diff options
-rw-r--r-- | src/Common/Language.xml | 7 | ||||
-rw-r--r-- | src/Common/Password.c | 6 | ||||
-rw-r--r-- | src/Common/Password.h | 2 | ||||
-rw-r--r-- | src/Format/Format.rc | 25 | ||||
-rw-r--r-- | src/Format/Resource.h | 3 | ||||
-rw-r--r-- | src/Format/Tcformat.c | 115 | ||||
-rw-r--r-- | src/Mount/Mount.c | 2 |
7 files changed, 125 insertions, 35 deletions
diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 95446ded..6538a49b 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -584,6 +584,7 @@ <string lang="en" key="OVERWRITEPROMPT_DEVICE_SECOND_WARNING_LOTS_OF_DATA">WARNING: THE SELECTED PARTITION CONTAINS A LARGE AMOUNT OF DATA! Any files stored on the partition will be erased and lost (they will NOT be encrypted)!</string>
<string lang="en" key="ERASE_FILES_BY_CREATING_VOLUME">Erase any files stored on the partition by creating a VeraCrypt volume within it</string>
<string lang="en" key="PASSWORD">Password</string>
+ <string lang="en" key="PIM">PIM</string>
<string lang="en" key="IDD_PCDM_CHANGE_PKCS5_PRF">Set Header Key Derivation Algorithm</string>
<string lang="en" key="IDD_PCDM_ADD_REMOVE_VOL_KEYFILES">Add/Remove Keyfiles to/from Volume</string>
<string lang="en" key="IDD_PCDM_REMOVE_ALL_KEYFILES_FROM_VOL">Remove All Keyfiles from Volume</string>
@@ -618,9 +619,15 @@ <string lang="en" key="PASSWORD_OR_KEYFILE_WRONG_AUTOMOUNT">Auto-mount failed due to one or more of the following:\n - Incorrect keyfile(s).\n - Incorrect password.\n - Incorrect Volume PIM number.\n - Incorrect PRF (hash).\n - No valid volume found.</string>
<string lang="en" key="PASSWORD_WRONG_CAPSLOCK_ON">\n\nWarning: Caps Lock is on. This may cause you to enter your password incorrectly.</string>
<string lang="en" key="PIM_CHANGE_WARNING">Remember Number to Mount Volume</string>
+ <string lang="en" key="PIM_HIDVOL_HOST_TITLE">Outer Volume PIM</string>
+ <string lang="en" key="PIM_HIDVOL_TITLE">Hidden Volume PIM</string>
+ <string lang="en" key="PIM_HIDDEN_OS_TITLE">PIM for Hidden Operating System</string>
+ <string lang="en" key="PIM_HELP">PIM (Personal Iterations Multiplier) is a value that controls the number of iterations used by the header key derivation as follows:\n Iterations = 15000 + (PIM x 1000).\n\nWhen left empty or set to 0, VeraCrypt will use a default value (485) that ensures a high security.\nWhen the password is less than 20 characters, PIM can't be smaller than 485 in order to maintain a minimal security level.\nWhen the password is 20 characters or more, PIM can be set to any value.\nA small PIM value will lead to a quicker mount but it can reduce security if the password is not strong enough.</string>
+ <string lang="en" key="PIM_SYSENC_HELP">PIM (Personal Iterations Multiplier) is a value that controls the number of iterations used by the header key derivation as follows:\n Iterations = PIM x 2048.\n\nWhen left empty or set to 0, VeraCrypt will use a default value that ensures a high security.\nWhen the password is less than 20 characters, PIM can't be smaller than 98 in order to maintain a minimal security level.\nWhen the password is 20 characters or more, PIM can be set to any value.\nA small PIM value will lead to a quicker boot but it can reduce security if the password is not strong enough.</string>
<string lang="en" key="PIM_SYSENC_CHANGE_WARNING">Remember Number to Boot System</string>
<string lang="en" key="PIM_SMALL_WARNING">You have chosen a Personal Iterations Multiplier (PIM) that is smaller than the default VeraCrypt value. Please note that if your password is not strong enough, this could lead to a weaker security.\n\nDo you confirm that you are using a strong password?</string>
<string lang="en" key="PIM_SYSENC_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value for system encryption is 65535.</string>
+ <string lang="en" key="PIM_TITLE">Volume PIM</string>
<string lang="en" key="HIDDEN_FILES_PRESENT_IN_KEYFILE_PATH">\n\nWARNING: Hidden file(s) have been found in a keyfile search path. Such hidden files cannot be used as keyfiles. If you need to use them as keyfiles, remove their 'Hidden' attribute (right-click each of them, select 'Properties', uncheck 'Hidden' and click OK). Note: Hidden files are visible only if the corresponding option is enabled (Computer > Organize > 'Folder and search options' > View).</string>
<string lang="en" key="HIDDEN_VOL_PROT_PASSWORD_US_KEYB_LAYOUT">If you are attempting to protect a hidden volume containing a hidden system, please make sure you are using the standard US keyboard layout when typing the password for the hidden volume. This is required due to the fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.</string>
<string lang="en" key="FOUND_NO_PARTITION_W_DEFERRED_INPLACE_ENC">VeraCrypt has not found any volume where the process of encryption/decryption of a non-system volume has been interrupted and where the volume header can be deciphered using the supplied password and/or keyfile(s).\n\nPlease make sure the password and/or keyfile(s) are correct and that the partition/volume is not being used by the system or applications (including antivirus software).</string>
diff --git a/src/Common/Password.c b/src/Common/Password.c index 79566877..3ae264d2 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -107,10 +107,10 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw) }
-BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem, int pin, BOOL bForBoot)
+BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pin, BOOL bForBoot, BOOL bSkipPasswordWarning)
{
BOOL bCustomPinSmall = ((pin != 0) && (pin < (bForBoot? 98 : 485)))? TRUE : FALSE;
- if (GetWindowTextLength (hwndItem) < PASSWORD_LEN_WARNING)
+ if (passwordLength < PASSWORD_LEN_WARNING)
{
if (bCustomPinSmall)
{
@@ -119,7 +119,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem, int pin, BOOL bForBoot) }
#ifndef _DEBUG
- if (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES)
+ if (!bSkipPasswordWarning && (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES))
return FALSE;
#endif
}
diff --git a/src/Common/Password.h b/src/Common/Password.h index 275ad40a..1aa45117 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -36,7 +36,7 @@ typedef struct #if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
-BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem, int pin, BOOL bForBoot);
+BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pin, BOOL bForBoot, BOOL bSkipPasswordWarning);
BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg);
diff --git a/src/Format/Format.rc b/src/Format/Format.rc index 26d35961..15f3f97f 100644 --- a/src/Format/Format.rc +++ b/src/Format/Format.rc @@ -116,15 +116,12 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN
EDITTEXT IDC_PASSWORD,53,3,163,14,ES_PASSWORD | ES_AUTOHSCROLL
EDITTEXT IDC_VERIFY,53,19,163,14,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_PIM,53,35,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,65,95,11,WS_EX_TRANSPARENT
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,55,95,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,56,64,14,WS_DISABLED
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,45,95,11,WS_EX_TRANSPARENT
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,35,95,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,36,64,14,WS_DISABLED
RTEXT "Password:",IDT_PASSWORD,1,6,50,8
RTEXT "&Confirm:",IDT_CONFIRM,1,23,50,8
LTEXT "",IDC_BOX_HELP,0,79,225,89
- RTEXT "Volume PIM:",IDT_PIM,1,38,50,8
- LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,97,38,126,8
END
IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 226, 172
@@ -434,6 +431,16 @@ BEGIN RTEXT "Drive letter:",IDT_DRIVE_LETTER,5,17,86,8
END
+IDD_PIM_PAGE_DLG DIALOGEX 0, 0, 226, 172
+STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
+FONT 8, "MS Shell Dlg", 0, 0, 0x0
+BEGIN
+ EDITTEXT IDC_PIM,53,8,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ LTEXT "",IDC_BOX_HELP,0,33,225,110
+ RTEXT "Volume PIM:",IDT_PIM,1,11,50,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,97,11,126,8
+END
+
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
@@ -685,6 +692,12 @@ BEGIN TOPMARGIN, 7
BOTTOMMARGIN, 165
END
+
+ IDD_PIM_PAGE_DLG, DIALOG
+ BEGIN
+ RIGHTMARGIN, 223
+ BOTTOMMARGIN, 143
+ END
END
#endif // APSTUDIO_INVOKED
diff --git a/src/Format/Resource.h b/src/Format/Resource.h index 4cb2e579..1d2f4687 100644 --- a/src/Format/Resource.h +++ b/src/Format/Resource.h @@ -35,6 +35,7 @@ #define IDD_DEVICE_TRANSFORM_MODE_DLG 130
#define IDD_EXPANDED_LIST_SELECT_PAGE_DLG 131
#define IDD_DRIVE_LETTER_SELECTION_PAGE 132
+#define IDD_PIM_PAGE_DLG 133
#define IDC_BOX_TITLE 1000
#define IDC_RESCUE_DISK_ISO_PATH 1001
#define IDC_COMBO_BOX 1002
@@ -146,7 +147,7 @@ #ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
-#define _APS_NEXT_RESOURCE_VALUE 133
+#define _APS_NEXT_RESOURCE_VALUE 134
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1105
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 0c50ad34..e1a1d65e 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -80,6 +80,7 @@ enum wizard_pages SIZE_PAGE,
HIDDEN_VOL_HOST_PASSWORD_PAGE,
PASSWORD_PAGE,
+ PIM_PAGE,
FILESYS_PAGE,
SYSENC_COLLECTING_RANDOM_DATA_PAGE,
SYSENC_KEYS_GEN_PAGE,
@@ -2899,6 +2900,10 @@ static void LoadPage (HWND hwndDlg, int nPageNo) hCurPage = CreateDialogW (hInst, MAKEINTRESOURCEW (IDD_PASSWORD_PAGE_DLG), hwndDlg,
(DLGPROC) PageDialogProc);
break;
+ case PIM_PAGE:
+ hCurPage = CreateDialogW (hInst, MAKEINTRESOURCEW (IDD_PIM_PAGE_DLG), hwndDlg,
+ (DLGPROC) PageDialogProc);
+ break;
case FILESYS_PAGE:
hCurPage = CreateDialogW (hInst, MAKEINTRESOURCEW (IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG), hwndDlg,
(DLGPROC) PageDialogProc);
@@ -4152,17 +4157,6 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIM: MAX_PIM, 0);
- if (volumePin > 0)
- {
- char szTmp[MAX_PIM + 1];
- StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin);
- SetWindowText (GetDlgItem (hwndDlg, IDC_PIM), szTmp);
-
- PinValueChangedWarning = TRUE;
- SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, GetString (SysEncInEffect ()? "PIM_SYSENC_CHANGE_WARNING" : "PIM_CHANGE_WARNING"));
- }
-
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable);
@@ -4193,6 +4187,40 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa }
break;
+ case PIM_PAGE:
+ {
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIM: MAX_PIM, 0);
+ if (volumePin > 0)
+ {
+ char szTmp[MAX_PIM + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_PIM), szTmp);
+
+ PinValueChangedWarning = TRUE;
+ SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, GetString (SysEncInEffect ()? "PIM_SYSENC_CHANGE_WARNING" : "PIM_CHANGE_WARNING"));
+ }
+
+ SetFocus (GetDlgItem (hwndDlg, IDC_PIM));
+
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect ()? "PIM_SYSENC_HELP" : "PIM_HELP"));
+
+ if (CreatingHiddenSysVol())
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM_HIDDEN_OS_TITLE"));
+ else if (bHiddenVol)
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bHiddenVolHost ? "PIM_HIDVOL_HOST_TITLE" : "PIM_HIDVOL_TITLE"));
+ else if (WizardMode == WIZARD_MODE_SYS_DEVICE)
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM"));
+ else
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PIM_TITLE"));
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
+
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ }
+ break;
+
case FILESYS_PAGE:
{
wchar_t szTmp[8192];
@@ -5331,6 +5359,25 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa return 1;
}
+ if (hw == EN_CHANGE && nCurPageNo == PIM_PAGE)
+ {
+ if (lw == IDC_PIM)
+ {
+ if(GetPin (hwndDlg, IDC_PIM) != 0)
+ {
+ PinValueChangedWarning = TRUE;
+ SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, GetString (SysEncInEffect ()? "PIM_SYSENC_CHANGE_WARNING" : "PIM_CHANGE_WARNING"));
+ }
+ else
+ {
+ PinValueChangedWarning = FALSE;
+ SetDlgItemTextW (hwndDlg, IDC_PIM_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIM_HELP));
+ }
+ }
+
+ return 1;
+ }
+
if (lw == IDC_SHOW_PASSWORD && nCurPageNo == PASSWORD_PAGE)
{
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD),
@@ -6995,8 +7042,6 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
- volumePin = GetPin (hCurPage, IDC_PIM);
-
if (volumePassword.Length > 0)
{
// Password character encoding
@@ -7005,14 +7050,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa Error ("UNSUPPORTED_CHARS_IN_PWD", hwndDlg);
return 1;
}
- else if (SysEncInEffect() && (volumePin > MAX_BOOT_PIM_VALUE))
- {
- SetFocus (GetDlgItem(hCurPage, IDC_PIM));
- Error ("PIM_SYSENC_TOO_BIG", hwndDlg);
- return 1;
- }
// Check password length (check also done for outer volume which is not the case in TrueCrypt).
- else if (!CheckPasswordLength (hwndDlg, GetDlgItem (hCurPage, IDC_PASSWORD), volumePin, SysEncInEffect()))
+ else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), FALSE))
{
return 1;
}
@@ -7050,6 +7089,32 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa bKeyboardLayoutChanged = FALSE;
}
+ }
+ }
+
+ else if (nCurPageNo == PIM_PAGE)
+ {
+ volumePin = GetPin (hCurPage, IDC_PIM);
+
+ if (volumePassword.Length > 0)
+ {
+ // Password character encoding
+ if (SysEncInEffect() && (volumePin > MAX_BOOT_PIM_VALUE))
+ {
+ SetFocus (GetDlgItem(hCurPage, IDC_PIM));
+ Error ("PIM_SYSENC_TOO_BIG", hwndDlg);
+ return 1;
+ }
+ // Check password length (check also done for outer volume which is not the case in TrueCrypt).
+ else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePin, SysEncInEffect(), TRUE))
+ {
+ return 1;
+ }
+ }
+
+ if (SysEncInEffect ())
+ {
+
nNewPageNo = SYSENC_COLLECTING_RANDOM_DATA_PAGE - 1; // Skip irrelevant pages
}
@@ -8160,7 +8225,6 @@ ovf_end: volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
- volumePin = GetPin (hCurPage, IDC_PIM);
nNewPageNo = SIZE_PAGE + 1; // Skip the hidden volume host password page
@@ -8183,6 +8247,11 @@ ovf_end: nNewPageNo = CIPHER_PAGE + 1;
}
+ else if (nCurPageNo == PIM_PAGE)
+ {
+ volumePin = GetPin (hCurPage, IDC_PIM);
+ }
+
else if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
@@ -8208,7 +8277,7 @@ ovf_end: tmp [sizeof(tmp)-1] = 0;
SetWindowText (hRandPoolSys, tmp);
- nNewPageNo = PASSWORD_PAGE + 1; // Skip irrelevant pages
+ nNewPageNo = PIM_PAGE + 1; // Skip irrelevant pages
}
else if (nCurPageNo == SYSENC_KEYS_GEN_PAGE)
@@ -8252,7 +8321,7 @@ ovf_end: nNewPageNo = FILESYS_PAGE + 1;
}
else
- nNewPageNo = PASSWORD_PAGE + 1;
+ nNewPageNo = PIM_PAGE + 1;
}
}
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index d5521725..cb32dece 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -2288,7 +2288,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR else if (!(newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL)
&& pwdChangeDlgMode == PCDM_CHANGE_PASSWORD)
{
- if (!CheckPasswordLength (hwndDlg, GetDlgItem (hwndDlg, IDC_PASSWORD), pin, bSysEncPwdChangeDlgMode))
+ if (!CheckPasswordLength (hwndDlg, GetWindowTextLength(GetDlgItem (hwndDlg, IDC_PASSWORD)), pin, bSysEncPwdChangeDlgMode, FALSE))
return 1;
}
|