diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2015-06-24 14:14:34 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2015-06-24 15:33:16 +0200 |
| commit | 9913af3a8ed61333cafd0e611f214f7c86652423 (patch) | |
| tree | bae9cbe7b95cb56df9d210cf32b44a0c15574ce8 /src/Volume | |
| parent | f927ce9b58b137846bb78a47f5a83f7261eac9ff (diff) | |
| download | VeraCrypt-9913af3a8ed61333cafd0e611f214f7c86652423.tar.gz VeraCrypt-9913af3a8ed61333cafd0e611f214f7c86652423.zip | |
Linux/MacOSX: first dynamic mode implementation
Diffstat (limited to 'src/Volume')
| -rwxr-xr-x[-rw-r--r--] | src/Volume/Pkcs5Kdf.cpp | 4 | ||||
| -rwxr-xr-x[-rw-r--r--] | src/Volume/Pkcs5Kdf.h | 16 | ||||
| -rwxr-xr-x | src/Volume/Volume.cpp | 16 | ||||
| -rwxr-xr-x | src/Volume/Volume.h | 6 | ||||
| -rwxr-xr-x | src/Volume/VolumeHeader.cpp | 4 | ||||
| -rwxr-xr-x | src/Volume/VolumeHeader.h | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | src/Volume/VolumeInfo.cpp | 5 | ||||
| -rw-r--r-- | src/Volume/VolumeInfo.h | 1 |
8 files changed, 31 insertions, 23 deletions
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp index beccd62b..685bc73d 100644..100755 --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -19,11 +19,11 @@ namespace VeraCrypt Pkcs5Kdf::~Pkcs5Kdf () { } - void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const + void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const { - DeriveKey (key, password, salt, GetIterationCount()); + DeriveKey (key, password, salt, GetIterationCount(pim)); } shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode) { diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index b2a13213..29149229 100644..100755 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -22,15 +22,15 @@ namespace VeraCrypt { public: virtual ~Pkcs5Kdf (); - virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const; + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const; virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0; static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name, bool truecryptMode); static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash, bool truecryptMode); static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode); virtual shared_ptr <Hash> GetHash () const = 0; - virtual int GetIterationCount () const = 0; + virtual int GetIterationCount (int pim) const = 0; virtual wstring GetName () const = 0; virtual Pkcs5Kdf* Clone () const = 0; virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); } bool GetTrueCryptMode () const { return m_truecryptMode;} @@ -54,9 +54,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacRipemd160 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 2000 : 655331; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); } private: @@ -71,9 +71,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacRipemd160_1000 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 327661; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); } private: @@ -88,9 +88,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacSha256_Boot () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); } - virtual int GetIterationCount () const { return 200000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); } private: @@ -105,9 +105,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacSha256 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); } - virtual int GetIterationCount () const { return 500000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); } private: @@ -122,9 +122,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacSha512 () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-SHA-512"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); } private: @@ -139,9 +139,9 @@ namespace VeraCrypt virtual ~Pkcs5HmacWhirlpool () { } virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-Whirlpool"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); } private: diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index 51ebf300..ff373029 100755 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -23,9 +23,10 @@ namespace VeraCrypt VolumeDataSize (0), TopWriteOffset (0), TotalDataRead (0), TotalDataWritten (0), - TrueCryptMode (false) + TrueCryptMode (false), + Pim (0) { } Volume::~Volume () @@ -62,9 +63,9 @@ namespace VeraCrypt if_debug (ValidateState ()); return EA->GetMode(); } - void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { make_shared_auto (File, file); File::FileOpenFlags flags = (preserveTimestamps ? File::PreserveTimestamps : File::FlagsNone); @@ -93,12 +94,12 @@ namespace VeraCrypt else throw; } - return Open (file, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); } - void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { if (!volumeFile) throw ParameterIncorrect (SRC_POS); @@ -186,9 +187,9 @@ namespace VeraCrypt } shared_ptr <VolumeHeader> header = layout->GetHeader(); - if (header->Decrypt (headerBuffer, *passwordKey, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) + if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) { // Header decrypted if (!truecryptMode && typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b) @@ -199,8 +200,9 @@ namespace VeraCrypt layout->SetHeader (header); } TrueCryptMode = truecryptMode; + Pim = pim; Type = layout->GetType(); SectorSize = header->GetSectorSize(); VolumeDataOffset = layout->GetDataOffset (VolumeHostSize); @@ -236,11 +238,11 @@ namespace VeraCrypt { Volume protectedVolume; protectedVolume.Open (VolumeFile, - protectionPassword, protectionKdf, truecryptMode, protectionKeyfiles, + protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles, VolumeProtection::ReadOnly, - shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (), + shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (), VolumeType::Hidden, useBackupHeaders); if (protectedVolume.GetType() != VolumeType::Hidden) diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index d4a2b5a5..19e3eb2e 100755 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -86,13 +86,14 @@ namespace VeraCrypt uint64 GetTotalDataRead () const { return TotalDataRead; } uint64 GetTotalDataWritten () const { return TotalDataWritten; } VolumeType::Enum GetType () const { return Type; } bool GetTrueCryptMode() const { return TrueCryptMode; } + int GetPim() const { return Pim;} uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); } bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; } bool IsInSystemEncryptionScope () const { return SystemEncryption; } - void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); - void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); @@ -117,8 +118,9 @@ namespace VeraCrypt uint64 TopWriteOffset; uint64 TotalDataRead; uint64 TotalDataWritten; bool TrueCryptMode; + int Pim; private: Volume (const Volume &); Volume &operator= (const Volume &); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index 442c6375..3656aa14 100755 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -77,9 +77,9 @@ namespace VeraCrypt EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } - bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) { if (password.Size() < 1) throw PasswordEmpty (SRC_POS); @@ -91,9 +91,9 @@ namespace VeraCrypt { if (kdf && (kdf->GetName() != pkcs5->GetName())) continue; - pkcs5->DeriveKey (headerKey, password, salt); + pkcs5->DeriveKey (headerKey, password, pim, salt); foreach (shared_ptr <EncryptionMode> mode, encryptionModes) { if (typeid (*mode) != typeid (EncryptionModeXTS)) diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 40b45b3d..894ca8a1 100755 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -55,9 +55,9 @@ namespace VeraCrypt VolumeHeader (uint32 HeaderSize); virtual ~VolumeHeader (); void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options); - bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); + bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; } uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; } shared_ptr <EncryptionAlgorithm> GetEncryptionAlgorithm () const { return EA; } diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp index 33e0fd6f..aba7c479 100644..100755 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -50,8 +50,9 @@ namespace VeraCrypt Type = static_cast <VolumeType::Enum> (sr.DeserializeInt32 ("Type")); VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("TrueCryptMode", TrueCryptMode); + sr.Deserialize ("Pim", Pim); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second) { @@ -90,8 +91,9 @@ namespace VeraCrypt sr.Serialize ("Type", static_cast <uint32> (Type)); sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("TrueCryptMode", TrueCryptMode); + sr.Serialize ("Pim", Pim); } void VolumeInfo::Set (const Volume &volume) { @@ -104,9 +106,9 @@ namespace VeraCrypt VolumeCreationTime = volume.GetVolumeCreationTime(); HiddenVolumeProtectionTriggered = volume.IsHiddenVolumeProtectionTriggered(); MinRequiredProgramVersion = volume.GetHeader()->GetRequiredMinProgramVersion(); Path = volume.GetPath(); - Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(); + Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(volume.GetPim ()); Pkcs5PrfName = volume.GetPkcs5Kdf()->GetName(); Protection = volume.GetProtectionType(); Size = volume.GetSize(); SystemEncryption = volume.IsInSystemEncryptionScope(); @@ -114,8 +116,9 @@ namespace VeraCrypt TopWriteOffset = volume.GetTopWriteOffset(); TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); TrueCryptMode = volume.GetTrueCryptMode(); + Pim = volume.GetPim (); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); } diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 96796b50..c5bd2021 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -56,8 +56,9 @@ namespace VeraCrypt VolumeType::Enum Type; DevicePath VirtualDevice; VolumeTime VolumeCreationTime; bool TrueCryptMode; + int Pim; private: VolumeInfo (const VolumeInfo &); VolumeInfo &operator= (const VolumeInfo &); |