VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Volume
diff options
context:
space:
mode:
Diffstat (limited to 'src/Volume')
-rwxr-xr-x[-rw-r--r--]src/Volume/Pkcs5Kdf.cpp4
-rwxr-xr-x[-rw-r--r--]src/Volume/Pkcs5Kdf.h16
-rwxr-xr-xsrc/Volume/Volume.cpp16
-rwxr-xr-xsrc/Volume/Volume.h6
-rwxr-xr-xsrc/Volume/VolumeHeader.cpp4
-rwxr-xr-xsrc/Volume/VolumeHeader.h2
-rwxr-xr-x[-rw-r--r--]src/Volume/VolumeInfo.cpp5
-rw-r--r--src/Volume/VolumeInfo.h1
8 files changed, 31 insertions, 23 deletions
diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp
index beccd62b..685bc73d 100644..100755
--- a/src/Volume/Pkcs5Kdf.cpp
+++ b/src/Volume/Pkcs5Kdf.cpp
@@ -19,11 +19,11 @@ namespace VeraCrypt
Pkcs5Kdf::~Pkcs5Kdf ()
{
}
- void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const
+ void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
{
- DeriveKey (key, password, salt, GetIterationCount());
+ DeriveKey (key, password, salt, GetIterationCount(pim));
}
shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode)
{
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index b2a13213..29149229 100644..100755
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -22,15 +22,15 @@ namespace VeraCrypt
{
public:
virtual ~Pkcs5Kdf ();
- virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const;
+ virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0;
static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name, bool truecryptMode);
static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash, bool truecryptMode);
static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode);
virtual shared_ptr <Hash> GetHash () const = 0;
- virtual int GetIterationCount () const = 0;
+ virtual int GetIterationCount (int pim) const = 0;
virtual wstring GetName () const = 0;
virtual Pkcs5Kdf* Clone () const = 0;
virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); }
bool GetTrueCryptMode () const { return m_truecryptMode;}
@@ -54,9 +54,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacRipemd160 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
- virtual int GetIterationCount () const { return m_truecryptMode? 2000 : 655331; }
+ virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); }
private:
@@ -71,9 +71,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacRipemd160_1000 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
- virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 327661; }
+ virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); }
private:
@@ -88,9 +88,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacSha256_Boot () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
- virtual int GetIterationCount () const { return 200000; }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); }
private:
@@ -105,9 +105,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacSha256 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
- virtual int GetIterationCount () const { return 500000; }
+ virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); }
private:
@@ -122,9 +122,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacSha512 () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); }
- virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; }
+ virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
virtual wstring GetName () const { return L"HMAC-SHA-512"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); }
private:
@@ -139,9 +139,9 @@ namespace VeraCrypt
virtual ~Pkcs5HmacWhirlpool () { }
virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); }
- virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; }
+ virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
virtual wstring GetName () const { return L"HMAC-Whirlpool"; }
virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); }
private:
diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp
index 51ebf300..ff373029 100755
--- a/src/Volume/Volume.cpp
+++ b/src/Volume/Volume.cpp
@@ -23,9 +23,10 @@ namespace VeraCrypt
VolumeDataSize (0),
TopWriteOffset (0),
TotalDataRead (0),
TotalDataWritten (0),
- TrueCryptMode (false)
+ TrueCryptMode (false),
+ Pim (0)
{
}
Volume::~Volume ()
@@ -62,9 +63,9 @@ namespace VeraCrypt
if_debug (ValidateState ());
return EA->GetMode();
}
- void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
make_shared_auto (File, file);
File::FileOpenFlags flags = (preserveTimestamps ? File::PreserveTimestamps : File::FlagsNone);
@@ -93,12 +94,12 @@ namespace VeraCrypt
else
throw;
}
- return Open (file, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+ return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
}
- void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
if (!volumeFile)
throw ParameterIncorrect (SRC_POS);
@@ -186,9 +187,9 @@ namespace VeraCrypt
}
shared_ptr <VolumeHeader> header = layout->GetHeader();
- if (header->Decrypt (headerBuffer, *passwordKey, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
+ if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
{
// Header decrypted
if (!truecryptMode && typeid (*layout) == typeid (VolumeLayoutV2Normal) && header->GetRequiredMinProgramVersion() < 0x10b)
@@ -199,8 +200,9 @@ namespace VeraCrypt
layout->SetHeader (header);
}
TrueCryptMode = truecryptMode;
+ Pim = pim;
Type = layout->GetType();
SectorSize = header->GetSectorSize();
VolumeDataOffset = layout->GetDataOffset (VolumeHostSize);
@@ -236,11 +238,11 @@ namespace VeraCrypt
{
Volume protectedVolume;
protectedVolume.Open (VolumeFile,
- protectionPassword, protectionKdf, truecryptMode, protectionKeyfiles,
+ protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles,
VolumeProtection::ReadOnly,
- shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
+ shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
VolumeType::Hidden,
useBackupHeaders);
if (protectedVolume.GetType() != VolumeType::Hidden)
diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h
index d4a2b5a5..19e3eb2e 100755
--- a/src/Volume/Volume.h
+++ b/src/Volume/Volume.h
@@ -86,13 +86,14 @@ namespace VeraCrypt
uint64 GetTotalDataRead () const { return TotalDataRead; }
uint64 GetTotalDataWritten () const { return TotalDataWritten; }
VolumeType::Enum GetType () const { return Type; }
bool GetTrueCryptMode() const { return TrueCryptMode; }
+ int GetPim() const { return Pim;}
uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); }
bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; }
bool IsInSystemEncryptionScope () const { return SystemEncryption; }
- void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
- void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
void ReadSectors (const BufferPtr &buffer, uint64 byteOffset);
void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
@@ -117,8 +118,9 @@ namespace VeraCrypt
uint64 TopWriteOffset;
uint64 TotalDataRead;
uint64 TotalDataWritten;
bool TrueCryptMode;
+ int Pim;
private:
Volume (const Volume &);
Volume &operator= (const Volume &);
diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp
index 442c6375..3656aa14 100755
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@@ -77,9 +77,9 @@ namespace VeraCrypt
EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
}
- bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+ bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
{
if (password.Size() < 1)
throw PasswordEmpty (SRC_POS);
@@ -91,9 +91,9 @@ namespace VeraCrypt
{
if (kdf && (kdf->GetName() != pkcs5->GetName()))
continue;
- pkcs5->DeriveKey (headerKey, password, salt);
+ pkcs5->DeriveKey (headerKey, password, pim, salt);
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
{
if (typeid (*mode) != typeid (EncryptionModeXTS))
diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h
index 40b45b3d..894ca8a1 100755
--- a/src/Volume/VolumeHeader.h
+++ b/src/Volume/VolumeHeader.h
@@ -55,9 +55,9 @@ namespace VeraCrypt
VolumeHeader (uint32 HeaderSize);
virtual ~VolumeHeader ();
void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options);
- bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
+ bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; }
uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; }
shared_ptr <EncryptionAlgorithm> GetEncryptionAlgorithm () const { return EA; }
diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp
index 33e0fd6f..aba7c479 100644..100755
--- a/src/Volume/VolumeInfo.cpp
+++ b/src/Volume/VolumeInfo.cpp
@@ -50,8 +50,9 @@ namespace VeraCrypt
Type = static_cast <VolumeType::Enum> (sr.DeserializeInt32 ("Type"));
VirtualDevice = sr.DeserializeWString ("VirtualDevice");
sr.Deserialize ("VolumeCreationTime", VolumeCreationTime);
sr.Deserialize ("TrueCryptMode", TrueCryptMode);
+ sr.Deserialize ("Pim", Pim);
}
bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second)
{
@@ -90,8 +91,9 @@ namespace VeraCrypt
sr.Serialize ("Type", static_cast <uint32> (Type));
sr.Serialize ("VirtualDevice", wstring (VirtualDevice));
sr.Serialize ("VolumeCreationTime", VolumeCreationTime);
sr.Serialize ("TrueCryptMode", TrueCryptMode);
+ sr.Serialize ("Pim", Pim);
}
void VolumeInfo::Set (const Volume &volume)
{
@@ -104,9 +106,9 @@ namespace VeraCrypt
VolumeCreationTime = volume.GetVolumeCreationTime();
HiddenVolumeProtectionTriggered = volume.IsHiddenVolumeProtectionTriggered();
MinRequiredProgramVersion = volume.GetHeader()->GetRequiredMinProgramVersion();
Path = volume.GetPath();
- Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount();
+ Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(volume.GetPim ());
Pkcs5PrfName = volume.GetPkcs5Kdf()->GetName();
Protection = volume.GetProtectionType();
Size = volume.GetSize();
SystemEncryption = volume.IsInSystemEncryptionScope();
@@ -114,8 +116,9 @@ namespace VeraCrypt
TopWriteOffset = volume.GetTopWriteOffset();
TotalDataRead = volume.GetTotalDataRead();
TotalDataWritten = volume.GetTotalDataWritten();
TrueCryptMode = volume.GetTrueCryptMode();
+ Pim = volume.GetPim ();
}
TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo);
}
diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h
index 96796b50..c5bd2021 100644
--- a/src/Volume/VolumeInfo.h
+++ b/src/Volume/VolumeInfo.h
@@ -56,8 +56,9 @@ namespace VeraCrypt
VolumeType::Enum Type;
DevicePath VirtualDevice;
VolumeTime VolumeCreationTime;
bool TrueCryptMode;
+ int Pim;
private:
VolumeInfo (const VolumeInfo &);
VolumeInfo &operator= (const VolumeInfo &);