From 25c3d15ed7edcb8483dc3de7a55cf4579f6504c4 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 28 Dec 2014 19:04:05 +0100 Subject: Windows: support loading TrueCrypt volumes. Implement converting TrueCrypt volumes to VeraCrypt using the change password functionality. --- src/Common/Apidrvr.h | 1 + src/Common/BootEncryption.cpp | 4 +- src/Common/Cache.c | 6 +- src/Common/Cache.h | 2 +- src/Common/Crypto.h | 1 + src/Common/Dlgcode.c | 21 +++++-- src/Common/Dlgcode.h | 4 +- src/Common/Format.c | 2 +- src/Common/Language.xml | 7 ++- src/Common/Password.c | 8 +-- src/Common/Password.h | 2 +- src/Common/Pkcs5.c | 11 ++-- src/Common/Pkcs5.h | 2 +- src/Common/Tcdefs.h | 3 +- src/Common/Volumes.c | 45 ++++++++++++--- src/Common/Volumes.h | 2 +- src/Driver/DriveFilter.c | 4 +- src/Driver/Ntdriver.c | 5 +- src/Driver/Ntvol.c | 2 + src/Format/InPlace.c | 2 +- src/Format/Tcformat.c | 4 +- src/Mount/MainCom.cpp | 19 ++++-- src/Mount/MainCom.h | 2 +- src/Mount/MainCom.idl | 3 +- src/Mount/Mount.c | 130 +++++++++++++++++++++++++++++++++--------- src/Mount/Mount.h | 1 + src/Mount/Mount.rc | 52 +++++++++-------- src/Mount/Resource.h | 3 +- src/Setup/ComSetup.cpp | 2 +- 29 files changed, 246 insertions(+), 104 deletions(-) diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index ac1689be..f14319ed 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -102,6 +102,7 @@ typedef struct BOOL RecoveryMode; int pkcs5_prf; int ProtectedHidVolPkcs5Prf; + BOOL bTrueCryptMode; } MOUNT_STRUCT; typedef struct diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index b1fd5e94..43cee062 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1638,7 +1638,7 @@ namespace VeraCrypt // Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize) memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader)); - ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, NULL, cryptoInfo); + ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, FALSE, NULL, cryptoInfo); DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); @@ -2159,7 +2159,7 @@ namespace VeraCrypt PCRYPTO_INFO cryptoInfo = NULL; - int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, &cryptoInfo, NULL); + int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, FALSE, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); if (status != 0) diff --git a/src/Common/Cache.c b/src/Common/Cache.c index 2ecf9d86..33043f78 100644 --- a/src/Common/Cache.c +++ b/src/Common/Cache.c @@ -21,7 +21,7 @@ Password CachedPasswords[CACHE_SIZE]; int cacheEmpty = 1; static int nPasswordIdx = 0; -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo) +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo) { int nReturnCode = ERR_PASSWORD_WRONG; int i; @@ -29,7 +29,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas /* Attempt to recognize volume using mount password */ if (password->Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, truecryptMode, retInfo, NULL); /* Save mount passwords back into cache if asked to do so */ if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY)) @@ -59,7 +59,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas { if (CachedPasswords[i].Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, truecryptMode, retInfo, NULL); if (nReturnCode != ERR_PASSWORD_WRONG) break; diff --git a/src/Common/Cache.h b/src/Common/Cache.h index 3c68479e..10f120b0 100644 --- a/src/Common/Cache.h +++ b/src/Common/Cache.h @@ -19,5 +19,5 @@ extern int cacheEmpty; void AddPasswordToCache (Password *password); -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo); +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo); void WipeCache (void); diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 4695239b..70f481d8 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -211,6 +211,7 @@ typedef struct CRYPTO_INFO_t unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */ unsigned __int8 salt[PKCS5_SALT_SIZE]; int noIterations; + BOOL bTrueCryptMode; uint64 volume_creation_time; // Legacy uint64 header_creation_time; // Legacy diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 9c72751b..9bb4ac49 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -4028,6 +4028,10 @@ void handleError (HWND hwndDlg, int code) // A non-error break; + case ERR_UNSUPPORTED_TRUECRYPT_FORMAT: + MessageBoxW (hwndDlg, GetString ("UNSUPPORTED_TRUECRYPT_FORMAT"), lpszTitle, ICON_HAND); + break; + default: StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code); MessageBoxW (hwndDlg, szTmp, lpszTitle, ICON_HAND); @@ -4504,22 +4508,22 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) case SHA512: /* PKCS-5 test with HMAC-SHA-512 used as the PRF */ - derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); + derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE); break; case SHA256: /* PKCS-5 test with HMAC-SHA-256 used as the PRF */ - derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); + derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE); break; case RIPEMD160: /* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */ - derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); + derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE); break; case WHIRLPOOL: /* PKCS-5 test with HMAC-Whirlpool used as the PRF */ - derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE), dk, MASTER_KEYDATA_SIZE); + derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE); break; } } @@ -6289,6 +6293,7 @@ int MountVolume (HWND hwndDlg, char *volumePath, Password *password, int pkcs5, + BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, @@ -6360,6 +6365,7 @@ retry: mount.bMountManager = TRUE; mount.pkcs5_prf = pkcs5; + mount.bTrueCryptMode = truecryptMode; // Windows 2000 mount manager causes problems with remounted volumes if (CurrentOSMajor == 5 && CurrentOSMinor == 0) @@ -6412,6 +6418,8 @@ retry: &mount.nPartitionInInactiveSysEncScopeDriveNo, sizeof(mount.nPartitionInInactiveSysEncScopeDriveNo)) != 1) { + if (!quiet) + Warning ("NO_SYSENC_PARTITION_SELECTED", hwndDlg); return -1; } @@ -6436,6 +6444,7 @@ retry: burn (&mount.VolumePassword, sizeof (mount.VolumePassword)); burn (&mount.ProtectedHidVolPassword, sizeof (mount.ProtectedHidVolPassword)); burn (&mount.pkcs5_prf, sizeof (mount.pkcs5_prf)); + burn (&mount.bTrueCryptMode, sizeof (mount.bTrueCryptMode)); burn (&mount.ProtectedHidVolPkcs5Prf, sizeof (mount.ProtectedHidVolPkcs5Prf)); if (bResult == FALSE) @@ -8954,7 +8963,7 @@ void ReportUnexpectedState (char *techInfo) #ifndef SETUP -int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) +int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) { int status = ERR_PARAMETER_INCORRECT; int volumeType; @@ -9104,7 +9113,7 @@ int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *pa } // Decrypt volume header - status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, &context->CryptoInfo, NULL); + status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, truecryptMode, &context->CryptoInfo, NULL); if (status == ERR_PASSWORD_WRONG) continue; // Try next volume type diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 5af52b15..601871ce 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -325,7 +325,7 @@ BOOL IsDriveAvailable (int driveNo); BOOL IsDeviceMounted (char *deviceName); int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced); void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap); -int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); +int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount); BOOL IsPasswordCacheEmpty (void); BOOL IsMountedVolume (const char *volname); @@ -447,7 +447,7 @@ void ToBootPwdField (HWND hwndDlg, UINT ctrlId); void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT hFont); BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize); BOOL DoDriverInstall (HWND hwndDlg); -int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); +int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); void CloseVolume (OpenVolumeContext *context); int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode); BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly); diff --git a/src/Common/Format.c b/src/Common/Format.c index 3b7a8127..54dddf64 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -624,7 +624,7 @@ error: mountOptions.PartitionInInactiveSysEncScope = FALSE; mountOptions.UseBackupHeader = FALSE; - if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) + if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) { MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND); MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index c4ea0562..d090ac1b 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -167,6 +167,7 @@ Display password Open &Explorer window for mounted volume &Cache password in driver memory + TrueCrypt Mode Di&smount All &Volume Properties... Volume &Tools... @@ -1033,6 +1034,7 @@ \nThe extra boot partition can be removed before installing Windows. To do so, follow these steps:\n\n1) Boot your Windows installation disc.\n\n2) In the Windows installer screen, click 'Install now' > 'Custom (advanced)'.\n\n3) Click 'Drive Options'.\n\n4) Select the main system partition and delete it by clicking 'Delete' and 'OK'.\n\n5) Select the 'System Reserved' partition, click 'Extend', and increase its size so that the operating system can be installed to it.\n\n6) Click 'Apply' and 'OK'.\n\n7) Install Windows on the 'System Reserved' partition.\n\n\nShould an attacker ask why you removed the extra boot partition, you can answer that you wanted to prevent any possible data leaks to the unencrypted boot partition.\n\nNote: You can print this text by clicking the 'Print' button below. If you save a copy of this text or print it (strongly recommended, unless your printer stores copies of documents it prints on its internal drive), you should destroy any copies of it after removing the extra boot partition (otherwise, if such a copy was found, it might indicate that there is a hidden operating system on this computer). Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions). This algorithm is currently not supported for system encryption. + This algorithm is not supported for TrueCrypt mode. Keyfiles are currently not supported for system encryption. Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly. Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout. @@ -1231,8 +1233,9 @@ Do you want VeraCrypt to attempt to disable write protection of the partition/drive? WARNING: This setting may degrade performance.\n\nAre you sure you want to use this setting? Warning: VeraCrypt volume auto-dismounted - Before you physically remove or turn off a device containing a mounted volume, you should always dismount the volume in VeraCrypt first.\n\nUnexpected spontaneous dismount is usually caused by an intermittently failing cable, drive (enclosure), etc. - Test + Before you physically remove or turn off a device containing a mounted volume, you should always dismount the volume in VeraCrypt first.\n\nUnexpected spontaneous dismount is usually caused by an intermittently failing cable, drive (enclosure), etc. + VeraCrypt supports only TrueCrypt volumes created with TrueCrypt 7.x series + Test Keyfile Backspace Tab diff --git a/src/Common/Password.c b/src/Common/Password.c index db7ad7f7..f8fd3c1c 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -119,7 +119,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem) return TRUE; } -int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) +int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) { int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR; char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH]; @@ -143,7 +143,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Pas if (oldPassword->Length == 0 || newPassword->Length == 0) return -1; - if (wipePassCount <= 0) + if ((wipePassCount <= 0) || (truecryptMode && (old_pkcs5 == SHA256))) { nStatus = ERR_PARAMETER_INCORRECT; handleError (hwndDlg, nStatus); @@ -281,7 +281,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Pas /* Try to decrypt the header */ - nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, &cryptoInfo, NULL); + nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, truecryptMode, &cryptoInfo, NULL); if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here @@ -353,7 +353,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Pas (volumeType == TC_VOLUME_TYPE_HIDDEN) ? cryptoInfo->hiddenVolumeSize : 0, cryptoInfo->EncryptedAreaStart.Value, cryptoInfo->EncryptedAreaLength.Value, - cryptoInfo->RequiredProgramVersion, + truecryptMode? 0 : cryptoInfo->RequiredProgramVersion, cryptoInfo->HeaderFlags, cryptoInfo->SectorSize, wipePass < wipePassCount - 1); diff --git a/src/Common/Password.h b/src/Common/Password.h index 66903b53..62fe23a7 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -35,7 +35,7 @@ typedef struct void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled ); BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem); BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw); -int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); +int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); #endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index 8f0c3645..e522a360 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -665,19 +665,22 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id) -int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot) +int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL truecryptMode, BOOL bBoot) { switch (pkcs5_prf_id) { case RIPEMD160: - return bBoot? 327661 : 655331; + if (truecryptMode) + return bBoot ? 1000 : 2000; + else + return bBoot? 327661 : 655331; case SHA512: - return 500000; + return truecryptMode? 1000 : 500000; case WHIRLPOOL: - return 500000; + return truecryptMode? 1000 : 500000; case SHA256: return bBoot? 200000 : 500000; diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h index be8c8cdb..d7ab90db 100644 --- a/src/Common/Pkcs5.h +++ b/src/Common/Pkcs5.h @@ -31,7 +31,7 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t); void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b); void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen); -int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot); +int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL truecryptMode, BOOL bBoot); char *get_pkcs5_prf_name (int pkcs5_prf_id); #if defined(__cplusplus) diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 85b428c7..cf8bd349 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -295,7 +295,8 @@ enum ERR_PARAMETER_INCORRECT = 30, ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG = 31, ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32, - ERR_USER_ABORT = 33 + ERR_USER_ABORT = 33, + ERR_UNSUPPORTED_TRUECRYPT_FORMAT = 34 }; #endif // #ifndef TCDEFS_H diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 4e7bd0e3..7e001004 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -163,7 +163,7 @@ typedef struct BOOL ReadVolumeHeaderRecoveryMode = FALSE; -int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) { char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE]; KEY_INFO keyInfo; @@ -184,6 +184,14 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int LONG outstandingWorkItemCount = 0; int i; + if (truecryptMode) + { + // SHA-256 not supported in TrueCrypt mode + if (selected_pkcs5_prf == SHA256) + return ERR_PARAMETER_INCORRECT; + pkcs5PrfCount--; // don't count SHA-256 in case of TrueCrypt mode + } + if (retHeaderCryptoInfo != NULL) { cryptoInfo = retHeaderCryptoInfo; @@ -246,6 +254,10 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf) continue; + // skip SHA-256 in case of TrueCrypt mode + if (truecryptMode && (enqPkcs5Prf == SHA256)) + continue; + if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { // Enqueue key derivation on thread pool @@ -262,7 +274,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int EncryptionThreadPoolBeginKeyDerivation (&keyDerivationCompletedEvent, &noOutstandingWorkItemEvent, &item->KeyReady, &outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey, - keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, bBoot), item->DerivedKey); + keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, truecryptMode, bBoot), item->DerivedKey); ++queuedWorkItems; break; @@ -284,7 +296,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE) { pkcs5_prf = item->Pkcs5Prf; - keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, bBoot); + keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, truecryptMode, bBoot); memcpy (dk, item->DerivedKey, sizeof (dk)); item->Free = TRUE; @@ -302,7 +314,7 @@ KeyReady: ; else { pkcs5_prf = enqPkcs5Prf; - keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, bBoot); + keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, truecryptMode, bBoot); switch (pkcs5_prf) { @@ -386,8 +398,10 @@ KeyReady: ; DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); - // Magic 'VERA' - if (GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241) + // Magic 'VERA' or 'TRUE' depending if we are in TrueCrypt mode or not + if ((truecryptMode && GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x54525545) + || (!truecryptMode && GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241) + ) continue; // Header version @@ -407,7 +421,17 @@ KeyReady: ; // Required program version cryptoInfo->RequiredProgramVersion = GetHeaderField16 (header, TC_HEADER_OFFSET_REQUIRED_VERSION); - cryptoInfo->LegacyVolume = cryptoInfo->RequiredProgramVersion < 0x10b; + if (truecryptMode) + { + if (cryptoInfo->RequiredProgramVersion < 0x700 || cryptoInfo->RequiredProgramVersion > 0x71a) + { + status = ERR_UNSUPPORTED_TRUECRYPT_FORMAT; + goto err; + } + cryptoInfo->LegacyVolume = FALSE; + } + else + cryptoInfo->LegacyVolume = cryptoInfo->RequiredProgramVersion < 0x10b; // Check CRC of the key set if (!ReadVolumeHeaderRecoveryMode @@ -417,7 +441,7 @@ KeyReady: ; // Now we have the correct password, cipher, hash algorithm, and volume type // Check the version required to handle this volume - if (cryptoInfo->RequiredProgramVersion > VERSION_NUM) + if (!truecryptMode && (cryptoInfo->RequiredProgramVersion > VERSION_NUM)) { status = ERR_NEW_VERSION_REQUIRED; goto err; @@ -469,6 +493,7 @@ KeyReady: ; { cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo.noIterations; + cryptoInfo->bTrueCryptMode = truecryptMode; goto ret; } @@ -490,6 +515,7 @@ KeyReady: ; memcpy (cryptoInfo->salt, keyInfo.salt, PKCS5_SALT_SIZE); cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo.noIterations; + cryptoInfo->bTrueCryptMode = truecryptMode; // Init the cipher with the decrypted master key status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks); @@ -768,13 +794,14 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, // User key memcpy (keyInfo.userKey, password->Text, nUserKeyLen); keyInfo.keyLength = nUserKeyLen; - keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, bBoot); + keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, FALSE, bBoot); // User selected encryption algorithm cryptoInfo->ea = ea; // User selected PRF cryptoInfo->pkcs5 = pkcs5_prf; + cryptoInfo->bTrueCryptMode = FALSE; // Mode of operation cryptoInfo->mode = mode; diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 2d0b7d5d..96997774 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -129,7 +129,7 @@ UINT64_STRUCT GetHeaderField64 (byte *header, int offset); #ifdef TC_WINDOWS_BOOT int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); #else -int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); #endif #if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 87370802..e3cb4056 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -294,7 +294,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, } } - if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0) + if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, FALSE, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0) { // Header decrypted status = STATUS_SUCCESS; @@ -803,7 +803,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp) goto ret; } - if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0) + if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, FALSE, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0) { Dump ("Header reopened\n"); diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 4476adb2..5ed407dd 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1366,7 +1366,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD || mount->pkcs5_prf < 0 || mount->pkcs5_prf > LAST_PRF_ID - || mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID ) + || mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID + || (mount->bTrueCryptMode != FALSE && mount->bTrueCryptMode != TRUE) + ) { Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; Irp->IoStatus.Information = 0; @@ -1381,6 +1383,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex burn (&mount->VolumePassword, sizeof (mount->VolumePassword)); burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword)); burn (&mount->pkcs5_prf, sizeof (mount->pkcs5_prf)); + burn (&mount->bTrueCryptMode, sizeof (mount->bTrueCryptMode)); burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf)); } break; diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c index 5690ac65..32702929 100644 --- a/src/Driver/Ntvol.c +++ b/src/Driver/Ntvol.c @@ -449,6 +449,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, readBuffer, &mount->ProtectedHidVolPassword, mount->ProtectedHidVolPkcs5Prf, + mount->bTrueCryptMode, &tmpCryptoInfo); } else @@ -459,6 +460,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, readBuffer, &mount->VolumePassword, mount->pkcs5_prf, + mount->bTrueCryptMode, &Extension->cryptoInfo); } diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c index 80c6a82e..4c5491e3 100644 --- a/src/Format/InPlace.c +++ b/src/Format/InPlace.c @@ -1533,7 +1533,7 @@ static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *passw } - nStatus = ReadVolumeHeader (FALSE, header, password, pkcs5, retMasterCryptoInfo, headerCryptoInfo); + nStatus = ReadVolumeHeader (FALSE, header, password, pkcs5, FALSE, retMasterCryptoInfo, headerCryptoInfo); if (nStatus != ERR_SUCCESS) goto closing_seq; diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 423c8fb7..e694a176 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -6900,7 +6900,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { OpenVolumeContext volume; - if (OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, FALSE, FALSE, TRUE) == ERR_SUCCESS) + if (OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, FALSE, FALSE, FALSE, TRUE) == ERR_SUCCESS) { if ((volume.CryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0 && volume.CryptoInfo->EncryptedAreaLength.Value != volume.CryptoInfo->VolumeSize.Value) @@ -8274,7 +8274,7 @@ int MountHiddenVolHost (HWND hwndDlg, char *volumePath, int *driveNo, Password * mountOptions.PartitionInInactiveSysEncScope = FALSE; mountOptions.UseBackupHeader = FALSE; - if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5_prf, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) + if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5_prf, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1) { *driveNo = -3; return ERR_VOL_MOUNT_FAILED; diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp index a75b1e52..b2dfe89c 100644 --- a/src/Mount/MainCom.cpp +++ b/src/Mount/MainCom.cpp @@ -106,7 +106,7 @@ public: CW2A volumePathA(volumePath); MainDlg = (HWND) hWnd; if (volumePathA.m_psz) - return ::ChangePwd (volumePathA.m_psz, oldPassword, 0, newPassword, pkcs5, wipePassCount,(HWND) hWnd); + return ::ChangePwd (volumePathA.m_psz, oldPassword, 0, FALSE, newPassword, pkcs5, wipePassCount, (HWND) hWnd); else return ERR_OUTOFMEMORY; } @@ -157,7 +157,18 @@ public: CW2A volumePathA(volumePath); MainDlg = (HWND) hWnd; if (volumePathA.m_psz) - return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, newPassword, pkcs5, wipePassCount,(HWND) hWnd); + return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, FALSE, newPassword, pkcs5, wipePassCount, (HWND) hWnd); + else + return ERR_OUTOFMEMORY; + } + + virtual int STDMETHODCALLTYPE ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd) + { + USES_CONVERSION; + CW2A volumePathA(volumePath); + MainDlg = (HWND) hWnd; + if (volumePathA.m_psz) + return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, truecryptMode, newPassword, pkcs5, wipePassCount, (HWND) hWnd); else return ERR_OUTOFMEMORY; } @@ -272,7 +283,7 @@ extern "C" int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume) } -extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) +extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg) { CComPtr tc; int r; @@ -280,7 +291,7 @@ extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pk if (ComGetInstance (hwndDlg, &tc)) { WaitCursor (); - r = tc->ChangePasswordEx (CComBSTR (lpszVolume), oldPassword, old_pkcs5, newPassword, pkcs5, wipePassCount, (LONG_PTR) hwndDlg); + r = tc->ChangePasswordEx2 (CComBSTR (lpszVolume), oldPassword, old_pkcs5, truecryptMode, newPassword, pkcs5, wipePassCount, (LONG_PTR) hwndDlg); NormalCursor (); } else diff --git a/src/Mount/MainCom.h b/src/Mount/MainCom.h index 7643c64f..112142e2 100644 --- a/src/Mount/MainCom.h +++ b/src/Mount/MainCom.h @@ -23,7 +23,7 @@ BOOL ComServerMain (); void UacAnalyzeKernelMiniDump (HWND hwndDlg); int UacBackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, char *lpszVolume); int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume); -int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); +int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg); #ifdef __cplusplus } diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl index 3e347c95..e498257e 100644 --- a/src/Mount/MainCom.idl +++ b/src/Mount/MainCom.idl @@ -12,7 +12,7 @@ import "..\Common\Password.h"; [ uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A), helpstring("VeraCrypt Main UAC Support Library"), - version(2.5) // Update ComSetup.cpp when changing version number + version(2.6) // Update ComSetup.cpp when changing version number ] library TrueCryptMainCom { @@ -38,6 +38,7 @@ library TrueCryptMainCom DWORD SetDriverServiceStartType (DWORD startType); DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); + int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); }; [ diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 75a9287c..f1864769 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -124,6 +124,8 @@ Password VolumePassword; /* Password used for mounting volumes */ Password CmdVolumePassword; /* Password passed from command line */ int VolumePkcs5 = 0; int CmdVolumePkcs5 = 0; +BOOL VolumeTrueCryptMode = FALSE; +BOOL CmdVolumeTrueCryptMode = FALSE; BOOL CmdVolumePasswordValid = FALSE; MountOptions CmdMountOptions; BOOL CmdMountOptionsValid = FALSE; @@ -217,6 +219,8 @@ static void localcleanup (void) burn (&CmdVolumePassword, sizeof (CmdVolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); burn (&CmdVolumePkcs5, sizeof (CmdVolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); + burn (&CmdVolumeTrueCryptMode, sizeof (CmdVolumeTrueCryptMode)); burn (&mountOptions, sizeof (mountOptions)); burn (&defaultMountOptions, sizeof (defaultMountOptions)); burn (szFileName, sizeof(szFileName)); @@ -1446,6 +1450,7 @@ typedef struct Password *newPassword; int pkcs5; int wipePassCount; + BOOL truecryptMode; int* pnStatus; } ChangePwdThreadParam; @@ -1482,14 +1487,14 @@ void CALLBACK ChangePwdWaitThreadProc(void* pArg, HWND hwndDlg) { // Non-system - *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg); + *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg); if (*pThreadParam->pnStatus == ERR_OS_ERROR && GetLastError () == ERROR_ACCESS_DENIED && IsUacSupported () && IsVolumeDeviceHosted (szFileName)) { - *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg); + *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg); } } } @@ -1653,6 +1658,10 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR if (bSysEncPwdChangeDlgMode) { + /* No support for changing the password of TrueCrypt system partition */ + SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), FALSE); + ToBootPwdField (hwndDlg, IDC_PASSWORD); ToBootPwdField (hwndDlg, IDC_VERIFY); ToBootPwdField (hwndDlg, IDC_OLD_PASSWORD); @@ -1941,6 +1950,13 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_OLD_PRF_ID), CB_GETCURSEL, 0, 0), 0); int pkcs5 = SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); + BOOL truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE); + + if (truecryptMode && (old_pkcs5 == SHA256)) + { + Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg); + return 1; + } if (!CheckPasswordCharEncoding (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL)) { @@ -1999,6 +2015,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR changePwdParam.pkcs5 = pkcs5; changePwdParam.wipePassCount = GetWipePassCount(headerWiperMode); changePwdParam.pnStatus = &nStatus; + changePwdParam.truecryptMode = truecryptMode; ShowWaitDialog(hwndDlg, TRUE, ChangePwdWaitThreadProc, &changePwdParam); @@ -2048,6 +2065,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa WORD lw = LOWORD (wParam); static Password *szXPwd; static int *pkcs5; + static BOOL* truecryptMode; switch (msg) { @@ -2056,6 +2074,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa int i, nIndex; szXPwd = ((PasswordDlgParam *) lParam) -> password; pkcs5 = ((PasswordDlgParam *) lParam) -> pkcs5; + truecryptMode = ((PasswordDlgParam *) lParam) -> truecryptMode; LocalizeDialog (hwndDlg, "IDD_PASSWORD_DLG"); DragAcceptFiles (hwndDlg, TRUE); @@ -2115,6 +2134,9 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa { EnableWindow (GetDlgItem (hwndDlg, IDC_CACHE), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_MOUNT_OPTIONS), FALSE); + /* Disable TrueCrypt mode option in case of backup/restore header operation */ + SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), FALSE); } if (!SetForegroundWindow (hwndDlg) && (FavoriteMountOnArrivalInProgress || LogOn)) @@ -2137,6 +2159,10 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa case TC_APPMSG_PREBOOT_PASSWORD_MODE: { + /* No support for mounting TrueCrypt system partition */ + SetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE, FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_TRUECRYPT_MODE), FALSE); + ToBootPwdField (hwndDlg, IDC_PASSWORD); // Attempt to wipe the password stored in the input field buffer @@ -2278,6 +2304,15 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE)); *pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); + *truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE); + /* SHA-256 is not supported by TrueCrypt */ + if ( (*truecryptMode) + && ((*pkcs5 == SHA256) || (mountOptions.ProtectHiddenVolume && mountOptions.ProtectedHidVolPkcs5Prf == SHA256)) + ) + { + Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg); + return 1; + } } // Attempt to wipe password stored in the input field buffer @@ -2629,16 +2664,19 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM HWND hComboBox = GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID); SendMessage (hComboBox, CB_RESETCONTENT, 0, 0); - int i, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); + int i, nSelectedIndex = 0, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) { nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); + /* if a PRF was selected previously, select it */ + if (i == mountOptions->ProtectedHidVolPkcs5Prf) + nSelectedIndex = nIndex; } - SendMessage (hComboBox, CB_SETCURSEL, 0, 0); + SendMessage (hComboBox, CB_SETCURSEL, nSelectedIndex, 0); protect = IsButtonChecked (GetDlgItem (hwndDlg, IDC_PROTECT_HIDDEN_VOL)); @@ -2976,9 +3014,17 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP ListSubItemSetW (list, i++, 1, GetString (IsHiddenOSRunning() ? "TYPE_HIDDEN_SYSTEM_ADJECTIVE" : "SYSTEM_VOLUME_TYPE_ADJECTIVE")); else { - ListSubItemSetW (list, i++, 1, - prop.hiddenVolume ? GetString ("HIDDEN") : - (prop.hiddenVolProtection != HIDVOL_PROT_STATUS_NONE ? GetString ("OUTER") : GetString ("NORMAL"))); + bool truecryptMode = prop.pkcs5Iterations == get_pkcs5_iteration_count(prop.pkcs5, TRUE, prop.partitionInInactiveSysEncScope); + s = prop.hiddenVolume ? GetString ("HIDDEN") : + (prop.hiddenVolProtection != HIDVOL_PROT_STATUS_NONE ? GetString ("OUTER") : GetString ("NORMAL")); + + if (truecryptMode) + { + StringCbPrintfW (sw, sizeof(sw), L"TrueCrypt - %s", s); + ListSubItemSetW (list, i++, 1, sw); + } + else + ListSubItemSetW (list, i++, 1, s); } if (!bSysEnc) @@ -3541,7 +3587,7 @@ LPARAM GetItemLong (HWND hTree, int itemNo) return item.lParam; } -static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, char *titleStringId, BOOL enableMountOptions) +static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions) { int result; PasswordDlgParam dlgParam; @@ -3551,6 +3597,7 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, char dlgParam.password = password; dlgParam.pkcs5 = pkcs5; + dlgParam.truecryptMode = truecryptMode; result = DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_PASSWORD_DLG), hwndDlg, @@ -3560,6 +3607,7 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, char { password->Length = 0; *pkcs5 = 0; + *truecryptMode = FALSE; burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf)); } @@ -3584,6 +3632,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) { VolumePassword.Length = 0; VolumePkcs5 = 0; + VolumeTrueCryptMode = FALSE; } if (szFileName == NULL) @@ -3619,7 +3668,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) // First try cached passwords and if they fail ask user for a new one WaitCursor (); - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, CmdVolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, CmdVolumePkcs5, CmdVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); // If keyfiles are enabled, test empty password first if (!mounted && KeyFilesEnable && FirstKeyFile) @@ -3628,16 +3677,19 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) emptyPassword.Length = 0; KeyFilesApply (hwndDlg, &emptyPassword, FirstKeyFile); - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, CmdVolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, CmdVolumePkcs5, CmdVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); if (mounted) + { VolumePkcs5 = CmdVolumePkcs5; + VolumeTrueCryptMode = CmdVolumeTrueCryptMode; + } burn (&emptyPassword, sizeof (emptyPassword)); } // Test password and/or keyfiles used for the previous volume if (!mounted && MultipleMountOperationInProgress && VolumePassword.Length != 0) - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); NormalCursor (); @@ -3655,18 +3707,22 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) { VolumePassword = CmdVolumePassword; VolumePkcs5 = CmdVolumePkcs5; + VolumeTrueCryptMode = CmdVolumeTrueCryptMode; } else if (!Silent) { int GuiPkcs5 = CmdVolumePkcs5; + BOOL GuiTrueCryptMode = CmdVolumeTrueCryptMode; StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName); - if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, NULL, TRUE)) + if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE)) goto ret; else { VolumePkcs5 = GuiPkcs5; + VolumeTrueCryptMode = GuiTrueCryptMode; burn (&GuiPkcs5, sizeof(GuiPkcs5)); + burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode)); } } @@ -3675,7 +3731,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) if (KeyFilesEnable) KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile); - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, Silent, !Silent); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, !Silent); NormalCursor (); // Check for legacy non-ASCII passwords @@ -3690,6 +3746,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) { burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); } burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); @@ -3724,6 +3781,7 @@ ret: { burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); } burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); @@ -3931,13 +3989,16 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt) if (!CmdVolumePasswordValid && bPasswordPrompt) { int GuiPkcs5 = CmdVolumePkcs5; + BOOL GuiTrueCryptMode = CmdVolumeTrueCryptMode; PasswordDlgVolume[0] = '\0'; - if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, NULL, TRUE)) + if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE)) goto ret; else { VolumePkcs5 = GuiPkcs5; + VolumeTrueCryptMode = GuiTrueCryptMode; burn (&GuiPkcs5, sizeof(GuiPkcs5)); + burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode)); } } else if (CmdVolumePasswordValid) @@ -3945,6 +4006,7 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt) bPasswordPrompt = FALSE; VolumePassword = CmdVolumePassword; VolumePkcs5 = CmdVolumePkcs5; + VolumeTrueCryptMode = CmdVolumeTrueCryptMode; } WaitCursor(); @@ -3998,8 +4060,8 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt) goto ret; // First try user password then cached passwords - if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0 - || (mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0) + if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0 + || (mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0) { // A volume has been successfully mounted @@ -4078,6 +4140,7 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt) { burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf)); } @@ -4114,6 +4177,7 @@ ret: burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf)); @@ -4978,7 +5042,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa BOOL mounted; // Cached password - mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, NULL, CmdVolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, NULL, CmdVolumePkcs5, CmdVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); // Command line password or keyfiles if (!mounted && (CmdVolumePassword.Length != 0 || FirstCmdKeyFile)) @@ -4989,7 +5053,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa KeyFilesApply (hwndDlg, &CmdVolumePassword, FirstCmdKeyFile); mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', - szFileName, &CmdVolumePassword, CmdVolumePkcs5, bCacheInDriver, bForceMount, + szFileName, &CmdVolumePassword, CmdVolumePkcs5, CmdVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, reportBadPasswd); burn (&CmdVolumePassword, sizeof (CmdVolumePassword)); @@ -5005,15 +5069,18 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa while (!mounted && !Silent) { int GuiPkcs5 = CmdVolumePkcs5; + BOOL GuiTrueCryptMode = CmdVolumeTrueCryptMode; VolumePassword.Length = 0; StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume),szFileName); - if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, NULL, TRUE)) + if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE)) break; else { VolumePkcs5 = GuiPkcs5; + VolumeTrueCryptMode = GuiTrueCryptMode; burn (&GuiPkcs5, sizeof(GuiPkcs5)); + burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode)); } WaitCursor (); @@ -5021,10 +5088,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (KeyFilesEnable && FirstKeyFile) KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile); - mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, &VolumePassword, VolumePkcs5, bCacheInDriver, bForceMount, &mountOptions, FALSE, TRUE); + mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, FALSE, TRUE); burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword)); burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf)); @@ -6880,6 +6948,7 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine) OptionVolume, CommandWipeCache, OptionPkcs5, + OptionTrueCryptMode, }; argument args[]= @@ -6901,7 +6970,8 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine) { OptionTokenLib, "/tokenlib", NULL, FALSE }, { OptionVolume, "/volume", "/v", FALSE }, { CommandWipeCache, "/wipecache", "/w", FALSE }, - { OptionPkcs5, "/hash", NULL , FALSE } + { OptionPkcs5, "/hash", NULL , FALSE }, + { OptionTrueCryptMode, "/truecrypt", "/tc", FALSE }, }; argumentspec as; @@ -7125,6 +7195,9 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine) Error ("COMMAND_LINE_ERROR", hwndDlg); } break; + case OptionTrueCryptMode: + CmdVolumeTrueCryptMode = TRUE; + break; // no option = file name default: @@ -7585,6 +7658,7 @@ skipMount: MultipleMountOperationInProgress = FALSE; burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); if (status && CloseSecurityTokenSessionsAfterMount) SecurityToken::CloseAllSessions(); @@ -7838,7 +7912,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const char *lps while (TRUE) { - if (!AskVolumePassword (hwndDlg, askPassword, &VolumePkcs5, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE)) + if (!AskVolumePassword (hwndDlg, askPassword, &VolumePkcs5, &VolumeTrueCryptMode, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE)) { nStatus = ERR_SUCCESS; goto ret; @@ -7849,7 +7923,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const char *lps if (KeyFilesEnable && FirstKeyFile) KeyFilesApply (hwndDlg, askPassword, FirstKeyFile); - nStatus = OpenVolume (askVol, lpszVolume, askPassword, VolumePkcs5, FALSE, bPreserveTimestamp, FALSE); + nStatus = OpenVolume (askVol, lpszVolume, askPassword, VolumePkcs5, VolumeTrueCryptMode, FALSE, bPreserveTimestamp, FALSE); NormalCursor(); @@ -8003,6 +8077,7 @@ error: burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); burn (&hiddenVolPassword, sizeof (hiddenVolPassword)); burn (temporaryKey, sizeof (temporaryKey)); burn (originalK2, sizeof (originalK2)); @@ -8104,7 +8179,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume) while (TRUE) { StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), lpszVolume); - if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, NULL, FALSE)) + if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumeTrueCryptMode, NULL, FALSE)) { nStatus = ERR_SUCCESS; goto ret; @@ -8115,7 +8190,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume) if (KeyFilesEnable && FirstKeyFile) KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile); - nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, TRUE, bPreserveTimestamp, TRUE); + nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode,TRUE, bPreserveTimestamp, TRUE); NormalCursor(); @@ -8306,7 +8381,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume) // Open the header while (TRUE) { - if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, "ENTER_HEADER_BACKUP_PASSWORD", FALSE)) + if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumeTrueCryptMode, "ENTER_HEADER_BACKUP_PASSWORD", FALSE)) { nStatus = ERR_SUCCESS; goto ret; @@ -8322,7 +8397,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume) if (type == TC_VOLUME_TYPE_HIDDEN) headerOffsetBackupFile += (legacyBackup ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE); - nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, &restoredCryptoInfo, NULL); + nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, &restoredCryptoInfo, NULL); if (nStatus == ERR_SUCCESS) break; } @@ -8427,6 +8502,7 @@ error: burn (&VolumePassword, sizeof (VolumePassword)); burn (&VolumePkcs5, sizeof (VolumePkcs5)); + burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode)); RestoreDefaultKeyFilesParam(); RandStop (FALSE); NormalCursor(); diff --git a/src/Mount/Mount.h b/src/Mount/Mount.h index 753678ed..00552da0 100644 --- a/src/Mount/Mount.h +++ b/src/Mount/Mount.h @@ -52,6 +52,7 @@ typedef struct { Password *password; int* pkcs5; + BOOL* truecryptMode; } PasswordDlgParam; extern VOLUME_NOTIFICATIONS_LIST VolumeNotificationsList; diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index d52a8801..31ce47c8 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -103,34 +103,35 @@ BEGIN CONTROL "",IDC_VOLUME_PROPERTIES_LIST,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,7,6,269,154 END -IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 316, 207 +IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 330, 207 STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Change Password or Keyfiles" CLASS "CustomDlg" FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN - EDITTEXT IDC_OLD_PASSWORD,89,14,147,13,ES_PASSWORD | ES_AUTOHSCROLL - CONTROL "Use keyfiles",IDC_ENABLE_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,53,86,10 - PUSHBUTTON "Keyfiles...",IDC_KEYFILES,177,51,59,14 + EDITTEXT IDC_OLD_PASSWORD,89,14,162,13,ES_PASSWORD | ES_AUTOHSCROLL + CONTROL "Use keyfiles",IDC_ENABLE_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,53,98,10 + PUSHBUTTON "Keyfiles...",IDC_KEYFILES,192,50,59,14 CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_ORI,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,65,138,10,WS_EX_TRANSPARENT - EDITTEXT IDC_PASSWORD,89,99,147,13,ES_PASSWORD | ES_AUTOHSCROLL - EDITTEXT IDC_VERIFY,89,115,147,13,ES_PASSWORD | ES_AUTOHSCROLL - CONTROL "Use keyfiles",IDC_ENABLE_NEW_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,134,86,11 - PUSHBUTTON "Keyfiles...",IDC_NEW_KEYFILES,177,132,59,14 - CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_NEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,146,139,11,WS_EX_TRANSPARENT - COMBOBOX IDC_PKCS5_PRF_ID,89,161,91,90,CBS_DROPDOWNLIST | WS_TABSTOP - DEFPUSHBUTTON "OK",IDOK,251,7,59,14 - PUSHBUTTON "Cancel",IDCANCEL,251,24,59,14 + EDITTEXT IDC_PASSWORD,89,99,162,13,ES_PASSWORD | ES_AUTOHSCROLL + EDITTEXT IDC_VERIFY,89,115,162,13,ES_PASSWORD | ES_AUTOHSCROLL + CONTROL "Use keyfiles",IDC_ENABLE_NEW_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,134,99,11 + PUSHBUTTON "Keyfiles...",IDC_NEW_KEYFILES,192,132,59,14 + CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_NEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,146,160,11,WS_EX_TRANSPARENT + COMBOBOX IDC_PKCS5_PRF_ID,89,161,85,90,CBS_DROPDOWNLIST | WS_TABSTOP + DEFPUSHBUTTON "OK",IDOK,264,7,59,14 + PUSHBUTTON "Cancel",IDCANCEL,264,24,59,14 RTEXT "Password:",IDT_PASSWORD,12,16,72,8 RTEXT "Password:",IDT_NEW_PASSWORD,8,102,76,8 RTEXT "Confirm Password:",IDT_CONFIRM_PASSWORD,9,118,75,16 RTEXT "PKCS-5 PRF:",IDT_NEW_PKCS5_PRF,9,162,74,10,SS_CENTERIMAGE - GROUPBOX "Current",IDT_CURRENT,6,3,238,77 - GROUPBOX "New",IDT_NEW,6,87,238,113 - COMBOBOX IDC_WIPE_MODE,89,180,125,90,CBS_DROPDOWNLIST | WS_TABSTOP + GROUPBOX "Current",IDT_CURRENT,6,3,252,77 + GROUPBOX "New",IDT_NEW,6,87,252,113 + COMBOBOX IDC_WIPE_MODE,89,180,106,90,CBS_DROPDOWNLIST | WS_TABSTOP RTEXT "Wipe mode:",IDT_WIPE_MODE,9,182,74,8,0,WS_EX_RIGHT - COMBOBOX IDC_PKCS5_OLD_PRF_ID,89,33,91,90,CBS_DROPDOWNLIST | WS_TABSTOP + COMBOBOX IDC_PKCS5_OLD_PRF_ID,89,33,85,90,CBS_DROPDOWNLIST | WS_TABSTOP RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,12,34,74,10,SS_CENTERIMAGE + CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,179,35,78,10 END IDD_MOUNT_DLG DIALOGEX 0, 0, 375, 271 @@ -163,23 +164,24 @@ BEGIN CONTROL "",IDC_STATIC,"Static",SS_ETCHEDFRAME,2,151,372,119 END -IDD_PASSWORD_DLG DIALOGEX 0, 0, 305, 91 +IDD_PASSWORD_DLG DIALOGEX 0, 0, 322, 91 STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION CAPTION "Enter VeraCrypt Volume Password" FONT 8, "MS Shell Dlg", 0, 0, 0x0 BEGIN - EDITTEXT IDC_PASSWORD,69,8,153,14,ES_PASSWORD | ES_AUTOHSCROLL + EDITTEXT IDC_PASSWORD,69,8,166,14,ES_PASSWORD | ES_AUTOHSCROLL CONTROL "Cache passwords and keyfil&es in memory",IDC_CACHE, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,50,153,10 CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,63,83,10 CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,75,83,11 - PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,158,72,64,14 - PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,229,72,64,14 - DEFPUSHBUTTON "OK",IDOK,229,8,64,14 - PUSHBUTTON "Cancel",IDCANCEL,229,25,64,14 + PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,171,72,64,14 + PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,243,72,64,14 + DEFPUSHBUTTON "OK",IDOK,243,8,64,14 + PUSHBUTTON "Cancel",IDCANCEL,243,25,64,14 RTEXT "Password:",IDT_PASSWORD,0,10,65,13 - COMBOBOX IDC_PKCS5_PRF_ID,69,26,91,90,CBS_DROPDOWNLIST | WS_TABSTOP + COMBOBOX IDC_PKCS5_PRF_ID,69,26,86,90,CBS_DROPDOWNLIST | WS_TABSTOP RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,27,65,13 + CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,159,28,76,10 END IDD_TRAVELER_DLG DIALOGEX 0, 0, 300, 269 @@ -357,7 +359,7 @@ BEGIN IDD_PASSWORDCHANGE_DLG, DIALOG BEGIN LEFTMARGIN, 7 - RIGHTMARGIN, 309 + RIGHTMARGIN, 323 TOPMARGIN, 7 BOTTOMMARGIN, 200 END @@ -370,7 +372,7 @@ BEGIN IDD_PASSWORD_DLG, DIALOG BEGIN - RIGHTMARGIN, 296 + RIGHTMARGIN, 313 BOTTOMMARGIN, 86 END diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 5426d2ae..e63c59a6 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -160,6 +160,7 @@ #define IDC_PREF_DISMOUNT_SESSION_LOCKED 1137 #define IDT_NEW_PKCS5_PRF 1138 #define IDC_PKCS5_OLD_PRF_ID 1139 +#define IDC_TRUECRYPT_MODE 1140 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -232,7 +233,7 @@ #define _APS_NO_MFC 1 #define _APS_NEXT_RESOURCE_VALUE 118 #define _APS_NEXT_COMMAND_VALUE 40065 -#define _APS_NEXT_CONTROL_VALUE 1140 +#define _APS_NEXT_CONTROL_VALUE 1141 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/src/Setup/ComSetup.cpp b/src/Setup/ComSetup.cpp index eadb838d..29d03c97 100644 --- a/src/Setup/ComSetup.cpp +++ b/src/Setup/ComSetup.cpp @@ -7,7 +7,7 @@ */ #define TC_MAIN_COM_VERSION_MAJOR 2 -#define TC_MAIN_COM_VERSION_MINOR 5 +#define TC_MAIN_COM_VERSION_MINOR 6 #define TC_FORMAT_COM_VERSION_MAJOR 2 #define TC_FORMAT_COM_VERSION_MINOR 4 -- cgit v1.2.3