Windows Driver: Don't cache the password if outer volume mounting succeeds but hidden volume mounting fails

2025-11-11 11:08:02 -06:00 · 2022-02-10 01:01:51 +01:00
parent 1ef05f24e2
commit aebb099da2
3 changed files with 23 additions and 6 deletions
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -146,7 +146,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade
 }
-void AddPasswordToCache (Password *password, int pim)
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
 {
 #ifdef _WIN64
 	Password tmpPass;
@@ -174,10 +174,18 @@ void AddPasswordToCache (Password *password, int pim)
 		if (IsRamEncryptionEnabled ())
 			VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
 #endif
-		CachedPim[nPasswordIdx] = pim > 0? pim : 0;
+		/* Store also PIM if requested, otherwise set to default */
 		if (bCachePim && (pim > 0))
 			CachedPim[nPasswordIdx] = pim;
 		else
 			CachedPim[nPasswordIdx] = 0;
 		nPasswordIdx = (nPasswordIdx + 1) % CACHE_SIZE;
 		cacheEmpty = 0;
 	}
 	else if (bCachePim)
 	{
 		CachedPim[i] = pim > 0? pim : 0;
 	}
 #ifdef _WIN64
 	if (IsRamEncryptionEnabled())
 		burn (&tmpPass, sizeof (Password));
@@ -190,7 +198,7 @@ void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)
 	inputPass.Length = password->Length;
 	memcpy (inputPass.Text, password->Text, password->Length);
-	AddPasswordToCache (&inputPass, pim);
+	AddPasswordToCache (&inputPass, pim, TRUE);
 	burn (&inputPass, sizeof (inputPass));
 }
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -20,7 +20,7 @@
 extern int cacheEmpty;
-void AddPasswordToCache (Password *password, int pim);
+void AddPasswordToCache (Password *password, int pim, BOOL bCachePim);
 void AddLegacyPasswordToCache (PasswordLegacy *password, int pim);
 int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
 void WipeCache (void);
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -58,6 +58,8 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 	BOOL forceAccessCheck = !bRawDevice;
 	BOOL disableBuffering = TRUE;
 	BOOL exclusiveAccess = mount->bExclusiveAccess;
 	/* when mounting with hidden volume protection, we cache the passwords after both outer and hidden volumes are mounted successfully*/
 	BOOL bAutoCachePassword = mount->bProtectHiddenVolume? FALSE : mount->bCache;
 	Extension->pfoDeviceFile = NULL;
 	Extension->hDeviceFile = NULL;
@@ -602,7 +604,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				FALSE,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->ProtectedHidVolPassword,
@@ -615,7 +617,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 		{
 			mount->nReturnCode = ReadVolumeHeaderWCache (
 				mount->bPartitionInInactiveSysEncScope && volumeType == TC_VOLUME_TYPE_NORMAL,
-				mount->bCache,
+				bAutoCachePassword,
 				mount->bCachePim,
 				readBuffer,
 				&mount->VolumePassword,
@@ -826,6 +828,13 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
 			// decrypt the hidden volume header.
 			if (!(volumeType == TC_VOLUME_TYPE_NORMAL && mount->bProtectHiddenVolume))
 			{
 				/* in case of mounting with hidden volume protection, we cache both passwords manually after bother outer and hidden volumes are mounted*/
 				if (mount->bProtectHiddenVolume && mount->bCache)
 				{
 					AddPasswordToCache(&mount->VolumePassword, mount->VolumePim, mount->bCachePim);
 					AddPasswordToCache(&mount->ProtectedHidVolPassword, mount->ProtectedHidVolPim, mount->bCachePim);
 				}
 				TCfree (readBuffer);
 				if (tmpCryptoInfo != NULL)