VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-12-16 00:14:42 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-12-16 00:17:59 +0100
commitc27461572ca09705c16f26a1e9128ff3a4ebdda0 (patch)
tree41eff1e362c745d21e0cf90cb7d276dfb3cfff66 /src/Driver
parent634916230311eed9c6969aa516f4b9601438f9d3 (diff)
downloadVeraCrypt-c27461572ca09705c16f26a1e9128ff3a4ebdda0.tar.gz
VeraCrypt-c27461572ca09705c16f26a1e9128ff3a4ebdda0.zip
Windows: Enhance performance by implementing the possibility to choose the correct hash algorithm of volumes during various operations (mount, change password...). In case of system encryption, slightly speedup Windows startup time by making the driver pickup the correct hash algorithm used for the encryption.
Diffstat (limited to 'src/Driver')
-rw-r--r--src/Driver/DriveFilter.c53
-rw-r--r--src/Driver/Ntdriver.c6
-rw-r--r--src/Driver/Ntvol.c2
3 files changed, 45 insertions, 16 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index b195ef5e..87370802 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -219,6 +219,8 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
NTSTATUS status;
LARGE_INTEGER offset;
char *header;
+ int pkcs5_prf = 0;
+ byte *mappedCryptoInfo = NULL;
Dump ("MountDrive pdo=%p\n", Extension->Pdo);
ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
@@ -269,7 +271,30 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
goto ret;
}
- if (ReadVolumeHeader (!hiddenVolume, header, password, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
+ if (BootArgs.CryptoInfoLength > 0)
+ {
+ PHYSICAL_ADDRESS cryptoInfoAddress;
+
+ cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset;
+ mappedCryptoInfo = MmMapIoSpace (cryptoInfoAddress, BootArgs.CryptoInfoLength, MmCached);
+ if (mappedCryptoInfo)
+ {
+ /* Get the parameters used for booting to speed up driver startup and avoid testing irrelevant PRFs */
+ BOOT_CRYPTO_HEADER* pBootCryptoInfo = (BOOT_CRYPTO_HEADER*) mappedCryptoInfo;
+ Hash* pHash = HashGet(pBootCryptoInfo->pkcs5);
+ if (pHash && pHash->SystemEncryption)
+ pkcs5_prf = pBootCryptoInfo->pkcs5;
+ else
+ {
+ status = STATUS_UNSUCCESSFUL;
+ burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ goto ret;
+ }
+ }
+ }
+
+ if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
{
// Header decrypted
status = STATUS_SUCCESS;
@@ -316,20 +341,15 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
Dump ("Loaded: EncryptedAreaStart=%I64d (%I64d) EncryptedAreaEnd=%I64d (%I64d)\n", Extension->Queue.EncryptedAreaStart / 1024 / 1024, Extension->Queue.EncryptedAreaStart, Extension->Queue.EncryptedAreaEnd / 1024 / 1024, Extension->Queue.EncryptedAreaEnd);
// Erase boot loader scheduled keys
- if (BootArgs.CryptoInfoLength > 0)
+ if (mappedCryptoInfo)
{
- PHYSICAL_ADDRESS cryptoInfoAddress;
- byte *mappedCryptoInfo;
-
+#ifdef DEBUG
+ PHYSICAL_ADDRESS cryptoInfoAddress;
cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset;
- mappedCryptoInfo = MmMapIoSpace (cryptoInfoAddress, BootArgs.CryptoInfoLength, MmCached);
-
- if (mappedCryptoInfo)
- {
- Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength);
- burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
- MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
- }
+ Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength);
+#endif
+ burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
}
BootDriveFilterExtension = Extension;
@@ -755,7 +775,10 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
return;
if (!BootDriveFound || !BootDriveFilterExtension || !BootDriveFilterExtension->DriveMounted || !BootDriveFilterExtension->HeaderCryptoInfo
- || request->VolumePassword.Length > MAX_PASSWORD)
+ || request->VolumePassword.Length > MAX_PASSWORD
+ || request->pkcs5_prf < 0
+ || request->pkcs5_prf > LAST_PRF_ID
+ )
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
goto wipe;
@@ -780,7 +803,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
goto ret;
}
- if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
+ if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
{
Dump ("Header reopened\n");
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index e7a55b02..4476adb2 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1364,7 +1364,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
{
MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
- if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD)
+ if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
+ || mount->pkcs5_prf < 0 || mount->pkcs5_prf > LAST_PRF_ID
+ || mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID )
{
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
Irp->IoStatus.Information = 0;
@@ -1378,6 +1380,8 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
burn (&mount->VolumePassword, sizeof (mount->VolumePassword));
burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword));
+ burn (&mount->pkcs5_prf, sizeof (mount->pkcs5_prf));
+ burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf));
}
break;
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 29ccd543..a8bcc14a 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -462,6 +462,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
mount->bCache,
readBuffer,
&mount->ProtectedHidVolPassword,
+ mount->ProtectedHidVolPkcs5Prf,
&tmpCryptoInfo);
}
else
@@ -471,6 +472,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
mount->bCache,
readBuffer,
&mount->VolumePassword,
+ mount->pkcs5_prf,
&Extension->cryptoInfo);
}