diff options
Diffstat (limited to 'src')
26 files changed, 160 insertions, 36 deletions
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index 95e5c206..0137e204 100644..100755 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -68,9 +68,9 @@ namespace VeraCrypt } } - void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const + void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const { - shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, keyfiles); + shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, kdf, keyfiles); ChangePassword (volume, newPassword, newKeyfiles, newPkcs5Kdf, wipeCount); } @@ -242,10 +242,10 @@ namespace VeraCrypt return GetMountedVolume (volumePath); } - shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const + shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const { make_shared_auto (Volume, volume); - volume->Open (*volumePath, preserveTimestamps, password, keyfiles, protection, protectionPassword, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + volume->Open (*volumePath, preserveTimestamps, password, kdf, keyfiles, protection, protectionPassword, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); return volume; } diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index 6ebb76b7..0d52e5b9 100644..100755 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -29,7 +29,7 @@ namespace VeraCrypt virtual ~CoreBase (); virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; - virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0; virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const; virtual void CreateKeyfile (const FilePath &keyfilePath) const; @@ -64,7 +64,7 @@ namespace VeraCrypt virtual bool IsVolumeMounted (const VolumePath &volumePath) const; virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0; virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) = 0; - virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; + virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; virtual void RandomizeEncryptionAlgorithmKey (shared_ptr <EncryptionAlgorithm> encryptionAlgorithm) const; virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles) const; virtual void SetAdminPasswordCallback (shared_ptr <GetStringFunctor> functor) { } diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp index a09879d8..fb813bf0 100644..100755 --- a/src/Core/MountOptions.cpp +++ b/src/Core/MountOptions.cpp @@ -26,11 +26,21 @@ namespace VeraCrypt TC_CLONE (NoHardwareCrypto); TC_CLONE (NoKernelCrypto); TC_CLONE_SHARED (VolumePassword, Password); + if (other.Kdf) + { + Kdf.reset(other.Kdf->Clone()); + } + else + Kdf.reset(); TC_CLONE_SHARED (VolumePath, Path); TC_CLONE (PartitionInSystemEncryptionScope); TC_CLONE (PreserveTimestamps); TC_CLONE (Protection); TC_CLONE_SHARED (VolumePassword, ProtectionPassword); + if (other.ProtectionKdf) + ProtectionKdf.reset(other.ProtectionKdf->Clone()); + else + ProtectionKdf.reset(); TC_CLONE_SHARED (KeyfileList, ProtectionKeyfiles); TC_CLONE (Removable); TC_CLONE (SharedAccessAllowed); @@ -41,6 +51,7 @@ namespace VeraCrypt void MountOptions::Deserialize (shared_ptr <Stream> stream) { Serializer sr (stream); + wstring nameValue; sr.Deserialize ("CachePassword", CachePassword); sr.Deserialize ("FilesystemOptions", FilesystemOptions); @@ -61,6 +72,14 @@ namespace VeraCrypt Password = Serializable::DeserializeNew <VolumePassword> (stream); else Password.reset(); + + if (!sr.DeserializeBool ("KdfNull")) + { + sr.Deserialize ("Kdf", nameValue); + Kdf = Pkcs5Kdf::GetAlgorithm (nameValue); + } + else + Kdf.reset(); if (!sr.DeserializeBool ("PathNull")) Path.reset (new VolumePath (sr.DeserializeWString ("Path"))); @@ -77,6 +96,14 @@ namespace VeraCrypt else ProtectionPassword.reset(); + if (!sr.DeserializeBool ("ProtectionKdfNull")) + { + sr.Deserialize ("ProtectionKdf", nameValue); + ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue); + } + else + ProtectionKdf.reset(); + ProtectionKeyfiles = Keyfile::DeserializeList (stream, "ProtectionKeyfiles"); sr.Deserialize ("Removable", Removable); sr.Deserialize ("SharedAccessAllowed", SharedAccessAllowed); @@ -106,6 +133,10 @@ namespace VeraCrypt if (Password) Password->Serialize (stream); + sr.Serialize ("KdfNull", Kdf == nullptr); + if (Kdf) + sr.Serialize ("Kdf", Kdf->GetName()); + sr.Serialize ("PathNull", Path == nullptr); if (Path) sr.Serialize ("Path", wstring (*Path)); @@ -118,6 +149,10 @@ namespace VeraCrypt if (ProtectionPassword) ProtectionPassword->Serialize (stream); + sr.Serialize ("ProtectionKdfNull", ProtectionKdf == nullptr); + if (ProtectionKdf) + sr.Serialize ("ProtectionKdf", ProtectionKdf->GetName()); + Keyfile::SerializeList (stream, "ProtectionKeyfiles", ProtectionKeyfiles); sr.Serialize ("Removable", Removable); sr.Serialize ("SharedAccessAllowed", SharedAccessAllowed); diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h index 12aa03d5..6cb2c549 100644..100755 --- a/src/Core/MountOptions.h +++ b/src/Core/MountOptions.h @@ -51,11 +51,13 @@ namespace VeraCrypt bool NoHardwareCrypto; bool NoKernelCrypto; shared_ptr <VolumePassword> Password; + shared_ptr <Pkcs5Kdf> Kdf; bool PartitionInSystemEncryptionScope; shared_ptr <VolumePath> Path; bool PreserveTimestamps; VolumeProtection::Enum Protection; shared_ptr <VolumePassword> ProtectionPassword; + shared_ptr <Pkcs5Kdf> ProtectionKdf; shared_ptr <KeyfileList> ProtectionKeyfiles; bool Removable; bool SharedAccessAllowed; diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 15a96297..d33e4b73 100644..100755 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -409,9 +409,11 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + options.Kdf, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, VolumeType::Unknown, diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp index eed8cf22..68e644b5 100644 --- a/src/Main/CommandLineInterface.cpp +++ b/src/Main/CommandLineInterface.cpp @@ -36,6 +36,7 @@ namespace VeraCrypt parser.AddSwitch (L"C", L"change", _("Change password or keyfiles")); parser.AddSwitch (L"c", L"create", _("Create new volume")); parser.AddSwitch (L"", L"create-keyfile", _("Create new keyfile")); + parser.AddOption (L"", L"current-hash", _("Current hash algorithm for change password/keyfiles operation")); parser.AddSwitch (L"", L"delete-token-keyfiles", _("Delete security token keyfiles")); parser.AddSwitch (L"d", L"dismount", _("Dismount volume")); parser.AddSwitch (L"", L"display-password", _("Display password while typing")); @@ -61,6 +62,7 @@ namespace VeraCrypt parser.AddSwitch (L"", L"non-interactive", _("Do not interact with user")); parser.AddOption (L"p", L"password", _("Password")); parser.AddOption (L"", L"protect-hidden", _("Protect hidden volume")); + parser.AddOption (L"", L"protection-hash", _("Hash algorithm for protected hidden volume")); parser.AddOption (L"", L"protection-keyfiles", _("Keyfiles for protected hidden volume")); parser.AddOption (L"", L"protection-password", _("Password for protected hidden volume")); parser.AddOption (L"", L"random-source", _("Use file as source of random data")); @@ -306,6 +308,20 @@ namespace VeraCrypt throw_err (LangString["UNKNOWN_OPTION"] + L": " + str); } + if (parser.Found (L"current-hash", &str)) + { + ArgCurrentHash.reset(); + + foreach (shared_ptr <Hash> hash, Hash::GetAvailableAlgorithms()) + { + if (wxString (hash->GetName()).IsSameAs (str, false)) + ArgCurrentHash = hash; + } + + if (!ArgCurrentHash) + throw_err (LangString["UNKNOWN_OPTION"] + L": " + str); + } + if (parser.Found (L"keyfiles", &str)) ArgKeyfiles = ToKeyfileList (str); @@ -377,6 +393,22 @@ namespace VeraCrypt ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly; } + if (parser.Found (L"protection-hash", &str)) + { + bool bHashFound = false; + foreach (shared_ptr <Hash> hash, Hash::GetAvailableAlgorithms()) + { + if (wxString (hash->GetName()).IsSameAs (str, false)) + { + bHashFound = true; + ArgMountOptions.ProtectionKdf = Pkcs5Kdf::GetAlgorithm (*hash); + } + } + + if (!bHashFound) + throw_err (LangString["UNKNOWN_OPTION"] + L": " + str); + } + ArgQuick = parser.Found (L"quick"); if (parser.Found (L"random-source", &str)) diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h index c674597a..d3c2a0b3 100644 --- a/src/Main/CommandLineInterface.h +++ b/src/Main/CommandLineInterface.h @@ -61,6 +61,7 @@ namespace VeraCrypt VolumeCreationOptions::FilesystemType::Enum ArgFilesystem; bool ArgForce; shared_ptr <Hash> ArgHash; + shared_ptr <Hash> ArgCurrentHash; shared_ptr <KeyfileList> ArgKeyfiles; MountOptions ArgMountOptions; shared_ptr <DirectoryPath> ArgMountPoint; diff --git a/src/Main/Forms/ChangePasswordDialog.cpp b/src/Main/Forms/ChangePasswordDialog.cpp index 83186c05..e07b7d3b 100644..100755 --- a/src/Main/Forms/ChangePasswordDialog.cpp +++ b/src/Main/Forms/ChangePasswordDialog.cpp @@ -47,7 +47,7 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } - CurrentPasswordPanel = new VolumePasswordPanel (this, password, keyfiles); + CurrentPasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, false, true, true); CurrentPasswordPanel->UpdateEvent.Connect (EventConnector <ChangePasswordDialog> (this, &ChangePasswordDialog::OnPasswordPanelUpdate)); CurrentPasswordPanelSizer->Add (CurrentPasswordPanel, 1, wxALL | wxEXPAND); @@ -125,7 +125,7 @@ namespace VeraCrypt #endif wxBusyCursor busy; Core->ChangePassword (Path, Gui->GetPreferences().DefaultMountOptions.PreserveTimestamps, - CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetKeyfiles(), + CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetKeyfiles(), newPassword, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount()); } diff --git a/src/Main/Forms/MountOptionsDialog.cpp b/src/Main/Forms/MountOptionsDialog.cpp index 69d821c2..1ddb7793 100644..100755 --- a/src/Main/Forms/MountOptionsDialog.cpp +++ b/src/Main/Forms/MountOptionsDialog.cpp @@ -30,7 +30,7 @@ namespace VeraCrypt if (disableMountOptions) OptionsButton->Show (false); - PasswordPanel = new VolumePasswordPanel (this, options.Password, options.Keyfiles, !disableMountOptions); + PasswordPanel = new VolumePasswordPanel (this, options.Password, options.Keyfiles, !disableMountOptions, true, true, false, true, true); PasswordPanel->SetCacheCheckBoxValidator (wxGenericValidator (&Options.CachePassword)); PasswordSizer->Add (PasswordPanel, 1, wxALL | wxEXPAND); @@ -61,7 +61,7 @@ namespace VeraCrypt OptionsButton->SetLabel (OptionsButtonLabel + L" >"); OptionsPanel->Show (false); - ProtectionPasswordPanel = new VolumePasswordPanel (OptionsPanel, options.ProtectionPassword, options.ProtectionKeyfiles, false, true, true, false, false, _("P&assword to hidden volume:")); + ProtectionPasswordPanel = new VolumePasswordPanel (OptionsPanel, options.ProtectionPassword, options.ProtectionKeyfiles, false, true, true, false, true, true, _("P&assword to hidden volume:")); ProtectionPasswordSizer->Add (ProtectionPasswordPanel, 1, wxALL | wxEXPAND); UpdateDialog(); @@ -85,6 +85,7 @@ namespace VeraCrypt TransferDataFromWindow(); Options.Password = PasswordPanel->GetPassword(); + Options.Kdf = PasswordPanel->GetPkcs5Kdf(); Options.Keyfiles = PasswordPanel->GetKeyfiles(); if (ReadOnlyCheckBox->IsChecked()) @@ -95,6 +96,7 @@ namespace VeraCrypt { Options.Protection = VolumeProtection::HiddenVolumeReadOnly; Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword(); + Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf(); Options.ProtectionKeyfiles = ProtectionPasswordPanel->GetKeyfiles(); } else diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp index 597d014a..1dac1315 100644 --- a/src/Main/Forms/VolumeCreationWizard.cpp +++ b/src/Main/Forms/VolumeCreationWizard.cpp @@ -699,6 +699,7 @@ namespace VeraCrypt { VolumePasswordWizardPage *page = dynamic_cast <VolumePasswordWizardPage *> (GetCurrentPage()); Password = page->GetPassword(); + Kdf = page->GetPkcs5Kdf(); Keyfiles = page->GetKeyfiles(); if (forward && Password && !Password->IsEmpty()) @@ -937,7 +938,7 @@ namespace VeraCrypt }); #endif - shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Keyfiles, VolumeProtection::ReadOnly); + shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Kdf, Keyfiles, VolumeProtection::ReadOnly); MaxHiddenVolumeSize = Core->GetMaxHiddenVolumeSize (outerVolume); // Add a reserve (in case the user mounts the outer volume and creates new files diff --git a/src/Main/Forms/VolumeCreationWizard.h b/src/Main/Forms/VolumeCreationWizard.h index abbf64cb..3a87c4cb 100644 --- a/src/Main/Forms/VolumeCreationWizard.h +++ b/src/Main/Forms/VolumeCreationWizard.h @@ -73,6 +73,7 @@ namespace VeraCrypt VolumeHostType::Enum SelectedVolumeHostType; VolumeType::Enum SelectedVolumeType; shared_ptr <VolumePassword> Password; + shared_ptr <Pkcs5Kdf> Kdf; uint32 SectorSize; shared_ptr <Hash> SelectedHash; uint64 VolumeSize; diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp index 5b1b9db6..50f3eca2 100644..100755 --- a/src/Main/Forms/VolumePasswordPanel.cpp +++ b/src/Main/Forms/VolumePasswordPanel.cpp @@ -14,7 +14,7 @@ namespace VeraCrypt { - VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, const wxString &passwordLabel) + VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, bool isMountPassword, const wxString &passwordLabel) : VolumePasswordPanelBase (parent), Keyfiles (new KeyfileList) { if (keyfiles) @@ -63,14 +63,20 @@ namespace VeraCrypt Pkcs5PrfStaticText->Show (enablePkcs5Prf); Pkcs5PrfChoice->Show (enablePkcs5Prf); - HeaderWipeCountText->Show (enablePkcs5Prf); - HeaderWipeCount->Show (enablePkcs5Prf); + HeaderWipeCountText->Show (enablePkcs5Prf && !isMountPassword); + HeaderWipeCount->Show (enablePkcs5Prf && !isMountPassword); if (enablePkcs5Prf) { + if (isMountPassword) + { + // case of password for mounting + Pkcs5PrfChoice->Delete (0); + Pkcs5PrfChoice->Append (LangString["AUTODETECTION"]); + } foreach_ref (const Pkcs5Kdf &kdf, Pkcs5Kdf::GetAvailableAlgorithms()) { - if (!kdf.IsDeprecated()) + if (!kdf.IsDeprecated() || isMountPassword) Pkcs5PrfChoice->Append (kdf.GetName()); } Pkcs5PrfChoice->Select (0); diff --git a/src/Main/Forms/VolumePasswordPanel.h b/src/Main/Forms/VolumePasswordPanel.h index f7f6e7cb..465a430a 100644..100755 --- a/src/Main/Forms/VolumePasswordPanel.h +++ b/src/Main/Forms/VolumePasswordPanel.h @@ -18,7 +18,7 @@ namespace VeraCrypt class VolumePasswordPanel : public VolumePasswordPanelBase { public: - VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache = false, bool enablePassword = true, bool enableKeyfiles = true, bool enableConfirmation = false, bool enablePkcs5Prf = false, const wxString &passwordLabel = wxString()); + VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache = false, bool enablePassword = true, bool enableKeyfiles = true, bool enableConfirmation = false, bool enablePkcs5Prf = false, bool isMountPassword = false, const wxString &passwordLabel = wxString()); virtual ~VolumePasswordPanel (); void AddKeyfile (shared_ptr <Keyfile> keyfile); diff --git a/src/Main/Forms/VolumePasswordWizardPage.cpp b/src/Main/Forms/VolumePasswordWizardPage.cpp index 1034c220..61ff999f 100644..100755 --- a/src/Main/Forms/VolumePasswordWizardPage.cpp +++ b/src/Main/Forms/VolumePasswordWizardPage.cpp @@ -15,7 +15,7 @@ namespace VeraCrypt VolumePasswordWizardPage::VolumePasswordWizardPage (wxPanel* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableConfirmation) : VolumePasswordWizardPageBase (parent), ConfirmationMode (enableConfirmation) { - PasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, enableConfirmation); + PasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, enableConfirmation, !enableConfirmation, !enableConfirmation); PasswordPanel->UpdateEvent.Connect (EventConnector <VolumePasswordWizardPage> (this, &VolumePasswordWizardPage::OnPasswordPanelUpdate)); PasswordPanelSizer->Add (PasswordPanel, 1, wxALL | wxEXPAND); diff --git a/src/Main/Forms/VolumePasswordWizardPage.h b/src/Main/Forms/VolumePasswordWizardPage.h index 8aaf30d6..13a98c62 100644 --- a/src/Main/Forms/VolumePasswordWizardPage.h +++ b/src/Main/Forms/VolumePasswordWizardPage.h @@ -22,6 +22,7 @@ namespace VeraCrypt shared_ptr <KeyfileList> GetKeyfiles () const { return PasswordPanel->GetKeyfiles(); } shared_ptr <VolumePassword> GetPassword () const { return PasswordPanel->GetPassword(); } + shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const { return PasswordPanel->GetPkcs5Kdf(); } bool IsValid (); void SetMaxStaticTextWidth (int width) { InfoStaticText->Wrap (width); } void SetPageText (const wxString &text) { InfoStaticText->SetLabel (text); } diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp index 440125ef..889d49c5 100644..100755 --- a/src/Main/GraphicUserInterface.cpp +++ b/src/Main/GraphicUserInterface.cpp @@ -177,9 +177,11 @@ namespace VeraCrypt options->Path, options->PreserveTimestamps, options->Password, + options->Kdf, options->Keyfiles, options->Protection, options->ProtectionPassword, + options->ProtectionKdf, options->ProtectionKeyfiles, true, volumeType, @@ -1261,9 +1263,11 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + options.Kdf, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, VolumeType::Unknown, @@ -1373,7 +1377,7 @@ namespace VeraCrypt // Decrypt header shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); - if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) + if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; break; diff --git a/src/Main/GraphicUserInterface.h b/src/Main/GraphicUserInterface.h index 6fa51c4d..890ab5d6 100644..100755 --- a/src/Main/GraphicUserInterface.h +++ b/src/Main/GraphicUserInterface.h @@ -29,7 +29,7 @@ namespace VeraCrypt virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const; virtual void BeginBusyState () const { wxBeginBusyCursor(); } virtual void BeginInteractiveBusyState (wxWindow *window); - virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); } + virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); } wxHyperlinkCtrl *CreateHyperlink (wxWindow *parent, const wxString &linkUrl, const wxString &linkText) const; virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const; virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const { ThrowTextModeRequired(); } diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp index f9693cb1..9cc5232d 100644..100755 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -244,6 +244,12 @@ namespace VeraCrypt #endif ShowInfo ("EXTERNAL_VOL_HEADER_BAK_FIRST_INFO"); + + shared_ptr <Pkcs5Kdf> kdf; + if (CmdLine->ArgHash) + { + kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash); + } shared_ptr <Volume> normalVolume; shared_ptr <Volume> hiddenVolume; @@ -274,9 +280,11 @@ namespace VeraCrypt options->Path, options->PreserveTimestamps, options->Password, + kdf, options->Keyfiles, options->Protection, options->ProtectionPassword, + options->ProtectionKdf, options->ProtectionKeyfiles, true, volumeType, @@ -359,7 +367,7 @@ namespace VeraCrypt ShowInfo ("VOL_HEADER_BACKED_UP"); } - void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const + void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const { shared_ptr <Volume> volume; @@ -378,6 +386,12 @@ namespace VeraCrypt bool passwordInteractive = !password.get(); bool keyfilesInteractive = !keyfiles.get(); + shared_ptr<Pkcs5Kdf> kdf; + if (currentHash) + { + kdf = Pkcs5Kdf::GetAlgorithm (*currentHash); + } + while (true) { // Current password @@ -406,7 +420,7 @@ namespace VeraCrypt try { keyfiles.reset (new KeyfileList); - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, keyfiles); } catch (PasswordException&) { @@ -416,7 +430,7 @@ namespace VeraCrypt } if (!volume.get()) - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, keyfiles); } catch (PasswordException &e) { @@ -1285,6 +1299,12 @@ namespace VeraCrypt // Ask whether to restore internal or external backup bool restoreInternalBackup; + shared_ptr <Pkcs5Kdf> kdf; + if (CmdLine->ArgHash) + { + kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash); + } + ShowInfo (LangString["HEADER_RESTORE_EXTERNAL_INTERNAL"]); ShowInfo (L"\n1) " + LangString["HEADER_RESTORE_INTERNAL"]); ShowInfo (L"2) " + LangString["HEADER_RESTORE_EXTERNAL"] + L"\n"); @@ -1325,9 +1345,11 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + kdf, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, VolumeType::Unknown, @@ -1432,7 +1454,7 @@ namespace VeraCrypt // Decrypt header shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); - if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) + if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; break; diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h index 8721395f..c26298e2 100644..100755 --- a/src/Main/TextUserInterface.h +++ b/src/Main/TextUserInterface.h @@ -30,7 +30,7 @@ namespace VeraCrypt virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const; virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const; virtual void BeginBusyState () const { } - virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const; + virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const; virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const; virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const; virtual void DeleteSecurityTokenKeyfiles () const; diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index f66e28d2..4306dec2 100644..100755 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -883,6 +883,11 @@ namespace VeraCrypt cmdLine.ArgMountOptions.Password = cmdLine.ArgPassword; cmdLine.ArgMountOptions.Keyfiles = cmdLine.ArgKeyfiles; cmdLine.ArgMountOptions.SharedAccessAllowed = cmdLine.ArgForce; + if (cmdLine.ArgHash) + { + cmdLine.ArgMountOptions.Kdf = Pkcs5Kdf::GetAlgorithm (*cmdLine.ArgHash); + } + VolumeInfoList mountedVolumes; switch (cmdLine.ArgCommand) @@ -965,7 +970,7 @@ namespace VeraCrypt return true; case CommandId::ChangePassword: - ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash); + ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgCurrentHash, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash); return true; case CommandId::CreateKeyfile: diff --git a/src/Main/UserInterface.h b/src/Main/UserInterface.h index f7ebee0d..ae74ae99 100644..100755 --- a/src/Main/UserInterface.h +++ b/src/Main/UserInterface.h @@ -29,7 +29,7 @@ namespace VeraCrypt virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const = 0; virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const = 0; virtual void BeginBusyState () const = 0; - virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0; + virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0; virtual void CheckRequirementsForMountingVolume () const; virtual void CloseExplorerWindows (shared_ptr <VolumeInfo> mountedVolume) const; virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const = 0; diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h index 8618bb97..19267b0f 100644 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -31,6 +31,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const = 0; virtual int GetIterationCount () const = 0; virtual wstring GetName () const = 0; + virtual Pkcs5Kdf* Clone () const = 0; virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); } protected: @@ -53,6 +54,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } virtual int GetIterationCount () const { return 655331; } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(); } private: Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &); @@ -69,6 +71,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); } virtual int GetIterationCount () const { return 327661; } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(); } private: Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &); @@ -85,6 +88,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); } virtual int GetIterationCount () const { return 200000; } virtual wstring GetName () const { return L"HMAC-SHA-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); } private: Pkcs5HmacSha256_Boot (const Pkcs5HmacSha256_Boot &); @@ -101,6 +105,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); } virtual int GetIterationCount () const { return 500000; } virtual wstring GetName () const { return L"HMAC-SHA-256"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); } private: Pkcs5HmacSha256 (const Pkcs5HmacSha256 &); @@ -117,6 +122,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); } virtual int GetIterationCount () const { return 500000; } virtual wstring GetName () const { return L"HMAC-SHA-512"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(); } private: Pkcs5HmacSha512 (const Pkcs5HmacSha512 &); @@ -133,6 +139,7 @@ namespace VeraCrypt virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); } virtual int GetIterationCount () const { return 500000; } virtual wstring GetName () const { return L"HMAC-Whirlpool"; } + virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool; } private: Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &); diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index 2c319ad9..12bc9a14 100644..100755 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -62,7 +62,7 @@ namespace VeraCrypt return EA->GetMode(); } - void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { make_shared_auto (File, file); @@ -93,10 +93,10 @@ namespace VeraCrypt throw; } - return Open (file, password, keyfiles, protection, protectionPassword, protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + return Open (file, password, kdf, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); } - void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { if (!volumeFile) throw ParameterIncorrect (SRC_POS); @@ -189,7 +189,7 @@ namespace VeraCrypt shared_ptr <VolumeHeader> header = layout->GetHeader(); - if (header->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes)) + if (header->Decrypt (headerBuffer, *passwordKey, kdf, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes)) { // Header decrypted @@ -238,9 +238,9 @@ namespace VeraCrypt Volume protectedVolume; protectedVolume.Open (VolumeFile, - protectionPassword, protectionKeyfiles, + protectionPassword, protectionKdf, protectionKeyfiles, VolumeProtection::ReadOnly, - shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> (), + shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (), VolumeType::Hidden, useBackupHeaders); diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index dce2aa3b..dcc6eb01 100644..100755 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -89,8 +89,8 @@ namespace VeraCrypt uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); } bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; } bool IsInSystemEncryptionScope () const { return SystemEncryption; } - void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); - void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index e7a47d29..fbdece50 100644..100755 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -78,7 +78,7 @@ namespace VeraCrypt EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } - bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) { if (password.Size() < 1) throw PasswordEmpty (SRC_POS); @@ -89,6 +89,9 @@ namespace VeraCrypt foreach (shared_ptr <Pkcs5Kdf> pkcs5, keyDerivationFunctions) { + if (kdf && (kdf->GetName() != pkcs5->GetName())) + continue; + pkcs5->DeriveKey (headerKey, password, salt); foreach (shared_ptr <EncryptionMode> mode, encryptionModes) diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 8ce56fd8..cb567f22 100644..100755 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -56,7 +56,7 @@ namespace VeraCrypt virtual ~VolumeHeader (); void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options); - bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); + bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf); uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; } uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; } |