VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-12-19 18:18:23 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-12-19 18:41:41 +0100
commit07156b6c09165cf61a6bd499d26151d1f32bf3a9 (patch)
tree165e39c03eaff470c42ef8e3af8f2c3de03b6465 /src
parent18dc75ee629c5f7af61bf8393dbb693cdd78b235 (diff)
downloadVeraCrypt-07156b6c09165cf61a6bd499d26151d1f32bf3a9.tar.gz
VeraCrypt-07156b6c09165cf61a6bd499d26151d1f32bf3a9.zip
Linux/MacOSX: Enhance performance by implementing the possibility to choose the correct hash algorithm of volumes during various operations (mount, change password...), both using the GUI and the command line.
Diffstat (limited to 'src')
-rwxr-xr-x[-rw-r--r--]src/Core/CoreBase.cpp8
-rwxr-xr-x[-rw-r--r--]src/Core/CoreBase.h4
-rwxr-xr-x[-rw-r--r--]src/Core/MountOptions.cpp35
-rwxr-xr-x[-rw-r--r--]src/Core/MountOptions.h2
-rwxr-xr-x[-rw-r--r--]src/Core/Unix/CoreUnix.cpp2
-rw-r--r--src/Main/CommandLineInterface.cpp32
-rw-r--r--src/Main/CommandLineInterface.h1
-rwxr-xr-x[-rw-r--r--]src/Main/Forms/ChangePasswordDialog.cpp4
-rwxr-xr-x[-rw-r--r--]src/Main/Forms/MountOptionsDialog.cpp6
-rw-r--r--src/Main/Forms/VolumeCreationWizard.cpp3
-rw-r--r--src/Main/Forms/VolumeCreationWizard.h1
-rwxr-xr-x[-rw-r--r--]src/Main/Forms/VolumePasswordPanel.cpp14
-rwxr-xr-x[-rw-r--r--]src/Main/Forms/VolumePasswordPanel.h2
-rwxr-xr-x[-rw-r--r--]src/Main/Forms/VolumePasswordWizardPage.cpp2
-rw-r--r--src/Main/Forms/VolumePasswordWizardPage.h1
-rwxr-xr-x[-rw-r--r--]src/Main/GraphicUserInterface.cpp6
-rwxr-xr-x[-rw-r--r--]src/Main/GraphicUserInterface.h2
-rwxr-xr-x[-rw-r--r--]src/Main/TextUserInterface.cpp30
-rwxr-xr-x[-rw-r--r--]src/Main/TextUserInterface.h2
-rwxr-xr-x[-rw-r--r--]src/Main/UserInterface.cpp7
-rwxr-xr-x[-rw-r--r--]src/Main/UserInterface.h2
-rw-r--r--src/Volume/Pkcs5Kdf.h7
-rwxr-xr-x[-rw-r--r--]src/Volume/Volume.cpp12
-rwxr-xr-x[-rw-r--r--]src/Volume/Volume.h4
-rwxr-xr-x[-rw-r--r--]src/Volume/VolumeHeader.cpp5
-rwxr-xr-x[-rw-r--r--]src/Volume/VolumeHeader.h2
26 files changed, 160 insertions, 36 deletions
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index 95e5c206..0137e204 100644..100755
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -68,9 +68,9 @@ namespace VeraCrypt
}
}
- void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+ void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
{
- shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, keyfiles);
+ shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, kdf, keyfiles);
ChangePassword (volume, newPassword, newKeyfiles, newPkcs5Kdf, wipeCount);
}
@@ -242,10 +242,10 @@ namespace VeraCrypt
return GetMountedVolume (volumePath);
}
- shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
+ shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
{
make_shared_auto (Volume, volume);
- volume->Open (*volumePath, preserveTimestamps, password, keyfiles, protection, protectionPassword, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+ volume->Open (*volumePath, preserveTimestamps, password, kdf, keyfiles, protection, protectionPassword, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
return volume;
}
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index 6ebb76b7..0d52e5b9 100644..100755
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -29,7 +29,7 @@ namespace VeraCrypt
virtual ~CoreBase ();
virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0;
virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const;
virtual void CreateKeyfile (const FilePath &keyfilePath) const;
@@ -64,7 +64,7 @@ namespace VeraCrypt
virtual bool IsVolumeMounted (const VolumePath &volumePath) const;
virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0;
virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) = 0;
- virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
+ virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
virtual void RandomizeEncryptionAlgorithmKey (shared_ptr <EncryptionAlgorithm> encryptionAlgorithm) const;
virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles) const;
virtual void SetAdminPasswordCallback (shared_ptr <GetStringFunctor> functor) { }
diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp
index a09879d8..fb813bf0 100644..100755
--- a/src/Core/MountOptions.cpp
+++ b/src/Core/MountOptions.cpp
@@ -26,11 +26,21 @@ namespace VeraCrypt
TC_CLONE (NoHardwareCrypto);
TC_CLONE (NoKernelCrypto);
TC_CLONE_SHARED (VolumePassword, Password);
+ if (other.Kdf)
+ {
+ Kdf.reset(other.Kdf->Clone());
+ }
+ else
+ Kdf.reset();
TC_CLONE_SHARED (VolumePath, Path);
TC_CLONE (PartitionInSystemEncryptionScope);
TC_CLONE (PreserveTimestamps);
TC_CLONE (Protection);
TC_CLONE_SHARED (VolumePassword, ProtectionPassword);
+ if (other.ProtectionKdf)
+ ProtectionKdf.reset(other.ProtectionKdf->Clone());
+ else
+ ProtectionKdf.reset();
TC_CLONE_SHARED (KeyfileList, ProtectionKeyfiles);
TC_CLONE (Removable);
TC_CLONE (SharedAccessAllowed);
@@ -41,6 +51,7 @@ namespace VeraCrypt
void MountOptions::Deserialize (shared_ptr <Stream> stream)
{
Serializer sr (stream);
+ wstring nameValue;
sr.Deserialize ("CachePassword", CachePassword);
sr.Deserialize ("FilesystemOptions", FilesystemOptions);
@@ -61,6 +72,14 @@ namespace VeraCrypt
Password = Serializable::DeserializeNew <VolumePassword> (stream);
else
Password.reset();
+
+ if (!sr.DeserializeBool ("KdfNull"))
+ {
+ sr.Deserialize ("Kdf", nameValue);
+ Kdf = Pkcs5Kdf::GetAlgorithm (nameValue);
+ }
+ else
+ Kdf.reset();
if (!sr.DeserializeBool ("PathNull"))
Path.reset (new VolumePath (sr.DeserializeWString ("Path")));
@@ -77,6 +96,14 @@ namespace VeraCrypt
else
ProtectionPassword.reset();
+ if (!sr.DeserializeBool ("ProtectionKdfNull"))
+ {
+ sr.Deserialize ("ProtectionKdf", nameValue);
+ ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue);
+ }
+ else
+ ProtectionKdf.reset();
+
ProtectionKeyfiles = Keyfile::DeserializeList (stream, "ProtectionKeyfiles");
sr.Deserialize ("Removable", Removable);
sr.Deserialize ("SharedAccessAllowed", SharedAccessAllowed);
@@ -106,6 +133,10 @@ namespace VeraCrypt
if (Password)
Password->Serialize (stream);
+ sr.Serialize ("KdfNull", Kdf == nullptr);
+ if (Kdf)
+ sr.Serialize ("Kdf", Kdf->GetName());
+
sr.Serialize ("PathNull", Path == nullptr);
if (Path)
sr.Serialize ("Path", wstring (*Path));
@@ -118,6 +149,10 @@ namespace VeraCrypt
if (ProtectionPassword)
ProtectionPassword->Serialize (stream);
+ sr.Serialize ("ProtectionKdfNull", ProtectionKdf == nullptr);
+ if (ProtectionKdf)
+ sr.Serialize ("ProtectionKdf", ProtectionKdf->GetName());
+
Keyfile::SerializeList (stream, "ProtectionKeyfiles", ProtectionKeyfiles);
sr.Serialize ("Removable", Removable);
sr.Serialize ("SharedAccessAllowed", SharedAccessAllowed);
diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h
index 12aa03d5..6cb2c549 100644..100755
--- a/src/Core/MountOptions.h
+++ b/src/Core/MountOptions.h
@@ -51,11 +51,13 @@ namespace VeraCrypt
bool NoHardwareCrypto;
bool NoKernelCrypto;
shared_ptr <VolumePassword> Password;
+ shared_ptr <Pkcs5Kdf> Kdf;
bool PartitionInSystemEncryptionScope;
shared_ptr <VolumePath> Path;
bool PreserveTimestamps;
VolumeProtection::Enum Protection;
shared_ptr <VolumePassword> ProtectionPassword;
+ shared_ptr <Pkcs5Kdf> ProtectionKdf;
shared_ptr <KeyfileList> ProtectionKeyfiles;
bool Removable;
bool SharedAccessAllowed;
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 15a96297..d33e4b73 100644..100755
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -409,9 +409,11 @@ namespace VeraCrypt
options.Path,
options.PreserveTimestamps,
options.Password,
+ options.Kdf,
options.Keyfiles,
options.Protection,
options.ProtectionPassword,
+ options.ProtectionKdf,
options.ProtectionKeyfiles,
options.SharedAccessAllowed,
VolumeType::Unknown,
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index eed8cf22..68e644b5 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -36,6 +36,7 @@ namespace VeraCrypt
parser.AddSwitch (L"C", L"change", _("Change password or keyfiles"));
parser.AddSwitch (L"c", L"create", _("Create new volume"));
parser.AddSwitch (L"", L"create-keyfile", _("Create new keyfile"));
+ parser.AddOption (L"", L"current-hash", _("Current hash algorithm for change password/keyfiles operation"));
parser.AddSwitch (L"", L"delete-token-keyfiles", _("Delete security token keyfiles"));
parser.AddSwitch (L"d", L"dismount", _("Dismount volume"));
parser.AddSwitch (L"", L"display-password", _("Display password while typing"));
@@ -61,6 +62,7 @@ namespace VeraCrypt
parser.AddSwitch (L"", L"non-interactive", _("Do not interact with user"));
parser.AddOption (L"p", L"password", _("Password"));
parser.AddOption (L"", L"protect-hidden", _("Protect hidden volume"));
+ parser.AddOption (L"", L"protection-hash", _("Hash algorithm for protected hidden volume"));
parser.AddOption (L"", L"protection-keyfiles", _("Keyfiles for protected hidden volume"));
parser.AddOption (L"", L"protection-password", _("Password for protected hidden volume"));
parser.AddOption (L"", L"random-source", _("Use file as source of random data"));
@@ -306,6 +308,20 @@ namespace VeraCrypt
throw_err (LangString["UNKNOWN_OPTION"] + L": " + str);
}
+ if (parser.Found (L"current-hash", &str))
+ {
+ ArgCurrentHash.reset();
+
+ foreach (shared_ptr <Hash> hash, Hash::GetAvailableAlgorithms())
+ {
+ if (wxString (hash->GetName()).IsSameAs (str, false))
+ ArgCurrentHash = hash;
+ }
+
+ if (!ArgCurrentHash)
+ throw_err (LangString["UNKNOWN_OPTION"] + L": " + str);
+ }
+
if (parser.Found (L"keyfiles", &str))
ArgKeyfiles = ToKeyfileList (str);
@@ -377,6 +393,22 @@ namespace VeraCrypt
ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly;
}
+ if (parser.Found (L"protection-hash", &str))
+ {
+ bool bHashFound = false;
+ foreach (shared_ptr <Hash> hash, Hash::GetAvailableAlgorithms())
+ {
+ if (wxString (hash->GetName()).IsSameAs (str, false))
+ {
+ bHashFound = true;
+ ArgMountOptions.ProtectionKdf = Pkcs5Kdf::GetAlgorithm (*hash);
+ }
+ }
+
+ if (!bHashFound)
+ throw_err (LangString["UNKNOWN_OPTION"] + L": " + str);
+ }
+
ArgQuick = parser.Found (L"quick");
if (parser.Found (L"random-source", &str))
diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h
index c674597a..d3c2a0b3 100644
--- a/src/Main/CommandLineInterface.h
+++ b/src/Main/CommandLineInterface.h
@@ -61,6 +61,7 @@ namespace VeraCrypt
VolumeCreationOptions::FilesystemType::Enum ArgFilesystem;
bool ArgForce;
shared_ptr <Hash> ArgHash;
+ shared_ptr <Hash> ArgCurrentHash;
shared_ptr <KeyfileList> ArgKeyfiles;
MountOptions ArgMountOptions;
shared_ptr <DirectoryPath> ArgMountPoint;
diff --git a/src/Main/Forms/ChangePasswordDialog.cpp b/src/Main/Forms/ChangePasswordDialog.cpp
index 83186c05..e07b7d3b 100644..100755
--- a/src/Main/Forms/ChangePasswordDialog.cpp
+++ b/src/Main/Forms/ChangePasswordDialog.cpp
@@ -47,7 +47,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
- CurrentPasswordPanel = new VolumePasswordPanel (this, password, keyfiles);
+ CurrentPasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, false, true, true);
CurrentPasswordPanel->UpdateEvent.Connect (EventConnector <ChangePasswordDialog> (this, &ChangePasswordDialog::OnPasswordPanelUpdate));
CurrentPasswordPanelSizer->Add (CurrentPasswordPanel, 1, wxALL | wxEXPAND);
@@ -125,7 +125,7 @@ namespace VeraCrypt
#endif
wxBusyCursor busy;
Core->ChangePassword (Path, Gui->GetPreferences().DefaultMountOptions.PreserveTimestamps,
- CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetKeyfiles(),
+ CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetKeyfiles(),
newPassword, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount());
}
diff --git a/src/Main/Forms/MountOptionsDialog.cpp b/src/Main/Forms/MountOptionsDialog.cpp
index 69d821c2..1ddb7793 100644..100755
--- a/src/Main/Forms/MountOptionsDialog.cpp
+++ b/src/Main/Forms/MountOptionsDialog.cpp
@@ -30,7 +30,7 @@ namespace VeraCrypt
if (disableMountOptions)
OptionsButton->Show (false);
- PasswordPanel = new VolumePasswordPanel (this, options.Password, options.Keyfiles, !disableMountOptions);
+ PasswordPanel = new VolumePasswordPanel (this, options.Password, options.Keyfiles, !disableMountOptions, true, true, false, true, true);
PasswordPanel->SetCacheCheckBoxValidator (wxGenericValidator (&Options.CachePassword));
PasswordSizer->Add (PasswordPanel, 1, wxALL | wxEXPAND);
@@ -61,7 +61,7 @@ namespace VeraCrypt
OptionsButton->SetLabel (OptionsButtonLabel + L" >");
OptionsPanel->Show (false);
- ProtectionPasswordPanel = new VolumePasswordPanel (OptionsPanel, options.ProtectionPassword, options.ProtectionKeyfiles, false, true, true, false, false, _("P&assword to hidden volume:"));
+ ProtectionPasswordPanel = new VolumePasswordPanel (OptionsPanel, options.ProtectionPassword, options.ProtectionKeyfiles, false, true, true, false, true, true, _("P&assword to hidden volume:"));
ProtectionPasswordSizer->Add (ProtectionPasswordPanel, 1, wxALL | wxEXPAND);
UpdateDialog();
@@ -85,6 +85,7 @@ namespace VeraCrypt
TransferDataFromWindow();
Options.Password = PasswordPanel->GetPassword();
+ Options.Kdf = PasswordPanel->GetPkcs5Kdf();
Options.Keyfiles = PasswordPanel->GetKeyfiles();
if (ReadOnlyCheckBox->IsChecked())
@@ -95,6 +96,7 @@ namespace VeraCrypt
{
Options.Protection = VolumeProtection::HiddenVolumeReadOnly;
Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword();
+ Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf();
Options.ProtectionKeyfiles = ProtectionPasswordPanel->GetKeyfiles();
}
else
diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp
index 597d014a..1dac1315 100644
--- a/src/Main/Forms/VolumeCreationWizard.cpp
+++ b/src/Main/Forms/VolumeCreationWizard.cpp
@@ -699,6 +699,7 @@ namespace VeraCrypt
{
VolumePasswordWizardPage *page = dynamic_cast <VolumePasswordWizardPage *> (GetCurrentPage());
Password = page->GetPassword();
+ Kdf = page->GetPkcs5Kdf();
Keyfiles = page->GetKeyfiles();
if (forward && Password && !Password->IsEmpty())
@@ -937,7 +938,7 @@ namespace VeraCrypt
});
#endif
- shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Keyfiles, VolumeProtection::ReadOnly);
+ shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Kdf, Keyfiles, VolumeProtection::ReadOnly);
MaxHiddenVolumeSize = Core->GetMaxHiddenVolumeSize (outerVolume);
// Add a reserve (in case the user mounts the outer volume and creates new files
diff --git a/src/Main/Forms/VolumeCreationWizard.h b/src/Main/Forms/VolumeCreationWizard.h
index abbf64cb..3a87c4cb 100644
--- a/src/Main/Forms/VolumeCreationWizard.h
+++ b/src/Main/Forms/VolumeCreationWizard.h
@@ -73,6 +73,7 @@ namespace VeraCrypt
VolumeHostType::Enum SelectedVolumeHostType;
VolumeType::Enum SelectedVolumeType;
shared_ptr <VolumePassword> Password;
+ shared_ptr <Pkcs5Kdf> Kdf;
uint32 SectorSize;
shared_ptr <Hash> SelectedHash;
uint64 VolumeSize;
diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp
index 5b1b9db6..50f3eca2 100644..100755
--- a/src/Main/Forms/VolumePasswordPanel.cpp
+++ b/src/Main/Forms/VolumePasswordPanel.cpp
@@ -14,7 +14,7 @@
namespace VeraCrypt
{
- VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, const wxString &passwordLabel)
+ VolumePasswordPanel::VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache, bool enablePassword, bool enableKeyfiles, bool enableConfirmation, bool enablePkcs5Prf, bool isMountPassword, const wxString &passwordLabel)
: VolumePasswordPanelBase (parent), Keyfiles (new KeyfileList)
{
if (keyfiles)
@@ -63,14 +63,20 @@ namespace VeraCrypt
Pkcs5PrfStaticText->Show (enablePkcs5Prf);
Pkcs5PrfChoice->Show (enablePkcs5Prf);
- HeaderWipeCountText->Show (enablePkcs5Prf);
- HeaderWipeCount->Show (enablePkcs5Prf);
+ HeaderWipeCountText->Show (enablePkcs5Prf && !isMountPassword);
+ HeaderWipeCount->Show (enablePkcs5Prf && !isMountPassword);
if (enablePkcs5Prf)
{
+ if (isMountPassword)
+ {
+ // case of password for mounting
+ Pkcs5PrfChoice->Delete (0);
+ Pkcs5PrfChoice->Append (LangString["AUTODETECTION"]);
+ }
foreach_ref (const Pkcs5Kdf &kdf, Pkcs5Kdf::GetAvailableAlgorithms())
{
- if (!kdf.IsDeprecated())
+ if (!kdf.IsDeprecated() || isMountPassword)
Pkcs5PrfChoice->Append (kdf.GetName());
}
Pkcs5PrfChoice->Select (0);
diff --git a/src/Main/Forms/VolumePasswordPanel.h b/src/Main/Forms/VolumePasswordPanel.h
index f7f6e7cb..465a430a 100644..100755
--- a/src/Main/Forms/VolumePasswordPanel.h
+++ b/src/Main/Forms/VolumePasswordPanel.h
@@ -18,7 +18,7 @@ namespace VeraCrypt
class VolumePasswordPanel : public VolumePasswordPanelBase
{
public:
- VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache = false, bool enablePassword = true, bool enableKeyfiles = true, bool enableConfirmation = false, bool enablePkcs5Prf = false, const wxString &passwordLabel = wxString());
+ VolumePasswordPanel (wxWindow* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableCache = false, bool enablePassword = true, bool enableKeyfiles = true, bool enableConfirmation = false, bool enablePkcs5Prf = false, bool isMountPassword = false, const wxString &passwordLabel = wxString());
virtual ~VolumePasswordPanel ();
void AddKeyfile (shared_ptr <Keyfile> keyfile);
diff --git a/src/Main/Forms/VolumePasswordWizardPage.cpp b/src/Main/Forms/VolumePasswordWizardPage.cpp
index 1034c220..61ff999f 100644..100755
--- a/src/Main/Forms/VolumePasswordWizardPage.cpp
+++ b/src/Main/Forms/VolumePasswordWizardPage.cpp
@@ -15,7 +15,7 @@ namespace VeraCrypt
VolumePasswordWizardPage::VolumePasswordWizardPage (wxPanel* parent, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, bool enableConfirmation)
: VolumePasswordWizardPageBase (parent), ConfirmationMode (enableConfirmation)
{
- PasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, enableConfirmation);
+ PasswordPanel = new VolumePasswordPanel (this, password, keyfiles, false, true, true, enableConfirmation, !enableConfirmation, !enableConfirmation);
PasswordPanel->UpdateEvent.Connect (EventConnector <VolumePasswordWizardPage> (this, &VolumePasswordWizardPage::OnPasswordPanelUpdate));
PasswordPanelSizer->Add (PasswordPanel, 1, wxALL | wxEXPAND);
diff --git a/src/Main/Forms/VolumePasswordWizardPage.h b/src/Main/Forms/VolumePasswordWizardPage.h
index 8aaf30d6..13a98c62 100644
--- a/src/Main/Forms/VolumePasswordWizardPage.h
+++ b/src/Main/Forms/VolumePasswordWizardPage.h
@@ -22,6 +22,7 @@ namespace VeraCrypt
shared_ptr <KeyfileList> GetKeyfiles () const { return PasswordPanel->GetKeyfiles(); }
shared_ptr <VolumePassword> GetPassword () const { return PasswordPanel->GetPassword(); }
+ shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const { return PasswordPanel->GetPkcs5Kdf(); }
bool IsValid ();
void SetMaxStaticTextWidth (int width) { InfoStaticText->Wrap (width); }
void SetPageText (const wxString &text) { InfoStaticText->SetLabel (text); }
diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp
index 440125ef..889d49c5 100644..100755
--- a/src/Main/GraphicUserInterface.cpp
+++ b/src/Main/GraphicUserInterface.cpp
@@ -177,9 +177,11 @@ namespace VeraCrypt
options->Path,
options->PreserveTimestamps,
options->Password,
+ options->Kdf,
options->Keyfiles,
options->Protection,
options->ProtectionPassword,
+ options->ProtectionKdf,
options->ProtectionKeyfiles,
true,
volumeType,
@@ -1261,9 +1263,11 @@ namespace VeraCrypt
options.Path,
options.PreserveTimestamps,
options.Password,
+ options.Kdf,
options.Keyfiles,
options.Protection,
options.ProtectionPassword,
+ options.ProtectionKdf,
options.ProtectionKeyfiles,
options.SharedAccessAllowed,
VolumeType::Unknown,
@@ -1373,7 +1377,7 @@ namespace VeraCrypt
// Decrypt header
shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
- if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
+ if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
{
decryptedLayout = layout;
break;
diff --git a/src/Main/GraphicUserInterface.h b/src/Main/GraphicUserInterface.h
index 6fa51c4d..890ab5d6 100644..100755
--- a/src/Main/GraphicUserInterface.h
+++ b/src/Main/GraphicUserInterface.h
@@ -29,7 +29,7 @@ namespace VeraCrypt
virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const;
virtual void BeginBusyState () const { wxBeginBusyCursor(); }
virtual void BeginInteractiveBusyState (wxWindow *window);
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); }
+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); }
wxHyperlinkCtrl *CreateHyperlink (wxWindow *parent, const wxString &linkUrl, const wxString &linkText) const;
virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const;
virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const { ThrowTextModeRequired(); }
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index f9693cb1..9cc5232d 100644..100755
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -244,6 +244,12 @@ namespace VeraCrypt
#endif
ShowInfo ("EXTERNAL_VOL_HEADER_BAK_FIRST_INFO");
+
+ shared_ptr <Pkcs5Kdf> kdf;
+ if (CmdLine->ArgHash)
+ {
+ kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash);
+ }
shared_ptr <Volume> normalVolume;
shared_ptr <Volume> hiddenVolume;
@@ -274,9 +280,11 @@ namespace VeraCrypt
options->Path,
options->PreserveTimestamps,
options->Password,
+ kdf,
options->Keyfiles,
options->Protection,
options->ProtectionPassword,
+ options->ProtectionKdf,
options->ProtectionKeyfiles,
true,
volumeType,
@@ -359,7 +367,7 @@ namespace VeraCrypt
ShowInfo ("VOL_HEADER_BACKED_UP");
}
- void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
+ void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
{
shared_ptr <Volume> volume;
@@ -378,6 +386,12 @@ namespace VeraCrypt
bool passwordInteractive = !password.get();
bool keyfilesInteractive = !keyfiles.get();
+ shared_ptr<Pkcs5Kdf> kdf;
+ if (currentHash)
+ {
+ kdf = Pkcs5Kdf::GetAlgorithm (*currentHash);
+ }
+
while (true)
{
// Current password
@@ -406,7 +420,7 @@ namespace VeraCrypt
try
{
keyfiles.reset (new KeyfileList);
- volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, keyfiles);
+ volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, keyfiles);
}
catch (PasswordException&)
{
@@ -416,7 +430,7 @@ namespace VeraCrypt
}
if (!volume.get())
- volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, keyfiles);
+ volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, keyfiles);
}
catch (PasswordException &e)
{
@@ -1285,6 +1299,12 @@ namespace VeraCrypt
// Ask whether to restore internal or external backup
bool restoreInternalBackup;
+ shared_ptr <Pkcs5Kdf> kdf;
+ if (CmdLine->ArgHash)
+ {
+ kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash);
+ }
+
ShowInfo (LangString["HEADER_RESTORE_EXTERNAL_INTERNAL"]);
ShowInfo (L"\n1) " + LangString["HEADER_RESTORE_INTERNAL"]);
ShowInfo (L"2) " + LangString["HEADER_RESTORE_EXTERNAL"] + L"\n");
@@ -1325,9 +1345,11 @@ namespace VeraCrypt
options.Path,
options.PreserveTimestamps,
options.Password,
+ kdf,
options.Keyfiles,
options.Protection,
options.ProtectionPassword,
+ options.ProtectionKdf,
options.ProtectionKeyfiles,
options.SharedAccessAllowed,
VolumeType::Unknown,
@@ -1432,7 +1454,7 @@ namespace VeraCrypt
// Decrypt header
shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
- if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
+ if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
{
decryptedLayout = layout;
break;
diff --git a/src/Main/TextUserInterface.h b/src/Main/TextUserInterface.h
index 8721395f..c26298e2 100644..100755
--- a/src/Main/TextUserInterface.h
+++ b/src/Main/TextUserInterface.h
@@ -30,7 +30,7 @@ namespace VeraCrypt
virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const;
virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const;
virtual void BeginBusyState () const { }
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const;
+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const;
virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const;
virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const;
virtual void DeleteSecurityTokenKeyfiles () const;
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index f66e28d2..4306dec2 100644..100755
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -883,6 +883,11 @@ namespace VeraCrypt
cmdLine.ArgMountOptions.Password = cmdLine.ArgPassword;
cmdLine.ArgMountOptions.Keyfiles = cmdLine.ArgKeyfiles;
cmdLine.ArgMountOptions.SharedAccessAllowed = cmdLine.ArgForce;
+ if (cmdLine.ArgHash)
+ {
+ cmdLine.ArgMountOptions.Kdf = Pkcs5Kdf::GetAlgorithm (*cmdLine.ArgHash);
+ }
+
VolumeInfoList mountedVolumes;
switch (cmdLine.ArgCommand)
@@ -965,7 +970,7 @@ namespace VeraCrypt
return true;
case CommandId::ChangePassword:
- ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash);
+ ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgCurrentHash, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash);
return true;
case CommandId::CreateKeyfile:
diff --git a/src/Main/UserInterface.h b/src/Main/UserInterface.h
index f7ebee0d..ae74ae99 100644..100755
--- a/src/Main/UserInterface.h
+++ b/src/Main/UserInterface.h
@@ -29,7 +29,7 @@ namespace VeraCrypt
virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const = 0;
virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const = 0;
virtual void BeginBusyState () const = 0;
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0;
+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0;
virtual void CheckRequirementsForMountingVolume () const;
virtual void CloseExplorerWindows (shared_ptr <VolumeInfo> mountedVolume) const;
virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const = 0;
diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h
index 8618bb97..19267b0f 100644
--- a/src/Volume/Pkcs5Kdf.h
+++ b/src/Volume/Pkcs5Kdf.h
@@ -31,6 +31,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const = 0;
virtual int GetIterationCount () const = 0;
virtual wstring GetName () const = 0;
+ virtual Pkcs5Kdf* Clone () const = 0;
virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); }
protected:
@@ -53,6 +54,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
virtual int GetIterationCount () const { return 655331; }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(); }
private:
Pkcs5HmacRipemd160 (const Pkcs5HmacRipemd160 &);
@@ -69,6 +71,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
virtual int GetIterationCount () const { return 327661; }
virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(); }
private:
Pkcs5HmacRipemd160_1000 (const Pkcs5HmacRipemd160_1000 &);
@@ -85,6 +88,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
virtual int GetIterationCount () const { return 200000; }
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); }
private:
Pkcs5HmacSha256_Boot (const Pkcs5HmacSha256_Boot &);
@@ -101,6 +105,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
virtual int GetIterationCount () const { return 500000; }
virtual wstring GetName () const { return L"HMAC-SHA-256"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); }
private:
Pkcs5HmacSha256 (const Pkcs5HmacSha256 &);
@@ -117,6 +122,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); }
virtual int GetIterationCount () const { return 500000; }
virtual wstring GetName () const { return L"HMAC-SHA-512"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(); }
private:
Pkcs5HmacSha512 (const Pkcs5HmacSha512 &);
@@ -133,6 +139,7 @@ namespace VeraCrypt
virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); }
virtual int GetIterationCount () const { return 500000; }
virtual wstring GetName () const { return L"HMAC-Whirlpool"; }
+ virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool; }
private:
Pkcs5HmacWhirlpool (const Pkcs5HmacWhirlpool &);
diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp
index 2c319ad9..12bc9a14 100644..100755
--- a/src/Volume/Volume.cpp
+++ b/src/Volume/Volume.cpp
@@ -62,7 +62,7 @@ namespace VeraCrypt
return EA->GetMode();
}
- void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
make_shared_auto (File, file);
@@ -93,10 +93,10 @@ namespace VeraCrypt
throw;
}
- return Open (file, password, keyfiles, protection, protectionPassword, protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+ return Open (file, password, kdf, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
}
- void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+ void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
{
if (!volumeFile)
throw ParameterIncorrect (SRC_POS);
@@ -189,7 +189,7 @@ namespace VeraCrypt
shared_ptr <VolumeHeader> header = layout->GetHeader();
- if (header->Decrypt (headerBuffer, *passwordKey, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes))
+ if (header->Decrypt (headerBuffer, *passwordKey, kdf, layout->GetSupportedKeyDerivationFunctions(), layoutEncryptionAlgorithms, layoutEncryptionModes))
{
// Header decrypted
@@ -238,9 +238,9 @@ namespace VeraCrypt
Volume protectedVolume;
protectedVolume.Open (VolumeFile,
- protectionPassword, protectionKeyfiles,
+ protectionPassword, protectionKdf, protectionKeyfiles,
VolumeProtection::ReadOnly,
- shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> (),
+ shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
VolumeType::Hidden,
useBackupHeaders);
diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h
index dce2aa3b..dcc6eb01 100644..100755
--- a/src/Volume/Volume.h
+++ b/src/Volume/Volume.h
@@ -89,8 +89,8 @@ namespace VeraCrypt
uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); }
bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; }
bool IsInSystemEncryptionScope () const { return SystemEncryption; }
- void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
- void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+ void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
void ReadSectors (const BufferPtr &buffer, uint64 byteOffset);
void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp
index e7a47d29..fbdece50 100644..100755
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@@ -78,7 +78,7 @@ namespace VeraCrypt
EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
}
- bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+ bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
{
if (password.Size() < 1)
throw PasswordEmpty (SRC_POS);
@@ -89,6 +89,9 @@ namespace VeraCrypt
foreach (shared_ptr <Pkcs5Kdf> pkcs5, keyDerivationFunctions)
{
+ if (kdf && (kdf->GetName() != pkcs5->GetName()))
+ continue;
+
pkcs5->DeriveKey (headerKey, password, salt);
foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h
index 8ce56fd8..cb567f22 100644..100755
--- a/src/Volume/VolumeHeader.h
+++ b/src/Volume/VolumeHeader.h
@@ -56,7 +56,7 @@ namespace VeraCrypt
virtual ~VolumeHeader ();
void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options);
- bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
+ bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; }
uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; }