VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver/Ntvol.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Driver/Ntvol.c')
-rw-r--r--src/Driver/Ntvol.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 45a07cdb..444468c5 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
BOOL forceAccessCheck = !bRawDevice;
BOOL disableBuffering = TRUE;
BOOL exclusiveAccess = mount->bExclusiveAccess;
+ /* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/
+ BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache;
Extension->pfoDeviceFile = NULL;
Extension->hDeviceFile = NULL;
@@ -86,6 +88,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
}
mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE;
+ mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE;
// If we are opening a device, query its size first
if (bRawDevice)
@@ -602,26 +605,24 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
{
mount->nReturnCode = ReadVolumeHeaderWCache (
FALSE,
- mount->bCache,
+ bAutoCachePassword,
mount->bCachePim,
readBuffer,
&mount->ProtectedHidVolPassword,
mount->ProtectedHidVolPkcs5Prf,
mount->ProtectedHidVolPim,
- mount->bTrueCryptMode,
&tmpCryptoInfo);
}
else
{
mount->nReturnCode = ReadVolumeHeaderWCache (
mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL,
- mount->bCache,
+ bAutoCachePassword,
mount->bCachePim,
readBuffer,
&mount->VolumePassword,
mount->pkcs5_prf,
mount->VolumePim,
- mount->bTrueCryptMode,
&Extension->cryptoInfo);
}
@@ -677,10 +678,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
if (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)
{
- // Partial encryption is not supported for volumes mounted as regular
- mount->nReturnCode = ERR_ENCRYPTION_NOT_COMPLETED;
- ntStatus = STATUS_SUCCESS;
- goto error;
+ // mount as readonly in case of partial system encryption
+ Extension->bReadOnly = mount->bMountReadOnly = TRUE;
+ mount->VolumeMountedReadOnlyAfterPartialSysEnc = TRUE;
}
}
else if (Extension->cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC)
@@ -798,8 +798,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Extension->TracksPerCylinder = 1;
Extension->SectorsPerTrack = 1;
Extension->BytesPerSector = Extension->cryptoInfo->SectorSize;
- // Add extra sector since our virtual partition starts at Extension->BytesPerSector and not 0
- Extension->NumberOfCylinders = (Extension->DiskLength / Extension->BytesPerSector) + 1;
+ Extension->NumberOfCylinders = Extension->DiskLength / Extension->BytesPerSector;
Extension->PartitionType = 0;
Extension->bRawDevice = bRawDevice;
@@ -826,6 +825,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
// decrypt the hidden volume header.
if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume))
{
+ /* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/
+ if (mount->bProtectHiddenVolume && mount->bCache)
+ {
+ AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim);
+ AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim);
+ }
+
TCfree (readBuffer);
if (tmpCryptoInfo != NULL)