryptoInfo->pkcs5; finally_do_arg (ReopenBootVolumeHeaderRequest*, &reopenRequest, { burn (finally_arg, sizeof (*finally_arg)); }); CallDriver (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER, &reopenRequest, sizeof (reopenRequest)); diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index db1eb423..585b8425 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -141,7 +141,7 @@ namespace VeraCrypt void AbortSetup (); void AbortSetupWait (); void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0); - int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount); + int ChangePassword (Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount); void CheckDecoyOSWipeResult (); void CheckEncryptionSetupResult (); void CheckRequirements (); diff --git a/src/Common/Cache.c b/src/Common/Cache.c index e119681e..2ecf9d86 100644 --- a/src/Common/Cache.c +++ b/src/Common/Cache.c @@ -21,7 +21,7 @@ Password CachedPasswords[CACHE_SIZE]; int cacheEmpty = 1; static int nPasswordIdx = 0; -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, PCRYPTO_INFO *retInfo) +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo) { int nReturnCode = ERR_PASSWORD_WRONG; int i; @@ -29,7 +29,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas /* Attempt to recognize volume using mount password */ if (password->Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, password, retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, retInfo, NULL); /* Save mount passwords back into cache if asked to do so */ if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY)) @@ -59,7 +59,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas { if (CachedPasswords[i].Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, retInfo, NULL); if (nReturnCode != ERR_PASSWORD_WRONG) break; diff --git a/src/Common/Cache.h b/src/Common/Cache.h index 18324a5c..3c68479e 100644 --- a/src/Common/Cache.h +++ b/src/Common/Cache.h @@ -19,5 +19,5 @@ extern int cacheEmpty; void AddPasswordToCache (Password *password); -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, PCRYPTO_INFO *retInfo); +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo); void WipeCache (void); diff --git a/src/Common/Common.h b/src/Common/Common.h index ef25ec17..d4375b5d 100644 --- a/src/Common/Common.h +++ b/src/Common/Common.h @@ -76,6 +76,7 @@ typedef struct Password ProtectedHidVolPassword; /* Password of hidden volume to protect against overwriting */ BOOL UseBackupHeader; BOOL RecoveryMode; + int ProtectedHidVolPkcs5Prf; } MountOptions; #endif diff --git a/src/Common/Common.rc b/src/Common/Common.rc index 13b9f973..4f4dfb32 100644 --- a/src/Common/Common.rc +++ b/src/Common/Common.rc @@ -65,7 +65,7 @@ BEGIN PUSHBUTTON "Cancel",IDCANCEL,248,190,50,14 END -IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 172 +IDD_MOUNT_OPTIONS DIALOGEX 0, 0, 277, 204 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - Mount Options" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -78,16 +78,18 @@ BEGIN CONTROL "&Protect hidden volume against damage caused by writing to outer volume",IDC_PROTECT_HIDDEN_VOL, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,86,252,10 EDITTEXT IDC_PASSWORD_PROT_HIDVOL,112,104,151,14,ES_PASSWORD | ES_AUTOHSCROLL - CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,123,90,10 - CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,136,90,10 - PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,203,125,60,14 - LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,151,247,10,SS_NOTIFY + CONTROL "&Display password",IDC_SHOW_PASSWORD_MO,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,146,90,10 + CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE_HIDVOL_PROT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,112,159,90,10 + PUSHBUTTON "&Keyfiles...",IDC_KEYFILES_HIDVOL_PROT,203,148,60,14 + LTEXT "What is hidden volume protection?",IDC_LINK_HIDVOL_PROTECTION_INFO,16,174,247,10,SS_NOTIFY DEFPUSHBUTTON "OK",IDOK,211,7,60,14 PUSHBUTTON "Cancel",IDCANCEL,211,24,60,14 RTEXT "P&assword to hidden volume:\n(if empty, cache is used)",IDT_HIDDEN_PROT_PASSWD,15,103,91,17,0,WS_EX_RIGHT - GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,72,265,95 + GROUPBOX "Hidden Volume Protection",IDT_HIDDEN_VOL_PROTECTION,6,72,265,120 CONTROL "Use backup header embedded in &volume if available",IDC_USE_EMBEDDED_HEADER_BAK, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,12,39,257,11 + COMBOBOX IDC_PKCS5_PRF_ID,112,125,91,90,CBS_DROPDOWNLIST | WS_TABSTOP + RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,15,126,91,17 END IDD_KEYFILES DIALOGEX 0, 0, 345, 237 @@ -307,12 +309,13 @@ BEGIN LTEXT "Please wait. This process may take a long time...",IDT_STATIC_MODELESS_WAIT_DLG_INFO,9,8,274,9 END -IDD_STATIC_MODAL_WAIT_DLG DIALOGEX 0, 0, 292, 42 +IDD_STATIC_MODAL_WAIT_DLG DIALOGEX 0, 0, 292, 61 STYLE DS_SETFONT | DS_MODALFRAME | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION CAPTION "VeraCrypt" FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN - CTEXT "Please wait. This process may take a long time...",IDT_STATIC_MODELESS_WAIT_DLG_INFO,9,11,274,9 + CTEXT "Please wait...\nThis process may take a long time and VeraCrypt may become unresponsive.",IDT_STATIC_MODAL_WAIT_DLG_INFO,9,11,274,20 + CONTROL "",IDC_WAIT_PROGRESS_BAR,"msctls_progress32",WS_BORDER,7,37,278,14 END @@ -341,7 +344,7 @@ BEGIN BEGIN LEFTMARGIN, 7 TOPMARGIN, 7 - BOTTOMMARGIN, 166 + BOTTOMMARGIN, 198 END IDD_KEYFILES, DIALOG @@ -453,7 +456,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 285 TOPMARGIN, 7 - BOTTOMMARGIN, 35 + BOTTOMMARGIN, 54 END END #endif // APSTUDIO_INVOKED diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index a6ed56d2..4695239b 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -196,6 +196,7 @@ typedef struct CRYPTO_INFO_t { int ea; /* Encryption algorithm ID */ int mode; /* Mode of operation (e.g., XTS) */ + int pkcs5; /* PRF algorithm */ unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */ unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */ @@ -240,10 +241,26 @@ typedef struct CRYPTO_INFO_t UINT64_STRUCT EncryptedAreaLength; uint32 HeaderFlags; - int pkcs5; } CRYPTO_INFO, *PCRYPTO_INFO; +#ifdef _WIN32 + +#pragma pack (push) +#pragma pack(1) + +typedef struct BOOT_CRYPTO_HEADER_t +{ + __int16 ea; /* Encryption algorithm ID */ + __int16 mode; /* Mode of operation (e.g., XTS) */ + __int16 pkcs5; /* PRF algorithm */ + +} BOOT_CRYPTO_HEADER, *PBOOT_CRYPTO_HEADER; + +#pragma pack (pop) + +#endif + PCRYPTO_INFO crypto_open (void); void crypto_loadkey (PKEY_INFO keyInfo, char *lpszUserKey, int nUserKeyLen); void crypto_close (PCRYPTO_INFO cryptoInfo); @@ -300,6 +317,7 @@ const char *HashGetName (int hash_algo_id); #ifndef TC_WINDOWS_BOOT +Hash *HashGet (int id); void HashGetName2 (char *buf, int hashId); BOOL HashIsDeprecated (int hashId); BOOL HashForSystemEncryption (int hashId); diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index bb84d377..1dbbbd29 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -6168,6 +6168,14 @@ static BOOL CALLBACK MountWaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP { MountThreadParam* thParam = (MountThreadParam*) lParam; HANDLE hThread = NULL; + + // set the progress bar type to MARQUEE (indefinite progress) + HWND hProgress = GetDlgItem (hwndDlg, IDC_WAIT_PROGRESS_BAR); + if (hProgress) + { + SetWindowLongPtr (hProgress, GWL_STYLE, PBS_MARQUEE | GetWindowLongPtr (hProgress, GWL_STYLE)); + ::SendMessage(hProgress, PBM_SETMARQUEE, (WPARAM) TRUE, (LPARAM) 0); + } thParam->hwnd = hwndDlg; @@ -6225,6 +6233,7 @@ int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, + int pkcs5, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, @@ -6285,6 +6294,7 @@ retry: { mount.ProtectedHidVolPassword = mountOptions->ProtectedHidVolPassword; mount.bProtectHiddenVolume = TRUE; + mount.ProtectedHidVolPkcs5Prf = mountOptions->ProtectedHidVolPkcs5Prf; } else mount.bProtectHiddenVolume = FALSE; @@ -6294,6 +6304,7 @@ retry: mount.bPreserveTimestamp = mountOptions->PreserveTimestamp; mount.bMountManager = TRUE; + mount.pkcs5_prf = pkcs5; // Windows 2000 mount manager causes problems with remounted volumes if (CurrentOSMajor == 5 && CurrentOSMinor == 0) @@ -6364,6 +6375,8 @@ retry: burn (&mount.VolumePassword, sizeof (mount.VolumePassword)); burn (&mount.ProtectedHidVolPassword, sizeof (mount.ProtectedHidVolPassword)); + burn (&mount.pkcs5_prf, sizeof (mount.pkcs5_prf)); + burn (&mount.ProtectedHidVolPkcs5Prf, sizeof (mount.ProtectedHidVolPkcs5Prf)); if (bResult == FALSE) { @@ -8881,7 +8894,7 @@ void ReportUnexpectedState (char *techInfo) #ifndef SETUP -int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) +int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) { int status = ERR_PARAMETER_INCORRECT; int volumeType; @@ -9043,7 +9056,7 @@ int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *pa } // Decrypt volume header - status = ReadVolumeHeader (FALSE, buffer, password, &context->CryptoInfo, NULL); + status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, &context->CryptoInfo, NULL); if (status == ERR_PASSWORD_WRONG) continue; // Try next volume type diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 7faf6bc0..3781fd54 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -325,7 +325,7 @@ BOOL IsDriveAvailable (int driveNo); BOOL IsDeviceMounted (char *deviceName); int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced); void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap); -int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); +int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount); BOOL IsPasswordCacheEmpty (void); BOOL IsMountedVolume (const char *volname); @@ -447,7 +447,7 @@ void ToBootPwdField (HWND hwndDlg, UINT ctrlId); void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT hFont); BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize); BOOL DoDriverInstall (HWND hwndDlg); -int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); +int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); void CloseVolume (OpenVolumeContext *context); int ReEncryptVolumeHeader (char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode); BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly); diff --git a/src/Common/Format.c b/src/Common/Format.c index ad6be026..c7198f60 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -623,7 +623,7 @@ error: mountOptions.PartitionInInactiveSysEncScope = FALSE; mountOptions.UseBackupHeader = FALSE; - if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) + if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) { MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND); MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 4ccf9c40..70e4b65f 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -270,6 +270,7 @@ Thread-Based Parallelization PKCS #11 Library Path PKCS-5 PRF: + PKCS-5 PRF: Password Cache Security Options VeraCrypt Background Task @@ -345,6 +346,7 @@ Security token: Sort Method: Please wait. This process may take a long time... + Please wait...\nThis process may take a long time and VeraCrypt may become unresponsive. Block number: Ciphertext (hexadecimal) Data unit number (64-bit hexadecimal, data unit size is 512 bytes) @@ -756,6 +758,7 @@ Removable Disk Harddisk Unchanged + Autodetection Wizard Mode Select one of the modes. If you are not sure which to select, use the default mode. Select this option if you want to install VeraCrypt on this system. diff --git a/src/Common/Password.c b/src/Common/Password.c index 2c065b68..921ce02e 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -119,7 +119,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem) return TRUE; } -int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) +int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) { int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR; char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH]; @@ -287,7 +287,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw /* Try to decrypt the header */ - nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, &cryptoInfo, NULL); + nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, &cryptoInfo, NULL); if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here diff --git a/src/Common/Password.h b/src/Common/Password.h index 887c6160..66903b53 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -35,7 +35,7 @@ typedef struct void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled ); BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem); BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw); -int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); +int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); #endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) diff --git a/src/Common/Resource.h b/src/Common/Resource.h index eb2c5890..4b8c2df5 100644 --- a/src/Common/Resource.h +++ b/src/Common/Resource.h @@ -184,6 +184,10 @@ #define IDC_KEYFILES_RANDOM_SIZE 5122 #define IDT_KEYFILES_SIZE 5123 #define IDD_STATIC_MODAL_WAIT_DLG 5124 +#define IDT_STATIC_MODAL_WAIT_DLG_INFO 5125 +#define IDC_WAIT_PROGRESS_BAR 5126 +#define IDC_PKCS5_PRF_ID 5127 +#define IDT_PKCS5_PRF 5128 // Next default values for new objects // @@ -192,7 +196,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 542 #define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 5125 +#define _APS_NEXT_CONTROL_VALUE 5129 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 2bd870bc..c88e81d8 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -163,7 +163,7 @@ typedef struct BOOL ReadVolumeHeaderRecoveryMode = FALSE; -int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) { char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE]; KEY_INFO keyInfo; @@ -198,7 +198,8 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR return ERR_OUTOFMEMORY; } - if (encryptionThreadCount > 1) + /* use thread pool only if no PRF was specified */ + if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { keyDerivationWorkItems = TCalloc (sizeof (KeyDerivationWorkItem) * pkcs5PrfCount); if (!keyDerivationWorkItems) @@ -241,7 +242,11 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR // Test all available PKCS5 PRFs for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf) { - if (encryptionThreadCount > 1) + // if a PRF is specified, we skip all other PRFs + if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf) + continue; + + if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { // Enqueue key derivation on thread pool if (queuedWorkItems < encryptionThreadCount && enqPkcs5Prf <= LAST_PRF_ID) @@ -529,7 +534,7 @@ ret: VirtualUnlock (&dk, sizeof (dk)); #endif - if (encryptionThreadCount > 1) + if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { TC_WAIT_EVENT (noOutstandingWorkItemEvent); diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 8f1da28d..18a52692 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -126,7 +126,11 @@ extern BOOL ReadVolumeHeaderRecoveryMode; uint16 GetHeaderField16 (byte *header, int offset); uint32 GetHeaderField32 (byte *header, int offset); UINT64_STRUCT GetHeaderField64 (byte *header, int offset); +#ifdef TC_WINDOWS_BOOT int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +#else +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +#endif #if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) int CreateVolumeHeaderInMemory (BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode); -- cgit v1.2.3