From 8f6c08330ac37b7729d8c1bf7276e8fede2d17fa Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 20 Dec 2015 20:11:50 +0100 Subject: Windows: Implement PIM caching, both for system encryption and for normal volumes. Add options to activate it in the Preferences and System Settings. --- src/Common/Apidrvr.h | 2 ++ src/Common/Cache.c | 26 ++++++++++++++++++++++---- src/Common/Cache.h | 4 ++-- src/Common/Dlgcode.c | 2 ++ src/Common/Dlgcode.h | 2 +- src/Common/Format.c | 2 +- src/Common/Language.xml | 2 ++ src/Common/Volumes.c | 8 ++++++++ 8 files changed, 40 insertions(+), 8 deletions(-) (limited to 'src/Common') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 5ba6c884..9ae2aeae 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -112,6 +112,7 @@ typedef struct wchar_t wszLabel[33]; // maximum label length is 32 for NTFS and 11 for FAT32 BOOL bIsNTFS; // output only BOOL bDriverSetLabel; + BOOL bCachePim; } MOUNT_STRUCT; typedef struct @@ -333,5 +334,6 @@ typedef struct #define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8 #define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10 #define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20 +#define TC_DRIVER_CONFIG_CACHE_BOOT_PIM 0x40 #endif /* _WIN32 */ diff --git a/src/Common/Cache.c b/src/Common/Cache.c index 872f4d81..3dea0877 100644 --- a/src/Common/Cache.c +++ b/src/Common/Cache.c @@ -20,13 +20,14 @@ #include "Cache.h" Password CachedPasswords[CACHE_SIZE]; +int CachedPim[CACHE_SIZE]; int cacheEmpty = 1; static int nPasswordIdx = 0; -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo) +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo) { int nReturnCode = ERR_PASSWORD_WRONG; - int i; + int i, effectivePim; /* Attempt to recognize volume using mount password */ if (password->Length > 0) @@ -47,11 +48,21 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas /* Store the password */ CachedPasswords[nPasswordIdx] = *password; + /* Store also PIM if requested, otherwise set to default */ + if (bCachePim && (pim > 0)) + CachedPim[nPasswordIdx] = pim; + else + CachedPim[nPasswordIdx] = 0; + /* Try another slot */ nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE; cacheEmpty = 0; } + else if (bCachePim) + { + CachedPim[i] = pim > 0? pim : 0; + } } } else if (!cacheEmpty) @@ -61,7 +72,13 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas { if (CachedPasswords[i].Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, pim, truecryptMode, retInfo, NULL); + if (truecryptMode) + effectivePim = 0; + else if (pim == -1) + effectivePim = CachedPim[i]; + else + effectivePim = pim; + nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, effectivePim, truecryptMode, retInfo, NULL); if (nReturnCode != ERR_PASSWORD_WRONG) break; @@ -73,7 +90,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas } -void AddPasswordToCache (Password *password) +void AddPasswordToCache (Password *password, int pim) { int i; for (i = 0; i < CACHE_SIZE; i++) @@ -83,6 +100,7 @@ void AddPasswordToCache (Password *password) } CachedPasswords[nPasswordIdx] = *password; + CachedPim[nPasswordIdx] = pim > 0? pim : 0; nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE; cacheEmpty = 0; } diff --git a/src/Common/Cache.h b/src/Common/Cache.h index 47c7d48c..c22bfa1f 100644 --- a/src/Common/Cache.h +++ b/src/Common/Cache.h @@ -20,6 +20,6 @@ extern int cacheEmpty; -void AddPasswordToCache (Password *password); -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo); +void AddPasswordToCache (Password *password, int pim); +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo); void WipeCache (void); diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index cb15052c..db14ecea 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -6622,6 +6622,7 @@ int MountVolume (HWND hwndDlg, int pim, BOOL truecryptMode, BOOL cachePassword, + BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, @@ -6670,6 +6671,7 @@ int MountVolume (HWND hwndDlg, retry: mount.nDosDriveNo = driveNo; mount.bCache = cachePassword; + mount.bCachePim = cachePim; mount.bPartitionInInactiveSysEncScope = FALSE; diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index e857f948..1081420d 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -336,7 +336,7 @@ BOOL IsDriveAvailable (int driveNo); BOOL IsDeviceMounted (wchar_t *deviceName); int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced); void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap); -int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); +int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL truecryptMode, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount); BOOL UnmountVolumeAfterFormatExCall (HWND hwndDlg, int nDosDriveNo); BOOL IsPasswordCacheEmpty (void); diff --git a/src/Common/Format.c b/src/Common/Format.c index 43916273..701676fa 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -634,7 +634,7 @@ error: mountOptions.PartitionInInactiveSysEncScope = FALSE; mountOptions.UseBackupHeader = FALSE; - if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) + if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) { if (!Silent) { diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 3c8fbfcf..b4ac5b33 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -111,6 +111,7 @@ &Start VeraCrypt Auto-&Detect Library &Cache pre-boot authentication password in driver memory (for mounting of non-system volumes) + Include &PIM when caching pre-boot authentication password Browse... Browse... Cache passwords and keyfil&es in memory @@ -159,6 +160,7 @@ (Empty or 0 for default iterations) Enabled Cache passwords in driver memory + Include PIM when caching a password Auto-dismount volume after no data has been read/written to it for User logs off User session locked diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 3f0c5b67..b19b8114 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -187,6 +187,10 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int LONG outstandingWorkItemCount = 0; int i; + // if no PIM specified, use default value + if (pim < 0) + pim = 0; + if (truecryptMode) { // SHA-256 not supported in TrueCrypt mode @@ -806,6 +810,10 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, if (cryptoInfo == NULL) return ERR_OUTOFMEMORY; + // if no PIM specified, use default value + if (pim < 0) + pim = 0; + memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE); VirtualLock (&keyInfo, sizeof (keyInfo)); -- cgit v1.2.3