1 files changed, 75 insertions, 10 deletions
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index c1b17b2b..190aaf76 100644..100755
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -179,8 +179,36 @@ namespace VeraCrypt
 
 		return password;
 	}
 	
+	int TextUserInterface::AskPim (const wxString &message) const
+	{
+		int pim = -1;
+		wxString msg = _("Enter new PIM: ");
+		if (!message.empty())
+			msg = message + L": ";
+		while (pim < 0)
+		{
+			wstring pimStr = AskString (msg);
+			if (pimStr.empty())
+				pim = 0;
+			else
+			{
+				try
+				{
+					pim = (int) StringConverter::ToUInt32 (pimStr);
+				}
+				catch (...)
+				{
+					pim = -1;
+					continue;
+				}
+			}
+		}
+		
+		return pim;
+	}
+	
 	ssize_t TextUserInterface::AskSelection (ssize_t optionCount, ssize_t defaultOption) const
 	{
 		while (true)
 		{
@@ -271,21 +299,24 @@ namespace VeraCrypt
 			while (!volume)
 			{
 				ShowString (L"\n");
 				options->Password = AskPassword (LangString[volumeType == VolumeType::Hidden ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD"]);
+				options->Pim = AskPim (volumeType == VolumeType::Hidden ?_("Enter PIM for the hidden volume") : _("Enter PIM for the normal/outer volume"));
 				options->Keyfiles = AskKeyfiles();
 
 				try
 				{
 					volume = Core->OpenVolume (
 						options->Path,
 						options->PreserveTimestamps,
 						options->Password,
+						options->Pim,
 						kdf,
 						false,
 						options->Keyfiles,
 						options->Protection,
 						options->ProtectionPassword,
+						options->ProtectionPim,
 						options->ProtectionKdf,
 						options->ProtectionKeyfiles,
 						true,
 						volumeType,
@@ -344,16 +375,16 @@ namespace VeraCrypt
 		UserEnrichRandomPool();
 
 		// Re-encrypt volume header
 		SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize());
-		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Keyfiles);
+		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles);
 
 		backupFile.Write (newHeaderBuffer);
 
 		if (hiddenVolume)
 		{
 			// Re-encrypt hidden volume header
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles);
 		}
 		else
 		{
 			// Store random data in place of hidden volume header
@@ -367,9 +398,9 @@ namespace VeraCrypt
 		ShowString (L"\n");
 		ShowInfo ("VOL_HEADER_BACKED_UP");
 	}
 
-	void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <Hash> currentHash, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
+	void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
 	{
 		shared_ptr <Volume> volume;
 
 		// Volume path
@@ -410,8 +441,14 @@ namespace VeraCrypt
 			else if (!Preferences.NonInteractive)
 			{
 				password = AskPassword ();
 			}
+			
+			// current PIM
+			if (!Preferences.NonInteractive && (pim < 0))
+			{
+				pim = AskPim (_("Enter current PIM"));
+			}
 
 			// Current keyfiles
 			try
 			{
@@ -420,9 +457,9 @@ namespace VeraCrypt
 					// Ask for keyfiles only if required
 					try
 					{
 						keyfiles.reset (new KeyfileList);
-						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles);
+						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
 					}
 					catch (PasswordException&)
 					{
 						if (!Preferences.NonInteractive)
@@ -430,9 +467,9 @@ namespace VeraCrypt
 					}
 				}	
 
 				if (!volume.get())
-					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles);
+					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
 			}
 			catch (PasswordException &e)
 			{
 				if (Preferences.NonInteractive || !passwordInteractive || !keyfilesInteractive)
@@ -449,8 +486,12 @@ namespace VeraCrypt
 		if (newPassword.get())
 			newPassword->CheckPortability();
 		else if (!Preferences.NonInteractive)
 			newPassword = AskPassword (_("Enter new password"), true);
+		
+		// New PIM
+		if ((newPim < 0) && !Preferences.NonInteractive)
+			newPim = AskPim (_("Enter new PIM"));
 
 		// New keyfiles
 		if (!newKeyfiles.get() && !Preferences.NonInteractive)
 		{
@@ -463,9 +504,9 @@ namespace VeraCrypt
 		/* force the display of the random enriching interface */
 		RandomNumberGenerator::SetEnrichedByUserStatus (false);
 		UserEnrichRandomPool();
 
-		Core->ChangePassword (volume, newPassword, newKeyfiles,
+		Core->ChangePassword (volume, newPassword, newPim, newKeyfiles,
 			newHash ? Pkcs5Kdf::GetAlgorithm (*newHash, false) : shared_ptr <Pkcs5Kdf>());
 
 		ShowInfo ("PASSWORD_CHANGED");
 	}
@@ -746,8 +787,15 @@ namespace VeraCrypt
 		}
 
 		if (options->Password)
 			options->Password->CheckPortability();
+		
+		// PIM
+		if ((options->Pim < 0) && !Preferences.NonInteractive)
+		{
+			ShowString (L"\n");
+			options->Pim = AskPim (_("Enter PIM"));
+		}
 
 		// Keyfiles
 		if (!options->Keyfiles && !Preferences.NonInteractive)
 		{
@@ -818,8 +866,9 @@ namespace VeraCrypt
 			mountOptions.Path = make_shared <VolumePath> (options->Path);
 			mountOptions.NoFilesystem = true;
 			mountOptions.Protection = VolumeProtection::None;
 			mountOptions.Password = options->Password;
+			mountOptions.Pim = options->Pim;
 			mountOptions.Keyfiles = options->Keyfiles;
 
 			shared_ptr <VolumeInfo> volume = Core->MountVolume (mountOptions);
 			finally_do_arg (shared_ptr <VolumeInfo>, volume, { Core->DismountVolume (finally_arg, true); });
@@ -1069,8 +1118,11 @@ namespace VeraCrypt
 		while (true)
 		{
 			if (!options.Password)
 				options.Password = AskPassword();
+			
+			if (options.Pim < 0)
+				options.Pim = AskPim (_("Enter PIM"));
 
 			if (!options.Keyfiles)
 				options.Keyfiles = AskKeyfiles();
 
@@ -1079,8 +1131,9 @@ namespace VeraCrypt
 			if (!mountedVolumes.empty())
 				return mountedVolumes;
 
 			options.Password.reset();
+			options.Pim = -1;
 		}
 	}
 	
 	shared_ptr <VolumeInfo> TextUserInterface::MountVolume (MountOptions &options) const
@@ -1143,8 +1196,13 @@ namespace VeraCrypt
 				{
 					ShowWarning ("UNSUPPORTED_CHARS_IN_PWD_RECOM");
 				}
 			}
+			
+			if (options.Pim < 0)
+			{
+				options.Pim = AskPim (StringFormatter (_("Enter PIM for {0}"), wstring (*options.Path)));
+			}
 
 			// Keyfiles
 			if (!options.Keyfiles)
 				options.Keyfiles = AskKeyfiles();
@@ -1158,8 +1216,10 @@ namespace VeraCrypt
 			if (options.Protection == VolumeProtection::HiddenVolumeReadOnly)
 			{
 				if (!options.ProtectionPassword)
 					options.ProtectionPassword = AskPassword (_("Enter password for hidden volume"));
+				if (options.ProtectionPim < 0)
+					options.ProtectionPim = AskPim (_("Enter PIM for hidden volume"));
 				if (!options.ProtectionKeyfiles)
 					options.ProtectionKeyfiles = AskKeyfiles (_("Enter keyfile for hidden volume"));
 			}
 
@@ -1170,8 +1230,9 @@ namespace VeraCrypt
 			catch (ProtectionPasswordIncorrect &e)
 			{
 				ShowInfo (e);
 				options.ProtectionPassword.reset();
+				options.ProtectionPim = -1;
 			}
 			catch (PasswordIncorrect &e)
 			{
 				if (++incorrectPasswordCount > 2 && !options.UseBackupHeaders)
@@ -1336,21 +1397,24 @@ namespace VeraCrypt
 			while (!volume)
 			{
 				ShowString (L"\n");
 				options.Password = AskPassword();
+				options.Pim = AskPim();
 				options.Keyfiles = AskKeyfiles();
 
 				try
 				{
 					volume = Core->OpenVolume (
 						options.Path,
 						options.PreserveTimestamps,
 						options.Password,
+						options.Pim,
 						kdf,
 						false,
 						options.Keyfiles,
 						options.Protection,
 						options.ProtectionPassword,
+						options.ProtectionPim,
 						options.ProtectionKdf,
 						options.ProtectionKeyfiles,
 						options.SharedAccessAllowed,
 						VolumeType::Unknown,
@@ -1373,9 +1437,9 @@ namespace VeraCrypt
 			UserEnrichRandomPool();
 
 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim,  options.Keyfiles);
 
 			// Write volume header
 			int headerOffset = volume->GetLayout()->GetHeaderOffset();
 			shared_ptr <File> volumeFile = volume->GetFile();
@@ -1433,8 +1497,9 @@ namespace VeraCrypt
 
 			while (!decryptedLayout)
 			{
 				options.Password = AskPassword (L"\n" + LangString["ENTER_HEADER_BACKUP_PASSWORD"]);
+				options.Pim = AskPim (_("Enter PIM"));
 				options.Keyfiles = AskKeyfiles();
 
 				try
 				{
@@ -1454,9 +1519,9 @@ namespace VeraCrypt
 						backupFile.ReadAt (headerBuffer, layout->GetType() == VolumeType::Hidden ? layout->GetHeaderSize() : 0);
 
 						// Decrypt header
 						shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
-						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
+						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
 						{
 							decryptedLayout = layout;
 							break;
 						}
@@ -1478,9 +1543,9 @@ namespace VeraCrypt
 			UserEnrichRandomPool();
 
 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 
 			// Write volume header
 			int headerOffset = decryptedLayout->GetHeaderOffset();
 			if (headerOffset >= 0)
@@ -1492,9 +1557,9 @@ namespace VeraCrypt
 
 			if (decryptedLayout->HasBackupHeader())
 			{
 				// Re-encrypt backup volume header
-				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 				
 				// Write backup volume header
 				headerOffset = decryptedLayout->GetBackupHeaderOffset();
 				if (headerOffset >= 0)