diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-12-16 00:14:42 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-12-16 00:17:59 +0100 |
| commit | c27461572ca09705c16f26a1e9128ff3a4ebdda0 (patch) | |
| tree | 41eff1e362c745d21e0cf90cb7d276dfb3cfff66 /src/Driver/DriveFilter.c | |
| parent | 634916230311eed9c6969aa516f4b9601438f9d3 (diff) | |
| download | VeraCrypt-c27461572ca09705c16f26a1e9128ff3a4ebdda0.tar.gz VeraCrypt-c27461572ca09705c16f26a1e9128ff3a4ebdda0.zip | |
Windows: Enhance performance by implementing the possibility to choose the correct hash algorithm of volumes during various operations (mount, change password...). In case of system encryption, slightly speedup Windows startup time by making the driver pickup the correct hash algorithm used for the encryption.
Diffstat (limited to 'src/Driver/DriveFilter.c')
| -rw-r--r-- | src/Driver/DriveFilter.c | 53 |
1 files changed, 38 insertions, 15 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index b195ef5e..87370802 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -219,6 +219,8 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, NTSTATUS status;
LARGE_INTEGER offset;
char *header;
+ int pkcs5_prf = 0;
+ byte *mappedCryptoInfo = NULL;
Dump ("MountDrive pdo=%p\n", Extension->Pdo);
ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);
@@ -269,7 +271,30 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, goto ret;
}
- if (ReadVolumeHeader (!hiddenVolume, header, password, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
+ if (BootArgs.CryptoInfoLength > 0)
+ {
+ PHYSICAL_ADDRESS cryptoInfoAddress;
+
+ cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset;
+ mappedCryptoInfo = MmMapIoSpace (cryptoInfoAddress, BootArgs.CryptoInfoLength, MmCached);
+ if (mappedCryptoInfo)
+ {
+ /* Get the parameters used for booting to speed up driver startup and avoid testing irrelevant PRFs */
+ BOOT_CRYPTO_HEADER* pBootCryptoInfo = (BOOT_CRYPTO_HEADER*) mappedCryptoInfo;
+ Hash* pHash = HashGet(pBootCryptoInfo->pkcs5);
+ if (pHash && pHash->SystemEncryption)
+ pkcs5_prf = pBootCryptoInfo->pkcs5;
+ else
+ {
+ status = STATUS_UNSUCCESSFUL;
+ burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ goto ret;
+ }
+ }
+ }
+
+ if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
{
// Header decrypted
status = STATUS_SUCCESS;
@@ -316,20 +341,15 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, Dump ("Loaded: EncryptedAreaStart=%I64d (%I64d) EncryptedAreaEnd=%I64d (%I64d)\n", Extension->Queue.EncryptedAreaStart / 1024 / 1024, Extension->Queue.EncryptedAreaStart, Extension->Queue.EncryptedAreaEnd / 1024 / 1024, Extension->Queue.EncryptedAreaEnd);
// Erase boot loader scheduled keys
- if (BootArgs.CryptoInfoLength > 0)
+ if (mappedCryptoInfo)
{
- PHYSICAL_ADDRESS cryptoInfoAddress;
- byte *mappedCryptoInfo;
-
+#ifdef DEBUG
+ PHYSICAL_ADDRESS cryptoInfoAddress;
cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset;
- mappedCryptoInfo = MmMapIoSpace (cryptoInfoAddress, BootArgs.CryptoInfoLength, MmCached);
-
- if (mappedCryptoInfo)
- {
- Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength);
- burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
- MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
- }
+ Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength);
+#endif
+ burn (mappedCryptoInfo, BootArgs.CryptoInfoLength);
+ MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength);
}
BootDriveFilterExtension = Extension;
@@ -755,7 +775,10 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp) return;
if (!BootDriveFound || !BootDriveFilterExtension || !BootDriveFilterExtension->DriveMounted || !BootDriveFilterExtension->HeaderCryptoInfo
- || request->VolumePassword.Length > MAX_PASSWORD)
+ || request->VolumePassword.Length > MAX_PASSWORD
+ || request->pkcs5_prf < 0
+ || request->pkcs5_prf > LAST_PRF_ID
+ )
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
goto wipe;
@@ -780,7 +803,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp) goto ret;
}
- if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
+ if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
{
Dump ("Header reopened\n");
|