VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Apidrvr.h2
-rw-r--r--src/Common/Cache.c26
-rw-r--r--src/Common/Cache.h4
-rw-r--r--src/Common/Dlgcode.c2
-rw-r--r--src/Common/Dlgcode.h2
-rw-r--r--src/Common/Format.c2
-rw-r--r--src/Common/Language.xml2
-rw-r--r--src/Common/Volumes.c8
8 files changed, 40 insertions, 8 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 5ba6c884..9ae2aeae 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -112,6 +112,7 @@ typedef struct
wchar_t wszLabel[33]; // maximum label length is 32 for NTFS and 11 for FAT32
BOOL bIsNTFS; // output only
BOOL bDriverSetLabel;
+ BOOL bCachePim;
} MOUNT_STRUCT;
typedef struct
@@ -333,5 +334,6 @@ typedef struct
#define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8
#define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10
#define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20
+#define TC_DRIVER_CONFIG_CACHE_BOOT_PIM 0x40
#endif /* _WIN32 */
diff --git a/src/Common/Cache.c b/src/Common/Cache.c
index 872f4d81..3dea0877 100644
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -20,13 +20,14 @@
#include "Cache.h"
Password CachedPasswords[CACHE_SIZE];
+int CachedPim[CACHE_SIZE];
int cacheEmpty = 1;
static int nPasswordIdx = 0;
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo)
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo)
{
int nReturnCode = ERR_PASSWORD_WRONG;
- int i;
+ int i, effectivePim;
/* Attempt to recognize volume using mount password */
if (password->Length > 0)
@@ -47,11 +48,21 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
/* Store the password */
CachedPasswords[nPasswordIdx] = *password;
+ /* Store also PIM if requested, otherwise set to default */
+ if (bCachePim && (pim > 0))
+ CachedPim[nPasswordIdx] = pim;
+ else
+ CachedPim[nPasswordIdx] = 0;
+
/* Try another slot */
nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
cacheEmpty = 0;
}
+ else if (bCachePim)
+ {
+ CachedPim[i] = pim > 0? pim : 0;
+ }
}
}
else if (!cacheEmpty)
@@ -61,7 +72,13 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
{
if (CachedPasswords[i].Length > 0)
{
- nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, pim, truecryptMode, retInfo, NULL);
+ if (truecryptMode)
+ effectivePim = 0;
+ else if (pim == -1)
+ effectivePim = CachedPim[i];
+ else
+ effectivePim = pim;
+ nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, effectivePim, truecryptMode, retInfo, NULL);
if (nReturnCode != ERR_PASSWORD_WRONG)
break;
@@ -73,7 +90,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
}
-void AddPasswordToCache (Password *password)
+void AddPasswordToCache (Password *password, int pim)
{
int i;
for (i = 0; i < CACHE_SIZE; i++)
@@ -83,6 +100,7 @@ void AddPasswordToCache (Password *password)
}
CachedPasswords[nPasswordIdx] = *password;
+ CachedPim[nPasswordIdx] = pim > 0? pim : 0;
nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
cacheEmpty = 0;
}
diff --git a/src/Common/Cache.h b/src/Common/Cache.h
index 47c7d48c..c22bfa1f 100644
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -20,6 +20,6 @@
extern int cacheEmpty;
-void AddPasswordToCache (Password *password);
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
+void AddPasswordToCache (Password *password, int pim);
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
void WipeCache (void);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index cb15052c..db14ecea 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -6622,6 +6622,7 @@ int MountVolume (HWND hwndDlg,
int pim,
BOOL truecryptMode,
BOOL cachePassword,
+ BOOL cachePim,
BOOL sharedAccess,
const MountOptions* const mountOptions,
BOOL quiet,
@@ -6670,6 +6671,7 @@ int MountVolume (HWND hwndDlg,
retry:
mount.nDosDriveNo = driveNo;
mount.bCache = cachePassword;
+ mount.bCachePim = cachePim;
mount.bPartitionInInactiveSysEncScope = FALSE;
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index e857f948..1081420d 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -336,7 +336,7 @@ BOOL IsDriveAvailable (int driveNo);
BOOL IsDeviceMounted (wchar_t *deviceName);
int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced);
void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap);
-int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
+int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL truecryptMode, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount);
BOOL UnmountVolumeAfterFormatExCall (HWND hwndDlg, int nDosDriveNo);
BOOL IsPasswordCacheEmpty (void);
diff --git a/src/Common/Format.c b/src/Common/Format.c
index 43916273..701676fa 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -634,7 +634,7 @@ error:
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
- if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+ if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
if (!Silent)
{
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 3c8fbfcf..b4ac5b33 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -111,6 +111,7 @@
<control lang="en" key="IDC_AUTORUN_START">&amp;Start VeraCrypt</control>
<control lang="en" key="IDC_AUTO_DETECT_PKCS11_MODULE">Auto-&amp;Detect Library</control>
<control lang="en" key="IDC_BOOT_LOADER_CACHE_PASSWORD">&amp;Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)</control>
+ <control lang="en" key="IDC_BOOT_LOADER_CACHE_PIM">Include &amp;PIM when caching pre-boot authentication password</control>
<control lang="en" key="IDC_BROWSE_DIRS">Browse...</control>
<control lang="en" key="IDC_BROWSE_FILES">Browse...</control>
<control lang="en" key="IDC_CACHE">Cache passwords and keyfil&amp;es in memory</control>
@@ -159,6 +160,7 @@
<control lang="en" key="IDC_PIM_HELP">(Empty or 0 for default iterations)</control>
<control lang="en" key="IDC_PREF_BKG_TASK_ENABLE">Enabled</control>
<control lang="en" key="IDC_PREF_CACHE_PASSWORDS">Cache passwords in driver memory</control>
+ <control lang="en" key="IDC_PREF_CACHE_PIM">Include PIM when caching a password</control>
<control lang="en" key="IDC_PREF_DISMOUNT_INACTIVE">Auto-dismount volume after no data has been read/written to it for</control>
<control lang="en" key="IDC_PREF_DISMOUNT_LOGOFF">User logs off</control>
<control lang="en" key="IDC_PREF_DISMOUNT_SESSION_LOCKED">User session locked</control>
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 3f0c5b67..b19b8114 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -187,6 +187,10 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
LONG outstandingWorkItemCount = 0;
int i;
+ // if no PIM specified, use default value
+ if (pim < 0)
+ pim = 0;
+
if (truecryptMode)
{
// SHA-256 not supported in TrueCrypt mode
@@ -806,6 +810,10 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
if (cryptoInfo == NULL)
return ERR_OUTOFMEMORY;
+ // if no PIM specified, use default value
+ if (pim < 0)
+ pim = 0;
+
memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
VirtualLock (&keyInfo, sizeof (keyInfo));