diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-07-27 02:36:23 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:21:43 +0100 |
| commit | 1c11ee428d9e06be1440133f6d1163ce6c709410 (patch) | |
| tree | d593910f3e6e3d2441bfd4bfe25d6e58c508a0b0 | |
| parent | 97154aaf51efe787dd1678c8e1baeeb65ce46fe1 (diff) | |
| download | VeraCrypt-1c11ee428d9e06be1440133f6d1163ce6c709410.tar.gz VeraCrypt-1c11ee428d9e06be1440133f6d1163ce6c709410.zip | |
Add option in select the number of passes for volume header over-writing. By default, it is set to 3 but it can be increased to 256 passes (which can lead to a delay of many hours for a single password change operation).
| -rw-r--r-- | src/Common/BootEncryption.cpp | 8 | ||||
| -rw-r--r-- | src/Common/BootEncryption.h | 2 | ||||
| -rw-r--r-- | src/Common/Dlgcode.c | 19 | ||||
| -rw-r--r-- | src/Common/Dlgcode.h | 2 | ||||
| -rw-r--r-- | src/Common/Password.c | 8 | ||||
| -rw-r--r-- | src/Common/Password.h | 2 | ||||
| -rw-r--r-- | src/Common/Wipe.c | 4 | ||||
| -rw-r--r-- | src/Common/Wipe.h | 3 | ||||
| -rw-r--r-- | src/Format/Tcformat.c | 11 | ||||
| -rw-r--r-- | src/Mount/MainCom.cpp | 8 | ||||
| -rw-r--r-- | src/Mount/MainCom.h | 2 | ||||
| -rw-r--r-- | src/Mount/MainCom.idl | 2 | ||||
| -rw-r--r-- | src/Mount/Mount.c | 15 | ||||
| -rw-r--r-- | src/Mount/Mount.rc | 10 | ||||
| -rw-r--r-- | src/Mount/Mount.vcproj | 4 | ||||
| -rw-r--r-- | src/Mount/Resource.h | 2 |
16 files changed, 67 insertions, 35 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 0fec2878..e57a434e 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2043,41 +2043,41 @@ namespace VeraCrypt }
catch (...) { }
try
{
if (displayWaitDialog)
DisplayStaticModelessWaitDlg (ParentWindow);
finally_do_arg (bool, displayWaitDialog, { if (finally_arg) CloseStaticModelessWaitDlg(); });
RestoreSystemLoader ();
}
catch (Exception &e)
{
e.Show (ParentWindow);
throw ErrorException ("SYS_LOADER_RESTORE_FAILED");
}
}
- int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5)
+ int BootEncryption::ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount)
{
BootEncryptionStatus encStatus = GetStatus();
if (encStatus.SetupInProgress)
throw ParameterIncorrect (SRC_POS);
SystemDriveConfiguration config = GetSystemDriveConfiguration ();
char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
Device device (config.DevicePath);
// Only one algorithm is currently supported
if (pkcs5 != 0)
throw ParameterIncorrect (SRC_POS);
int64 headerOffset = TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET;
int64 backupHeaderOffset = -1;
if (encStatus.HiddenSystem)
{
@@ -2108,80 +2108,80 @@ namespace VeraCrypt if (status != 0)
{
handleError (ParentWindow, status);
return status;
}
// Change the PKCS-5 PRF if requested by user
if (pkcs5 != 0)
{
cryptoInfo->pkcs5 = pkcs5;
RandSetHashFunction (pkcs5);
}
throw_sys_if (Randinit () != 0);
finally_do ({ RandStop (FALSE); });
NormalCursor();
UserEnrichRandomPool (ParentWindow);
WaitCursor();
- /* The header will be re-encrypted PRAND_DISK_WIPE_PASSES times to prevent adversaries from using
+ /* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
impatiently interupt the process (etc.) we will not use the Gutmann's patterns but will write the
valid re-encrypted header, i.e. pseudorandom data, and there will be many more passes than Guttman
recommends. During each pass we will write a valid working header. Each pass will use the same master
key, and also the same header key, secondary key (XTS), etc., derived from the new password. The only
item that will be different for each pass will be the salt. This is sufficient to cause each "version"
of the header to differ substantially and in a random manner from the versions written during the
other passes. */
bool headerUpdated = false;
int result = ERR_SUCCESS;
try
{
BOOL backupHeader = FALSE;
while (TRUE)
{
- for (int wipePass = 0; wipePass < PRAND_DISK_WIPE_PASSES; wipePass++)
+ for (int wipePass = 0; wipePass < wipePassCount; wipePass++)
{
PCRYPTO_INFO tmpCryptoInfo = NULL;
status = CreateVolumeHeaderInMemory (!encStatus.HiddenSystem,
header,
cryptoInfo->ea,
cryptoInfo->mode,
newPassword,
cryptoInfo->pkcs5,
(char *) cryptoInfo->master_keydata,
&tmpCryptoInfo,
cryptoInfo->VolumeSize.Value,
cryptoInfo->hiddenVolumeSize,
cryptoInfo->EncryptedAreaStart.Value,
cryptoInfo->EncryptedAreaLength.Value,
cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags | TC_HEADER_FLAG_ENCRYPTED_SYSTEM,
cryptoInfo->SectorSize,
- wipePass < PRAND_DISK_WIPE_PASSES - 1);
+ wipePass < wipePassCount - 1);
if (tmpCryptoInfo)
crypto_close (tmpCryptoInfo);
if (status != 0)
{
handleError (ParentWindow, status);
return status;
}
device.SeekAt (headerOffset);
device.Write ((byte *) header, sizeof (header));
headerUpdated = true;
}
if (!encStatus.HiddenSystem || backupHeader)
break;
backupHeader = TRUE;
headerOffset = backupHeaderOffset;
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 88830988..a52f286b 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -124,41 +124,41 @@ namespace VeraCrypt bool SystemLoaderPresent;
};
class BootEncryption
{
public:
BootEncryption (HWND parent);
~BootEncryption ();
enum FilterType
{
DriveFilter,
VolumeFilter,
DumpFilter
};
void AbortDecoyOSWipe ();
void AbortSetup ();
void AbortSetupWait ();
void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0);
- int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5);
+ int ChangePassword (Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount);
void CheckDecoyOSWipeResult ();
void CheckEncryptionSetupResult ();
void CheckRequirements ();
void CheckRequirementsHiddenOS ();
void CopyFileAdmin (const string &sourceFile, const string &destinationFile);
void CreateRescueIsoImage (bool initialSetup, const string &isoImagePath);
void Deinstall (bool displayWaitDialog = false);
void DeleteFileAdmin (const string &file);
DecoySystemWipeStatus GetDecoyOSWipeStatus ();
DWORD GetDriverServiceStartType ();
unsigned int GetHiddenOSCreationPhase ();
uint16 GetInstalledBootLoaderVersion ();
Partition GetPartitionForHiddenOS ();
bool IsBootLoaderOnDrive (char *devicePath);
BootEncryptionStatus GetStatus ();
string GetTempPath ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration ();
void Install (bool hiddenSystem);
void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 092c8c6f..a7c5e788 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -1548,78 +1548,87 @@ SelectAlgo (HWND hComboBox, int *algo_id) for (i = 0; i < nCount; i++)
{
x = SendMessage (hComboBox, CB_GETITEMDATA, i, 0);
if (x == (LPARAM) *algo_id)
{
SendMessage (hComboBox, CB_SETCURSEL, i, 0);
return;
}
}
/* Something went wrong ; couldn't find the requested algo id so we drop
back to a default */
*algo_id = SendMessage (hComboBox, CB_GETITEMDATA, 0, 0);
SendMessage (hComboBox, CB_SETCURSEL, 0, 0);
}
-void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption)
+void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, BOOL bHeaderWipe)
{
if (bNA)
{
AddComboPairW (hComboBox, GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE"), TC_WIPE_NONE);
}
else
{
- if (bInPlaceEncryption)
- AddComboPairW (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
- else
- AddComboPairW (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);
+ if (!bHeaderWipe)
+ {
+ if (bInPlaceEncryption)
+ AddComboPairW (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
+ else
+ AddComboPairW (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);
+ }
AddComboPairW (hComboBox, GetString ("WIPE_MODE_3_DOD_5220"), TC_WIPE_3_DOD_5220);
AddComboPairW (hComboBox, GetString ("WIPE_MODE_7_DOD_5220"), TC_WIPE_7_DOD_5220);
AddComboPairW (hComboBox, GetString ("WIPE_MODE_35_GUTMANN"), TC_WIPE_35_GUTMANN);
+
+ if (bHeaderWipe)
+ AddComboPairW (hComboBox, GetString ("WIPE_MODE_256"), TC_WIPE_256); // paranoid wipe for volume header
}
}
wchar_t *GetWipeModeName (WipeAlgorithmId modeId)
{
switch (modeId)
{
case TC_WIPE_NONE:
return GetString ("WIPE_MODE_NONE");
case TC_WIPE_1_RAND:
return GetString ("WIPE_MODE_1_RAND");
case TC_WIPE_3_DOD_5220:
return GetString ("WIPE_MODE_3_DOD_5220");
case TC_WIPE_7_DOD_5220:
return GetString ("WIPE_MODE_7_DOD_5220");
case TC_WIPE_35_GUTMANN:
return GetString ("WIPE_MODE_35_GUTMANN");
+ case TC_WIPE_256:
+ return GetString ("WIPE_MODE_256");
+
default:
return GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE");
}
}
wchar_t *GetPathType (const char *path, BOOL bUpperCase, BOOL *bIsPartition)
{
if (strstr (path, "Partition")
&& strstr (path, "Partition0") == NULL)
{
*bIsPartition = TRUE;
return GetString (bUpperCase ? "PARTITION_UPPER_CASE" : "PARTITION_LOWER_CASE");
}
else if (strstr (path, "HarddiskVolume"))
{
*bIsPartition = TRUE;
return GetString (bUpperCase ? "VOLUME_UPPER_CASE" : "VOLUME_LOWER_CASE");
}
*bIsPartition = FALSE;
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 11686f89..7faf6bc0 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -242,41 +242,41 @@ void CloseStaticModelessWaitDlg (void); BOOL IsButtonChecked ( HWND hButton );
void CheckButton ( HWND hButton );
void LeftPadString (char *szTmp, int len, int targetLen, char filler);
void ToSBCS ( LPWSTR lpszText, size_t cbSize );
void ToUNICODE ( char *lpszText , size_t cbSize);
void InitDialog ( HWND hwndDlg );
void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess);
HDC CreateMemBitmap ( HINSTANCE hInstance , HWND hwnd , char *resource );
HBITMAP RenderBitmap ( char *resource , HWND hwndDest , int x , int y , int nWidth , int nHeight , BOOL bDirectRender , BOOL bKeepAspectRatio);
LRESULT CALLBACK RedTick ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );
BOOL RegisterRedTick ( HINSTANCE hInstance );
BOOL UnregisterRedTick ( HINSTANCE hInstance );
LRESULT CALLBACK SplashDlgProc ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );
void WaitCursor ( void );
void NormalCursor ( void );
void ArrowWaitCursor ( void );
void HandCursor ();
void AddComboPair (HWND hComboBox, const char *lpszItem, int value);
void AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value);
void SelectAlgo ( HWND hComboBox , int *nCipher );
-void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption);
+void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, BOOL bHeaderWipe);
wchar_t *GetWipeModeName (WipeAlgorithmId modeId);
wchar_t *GetPathType (const char *path, BOOL bUpperCase, BOOL *bIsPartition);
LRESULT CALLBACK CustomDlgProc ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );
BOOL TCCreateMutex (volatile HANDLE *hMutex, char *name);
void TCCloseMutex (volatile HANDLE *hMutex);
BOOL MutexExistsOnSystem (char *name);
BOOL CreateSysEncMutex (void);
BOOL InstanceHasSysEncMutex (void);
void CloseSysEncMutex (void);
BOOL CreateNonSysInplaceEncMutex (void);
BOOL InstanceHasNonSysInplaceEncMutex (void);
void CloseNonSysInplaceEncMutex (void);
BOOL NonSysInplaceEncInProgressElsewhere (void);
BOOL CreateDriverSetupMutex (void);
void CloseDriverSetupMutex (void);
BOOL CreateAppSetupMutex (void);
BOOL InstanceHasAppSetupMutex (void);
void CloseAppSetupMutex (void);
BOOL IsTrueCryptInstallerRunning (void);
uint32 ReadDriverConfigurationFlags ();
diff --git a/src/Common/Password.c b/src/Common/Password.c index ca86f9c4..c23bd4fa 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -102,41 +102,41 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw) if (i < len)
return FALSE;
}
return TRUE;
}
BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem)
{
if (GetWindowTextLength (hwndItem) < PASSWORD_LEN_WARNING)
{
#ifndef _DEBUG
if (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES)
return FALSE;
#endif
}
return TRUE;
}
-int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg)
+int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
char szDosDevice[TC_MAX_PATH];
char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
void *dev = INVALID_HANDLE_VALUE;
DWORD dwError;
DWORD bytesRead;
BOOL bDevice;
unsigned __int64 hostSize = 0;
int volumeType;
int wipePass;
FILETIME ftCreationTime;
FILETIME ftLastWriteTime;
FILETIME ftLastAccessTime;
BOOL bTimeStampValid = FALSE;
LARGE_INTEGER headerOffset;
BOOL backupHeader;
DISK_GEOMETRY driveInfo;
@@ -306,71 +306,71 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw nStatus = ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG;
goto error;
}
// Change the PKCS-5 PRF if requested by user
if (pkcs5 != 0)
cryptoInfo->pkcs5 = pkcs5;
RandSetHashFunction (cryptoInfo->pkcs5);
NormalCursor();
UserEnrichRandomPool (hwndDlg);
EnableElevatedCursorChange (hwndDlg);
WaitCursor();
/* Re-encrypt the volume header */
backupHeader = FALSE;
while (TRUE)
{
- /* The header will be re-encrypted PRAND_DISK_WIPE_PASSES times to prevent adversaries from using
+ /* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
impatiently interupt the process (etc.) we will not use the Gutmann's patterns but will write the
valid re-encrypted header, i.e. pseudorandom data, and there will be many more passes than Guttman
recommends. During each pass we will write a valid working header. Each pass will use the same master
key, and also the same header key, secondary key (XTS), etc., derived from the new password. The only
item that will be different for each pass will be the salt. This is sufficient to cause each "version"
of the header to differ substantially and in a random manner from the versions written during the
other passes. */
- for (wipePass = 0; wipePass < PRAND_DISK_WIPE_PASSES; wipePass++)
+ for (wipePass = 0; wipePass < wipePassCount; wipePass++)
{
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (FALSE,
buffer,
cryptoInfo->ea,
cryptoInfo->mode,
newPassword,
cryptoInfo->pkcs5,
cryptoInfo->master_keydata,
&ci,
cryptoInfo->VolumeSize.Value,
(volumeType == TC_VOLUME_TYPE_HIDDEN || volumeType == TC_VOLUME_TYPE_HIDDEN_LEGACY) ? cryptoInfo->hiddenVolumeSize : 0,
cryptoInfo->EncryptedAreaStart.Value,
cryptoInfo->EncryptedAreaLength.Value,
cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags,
cryptoInfo->SectorSize,
- wipePass < PRAND_DISK_WIPE_PASSES - 1);
+ wipePass < wipePassCount - 1);
if (ci != NULL)
crypto_close (ci);
if (nStatus != 0)
goto error;
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (!WriteEffectiveVolumeHeader (bDevice, dev, buffer))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (bDevice
diff --git a/src/Common/Password.h b/src/Common/Password.h index d4f1f928..887c6160 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -18,29 +18,29 @@ #define PASSWORD_LEN_WARNING 20 // Display a warning when a password is shorter than this
#ifdef __cplusplus
extern "C" {
#endif
typedef struct
{
// Modifying this structure can introduce incompatibility with previous versions
unsigned __int32 Length;
unsigned char Text[MAX_PASSWORD + 1];
char Pad[3]; // keep 64-bit alignment
} Password;
#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);
BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
-int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg);
+int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
#ifdef __cplusplus
}
#endif
#endif // PASSWORD_H
diff --git a/src/Common/Wipe.c b/src/Common/Wipe.c index 265ac217..f06862e2 100644 --- a/src/Common/Wipe.c +++ b/src/Common/Wipe.c @@ -138,50 +138,54 @@ wipe3: return TRUE;
}
int GetWipePassCount (WipeAlgorithmId algorithm)
{
switch (algorithm)
{
case TC_WIPE_1_RAND:
return 1;
case TC_WIPE_3_DOD_5220:
return 3;
case TC_WIPE_7_DOD_5220:
return 7;
case TC_WIPE_35_GUTMANN:
return 35;
+ case TC_WIPE_256:
+ return 256;
+
default:
TC_THROW_FATAL_EXCEPTION;
}
return 0; // Prevent compiler warnings
}
BOOL WipeBuffer (WipeAlgorithmId algorithm, byte randChars[TC_WIPE_RAND_CHAR_COUNT], int pass, byte *buffer, size_t size)
{
switch (algorithm)
{
case TC_WIPE_1_RAND:
+ case TC_WIPE_256:
return Wipe1PseudoRandom (pass, buffer, size);
case TC_WIPE_3_DOD_5220:
return Wipe3Dod5220 (pass, buffer, size);
case TC_WIPE_7_DOD_5220:
return Wipe7Dod5220 (pass, randChars, buffer, size);
case TC_WIPE_35_GUTMANN:
return Wipe35Gutmann (pass, buffer, size);
default:
TC_THROW_FATAL_EXCEPTION;
}
return FALSE; // Prevent compiler warnings
}
diff --git a/src/Common/Wipe.h b/src/Common/Wipe.h index dd331c9d..a30a9139 100644 --- a/src/Common/Wipe.h +++ b/src/Common/Wipe.h @@ -7,34 +7,35 @@ */
#ifndef TC_HEADER_Common_Wipe
#define TC_HEADER_Common_Wipe
#include "Tcdefs.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum
{
/* WARNING: As these values are written to config files, if they or their meanings
are changed, incompatiblity with other versions may arise (upgrade, downgrade, etc.).
When adding a new constant, verify that the value is unique within this block. */
TC_WIPE_NONE = 0,
TC_WIPE_1_RAND = 100,
TC_WIPE_3_DOD_5220 = 300,
TC_WIPE_7_DOD_5220 = 700,
- TC_WIPE_35_GUTMANN = 3500
+ TC_WIPE_35_GUTMANN = 3500,
+ TC_WIPE_256 = 25600
} WipeAlgorithmId;
#define TC_WIPE_RAND_CHAR_COUNT 3
int GetWipePassCount (WipeAlgorithmId algorithm);
BOOL WipeBuffer (WipeAlgorithmId algorithm, byte randChars[TC_WIPE_RAND_CHAR_COUNT], int pass, byte *buffer, size_t size);
#ifdef __cplusplus
}
#endif
#endif // TC_HEADER_Common_Wipe
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index d0b247fa..3fd9ea31 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -4085,41 +4085,42 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa // Rescue Disk has been verified, no need to go back
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
// Prevent losing the burned rescue disk by inadvertent exit
bConfirmQuit = TRUE;
break;
case SYSENC_WIPE_MODE_PAGE:
case NONSYS_INPLACE_ENC_WIPE_MODE_PAGE:
{
if (nWipeMode == TC_WIPE_1_RAND)
nWipeMode = TC_WIPE_NONE;
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("INPLACE_ENC_WIPE_MODE_INFO"));
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
- TRUE);
+ TRUE,
+ FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
}
break;
case SYSENC_PRETEST_INFO_PAGE:
if (bHiddenOS)
{
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("HIDDEN_OS_CREATION_PREINFO_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("HIDDEN_OS_CREATION_PREINFO_HELP"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("START"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
}
@@ -4195,47 +4196,47 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPT" : "DECRYPT"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_PAUSE),
GetString (bSystemEncryptionInProgress ? "IDC_PAUSE" : "RESUME"));
EnableWindow (GetDlgItem (hwndDlg, IDC_PAUSE), BootEncStatus.DriveEncrypted);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), !BootEncStatus.SetupInProgress);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDHELP), TRUE);
ToHyperlink (hwndDlg, IDC_MORE_INFO_SYS_ENCRYPTION);
if (SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING)
{
nWipeMode = TC_WIPE_NONE;
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), FALSE);
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE);
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
else
{
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), !bSystemEncryptionInProgress);
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE);
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
PostMessage (hwndDlg, TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS, 0, 0);
}
else
{
Error ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE");
EndMainDlg (MainDlg);
return 0;
}
return 0;
case NONSYS_INPLACE_ENC_RESUME_PARTITION_SEL_PAGE:
{
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("FILE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("NONSYS_INPLACE_ENC_RESUME_VOL_SELECT_HELP"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
@@ -4266,41 +4267,41 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("NONSYS_INPLACE_ENC_ENCRYPTION_PAGE_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString (bInPlaceEncNonSysResumed ? "DEFER" : "CANCEL"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString (bInPlaceEncNonSysResumed ? "RESUME" : "ENCRYPT"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_PAUSE), GetString ("IDC_PAUSE"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bInPlaceEncNonSysResumed);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDHELP), TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PAUSE), FALSE);
ShowWindow (GetDlgItem (hwndDlg, IDC_MORE_INFO_SYS_ENCRYPTION), SW_HIDE);
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE);
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE);
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
break;
case NONSYS_INPLACE_ENC_ENCRYPTION_FINISHED_PAGE:
bConfirmQuit = FALSE;
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("NONSYS_INPLACE_ENC_FINISHED_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("NONSYS_INPLACE_ENC_FINISHED_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("FINALIZE"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("EXIT"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), FALSE);
@@ -4567,41 +4568,41 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (bHiddenOS && IsHiddenOSRunning())
{
// Decoy system partition wipe
WipeAbort(); // In case the GUI previously crashed and the driver is still wiping
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
}
else
{
// Regular device wipe (not decoy system partition wipe)
// Title bar
SetWindowText (MainDlg, TC_APP_NAME);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
}
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("WIPE_MODE_INFO"));
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE);
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
break;
case DEVICE_WIPE_PAGE:
if (bHiddenOS && IsHiddenOSRunning())
{
// Decoy system partition wipe
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("DEVICE_WIPE_PAGE_INFO_HIDDEN_OS"));
}
else
diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp index 537a187f..829cd21f 100644 --- a/src/Mount/MainCom.cpp +++ b/src/Mount/MainCom.cpp @@ -83,47 +83,47 @@ public: else
return ERR_OUTOFMEMORY;
}
virtual int STDMETHODCALLTYPE RestoreVolumeHeader (LONG_PTR hwndDlg, BSTR lpszVolume)
{
USES_CONVERSION;
CW2A szVolumeA(lpszVolume);
MainDlg = (HWND) hwndDlg;
if (szVolumeA.m_psz)
return ::RestoreVolumeHeader ((HWND) hwndDlg, szVolumeA.m_psz);
else
return ERR_OUTOFMEMORY;
}
virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output)
{
return BaseCom::CallDriver (ioctl, input, output);
}
- virtual int STDMETHODCALLTYPE ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, LONG_PTR hWnd)
+ virtual int STDMETHODCALLTYPE ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd)
{
USES_CONVERSION;
CW2A volumePathA(volumePath);
MainDlg = (HWND) hWnd;
if (volumePathA.m_psz)
- return ::ChangePwd (volumePathA.m_psz, oldPassword, newPassword, pkcs5, (HWND) hWnd);
+ return ::ChangePwd (volumePathA.m_psz, oldPassword, newPassword, pkcs5, wipePassCount,(HWND) hWnd);
else
return ERR_OUTOFMEMORY;
}
virtual DWORD STDMETHODCALLTYPE CopyFile (BSTR sourceFile, BSTR destinationFile)
{
return BaseCom::CopyFile (sourceFile, destinationFile);
}
virtual DWORD STDMETHODCALLTYPE DeleteFile (BSTR file)
{
return BaseCom::DeleteFile (file);
}
virtual BOOL STDMETHODCALLTYPE IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly)
{
return BaseCom::IsPagingFileActive (checkNonWindowsPartitionsOnly);
}
virtual DWORD STDMETHODCALLTYPE ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *bufferBstr, unsigned __int64 offset, unsigned __int32 size, DWORD *sizeDone)
@@ -244,36 +244,36 @@ extern "C" int UacBackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, c extern "C" int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume)
{
CComPtr<ITrueCryptMainCom> tc;
int r;
CoInitialize (NULL);
if (ComGetInstance (hwndDlg, &tc))
r = tc->RestoreVolumeHeader ((LONG_PTR) hwndDlg, CComBSTR (lpszVolume));
else
r = -1;
CoUninitialize ();
return r;
}
-extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg)
+extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
{
CComPtr<ITrueCryptMainCom> tc;
int r;
if (ComGetInstance (hwndDlg, &tc))
{
WaitCursor ();
- r = tc->ChangePassword (CComBSTR (lpszVolume), oldPassword, newPassword, pkcs5, (LONG_PTR) hwndDlg);
+ r = tc->ChangePassword (CComBSTR (lpszVolume), oldPassword, newPassword, pkcs5, wipePassCount, (LONG_PTR) hwndDlg);
NormalCursor ();
}
else
r = -1;
return r;
}
diff --git a/src/Mount/MainCom.h b/src/Mount/MainCom.h index 44d9db45..a22eb345 100644 --- a/src/Mount/MainCom.h +++ b/src/Mount/MainCom.h @@ -6,27 +6,27 @@ packages.
*/
#ifndef TC_HEADER_MAIN_COM
#define TC_HEADER_MAIN_COM
#include <windows.h>
#ifdef __cplusplus
#include "MainCom_h.h"
ITrueCryptMainCom *GetElevatedInstance (HWND parent);
extern "C" {
#endif
BOOL ComServerMain ();
void UacAnalyzeKernelMiniDump (HWND hwndDlg);
int UacBackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, char *lpszVolume);
int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume);
-int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, HWND hwndDlg);
+int UacChangePwd (char *lpszVolume, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
#ifdef __cplusplus
}
#endif
#endif // TC_HEADER_MAIN_COM
diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl index 8999d4ec..8550fe8f 100644 --- a/src/Mount/MainCom.idl +++ b/src/Mount/MainCom.idl @@ -10,41 +10,41 @@ import "wtypes.idl"; import "..\Common\Password.h";
[
uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
helpstring("VeraCrypt Main UAC Support Library"),
version(2.4) // Update ComSetup.cpp when changing version number
]
library TrueCryptMainCom
{
[
uuid(C786E27C-2801-482c-B45D-D4357B270A29),
object,
oleautomation,
helpstring("VeraCrypt Main UAC Support Interface")
]
interface ITrueCryptMainCom : IUnknown
{
void AnalyzeKernelMiniDump (LONG_PTR hwndDlg);
int BackupVolumeHeader (LONG_PTR hwndDlg, BOOL bRequireConfirmation, BSTR lpszVolume);
DWORD CallDriver (DWORD ioctl, BSTR input, BSTR *output);
- int ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, LONG_PTR hWnd);
+ int ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
DWORD CopyFile (BSTR sourceFile, BSTR destinationFile);
DWORD DeleteFile (BSTR file);
BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);
DWORD ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *bufferBstr, unsigned __int64 offset, unsigned __int32 size, DWORD *sizeDone);
DWORD RegisterFilterDriver (BOOL registerDriver, int filterType);
DWORD RegisterSystemFavoritesService (BOOL registerService);
int RestoreVolumeHeader (LONG_PTR hwndDlg, BSTR lpszVolume);
DWORD SetDriverServiceStartType (DWORD startType);
DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
};
[
uuid(FE8B3B95-C80C-41f7-830F-FBA271C26F7E),
helpstring("VeraCrypt Main UAC Support Coclass")
]
coclass TrueCryptMainCom
{
[default] interface ITrueCryptMainCom;
}
}
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 380cd04a..6b11c178 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -1379,71 +1379,75 @@ static void PasswordChangeEnable (HWND hwndDlg, int button, int passwordId, BOOL }
/* Except in response to the WM_INITDIALOG message, the dialog box procedure
should return nonzero if it processes the message, and zero if it does
not. - see DialogProc */
BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
static KeyFilesDlgParam newKeyFilesParam;
WORD lw = LOWORD (wParam);
WORD hw = HIWORD (wParam);
switch (msg)
{
case WM_INITDIALOG:
{
LPARAM nIndex;
HWND hComboBox = GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID);
int i;
+ WipeAlgorithmId headerWipeMode = TC_WIPE_3_DOD_5220;
ZeroMemory (&newKeyFilesParam, sizeof (newKeyFilesParam));
SetWindowTextW (hwndDlg, GetString ("IDD_PASSWORDCHANGE_DLG"));
LocalizeDialog (hwndDlg, "IDD_PASSWORDCHANGE_DLG");
SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_VERIFY), EM_LIMITTEXT, MAX_PASSWORD, 0);
EnableWindow (GetDlgItem (hwndDlg, IDOK), FALSE);
SetCheckBox (hwndDlg, IDC_ENABLE_KEYFILES, KeyFilesEnable);
EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES), TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), TRUE);
SendMessage (hComboBox, CB_RESETCONTENT, 0, 0);
nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("UNCHANGED"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
if (!HashIsDeprecated (i))
{
nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
}
}
SendMessage (hComboBox, CB_SETCURSEL, 0, 0);
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, FALSE, TRUE);
+ SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &headerWipeMode);
+
switch (pwdChangeDlgMode)
{
case PCDM_CHANGE_PKCS5_PRF:
SetWindowTextW (hwndDlg, GetString ("IDD_PCDM_CHANGE_PKCS5_PRF"));
LocalizeDialog (hwndDlg, "IDD_PCDM_CHANGE_PKCS5_PRF");
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_NEW_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_CONFIRM_PASSWORD), FALSE);
break;
case PCDM_ADD_REMOVE_VOL_KEYFILES:
SetWindowTextW (hwndDlg, GetString ("IDD_PCDM_ADD_REMOVE_VOL_KEYFILES"));
LocalizeDialog (hwndDlg, "IDD_PCDM_ADD_REMOVE_VOL_KEYFILES");
newKeyFilesParam.EnableKeyFiles = TRUE;
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
@@ -1734,40 +1738,45 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR if (lw == IDC_SHOW_PASSWORD_CHPWD_NEW)
{
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD),
EM_SETPASSWORDCHAR,
GetCheckBox (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW) ? 0 : '*',
0);
SendMessage (GetDlgItem (hwndDlg, IDC_VERIFY),
EM_SETPASSWORDCHAR,
GetCheckBox (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW) ? 0 : '*',
0);
InvalidateRect (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL, TRUE);
InvalidateRect (GetDlgItem (hwndDlg, IDC_VERIFY), NULL, TRUE);
return 1;
}
if (lw == IDOK)
{
HWND hParent = GetParent (hwndDlg);
Password oldPassword;
Password newPassword;
+ WipeAlgorithmId headerWiperMode = (WipeAlgorithmId) SendMessage (
+ GetDlgItem (hwndDlg, IDC_WIPE_MODE),
+ CB_GETITEMDATA,
+ SendMessage (GetDlgItem (hwndDlg, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
+ 0);
int nStatus;
int pkcs5 = SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
if (!CheckPasswordCharEncoding (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL))
{
Error ("UNSUPPORTED_CHARS_IN_PWD");
return 1;
}
if (pwdChangeDlgMode == PCDM_CHANGE_PKCS5_PRF)
{
newKeyFilesParam.EnableKeyFiles = KeyFilesEnable;
}
else if (!(newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL)
&& pwdChangeDlgMode == PCDM_CHANGE_PASSWORD)
{
if (!CheckPasswordLength (hwndDlg, GetDlgItem (hwndDlg, IDC_PASSWORD)))
return 1;
}
@@ -1796,60 +1805,60 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR if (KeyFilesEnable)
KeyFilesApply (&oldPassword, FirstKeyFile);
if (newKeyFilesParam.EnableKeyFiles)
{
if (!KeyFilesApply (&newPassword, pwdChangeDlgMode == PCDM_CHANGE_PKCS5_PRF ? FirstKeyFile : newKeyFilesParam.FirstKeyFile))
{
nStatus = ERR_DONT_REPORT;
goto err;
}
}
if (bSysEncPwdChangeDlgMode)
{
// System
pkcs5 = 0; // PKCS-5 PRF unchanged (currently system encryption supports only RIPEMD-160)
try
{
- nStatus = BootEncObj->ChangePassword (&oldPassword, &newPassword, pkcs5);
+ nStatus = BootEncObj->ChangePassword (&oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode));
}
catch (Exception &e)
{
e.Show (MainDlg);
nStatus = ERR_OS_ERROR;
}
}
else
{
// Non-system
- nStatus = ChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, hwndDlg);
+ nStatus = ChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode), hwndDlg);
if (nStatus == ERR_OS_ERROR
&& GetLastError () == ERROR_ACCESS_DENIED
&& IsUacSupported ()
&& IsVolumeDeviceHosted (szFileName))
{
- nStatus = UacChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, hwndDlg);
+ nStatus = UacChangePwd (szFileName, &oldPassword, &newPassword, pkcs5, GetWipePassCount(headerWiperMode), hwndDlg);
}
}
err:
burn (&oldPassword, sizeof (oldPassword));
burn (&newPassword, sizeof (newPassword));
NormalCursor ();
if (nStatus == 0)
{
// Attempt to wipe passwords stored in the input field buffers
char tmp[MAX_PASSWORD+1];
memset (tmp, 'X', MAX_PASSWORD);
tmp[MAX_PASSWORD] = 0;
SetWindowText (GetDlgItem (hwndDlg, IDC_PASSWORD), tmp);
SetWindowText (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD), tmp);
SetWindowText (GetDlgItem (hwndDlg, IDC_VERIFY), tmp);
KeyFileRemoveAll (&newKeyFilesParam.FirstKeyFile);
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index 05dc0f23..fcae0c36 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -84,64 +84,66 @@ BEGIN PUSHBUTTON "Cancel",IDCANCEL,281,262,50,14
GROUPBOX "Windows",IDT_WINDOWS_RELATED_SETTING,4,160,328,52
GROUPBOX "Default Mount Options",IDT_DEFAULT_MOUNT_OPTIONS,4,3,328,26
GROUPBOX "VeraCrypt Background Task",IDT_TASKBAR_ICON,4,33,328,26
GROUPBOX "Auto-Dismount",IDT_AUTO_DISMOUNT,4,94,328,62
LTEXT "minutes",IDT_MINUTES,289,129,39,10
LTEXT "Dismount all when:",IDT_AUTO_DISMOUNT_ON,9,110,71,17
GROUPBOX "Password Cache",IDT_PW_CACHE_OPTIONS,4,216,328,39
GROUPBOX "Actions to perform upon logon to Windows",IDT_LOGON,4,63,328,28
END
IDD_VOLUME_PROPERTIES DIALOGEX 60, 30, 284, 186
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Properties"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
DEFPUSHBUTTON "OK",IDOK,114,166,55,14
CONTROL "",IDC_VOLUME_PROPERTIES_LIST,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,7,6,269,154
END
-IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 316, 162
+IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 316, 183
STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Change Password or Keyfiles"
CLASS "CustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_OLD_PASSWORD,89,14,147,13,ES_PASSWORD | ES_AUTOHSCROLL
CONTROL "Use keyfiles",IDC_ENABLE_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,34,86,10
PUSHBUTTON "Keyfiles...",IDC_KEYFILES,177,32,59,14
CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_ORI,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,46,138,10,WS_EX_TRANSPARENT
EDITTEXT IDC_PASSWORD,89,74,147,13,ES_PASSWORD | ES_AUTOHSCROLL
EDITTEXT IDC_VERIFY,89,90,147,13,ES_PASSWORD | ES_AUTOHSCROLL
CONTROL "Use keyfiles",IDC_ENABLE_NEW_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,109,86,11
PUSHBUTTON "Keyfiles...",IDC_NEW_KEYFILES,177,107,59,14
CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_NEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,121,139,11,WS_EX_TRANSPARENT
COMBOBOX IDC_PKCS5_PRF_ID,89,136,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
DEFPUSHBUTTON "OK",IDOK,251,7,59,14
PUSHBUTTON "Cancel",IDCANCEL,251,24,59,14
RTEXT "Password:",IDT_PASSWORD,12,16,72,8
RTEXT "Password:",IDT_NEW_PASSWORD,8,77,76,8
RTEXT "Confirm Password:",IDT_CONFIRM_PASSWORD,9,93,75,16
RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,9,137,74,10,SS_CENTERIMAGE
GROUPBOX "Current",IDT_CURRENT,6,3,238,58
- GROUPBOX "New",IDT_NEW,6,63,238,93
+ GROUPBOX "New",IDT_NEW,6,63,238,113
+ COMBOBOX IDC_WIPE_MODE,89,155,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,9,157,74,8,0,WS_EX_RIGHT
END
IDD_MOUNT_DLG DIALOGEX 0, 0, 375, 271
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt"
MENU IDR_MENU
CLASS "CustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "",IDC_DRIVELIST,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,8,5,360,135
PUSHBUTTON "&Create Volume",IDC_CREATE_VOLUME,16,159,84,14
PUSHBUTTON "&Volume Properties...",IDC_VOLUME_PROPERTIES,146,159,84,14
PUSHBUTTON "&Wipe Cache",IDC_WIPE_CACHE,276,159,84,14
COMBOBOX IDC_VOLUME,56,192,212,74,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,56,207,122,10
PUSHBUTTON "Volume &Tools...",IDC_VOLUME_TOOLS,184,211,84,14
PUSHBUTTON "Select &File...",IDC_SELECT_FILE,276,192,84,14
PUSHBUTTON "Select D&evice...",IDC_SELECT_DEVICE,276,211,84,14
DEFPUSHBUTTON "OK",IDOK,8,243,84,18,WS_GROUP
PUSHBUTTON "&Auto-Mount Devices",IDC_MOUNTALL,100,243,84,18
@@ -334,41 +336,41 @@ BEGIN BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 329
TOPMARGIN, 7
BOTTOMMARGIN, 280
END
IDD_VOLUME_PROPERTIES, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 277
TOPMARGIN, 7
BOTTOMMARGIN, 179
END
IDD_PASSWORDCHANGE_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 309
TOPMARGIN, 7
- BOTTOMMARGIN, 155
+ BOTTOMMARGIN, 176
END
IDD_MOUNT_DLG, DIALOG
BEGIN
RIGHTMARGIN, 369
BOTTOMMARGIN, 269
END
IDD_PASSWORD_DLG, DIALOG
BEGIN
BOTTOMMARGIN, 63
END
IDD_TRAVELER_DLG, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 293
TOPMARGIN, 7
BOTTOMMARGIN, 262
END
@@ -576,41 +578,41 @@ BEGIN MENUITEM "Language...", IDM_LANGUAGE
MENUITEM "Hot Keys...", IDM_HOTKEY_SETTINGS
MENUITEM SEPARATOR
MENUITEM "System Encryption...", IDM_SYSENC_SETTINGS
MENUITEM "System Favorite Volumes...", IDM_SYS_FAVORITES_SETTINGS
MENUITEM SEPARATOR
MENUITEM "Performance...", IDM_PERFORMANCE_SETTINGS
MENUITEM SEPARATOR
MENUITEM "Default Keyfiles...", IDM_DEFAULT_KEYFILES
MENUITEM "Security Tokens...", IDM_TOKEN_PREFERENCES
MENUITEM SEPARATOR
MENUITEM "Preferences...", IDM_PREFERENCES
END
POPUP "Hel&p"
BEGIN
MENUITEM "User's Guide", IDM_HELP
MENUITEM "Online Help", IDM_ONLINE_HELP
MENUITEM "Beginner's Tutorial", IDM_ONLINE_TUTORIAL
MENUITEM "Frequently Asked Questions", IDM_FAQ
MENUITEM SEPARATOR
- MENUITEM "VeraCrypt Website", IDM_WEBSITE
+ MENUITEM "VeraCrypt Website", IDM_WEBSITE
MENUITEM "Downloads", IDM_TC_DOWNLOADS
MENUITEM "News", IDM_NEWS
MENUITEM "Version History", IDM_VERSION_HISTORY
MENUITEM SEPARATOR
MENUITEM "Analyze a System Crash...", IDM_ANALYZE_SYSTEM_CRASH
MENUITEM SEPARATOR
MENUITEM "Contact", IDM_CONTACT
MENUITEM "Legal Notices", IDM_LICENSE
MENUITEM "About", IDM_ABOUT
END
MENUITEM "&Homepage ", IDM_HOMEPAGE
END
/////////////////////////////////////////////////////////////////////////////
//
// String Table
//
STRINGTABLE
diff --git a/src/Mount/Mount.vcproj b/src/Mount/Mount.vcproj index f2c3f63f..cb0be04e 100644 --- a/src/Mount/Mount.vcproj +++ b/src/Mount/Mount.vcproj @@ -357,40 +357,44 @@ RelativePath="..\Common\Random.c"
>
</File>
<File
RelativePath="..\Common\Registry.c"
>
</File>
<File
RelativePath="..\Common\SecurityToken.cpp"
>
</File>
<File
RelativePath="..\Common\Tests.c"
>
</File>
<File
RelativePath="..\Common\Volumes.c"
>
</File>
<File
+ RelativePath="..\Common\Wipe.c"
+ >
+ </File>
+ <File
RelativePath="..\Common\Wipe.h"
>
</File>
<File
RelativePath="..\Common\Xml.c"
>
</File>
<File
RelativePath="..\Common\Xts.c"
>
</File>
</Filter>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath="..\Common\Apidrvr.h"
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index c410d36b..7ed08e06 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -89,45 +89,47 @@ #define IDT_TASKBAR_ICON 1066
#define IDT_AUTO_DISMOUNT 1067
#define IDC_PREF_FORCE_AUTO_DISMOUNT 1068
#define IDC_PREF_DISMOUNT_INACTIVE_TIME 1069
#define IDT_MINUTES 1070
#define IDC_PREF_DISMOUNT_SCREENSAVER 1071
#define IDC_PREF_DISMOUNT_POWERSAVING 1072
#define IDT_AUTO_DISMOUNT_ON 1073
#define IDC_PREF_WIPE_CACHE_ON_AUTODISMOUNT 1074
#define IDC_CLOSE_BKG_TASK_WHEN_NOVOL 1075
#define IDC_MORE_INFO_ON_HW_ACCELERATION 1076
#define IDT_LOGON 1077
#define IDC_MORE_INFO_ON_THREAD_BASED_PARALLELIZATION 1078
#define IDC_PREF_LOGON_START 1079
#define IDC_PREF_LOGON_MOUNT_DEVICES 1080
#define IDC_SHOW_PASSWORD_CHPWD_NEW 1081
#define IDC_HK_DISMOUNT_BALLOON_TOOLTIP 1082
#define IDC_SHOW_PASSWORD_CHPWD_ORI 1083
#define IDC_HK_DISMOUNT_PLAY_SOUND 1084
#define IDC_HOTKEY_ASSIGN 1085
+#define IDC_WIPE_MODE 1085
#define IDC_HOTKEY_REMOVE 1086
#define IDC_HOTKEY_KEY 1087
#define IDT_HOTKEY_KEY 1088
#define IDC_HOTKEY_LIST 1089
#define IDC_RESET_HOTKEYS 1090
+#define IDT_WIPE_MODE 1090
#define IDT_DISMOUNT_ACTION 1091
#define IDT_ASSIGN_HOTKEY 1092
#define IDC_HK_MOD_SHIFT 1093
#define IDC_HK_MOD_CTRL 1094
#define IDC_HK_MOD_ALT 1095
#define IDC_HK_MOD_WIN 1096
#define IDC_SHOW_PASSWORD 1097
#define IDC_LOGO 1098
#define IDT_PKCS11_LIB_PATH 1099
#define IDC_PKCS11_MODULE 1100
#define IDC_SELECT_PKCS11_MODULE 1101
#define IDC_AUTO_DETECT_PKCS11_MODULE 1102
#define IDC_CLOSE_TOKEN_SESSION_AFTER_MOUNT 1103
#define IDT_SECURITY_OPTIONS 1104
#define IDC_DISABLE_BOOT_LOADER_OUTPUT 1105
#define IDC_ALLOW_ESC_PBA_BYPASS 1106
#define IDC_CUSTOM_BOOT_LOADER_MESSAGE 1107
#define IDC_BOOT_LOADER_CACHE_PASSWORD 1108
#define IDC_MORE_SETTINGS 1109
#define IDT_CUSTOM_BOOT_LOADER_MESSAGE 1110
|