1 files changed, 110 insertions, 15 deletions
diff --git a/src/Common/Cache.c b/src/Common/Cache.c
index 2412ba59..46249b9c 100644
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -24,7 +24,26 @@ int	 CachedPim[CACHE_SIZE];
 int cacheEmpty = 1;
 static int nPasswordIdx = 0;
 
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo)
+#ifdef _WIN64
+
+uint64 VcGetPasswordEncryptionID (Password* pPassword)
+{
+	return ((uint64) pPassword->Text) + ((uint64) pPassword);
+}
+
+void VcProtectPassword (Password* pPassword, uint64 encID)
+{
+	VcProtectMemory (encID, (unsigned char*) pPassword->Text, sizeof(pPassword->Text), (unsigned char*) &pPassword->Length, sizeof (pPassword->Length));
+}
+
+void VcUnprotectPassword (Password* pPassword, uint64 encID)
+{
+	VcProtectPassword (pPassword, encID);
+}
+
+#endif
+
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
 {
 	int nReturnCode = ERR_PASSWORD_WRONG;
 	int i, effectivePim;
@@ -32,21 +51,42 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade
 	/* Attempt to recognize volume using mount password */
 	if (password->Length > 0)
 	{
-		nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pim, truecryptMode, retInfo, NULL);
+		nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pim, retInfo, NULL);
 
 		/* Save mount passwords back into cache if asked to do so */
 		if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))
 		{
+#ifdef _WIN64
+			Password tmpPass;
+#endif
 			for (i = 0; i < CACHE_SIZE; i++)
 			{
-				if (memcmp (&CachedPasswords[i], password, sizeof (Password)) == 0)
+				Password* pCurrentPassword = &CachedPasswords[i];
+#ifdef _WIN64
+				if (IsRamEncryptionEnabled())
+				{
+					memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
+					VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
+					pCurrentPassword = &tmpPass;
+				}
+#endif
+				if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)
 					break;
 			}
 
+#ifdef _WIN64
+			if (IsRamEncryptionEnabled())
+				burn (&tmpPass, sizeof (Password));
+#endif
+
 			if (i == CACHE_SIZE)
 			{
 				/* Store the password */
 				CachedPasswords[nPasswordIdx] = *password;
+#ifdef _WIN64
+				if (IsRamEncryptionEnabled ())
+					VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
+#endif
 
 				/* Store also PIM if requested, otherwise set to default */
 				if (bCachePim && (pim > 0))
@@ -67,44 +107,99 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade
 	}
 	else if (!cacheEmpty)
 	{
+#ifdef _WIN64
+		Password tmpPass;
+#endif
 		/* Attempt to recognize volume using cached passwords */
 		for (i = 0; i < CACHE_SIZE; i++)
 		{
-			if (CachedPasswords[i].Length > 0)
+			Password* pCurrentPassword = &CachedPasswords[i];
+#ifdef _WIN64
+			if (IsRamEncryptionEnabled())
 			{
-				if (truecryptMode)
-					effectivePim = 0;
-				else if (pim == -1)
+				memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
+				VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
+				pCurrentPassword = &tmpPass;
+			}
+#endif
+			if ((pCurrentPassword->Length > 0) && (pCurrentPassword->Length <= (unsigned int) ((bBoot? MAX_LEGACY_PASSWORD: MAX_PASSWORD))))
+			{
+				if (pim == -1)
 					effectivePim = CachedPim[i];
 				else
 					effectivePim = pim;
-				nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, effectivePim, truecryptMode, retInfo, NULL);
+				nReturnCode = ReadVolumeHeader (bBoot, header, pCurrentPassword, pkcs5_prf, effectivePim, retInfo, NULL);
 
 				if (nReturnCode != ERR_PASSWORD_WRONG)
 					break;
 			}
 		}
+#ifdef _WIN64
+		if (IsRamEncryptionEnabled())
+			burn (&tmpPass, sizeof (Password));
+#endif
 	}
 
 	return nReturnCode;
 }
 
 
-void AddPasswordToCache (Password *password, int pim)
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
 {
+#ifdef _WIN64
+	Password tmpPass;
+#endif
 	int i;
 	for (i = 0; i < CACHE_SIZE; i++)
 	{
-		if (memcmp (&CachedPasswords[i], password, sizeof (Password)) == 0)
-			return;
+		Password* pCurrentPassword = &CachedPasswords[i];
+#ifdef _WIN64
+		if (IsRamEncryptionEnabled())
+		{
+			memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
+			VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
+			pCurrentPassword = &tmpPass;
+		}
+#endif
+		if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)
+			break;
 	}
 
-	CachedPasswords[nPasswordIdx] = *password;
-	CachedPim[nPasswordIdx] = pim > 0? pim : 0;
-	nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
-	cacheEmpty = 0;
+	if (i == CACHE_SIZE)
+	{
+		CachedPasswords[nPasswordIdx] = *password;
+#ifdef _WIN64
+		if (IsRamEncryptionEnabled ())
+			VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
+#endif
+		/* Store also PIM if requested, otherwise set to default */
+		if (bCachePim && (pim > 0))
+			CachedPim[nPasswordIdx] = pim;
+		else
+			CachedPim[nPasswordIdx] = 0;
+		nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
+		cacheEmpty = 0;
+	}
+	else if (bCachePim)
+	{
+		CachedPim[i] = pim > 0? pim : 0;
+	}
+#ifdef _WIN64
+	if (IsRamEncryptionEnabled())
+		burn (&tmpPass, sizeof (Password));
+#endif
 }
 
+void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)
+{
+	Password inputPass = {0};
+	inputPass.Length = password->Length;
+	memcpy (inputPass.Text, password->Text, password->Length);
+
+	AddPasswordToCache (&inputPass, pim, TRUE);
+
+	burn (&inputPass, sizeof (inputPass));
+}
 
 void WipeCache ()
 {