From cf48b532b447faa969347fef183c6e8921c4ded2 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Tue, 26 Feb 2019 01:50:27 +0100
Subject: Windows: Implement RAM encryption for keys on 64-bit machines using
 ChaCha12 cipher and t1ha non-cryptographic fast hash
 (https://github.com/leo-yuriev/t1ha)

---
 src/Mount/Mount.c    | 13 +++++++++++++
 src/Mount/Mount.rc   | 14 ++++++++------
 src/Mount/Resource.h |  3 ++-
 3 files changed, 23 insertions(+), 7 deletions(-)

(limited to 'src/Mount')

diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 5f12baa5..cc3ae11e 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -11125,6 +11125,16 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 				EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_CPU_RNG), FALSE);
 			}
 
+			if (IsOSAtLeast (WIN_7) && IsRamEncryptionSupported())
+			{
+				CheckDlgButton (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION, (driverConfig & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? BST_CHECKED : BST_UNCHECKED);
+			}
+			else
+			{
+				CheckDlgButton (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION,  BST_UNCHECKED);
+				EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION), FALSE);
+			}
+
 			SYSTEM_INFO sysInfo;
 			GetSystemInfo (&sysInfo);
 
@@ -11181,6 +11191,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 
 				BOOL disableHW = !IsDlgButtonChecked (hwndDlg, IDC_ENABLE_HARDWARE_ENCRYPTION);
 				BOOL enableCpuRng = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_CPU_RNG);
+				BOOL enableRamEncryption = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_RAM_ENCRYPTION);
 				BOOL enableExtendedIOCTL = IsDlgButtonChecked (hwndDlg, IDC_ENABLE_EXTENDED_IOCTL_SUPPORT);
 				BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
 				BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
@@ -11224,6 +11235,8 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 					if (IsOSAtLeast (WIN_8_1))
 						SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG, allowWindowsDefrag);
 					SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_CPU_RNG, enableCpuRng);
+					if (IsOSAtLeast (WIN_7))
+						SetDriverConfigurationFlag (VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION, enableRamEncryption);
 
 					DWORD bytesReturned;
 					if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index c5a35b46..6082d2cd 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -311,7 +311,7 @@ BEGIN
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,340,10
 END
 
-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 279
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 293
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - Performance Options"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -329,17 +329,19 @@ BEGIN
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,198,337,10
     CONTROL         "Allow TRIM command for non-system SSD partition/drive",IDC_ALLOW_TRIM_NONSYS_SSD,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,212,337,10
-    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,258,59,14
-    DEFPUSHBUTTON   "OK",IDOK,257,258,50,14
-    PUSHBUTTON      "Cancel",IDCANCEL,314,258,50,14
+    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,272,59,14
+    DEFPUSHBUTTON   "OK",IDOK,257,272,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,314,272,50,14
     LTEXT           "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
     GROUPBOX        "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
     GROUPBOX        "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
-    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,72
+    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,86
     CONTROL         "Allow Windows Disk Defragmenter to defragment non-system partition/drive",IDC_ALLOW_WINDOWS_DEFRAG,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,226,337,10
     CONTROL         "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,240,335,10
+    CONTROL         "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,254,337,10
 END
 
 IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -508,7 +510,7 @@ BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 364
         TOPMARGIN, 7
-        BOTTOMMARGIN, 272
+        BOTTOMMARGIN, 286
     END
 
     IDD_FAVORITE_VOLUMES, DIALOG
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index fdc9f890..f0903cab 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -193,6 +193,7 @@
 #define IDC_LOWER_BOX                   1170
 #define IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 1171
 #define IDC_ENABLE_CPU_RNG              1172
+#define IDC_ENABLE_RAM_ENCRYPTION       1173
 #define IDM_HELP                        40001
 #define IDM_ABOUT                       40002
 #define IDM_UNMOUNT_VOLUME              40003
@@ -269,7 +270,7 @@
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        120
 #define _APS_NEXT_COMMAND_VALUE         40069
-#define _APS_NEXT_CONTROL_VALUE         1173
+#define _APS_NEXT_CONTROL_VALUE         1174
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif
-- 
cgit v1.2.3