diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-02-10 01:01:51 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-02-10 01:21:25 +0100 |
commit | aebb099da27700bc575ecc475e0d2f95bf99a7ca (patch) | |
tree | 0bbd1f4d78afc0abcd944162644caaa55cc23f7f | |
parent | 1ef05f24e28938c7a0608b4c6b369094d1dccaa6 (diff) | |
download | VeraCrypt-aebb099da27700bc575ecc475e0d2f95bf99a7ca.tar.gz VeraCrypt-aebb099da27700bc575ecc475e0d2f95bf99a7ca.zip |
Windows Driver: Don't cache the password if outer volume mounting succeeds but hidden volume mounting fails
-rw-r--r-- | src/Common/Cache.c | 14 | ||||
-rw-r--r-- | src/Common/Cache.h | 2 | ||||
-rw-r--r-- | src/Driver/Ntvol.c | 13 |
3 files changed, 23 insertions, 6 deletions
diff --git a/src/Common/Cache.c b/src/Common/Cache.c index c204e03e..fe56a554 100644 --- a/src/Common/Cache.c +++ b/src/Common/Cache.c @@ -146,7 +146,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade } -void AddPasswordToCache (Password *password, int pim) +void AddPasswordToCache (Password *password, int pim, BOOL bCachePim) { #ifdef _WIN64 Password tmpPass; @@ -174,10 +174,18 @@ void AddPasswordToCache (Password *password, int pim) if (IsRamEncryptionEnabled ()) VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx])); #endif - CachedPim[nPasswordIdx] = pim > 0? pim : 0; + /* Store also PIM if requested, otherwise set to default */ + if (bCachePim && (pim > 0)) + CachedPim[nPasswordIdx] = pim; + else + CachedPim[nPasswordIdx] = 0; nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE; cacheEmpty = 0; } + else if (bCachePim) + { + CachedPim[i] = pim > 0? pim : 0; + } #ifdef _WIN64 if (IsRamEncryptionEnabled()) burn (&tmpPass, sizeof (Password)); @@ -190,7 +198,7 @@ void AddLegacyPasswordToCache (PasswordLegacy *password, int pim) inputPass.Length = password->Length; memcpy (inputPass.Text, password->Text, password->Length); - AddPasswordToCache (&inputPass, pim); + AddPasswordToCache (&inputPass, pim, TRUE); burn (&inputPass, sizeof (inputPass)); } diff --git a/src/Common/Cache.h b/src/Common/Cache.h index a9ed58a7..841d5e67 100644 --- a/src/Common/Cache.h +++ b/src/Common/Cache.h @@ -20,7 +20,7 @@ extern int cacheEmpty; -void AddPasswordToCache (Password *password, int pim); +void AddPasswordToCache (Password *password, int pim, BOOL bCachePim); void AddLegacyPasswordToCache (PasswordLegacy *password, int pim); int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo); void WipeCache (void); diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c index 45a07cdb..ebef6c37 100644 --- a/src/Driver/Ntvol.c +++ b/src/Driver/Ntvol.c @@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, BOOL forceAccessCheck = !bRawDevice; BOOL disableBuffering = TRUE; BOOL exclusiveAccess = mount->bExclusiveAccess; + /* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/ + BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache; Extension->pfoDeviceFile = NULL; Extension->hDeviceFile = NULL; @@ -602,7 +604,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, { mount->nReturnCode = ReadVolumeHeaderWCache ( FALSE, - mount->bCache, + bAutoCachePassword, mount->bCachePim, readBuffer, &mount->ProtectedHidVolPassword, @@ -615,7 +617,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, { mount->nReturnCode = ReadVolumeHeaderWCache ( mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL, - mount->bCache, + bAutoCachePassword, mount->bCachePim, readBuffer, &mount->VolumePassword, @@ -826,6 +828,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, // decrypt the hidden volume header. if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume)) { + /* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/ + if (mount->bProtectHiddenVolume && mount->bCache) + { + AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim); + AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim); + } + TCfree (readBuffer); if (tmpCryptoInfo != NULL) |