VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-05-02 14:45:22 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-05-04 13:14:05 +0200
commitb261177b8f5bc3f8495406d13dc03c0328b930f9 (patch)
tree535b8a6345c63529b3bc72f42d02c27c6aed64e3 /src
parent0b914c8f5d690dfc1bdfbca1e1083372c5ed84d8 (diff)
downloadVeraCrypt-b261177b8f5bc3f8495406d13dc03c0328b930f9.tar.gz
VeraCrypt-b261177b8f5bc3f8495406d13dc03c0328b930f9.zip
Windows/Linux/MacOSX: Set maximum PIM value to 2147468 in order to avoid having negative values for iterations count using the formula 15000 + (PIM x 1000). Add specific error message to XML language files.
Diffstat (limited to 'src')
-rw-r--r--src/Common/Language.xml1
-rw-r--r--src/Common/Password.h3
-rw-r--r--src/Format/Tcformat.cbin642784 -> 643202 bytes
-rw-r--r--src/Main/CommandLineInterface.cpp6
-rw-r--r--src/Main/Forms/Forms.cpp4
-rw-r--r--src/Main/Forms/MountOptionsDialog.cpp4
-rw-r--r--src/Main/Forms/TrueCrypt.fbp4
-rw-r--r--src/Main/Forms/VolumePasswordPanel.cpp6
-rw-r--r--src/Main/Forms/VolumePimWizardPage.cpp2
-rw-r--r--src/Main/Main.h5
-rw-r--r--src/Main/TextUserInterface.cpp6
-rw-r--r--src/Mount/Favorites.cpp16
-rw-r--r--src/Mount/Mount.c9
13 files changed, 51 insertions, 15 deletions
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index f72e1a30..8f83b864 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1396,6 +1396,7 @@
<string lang="en" key="IDPM_COPY_VALUE_TO_CLIPBOARD">Copy Value to Clipboard...</string>
<control lang="en" key="IDC_DISABLE_BOOT_LOADER_PIM_PROMPT">Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)</control>
<string lang="en" key="DISABLE_BOOT_LOADER_PIM_PROMPT">WARNING: Please keep in mind that if you enable this option, the PIM value will be stored unencrypted on the disk.\n\nAre you sure you want to enable this option?</string>
+ <string lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</string>
</localization>
<!-- XML Schema -->
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
diff --git a/src/Common/Password.h b/src/Common/Password.h
index c6d1579b..e2058cdb 100644
--- a/src/Common/Password.h
+++ b/src/Common/Password.h
@@ -17,7 +17,8 @@
// User text input limits
#define MIN_PASSWORD 1 // Minimum possible password length
#define MAX_PASSWORD 64 // Maximum possible password length
-#define MAX_PIM 10 // Maximum allowed digits in a PIM (enough for 32-bit value)
+#define MAX_PIM 7 // Maximum allowed digits in a PIM (enough for maximum value)
+#define MAX_PIM_VALUE 2147468 // Maximum value to have a positive 32-bit result for formula 15000 + (PIM x 1000)
#define MAX_BOOT_PIM 5 // Maximum allowed digits in a PIM for boot (enough for 16-bit value)
#define MAX_BOOT_PIM_VALUE 65535
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 3e228ac0..c49bc94b 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
Binary files differ
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index 2222b54f..e48a495f 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -414,7 +414,7 @@ namespace VeraCrypt
throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
}
- if (ArgNewPim < 0)
+ if (ArgNewPim < 0 || ArgNewPim > (ArgMountOptions.PartitionInSystemEncryptionScope? MAX_BOOT_PIM_VALUE: MAX_PIM_VALUE))
throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
else if (ArgNewPim > 0 && ArgTrueCryptMode)
throw_err (LangString["PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
@@ -454,7 +454,7 @@ namespace VeraCrypt
throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
}
- if (ArgPim < 0)
+ if (ArgPim < 0 || ArgPim > (ArgMountOptions.PartitionInSystemEncryptionScope? MAX_BOOT_PIM_VALUE: MAX_PIM_VALUE))
throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
else if (ArgPim > 0 && ArgTrueCryptMode)
throw_err (LangString["PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
@@ -491,7 +491,7 @@ namespace VeraCrypt
try
{
pim = StringConverter::ToInt32 (wstring (str));
- if (pim < 0)
+ if (pim < 0 || pim > (ArgMountOptions.PartitionInSystemEncryptionScope? MAX_BOOT_PIM_VALUE: MAX_PIM_VALUE))
throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
}
catch (...)
diff --git a/src/Main/Forms/Forms.cpp b/src/Main/Forms/Forms.cpp
index 5fa70e5f..ee8455bf 100644
--- a/src/Main/Forms/Forms.cpp
+++ b/src/Main/Forms/Forms.cpp
@@ -3240,7 +3240,7 @@ VolumePasswordPanelBase::VolumePasswordPanelBase( wxWindow* parent, wxWindowID i
GridBagSizer->Add( VolumePimStaticText, wxGBPosition( 3, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxRIGHT, 5 );
VolumePimTextCtrl = new wxTextCtrl( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxTE_PASSWORD );
- VolumePimTextCtrl->SetMaxLength( 10 );
+ VolumePimTextCtrl->SetMaxLength( 7 );
GridBagSizer->Add( VolumePimTextCtrl, wxGBPosition( 3, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxEXPAND, 5 );
VolumePimHelpStaticText = new wxStaticText( this, wxID_ANY, _("(Empty or 0 for default iterations)"), wxDefaultPosition, wxDefaultSize, 0 );
@@ -3381,7 +3381,7 @@ VolumePimWizardPageBase::VolumePimWizardPageBase( wxWindow* parent, wxWindowID i
PimSizer->Add( VolumePimStaticText, 0, wxALIGN_CENTER_VERTICAL|wxALL, 5 );
VolumePimTextCtrl = new wxTextCtrl( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, wxTE_PASSWORD );
- VolumePimTextCtrl->SetMaxLength( 10 );
+ VolumePimTextCtrl->SetMaxLength( 7 );
PimSizer->Add( VolumePimTextCtrl, 0, wxALL, 5 );
VolumePimHelpStaticText = new wxStaticText( this, wxID_ANY, _("(Empty or 0 for default iterations)"), wxDefaultPosition, wxDefaultSize, 0 );
diff --git a/src/Main/Forms/MountOptionsDialog.cpp b/src/Main/Forms/MountOptionsDialog.cpp
index 207d2479..55098b0e 100644
--- a/src/Main/Forms/MountOptionsDialog.cpp
+++ b/src/Main/Forms/MountOptionsDialog.cpp
@@ -94,13 +94,13 @@ namespace VeraCrypt
ProtectionPasswordPanel->GetVolumePim() : 0;
/* invalid PIM: set focus to PIM field and stop processing */
- if (-1 == Pim)
+ if (-1 == Pim || (PartitionInSystemEncryptionScopeCheckBox->IsChecked() && Pim > MAX_BOOT_PIM_VALUE))
{
PasswordPanel->SetFocusToPimTextCtrl();
return;
}
- if (-1 == ProtectionPim)
+ if (-1 == ProtectionPim || (PartitionInSystemEncryptionScopeCheckBox->IsChecked() && ProtectionPim > MAX_BOOT_PIM_VALUE))
{
ProtectionPasswordPanel->SetFocusToPimTextCtrl();
return;
diff --git a/src/Main/Forms/TrueCrypt.fbp b/src/Main/Forms/TrueCrypt.fbp
index d9b1b1f1..b71d80d1 100644
--- a/src/Main/Forms/TrueCrypt.fbp
+++ b/src/Main/Forms/TrueCrypt.fbp
@@ -26270,7 +26270,7 @@
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
- <property name="maxlength">10</property>
+ <property name="maxlength">7</property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
@@ -27710,7 +27710,7 @@
<property name="max_size"></property>
<property name="maximize_button">0</property>
<property name="maximum_size"></property>
- <property name="maxlength">10</property>
+ <property name="maxlength">7</property>
<property name="min_size"></property>
<property name="minimize_button">0</property>
<property name="minimum_size"></property>
diff --git a/src/Main/Forms/VolumePasswordPanel.cpp b/src/Main/Forms/VolumePasswordPanel.cpp
index 16fafa3a..27d66bd8 100644
--- a/src/Main/Forms/VolumePasswordPanel.cpp
+++ b/src/Main/Forms/VolumePasswordPanel.cpp
@@ -63,6 +63,7 @@ namespace VeraCrypt
EnablePimEntry = enablePassword && (!enableConfirmation || (enablePkcs5Prf && !isMountPassword));
PimCheckBox->Show (EnablePimEntry);
VolumePimStaticText->Show (false);
+ VolumePimTextCtrl->SetMaxLength (MAX_PIM_DIGITS);
VolumePimTextCtrl->Show (false);
VolumePimHelpStaticText->Show (false);
@@ -198,7 +199,7 @@ namespace VeraCrypt
int colspan = isPim? 1 : 2;
wxTextCtrl *newTextCtrl = new wxTextCtrl (this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, display ? 0 : wxTE_PASSWORD);
- newTextCtrl->SetMaxLength (isPim? 10 : VolumePassword::MaxSize);
+ newTextCtrl->SetMaxLength (isPim? MAX_PIM_DIGITS : VolumePassword::MaxSize);
newTextCtrl->SetValue ((*textCtrl)->GetValue());
newTextCtrl->SetMinSize ((*textCtrl)->GetSize());
@@ -279,7 +280,8 @@ namespace VeraCrypt
if (pimStr.IsEmpty())
return 0;
if (((size_t) wxNOT_FOUND == pimStr.find_first_not_of (wxT("0123456789")))
- && pimStr.ToLong (&pim))
+ && pimStr.ToLong (&pim)
+ && pim <= MAX_PIM_VALUE)
return (int) pim;
else
return -1;
diff --git a/src/Main/Forms/VolumePimWizardPage.cpp b/src/Main/Forms/VolumePimWizardPage.cpp
index 0e3d4299..2d61a719 100644
--- a/src/Main/Forms/VolumePimWizardPage.cpp
+++ b/src/Main/Forms/VolumePimWizardPage.cpp
@@ -103,7 +103,7 @@ namespace VeraCrypt
bool display = event.IsChecked ();
wxTextCtrl *newTextCtrl = new wxTextCtrl (this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, display ? 0 : wxTE_PASSWORD);
- newTextCtrl->SetMaxLength (10);
+ newTextCtrl->SetMaxLength (MAX_PIM_DIGITS);
newTextCtrl->SetValue (VolumePimTextCtrl->GetValue());
newTextCtrl->SetMinSize (VolumePimTextCtrl->GetSize());
diff --git a/src/Main/Main.h b/src/Main/Main.h
index a35bf780..e9d7e838 100644
--- a/src/Main/Main.h
+++ b/src/Main/Main.h
@@ -18,4 +18,9 @@
#include "Core/Core.h"
#include "Main/StringFormatter.h"
+#define MAX_PIM_DIGITS 7 // Maximum allowed digits in a PIM (enough for maximum value)
+#define MAX_PIM_VALUE 2147468 // Maximum value to have a positive 32-bit result for formula 15000 + (PIM x 1000)
+#define MAX_BOOT_PIM_DIGITS 5 // Maximum allowed digits in a PIM for boot (enough for 16-bit value)
+#define MAX_BOOT_PIM_VALUE 65535
+
#endif // TC_HEADER_Main_Main
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index 632552b7..bddfc0b2 100644
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -182,6 +182,12 @@ namespace VeraCrypt
try
{
pim = (int) StringConverter::ToUInt32 (pimStr);
+ if (pim > MAX_PIM_VALUE)
+ {
+ pim = -1;
+ ShowError ("PIM_TOO_BIG");
+ continue;
+ }
}
catch (...)
{
diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp
index 45883bc9..af5f9b0d 100644
--- a/src/Mount/Favorites.cpp
+++ b/src/Mount/Favorites.cpp
@@ -383,6 +383,20 @@ namespace VeraCrypt
case IDC_SHOW_PIM:
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PIM, IDC_PIM, 0);
return 1;
+
+ case IDC_PIM:
+ if (hw == EN_CHANGE)
+ {
+ int pim = GetPim (hwndDlg, IDC_PIM);
+ if (pim > (SystemFavoritesMode? MAX_BOOT_PIM_VALUE: MAX_PIM_VALUE))
+ {
+ SetDlgItemText (hwndDlg, IDC_PIM, L"");
+ SetFocus (GetDlgItem(hwndDlg, IDC_PIM));
+ Warning (SystemFavoritesMode? "PIM_SYSENC_TOO_BIG": "PIM_TOO_BIG", hwndDlg);
+ return 1;
+ }
+ }
+ break;
}
return 0;
@@ -601,7 +615,7 @@ namespace VeraCrypt
XmlGetAttributeText (xml, "pin", label, sizeof (label));
}
favorite.Pim = strtol (label, NULL, 10);
- if (favorite.Pim < 0)
+ if (favorite.Pim < 0 || favorite.Pim > (systemFavorite? MAX_BOOT_PIM_VALUE : MAX_PIM_VALUE))
favorite.Pim = 0;
char boolVal[2];
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 1851af06..7dabc5ff 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -2506,6 +2506,13 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
return 1;
}
+ if (!bSysEncPwdChangeDlgMode && (pim > MAX_PIM_VALUE))
+ {
+ SetFocus (GetDlgItem(hwndDlg, IDC_PIM));
+ Error ("PIM_TOO_BIG", hwndDlg);
+ return 1;
+ }
+
if (pwdChangeDlgMode == PCDM_CHANGE_PKCS5_PRF)
{
newKeyFilesParam.EnableKeyFiles = KeyFilesEnable;
@@ -8712,7 +8719,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{
wchar_t* endPtr = NULL;
CmdVolumePim = (int) wcstol(szTmp, &endPtr, 0);
- if (CmdVolumePim < 0 || endPtr == szTmp || *endPtr != L'\0')
+ if (CmdVolumePim < 0 || CmdVolumePim > MAX_PIM_VALUE || endPtr == szTmp || *endPtr != L'\0')
{
CmdVolumePim = 0;
AbortProcess ("COMMAND_LINE_ERROR");