Windows Driver: Don't cache the password if outer volume mounting succeeds but hidden volume mounting fails

src/Common/Cache.c

@@ -146,7 +146,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade
 }
 
 
-void AddPasswordToCache (Password *password, int pim)
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
 {
 #ifdef _WIN64
 	Password tmpPass;
@@ -174,10 +174,18 @@ void AddPasswordToCache (Password *password, int pim)
 		if (IsRamEncryptionEnabled ())
 			VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
 #endif
-		CachedPim[nPasswordIdx] = pim > 0? pim : 0;
+		/* Store also PIM if requested, otherwise set to default */
+		if (bCachePim && (pim > 0))
+			CachedPim[nPasswordIdx] = pim;
+		else
+			CachedPim[nPasswordIdx] = 0;
 		nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
 		cacheEmpty = 0;
 	}
+	else if (bCachePim)
+	{
+		CachedPim[i] = pim > 0? pim : 0;
+	}
 #ifdef _WIN64
 	if (IsRamEncryptionEnabled())
 		burn (&tmpPass, sizeof (Password));
@@ -190,7 +198,7 @@ void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)
 	inputPass.Length = password->Length;
 	memcpy (inputPass.Text, password->Text, password->Length);
 
-	AddPasswordToCache (&inputPass, pim);
+	AddPasswordToCache (&inputPass, pim, TRUE);
 
 	burn (&inputPass, sizeof (inputPass));
 }

src/Common/Cache.h

@@ -20,7 +20,7 @@
 
 extern int cacheEmpty;
 
-void AddPasswordToCache (Password *password, int pim);
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);
 void AddLegacyPasswordToCache (PasswordLegacy *password, int pim);
 int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
 void WipeCache (void);

src/Driver/Ntvol.c

@@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 	BOOL forceAccessCheck = !bRawDevice;
 	BOOL disableBuffering = TRUE;
 	BOOL exclusiveAccess = mount->bExclusiveAccess;
+	/* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/
+	BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache;
 
 	Extension->pfoDeviceFile = NULL;
 	Extension->hDeviceFile = NULL;
@@ -602,7 +604,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				FALSE,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->ProtectedHidVolPassword,
@@ -615,7 +617,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->VolumePassword,
@@ -826,6 +828,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 			// decrypt the hidden volume header.
 			if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume))
 			{
+				/* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/
+				if (mount->bProtectHiddenVolume && mount->bCache)
+				{
+					AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim);
+					AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim);
+				}
+
 				TCfree (readBuffer);
 
 				if (tmpCryptoInfo != NULL)