From 9913af3a8ed61333cafd0e611f214f7c86652423 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 24 Jun 2015 14:14:34 +0200 Subject: Linux/MacOSX: first dynamic mode implementation --- src/Core/Core.h | 30 ++-- src/Core/CoreBase.cpp | 18 +- src/Core/CoreBase.h | 8 +- src/Core/MountOptions.cpp | 8 + src/Core/MountOptions.h | 4 + src/Core/Unix/CoreUnix.cpp | 2 + src/Core/VolumeCreator.cpp | 4 +- src/Core/VolumeCreator.h | 1 + src/Main/CommandLineInterface.cpp | 50 ++++++ src/Main/CommandLineInterface.h | 2 + src/Main/Forms/ChangePasswordDialog.cpp | 36 +++- src/Main/Forms/Forms.cpp | 36 ++-- src/Main/Forms/Forms.h | 4 + src/Main/Forms/MountOptionsDialog.cpp | 2 + src/Main/Forms/TrueCrypt.fbp | 288 ++++++++++++++++++++++++++++-- src/Main/Forms/VolumeCreationWizard.cpp | 28 ++- src/Main/Forms/VolumeCreationWizard.h | 1 + src/Main/Forms/VolumePasswordPanel.cpp | 32 ++++ src/Main/Forms/VolumePasswordPanel.h | 3 + src/Main/Forms/VolumePasswordWizardPage.h | 1 + src/Main/Forms/VolumePropertiesDialog.cpp | 5 +- src/Main/GraphicUserInterface.cpp | 16 +- src/Main/GraphicUserInterface.h | 2 +- src/Main/TextUserInterface.cpp | 85 +++++++-- src/Main/TextUserInterface.h | 3 +- src/Main/UserInterface.cpp | 4 +- src/Main/UserInterface.h | 2 +- src/Platform/StringConverter.cpp | 48 +++++ src/Platform/StringConverter.h | 8 +- src/Volume/Pkcs5Kdf.cpp | 4 +- src/Volume/Pkcs5Kdf.h | 16 +- src/Volume/Volume.cpp | 16 +- src/Volume/Volume.h | 6 +- src/Volume/VolumeHeader.cpp | 4 +- src/Volume/VolumeHeader.h | 2 +- src/Volume/VolumeInfo.cpp | 5 +- src/Volume/VolumeInfo.h | 1 + 37 files changed, 680 insertions(+), 105 deletions(-) mode change 100644 => 100755 src/Core/Core.h mode change 100644 => 100755 src/Core/CoreBase.cpp mode change 100644 => 100755 src/Core/CoreBase.h mode change 100644 => 100755 src/Core/MountOptions.cpp mode change 100644 => 100755 src/Core/MountOptions.h mode change 100644 => 100755 src/Core/VolumeCreator.cpp mode change 100644 => 100755 src/Core/VolumeCreator.h mode change 100644 => 100755 src/Main/CommandLineInterface.cpp mode change 100644 => 100755 src/Main/CommandLineInterface.h mode change 100644 => 100755 src/Main/Forms/ChangePasswordDialog.cpp mode change 100644 => 100755 src/Main/Forms/MountOptionsDialog.cpp mode change 100644 => 100755 src/Main/Forms/VolumeCreationWizard.h mode change 100644 => 100755 src/Main/Forms/VolumePasswordPanel.cpp mode change 100644 => 100755 src/Main/Forms/VolumePasswordPanel.h mode change 100644 => 100755 src/Main/Forms/VolumePasswordWizardPage.h mode change 100644 => 100755 src/Main/GraphicUserInterface.cpp mode change 100644 => 100755 src/Main/GraphicUserInterface.h mode change 100644 => 100755 src/Main/TextUserInterface.cpp mode change 100644 => 100755 src/Main/TextUserInterface.h mode change 100644 => 100755 src/Main/UserInterface.cpp mode change 100644 => 100755 src/Main/UserInterface.h mode change 100644 => 100755 src/Volume/Pkcs5Kdf.cpp mode change 100644 => 100755 src/Volume/Pkcs5Kdf.h mode change 100644 => 100755 src/Volume/VolumeInfo.cpp diff --git a/src/Core/Core.h b/src/Core/Core.h old mode 100644 new mode 100755 index 4ff85139..b1d2eb7b --- a/src/Core/Core.h +++ b/src/Core/Core.h @@ -69,16 +69,18 @@ namespace VeraCrypt shared_ptr m_volumePath; bool m_preserveTimestamps; shared_ptr m_password; + int m_pim; shared_ptr m_kdf; bool m_truecryptMode; shared_ptr m_keyfiles; shared_ptr m_newPassword; + int m_newPim; shared_ptr m_newKeyfiles; shared_ptr m_newPkcs5Kdf; int m_wipeCount; - ChangePasswordThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount) {} + ChangePasswordThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount) {} virtual ~ChangePasswordThreadRoutine() { } - virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); } + virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); } }; class OpenVolumeThreadRoutine : public WaitThreadRoutine @@ -87,11 +89,13 @@ namespace VeraCrypt shared_ptr m_volumePath; bool m_preserveTimestamps; shared_ptr m_password; + int m_pim; shared_ptr m_Kdf; bool m_truecryptMode; shared_ptr m_keyfiles; VolumeProtection::Enum m_protection; shared_ptr m_protectionPassword; + int m_protectionPim; shared_ptr m_protectionKdf; shared_ptr m_protectionKeyfiles; bool m_sharedAccessAllowed; @@ -100,14 +104,14 @@ namespace VeraCrypt bool m_partitionInSystemEncryptionScope; shared_ptr m_pVolume; - OpenVolumeThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr Kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false): - m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), - m_protection(protection), m_protectionPassword(protectionPassword), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders), + OpenVolumeThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr Kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false): + m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), + m_protection(protection), m_protectionPassword(protectionPassword), m_protectionPim(protectionPim), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders), m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope) {} ~OpenVolumeThreadRoutine() {} - virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); } + virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); } }; @@ -117,11 +121,12 @@ namespace VeraCrypt const BufferPtr &m_newHeaderBuffer; shared_ptr m_header; shared_ptr m_password; + int m_pim; shared_ptr m_keyfiles; - ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, shared_ptr keyfiles) - : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_keyfiles(keyfiles) {} + ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, int pim, shared_ptr keyfiles) + : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles) {} virtual ~ReEncryptHeaderThreadRoutine() { } - virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_keyfiles); } + virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles); } }; class DecryptThreadRoutine : public WaitThreadRoutine @@ -130,16 +135,17 @@ namespace VeraCrypt shared_ptr m_pHeader; const ConstBufferPtr &m_encryptedData; const VolumePassword &m_password; + int m_pim; shared_ptr m_kdf; bool m_truecryptMode; const Pkcs5KdfList &m_keyDerivationFunctions; const EncryptionAlgorithmList &m_encryptionAlgorithms; const EncryptionModeList &m_encryptionModes; bool m_bResult; - DecryptThreadRoutine(shared_ptr header, const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) - : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){} + DecryptThreadRoutine(shared_ptr header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){} virtual ~DecryptThreadRoutine() { } - virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); } + virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); } }; class WaitThreadUI diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp old mode 100644 new mode 100755 index 8dcee144..24eb3f7a --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -23,7 +23,7 @@ namespace VeraCrypt { } - void CoreBase::ChangePassword (shared_ptr openVolume, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) const + void CoreBase::ChangePassword (shared_ptr openVolume, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) const { if ((!newPassword || newPassword->Size() < 1) && (!newKeyfiles || newKeyfiles->empty())) throw PasswordEmpty (SRC_POS); @@ -63,7 +63,7 @@ namespace VeraCrypt else RandomNumberGenerator::GetDataFast (newSalt); - newPkcs5Kdf->DeriveKey (newHeaderKey, *password, newSalt); + newPkcs5Kdf->DeriveKey (newHeaderKey, *password, newPim, newSalt); openVolume->ReEncryptHeader (backupHeader, newSalt, newHeaderKey, newPkcs5Kdf); openVolume->GetFile()->Flush(); @@ -76,10 +76,10 @@ namespace VeraCrypt } } - void CoreBase::ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) const + void CoreBase::ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount) const { - shared_ptr volume = OpenVolume (volumePath, preserveTimestamps, password, kdf, truecryptMode, keyfiles); - ChangePassword (volume, newPassword, newKeyfiles, newPkcs5Kdf, wipeCount); + shared_ptr volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); + ChangePassword (volume, newPassword, newPim, newKeyfiles, newPkcs5Kdf, wipeCount); } void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const @@ -250,10 +250,10 @@ namespace VeraCrypt return GetMountedVolume (volumePath); } - shared_ptr CoreBase::OpenVolume (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const + shared_ptr CoreBase::OpenVolume (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, int protectionPim, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const { make_shared_auto (Volume, volume); - volume->Open (*volumePath, preserveTimestamps, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); return volume; } @@ -268,7 +268,7 @@ namespace VeraCrypt encryptionAlgorithm->GetMode()->SetKey (modeKey); } - void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, shared_ptr keyfiles) const + void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, int pim, shared_ptr keyfiles) const { shared_ptr pkcs5Kdf = header->GetPkcs5Kdf(); @@ -280,7 +280,7 @@ namespace VeraCrypt shared_ptr passwordKey (Keyfile::ApplyListToPassword (keyfiles, password)); RandomNumberGenerator::GetData (newSalt); - pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, newSalt); + pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, pim, newSalt); header->EncryptNew (newHeaderBuffer, newSalt, newHeaderKey, pkcs5Kdf); } diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h old mode 100644 new mode 100755 index 9f704369..ce806536 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -29,8 +29,8 @@ namespace VeraCrypt public: virtual ~CoreBase (); - virtual void ChangePassword (shared_ptr openVolume, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; - virtual void ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual void ChangePassword (shared_ptr openVolume, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual void ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; virtual void CheckFilesystem (shared_ptr mountedVolume, bool repair = false) const = 0; virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const; virtual void CreateKeyfile (const FilePath &keyfilePath) const; @@ -65,9 +65,9 @@ namespace VeraCrypt virtual bool IsVolumeMounted (const VolumePath &volumePath) const; virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0; virtual shared_ptr MountVolume (MountOptions &options) = 0; - virtual shared_ptr OpenVolume (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr Kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; + virtual shared_ptr OpenVolume (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr Kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; virtual void RandomizeEncryptionAlgorithmKey (shared_ptr encryptionAlgorithm) const; - virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, shared_ptr keyfiles) const; + virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr header, shared_ptr password, int pim, shared_ptr keyfiles) const; virtual void SetAdminPasswordCallback (shared_ptr functor) { } virtual void SetApplicationExecutablePath (const FilePath &path) { ApplicationExecutablePath = path; } virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0; diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp old mode 100644 new mode 100755 index 844d72b4..e78549fb --- a/src/Core/MountOptions.cpp +++ b/src/Core/MountOptions.cpp @@ -26,6 +26,7 @@ namespace VeraCrypt TC_CLONE (NoHardwareCrypto); TC_CLONE (NoKernelCrypto); TC_CLONE_SHARED (VolumePassword, Password); + TC_CLONE (Pim); if (other.Kdf) { Kdf.reset(other.Kdf->Clone()); @@ -37,6 +38,7 @@ namespace VeraCrypt TC_CLONE (PreserveTimestamps); TC_CLONE (Protection); TC_CLONE_SHARED (VolumePassword, ProtectionPassword); + TC_CLONE (ProtectionPim); if (other.ProtectionKdf) ProtectionKdf.reset(other.ProtectionKdf->Clone()); else @@ -116,6 +118,9 @@ namespace VeraCrypt } } catch(...) {} + + sr.Deserialize ("Pim", Pim); + sr.Deserialize ("ProtectionPim", ProtectionPim); } void MountOptions::Serialize (shared_ptr stream) const @@ -167,6 +172,9 @@ namespace VeraCrypt sr.Serialize ("ProtectionKdfNull", ProtectionKdf == nullptr); if (ProtectionKdf) sr.Serialize ("ProtectionKdf", ProtectionKdf->GetName()); + + sr.Serialize ("Pim", Pim); + sr.Serialize ("ProtectionPim", ProtectionPim); } TC_SERIALIZER_FACTORY_ADD_CLASS (MountOptions); diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h old mode 100644 new mode 100755 index 8ccbffa0..0544d465 --- a/src/Core/MountOptions.h +++ b/src/Core/MountOptions.h @@ -25,9 +25,11 @@ namespace VeraCrypt NoFilesystem (false), NoHardwareCrypto (false), NoKernelCrypto (false), + Pim (-1), PartitionInSystemEncryptionScope (false), PreserveTimestamps (true), Protection (VolumeProtection::None), + ProtectionPim (-1), Removable (false), SharedAccessAllowed (false), SlotNumber (0), @@ -52,12 +54,14 @@ namespace VeraCrypt bool NoHardwareCrypto; bool NoKernelCrypto; shared_ptr Password; + int Pim; shared_ptr Kdf; bool PartitionInSystemEncryptionScope; shared_ptr Path; bool PreserveTimestamps; VolumeProtection::Enum Protection; shared_ptr ProtectionPassword; + int ProtectionPim; shared_ptr ProtectionKdf; shared_ptr ProtectionKeyfiles; bool Removable; diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 57513ded..a6d1236a 100755 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -409,11 +409,13 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + options.Pim, options.Kdf, options.TrueCryptMode, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionPim, options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp old mode 100644 new mode 100755 index 307c0bf3..be7b646a --- a/src/Core/VolumeCreator.cpp +++ b/src/Core/VolumeCreator.cpp @@ -136,7 +136,7 @@ namespace VeraCrypt SecureBuffer backupHeaderSalt (VolumeHeader::GetSaltSize()); RandomNumberGenerator::GetData (backupHeaderSalt); - Options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, backupHeaderSalt); + Options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, Options->Pim, backupHeaderSalt); Layout->GetHeader()->EncryptNew (backupHeader, backupHeaderSalt, HeaderKey, Options->VolumeHeaderKdf); @@ -276,7 +276,7 @@ namespace VeraCrypt // Header key HeaderKey.Allocate (VolumeHeader::GetLargestSerializedKeySize()); PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password); - options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, salt); + options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, options->Pim, salt); headerOptions.HeaderKey = HeaderKey; header->Create (headerBuffer, headerOptions); diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h old mode 100644 new mode 100755 index 74641d58..8812e8e2 --- a/src/Core/VolumeCreator.h +++ b/src/Core/VolumeCreator.h @@ -22,6 +22,7 @@ namespace VeraCrypt VolumeType::Enum Type; uint64 Size; shared_ptr Password; + int Pim; shared_ptr Keyfiles; shared_ptr VolumeHeaderKdf; shared_ptr EA; diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp old mode 100644 new mode 100755 index 541f66d0..b1bb4bd0 --- a/src/Main/CommandLineInterface.cpp +++ b/src/Main/CommandLineInterface.cpp @@ -20,7 +20,9 @@ namespace VeraCrypt CommandLineInterface::CommandLineInterface (int argc, wchar_t** argv, UserInterfaceType::Enum interfaceType) : ArgCommand (CommandId::None), ArgFilesystem (VolumeCreationOptions::FilesystemType::Unknown), + ArgNewPim (-1), ArgNoHiddenVolumeProtection (false), + ArgPim (-1), ArgSize (0), ArgVolumeType (VolumeType::Unknown), ArgTrueCryptMode (false), @@ -63,12 +65,15 @@ namespace VeraCrypt parser.AddOption (L"m", L"mount-options", _("VeraCrypt volume mount options")); parser.AddOption (L"", L"new-keyfiles", _("New keyfiles")); parser.AddOption (L"", L"new-password", _("New password")); + parser.AddOption (L"", L"new-pim", _("New PIM")); parser.AddSwitch (L"", L"non-interactive", _("Do not interact with user")); parser.AddOption (L"p", L"password", _("Password")); + parser.AddOption (L"", L"pim", _("PIM")); parser.AddOption (L"", L"protect-hidden", _("Protect hidden volume")); parser.AddOption (L"", L"protection-hash", _("Hash algorithm for protected hidden volume")); parser.AddOption (L"", L"protection-keyfiles", _("Keyfiles for protected hidden volume")); parser.AddOption (L"", L"protection-password", _("Password for protected hidden volume")); + parser.AddOption (L"", L"protection-pim", _("PIM for protected hidden volume")); parser.AddOption (L"", L"random-source", _("Use file as source of random data")); parser.AddSwitch (L"", L"restore-headers", _("Restore volume headers")); parser.AddSwitch (L"", L"save-preferences", _("Save user preferences")); @@ -368,6 +373,20 @@ namespace VeraCrypt if (parser.Found (L"new-password", &str)) ArgNewPassword.reset (new VolumePassword (wstring (str))); + if (parser.Found (L"new-pim", &str)) + { + try + { + ArgNewPim = StringConverter::ToInt32 (wstring (str)); + if (ArgNewPim < 0) + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + catch (...) + { + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + } + if (parser.Found (L"non-interactive")) { if (interfaceType != UserInterfaceType::Text) @@ -378,6 +397,20 @@ namespace VeraCrypt if (parser.Found (L"password", &str)) ArgPassword.reset (new VolumePassword (wstring (str))); + + if (parser.Found (L"pim", &str)) + { + try + { + ArgPim = StringConverter::ToInt32 (wstring (str)); + if (ArgPim < 0) + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + catch (...) + { + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + } if (parser.Found (L"protect-hidden", &str)) { @@ -403,6 +436,23 @@ namespace VeraCrypt ArgMountOptions.ProtectionPassword.reset (new VolumePassword (wstring (str))); ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly; } + + if (parser.Found (L"protection-pim", &str)) + { + int pim = -1; + try + { + pim = StringConverter::ToInt32 (wstring (str)); + if (pim < 0) + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + catch (...) + { + throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str); + } + ArgMountOptions.ProtectionPim = pim; + ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly; + } if (parser.Found (L"protection-hash", &str)) { diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h old mode 100644 new mode 100755 index 217b5c39..cb08b393 --- a/src/Main/CommandLineInterface.h +++ b/src/Main/CommandLineInterface.h @@ -67,8 +67,10 @@ namespace VeraCrypt shared_ptr ArgMountPoint; shared_ptr ArgNewKeyfiles; shared_ptr ArgNewPassword; + int ArgNewPim; bool ArgNoHiddenVolumeProtection; shared_ptr ArgPassword; + int ArgPim; bool ArgQuick; FilesystemPath ArgRandomSourcePath; uint64 ArgSize; diff --git a/src/Main/Forms/ChangePasswordDialog.cpp b/src/Main/Forms/ChangePasswordDialog.cpp old mode 100644 new mode 100755 index d4a8853f..702b01e4 --- a/src/Main/Forms/ChangePasswordDialog.cpp +++ b/src/Main/Forms/ChangePasswordDialog.cpp @@ -90,20 +90,44 @@ namespace VeraCrypt } shared_ptr newPassword; + int newPim = 0; if (DialogMode == Mode::ChangePasswordAndKeyfiles) { newPassword = NewPasswordPanel->GetPassword(); + newPim = NewPasswordPanel->GetVolumePim(); newPassword->CheckPortability(); - if (newPassword->Size() > 0 && newPassword->Size() < VolumePassword::WarningSizeThreshold - && !Gui->AskYesNo (LangString ["PASSWORD_LENGTH_WARNING"], false, true)) + if (newPassword->Size() > 0) { - NewPasswordPanel->SetFocusToPasswordTextCtrl(); - return; + if (newPassword->Size() < VolumePassword::WarningSizeThreshold) + { + if (newPim < 485) + { + Gui->ShowError ("PIM_REQUIRE_LONG_PASSWORD"); + return; + } + + if (!Gui->AskYesNo (LangString ["PASSWORD_LENGTH_WARNING"], false, true)) + { + NewPasswordPanel->SetFocusToPasswordTextCtrl(); + return; + } + } + else if (newPim < 485) + { + if (!Gui->AskYesNo (LangString ["PIM_SMALL_WARNING"], false, true)) + { + NewPasswordPanel->SetFocusToPimTextCtrl(); + return; + } + } } } else + { newPassword = CurrentPasswordPanel->GetPassword(); + newPim = CurrentPasswordPanel->GetVolumePim(); + } shared_ptr newKeyfiles; if (DialogMode == Mode::ChangePasswordAndKeyfiles || DialogMode == Mode::ChangeKeyfiles) @@ -134,8 +158,8 @@ namespace VeraCrypt #endif wxBusyCursor busy; ChangePasswordThreadRoutine routine(Path, Gui->GetPreferences().DefaultMountOptions.PreserveTimestamps, - CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(), - newPassword, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount()); + CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(), + newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount()); Gui->ExecuteWaitThreadRoutine (this, &routine); } diff --git a/src/Main/Forms/Forms.cpp b/src/Main/Forms/Forms.cpp index dcbd38f5..0793a24c 100755 --- a/src/Main/Forms/Forms.cpp +++ b/src/Main/Forms/Forms.cpp @@ -3206,50 +3206,62 @@ VolumePasswordPanelBase::VolumePasswordPanelBase( wxWindow* parent, wxWindowID i GridBagSizer->Add( ConfirmPasswordTextCtrl, wxGBPosition( 2, 1 ), wxGBSpan( 1, 2 ), wxBOTTOM|wxALIGN_CENTER_VERTICAL|wxEXPAND, 5 ); + VolumePimStaticText = new wxStaticText( this, wxID_ANY, _("Volume PIM:"), wxDefaultPosition, wxDefaultSize, 0 ); + VolumePimStaticText->Wrap( -1 ); + GridBagSizer->Add( VolumePimStaticText, wxGBPosition( 3, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxRIGHT, 5 ); + + VolumePimTextCtrl = new wxTextCtrl( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 ); + VolumePimTextCtrl->SetMaxLength( 10 ); + GridBagSizer->Add( VolumePimTextCtrl, wxGBPosition( 3, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxEXPAND, 5 ); + + VolumePinHelpStaticText = new wxStaticText( this, wxID_ANY, _("(Empty or 0 for default iterations)"), wxDefaultPosition, wxDefaultSize, 0 ); + VolumePinHelpStaticText->Wrap( -1 ); + GridBagSizer->Add( VolumePinHelpStaticText, wxGBPosition( 3, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxLEFT|wxRIGHT, 5 ); + CacheCheckBox = new wxCheckBox( this, wxID_ANY, _("Cach&e passwords and keyfiles in memory "), wxDefaultPosition, wxDefaultSize, 0 ); - GridBagSizer->Add( CacheCheckBox, wxGBPosition( 3, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 ); + GridBagSizer->Add( CacheCheckBox, wxGBPosition( 4, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 ); DisplayPasswordCheckBox = new wxCheckBox( this, wxID_ANY, _("&Display password"), wxDefaultPosition, wxDefaultSize, 0 ); - GridBagSizer->Add( DisplayPasswordCheckBox, wxGBPosition( 4, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 ); + GridBagSizer->Add( DisplayPasswordCheckBox, wxGBPosition( 5, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 ); UseKeyfilesCheckBox = new wxCheckBox( this, wxID_ANY, _("U&se keyfiles"), wxDefaultPosition, wxDefaultSize, 0 ); - GridBagSizer->Add( UseKeyfilesCheckBox, wxGBPosition( 5, 1 ), wxGBSpan( 1, 1 ), wxTOP|wxRIGHT|wxLEFT, 5 ); + GridBagSizer->Add( UseKeyfilesCheckBox, wxGBPosition( 6, 1 ), wxGBSpan( 1, 1 ), wxTOP|wxRIGHT|wxLEFT, 5 ); KeyfilesButton = new wxButton( this, wxID_ANY, _("&Keyfiles..."), wxDefaultPosition, wxDefaultSize, 0 ); - GridBagSizer->Add( KeyfilesButton, wxGBPosition( 5, 2 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT, 5 ); + GridBagSizer->Add( KeyfilesButton, wxGBPosition( 6, 2 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT, 5 ); Pkcs5PrfSizer = new wxBoxSizer( wxVERTICAL ); - GridBagSizer->Add( Pkcs5PrfSizer, wxGBPosition( 6, 1 ), wxGBSpan( 1, 1 ), wxEXPAND|wxTOP|wxBOTTOM, 5 ); + GridBagSizer->Add( Pkcs5PrfSizer, wxGBPosition( 7, 1 ), wxGBSpan( 1, 1 ), wxEXPAND|wxTOP|wxBOTTOM, 5 ); Pkcs5PrfStaticText = new wxStaticText( this, wxID_ANY, _("PKCS-5 PRF:"), wxDefaultPosition, wxDefaultSize, 0 ); Pkcs5PrfStaticText->Wrap( -1 ); - GridBagSizer->Add( Pkcs5PrfStaticText, wxGBPosition( 7, 0 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 ); + GridBagSizer->Add( Pkcs5PrfStaticText, wxGBPosition( 8, 0 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 ); wxString Pkcs5PrfChoiceChoices[] = { _("Unchanged") }; int Pkcs5PrfChoiceNChoices = sizeof( Pkcs5PrfChoiceChoices ) / sizeof( wxString ); Pkcs5PrfChoice = new wxChoice( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, Pkcs5PrfChoiceNChoices, Pkcs5PrfChoiceChoices, 0 ); Pkcs5PrfChoice->SetSelection( 0 ); - GridBagSizer->Add( Pkcs5PrfChoice, wxGBPosition( 7, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 ); + GridBagSizer->Add( Pkcs5PrfChoice, wxGBPosition( 8, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 ); TrueCryptModeCheckBox = new wxCheckBox( this, wxID_ANY, _("TrueCrypt Mode"), wxDefaultPosition, wxDefaultSize, 0 ); - GridBagSizer->Add( TrueCryptModeCheckBox, wxGBPosition( 7, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 ); + GridBagSizer->Add( TrueCryptModeCheckBox, wxGBPosition( 8, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 ); HeaderWipeCountText = new wxStaticText( this, wxID_ANY, _("Header Wipe:"), wxDefaultPosition, wxDefaultSize, 0 ); HeaderWipeCountText->Wrap( -1 ); - GridBagSizer->Add( HeaderWipeCountText, wxGBPosition( 8, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT, 5 ); + GridBagSizer->Add( HeaderWipeCountText, wxGBPosition( 9, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT, 5 ); wxString HeaderWipeCountChoices[] = { _("1-pass"), _("3-pass"), _("7-pass"), _("35-pass"), _("256-pass") }; int HeaderWipeCountNChoices = sizeof( HeaderWipeCountChoices ) / sizeof( wxString ); HeaderWipeCount = new wxChoice( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, HeaderWipeCountNChoices, HeaderWipeCountChoices, 0 ); HeaderWipeCount->SetSelection( 1 ); - GridBagSizer->Add( HeaderWipeCount, wxGBPosition( 8, 1 ), wxGBSpan( 1, 1 ), wxALL, 5 ); + GridBagSizer->Add( HeaderWipeCount, wxGBPosition( 9, 1 ), wxGBSpan( 1, 1 ), wxALL, 5 ); PasswordPlaceholderSizer = new wxBoxSizer( wxVERTICAL ); - GridBagSizer->Add( PasswordPlaceholderSizer, wxGBPosition( 9, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxEXPAND, 5 ); + GridBagSizer->Add( PasswordPlaceholderSizer, wxGBPosition( 10, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxEXPAND, 5 ); GridBagSizer->AddGrowableCol( 1 ); @@ -3264,6 +3276,7 @@ VolumePasswordPanelBase::VolumePasswordPanelBase( wxWindow* parent, wxWindowID i // Connect Events PasswordTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this ); ConfirmPasswordTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this ); + VolumePimTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnPimChanged ), NULL, this ); DisplayPasswordCheckBox->Connect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnDisplayPasswordCheckBoxClick ), NULL, this ); UseKeyfilesCheckBox->Connect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnUseKeyfilesCheckBoxClick ), NULL, this ); KeyfilesButton->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnKeyfilesButtonClick ), NULL, this ); @@ -3276,6 +3289,7 @@ VolumePasswordPanelBase::~VolumePasswordPanelBase() // Disconnect Events PasswordTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this ); ConfirmPasswordTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this ); + VolumePimTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnPimChanged ), NULL, this ); DisplayPasswordCheckBox->Disconnect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnDisplayPasswordCheckBoxClick ), NULL, this ); UseKeyfilesCheckBox->Disconnect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnUseKeyfilesCheckBoxClick ), NULL, this ); KeyfilesButton->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnKeyfilesButtonClick ), NULL, this ); diff --git a/src/Main/Forms/Forms.h b/src/Main/Forms/Forms.h index 24097686..c53d3c33 100755 --- a/src/Main/Forms/Forms.h +++ b/src/Main/Forms/Forms.h @@ -959,6 +959,9 @@ namespace VeraCrypt wxTextCtrl* PasswordTextCtrl; wxStaticText* ConfirmPasswordStaticText; wxTextCtrl* ConfirmPasswordTextCtrl; + wxStaticText* VolumePimStaticText; + wxTextCtrl* VolumePimTextCtrl; + wxStaticText* VolumePinHelpStaticText; wxCheckBox* CacheCheckBox; wxCheckBox* DisplayPasswordCheckBox; wxCheckBox* UseKeyfilesCheckBox; @@ -973,6 +976,7 @@ namespace VeraCrypt // Virtual event handlers, overide them in your derived class virtual void OnTextChanged( wxCommandEvent& event ) { event.Skip(); } + virtual void OnPimChanged( wxCommandEvent& event ) { event.Skip(); } virtual void OnDisplayPasswordCheckBoxClick( wxCommandEvent& event ) { event.Skip(); } virtual void OnUseKeyfilesCheckBoxClick( wxCommandEvent& event ) { event.Skip(); } virtual void OnKeyfilesButtonClick( wxCommandEvent& event ) { event.Skip(); } diff --git a/src/Main/Forms/MountOptionsDialog.cpp b/src/Main/Forms/MountOptionsDialog.cpp old mode 100644 new mode 100755 index e60492e1..9ebbbe98 --- a/src/Main/Forms/MountOptionsDialog.cpp +++ b/src/Main/Forms/MountOptionsDialog.cpp @@ -85,6 +85,7 @@ namespace VeraCrypt TransferDataFromWindow(); Options.Password = PasswordPanel->GetPassword(); + Options.Pim = PasswordPanel->GetVolumePim(); Options.Kdf = PasswordPanel->GetPkcs5Kdf(); Options.TrueCryptMode = PasswordPanel->GetTrueCryptMode(); Options.Keyfiles = PasswordPanel->GetKeyfiles(); @@ -97,6 +98,7 @@ namespace VeraCrypt { Options.Protection = VolumeProtection::HiddenVolumeReadOnly; Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword(); + Options.ProtectionPim = ProtectionPasswordPanel->GetVolumePim(); Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf(); Options.ProtectionKeyfiles = ProtectionPasswordPanel->GetKeyfiles(); } diff --git a/src/Main/Forms/TrueCrypt.fbp b/src/Main/Forms/TrueCrypt.fbp index 86621bac..31ea58e3 100755 --- a/src/Main/Forms/TrueCrypt.fbp +++ b/src/Main/Forms/TrueCrypt.fbp @@ -25834,11 +25834,277 @@ + 5 + 1 + 0 + wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxRIGHT + 3 + 1 + + 1 + 1 + 1 + 1 + + + + + + + + 1 + 0 + 1 + + 1 + 0 + Dock + 0 + Left + 1 + + 1 + + 0 + 0 + wxID_ANY + Volume PIM: + + 0 + + + 0 + + 1 + VolumePimStaticText + 1 + + + protected + 1 + + Resizable + 1 + + + + 0 + + + + + -1 + + + + + + + + + + + + + + + + + + + + + + + + + + + 5 + 1 + 1 + wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxEXPAND + 3 + 1 + + 1 + 1 + 1 + 1 + + + + + + + + 1 + 0 + 1 + + 1 + 0 + Dock + 0 + Left + 1 + + 1 + + 0 + 0 + wxID_ANY + + 0 + + 10 + + 0 + + 1 + VolumePimTextCtrl + 1 + + + protected + 1 + + Resizable + 1 + + + + 0 + + + wxFILTER_NUMERIC + wxDefaultValidator + + + + + + + + + + + + + + + + + + + + + + + + + + + + OnPimChanged + + + + + + + + 5 + 1 + 2 + wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxLEFT|wxRIGHT + 3 + 1 + + 1 + 1 + 1 + 1 + + + + + + + + 1 + 0 + 1 + + 1 + 0 + Dock + 0 + Left + 1 + + 1 + + 0 + 0 + wxID_ANY + (Empty or 0 for default iterations) + + 0 + + + 0 + + 1 + VolumePinHelpStaticText + 1 + + + protected + 1 + + Resizable + 1 + + + + 0 + + + + + -1 + + + + + + + + + + + + + + + + + + + + + + + + + + 5 2 1 wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL - 3 + 4 1 1 @@ -25929,7 +26195,7 @@ 2 1 wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL - 4 + 5 1 1 @@ -26020,7 +26286,7 @@ 1 1 wxTOP|wxRIGHT|wxLEFT - 5 + 6 1 1 @@ -26111,7 +26377,7 @@ 1 2 wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT - 5 + 6 1 1 @@ -26202,7 +26468,7 @@ 1 1 wxEXPAND|wxTOP|wxBOTTOM - 6 + 7 1 @@ -26216,7 +26482,7 @@ 1 0 wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT - 7 + 8 1 1 @@ -26302,7 +26568,7 @@ 1 1 wxALIGN_CENTER_VERTICAL|wxLEFT - 7 + 8 1 1 @@ -26393,7 +26659,7 @@ 1 2 wxALIGN_CENTER_VERTICAL|wxLEFT - 7 + 8 1 1 @@ -26484,7 +26750,7 @@ 1 0 wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT - 8 + 9 1 1 @@ -26570,7 +26836,7 @@ 1 1 wxALL - 8 + 9 1 1 @@ -26661,7 +26927,7 @@ 2 1 wxTOP|wxEXPAND - 9 + 10 1 diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp index 12dc7457..e7f3fb46 100755 --- a/src/Main/Forms/VolumeCreationWizard.cpp +++ b/src/Main/Forms/VolumeCreationWizard.cpp @@ -276,6 +276,7 @@ namespace VeraCrypt MountOptions mountOptions; mountOptions.Keyfiles = Keyfiles; mountOptions.Password = Password; + mountOptions.Pim = Pim; mountOptions.Path = make_shared (SelectedVolumePath); try @@ -436,6 +437,7 @@ namespace VeraCrypt mountOptions.NoFilesystem = true; mountOptions.Protection = VolumeProtection::None; mountOptions.Password = Password; + mountOptions.Pim = Pim; mountOptions.Keyfiles = Keyfiles; mountOptions.Kdf = Kdf; mountOptions.TrueCryptMode = false; @@ -706,6 +708,7 @@ namespace VeraCrypt { VolumePasswordWizardPage *page = dynamic_cast (GetCurrentPage()); Password = page->GetPassword(); + Pim = page->GetVolumePim(); Kdf = page->GetPkcs5Kdf(); Keyfiles = page->GetKeyfiles(); @@ -721,12 +724,28 @@ namespace VeraCrypt return GetCurrentStep(); } - if (Password->Size() < VolumePassword::WarningSizeThreshold - && !Gui->AskYesNo (LangString["PASSWORD_LENGTH_WARNING"], false, true)) + if (Password->Size() < VolumePassword::WarningSizeThreshold) { - return GetCurrentStep(); + if (Pim < 485) + { + Gui->ShowError ("PIM_REQUIRE_LONG_PASSWORD"); + return GetCurrentStep(); + } + + if (!Gui->AskYesNo (LangString["PASSWORD_LENGTH_WARNING"], false, true)) + { + return GetCurrentStep(); + } + } + else if (Pim < 485) + { + if (!Gui->AskYesNo (LangString["PIM_SMALL_WARNING"], false, true)) + { + return GetCurrentStep(); + } } } + if (forward && OuterVolume) { @@ -864,6 +883,7 @@ namespace VeraCrypt options->SectorSize = SectorSize; options->EA = SelectedEncryptionAlgorithm; options->Password = Password; + options->Pim = Pim; options->Keyfiles = Keyfiles; options->Path = SelectedVolumePath; options->Quick = QuickFormatEnabled; @@ -946,7 +966,7 @@ namespace VeraCrypt }); #endif - shared_ptr outerVolume = Core->OpenVolume (make_shared (SelectedVolumePath), true, Password, Kdf, false, Keyfiles, VolumeProtection::ReadOnly); + shared_ptr outerVolume = Core->OpenVolume (make_shared (SelectedVolumePath), true, Password, Pim, Kdf, false, Keyfiles, VolumeProtection::ReadOnly); MaxHiddenVolumeSize = Core->GetMaxHiddenVolumeSize (outerVolume); // Add a reserve (in case the user mounts the outer volume and creates new files diff --git a/src/Main/Forms/VolumeCreationWizard.h b/src/Main/Forms/VolumeCreationWizard.h old mode 100644 new mode 100755 index 09bc1c34..839a9993 --- a/src/Main/Forms/VolumeCreationWizard.h +++ b/src/Main/Forms/VolumeCreationWizard.h @@ -73,6 +73,7 @@ namespace VeraCrypt VolumeHostType::Enum SelectedVolumeHostType; VolumeType::Enum SelectedVolumeType; shared_ptr Password; + int Pim; shared_ptr Kdf; uint32 SectorSize; shared_ptr SelectedHash; diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp old mode 100644 new mode 100755 index deab2803..d4200b66 --- a/src/Main/Forms/VolumePasswordPanel.cpp +++ b/src/Main/Forms/VolumePasswordPanel.cpp @@ -54,6 +54,9 @@ namespace VeraCrypt PasswordStaticText->Show (enablePassword); PasswordTextCtrl->Show (enablePassword); DisplayPasswordCheckBox->Show (enablePassword); + + VolumePimTextCtrl->Show (enablePassword); + VolumePinHelpStaticText->Show (enablePassword); ConfirmPasswordStaticText->Show (enableConfirmation); ConfirmPasswordTextCtrl->Show (enableConfirmation); @@ -213,6 +216,18 @@ namespace VeraCrypt } } + int VolumePasswordPanel::GetVolumePim () const + { + wxString pinStr (VolumePimTextCtrl->GetValue()); + long pin = 0; + if (pinStr.IsEmpty()) + return 0; + if (pinStr.ToLong (&pin)) + return (int) pin; + else + return -1; + } + bool VolumePasswordPanel::GetTrueCryptMode () const { return TrueCryptModeCheckBox->GetValue (); @@ -352,4 +367,21 @@ namespace VeraCrypt textCtrl->SetValue (wxString (L'X', textCtrl->GetLineLength(0))); GetPassword (textCtrl); } + + void VolumePasswordPanel::OnPimChanged (wxCommandEvent& event) + { + if (ConfirmPasswordTextCtrl->IsShown()) + { + if (GetVolumePim() != 0) + { + VolumePinHelpStaticText->SetForegroundColour(*wxRED); + VolumePinHelpStaticText->SetLabel(LangString["PIM_CHANGE_WARNING"]); + } + else + { + VolumePinHelpStaticText->SetForegroundColour(*wxBLACK); + VolumePinHelpStaticText->SetLabel(LangString["IDC_PIM_HELP"]); + } + } + } } diff --git a/src/Main/Forms/VolumePasswordPanel.h b/src/Main/Forms/VolumePasswordPanel.h old mode 100644 new mode 100755 index 4cd338c5..45e0dd8c --- a/src/Main/Forms/VolumePasswordPanel.h +++ b/src/Main/Forms/VolumePasswordPanel.h @@ -25,10 +25,12 @@ namespace VeraCrypt shared_ptr GetKeyfiles () const { return UseKeyfilesCheckBox->IsChecked() ? Keyfiles : shared_ptr (); } shared_ptr GetPassword () const; shared_ptr GetPkcs5Kdf () const; + int GetVolumePim () const; bool GetTrueCryptMode () const; int GetHeaderWipeCount () const; void SetCacheCheckBoxValidator (const wxGenericValidator &validator) { CacheCheckBox->SetValidator (validator); } void SetFocusToPasswordTextCtrl () { PasswordTextCtrl->SetSelection (-1, -1); PasswordTextCtrl->SetFocus(); } + void SetFocusToPimTextCtrl () { VolumePimTextCtrl->SetSelection (-1, -1); VolumePimTextCtrl->SetFocus(); } bool PasswordsMatch () const; Event UpdateEvent; @@ -44,6 +46,7 @@ namespace VeraCrypt void OnKeyfilesButtonRightClick (wxMouseEvent& event); void OnKeyfilesButtonRightDown (wxMouseEvent& event); void OnTextChanged (wxCommandEvent& event) { OnUpdate(); } + void OnPimChanged (wxCommandEvent& event); void OnUpdate () { UpdateEvent.Raise(); } void OnUseKeyfilesCheckBoxClick (wxCommandEvent& event) { OnUpdate(); } void WipeTextCtrl (wxTextCtrl *textCtrl); diff --git a/src/Main/Forms/VolumePasswordWizardPage.h b/src/Main/Forms/VolumePasswordWizardPage.h old mode 100644 new mode 100755 index 13a98c62..aad86c86 --- a/src/Main/Forms/VolumePasswordWizardPage.h +++ b/src/Main/Forms/VolumePasswordWizardPage.h @@ -22,6 +22,7 @@ namespace VeraCrypt shared_ptr GetKeyfiles () const { return PasswordPanel->GetKeyfiles(); } shared_ptr GetPassword () const { return PasswordPanel->GetPassword(); } + int GetVolumePim () const { return PasswordPanel->GetVolumePim(); } shared_ptr GetPkcs5Kdf () const { return PasswordPanel->GetPkcs5Kdf(); } bool IsValid (); void SetMaxStaticTextWidth (int width) { InfoStaticText->Wrap (width); } diff --git a/src/Main/Forms/VolumePropertiesDialog.cpp b/src/Main/Forms/VolumePropertiesDialog.cpp index 9d17f04b..daa247c3 100644 --- a/src/Main/Forms/VolumePropertiesDialog.cpp +++ b/src/Main/Forms/VolumePropertiesDialog.cpp @@ -57,7 +57,10 @@ namespace VeraCrypt AppendToList ("BLOCK_SIZE", blockSize.str() + L" " + LangString ["BITS"]); AppendToList ("MODE_OF_OPERATION", volumeInfo.EncryptionModeName); - AppendToList ("PKCS5_PRF", volumeInfo.Pkcs5PrfName); + if (volumeInfo.Pim <= 0) + AppendToList ("PKCS5_PRF", volumeInfo.Pkcs5PrfName); + else + AppendToList ("PKCS5_PRF", StringFormatter (L"{0} (Dynamic)", volumeInfo.Pkcs5PrfName)); #if 0 AppendToList ("PKCS5_ITERATIONS", StringConverter::FromNumber (volumeInfo.Pkcs5IterationCount)); diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp old mode 100644 new mode 100755 index 3b4da416..d5413f37 --- a/src/Main/GraphicUserInterface.cpp +++ b/src/Main/GraphicUserInterface.cpp @@ -178,11 +178,13 @@ namespace VeraCrypt options->Path, options->PreserveTimestamps, options->Password, + options->Pim, options->Kdf, false, options->Keyfiles, options->Protection, options->ProtectionPassword, + options->ProtectionPim, options->ProtectionKdf, options->ProtectionKeyfiles, true, @@ -268,7 +270,7 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize()); - ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Keyfiles); + ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles); ExecuteWaitThreadRoutine (parent, &routine); @@ -277,7 +279,7 @@ namespace VeraCrypt if (hiddenVolume) { // Re-encrypt hidden volume header - ReEncryptHeaderThreadRoutine hiddenRoutine(newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Keyfiles); + ReEncryptHeaderThreadRoutine hiddenRoutine(newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles); ExecuteWaitThreadRoutine (parent, &hiddenRoutine); } @@ -1322,11 +1324,13 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + options.Pim, options.Kdf, options.TrueCryptMode, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionPim, options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, @@ -1356,7 +1360,7 @@ namespace VeraCrypt // Re-encrypt volume header wxBusyCursor busy; SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize()); - ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, volume->GetHeader(), options.Password, options.Keyfiles); + ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles); ExecuteWaitThreadRoutine (parent, &routine); @@ -1446,7 +1450,7 @@ namespace VeraCrypt EncryptionAlgorithmList encryptionAlgorithms = layout->GetSupportedEncryptionAlgorithms(); EncryptionModeList encryptionModes = layout->GetSupportedEncryptionModes(); - DecryptThreadRoutine decryptRoutine(layout->GetHeader(), headerBuffer, *passwordKey, options.Kdf, options.TrueCryptMode, keyDerivationFunctions, encryptionAlgorithms, encryptionModes); + DecryptThreadRoutine decryptRoutine(layout->GetHeader(), headerBuffer, *passwordKey, options.Pim, options.Kdf, options.TrueCryptMode, keyDerivationFunctions, encryptionAlgorithms, encryptionModes); ExecuteWaitThreadRoutine (parent, &decryptRoutine); @@ -1475,7 +1479,7 @@ namespace VeraCrypt // Re-encrypt volume header wxBusyCursor busy; SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize()); - ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles); + ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); ExecuteWaitThreadRoutine (parent, &routine); @@ -1491,7 +1495,7 @@ namespace VeraCrypt if (decryptedLayout->HasBackupHeader()) { // Re-encrypt backup volume header - ReEncryptHeaderThreadRoutine backupRoutine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles); + ReEncryptHeaderThreadRoutine backupRoutine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); ExecuteWaitThreadRoutine (parent, &backupRoutine); diff --git a/src/Main/GraphicUserInterface.h b/src/Main/GraphicUserInterface.h old mode 100644 new mode 100755 index 7edea984..c9ff72cb --- a/src/Main/GraphicUserInterface.h +++ b/src/Main/GraphicUserInterface.h @@ -30,7 +30,7 @@ namespace VeraCrypt virtual void BackupVolumeHeaders (shared_ptr volumePath) const; virtual void BeginBusyState () const { wxBeginBusyCursor(); } virtual void BeginInteractiveBusyState (wxWindow *window); - virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const { ThrowTextModeRequired(); } + virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), int pim = 0, shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), int newPim = 0, shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const { ThrowTextModeRequired(); } wxHyperlinkCtrl *CreateHyperlink (wxWindow *parent, const wxString &linkUrl, const wxString &linkText) const; virtual void CreateKeyfile (shared_ptr keyfilePath = shared_ptr ()) const; virtual void CreateVolume (shared_ptr options) const { ThrowTextModeRequired(); } diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp old mode 100644 new mode 100755 index c1b17b2b..190aaf76 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -180,6 +180,34 @@ namespace VeraCrypt return password; } + int TextUserInterface::AskPim (const wxString &message) const + { + int pim = -1; + wxString msg = _("Enter new PIM: "); + if (!message.empty()) + msg = message + L": "; + while (pim < 0) + { + wstring pimStr = AskString (msg); + if (pimStr.empty()) + pim = 0; + else + { + try + { + pim = (int) StringConverter::ToUInt32 (pimStr); + } + catch (...) + { + pim = -1; + continue; + } + } + } + + return pim; + } + ssize_t TextUserInterface::AskSelection (ssize_t optionCount, ssize_t defaultOption) const { while (true) @@ -272,6 +300,7 @@ namespace VeraCrypt { ShowString (L"\n"); options->Password = AskPassword (LangString[volumeType == VolumeType::Hidden ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD"]); + options->Pim = AskPim (volumeType == VolumeType::Hidden ?_("Enter PIM for the hidden volume") : _("Enter PIM for the normal/outer volume")); options->Keyfiles = AskKeyfiles(); try @@ -280,11 +309,13 @@ namespace VeraCrypt options->Path, options->PreserveTimestamps, options->Password, + options->Pim, kdf, false, options->Keyfiles, options->Protection, options->ProtectionPassword, + options->ProtectionPim, options->ProtectionKdf, options->ProtectionKeyfiles, true, @@ -345,14 +376,14 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles); backupFile.Write (newHeaderBuffer); if (hiddenVolume) { // Re-encrypt hidden volume header - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles); } else { @@ -368,7 +399,7 @@ namespace VeraCrypt ShowInfo ("VOL_HEADER_BACKED_UP"); } - void TextUserInterface::ChangePassword (shared_ptr volumePath, shared_ptr password, shared_ptr currentHash, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, shared_ptr newKeyfiles, shared_ptr newHash) const + void TextUserInterface::ChangePassword (shared_ptr volumePath, shared_ptr password, int pim, shared_ptr currentHash, bool truecryptMode, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newHash) const { shared_ptr volume; @@ -411,6 +442,12 @@ namespace VeraCrypt { password = AskPassword (); } + + // current PIM + if (!Preferences.NonInteractive && (pim < 0)) + { + pim = AskPim (_("Enter current PIM")); + } // Current keyfiles try @@ -421,7 +458,7 @@ namespace VeraCrypt try { keyfiles.reset (new KeyfileList); - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); } catch (PasswordException&) { @@ -431,7 +468,7 @@ namespace VeraCrypt } if (!volume.get()) - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); } catch (PasswordException &e) { @@ -450,6 +487,10 @@ namespace VeraCrypt newPassword->CheckPortability(); else if (!Preferences.NonInteractive) newPassword = AskPassword (_("Enter new password"), true); + + // New PIM + if ((newPim < 0) && !Preferences.NonInteractive) + newPim = AskPim (_("Enter new PIM")); // New keyfiles if (!newKeyfiles.get() && !Preferences.NonInteractive) @@ -464,7 +505,7 @@ namespace VeraCrypt RandomNumberGenerator::SetEnrichedByUserStatus (false); UserEnrichRandomPool(); - Core->ChangePassword (volume, newPassword, newKeyfiles, + Core->ChangePassword (volume, newPassword, newPim, newKeyfiles, newHash ? Pkcs5Kdf::GetAlgorithm (*newHash, false) : shared_ptr ()); ShowInfo ("PASSWORD_CHANGED"); @@ -747,6 +788,13 @@ namespace VeraCrypt if (options->Password) options->Password->CheckPortability(); + + // PIM + if ((options->Pim < 0) && !Preferences.NonInteractive) + { + ShowString (L"\n"); + options->Pim = AskPim (_("Enter PIM")); + } // Keyfiles if (!options->Keyfiles && !Preferences.NonInteractive) @@ -819,6 +867,7 @@ namespace VeraCrypt mountOptions.NoFilesystem = true; mountOptions.Protection = VolumeProtection::None; mountOptions.Password = options->Password; + mountOptions.Pim = options->Pim; mountOptions.Keyfiles = options->Keyfiles; shared_ptr volume = Core->MountVolume (mountOptions); @@ -1070,6 +1119,9 @@ namespace VeraCrypt { if (!options.Password) options.Password = AskPassword(); + + if (options.Pim < 0) + options.Pim = AskPim (_("Enter PIM")); if (!options.Keyfiles) options.Keyfiles = AskKeyfiles(); @@ -1080,6 +1132,7 @@ namespace VeraCrypt return mountedVolumes; options.Password.reset(); + options.Pim = -1; } } @@ -1144,6 +1197,11 @@ namespace VeraCrypt ShowWarning ("UNSUPPORTED_CHARS_IN_PWD_RECOM"); } } + + if (options.Pim < 0) + { + options.Pim = AskPim (StringFormatter (_("Enter PIM for {0}"), wstring (*options.Path))); + } // Keyfiles if (!options.Keyfiles) @@ -1159,6 +1217,8 @@ namespace VeraCrypt { if (!options.ProtectionPassword) options.ProtectionPassword = AskPassword (_("Enter password for hidden volume")); + if (options.ProtectionPim < 0) + options.ProtectionPim = AskPim (_("Enter PIM for hidden volume")); if (!options.ProtectionKeyfiles) options.ProtectionKeyfiles = AskKeyfiles (_("Enter keyfile for hidden volume")); } @@ -1171,6 +1231,7 @@ namespace VeraCrypt { ShowInfo (e); options.ProtectionPassword.reset(); + options.ProtectionPim = -1; } catch (PasswordIncorrect &e) { @@ -1337,6 +1398,7 @@ namespace VeraCrypt { ShowString (L"\n"); options.Password = AskPassword(); + options.Pim = AskPim(); options.Keyfiles = AskKeyfiles(); try @@ -1345,11 +1407,13 @@ namespace VeraCrypt options.Path, options.PreserveTimestamps, options.Password, + options.Pim, kdf, false, options.Keyfiles, options.Protection, options.ProtectionPassword, + options.ProtectionPim, options.ProtectionKdf, options.ProtectionKeyfiles, options.SharedAccessAllowed, @@ -1374,7 +1438,7 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles); // Write volume header int headerOffset = volume->GetLayout()->GetHeaderOffset(); @@ -1434,6 +1498,7 @@ namespace VeraCrypt while (!decryptedLayout) { options.Password = AskPassword (L"\n" + LangString["ENTER_HEADER_BACKUP_PASSWORD"]); + options.Pim = AskPim (_("Enter PIM")); options.Keyfiles = AskKeyfiles(); try @@ -1455,7 +1520,7 @@ namespace VeraCrypt // Decrypt header shared_ptr passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); - if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) + if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; break; @@ -1479,7 +1544,7 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); // Write volume header int headerOffset = decryptedLayout->GetHeaderOffset(); @@ -1493,7 +1558,7 @@ namespace VeraCrypt if (decryptedLayout->HasBackupHeader()) { // Re-encrypt backup volume header - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); // Write backup volume header headerOffset = decryptedLayout->GetBackupHeaderOffset(); diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h old mode 100644 new mode 100755 index 01f344bb..2392f090 --- a/src/Main/TextUserInterface.h +++ b/src/Main/TextUserInterface.h @@ -24,13 +24,14 @@ namespace VeraCrypt virtual FilePath AskFilePath (const wxString &message = wxEmptyString) const; virtual shared_ptr AskKeyfiles (const wxString &message = L"") const; virtual shared_ptr AskPassword (const wxString &message = L"", bool verify = false) const; + virtual int AskPim (const wxString &message = L"") const; virtual ssize_t AskSelection (ssize_t optionCount, ssize_t defaultOption = -1) const; virtual wstring AskString (const wxString &message = wxEmptyString) const; virtual shared_ptr AskVolumePath (const wxString &message = L"") const; virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const; virtual void BackupVolumeHeaders (shared_ptr volumePath) const; virtual void BeginBusyState () const { } - virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const; + virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), int pim = 0, shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), int newPim = 0, shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const; virtual void CreateKeyfile (shared_ptr keyfilePath = shared_ptr ()) const; virtual void CreateVolume (shared_ptr options) const; virtual void DeleteSecurityTokenKeyfiles () const; diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp old mode 100644 new mode 100755 index 62966e77..9abe0e6a --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -898,6 +898,7 @@ namespace VeraCrypt cmdLine.ArgMountOptions.Path = cmdLine.ArgVolumePath; cmdLine.ArgMountOptions.MountPoint = cmdLine.ArgMountPoint; cmdLine.ArgMountOptions.Password = cmdLine.ArgPassword; + cmdLine.ArgMountOptions.Pim = cmdLine.ArgPim; cmdLine.ArgMountOptions.Keyfiles = cmdLine.ArgKeyfiles; cmdLine.ArgMountOptions.SharedAccessAllowed = cmdLine.ArgForce; cmdLine.ArgMountOptions.TrueCryptMode = cmdLine.ArgTrueCryptMode; @@ -988,7 +989,7 @@ namespace VeraCrypt return true; case CommandId::ChangePassword: - ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgCurrentHash, cmdLine.ArgTrueCryptMode, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash); + ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgPim, cmdLine.ArgCurrentHash, cmdLine.ArgTrueCryptMode, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewPim, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash); return true; case CommandId::CreateKeyfile: @@ -1009,6 +1010,7 @@ namespace VeraCrypt options->Filesystem = cmdLine.ArgFilesystem; options->Keyfiles = cmdLine.ArgKeyfiles; options->Password = cmdLine.ArgPassword; + options->Pim = cmdLine.ArgPim; options->Quick = cmdLine.ArgQuick; options->Size = cmdLine.ArgSize; options->Type = cmdLine.ArgVolumeType; diff --git a/src/Main/UserInterface.h b/src/Main/UserInterface.h old mode 100644 new mode 100755 index 1c94afdd..91e905d3 --- a/src/Main/UserInterface.h +++ b/src/Main/UserInterface.h @@ -29,7 +29,7 @@ namespace VeraCrypt virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const = 0; virtual void BackupVolumeHeaders (shared_ptr volumePath) const = 0; virtual void BeginBusyState () const = 0; - virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const = 0; + virtual void ChangePassword (shared_ptr volumePath = shared_ptr (), shared_ptr password = shared_ptr (), int pim = 0, shared_ptr currentHash = shared_ptr (), bool truecryptMode = false, shared_ptr keyfiles = shared_ptr (), shared_ptr newPassword = shared_ptr (), int newPim = 0, shared_ptr newKeyfiles = shared_ptr (), shared_ptr newHash = shared_ptr ()) const = 0; virtual void CheckRequirementsForMountingVolume () const; virtual void CloseExplorerWindows (shared_ptr mountedVolume) const; virtual void CreateKeyfile (shared_ptr keyfilePath = shared_ptr ()) const = 0; diff --git a/src/Platform/StringConverter.cpp b/src/Platform/StringConverter.cpp index cbd89e1f..c7ecc143 100644 --- a/src/Platform/StringConverter.cpp +++ b/src/Platform/StringConverter.cpp @@ -259,6 +259,30 @@ namespace VeraCrypt if (ss.fail() || n == 0xffffFFFFU) throw ParameterIncorrect (SRC_POS); + return n; + } + + int32 StringConverter::ToInt32 (const string &str) + { + int32 n; + stringstream ss (str); + + ss >> n; + if (ss.fail() || n == 0x7fffFFFF || n == -0x7fffFFFF) + throw ParameterIncorrect (SRC_POS); + + return n; + } + + int32 StringConverter::ToInt32 (const wstring &str) + { + int32 n; + wstringstream ss (str); + + ss >> n; + if (ss.fail() || n == 0x7fffFFFF || n == -0x7fffFFFF) + throw ParameterIncorrect (SRC_POS); + return n; } @@ -283,6 +307,30 @@ namespace VeraCrypt if (ss.fail() || n == 0xffffFFFFffffFFFFULL) throw ParameterIncorrect (SRC_POS); + return n; + } + + int64 StringConverter::ToInt64 (const string &str) + { + int64 n; + stringstream ss (str); + + ss >> n; + if (ss.fail() || n == 0x7fffFFFFffffFFFFLL || n == -0x7fffFFFFffffFFFFLL) + throw ParameterIncorrect (SRC_POS); + + return n; + } + + int64 StringConverter::ToInt64 (const wstring &str) + { + int64 n; + wstringstream ss (str); + + ss >> n; + if (ss.fail() || n == 0x7fffFFFFffffFFFFLL || n == -0x7fffFFFFffffFFFFLL) + throw ParameterIncorrect (SRC_POS); + return n; } diff --git a/src/Platform/StringConverter.h b/src/Platform/StringConverter.h index 9a9e098f..7b68ff4d 100644 --- a/src/Platform/StringConverter.h +++ b/src/Platform/StringConverter.h @@ -32,9 +32,13 @@ namespace VeraCrypt static wstring ToExceptionString (const exception &ex); static string ToLower (const string &str); static uint32 ToUInt32 (const string &str); - static uint32 ToUInt32 (const wstring &str); + static uint32 ToUInt32 (const wstring &str); + static int32 ToInt32 (const string &str); + static int32 ToInt32 (const wstring &str); static uint64 ToUInt64 (const string &str); - static uint64 ToUInt64 (const wstring &str); + static uint64 ToUInt64 (const wstring &str); + static int64 ToInt64 (const string &str); + static int64 ToInt64 (const wstring &str); static string ToSingle (double number) { return ToSingle (FromNumber (number)); } static string ToSingle (int32 number) { return ToSingle (FromNumber (number)); } static string ToSingle (uint32 number) { return ToSingle (FromNumber (number)); } diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp old mode 100644 new mode 100755 index beccd62b..685bc73d --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -20,9 +20,9 @@ namespace VeraCrypt { } - void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const + void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const { - DeriveKey (key, password, salt, GetIterationCount()); + DeriveKey (key, password, salt, GetIterationCount(pim)); } shared_ptr Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode) diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h old mode 100644 new mode 100755 index b2a13213..29149229 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -23,13 +23,13 @@ namespace VeraCrypt public: virtual ~Pkcs5Kdf (); - virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const; + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const; virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0; static shared_ptr GetAlgorithm (const wstring &name, bool truecryptMode); static shared_ptr GetAlgorithm (const Hash &hash, bool truecryptMode); static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode); virtual shared_ptr GetHash () const = 0; - virtual int GetIterationCount () const = 0; + virtual int GetIterationCount (int pim) const = 0; virtual wstring GetName () const = 0; virtual Pkcs5Kdf* Clone () const = 0; virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); } @@ -55,7 +55,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 2000 : 655331; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); } @@ -72,7 +72,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 327661; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); } @@ -89,7 +89,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } - virtual int GetIterationCount () const { return 200000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); } @@ -106,7 +106,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } - virtual int GetIterationCount () const { return 500000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); } @@ -123,7 +123,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha512); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-SHA-512"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); } @@ -140,7 +140,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Whirlpool); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-Whirlpool"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); } diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index 51ebf300..ff373029 100755 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -24,7 +24,8 @@ namespace VeraCrypt TopWriteOffset (0), TotalDataRead (0), TotalDataWritten (0), - TrueCryptMode (false) + TrueCryptMode (false), + Pim (0) { } @@ -63,7 +64,7 @@ namespace VeraCrypt return EA->GetMode(); } - void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, int protectionPim, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { make_shared_auto (File, file); @@ -94,10 +95,10 @@ namespace VeraCrypt throw; } - return Open (file, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); } - void Volume::Open (shared_ptr volumeFile, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, shared_ptr protectionKdf,shared_ptr protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (shared_ptr volumeFile, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, int protectionPim, shared_ptr protectionKdf,shared_ptr protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { if (!volumeFile) throw ParameterIncorrect (SRC_POS); @@ -187,7 +188,7 @@ namespace VeraCrypt shared_ptr header = layout->GetHeader(); - if (header->Decrypt (headerBuffer, *passwordKey, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) + if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) { // Header decrypted @@ -200,6 +201,7 @@ namespace VeraCrypt } TrueCryptMode = truecryptMode; + Pim = pim; Type = layout->GetType(); SectorSize = header->GetSectorSize(); @@ -237,9 +239,9 @@ namespace VeraCrypt Volume protectedVolume; protectedVolume.Open (VolumeFile, - protectionPassword, protectionKdf, truecryptMode, protectionKeyfiles, + protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles, VolumeProtection::ReadOnly, - shared_ptr (), shared_ptr (),shared_ptr (), + shared_ptr (), 0, shared_ptr (),shared_ptr (), VolumeType::Hidden, useBackupHeaders); diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index d4a2b5a5..19e3eb2e 100755 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -87,11 +87,12 @@ namespace VeraCrypt uint64 GetTotalDataWritten () const { return TotalDataWritten; } VolumeType::Enum GetType () const { return Type; } bool GetTrueCryptMode() const { return TrueCryptMode; } + int GetPim() const { return Pim;} uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); } bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; } bool IsInSystemEncryptionScope () const { return SystemEncryption; } - void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (),shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); - void Open (shared_ptr volumeFile, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (),shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (shared_ptr volumeFile, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); @@ -118,6 +119,7 @@ namespace VeraCrypt uint64 TotalDataRead; uint64 TotalDataWritten; bool TrueCryptMode; + int Pim; private: Volume (const Volume &); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index 442c6375..3656aa14 100755 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -78,7 +78,7 @@ namespace VeraCrypt EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } - bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) { if (password.Size() < 1) throw PasswordEmpty (SRC_POS); @@ -92,7 +92,7 @@ namespace VeraCrypt if (kdf && (kdf->GetName() != pkcs5->GetName())) continue; - pkcs5->DeriveKey (headerKey, password, salt); + pkcs5->DeriveKey (headerKey, password, pim, salt); foreach (shared_ptr mode, encryptionModes) { diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 40b45b3d..894ca8a1 100755 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -56,7 +56,7 @@ namespace VeraCrypt virtual ~VolumeHeader (); void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options); - bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); + bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; } uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; } diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp old mode 100644 new mode 100755 index 33e0fd6f..aba7c479 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -51,6 +51,7 @@ namespace VeraCrypt VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("TrueCryptMode", TrueCryptMode); + sr.Deserialize ("Pim", Pim); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr first, shared_ptr second) @@ -91,6 +92,7 @@ namespace VeraCrypt sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("TrueCryptMode", TrueCryptMode); + sr.Serialize ("Pim", Pim); } void VolumeInfo::Set (const Volume &volume) @@ -105,7 +107,7 @@ namespace VeraCrypt HiddenVolumeProtectionTriggered = volume.IsHiddenVolumeProtectionTriggered(); MinRequiredProgramVersion = volume.GetHeader()->GetRequiredMinProgramVersion(); Path = volume.GetPath(); - Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(); + Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(volume.GetPim ()); Pkcs5PrfName = volume.GetPkcs5Kdf()->GetName(); Protection = volume.GetProtectionType(); Size = volume.GetSize(); @@ -115,6 +117,7 @@ namespace VeraCrypt TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); TrueCryptMode = volume.GetTrueCryptMode(); + Pim = volume.GetPim (); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 96796b50..c5bd2021 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -57,6 +57,7 @@ namespace VeraCrypt DevicePath VirtualDevice; VolumeTime VolumeCreationTime; bool TrueCryptMode; + int Pim; private: VolumeInfo (const VolumeInfo &); -- cgit v1.2.3