From fa6359d42438814af7afbb23a30fc6afce3a0a5a Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 22 Jul 2023 10:25:22 +0200 Subject: Windows: Remove TrueCrypt support. Increment version to 1.26.4. --- src/Common/Apidrvr.h | 7 +------ src/Common/BootEncryption.cpp | 4 ++-- src/Common/Cache.c | 10 ++++------ src/Common/Cache.h | 2 +- src/Common/Crypto.h | 1 - src/Common/Dlgcode.c | 39 ++++++++------------------------------ src/Common/Dlgcode.h | 5 ++--- src/Common/Format.c | 2 +- src/Common/Password.c | 10 +++++----- src/Common/Password.h | 2 +- src/Common/Pkcs5.c | 40 +++++++++++---------------------------- src/Common/Pkcs5.h | 4 ++-- src/Common/Tcdefs.h | 4 ++-- src/Common/Volumes.c | 44 +++++++++---------------------------------- src/Common/Volumes.h | 4 ++-- 15 files changed, 51 insertions(+), 127 deletions(-) (limited to 'src/Common') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 2eddc3dd..d8bfc74f 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -129,10 +129,6 @@ #define VC_IOCTL_ENCRYPTION_QUEUE_PARAMS TC_IOCTL (43) -// Legacy IOCTLs used before version 5.0 -#define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968 -#define TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES 466948 - // Undocumented IOCTL sent by Windows 10 when handling EFS data on volumes #define IOCTL_UNKNOWN_WINDOWS10_EFS_ACCESS 0x455610D8 @@ -170,7 +166,6 @@ typedef struct BOOL RecoveryMode; int pkcs5_prf; int ProtectedHidVolPkcs5Prf; - BOOL bTrueCryptMode; uint32 BytesPerPhysicalSector; int VolumePim; int ProtectedHidVolPim; @@ -200,7 +195,7 @@ typedef struct unsigned __int64 diskLength[26]; int ea[26]; int volumeType[26]; /* Volume type (e.g. PROP_VOL_TYPE_OUTER, PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED, etc.) */ - BOOL truecryptMode[26]; + BOOL reserved[26]; /* needed to keep the same size for the structure so that installer of new version can communicate with installed old version */ } MOUNT_LIST_STRUCT; typedef struct diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 079eacc6..71d39057 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -4372,7 +4372,7 @@ namespace VeraCrypt // Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize) memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader)); - if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pim, FALSE, NULL, cryptoInfo)) + if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo)) throw ParameterIncorrect (SRC_POS); DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); @@ -5411,7 +5411,7 @@ namespace VeraCrypt PCRYPTO_INFO cryptoInfo = NULL; - int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, FALSE, &cryptoInfo, NULL); + int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); if (status != 0) diff --git a/src/Common/Cache.c b/src/Common/Cache.c index fe56a554..46249b9c 100644 --- a/src/Common/Cache.c +++ b/src/Common/Cache.c @@ -43,7 +43,7 @@ void VcUnprotectPassword (Password* pPassword, uint64 encID) #endif -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo) +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo) { int nReturnCode = ERR_PASSWORD_WRONG; int i, effectivePim; @@ -51,7 +51,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade /* Attempt to recognize volume using mount password */ if (password->Length > 0) { - nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pim, truecryptMode, retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pim, retInfo, NULL); /* Save mount passwords back into cache if asked to do so */ if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY)) @@ -124,13 +124,11 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, char *heade #endif if ((pCurrentPassword->Length > 0) && (pCurrentPassword->Length <= (unsigned int) ((bBoot? MAX_LEGACY_PASSWORD: MAX_PASSWORD)))) { - if (truecryptMode) - effectivePim = 0; - else if (pim == -1) + if (pim == -1) effectivePim = CachedPim[i]; else effectivePim = pim; - nReturnCode = ReadVolumeHeader (bBoot, header, pCurrentPassword, pkcs5_prf, effectivePim, truecryptMode, retInfo, NULL); + nReturnCode = ReadVolumeHeader (bBoot, header, pCurrentPassword, pkcs5_prf, effectivePim, retInfo, NULL); if (nReturnCode != ERR_PASSWORD_WRONG) break; diff --git a/src/Common/Cache.h b/src/Common/Cache.h index 841d5e67..0988bf29 100644 --- a/src/Common/Cache.h +++ b/src/Common/Cache.h @@ -22,5 +22,5 @@ extern int cacheEmpty; void AddPasswordToCache (Password *password, int pim, BOOL bCachePim); void AddLegacyPasswordToCache (PasswordLegacy *password, int pim); -int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo); +int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim,char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo); void WipeCache (void); diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index b9600cf9..178e08e1 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -257,7 +257,6 @@ typedef struct CRYPTO_INFO_t #endif int noIterations; - BOOL bTrueCryptMode; int volumePim; BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 32e1617d..6318d915 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -5209,7 +5209,6 @@ static int DriverLoad () BOOL DriverUnload () { - MOUNT_LIST_STRUCT driver; int refCount; int volumesMounted; DWORD dwResult; @@ -5234,13 +5233,6 @@ BOOL DriverUnload () // Test for mounted volumes bResult = DeviceIoControl (hDriver, TC_IOCTL_IS_ANY_VOLUME_MOUNTED, NULL, 0, &volumesMounted, sizeof (volumesMounted), &dwResult, NULL); - if (!bResult) - { - bResult = DeviceIoControl (hDriver, TC_IOCTL_LEGACY_GET_MOUNTED_VOLUMES, NULL, 0, &driver, sizeof (driver), &dwResult, NULL); - if (bResult) - volumesMounted = driver.ulMountedDrives; - } - if (bResult) { if (volumesMounted != 0) @@ -5407,9 +5399,6 @@ load: BOOL bResult = DeviceIoControl (hDriver, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &DriverVersion, sizeof (DriverVersion), &dwResult, NULL); - if (!bResult) - bResult = DeviceIoControl (hDriver, TC_IOCTL_LEGACY_GET_DRIVER_VERSION, NULL, 0, &DriverVersion, sizeof (DriverVersion), &dwResult, NULL); - #ifndef SETUP // Don't check version during setup to allow removal of another version if (bResult == FALSE) { @@ -6506,27 +6495,27 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) case SHA512: /* PKCS-5 test with HMAC-SHA-512 used as the PRF */ - derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); + derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); break; case SHA256: /* PKCS-5 test with HMAC-SHA-256 used as the PRF */ - derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); + derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); break; case BLAKE2S: /* PKCS-5 test with HMAC-BLAKE2s used as the PRF */ - derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); + derive_key_blake2s ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); break; case WHIRLPOOL: /* PKCS-5 test with HMAC-Whirlpool used as the PRF */ - derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); + derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); break; case STREEBOG: /* PKCS-5 test with HMAC-STREEBOG used as the PRF */ - derive_key_streebog("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); + derive_key_streebog("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot), dk, MASTER_KEYDATA_SIZE); break; } } @@ -6536,7 +6525,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) benchmarkTable[benchmarkTotalItems].encSpeed = performanceCountEnd.QuadPart - performanceCountStart.QuadPart; benchmarkTable[benchmarkTotalItems].id = thid; - benchmarkTable[benchmarkTotalItems].decSpeed = get_pkcs5_iteration_count(thid, benchmarkPim, FALSE, benchmarkPreBoot); + benchmarkTable[benchmarkTotalItems].decSpeed = get_pkcs5_iteration_count(thid, benchmarkPim, benchmarkPreBoot); benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (unsigned __int64) (1000 * ((float) benchmarkTable[benchmarkTotalItems].encSpeed / benchmarkPerformanceFrequency.QuadPart / 2)); if (benchmarkPreBoot) { @@ -8234,15 +8223,6 @@ BOOL CheckFileExtension (wchar_t *fileName) return FALSE; } -BOOL IsTrueCryptFileExtension (wchar_t *fileName) -{ - wchar_t *ext = wcsrchr (fileName, L'.'); - if (ext && !_wcsicmp (ext, L".tc")) - return TRUE; - else - return FALSE; -} - void CorrectFileName (wchar_t* fileName) { /* replace '/' by '\' */ @@ -8886,7 +8866,6 @@ int MountVolume (HWND hwndDlg, Password *password, int pkcs5, int pim, - BOOL truecryptMode, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, @@ -8967,7 +8946,6 @@ retry: else mount.bMountManager = TRUE; mount.pkcs5_prf = pkcs5; - mount.bTrueCryptMode = truecryptMode; mount.VolumePim = pim; wstring path = volumePath; @@ -9122,7 +9100,6 @@ retry: burn (&mount.VolumePassword, sizeof (mount.VolumePassword)); burn (&mount.ProtectedHidVolPassword, sizeof (mount.ProtectedHidVolPassword)); burn (&mount.pkcs5_prf, sizeof (mount.pkcs5_prf)); - burn (&mount.bTrueCryptMode, sizeof (mount.bTrueCryptMode)); burn (&mount.ProtectedHidVolPkcs5Prf, sizeof (mount.ProtectedHidVolPkcs5Prf)); SetLastError (dwLastError); @@ -11701,7 +11678,7 @@ void ReportUnexpectedState (const char *techInfo) #ifndef SETUP -int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) +int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader) { int status = ERR_PARAMETER_INCORRECT; int volumeType; @@ -11876,7 +11853,7 @@ int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password } // Decrypt volume header - status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, pim, truecryptMode, &context->CryptoInfo, NULL); + status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, pim, &context->CryptoInfo, NULL); if (status == ERR_PASSWORD_WRONG) continue; // Try next volume type diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 7f7efb0f..cdd94938 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -385,7 +385,6 @@ BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo); BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue); BOOL CheckCapsLock (HWND hwnd, BOOL quiet); BOOL CheckFileExtension (wchar_t *fileName); -BOOL IsTrueCryptFileExtension (wchar_t *fileName); void CorrectFileName (wchar_t* fileName); void CorrectURL (wchar_t* fileName); void IncreaseWrongPwdRetryCount (int count); @@ -398,7 +397,7 @@ BOOL IsDriveAvailable (int driveNo); BOOL IsDeviceMounted (wchar_t *deviceName); int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced); void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap); -int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL truecryptMode, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); +int MountVolume (HWND hwndDlg, int driveNo, wchar_t *volumePath, Password *password, int pkcs5, int pim, BOOL cachePassword, BOOL cachePim, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword); BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount); BOOL UnmountVolumeAfterFormatExCall (HWND hwndDlg, int nDosDriveNo); BOOL IsPasswordCacheEmpty (void); @@ -534,7 +533,7 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize); BOOL GetSysDevicePaths (HWND hwndDlg); BOOL DoDriverInstall (HWND hwndDlg); -int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); +int OpenVolume (OpenVolumeContext *context, const wchar_t *volumePath, Password *password, int pkcs5_prf, int pim, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader); void CloseVolume (OpenVolumeContext *context); int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pim, BOOL wipeMode); BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly); diff --git a/src/Common/Format.c b/src/Common/Format.c index a34b227d..6c3e2fff 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -787,7 +787,7 @@ error: mountOptions.PartitionInInactiveSysEncScope = FALSE; mountOptions.UseBackupHeader = FALSE; - if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, FALSE, TRUE, &mountOptions, Silent, TRUE) < 1) + if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, TRUE, &mountOptions, Silent, TRUE) < 1) { if (!Silent) { diff --git a/src/Common/Password.c b/src/Common/Password.c index 4caf3a21..ae6b8035 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -168,7 +168,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim return TRUE; } -int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg) +int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg) { int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR; wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH]; @@ -191,7 +191,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, if (oldPassword->Length == 0 || newPassword->Length == 0) return -1; - if ((wipePassCount <= 0) || (truecryptMode && (old_pkcs5 == SHA256))) + if (wipePassCount <= 0) { nStatus = ERR_PARAMETER_INCORRECT; handleError (hwndDlg, nStatus, SRC_POS); @@ -367,7 +367,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, /* Try to decrypt the header */ - nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, old_pim, truecryptMode, &cryptoInfo, NULL); + nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here @@ -440,7 +440,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, (volumeType == TC_VOLUME_TYPE_HIDDEN) ? cryptoInfo->hiddenVolumeSize : 0, cryptoInfo->EncryptedAreaStart.Value, cryptoInfo->EncryptedAreaLength.Value, - truecryptMode? 0 : cryptoInfo->RequiredProgramVersion, + cryptoInfo->RequiredProgramVersion, cryptoInfo->HeaderFlags, cryptoInfo->SectorSize, wipePass < wipePassCount - 1); @@ -494,7 +494,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, cryptoInfo->VolumeSize.Value, cryptoInfo->EncryptedAreaStart.Value, cryptoInfo->EncryptedAreaLength.Value, - truecryptMode? 0 : cryptoInfo->RequiredProgramVersion, + cryptoInfo->RequiredProgramVersion, cryptoInfo->HeaderFlags, cryptoInfo->SectorSize, wipePass < wipePassCount - 1); diff --git a/src/Common/Password.h b/src/Common/Password.h index 550558db..dd3fbed6 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -58,7 +58,7 @@ typedef struct void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled ); BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning); BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw); -int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg); +int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg); #endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI) diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index 4ba30cb5..d81078e8 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -1278,10 +1278,9 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id) -int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BOOL bBoot) +int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot) { if ( (pim < 0) - || (truecryptMode && pim > 0) /* No PIM for TrueCrypt mode */ ) { return 0; @@ -1291,9 +1290,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO { case BLAKE2S: - if (truecryptMode) - return 0; // BLAKE2s not supported by TrueCrypt - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1301,15 +1298,13 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO } case SHA512: - return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000); + return ((pim == 0)? 500000 : 15000 + pim * 1000); case WHIRLPOOL: - return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000); + return ((pim == 0)? 500000 : 15000 + pim * 1000); case SHA256: - if (truecryptMode) - return 0; // SHA-256 not supported by TrueCrypt - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1317,9 +1312,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO } case STREEBOG: - if (truecryptMode) - return 1000; - else if (pim == 0) + if (pim == 0) return bBoot? 200000 : 500000; else { @@ -1334,26 +1327,15 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO #endif } -int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE bootType) +int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType) { if (pkcs5_prf_id == 0) // auto-detection always supported return 1; - if (truecryptMode) - { - if ( (bootType == PRF_BOOT_GPT) - || (bootType == PRF_BOOT_MBR) - || (bootType == PRF_BOOT_NO && pkcs5_prf_id != SHA512 && pkcs5_prf_id != WHIRLPOOL) - ) - return 0; - } - else - { - if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256) - || (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID)) - ) - return 0; - } + if ( (bootType == PRF_BOOT_MBR && pkcs5_prf_id != BLAKE2S && pkcs5_prf_id != SHA256) + || (bootType != PRF_BOOT_MBR && (pkcs5_prf_id < FIRST_PRF_ID || pkcs5_prf_id > LAST_PRF_ID)) + ) + return 0; return 1; diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h index 4a6b6882..a9abeec5 100644 --- a/src/Common/Pkcs5.h +++ b/src/Common/Pkcs5.h @@ -40,7 +40,7 @@ void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uin void hmac_streebog (char *k, int32 lk, char *d, int32 ld); void derive_key_streebog (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen); -int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BOOL bBoot); +int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL bBoot); wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id); /* check if given PRF supported.*/ @@ -51,7 +51,7 @@ typedef enum PRF_BOOT_GPT } PRF_BOOT_TYPE; -int is_pkcs5_prf_supported (int pkcs5_prf_id, BOOL truecryptMode, PRF_BOOT_TYPE bootType); +int is_pkcs5_prf_supported (int pkcs5_prf_id, PRF_BOOT_TYPE bootType); #endif #if defined(__cplusplus) diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 617126a6..021b2d13 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -59,7 +59,7 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift); #define TC_APP_NAME "VeraCrypt" // Version displayed to user -#define VERSION_STRING "1.26.3" +#define VERSION_STRING "1.26.4" #ifdef VC_EFI_CUSTOM_MODE #define VERSION_STRING_SUFFIX "-CustomEFI" @@ -73,7 +73,7 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift); #define VERSION_NUM 0x0126 // Release date -#define TC_STR_RELEASE_DATE L"July 2, 2023" +#define TC_STR_RELEASE_DATE L"July 23, 2023" #define TC_RELEASE_DATE_YEAR 2023 #define TC_RELEASE_DATE_MONTH 07 diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 9590715e..40be21c8 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -169,7 +169,7 @@ typedef struct BOOL ReadVolumeHeaderRecoveryMode = FALSE; -int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) { char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE]; unsigned char* keyInfoBuffer = NULL; @@ -210,14 +210,6 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (pim < 0) pim = 0; - if (truecryptMode) - { - // SHA-256 not supported in TrueCrypt mode - if (selected_pkcs5_prf == SHA256) - return ERR_PARAMETER_INCORRECT; - pkcs5PrfCount--; // don't count SHA-256 in case of TrueCrypt mode - } - if (retHeaderCryptoInfo != NULL) { cryptoInfo = retHeaderCryptoInfo; @@ -315,9 +307,6 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf) continue; - // skip SHA-256 in case of TrueCrypt mode - if (truecryptMode && (enqPkcs5Prf == SHA256)) - continue; #if !defined(_UEFI) if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1)) { @@ -335,7 +324,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int EncryptionThreadPoolBeginKeyDerivation (keyDerivationCompletedEvent, noOutstandingWorkItemEvent, &item->KeyReady, outstandingWorkItemCount, enqPkcs5Prf, keyInfo->userKey, - keyInfo->keyLength, keyInfo->salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot), item->DerivedKey); + keyInfo->keyLength, keyInfo->salt, get_pkcs5_iteration_count (enqPkcs5Prf, pim, bBoot), item->DerivedKey); ++queuedWorkItems; break; @@ -357,7 +346,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE) { pkcs5_prf = item->Pkcs5Prf; - keyInfo->noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, truecryptMode, bBoot); + keyInfo->noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, bBoot); memcpy (dk, item->DerivedKey, sizeof (dk)); item->Free = TRUE; @@ -376,7 +365,7 @@ KeyReady: ; #endif // !defined(_UEFI) { pkcs5_prf = enqPkcs5Prf; - keyInfo->noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot); + keyInfo->noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, bBoot); switch (pkcs5_prf) { @@ -465,10 +454,8 @@ KeyReady: ; DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); - // Magic 'VERA' or 'TRUE' depending if we are in TrueCrypt mode or not - if ((truecryptMode && GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x54525545) - || (!truecryptMode && GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241) - ) + // Magic 'VERA' + if (GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241) continue; // Header version @@ -488,17 +475,7 @@ KeyReady: ; // Required program version cryptoInfo->RequiredProgramVersion = GetHeaderField16 (header, TC_HEADER_OFFSET_REQUIRED_VERSION); - if (truecryptMode) - { - if (cryptoInfo->RequiredProgramVersion < 0x600 || cryptoInfo->RequiredProgramVersion > 0x71a) - { - status = ERR_UNSUPPORTED_TRUECRYPT_FORMAT | (((int)cryptoInfo->RequiredProgramVersion) << 16); - goto err; - } - cryptoInfo->LegacyVolume = FALSE; - } - else - cryptoInfo->LegacyVolume = cryptoInfo->RequiredProgramVersion < 0x10b; + cryptoInfo->LegacyVolume = cryptoInfo->RequiredProgramVersion < 0x10b; // Check CRC of the key set if (!ReadVolumeHeaderRecoveryMode @@ -508,7 +485,7 @@ KeyReady: ; // Now we have the correct password, cipher, hash algorithm, and volume type // Check the version required to handle this volume - if (!truecryptMode && (cryptoInfo->RequiredProgramVersion > VERSION_NUM)) + if (cryptoInfo->RequiredProgramVersion > VERSION_NUM) { status = ERR_NEW_VERSION_REQUIRED; goto err; @@ -560,7 +537,6 @@ KeyReady: ; { cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo->noIterations; - cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->volumePim = pim; goto ret; } @@ -602,7 +578,6 @@ KeyReady: ; // PKCS #5 cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo->noIterations; - cryptoInfo->bTrueCryptMode = truecryptMode; cryptoInfo->volumePim = pim; // Init the cipher with the decrypted master key @@ -946,7 +921,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, { memcpy (keyInfo.userKey, password->Text, nUserKeyLen); keyInfo.keyLength = nUserKeyLen; - keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, FALSE, bBoot); + keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pim, bBoot); } else { @@ -959,7 +934,6 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, // User selected PRF cryptoInfo->pkcs5 = pkcs5_prf; - cryptoInfo->bTrueCryptMode = FALSE; cryptoInfo->noIterations = keyInfo.noIterations; cryptoInfo->volumePim = pim; diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 08776711..1c9981c2 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -135,11 +135,11 @@ UINT64_STRUCT GetHeaderField64 (byte *header, int offset); #if defined(TC_WINDOWS_BOOT) int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); #elif defined(_UEFI) -int ReadVolumeHeader(BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +int ReadVolumeHeader(BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); int CreateVolumeHeaderInMemory(BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode); BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll); #else -int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); #if defined(_WIN32) && !defined(_UEFI) void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint); #endif -- cgit v1.2.3