Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Bootloader: in function ReadVolumeHeader, arrays dk and masterKey have the same size and they are never needed at the same time. So, we can minimize stack memory usage by using only one array instead of two. At the end of the function, the array is erased securely.

Browse Source
This commit is contained in:
Mounir IDRASSI
2014-10-25 20:11:28 +02:00
parent c1378f781a
commit 714a2ce0ae
1 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Common/Volumes.c
View File

@@ -551,10 +551,8 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
{ {
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
char dk[32 * 2]; // 2 * 256-bit key char dk[32 * 2]; // 2 * 256-bit key
char masterKey[32 * 2];
#else #else
char dk[32 * 2 * 3]; // 6 * 256-bit key char dk[32 * 2 * 3]; // 6 * 256-bit key
char masterKey[32 * 2 * 3];
#endif #endif
PCRYPTO_INFO cryptoInfo; PCRYPTO_INFO cryptoInfo;
@@ -652,7 +650,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
cryptoInfo->pkcs5 = RIPEMD160; cryptoInfo->pkcs5 = RIPEMD160;
#endif #endif
memcpy (masterKey, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (masterKey)); memcpy (dk, header + HEADER_MASTER_KEYDATA_OFFSET, sizeof (dk));
EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
if (retHeaderCryptoInfo) if (retHeaderCryptoInfo)
@@ -661,16 +659,16 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// Init the encryption algorithm with the decrypted master key // Init the encryption algorithm with the decrypted master key
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
#if defined (TC_WINDOWS_BOOT_SERPENT) #if defined (TC_WINDOWS_BOOT_SERPENT)
serpent_set_key (masterKey, cryptoInfo->ks); serpent_set_key (dk, cryptoInfo->ks);
#elif defined (TC_WINDOWS_BOOT_TWOFISH) #elif defined (TC_WINDOWS_BOOT_TWOFISH)
twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) masterKey); twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
#else #else
status = EAInit (masterKey, cryptoInfo->ks); status = EAInit (dk, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE) if (status == ERR_CIPHER_INIT_FAILURE)
goto err; goto err;
#endif #endif
#else #else
status = EAInit (cryptoInfo->ea, masterKey, cryptoInfo->ks); status = EAInit (cryptoInfo->ea, dk, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE) if (status == ERR_CIPHER_INIT_FAILURE)
goto err; goto err;
#endif #endif
@@ -678,14 +676,14 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// The secondary master key (if cascade, multiple concatenated) // The secondary master key (if cascade, multiple concatenated)
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE #ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
#if defined (TC_WINDOWS_BOOT_SERPENT) #if defined (TC_WINDOWS_BOOT_SERPENT)
serpent_set_key (masterKey + 32, cryptoInfo->ks2); serpent_set_key (dk + 32, cryptoInfo->ks2);
#elif defined (TC_WINDOWS_BOOT_TWOFISH) #elif defined (TC_WINDOWS_BOOT_TWOFISH)
twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (masterKey + 32)); twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
#else #else
EAInit (masterKey + 32, cryptoInfo->ks2); EAInit (dk + 32, cryptoInfo->ks2);
#endif #endif
#else #else
EAInit (cryptoInfo->ea, masterKey + EAGetKeySize (cryptoInfo->ea), cryptoInfo->ks2); EAInit (cryptoInfo->ea, dk + EAGetKeySize (cryptoInfo->ea), cryptoInfo->ks2);
#endif #endif
goto ret; goto ret;
} }
@@ -701,7 +699,6 @@ err:
ret: ret:
burn (dk, sizeof(dk)); burn (dk, sizeof(dk));
burn (masterKey, sizeof(masterKey));
return status; return status;
} }