diff options
Diffstat (limited to 'src/Driver/Ntvol.c')
-rw-r--r-- | src/Driver/Ntvol.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c index f9e11d3d..68f63f16 100644 --- a/src/Driver/Ntvol.c +++ b/src/Driver/Ntvol.c @@ -43,14 +43,14 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, PWSTR pwszMountVolume, BOOL bRawDevice) { - FILE_STANDARD_INFORMATION FileStandardInfo; + FILE_STANDARD_INFORMATION FileStandardInfo = { 0 }; FILE_BASIC_INFORMATION FileBasicInfo; OBJECT_ATTRIBUTES oaFileAttributes; UNICODE_STRING FullFileName; IO_STATUS_BLOCK IoStatusBlock; PCRYPTO_INFO cryptoInfoPtr = NULL; PCRYPTO_INFO tmpCryptoInfo = NULL; - LARGE_INTEGER lDiskLength; + LARGE_INTEGER lDiskLength = { 0 }; __int64 partitionStartingOffset = 0; int volumeType; char *readBuffer = 0; @@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, BOOL forceAccessCheck = !bRawDevice; BOOL disableBuffering = TRUE; BOOL exclusiveAccess = mount->bExclusiveAccess; + /* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/ + BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache; Extension->pfoDeviceFile = NULL; Extension->hDeviceFile = NULL; @@ -86,6 +88,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, } mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE; + mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE; + mount->VolumeMasterKeyVulnerable = FALSE; // If we are opening a device, query its size first if (bRawDevice) @@ -95,7 +99,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, LARGE_INTEGER diskLengthInfo; DISK_GEOMETRY_EX dg; STORAGE_PROPERTY_QUERY storagePropertyQuery = {0}; - byte* dgBuffer; + uint8* dgBuffer; STORAGE_DEVICE_NUMBER storageDeviceNumber; ntStatus = IoGetDeviceObjectPointer (&FullFileName, @@ -484,7 +488,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, // Header of a volume that is not within the scope of system encryption, or // header of a system hidden volume (containing a hidden OS) - LARGE_INTEGER headerOffset; + LARGE_INTEGER headerOffset = {0}; if (mount->UseBackupHeader && lDiskLength.QuadPart <= TC_TOTAL_VOLUME_HEADERS_SIZE) continue; @@ -602,26 +606,24 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, { mount->nReturnCode = ReadVolumeHeaderWCache ( FALSE, - mount->bCache, + bAutoCachePassword, mount->bCachePim, readBuffer, &mount->ProtectedHidVolPassword, mount->ProtectedHidVolPkcs5Prf, mount->ProtectedHidVolPim, - mount->bTrueCryptMode, &tmpCryptoInfo); } else { mount->nReturnCode = ReadVolumeHeaderWCache ( mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL, - mount->bCache, + bAutoCachePassword, mount->bCachePim, readBuffer, &mount->VolumePassword, mount->pkcs5_prf, mount->VolumePim, - mount->bTrueCryptMode, &Extension->cryptoInfo); } @@ -647,6 +649,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, Dump ("Volume header decrypted\n"); Dump ("Required program version = %x\n", (int) Extension->cryptoInfo->RequiredProgramVersion); Dump ("Legacy volume = %d\n", (int) Extension->cryptoInfo->LegacyVolume); + Dump ("Master key vulnerable = %d\n", (int) Extension->cryptoInfo->bVulnerableMasterKey); + + mount->VolumeMasterKeyVulnerable = Extension->cryptoInfo->bVulnerableMasterKey; if (IsHiddenSystemRunning() && !Extension->cryptoInfo->hiddenVolume) { @@ -677,10 +682,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, if (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value) { - // Partial encryption is not supported for volumes mounted as regular - mount->nReturnCode = ERR_ENCRYPTION_NOT_COMPLETED; - ntStatus = STATUS_SUCCESS; - goto error; + // mount as readonly in case of partial system encryption + Extension->bReadOnly = mount->bMountReadOnly = TRUE; + mount->VolumeMountedReadOnlyAfterPartialSysEnc = TRUE; } } else if (Extension->cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) @@ -798,8 +802,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, Extension->TracksPerCylinder = 1; Extension->SectorsPerTrack = 1; Extension->BytesPerSector = Extension->cryptoInfo->SectorSize; - // Add extra sector since our virtual partition starts at Extension->BytesPerSector and not 0 - Extension->NumberOfCylinders = (Extension->DiskLength / Extension->BytesPerSector) + 1; + Extension->NumberOfCylinders = Extension->DiskLength / Extension->BytesPerSector; Extension->PartitionType = 0; Extension->bRawDevice = bRawDevice; @@ -826,6 +829,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, // decrypt the hidden volume header. if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume)) { + /* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/ + if (mount->bProtectHiddenVolume && mount->bCache) + { + AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim); + AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim); + } + TCfree (readBuffer); if (tmpCryptoInfo != NULL) |