Windows: fix documentation and UI messages about the PIM constraints and calculation formula when EFI system encryption is using SHA-512 or Whirlpool. For historical reasons, if SHA-512 or Whirlpool is selected for EFI system encryption, then iterations = 15000 + (PIM x 1000) and not iterations = PIM x 2048 like the other algorithms.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2017-07-02 19:35:12 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2017-07-02 19:36:53 +0200
commit: d1b26d4bfefe4d7f8581d4555e6634c3603772ed (patch)
tree: b71140fbd82edd05e1696902069d2779d14c9d11 /src
parent: a0f2ffb90bf004b08fc4d3e317718d5a78fb54d5 (diff)
download: VeraCrypt-d1b26d4bfefe4d7f8581d4555e6634c3603772ed.tar.gz
VeraCrypt-d1b26d4bfefe4d7f8581d4555e6634c3603772ed.zip
4 files changed, 23 insertions, 10 deletions
diff --git a/src/Common/Password.c b/src/Common/Password.c
index e3876042..8ba91374 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -133,14 +133,15 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw)
 }
 
 
-BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning)
+BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning)
 {
-	BOOL bCustomPimSmall = ((pim != 0) && (pim < (bForBoot? 98 : 485)))? TRUE : FALSE;
+	BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE;
+	BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE;
 	if (passwordLength < PASSWORD_LEN_WARNING)
 	{
 		if (bCustomPimSmall)
 		{
-			Error (bForBoot? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg);
+			Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg);
 			return FALSE;
 		}
 
@@ -157,7 +158,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim
 	}
 #endif
 
-	if ((pim != 0) && (pim > (bForBoot? 98 : 485)))
+	if ((pim != 0) && (pim > (bootPimCondition? 98 : 485)))
 	{
 		// warn that mount/boot will take more time
 		Warning ("PIM_LARGE_WARNING", hwndDlg);
diff --git a/src/Common/Password.h b/src/Common/Password.h
index 9afcd060..b2b0511d 100644
--- a/src/Common/Password.h
+++ b/src/Common/Password.h
@@ -39,7 +39,7 @@ typedef struct
 #if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
 
 void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
-BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning);		
+BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning);		
 BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);			
 int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg);
 
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 5b1b0d16..09c52705 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -4404,7 +4404,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 				SetFocus (GetDlgItem (hwndDlg, IDC_PIM));
 
-				SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect ()? "PIM_SYSENC_HELP" : "PIM_HELP"));
+				SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect () && hash_algo != SHA512 && hash_algo != WHIRLPOOL? "PIM_SYSENC_HELP" : "PIM_HELP"));
 
 				ToHyperlink (hwndDlg, IDC_LINK_PIM_INFO);
 
@@ -6238,7 +6238,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				if (volumePassword.Length > 0)
 				{
 					// Check password length (check also done for outer volume which is not the case in TrueCrypt).
-					if (!CheckPasswordLength (NULL, volumePassword.Length, volumePim, FALSE, Silent, Silent))
+					if (!CheckPasswordLength (NULL, volumePassword.Length, volumePim, FALSE, 0, Silent, Silent))
 					{
 						exit (1);
 					}
@@ -7514,7 +7514,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 						return 1;
 					}
 					// Check password length (check also done for outer volume which is not the case in TrueCrypt).
-					else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), FALSE, FALSE))
+					else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))
 					{
 						return 1;
 					}
@@ -7601,7 +7601,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 						return 1;
 					}
 					// Check password length (check also done for outer volume which is not the case in TrueCrypt).
-					else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), TRUE, FALSE))
+					else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, TRUE, FALSE))
 					{
 						return 1;
 					}
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index b0439ea5..6a4a57a7 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -2672,7 +2672,19 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
 			else if (!(newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL)
 				&& pwdChangeDlgMode == PCDM_CHANGE_PASSWORD)
 			{
-				if (!CheckPasswordLength (hwndDlg, GetWindowTextLength(GetDlgItem (hwndDlg, IDC_PASSWORD)), pim, bSysEncPwdChangeDlgMode, FALSE, FALSE))
+				int bootPRF = 0;
+				if (bSysEncPwdChangeDlgMode)
+				{
+					try
+					{
+						VOLUME_PROPERTIES_STRUCT properties;
+						BootEncObj->GetVolumeProperties(&properties);
+						bootPRF = properties.pkcs5;
+					}
+					catch(...)
+					{}
+				}
+				if (!CheckPasswordLength (hwndDlg, GetWindowTextLength(GetDlgItem (hwndDlg, IDC_PASSWORD)), pim, bSysEncPwdChangeDlgMode, bootPRF, FALSE, FALSE))
 					return 1;
 			}
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2017-07-02 19:35:12 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2017-07-02 19:36:53 +0200
commit	d1b26d4bfefe4d7f8581d4555e6634c3603772ed (patch)
tree	b71140fbd82edd05e1696902069d2779d14c9d11 /src
parent	a0f2ffb90bf004b08fc4d3e317718d5a78fb54d5 (diff)
download	VeraCrypt-d1b26d4bfefe4d7f8581d4555e6634c3603772ed.tar.gz VeraCrypt-d1b26d4bfefe4d7f8581d4555e6634c3603772ed.zip