mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-06-10 06:46:59 -05:00
Windows: allow cancelling long mount operations
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount. Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context. Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing. Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
This commit is contained in:
Mounir IDRASSI
@@ -129,6 +129,8 @@
|
||||
|
||||
#define VC_IOCTL_ENCRYPTION_QUEUE_PARAMS TC_IOCTL (43)
|
||||
|
||||
#define TC_IOCTL_ABORT_MOUNT_VOLUME TC_IOCTL (44)
|
||||
|
||||
// Undocumented IOCTL sent by Windows 10 when handling EFS data on volumes
|
||||
#define IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS 0x455610D8
|
||||
|
||||
@@ -180,6 +182,12 @@ typedef struct
|
||||
BOOL VolumeMasterKeyVulnerable;
|
||||
} MOUNT_STRUCT;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
int nDosDriveNo; /* Drive number whose pending mount should be aborted; -1 aborts any pending mount */
|
||||
int nReturnCode; /* Return code back from driver */
|
||||
} MOUNT_ABORT_STRUCT;
|
||||
|
||||
typedef struct
|
||||
{
|
||||
int nDosDriveNo; /* Drive letter to unmount */
|
||||
|
||||
+34
-3
@@ -24,6 +24,22 @@ int CachedPim[CACHE_SIZE];
|
||||
int cacheEmpty = 1;
|
||||
static int nPasswordIdx = 0;
|
||||
|
||||
static BOOL IsUserAbortRequested (long volatile *pUserAbort)
|
||||
{
|
||||
return pUserAbort && *pUserAbort;
|
||||
}
|
||||
|
||||
static BOOL ResetAbortKeyDerivation (long volatile *pAbortKeyDerivation, long volatile *pUserAbort)
|
||||
{
|
||||
if (IsUserAbortRequested (pUserAbort))
|
||||
return FALSE;
|
||||
|
||||
if (pAbortKeyDerivation)
|
||||
*pAbortKeyDerivation = 0;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
uint64 VcGetPasswordEncryptionID (Password* pPassword)
|
||||
{
|
||||
return ((uint64) pPassword->Text) + ((uint64) pPassword);
|
||||
@@ -39,7 +55,7 @@ void VcUnprotectPassword (Password* pPassword, uint64 encID)
|
||||
VcProtectPassword (pPassword, encID);
|
||||
}
|
||||
|
||||
int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
|
||||
int ReadVolumeHeaderWCacheWithAbort (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, long volatile *pAbortKeyDerivation, long volatile *pUserAbort)
|
||||
{
|
||||
int nReturnCode = ERR_PASSWORD_WRONG;
|
||||
int i, effectivePim;
|
||||
@@ -47,7 +63,10 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
|
||||
/* Attempt to recognize volume using mount password */
|
||||
if (password->Length > 0)
|
||||
{
|
||||
nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pim, retInfo, NULL);
|
||||
if (!ResetAbortKeyDerivation (pAbortKeyDerivation, pUserAbort))
|
||||
return ERR_USER_ABORT;
|
||||
|
||||
nReturnCode = ReadVolumeHeaderWithAbort (bBoot, header, password, pkcs5_prf, pim, retInfo, NULL, pAbortKeyDerivation, pUserAbort);
|
||||
|
||||
/* Save mount passwords back into cache if asked to do so */
|
||||
if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))
|
||||
@@ -113,7 +132,14 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
|
||||
effectivePim = CachedPim[i];
|
||||
else
|
||||
effectivePim = pim;
|
||||
nReturnCode = ReadVolumeHeader (bBoot, header, pCurrentPassword, pkcs5_prf, effectivePim, retInfo, NULL);
|
||||
|
||||
if (!ResetAbortKeyDerivation (pAbortKeyDerivation, pUserAbort))
|
||||
{
|
||||
nReturnCode = ERR_USER_ABORT;
|
||||
break;
|
||||
}
|
||||
|
||||
nReturnCode = ReadVolumeHeaderWithAbort (bBoot, header, pCurrentPassword, pkcs5_prf, effectivePim, retInfo, NULL, pAbortKeyDerivation, pUserAbort);
|
||||
|
||||
if (nReturnCode != ERR_PASSWORD_WRONG)
|
||||
break;
|
||||
@@ -128,6 +154,11 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
|
||||
return nReturnCode;
|
||||
}
|
||||
|
||||
int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
|
||||
{
|
||||
return ReadVolumeHeaderWCacheWithAbort (bBoot, bCache, bCachePim, header, password, pkcs5_prf, pim, retInfo, NULL, NULL);
|
||||
}
|
||||
|
||||
|
||||
void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
|
||||
{
|
||||
|
||||
@@ -23,4 +23,5 @@ extern int cacheEmpty;
|
||||
void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);
|
||||
void AddLegacyPasswordToCache (__unaligned PasswordLegacy *password, int pim);
|
||||
int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo);
|
||||
int ReadVolumeHeaderWCacheWithAbort (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, long volatile *pAbortKeyDerivation, long volatile *pUserAbort);
|
||||
void WipeCache (void);
|
||||
|
||||
@@ -338,8 +338,9 @@ STYLE DS_SETFONT | DS_MODALFRAME | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER |
|
||||
CAPTION "VeraCrypt"
|
||||
FONT 8, "MS Shell Dlg", 0, 0, 0x0
|
||||
BEGIN
|
||||
CTEXT "Please wait...\nThis process may take a long time and VeraCrypt may seem unresponsive.",IDT_STATIC_MODAL_WAIT_DLG_INFO,9,11,274,33
|
||||
CONTROL "",IDC_WAIT_PROGRESS_BAR,"msctls_progress32",WS_BORDER,7,49,278,14
|
||||
CTEXT "Please wait...\nThis process may take a long time and VeraCrypt may seem unresponsive.",IDT_STATIC_MODAL_WAIT_DLG_INFO,9,7,274,30
|
||||
CONTROL "",IDC_WAIT_PROGRESS_BAR,"msctls_progress32",WS_BORDER,7,41,278,12
|
||||
PUSHBUTTON "Cancel",IDCANCEL,121,56,50,14
|
||||
END
|
||||
|
||||
IDD_TEXT_EDIT_DLG DIALOGEX 0, 0, 372, 220
|
||||
|
||||
+89
-3
@@ -8880,12 +8880,18 @@ BOOL GetPhysicalDriveStorageInformation(UINT nDriveNumber, STORAGE_ACCESS_ALIGNM
|
||||
// implementation of the generic wait dialog mechanism
|
||||
|
||||
static UINT g_wmWaitDlg = ::RegisterWindowMessage(L"VeraCryptWaitDlgMessage");
|
||||
#define WAIT_DLG_CANCEL_RETRY_TIMER_ID 1
|
||||
#define WAIT_DLG_CANCEL_RETRY_INTERVAL 250
|
||||
|
||||
typedef BOOL (CALLBACK* WaitCancelProc)(void* pArg, HWND hWaitDlg);
|
||||
|
||||
typedef struct
|
||||
{
|
||||
HWND hwnd;
|
||||
void* pArg;
|
||||
WaitThreadProc callback;
|
||||
WaitCancelProc cancelCallback;
|
||||
BOOL cancelRequested;
|
||||
} WaitThreadParam;
|
||||
|
||||
static void _cdecl WaitThread (void* pParam)
|
||||
@@ -8899,6 +8905,22 @@ static void _cdecl WaitThread (void* pParam)
|
||||
PostMessage (pThreadParam->hwnd, g_wmWaitDlg, 0, 0);
|
||||
}
|
||||
|
||||
static BOOL WaitDlgTryCancel (HWND hwndDlg, WaitThreadParam* thParam)
|
||||
{
|
||||
if (thParam && thParam->cancelCallback)
|
||||
{
|
||||
if (thParam->cancelCallback (thParam->pArg, hwndDlg))
|
||||
{
|
||||
KillTimer (hwndDlg, WAIT_DLG_CANCEL_RETRY_TIMER_ID);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
SetTimer (hwndDlg, WAIT_DLG_CANCEL_RETRY_TIMER_ID, WAIT_DLG_CANCEL_RETRY_INTERVAL, NULL);
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
||||
{
|
||||
WORD lw = LOWORD (wParam);
|
||||
@@ -8908,6 +8930,7 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
||||
case WM_INITDIALOG:
|
||||
{
|
||||
WaitThreadParam* thParam = (WaitThreadParam*) lParam;
|
||||
SetWindowLongPtr (hwndDlg, DWLP_USER, (LONG_PTR) thParam);
|
||||
|
||||
// set the progress bar type to MARQUEE (indefinite progress)
|
||||
HWND hProgress = GetDlgItem (hwndDlg, IDC_WAIT_PROGRESS_BAR);
|
||||
@@ -8935,24 +8958,50 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
|
||||
}
|
||||
|
||||
LocalizeDialog (hwndDlg, NULL);
|
||||
if (!thParam->cancelCallback)
|
||||
ShowWindow (GetDlgItem (hwndDlg, IDCANCEL), SW_HIDE);
|
||||
_beginthread(WaitThread, 0, thParam);
|
||||
return 0;
|
||||
}
|
||||
|
||||
case WM_COMMAND:
|
||||
|
||||
if (lw == IDOK || lw == IDCANCEL)
|
||||
if (lw == IDCANCEL)
|
||||
{
|
||||
WaitThreadParam* thParam = (WaitThreadParam*) GetWindowLongPtr (hwndDlg, DWLP_USER);
|
||||
if (thParam && thParam->cancelCallback && !thParam->cancelRequested)
|
||||
{
|
||||
thParam->cancelRequested = TRUE;
|
||||
EnableWindow (GetDlgItem (hwndDlg, IDCANCEL), FALSE);
|
||||
WaitDlgTryCancel (hwndDlg, thParam);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (lw == IDOK)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
|
||||
case WM_TIMER:
|
||||
if (wParam == WAIT_DLG_CANCEL_RETRY_TIMER_ID)
|
||||
{
|
||||
WaitThreadParam* thParam = (WaitThreadParam*) GetWindowLongPtr (hwndDlg, DWLP_USER);
|
||||
if (thParam && thParam->cancelRequested)
|
||||
WaitDlgTryCancel (hwndDlg, thParam);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
||||
case WM_DESTROY:
|
||||
KillTimer (hwndDlg, WAIT_DLG_CANCEL_RETRY_TIMER_ID);
|
||||
DetachProtectionFromCurrentThread();
|
||||
return 0;
|
||||
|
||||
default:
|
||||
if (msg == g_wmWaitDlg)
|
||||
{
|
||||
KillTimer (hwndDlg, WAIT_DLG_CANCEL_RETRY_TIMER_ID);
|
||||
EndDialog (hwndDlg, IDOK);
|
||||
return 1;
|
||||
}
|
||||
@@ -9015,11 +9064,13 @@ static LRESULT CALLBACK ShowWaitDialogParentWndProc (HWND hWnd, UINT message, WP
|
||||
}
|
||||
|
||||
|
||||
void ShowWaitDialog(HWND hwnd, BOOL bUseHwndAsParent, WaitThreadProc callback, void* pArg)
|
||||
static void ShowWaitDialogEx(HWND hwnd, BOOL bUseHwndAsParent, WaitThreadProc callback, WaitCancelProc cancelCallback, void* pArg)
|
||||
{
|
||||
BOOL bEffectiveHideWaitingDialog = bCmdHideWaitingDialogValid? bCmdHideWaitingDialog : bHideWaitingDialog;
|
||||
WaitThreadParam threadParam;
|
||||
threadParam.callback = callback;
|
||||
threadParam.cancelCallback = cancelCallback;
|
||||
threadParam.cancelRequested = FALSE;
|
||||
threadParam.pArg = pArg;
|
||||
|
||||
if (WaitDialogDisplaying || bEffectiveHideWaitingDialog)
|
||||
@@ -9082,6 +9133,11 @@ void ShowWaitDialog(HWND hwnd, BOOL bUseHwndAsParent, WaitThreadProc callback, v
|
||||
}
|
||||
}
|
||||
|
||||
void ShowWaitDialog(HWND hwnd, BOOL bUseHwndAsParent, WaitThreadProc callback, void* pArg)
|
||||
{
|
||||
ShowWaitDialogEx (hwnd, bUseHwndAsParent, callback, NULL, pArg);
|
||||
}
|
||||
|
||||
#ifndef SETUP
|
||||
/************************************************************************/
|
||||
|
||||
@@ -9108,6 +9164,26 @@ static BOOL PerformMountIoctl (MOUNT_STRUCT* pmount, LPDWORD pdwResult, BOOL use
|
||||
sizeof (MOUNT_STRUCT), pmount, sizeof (MOUNT_STRUCT), pdwResult, NULL);
|
||||
}
|
||||
|
||||
BOOL AbortMountOperation (int nDosDriveNo)
|
||||
{
|
||||
BOOL bResult;
|
||||
DWORD dwResult;
|
||||
HANDLE hAbortDriver = CreateFile (WIN32_ROOT_PREFIX, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
|
||||
MOUNT_ABORT_STRUCT abortMount;
|
||||
|
||||
if (hAbortDriver == INVALID_HANDLE_VALUE)
|
||||
return FALSE;
|
||||
|
||||
memset (&abortMount, 0, sizeof (abortMount));
|
||||
abortMount.nDosDriveNo = nDosDriveNo;
|
||||
|
||||
bResult = DeviceIoControl (hAbortDriver, TC_IOCTL_ABORT_MOUNT_VOLUME, &abortMount,
|
||||
sizeof (abortMount), &abortMount, sizeof (abortMount), &dwResult, NULL);
|
||||
|
||||
CloseHandle (hAbortDriver);
|
||||
return bResult && abortMount.nReturnCode == ERR_USER_ABORT;
|
||||
}
|
||||
|
||||
// specific definitions and implementation for support of mount operation
|
||||
// in wait dialog mechanism
|
||||
|
||||
@@ -9130,6 +9206,13 @@ void CALLBACK MountWaitThreadProc(void* pArg, HWND )
|
||||
pThreadParam->dwLastError = GetLastError ();
|
||||
}
|
||||
|
||||
BOOL CALLBACK MountWaitCancelProc(void* pArg, HWND )
|
||||
{
|
||||
MountThreadParam* pThreadParam = (MountThreadParam*) pArg;
|
||||
|
||||
return AbortMountOperation (pThreadParam->pmount->nDosDriveNo);
|
||||
}
|
||||
|
||||
/************************************************************************/
|
||||
|
||||
// Use only cached passwords if password = NULL
|
||||
@@ -9366,7 +9449,7 @@ retry:
|
||||
mountThreadParam.pdwResult = &dwResult;
|
||||
mountThreadParam.dwLastError = ERROR_SUCCESS;
|
||||
|
||||
ShowWaitDialog (hwndDlg, FALSE, MountWaitThreadProc, &mountThreadParam);
|
||||
ShowWaitDialogEx (hwndDlg, FALSE, MountWaitThreadProc, MountWaitCancelProc, &mountThreadParam);
|
||||
|
||||
dwLastError = mountThreadParam.dwLastError;
|
||||
}
|
||||
@@ -9428,6 +9511,9 @@ retry:
|
||||
|
||||
if (mount.nReturnCode != 0)
|
||||
{
|
||||
if (mount.nReturnCode == ERR_USER_ABORT)
|
||||
return -1;
|
||||
|
||||
if (mount.nReturnCode == ERR_PASSWORD_WRONG)
|
||||
{
|
||||
// Do not report wrong password, if not instructed to
|
||||
|
||||
@@ -412,6 +412,7 @@ BOOL IsDriveAvailable (int driveNo);
|
||||
BOOL IsDeviceMounted (wchar_t *deviceName);
|
||||
int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced);
|
||||
void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap);
|
||||
BOOL AbortMountOperation (int nDosDriveNo);
|
||||
int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
|
||||
BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount);
|
||||
BOOL UnmountVolumeAfterFormatExCall (HWND hwndDlg, int nDosDriveNo);
|
||||
|
||||
+37
-10
@@ -186,7 +186,7 @@ static int MapArgon2ResultToVcError (int result)
|
||||
|
||||
BOOL ReadVolumeHeaderRecoveryMode = FALSE;
|
||||
|
||||
int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
|
||||
int ReadVolumeHeaderWithAbort (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo, long volatile *pAbortKeyDerivation, long volatile *pUserAbort)
|
||||
{
|
||||
unsigned char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
|
||||
unsigned char* keyInfoBuffer = NULL;
|
||||
@@ -203,6 +203,7 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
int iterationsCount = 0;
|
||||
int memoryCost = 0;
|
||||
LONG volatile abortKeyDerivation = 0;
|
||||
LONG volatile *effectiveAbortKeyDerivation = pAbortKeyDerivation ? (LONG volatile *) pAbortKeyDerivation : &abortKeyDerivation;
|
||||
#ifndef VC_DCS_DISABLE_ARGON2
|
||||
int lastArgon2DerivationResult = 0;
|
||||
#endif
|
||||
@@ -326,6 +327,12 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
// Test all available PKCS5 PRFs
|
||||
for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)
|
||||
{
|
||||
if (pUserAbort && *pUserAbort)
|
||||
{
|
||||
status = ERR_USER_ABORT;
|
||||
goto err;
|
||||
}
|
||||
|
||||
// if a PRF is specified, we skip all other PRFs
|
||||
if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf)
|
||||
continue;
|
||||
@@ -355,7 +362,7 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
iterationsCount = get_pkcs5_iteration_count (enqPkcs5Prf, pim, bBoot, &memoryCost);
|
||||
EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent,
|
||||
&item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey,
|
||||
keyInfo->keyLength, keyInfo->salt, iterationsCount, memoryCost, item->DerivedKey, &item->DerivationResult, &abortKeyDerivation);
|
||||
keyInfo->keyLength, keyInfo->salt, iterationsCount, memoryCost, item->DerivedKey, &item->DerivationResult, effectiveAbortKeyDerivation);
|
||||
|
||||
++queuedWorkItems;
|
||||
break;
|
||||
@@ -376,6 +383,12 @@ int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *pass
|
||||
item = &keyDerivationWorkItems[i];
|
||||
if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)
|
||||
{
|
||||
if (pUserAbort && *pUserAbort)
|
||||
{
|
||||
status = ERR_USER_ABORT;
|
||||
goto err;
|
||||
}
|
||||
|
||||
LONG derivationResult = InterlockedExchangeAdd (&item->DerivationResult, 0);
|
||||
if (derivationResult != 0)
|
||||
{
|
||||
@@ -418,29 +431,29 @@ KeyReady: ;
|
||||
{
|
||||
case SHA512:
|
||||
derive_key_sha512 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), effectiveAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case SHA256:
|
||||
derive_key_sha256 (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), effectiveAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
#ifndef WOLFCRYPT_BACKEND
|
||||
case BLAKE2S:
|
||||
derive_key_blake2s (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), effectiveAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
case WHIRLPOOL:
|
||||
derive_key_whirlpool (keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), effectiveAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
|
||||
case STREEBOG:
|
||||
derive_key_streebog(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, dk, GetMaxPkcs5OutSize(), effectiveAbortKeyDerivation);
|
||||
break;
|
||||
|
||||
|
||||
@@ -448,7 +461,7 @@ KeyReady: ;
|
||||
case ARGON2:
|
||||
{
|
||||
int derivationResult = derive_key_argon2(keyInfo->userKey, keyInfo->keyLength, keyInfo->salt,
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, keyInfo->memoryCost, dk, ARGON2_HEADER_KEYDATA_SIZE, &abortKeyDerivation);
|
||||
PKCS5_SALT_SIZE, keyInfo->noIterations, keyInfo->memoryCost, dk, ARGON2_HEADER_KEYDATA_SIZE, effectiveAbortKeyDerivation);
|
||||
if (derivationResult != 0)
|
||||
{
|
||||
if (selected_pkcs5_prf == 0)
|
||||
@@ -470,6 +483,12 @@ KeyReady: ;
|
||||
}
|
||||
}
|
||||
|
||||
if (pUserAbort && *pUserAbort)
|
||||
{
|
||||
status = ERR_USER_ABORT;
|
||||
goto err;
|
||||
}
|
||||
|
||||
// Test all available modes of operation
|
||||
for (cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
|
||||
cryptoInfo->mode <= LAST_MODE_OF_OPERATION;
|
||||
@@ -677,7 +696,7 @@ KeyReady: ;
|
||||
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
|
||||
{
|
||||
// Signal other threads to stop
|
||||
InterlockedExchange(&abortKeyDerivation, 1);
|
||||
InterlockedExchange(effectiveAbortKeyDerivation, 1);
|
||||
}
|
||||
#endif
|
||||
goto ret;
|
||||
@@ -689,12 +708,15 @@ KeyReady: ;
|
||||
status = MapArgon2ResultToVcError (lastArgon2DerivationResult);
|
||||
else
|
||||
#endif
|
||||
if (pUserAbort && *pUserAbort)
|
||||
status = ERR_USER_ABORT;
|
||||
else
|
||||
status = ERR_PASSWORD_WRONG;
|
||||
|
||||
err:
|
||||
#if !defined(_UEFI)
|
||||
// Signal threads to stop
|
||||
InterlockedExchange(&abortKeyDerivation, 1);
|
||||
InterlockedExchange(effectiveAbortKeyDerivation, 1);
|
||||
#endif
|
||||
if (cryptoInfo != retHeaderCryptoInfo)
|
||||
{
|
||||
@@ -744,6 +766,11 @@ ret:
|
||||
return status;
|
||||
}
|
||||
|
||||
int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
|
||||
{
|
||||
return ReadVolumeHeaderWithAbort (bBoot, encryptedHeader, password, selected_pkcs5_prf, pim, retInfo, retHeaderCryptoInfo, NULL, NULL);
|
||||
}
|
||||
|
||||
#if defined(_WIN32) && !defined(_UEFI)
|
||||
void ComputeBootloaderFingerprint (uint8 *bootLoaderBuf, unsigned int bootLoaderSize, uint8* fingerprint)
|
||||
{
|
||||
|
||||
@@ -152,6 +152,7 @@ int CreateVolumeHeaderInMemory(BOOL bBoot, unsigned char *encryptedHeader, int e
|
||||
BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll);
|
||||
#else
|
||||
int ReadVolumeHeader (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
|
||||
int ReadVolumeHeaderWithAbort (BOOL bBoot, unsigned char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo, long volatile *pAbortKeyDerivation, long volatile *pUserAbort);
|
||||
#if defined(_WIN32) && !defined(_UEFI)
|
||||
void ComputeBootloaderFingerprint (uint8 *bootLoaderBuf, unsigned int bootLoaderSize, uint8* fingerprint);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user