VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2022-02-10 01:01:51 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2022-02-10 01:21:25 +0100
commitaebb099da27700bc575ecc475e0d2f95bf99a7ca (patch)
tree0bbd1f4d78afc0abcd944162644caaa55cc23f7f
parent1ef05f24e28938c7a0608b4c6b369094d1dccaa6 (diff)
downloadVeraCrypt-aebb099da27700bc575ecc475e0d2f95bf99a7ca.tar.gz
VeraCrypt-aebb099da27700bc575ecc475e0d2f95bf99a7ca.zip
Windows Driver: Don't cache the password if outer volume mounting succeeds but hidden volume mounting fails
-rw-r--r--src/Common/Cache.c14
-rw-r--r--src/Common/Cache.h2
-rw-r--r--src/Driver/Ntvol.c13
3 files changed, 23 insertions, 6 deletions
diff --git a/src/Common/Cache.c b/src/Common/Cache.c
index c204e03e..fe56a554 100644
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -146,7 +146,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade
}
-void AddPasswordToCache (Password *password, int pim)
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
{
#ifdef _WIN64
Password tmpPass;
@@ -174,10 +174,18 @@ void AddPasswordToCache (Password *password, int pim)
if (IsRamEncryptionEnabled ())
VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
#endif
- CachedPim[nPasswordIdx] = pim > 0? pim : 0;
+ /* Store also PIM if requested, otherwise set to default */
+ if (bCachePim && (pim > 0))
+ CachedPim[nPasswordIdx] = pim;
+ else
+ CachedPim[nPasswordIdx] = 0;
nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
cacheEmpty = 0;
}
+ else if (bCachePim)
+ {
+ CachedPim[i] = pim > 0? pim : 0;
+ }
#ifdef _WIN64
if (IsRamEncryptionEnabled())
burn (&tmpPass, sizeof (Password));
@@ -190,7 +198,7 @@ void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)
inputPass.Length = password->Length;
memcpy (inputPass.Text, password->Text, password->Length);
- AddPasswordToCache (&inputPass, pim);
+ AddPasswordToCache (&inputPass, pim, TRUE);
burn (&inputPass, sizeof (inputPass));
}
diff --git a/src/Common/Cache.h b/src/Common/Cache.h
index a9ed58a7..841d5e67 100644
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -20,7 +20,7 @@
extern int cacheEmpty;
-void AddPasswordToCache (Password *password, int pim);
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);
void AddLegacyPasswordToCache (PasswordLegacy *password, int pim);
int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
void WipeCache (void);
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 45a07cdb..ebef6c37 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
BOOL forceAccessCheck = !bRawDevice;
BOOL disableBuffering = TRUE;
BOOL exclusiveAccess = mount->bExclusiveAccess;
+ /* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/
+ BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache;
Extension->pfoDeviceFile = NULL;
Extension->hDeviceFile = NULL;
@@ -602,7 +604,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
{
mount->nReturnCode = ReadVolumeHeaderWCache (
FALSE,
- mount->bCache,
+ bAutoCachePassword,
mount->bCachePim,
readBuffer,
&mount->ProtectedHidVolPassword,
@@ -615,7 +617,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
{
mount->nReturnCode = ReadVolumeHeaderWCache (
mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL,
- mount->bCache,
+ bAutoCachePassword,
mount->bCachePim,
readBuffer,
&mount->VolumePassword,
@@ -826,6 +828,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
// decrypt the hidden volume header.
if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume))
{
+ /* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/
+ if (mount->bProtectHiddenVolume && mount->bCache)
+ {
+ AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim);
+ AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim);
+ }
+
TCfree (readBuffer);
if (tmpCryptoInfo != NULL)