VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Common/Apidrvr.h1
-rw-r--r--src/Common/Crypto.h1
-rw-r--r--src/Common/Dlgcode.c34
-rw-r--r--src/Common/Dlgcode.h2
-rw-r--r--src/Common/Language.xml12
-rw-r--r--src/Common/Volumes.c4
-rw-r--r--src/Driver/DriveFilter.c2
-rw-r--r--src/Driver/Ntdriver.c2
-rw-r--r--src/Format/Tcformat.c33
-rw-r--r--src/Mount/Favorites.cpp23
-rw-r--r--src/Mount/Favorites.h2
-rw-r--r--src/Mount/Mount.c111
-rw-r--r--src/Mount/Mount.rc33
13 files changed, 211 insertions, 49 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index d168cf74..b61370c7 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -145,6 +145,7 @@ typedef struct
unsigned __int64 totalBytesWritten;
int hiddenVolProtection; /* Hidden volume protection status (e.g. HIDVOL_PROT_STATUS_NONE, HIDVOL_PROT_STATUS_ACTIVE, etc.) */
int volFormatVersion;
+ int volumePin;
} VOLUME_PROPERTIES_STRUCT;
typedef struct
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 038e5430..ff743890 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -213,6 +213,7 @@ typedef struct CRYPTO_INFO_t
unsigned __int8 salt[PKCS5_SALT_SIZE];
int noIterations;
BOOL bTrueCryptMode;
+ int volumePin;
uint64 volume_creation_time; // Legacy
uint64 header_creation_time; // Legacy
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index bfa8a32e..cc66506c 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -4353,6 +4353,22 @@ string GetUserFriendlyVersionString (int version)
return (versionString);
}
+string IntToString (int val)
+{
+ char szTmp [64];
+ StringCbPrintfA (szTmp, sizeof(szTmp), "%d", val);
+
+ return szTmp;
+}
+
+wstring IntToWideString (int val)
+{
+ wchar_t szTmp [64];
+ StringCbPrintfW (szTmp, sizeof(szTmp), L"%d", val);
+
+ return szTmp;
+}
+
void GetSizeString (unsigned __int64 size, wchar_t *str, size_t cbStr)
{
static wchar_t *b, *kb, *mb, *gb, *tb, *pb;
@@ -10720,14 +10736,16 @@ std::string FindLatestFileOrDirectory (const std::string &directory, const char
int GetPin (HWND hwndDlg, UINT ctrlId)
{
int pin = 0;
- char szTmp[MAX_PIN + 1] = {0};
- GetDlgItemText (hwndDlg, ctrlId, szTmp, MAX_PIN + 1);
- if (strlen(szTmp))
- {
- char* endPtr = NULL;
- pin = strtol(szTmp, &endPtr, 0);
- if (pin < 0 || endPtr == szTmp || !endPtr || *endPtr != '\0')
- pin = 0;
+ if (IsWindowEnabled (GetDlgItem (hwndDlg, ctrlId)))
+ {
+ char szTmp[MAX_PIN + 1] = {0};
+ if (GetDlgItemText (hwndDlg, ctrlId, szTmp, MAX_PIN + 1) > 0)
+ {
+ char* endPtr = NULL;
+ pin = strtol(szTmp, &endPtr, 10);
+ if (pin < 0 || endPtr == szTmp || !endPtr || *endPtr != '\0')
+ pin = 0;
+ }
}
return pin;
}
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 781efeee..a8d571dd 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -548,6 +548,8 @@ std::string VolumeGuidPathToDevicePath (std::string volumeGuidPath);
std::string HarddiskVolumePathToPartitionPath (const std::string &harddiskVolumePath);
std::string FindLatestFileOrDirectory (const std::string &directory, const char *namePattern, bool findDirectory, bool findFile);
std::string GetUserFriendlyVersionString (int version);
+std::string IntToString (int val);
+std::wstring IntToWideString (int val);
// Display a wait dialog while calling the provided callback with the given parameter
typedef void (CALLBACK* WaitThreadProc)(void* pArg, HWND hWaitDlg);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index e1cdcde7..fe94ab2e 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -597,7 +597,7 @@
<string lang="en" key="NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE_HELP">Please enter the password and/or keyfile(s) for the non-system volume where you want to resume the process of in-place encryption/decryption.\n\nRemark: After you click Next, VeraCrypt will attempt to find all non-system volumes where the process of encryption/decryption has been interrupted and where the VeraCrypt volume header can be deciphered using the supplied password and/or keyfile(s). If more than one such volume is found, you will need to select one of them in the next step.</string>
<string lang="en" key="NONSYS_INPLACE_ENC_RESUME_VOL_SELECT_HELP">Please select one of the listed volumes. The list contains each accessible non-system volume where the process of encryption/decryption has been interrupted and where the volume header was successfully deciphered using the supplied password and/or keyfile(s).</string>
<string lang="en" key="NONSYS_INPLACE_DEC_PASSWORD_PAGE_HELP">Please enter the password and/or keyfile(s) for the non-system VeraCrypt volume that you want to decrypt.</string>
- <string lang="en" key="PASSWORD_HELP">It is very important that you choose a good password. You should avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of 2, 3, or 4 such words). It should not contain any names or dates of birth. It should not be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We recommend choosing a password consisting of more than 20 characters (the longer, the better). The maximum possible length is 64 characters.</string>
+ <string lang="en" key="PASSWORD_HELP">It is very important that you choose a good password. You should avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of 2, 3, or 4 such words). It should not contain any names or dates of birth. It should not be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We recommend choosing a password consisting of 20 or more characters (the longer, the better). The maximum possible length is 64 characters.</string>
<string lang="en" key="PASSWORD_HIDDENVOL_HELP">Please choose a password for the hidden volume. </string>
<string lang="en" key="PASSWORD_HIDDEN_OS_HELP">Please choose a password for the hidden operating system (i.e. for the hidden volume). </string>
<string lang="en" key="PASSWORD_HIDDEN_OS_NOTE">IMPORTANT: The password that you choose for the hidden operating system in this step must be substantially different from the other two passwords (i.e. from the password for the outer volume and from the password for the decoy operating system).</string>
@@ -607,7 +607,7 @@
<string lang="en" key="PASSWORD_HIDVOL_HOST_TITLE">Outer Volume Password</string>
<string lang="en" key="PASSWORD_HIDVOL_TITLE">Hidden Volume Password</string>
<string lang="en" key="PASSWORD_HIDDEN_OS_TITLE">Password for Hidden Operating System</string>
- <string lang="en" key="PASSWORD_LENGTH_WARNING">WARNING: Short passwords are easy to crack using brute force techniques!\n\nWe recommend choosing a password consisting of more than 20 characters. Are you sure you want to use a short password?</string>
+ <string lang="en" key="PASSWORD_LENGTH_WARNING">WARNING: Short passwords are easy to crack using brute force techniques!\n\nWe recommend choosing a password consisting of 20 or more characters. Are you sure you want to use a short password?</string>
<string lang="en" key="PASSWORD_TITLE">Volume Password</string>
<string lang="en" key="PASSWORD_WRONG">Incorrect password/PRF or not a valid volume.</string>
<string lang="en" key="PASSWORD_OR_KEYFILE_WRONG">Incorrect keyfile(s) and/or password/PRF or not a valid volume.</string>
@@ -616,6 +616,8 @@
<string lang="en" key="PASSWORD_WRONG_AUTOMOUNT">Incorrect password/PRF or no valid volume found.</string>
<string lang="en" key="PASSWORD_OR_KEYFILE_WRONG_AUTOMOUNT">Incorrect keyfile(s)/password/PRF or no valid volume found.</string>
<string lang="en" key="PASSWORD_WRONG_CAPSLOCK_ON">\n\nWarning: Caps Lock is on. This may cause you to enter your password incorrectly.</string>
+ <string lang="en" key="PIN_CHANGE_WARNING">Remember Number to Mount Volume</string>
+ <string lang="en" key="PIN_SYSENC_CHANGE_WARNING">Remember Number to Boot System</string>
<string lang="en" key="PIN_SMALL_WARNING">You have chosen a Personal Iteration Number (PIN) that is smaller than the default VeraCrypt value. Please note that if your password is not strong enough, this could lead to a weaker security.\n\nDo you confirm that you are using a strong password?</string>
<string lang="en" key="PIN_SYSENC_TOO_BIG">Personal Iteration Number (PIN) maximum value for system encryption is 65535.</string>
<string lang="en" key="HIDDEN_FILES_PRESENT_IN_KEYFILE_PATH">\n\nWARNING: Hidden file(s) have been found in a keyfile search path. Such hidden files cannot be used as keyfiles. If you need to use them as keyfiles, remove their 'Hidden' attribute (right-click each of them, select 'Properties', uncheck 'Hidden' and click OK). Note: Hidden files are visible only if the corresponding option is enabled (Computer > Organize > 'Folder and search options' > View).</string>
@@ -1068,9 +1070,9 @@
<string lang="en" key="GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION">Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions).</string>
<string lang="en" key="ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">This algorithm is currently not supported for system encryption.</string>
<string lang="en" key="ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">This algorithm is not supported for TrueCrypt mode.</string>
- <string lang="en" key="PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">PIN (Personal Iteration Count) not supported for TrueCrypt mode.</string>
- <string lang="en" key="PIN_REQUIRE_LONG_PASSWORD">Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 485.</string>
- <string lang="en" key="BOOT_PIN_REQUIRE_LONG_PASSWORD">Pre-boot authentication Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 98.</string>
+ <string lang="en" key="PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">PIN (Personal Iteration Number) not supported for TrueCrypt mode.</string>
+ <string lang="en" key="PIN_REQUIRE_LONG_PASSWORD">Password must contain 20 or more characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is 485 or greater.</string>
+ <string lang="en" key="BOOT_PIN_REQUIRE_LONG_PASSWORD">Pre-boot authentication Password must contain 20 or more characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is 98 or greater.</string>
<string lang="en" key="KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">Keyfiles are currently not supported for system encryption.</string>
<string lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</string>
<string lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</string>
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 567df7ee..283be2ea 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -494,6 +494,7 @@ KeyReady: ;
cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations;
cryptoInfo->bTrueCryptMode = truecryptMode;
+ cryptoInfo->volumePin = pin;
goto ret;
}
@@ -516,6 +517,7 @@ KeyReady: ;
cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->noIterations = keyInfo.noIterations;
cryptoInfo->bTrueCryptMode = truecryptMode;
+ cryptoInfo->volumePin = pin;
// Init the cipher with the decrypted master key
status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);
@@ -805,6 +807,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
// User selected PRF
cryptoInfo->pkcs5 = pkcs5_prf;
cryptoInfo->bTrueCryptMode = FALSE;
+ cryptoInfo->noIterations = keyInfo.noIterations;
+ cryptoInfo->volumePin = pin;
// Mode of operation
cryptoInfo->mode = mode;
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index 9330f179..007d9d21 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -811,6 +811,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
BootDriveFilterExtension->Queue.CryptoInfo->header_creation_time = BootDriveFilterExtension->HeaderCryptoInfo->header_creation_time;
BootDriveFilterExtension->Queue.CryptoInfo->pkcs5 = BootDriveFilterExtension->HeaderCryptoInfo->pkcs5;
BootDriveFilterExtension->Queue.CryptoInfo->noIterations = BootDriveFilterExtension->HeaderCryptoInfo->noIterations;
+ BootDriveFilterExtension->Queue.CryptoInfo->volumePin = BootDriveFilterExtension->HeaderCryptoInfo->volumePin;
irp->IoStatus.Status = STATUS_SUCCESS;
}
@@ -1584,6 +1585,7 @@ void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp)
prop->mode = Extension->Queue.CryptoInfo->mode;
prop->pkcs5 = Extension->Queue.CryptoInfo->pkcs5;
prop->pkcs5Iterations = Extension->Queue.CryptoInfo->noIterations;
+ prop->volumePin = Extension->Queue.CryptoInfo->volumePin;
#if 0
prop->volumeCreationTime = Extension->Queue.CryptoInfo->volume_creation_time;
prop->headerCreationTime = Extension->Queue.CryptoInfo->header_creation_time;
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 1d29b52f..c3a220e1 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1227,6 +1227,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
prop->mode = ListExtension->cryptoInfo->mode;
prop->pkcs5 = ListExtension->cryptoInfo->pkcs5;
prop->pkcs5Iterations = ListExtension->cryptoInfo->noIterations;
+ prop->volumePin = ListExtension->cryptoInfo->volumePin;
#if 0
prop->volumeCreationTime = ListExtension->cryptoInfo->volume_creation_time;
prop->headerCreationTime = ListExtension->cryptoInfo->header_creation_time;
@@ -1424,6 +1425,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
burn (&mount->VolumePin, sizeof (mount->VolumePin));
burn (&mount->bTrueCryptMode, sizeof (mount->bTrueCryptMode));
burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf));
+ burn (&mount->ProtectedHidVolPin, sizeof (mount->ProtectedHidVolPin));
}
break;
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 574d61eb..a59ec4a4 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -3479,12 +3479,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
WORD lw = LOWORD (wParam);
WORD hw = HIWORD (wParam);
+ static BOOL PinValueChangedWarning = FALSE;
hCurPage = hwndDlg;
switch (uMsg)
{
case WM_INITDIALOG:
+ PinValueChangedWarning = FALSE;
LocalizeDialog (hwndDlg, "IDD_VOL_CREATION_WIZARD_DLG");
UpdateLastDialogId ();
@@ -4154,6 +4156,9 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
char szTmp[MAX_PIN + 1];
StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin);
SetWindowText (GetDlgItem (hwndDlg, IDC_PIN), szTmp);
+
+ PinValueChangedWarning = TRUE;
+ SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (SysEncInEffect ()? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING"));
}
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
@@ -4913,6 +4918,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
AfterSysEncProgressWMInitTasks (hwndDlg);
return 1;
+ case WM_CTLCOLORSTATIC:
+ {
+ if (PinValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIN_HELP)) )
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode((HDC)wParam,TRANSPARENT);
+ SetTextColor((HDC)wParam, RGB(255,0,0));
+ // NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle.
+ return (BOOL)GetSysColorBrush(COLOR_MENU);
+ }
+ }
+ return 0;
+
case WM_COMMAND:
if (nCurPageNo == INTRO_PAGE)
@@ -5293,6 +5312,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+ if (lw == IDC_PIN)
+ {
+ if(GetPin (hwndDlg, IDC_PIN) != 0)
+ {
+ PinValueChangedWarning = TRUE;
+ SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (SysEncInEffect ()? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING"));
+ }
+ else
+ {
+ PinValueChangedWarning = FALSE;
+ SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIN_HELP));
+ }
+ }
+
return 1;
}
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index a1a469bc..6fe871a0 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -13,6 +13,7 @@
#include "Dlgcode.h"
#include "Language.h"
#include "Mount.h"
+#include "Common/Resource.h"
#include "Resource.h"
#include "Xml.h"
#include "Favorites.h"
@@ -86,6 +87,7 @@ namespace VeraCrypt
favorite.Removable = prop.removable ? true : false;
favorite.SystemEncryption = prop.partitionInInactiveSysEncScope ? true : false;
favorite.OpenExplorerWindow = (bExplore == TRUE);
+ favorite.Pin = prop.volumePin;
if (favorite.VolumePathId.empty()
&& IsVolumeDeviceHosted (favorite.Path.c_str())
@@ -547,6 +549,11 @@ namespace VeraCrypt
XmlGetAttributeText (xml, "label", label, sizeof (label));
favorite.Label = Utf8StringToWide (label);
+ XmlGetAttributeText (xml, "pin", label, sizeof (label));
+ favorite.Pin = strtol (label, NULL, 10);
+ if (favorite.Pin < 0)
+ favorite.Pin = 0;
+
char boolVal[2];
XmlGetAttributeText (xml, "readonly", boolVal, sizeof (boolVal));
if (boolVal[0])
@@ -676,6 +683,9 @@ namespace VeraCrypt
if (!favorite.Label.empty())
s += L" label=\"" + favorite.Label + L"\"";
+ if (favorite.Pin > 0)
+ s += L" pin=\"" + IntToWideString(favorite.Pin) + L"\"";
+
if (favorite.ReadOnly)
s += L" readonly=\"1\"";
@@ -763,6 +773,14 @@ namespace VeraCrypt
static void SetControls (HWND hwndDlg, const FavoriteVolume &favorite, bool systemFavoritesMode, bool enable)
{
+ if (favorite.Pin > 0)
+ {
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA (szTmp, sizeof(szTmp), "%d", favorite.Pin);
+ SetDlgItemText (hwndDlg, IDC_PIN, szTmp);
+ }
+ else
+ SetDlgItemText (hwndDlg, IDC_PIN, "");
SetDlgItemTextW (hwndDlg, IDC_FAVORITE_LABEL, favorite.Label.c_str());
SetCheckBox (hwndDlg, IDC_FAVORITE_MOUNT_ON_LOGON, favorite.MountOnLogOn);
SetCheckBox (hwndDlg, IDC_FAVORITE_MOUNT_ON_ARRIVAL, favorite.MountOnArrival);
@@ -788,6 +806,9 @@ namespace VeraCrypt
EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOVE_UP), enable);
EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOVE_DOWN), enable);
EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_REMOVE), enable);
+ EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), enable);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), enable);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), enable);
EnableWindow (GetDlgItem (hwndDlg, IDT_FAVORITE_LABEL), enable);
EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_LABEL), enable);
EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOUNT_ON_LOGON), enable && !systemFavoritesMode);
@@ -815,6 +836,8 @@ namespace VeraCrypt
else
favorite.Label.clear();
+ favorite.Pin = GetPin (hwndDlg, IDC_PIN);
+
favorite.ReadOnly = (IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_MOUNT_READONLY) != 0);
favorite.Removable = (IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_MOUNT_REMOVABLE) != 0);
diff --git a/src/Mount/Favorites.h b/src/Mount/Favorites.h
index f91905d8..3a0a771b 100644
--- a/src/Mount/Favorites.h
+++ b/src/Mount/Favorites.h
@@ -17,6 +17,7 @@ namespace VeraCrypt
{
FavoriteVolume()
:
+ Pin (0),
DisableHotkeyMount (false),
DisconnectedDevice (false),
MountOnLogOn (false),
@@ -32,6 +33,7 @@ namespace VeraCrypt
string MountPoint;
string VolumePathId;
wstring Label;
+ int Pin;
bool DisableHotkeyMount;
bool DisconnectedDevice;
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index df9ecb58..ba3ee861 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -1785,6 +1785,7 @@ void CALLBACK RestoreHeaderWaitThreadProc(void* pArg, HWND hwndDlg)
BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
static KeyFilesDlgParam newKeyFilesParam;
+ static BOOL PinValueChangedWarning = FALSE;
WORD lw = LOWORD (wParam);
WORD hw = HIWORD (wParam);
@@ -1798,6 +1799,8 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
int i;
WipeAlgorithmId headerWipeMode = TC_WIPE_3_DOD_5220;
+ PinValueChangedWarning = FALSE;
+
ZeroMemory (&newKeyFilesParam, sizeof (newKeyFilesParam));
SetWindowTextW (hwndDlg, GetString ("IDD_PASSWORDCHANGE_DLG"));
@@ -1806,6 +1809,8 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_VERIFY), EM_LIMITTEXT, MAX_PASSWORD, 0);
+ SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PIN), EM_LIMITTEXT, MAX_PIN, 0);
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, MAX_PIN, 0);
EnableWindow (GetDlgItem (hwndDlg, IDOK), FALSE);
SetCheckBox (hwndDlg, IDC_ENABLE_KEYFILES, KeyFilesEnable);
@@ -1854,7 +1859,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
LocalizeDialog (hwndDlg, "IDD_PCDM_CHANGE_PKCS5_PRF");
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE);
@@ -1868,7 +1875,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
newKeyFilesParam.EnableKeyFiles = TRUE;
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_NEW_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_CONFIRM_PASSWORD), FALSE);
@@ -1886,7 +1895,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_KEYFILES), TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE);
@@ -2018,6 +2029,20 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
}
return 0;
+ case WM_CTLCOLORSTATIC:
+ {
+ if (PinValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIN_HELP)) )
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode((HDC)wParam,TRANSPARENT);
+ SetTextColor((HDC)wParam, RGB(255,0,0));
+ // NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle.
+ return (BOOL)GetSysColorBrush(COLOR_MENU);
+ }
+ }
+ return 0;
+
case WM_COMMAND:
if (lw == IDCANCEL)
{
@@ -2040,7 +2065,28 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
IDC_OLD_PASSWORD,
KeyFilesEnable && FirstKeyFile != NULL,
IDC_PASSWORD, IDC_VERIFY,
- newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL);
+ newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL);
+
+ if ((lw == IDC_OLD_PIN) && IsWindowEnabled (GetDlgItem (hwndDlg, IDC_PIN)))
+ {
+ char tmp[MAX_PIN+1] = {0};
+ GetDlgItemText (hwndDlg, IDC_OLD_PIN, tmp, MAX_PIN + 1);
+ SetDlgItemText (hwndDlg, IDC_PIN, tmp);
+ }
+
+ if (lw == IDC_PIN)
+ {
+ if(GetPin (hwndDlg, IDC_OLD_PIN) != GetPin (hwndDlg, IDC_PIN))
+ {
+ PinValueChangedWarning = TRUE;
+ SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (bSysEncPwdChangeDlgMode? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING"));
+ }
+ else
+ {
+ PinValueChangedWarning = FALSE;
+ SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIN_HELP));
+ }
+ }
return 1;
}
@@ -2154,6 +2200,14 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
}
+ if (lw == IDC_TRUECRYPT_MODE)
+ {
+ BOOL bEnablePin = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE;
+ EnableWindow (GetDlgItem (hwndDlg, IDT_OLD_PIN), bEnablePin);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIN), bEnablePin);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIN_HELP), bEnablePin);
+ }
+
if (lw == IDC_SHOW_PASSWORD_CHPWD_ORI)
{
SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD),
@@ -2567,6 +2621,14 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
return 1;
}
+ if (lw == IDC_TRUECRYPT_MODE)
+ {
+ BOOL bEnablePin = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE;
+ EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), bEnablePin);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), bEnablePin);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), bEnablePin);
+ }
+
if (lw == IDC_KEY_FILES)
{
KeyFilesDlgParam param;
@@ -2609,11 +2671,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
*truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
- GetWindowText (GetDlgItem (hwndDlg, IDC_PIN), tmp, MAX_PIN + 1);
- if (strlen(tmp))
- *pin = (int) strtol(tmp, NULL, 10); /* IDC_PIN is configured to accept only numbers */
- else
- *pin = 0;
+ *pin = GetPin (hwndDlg, IDC_PIN);
/* SHA-256 is not supported by TrueCrypt */
if ( (*truecryptMode)
@@ -3443,7 +3501,13 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
// PKCS 5 PRF
ListItemAddW (list, i, GetString ("PKCS5_PRF"));
- ListSubItemSet (list, i++, 1, get_pkcs5_prf_name (prop.pkcs5));
+ if (prop.volumePin == 0)
+ ListSubItemSet (list, i++, 1, get_pkcs5_prf_name (prop.pkcs5));
+ else
+ {
+ StringCbPrintfA (szTmp, sizeof(szTmp), "%s (Dynamic)", get_pkcs5_prf_name (prop.pkcs5));
+ ListSubItemSet (list, i++, 1, szTmp);
+ }
#if 0
// PCKS 5 iterations
@@ -3966,12 +4030,13 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int
// GUI actions
-static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
+static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName, int pin)
{
BOOL status = FALSE;
char fileName[MAX_PATH];
int mounted = 0, EffectiveVolumePkcs5 = CmdVolumePkcs5;
BOOL EffectiveVolumeTrueCryptMode = CmdVolumeTrueCryptMode;
+ int EffectiveVolumePin = (pin < 0)? CmdVolumePin : pin;
/* Priority is given to command line parameters
* Default values used only when nothing specified in command line
@@ -4027,10 +4092,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
// First try cached passwords and if they fail ask user for a new one
WaitCursor ();
- // try TrueCrypt mode first since it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ // try TrueCrypt mode first since it is quick, only if pin = 0
+ if (EffectiveVolumePin == 0)
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
// If keyfiles are enabled, test empty password first
if (!mounted && KeyFilesEnable && FirstKeyFile)
@@ -4039,10 +4105,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
emptyPassword.Length = 0;
KeyFilesApply (hwndDlg, &emptyPassword, FirstKeyFile);
- // try TrueCrypt mode first since it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ // try TrueCrypt mode first since it is quick, only if pin = 0
+ if (EffectiveVolumePin == 0)
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
burn (&emptyPassword, sizeof (emptyPassword));
}
@@ -4050,10 +4117,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
// Test password and/or keyfiles used for the previous volume
if (!mounted && bCacheDuringMultipleMount && MultipleMountOperationInProgress && VolumePassword.Length != 0)
{
- // try TrueCrypt mode first as it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ // try TrueCrypt mode first as it is quick, only if pin = 0
+ if (EffectiveVolumePin == 0)
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
}
NormalCursor ();
@@ -4073,13 +4141,13 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
VolumePassword = CmdVolumePassword;
VolumePkcs5 = EffectiveVolumePkcs5;
VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode;
- VolumePin = CmdVolumePin;
+ VolumePin = EffectiveVolumePin;
}
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
- int GuiPin = CmdVolumePin;
+ int GuiPin = EffectiveVolumePin;
StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPin, &GuiTrueCryptMode, NULL, TRUE))
@@ -4206,7 +4274,7 @@ void __cdecl mountThreadFunction (void *hwndDlgArg)
EnableWindow(hwndDlg, FALSE);
finally_do_arg (HWND, hwndDlg, { EnableWindow(finally_arg, TRUE); });
- Mount (hwndDlg, 0, 0);
+ Mount (hwndDlg, 0, 0, -1);
}
static BOOL DismountAll (HWND hwndDlg, BOOL forceUnmount, BOOL interact, int dismountMaxRetries, int dismountAutoRetryDelay)
@@ -8097,6 +8165,7 @@ void DismountIdleVolumes ()
&& prop.pkcs5 >= FIRST_PRF_ID && prop.pkcs5 <= LAST_PRF_ID
&& prop.pkcs5Iterations > 0
&& prop.hiddenVolProtection >= 0 && prop.volFormatVersion >= 0
+ && prop.volumePin >= 0
)
)
{
@@ -8237,7 +8306,7 @@ BOOL MountFavoriteVolumes (BOOL systemFavorites, BOOL logOnMount, BOOL hotKeyMou
BOOL prevReadOnly = mountOptions.ReadOnly;
- if (!Mount (MainDlg, drive, (char *) favorite.Path.c_str()))
+ if (!Mount (MainDlg, drive, (char *) favorite.Path.c_str(), favorite.Pin))
status = FALSE;
if (status && mountOptions.ReadOnly != prevReadOnly)
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index d40eb805..135cdd77 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -312,7 +312,7 @@ BEGIN
LTEXT "",IDT_LIMIT_ENC_THREAD_POOL_NOTE,18,126,334,33
END
-IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 276
+IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 315
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - Favorite Volumes"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -321,25 +321,28 @@ BEGIN
PUSHBUTTON "Move &Up",IDC_FAVORITE_MOVE_UP,7,104,63,14
PUSHBUTTON "Move &Down",IDC_FAVORITE_MOVE_DOWN,74,104,63,14
PUSHBUTTON "&Remove",IDC_FAVORITE_REMOVE,310,104,63,14
- EDITTEXT IDC_FAVORITE_LABEL,16,142,204,13,ES_AUTOHSCROLL
+ EDITTEXT IDC_FAVORITE_LABEL,16,173,204,13,ES_AUTOHSCROLL
CONTROL "Mount selected volume as read-o&nly",IDC_FAVORITE_MOUNT_READONLY,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,162,349,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,193,349,10
CONTROL "Mount selected volume as remo&vable medium",IDC_FAVORITE_MOUNT_REMOVABLE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,176,349,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,207,349,10
CONTROL "Mount selected volume upon log&on",IDC_FAVORITE_MOUNT_ON_LOGON,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,190,349,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,221,349,10
CONTROL "Mount selected volume when its host device gets &connected",IDC_FAVORITE_MOUNT_ON_ARRIVAL,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,204,349,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,235,349,10
CONTROL "Open &Explorer window for selected volume when successfully mounted",IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,218,349,11
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,249,349,11
CONTROL "Do not mount selected volume when 'Mount Favorite Volumes' &hot key is pressed",IDC_FAVORITE_DISABLE_HOTKEY,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,232,349,11
- LTEXT "Help on favorite volumes",IDC_FAVORITES_HELP_LINK,17,259,237,10,SS_NOTIFY
- DEFPUSHBUTTON "OK",IDOK,269,257,50,14
- PUSHBUTTON "Cancel",IDCANCEL,323,257,50,14
- GROUPBOX "",IDC_FAV_VOL_OPTIONS_GROUP_BOX,7,121,366,130
- LTEXT "Label of selected favorite volume:",IDT_FAVORITE_LABEL,18,132,202,8
- GROUPBOX "Global Settings",IDC_FAV_VOL_OPTIONS_GLOBAL_SETTINGS_BOX,7,202,366,49
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,264,349,11
+ LTEXT "Help on favorite volumes",IDC_FAVORITES_HELP_LINK,17,298,237,10,SS_NOTIFY
+ DEFPUSHBUTTON "OK",IDOK,269,296,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,323,296,50,14
+ GROUPBOX "",IDC_FAV_VOL_OPTIONS_GROUP_BOX,7,122,366,159
+ LTEXT "Label of selected favorite volume:",IDT_FAVORITE_LABEL,18,163,202,8
+ GROUPBOX "Global Settings",IDC_FAV_VOL_OPTIONS_GLOBAL_SETTINGS_BOX,7,230,366,57
+ EDITTEXT IDC_PIN,16,143,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,64,145,189,8
+ LTEXT "Volume PIN:",IDT_PIN,18,133,65,8
END
IDD_DEFAULT_MOUNT_PARAMETERS DIALOGEX 0, 0, 167, 65
@@ -443,7 +446,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 373
TOPMARGIN, 7
- BOTTOMMARGIN, 269
+ BOTTOMMARGIN, 308
END
IDD_DEFAULT_MOUNT_PARAMETERS, DIALOG