VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Boot/Windows/BootCommon.h2
-rw-r--r--src/Boot/Windows/BootConsoleIo.cpp5
-rw-r--r--src/Boot/Windows/BootConsoleIo.h1
-rw-r--r--src/Boot/Windows/BootMain.cpp83
-rw-r--r--src/Boot/Windows/BootMain.h2
-rw-r--r--src/Common/Apidrvr.h3
-rw-r--r--src/Common/BootEncryption.cpp16
-rw-r--r--src/Common/BootEncryption.h6
-rw-r--r--src/Common/Cache.c6
-rw-r--r--src/Common/Cache.h2
-rw-r--r--src/Common/Common.h1
-rw-r--r--src/Common/Crypto.h1
-rw-r--r--src/Common/Dlgcode.c39
-rw-r--r--src/Common/Dlgcode.h7
-rw-r--r--src/Common/Format.c4
-rw-r--r--src/Common/Format.h1
-rw-r--r--src/Common/Language.xml5
-rw-r--r--src/Common/Password.c21
-rw-r--r--src/Common/Password.h7
-rw-r--r--src/Common/Pkcs5.c67
-rw-r--r--src/Common/Pkcs5.h10
-rw-r--r--src/Common/Volumes.c21
-rw-r--r--src/Common/Volumes.h6
-rw-r--r--src/Driver/DriveFilter.c10
-rw-r--r--src/Driver/Ntdriver.c2
-rw-r--r--src/Driver/Ntvol.c2
-rw-r--r--src/ExpandVolume/DlgExpandVolume.cpp13
-rw-r--r--src/ExpandVolume/ExpandVolume.c17
-rw-r--r--src/ExpandVolume/ExpandVolume.h3
-rw-r--r--src/ExpandVolume/ExpandVolume.rc17
-rw-r--r--src/ExpandVolume/WinMain.cpp44
-rw-r--r--src/ExpandVolume/resource.h9
-rw-r--r--src/Format/Format.rc176
-rw-r--r--src/Format/InPlace.c14
-rw-r--r--src/Format/InPlace.h2
-rw-r--r--src/Format/Resource.h10
-rw-r--r--src/Format/Tcformat.c57
-rw-r--r--src/Format/Tcformat.h2
-rw-r--r--src/Mount/MainCom.cpp27
-rw-r--r--src/Mount/MainCom.h2
-rw-r--r--src/Mount/MainCom.idl2
-rw-r--r--src/Mount/Mount.c187
-rw-r--r--src/Mount/Mount.h1
-rw-r--r--src/Mount/Mount.rc69
-rw-r--r--src/Mount/Resource.h8
-rw-r--r--src/VeraCrypt.sln3
46 files changed, 706 insertions, 287 deletions
diff --git a/src/Boot/Windows/BootCommon.h b/src/Boot/Windows/BootCommon.h
index 358d52e6..14103151 100644
--- a/src/Boot/Windows/BootCommon.h
+++ b/src/Boot/Windows/BootCommon.h
@@ -13,7 +13,7 @@
#include "BootDefs.h"
// The user will be advised to upgrade the rescue disk if upgrading from the following or any previous version
-#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0110
+#define TC_RESCUE_DISK_UPGRADE_NOTICE_MAX_VERSION 0x0111
#define TC_BOOT_LOADER_AREA_SIZE (TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)
diff --git a/src/Boot/Windows/BootConsoleIo.cpp b/src/Boot/Windows/BootConsoleIo.cpp
index 6558018f..40f46a10 100644
--- a/src/Boot/Windows/BootConsoleIo.cpp
+++ b/src/Boot/Windows/BootConsoleIo.cpp
@@ -305,6 +305,11 @@ bool IsPrintable (char c)
return c >= ' ' && c <= '~';
}
+bool IsDigit (char c)
+{
+ return c >= '0' && c <= '9';
+}
+
int GetString (char *buffer, size_t bufferSize)
{
diff --git a/src/Boot/Windows/BootConsoleIo.h b/src/Boot/Windows/BootConsoleIo.h
index daf86633..63557144 100644
--- a/src/Boot/Windows/BootConsoleIo.h
+++ b/src/Boot/Windows/BootConsoleIo.h
@@ -48,6 +48,7 @@ int GetString (char *buffer, size_t bufferSize);
void InitVideoMode ();
bool IsKeyboardCharAvailable ();
bool IsPrintable (char c);
+bool IsDigit (char c);
void Print (const char *str);
void Print (uint32 number);
void Print (const uint64 &number);
diff --git a/src/Boot/Windows/BootMain.cpp b/src/Boot/Windows/BootMain.cpp
index 334762ea..c5567f6b 100644
--- a/src/Boot/Windows/BootMain.cpp
+++ b/src/Boot/Windows/BootMain.cpp
@@ -145,13 +145,15 @@ static int AskSelection (const char *options[], size_t optionCount)
}
-static byte AskPassword (Password &password)
+static byte AskPassword (Password &password, int& pin)
{
size_t pos = 0;
byte scanCode;
byte asciiCode;
byte hidePassword = 1;
+ pin = 0;
+
Print ("Enter password");
Print (PreventNormalSystemBoot ? " for hidden system:\r\n" : ": ");
@@ -166,7 +168,7 @@ static byte AskPassword (Password &password)
PrintEndl();
password.Length = pos;
- return scanCode;
+ break;
case TC_BIOS_KEY_BACKSPACE:
if (pos > 0)
@@ -195,6 +197,9 @@ static byte AskPassword (Password &password)
}
}
+ if (TC_BIOS_KEY_ENTER == scanCode)
+ break;
+
if (!IsPrintable (asciiCode) || pos == MAX_PASSWORD)
{
Beep();
@@ -208,6 +213,60 @@ static byte AskPassword (Password &password)
else
PrintCharAtCursor (asciiCode);
}
+
+ pos = 0;
+ Print ("PIN: ");
+
+ while (true)
+ {
+ asciiCode = GetKeyboardChar (&scanCode);
+
+ switch (scanCode)
+ {
+ case TC_BIOS_KEY_ENTER:
+ ClearBiosKeystrokeBuffer();
+ PrintEndl();
+
+ return TC_BIOS_KEY_ENTER;
+
+ case TC_BIOS_KEY_BACKSPACE:
+ if (pos > 0)
+ {
+ if (pos < MAX_PIN)
+ PrintBackspace();
+ else
+ PrintCharAtCursor (' ');
+
+ --pos;
+ pin /= 10;
+ }
+ continue;
+
+ default:
+ if (scanCode == TC_BIOS_KEY_ESC || IsMenuKey (scanCode))
+ {
+ burn (password.Text, sizeof (password.Text));
+ ClearBiosKeystrokeBuffer();
+
+ PrintEndl();
+ return scanCode;
+ }
+ }
+
+ if (!IsDigit (asciiCode) || pos == MAX_PIN)
+ {
+ Beep();
+ continue;
+ }
+
+ pin = 10*pin + (asciiCode - '0');
+ pos++;
+
+ if (pos < MAX_PIN)
+ PrintChar (asciiCode);
+ else
+ PrintCharAtCursor (asciiCode);
+ }
}
@@ -237,7 +296,7 @@ static void ExecuteBootSector (byte drive, byte *sectorBuffer)
}
-static bool OpenVolume (byte drive, Password &password, CRYPTO_INFO **cryptoInfo, uint32 *headerSaltCrc32, bool skipNormal, bool skipHidden)
+static bool OpenVolume (byte drive, Password &password, int pin, CRYPTO_INFO **cryptoInfo, uint32 *headerSaltCrc32, bool skipNormal, bool skipHidden)
{
int volumeType;
bool hiddenVolume;
@@ -268,7 +327,7 @@ static bool OpenVolume (byte drive, Password &password, CRYPTO_INFO **cryptoInfo
if (ReadSectors (SectorBuffer, drive, headerSec, 1) != BiosResultSuccess)
continue;
- if (ReadVolumeHeader (!hiddenVolume, (char *) SectorBuffer, &password, cryptoInfo, nullptr) == ERR_SUCCESS)
+ if (ReadVolumeHeader (!hiddenVolume, (char *) SectorBuffer, &password, pin, cryptoInfo, nullptr) == ERR_SUCCESS)
{
// Prevent opening a non-system hidden volume
if (hiddenVolume && !((*cryptoInfo)->HeaderFlags & TC_HEADER_FLAG_ENCRYPTED_SYSTEM))
@@ -322,21 +381,21 @@ static bool CheckMemoryRequirements ()
static bool MountVolume (byte drive, byte &exitKey, bool skipNormal, bool skipHidden)
{
BootArguments *bootArguments = (BootArguments *) TC_BOOT_LOADER_ARGS_OFFSET;
- int incorrectPasswordCount = 0;
+ int incorrectPasswordCount = 0, pin = 0;
EraseMemory (bootArguments, sizeof (*bootArguments));
// Open volume header
while (true)
{
- exitKey = AskPassword (bootArguments->BootPassword);
+ exitKey = AskPassword (bootArguments->BootPassword, pin);
if (exitKey != TC_BIOS_KEY_ENTER)
return false;
Print ("Verifying password...");
- if (OpenVolume (BootDrive, bootArguments->BootPassword, &BootCryptoInfo, &bootArguments->HeaderSaltCrc32, skipNormal, skipHidden))
+ if (OpenVolume (BootDrive, bootArguments->BootPassword, pin, &BootCryptoInfo, &bootArguments->HeaderSaltCrc32, skipNormal, skipHidden))
{
Print ("OK\r\n");
break;
@@ -362,6 +421,7 @@ static bool MountVolume (byte drive, byte &exitKey, bool skipNormal, bool skipHi
bootArguments->BootLoaderVersion = VERSION_NUM;
bootArguments->CryptoInfoOffset = (uint16) BootCryptoInfo;
bootArguments->CryptoInfoLength = sizeof (*BootCryptoInfo);
+ bootArguments->Flags = (((uint32)pin) << 16);
if (BootCryptoInfo->hiddenVolume)
bootArguments->HiddenSystemPartitionStart = PartitionFollowingActive.StartSector << TC_LB_SIZE_BIT_SHIFT_DIVISOR;
@@ -810,7 +870,7 @@ askBadSectorSkip:
CRYPTO_INFO *headerCryptoInfo = crypto_open();
while (ReadSectors (SectorBuffer, drive, headerSector, 1) != BiosResultSuccess);
- if (ReadVolumeHeader (TRUE, (char *) SectorBuffer, &bootArguments->BootPassword, NULL, headerCryptoInfo) == 0)
+ if (ReadVolumeHeader (TRUE, (char *) SectorBuffer, &bootArguments->BootPassword, (int) (bootArguments->Flags >> 16), NULL, headerCryptoInfo) == 0)
{
DecryptBuffer (SectorBuffer + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, headerCryptoInfo);
@@ -963,7 +1023,8 @@ static void RepairMenu ()
uint32 masterKeyScheduleCrc;
Password password;
- byte exitKey = AskPassword (password);
+ int pin;
+ byte exitKey = AskPassword (password, pin);
if (exitKey != TC_BIOS_KEY_ENTER)
goto abort;
@@ -974,7 +1035,7 @@ static void RepairMenu ()
ReleaseSectorBuffer();
// Restore volume header only if the current one cannot be used
- if (OpenVolume (TC_FIRST_BIOS_DRIVE, password, &cryptoInfo, nullptr, false, true))
+ if (OpenVolume (TC_FIRST_BIOS_DRIVE, password, pin, &cryptoInfo, nullptr, false, true))
{
validHeaderPresent = true;
masterKeyScheduleCrc = GetCrc32 (cryptoInfo->ks, sizeof (cryptoInfo->ks));
@@ -984,7 +1045,7 @@ static void RepairMenu ()
AcquireSectorBuffer();
CopyMemory (TC_BOOT_LOADER_BUFFER_SEGMENT, 0, SectorBuffer, TC_LB_SIZE);
- if (ReadVolumeHeader (TRUE, (char *) SectorBuffer, &password, &cryptoInfo, nullptr) == 0)
+ if (ReadVolumeHeader (TRUE, (char *) SectorBuffer, &password, pin, &cryptoInfo, nullptr) == 0)
{
if (validHeaderPresent)
{
diff --git a/src/Boot/Windows/BootMain.h b/src/Boot/Windows/BootMain.h
index 2cb4af87..38fce090 100644
--- a/src/Boot/Windows/BootMain.h
+++ b/src/Boot/Windows/BootMain.h
@@ -12,7 +12,7 @@
#include "TCdefs.h"
#include "Platform.h"
-static byte AskPassword (Password &password);
+static byte AskPassword (Password &password, int& pin);
static int AskSelection (const char *options[], size_t optionCount);
static bool AskYesNo (const char *message);
static byte BootEncryptedDrive ();
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 83d30595..d168cf74 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -104,6 +104,8 @@ typedef struct
int ProtectedHidVolPkcs5Prf;
BOOL bTrueCryptMode;
uint32 BytesPerPhysicalSector;
+ int VolumePin;
+ int ProtectedHidVolPin;
} MOUNT_STRUCT;
typedef struct
@@ -241,6 +243,7 @@ typedef struct
{
Password VolumePassword;
int pkcs5_prf;
+ int pin;
} ReopenBootVolumeHeaderRequest;
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 3678bc71..9f080f18 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1737,21 +1737,21 @@ namespace VeraCrypt
#ifndef SETUP
- void BootEncryption::CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5)
+ void BootEncryption::CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pin)
{
PCRYPTO_INFO cryptoInfo = NULL;
if (!IsRandomNumberGeneratorStarted())
throw ParameterIncorrect (SRC_POS);
- throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, (char *) VolumeHeader, ea, mode, password, pkcs5, NULL, &cryptoInfo,
+ throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, (char *) VolumeHeader, ea, mode, password, pkcs5, pin, NULL, &cryptoInfo,
volumeSize, 0, encryptedAreaStart, 0, TC_SYSENC_KEYSCOPE_MIN_REQ_PROG_VERSION, TC_HEADER_FLAG_ENCRYPTED_SYSTEM, TC_SECTOR_SIZE_BIOS, FALSE) != 0);
finally_do_arg (PCRYPTO_INFO*, &cryptoInfo, { crypto_close (*finally_arg); });
// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)
memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));
- if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, FALSE, NULL, cryptoInfo))
+ if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pin, FALSE, NULL, cryptoInfo))
throw ParameterIncorrect (SRC_POS);
DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
@@ -2234,7 +2234,7 @@ namespace VeraCrypt
}
- int BootEncryption::ChangePassword (Password *oldPassword, int old_pkcs5,Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
+ int BootEncryption::ChangePassword (Password *oldPassword, int old_pkcs5, int old_pin, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg)
{
BootEncryptionStatus encStatus = GetStatus();
@@ -2277,7 +2277,7 @@ namespace VeraCrypt
PCRYPTO_INFO cryptoInfo = NULL;
- int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, FALSE, &cryptoInfo, NULL);
+ int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pin, FALSE, &cryptoInfo, NULL);
finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
if (status != 0)
@@ -2339,6 +2339,7 @@ namespace VeraCrypt
cryptoInfo->mode,
newPassword,
cryptoInfo->pkcs5,
+ pin,
(char *) cryptoInfo->master_keydata,
&tmpCryptoInfo,
cryptoInfo->VolumeSize.Value,
@@ -2382,6 +2383,7 @@ namespace VeraCrypt
ReopenBootVolumeHeaderRequest reopenRequest;
reopenRequest.VolumePassword = *newPassword;
reopenRequest.pkcs5_prf = cryptoInfo->pkcs5;
+ reopenRequest.pin = pin;
finally_do_arg (ReopenBootVolumeHeaderRequest*, &reopenRequest, { burn (finally_arg, sizeof (*finally_arg)); });
CallDriver (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER, &reopenRequest, sizeof (reopenRequest));
@@ -2442,7 +2444,7 @@ namespace VeraCrypt
}
- void BootEncryption::PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, const string &rescueIsoImagePath)
+ void BootEncryption::PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pin, const string &rescueIsoImagePath)
{
BootEncryptionStatus encStatus = GetStatus();
if (encStatus.DriveMounted)
@@ -2495,7 +2497,7 @@ namespace VeraCrypt
SelectedEncryptionAlgorithmId = ea;
SelectedPrfAlgorithmId = pkcs5;
- CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5);
+ CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5, pin);
if (!rescueIsoImagePath.empty())
CreateRescueIsoImage (true, rescueIsoImagePath);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index 3665a9bc..a73ce6fc 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -144,7 +144,7 @@ namespace VeraCrypt
void AbortSetup ();
void AbortSetupWait ();
void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0);
- int ChangePassword (Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
+ int ChangePassword (Password *oldPassword, int old_pkcs5, int old_pin, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg);
void CheckDecoyOSWipeResult ();
void CheckEncryptionSetupResult ();
void CheckRequirements ();
@@ -170,7 +170,7 @@ namespace VeraCrypt
bool IsHiddenSystemRunning ();
bool IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);
void PrepareHiddenOSCreation (int ea, int mode, int pkcs5);
- void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, const string &rescueIsoImagePath);
+ void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pin, const string &rescueIsoImagePath);
void ProbeRealSystemDriveSize ();
void ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
uint32 ReadDriverConfigurationFlags ();
@@ -204,7 +204,7 @@ namespace VeraCrypt
void BackupSystemLoader ();
void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false);
- void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5);
+ void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pin);
string GetSystemLoaderBackupPath ();
uint32 GetChecksum (byte *data, size_t size);
DISK_GEOMETRY GetDriveGeometry (int driveNumber);
diff --git a/src/Common/Cache.c b/src/Common/Cache.c
index 33043f78..f4489ccf 100644
--- a/src/Common/Cache.c
+++ b/src/Common/Cache.c
@@ -21,7 +21,7 @@ Password CachedPasswords[CACHE_SIZE];
int cacheEmpty = 1;
static int nPasswordIdx = 0;
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo)
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pin, BOOL truecryptMode, PCRYPTO_INFO *retInfo)
{
int nReturnCode = ERR_PASSWORD_WRONG;
int i;
@@ -29,7 +29,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
/* Attempt to recognize volume using mount password */
if (password->Length > 0)
{
- nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, truecryptMode, retInfo, NULL);
+ nReturnCode = ReadVolumeHeader (bBoot, header, password, pkcs5_prf, pin, truecryptMode, retInfo, NULL);
/* Save mount passwords back into cache if asked to do so */
if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))
@@ -59,7 +59,7 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *pas
{
if (CachedPasswords[i].Length > 0)
{
- nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, truecryptMode, retInfo, NULL);
+ nReturnCode = ReadVolumeHeader (bBoot, header, &CachedPasswords[i], pkcs5_prf, pin, truecryptMode, retInfo, NULL);
if (nReturnCode != ERR_PASSWORD_WRONG)
break;
diff --git a/src/Common/Cache.h b/src/Common/Cache.h
index 10f120b0..bdd96e98 100644
--- a/src/Common/Cache.h
+++ b/src/Common/Cache.h
@@ -19,5 +19,5 @@
extern int cacheEmpty;
void AddPasswordToCache (Password *password);
-int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
+int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, char *header, Password *password, int pkcs5_prf, int pin, BOOL truecryptMode, PCRYPTO_INFO *retInfo);
void WipeCache (void);
diff --git a/src/Common/Common.h b/src/Common/Common.h
index 3e68f402..5893a268 100644
--- a/src/Common/Common.h
+++ b/src/Common/Common.h
@@ -76,6 +76,7 @@ typedef struct
BOOL UseBackupHeader;
BOOL RecoveryMode;
int ProtectedHidVolPkcs5Prf;
+ int ProtectedHidVolPin;
} MountOptions;
#endif
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 208e72a1..038e5430 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -197,6 +197,7 @@ typedef struct CRYPTO_INFO_t
int ea; /* Encryption algorithm ID */
int mode; /* Mode of operation (e.g., XTS) */
int pkcs5; /* PRF algorithm */
+
unsigned __int8 ks[MAX_EXPANDED_KEY]; /* Primary key schedule (if it is a cascade, it conatins multiple concatenated keys) */
unsigned __int8 ks2[MAX_EXPANDED_KEY]; /* Secondary key schedule (if cascade, multiple concatenated) for XTS mode. */
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index a6700e29..5cf6dbaf 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -4680,22 +4680,22 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
case SHA512:
/* PKCS-5 test with HMAC-SHA-512 used as the PRF */
- derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_sha512 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, 0, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case SHA256:
/* PKCS-5 test with HMAC-SHA-256 used as the PRF */
- derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_sha256 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, 0, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case RIPEMD160:
/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */
- derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_ripemd160 ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, 0, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
case WHIRLPOOL:
/* PKCS-5 test with HMAC-Whirlpool used as the PRF */
- derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
+ derive_key_whirlpool ("passphrase-1234567890", 21, tmp_salt, 64, get_pkcs5_iteration_count(thid, 0, FALSE, FALSE), dk, MASTER_KEYDATA_SIZE);
break;
}
}
@@ -6522,6 +6522,7 @@ int MountVolume (HWND hwndDlg,
char *volumePath,
Password *password,
int pkcs5,
+ int pin,
BOOL truecryptMode,
BOOL cachePassword,
BOOL sharedAccess,
@@ -6584,6 +6585,7 @@ retry:
mount.ProtectedHidVolPassword = mountOptions->ProtectedHidVolPassword;
mount.bProtectHiddenVolume = TRUE;
mount.ProtectedHidVolPkcs5Prf = mountOptions->ProtectedHidVolPkcs5Prf;
+ mount.ProtectedHidVolPin = mountOptions->ProtectedHidVolPin;
}
else
mount.bProtectHiddenVolume = FALSE;
@@ -6595,6 +6597,7 @@ retry:
mount.bMountManager = TRUE;
mount.pkcs5_prf = pkcs5;
mount.bTrueCryptMode = truecryptMode;
+ mount.VolumePin = pin;
// Windows 2000 mount manager causes problems with remounted volumes
if (CurrentOSMajor == 5 && CurrentOSMinor == 0)
@@ -7315,7 +7318,7 @@ int64 FindString (const char *buf, const char *str, int64 bufLen, int64 strLen,
for (int64 i = startOffset; i <= bufLen - strLen; i++)
{
- if (memcmp (buf + i, str, strLen) == 0)
+ if (memcmp (buf + i, str, (size_t) strLen) == 0)
return i;
}
@@ -8803,6 +8806,9 @@ BOOL IsOSVersionAtLeast (OSVersionEnum reqMinOS, int reqMinServicePack)
BOOL Is64BitOs ()
{
+#ifdef _WIN64
+ return TRUE;
+#else
static BOOL isWow64 = FALSE;
static BOOL valid = FALSE;
typedef BOOL (__stdcall *LPFN_ISWOW64PROCESS ) (HANDLE hProcess,PBOOL Wow64Process);
@@ -8819,6 +8825,7 @@ BOOL Is64BitOs ()
valid = TRUE;
return isWow64;
+#endif
}
@@ -9247,7 +9254,7 @@ void ReportUnexpectedState (char *techInfo)
#ifndef SETUP
-int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader)
+int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, int pin, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader)
{
int status = ERR_PARAMETER_INCORRECT;
int volumeType;
@@ -9397,7 +9404,7 @@ int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *pa
}
// Decrypt volume header
- status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, truecryptMode, &context->CryptoInfo, NULL);
+ status = ReadVolumeHeader (FALSE, buffer, password, pkcs5_prf, pin, truecryptMode, &context->CryptoInfo, NULL);
if (status == ERR_PASSWORD_WRONG)
continue; // Try next volume type
@@ -9442,7 +9449,7 @@ void CloseVolume (OpenVolumeContext *context)
}
-int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode)
+int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pin, BOOL wipeMode)
{
CRYPTO_INFO *newCryptoInfo = NULL;
@@ -9464,6 +9471,7 @@ int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *
cryptoInfo->mode,
password,
cryptoInfo->pkcs5,
+ pin,
(char *) cryptoInfo->master_keydata,
&newCryptoInfo,
cryptoInfo->VolumeSize.Value,
@@ -10693,3 +10701,18 @@ std::string FindLatestFileOrDirectory (const std::string &directory, const char
return string (directory) + "\\" + name;
}
+
+int GetPin (HWND hwndDlg, UINT ctrlId)
+{
+ int pin = 0;
+ char szTmp[MAX_PIN + 1] = {0};
+ GetDlgItemText (hwndDlg, ctrlId, szTmp, MAX_PIN + 1);
+ if (strlen(szTmp))
+ {
+ char* endPtr = NULL;
+ pin = strtol(szTmp, &endPtr, 0);
+ if (pin < 0 || endPtr == szTmp || !endPtr || *endPtr != '\0')
+ pin = 0;
+ }
+ return pin;
+}
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index e45a9b87..1fd12d40 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -332,7 +332,7 @@ BOOL IsDriveAvailable (int driveNo);
BOOL IsDeviceMounted (char *deviceName);
int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced);
void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap);
-int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
+int MountVolume (HWND hwndDlg, int driveNo, char *volumePath, Password *password, int pkcs5, int pin, BOOL truecryptMode, BOOL cachePassword, BOOL sharedAccess, const MountOptions* const mountOptions, BOOL quiet, BOOL bReportWrongPassword);
BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount);
BOOL IsPasswordCacheEmpty (void);
BOOL IsMountedVolume (const char *volname);
@@ -459,9 +459,9 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h
BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize);
BOOL GetSysDevicePaths (HWND hwndDlg);
BOOL DoDriverInstall (HWND hwndDlg);
-int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);
+int OpenVolume (OpenVolumeContext *context, const char *volumePath, Password *password, int pkcs5_prf, int pin, BOOL truecryptMode, BOOL write, BOOL preserveTimestamps, BOOL useBackupHeader);
void CloseVolume (OpenVolumeContext *context);
-int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode);
+int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, int pin, BOOL wipeMode);
BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);
BOOL IsPagingFileWildcardActive ();
BOOL DisablePagingFile ();
@@ -480,6 +480,7 @@ BOOL VolumePathExists (const char *volumePath);
BOOL IsWindowsIsoBurnerAvailable ();
BOOL LaunchWindowsIsoBurner (HWND hwnd, const char *isoPath);
BOOL IsApplicationInstalled (const char *appName);
+int GetPin (HWND hwndDlg, UINT ctrlId);
#ifdef __cplusplus
}
diff --git a/src/Common/Format.c b/src/Common/Format.c
index 54dddf64..37fa38da 100644
--- a/src/Common/Format.c
+++ b/src/Common/Format.c
@@ -146,6 +146,7 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
FIRST_MODE_OF_OPERATION_ID,
volParams->password,
volParams->pkcs5,
+ volParams->pin,
NULL,
&cryptoInfo,
dataAreaSize,
@@ -538,6 +539,7 @@ begin_format:
FIRST_MODE_OF_OPERATION_ID,
volParams->password,
volParams->pkcs5,
+ volParams->pin,
cryptoInfo->master_keydata,
&cryptoInfo,
dataAreaSize,
@@ -624,7 +626,7 @@ error:
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
- if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+ if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pin, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND);
MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND);
diff --git a/src/Common/Format.h b/src/Common/Format.h
index 584d98d9..c636e3a6 100644
--- a/src/Common/Format.h
+++ b/src/Common/Format.h
@@ -39,6 +39,7 @@ typedef struct
int sectorSize;
int *realClusterSize;
Password *password;
+ int pin;
HWND hwndDlg;
}
FORMAT_VOL_PARAMETERS;
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index 3feb51dd..9ae289d9 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -612,6 +612,8 @@
<string lang="en" key="PASSWORD_WRONG_AUTOMOUNT">Incorrect password/PRF or no valid volume found.</string>
<string lang="en" key="PASSWORD_OR_KEYFILE_WRONG_AUTOMOUNT">Incorrect keyfile(s)/password/PRF or no valid volume found.</string>
<string lang="en" key="PASSWORD_WRONG_CAPSLOCK_ON">\n\nWarning: Caps Lock is on. This may cause you to enter your password incorrectly.</string>
+ <string lang="en" key="PIN_SMALL_WARNING">You have chosen a Personal Iteration Number (PIN) that is smaller than the default VeraCrypt value. Please note that if your password is not strong enough, this could lead to a weaker security.\n\nDo you confirm that you are using a strong password?</string>
+ <string lang="en" key="PIN_SYSENC_TOO_BIG">Personal Iteration Number (PIN) maximum value for system encryption is 65535.</string>
<string lang="en" key="HIDDEN_FILES_PRESENT_IN_KEYFILE_PATH">\n\nWARNING: Hidden file(s) have been found in a keyfile search path. Such hidden files cannot be used as keyfiles. If you need to use them as keyfiles, remove their 'Hidden' attribute (right-click each of them, select 'Properties', uncheck 'Hidden' and click OK). Note: Hidden files are visible only if the corresponding option is enabled (Computer > Organize > 'Folder and search options' > View).</string>
<string lang="en" key="HIDDEN_VOL_PROT_PASSWORD_US_KEYB_LAYOUT">If you are attempting to protect a hidden volume containing a hidden system, please make sure you are using the standard US keyboard layout when typing the password for the hidden volume. This is required due to the fact that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available.</string>
<string lang="en" key="FOUND_NO_PARTITION_W_DEFERRED_INPLACE_ENC">VeraCrypt has not found any volume where the process of encryption/decryption of a non-system volume has been interrupted and where the volume header can be deciphered using the supplied password and/or keyfile(s).\n\nPlease make sure the password and/or keyfile(s) are correct and that the partition/volume is not being used by the system or applications (including antivirus software).</string>
@@ -1062,6 +1064,9 @@
<string lang="en" key="GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION">Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions).</string>
<string lang="en" key="ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">This algorithm is currently not supported for system encryption.</string>
<string lang="en" key="ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">This algorithm is not supported for TrueCrypt mode.</string>
+ <string lang="en" key="PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">PIN (Personal Iteration Count) not supported for TrueCrypt mode.</string>
+ <string lang="en" key="PIN_REQUIRE_LONG_PASSWORD">Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 485.</string>
+ <string lang="en" key="BOOT_PIN_REQUIRE_LONG_PASSWORD">Pre-boot authentication Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 98.</string>
<string lang="en" key="KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">Keyfiles are currently not supported for system encryption.</string>
<string lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</string>
<string lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</string>
diff --git a/src/Common/Password.c b/src/Common/Password.c
index 8014713c..63b099b4 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -107,19 +107,33 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw)
}
-BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem)
+BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem, int pin, BOOL bForBoot)
{
+ BOOL bCustomPinSmall = ((pin != 0) && (pin < (bForBoot? 98 : 485)))? TRUE : FALSE;
if (GetWindowTextLength (hwndItem) < PASSWORD_LEN_WARNING)
{
+ if (bCustomPinSmall)
+ {
+ Error (bForBoot? "BOOT_PIN_REQUIRE_LONG_PASSWORD": "PIN_REQUIRE_LONG_PASSWORD", hwndDlg);
+ return FALSE;
+ }
+
#ifndef _DEBUG
if (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES)
return FALSE;
#endif
}
+#ifndef _DEBUG
+ else if (bCustomPinSmall)
+ {
+ if (MessageBoxW (hwndDlg, GetString ("PIN_SMALL_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES)
+ return FALSE;
+ }
+#endif
return TRUE;
}
-int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
+int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@@ -287,7 +301,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOO
/* Try to decrypt the header */
- nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, truecryptMode, &cryptoInfo, NULL);
+ nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, old_pin, truecryptMode, &cryptoInfo, NULL);
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
@@ -353,6 +367,7 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOO
cryptoInfo->mode,
newPassword,
cryptoInfo->pkcs5,
+ pin,
cryptoInfo->master_keydata,
&ci,
cryptoInfo->VolumeSize.Value,
diff --git a/src/Common/Password.h b/src/Common/Password.h
index 62fe23a7..5ccc44b3 100644
--- a/src/Common/Password.h
+++ b/src/Common/Password.h
@@ -15,6 +15,9 @@
// User text input limits
#define MIN_PASSWORD 1 // Minimum possible password length
#define MAX_PASSWORD 64 // Maximum possible password length
+#define MAX_PIN 10 // Maximum allowed digits in a PIN (enough for 32-bit value)
+#define MAX_BOOT_PIN 5 // Maximum allowed digits in a PIN for boot (enough for 16-bit value)
+#define MAX_BOOT_PIN_VALUE 65535
#define PASSWORD_LEN_WARNING 20 // Display a warning when a password is shorter than this
@@ -33,9 +36,9 @@ typedef struct
#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
-BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);
+BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem, int pin, BOOL bForBoot);
BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
-int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
+int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg);
#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index 6585704c..adce567b 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -120,7 +120,7 @@ void hmac_sha256
}
#endif
-static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, int b, hmac_sha256_ctx* hmac)
+static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, int b, hmac_sha256_ctx* hmac)
{
char* k = hmac->k;
char* u = hmac->u;
@@ -128,13 +128,16 @@ static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, i
int i;
#ifdef TC_WINDOWS_BOOT
- /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ /* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
+ * and the most significant 16 bits hold the pin value
* This enables us to save code space needed for implementing other features.
*/
- if (iterations)
- c = 200000;
+ c = iterations >> 16;
+ i = ((int) iterations) & 0x01;
+ if (i)
+ c = (c == 0)? 200000 : c << 11;
else
- c = 500000;
+ c = (c == 0)? 500000 : 15000 + c * 1000;
#else
c = iterations;
#endif
@@ -162,7 +165,7 @@ static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, i
}
-void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
hmac_sha256_ctx hmac;
int b, l, r;
@@ -305,11 +308,11 @@ void hmac_sha512
burn (key, sizeof(key));
}
-static void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, int b, hmac_sha512_ctx* hmac)
+static void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, int b, hmac_sha512_ctx* hmac)
{
char* k = hmac->k;
char* u = hmac->u;
- int c, i;
+ uint32 c, i;
/* iteration 1 */
memcpy (k, salt, salt_len); /* salt */
@@ -332,7 +335,7 @@ static void derive_u_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, i
}
-void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
hmac_sha512_ctx hmac;
int b, l, r;
@@ -471,7 +474,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
#endif
-static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, int b, hmac_ripemd160_ctx* hmac)
+static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, int b, hmac_ripemd160_ctx* hmac)
{
char* k = hmac->k;
char* u = hmac->u;
@@ -479,13 +482,16 @@ static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len
int i;
#ifdef TC_WINDOWS_BOOT
- /* In bootloader, iterations is a boolean : TRUE for boot derivation mode, FALSE otherwise
+ /* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
+ * and the most significant 16 bits hold the pin value
* This enables us to save code space needed for implementing other features.
*/
- if (iterations)
- c = 327661;
+ c = iterations >> 16;
+ i = ((int) iterations) & 0x01;
+ if (i)
+ c = (c == 0)? 327661 : c << 11;
else
- c = 655331;
+ c = (c == 0)? 655331 : 15000 + c * 1000;
#else
c = iterations;
#endif
@@ -512,7 +518,7 @@ static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len
}
}
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
int b, l, r;
hmac_ripemd160_ctx hmac;
@@ -651,11 +657,11 @@ void hmac_whirlpool
burn(&hmac, sizeof(hmac));
}
-static void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, int b, hmac_whirlpool_ctx* hmac)
+static void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, int b, hmac_whirlpool_ctx* hmac)
{
char* u = hmac->u;
char* k = hmac->k;
- int c, i;
+ uint32 c, i;
/* iteration 1 */
memcpy (k, salt, salt_len); /* salt */
@@ -677,7 +683,7 @@ static void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len
}
}
-void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen)
+void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
{
hmac_whirlpool_ctx hmac;
char key[WHIRLPOOL_DIGESTSIZE];
@@ -751,28 +757,43 @@ char *get_pkcs5_prf_name (int pkcs5_prf_id)
-int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL truecryptMode, BOOL bBoot)
+int get_pkcs5_iteration_count (int pkcs5_prf_id, int pin, BOOL truecryptMode, BOOL bBoot)
{
+ if ( (pin < 0)
+ || (truecryptMode && pin > 0) /* No PIN for TrueCrypt mode */
+ )
+ {
+ return 0;
+ }
+
switch (pkcs5_prf_id)
{
case RIPEMD160:
if (truecryptMode)
return bBoot ? 1000 : 2000;
- else
+ else if (pin == 0)
return bBoot? 327661 : 655331;
+ else
+ {
+ return bBoot? pin * 2048 : 15000 + pin * 1000;
+ }
case SHA512:
- return truecryptMode? 1000 : 500000;
+ return truecryptMode? 1000 : ((pin == 0)? 500000 : 15000 + pin * 1000);
case WHIRLPOOL:
- return truecryptMode? 1000 : 500000;
+ return truecryptMode? 1000 : ((pin == 0)? 500000 : 15000 + pin * 1000);
case SHA256:
if (truecryptMode)
return 0; // SHA-256 not supported by TrueCrypt
- else
+ else if (pin == 0)
return bBoot? 200000 : 500000;
+ else
+ {
+ return bBoot? pin * 2048 : 15000 + pin * 1000;
+ }
default:
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
diff --git a/src/Common/Pkcs5.h b/src/Common/Pkcs5.h
index ef931397..d1dca7e3 100644
--- a/src/Common/Pkcs5.h
+++ b/src/Common/Pkcs5.h
@@ -20,21 +20,21 @@ extern "C"
#endif
/* output written to d which must be at lease 32 bytes long */
void hmac_sha256 (char *k, int lk, char *d, int ld);
-void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to d which must be at lease 64 bytes long */
void hmac_sha512 (char *k, int lk, char *d, int ld);
-void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_key_sha512 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to input_digest which must be at lease 20 bytes long */
void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len);
-void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
/* output written to d which must be at lease 64 bytes long */
void hmac_whirlpool (char *k, int lk, char *d, int ld);
-void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);
+void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen);
-int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL truecryptMode, BOOL bBoot);
+int get_pkcs5_iteration_count (int pkcs5_prf_id, int pin, BOOL truecryptMode, BOOL bBoot);
char *get_pkcs5_prf_name (int pkcs5_prf_id);
#if defined(__cplusplus)
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 73598c64..567df7ee 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -163,7 +163,7 @@ typedef struct
BOOL ReadVolumeHeaderRecoveryMode = FALSE;
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
+int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int selected_pkcs5_prf, int pin, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
{
char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
KEY_INFO keyInfo;
@@ -274,7 +274,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
EncryptionThreadPoolBeginKeyDerivation (&keyDerivationCompletedEvent, &noOutstandingWorkItemEvent,
&item->KeyReady, &outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey,
- keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, truecryptMode, bBoot), item->DerivedKey);
+ keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, pin, truecryptMode, bBoot), item->DerivedKey);
++queuedWorkItems;
break;
@@ -296,7 +296,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)
{
pkcs5_prf = item->Pkcs5Prf;
- keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, truecryptMode, bBoot);
+ keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pin, truecryptMode, bBoot);
memcpy (dk, item->DerivedKey, sizeof (dk));
item->Free = TRUE;
@@ -314,7 +314,7 @@ KeyReady: ;
else
{
pkcs5_prf = enqPkcs5Prf;
- keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, truecryptMode, bBoot);
+ keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pin, truecryptMode, bBoot);
switch (pkcs5_prf)
{
@@ -578,7 +578,7 @@ ret:
#else // TC_WINDOWS_BOOT
-int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
+int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pin, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo)
{
#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
char dk[32 * 2]; // 2 * 256-bit key
@@ -588,6 +588,9 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
PCRYPTO_INFO cryptoInfo;
int status = ERR_SUCCESS;
+ uint32 iterations = pin;
+ iterations <<= 16;
+ iterations |= bBoot;
if (retHeaderCryptoInfo != NULL)
cryptoInfo = retHeaderCryptoInfo;
@@ -597,10 +600,10 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO
// PKCS5 PRF
#ifdef TC_WINDOWS_BOOT_SHA2
derive_key_sha256 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
+ PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#else
derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET,
- PKCS5_SALT_SIZE, bBoot, dk, sizeof (dk));
+ PKCS5_SALT_SIZE, iterations, dk, sizeof (dk));
#endif
// Mode of operation
@@ -745,7 +748,7 @@ ret:
// Creates a volume header in memory
int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, int mode, Password *password,
- int pkcs5_prf, char *masterKeydata, PCRYPTO_INFO *retInfo,
+ int pkcs5_prf, int pin, char *masterKeydata, PCRYPTO_INFO *retInfo,
unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
{
@@ -794,7 +797,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
// User key
memcpy (keyInfo.userKey, password->Text, nUserKeyLen);
keyInfo.keyLength = nUserKeyLen;
- keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, FALSE, bBoot);
+ keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, pin, FALSE, bBoot);
// User selected encryption algorithm
cryptoInfo->ea = ea;
diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h
index 7021ab86..080589ff 100644
--- a/src/Common/Volumes.h
+++ b/src/Common/Volumes.h
@@ -127,13 +127,13 @@ uint16 GetHeaderField16 (byte *header, int offset);
uint32 GetHeaderField32 (byte *header, int offset);
UINT64_STRUCT GetHeaderField64 (byte *header, int offset);
#ifdef TC_WINDOWS_BOOT
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pin, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
#else
-int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pin, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
#endif
#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)
-int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
+int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pin, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead);
BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header);
int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly);
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index 8bf953a7..9330f179 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -224,7 +224,7 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
NTSTATUS status;
LARGE_INTEGER offset;
char *header;
- int pkcs5_prf = 0;
+ int pkcs5_prf = 0, pin = 0;
byte *mappedCryptoInfo = NULL;
Dump ("MountDrive pdo=%p\n", Extension->Pdo);
@@ -295,7 +295,9 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
}
}
- if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, FALSE, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
+ pin = (int) (BootArgs.Flags >> 16);
+
+ if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pin, FALSE, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
{
// Header decrypted
status = STATUS_SUCCESS;
@@ -775,6 +777,8 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
|| request->VolumePassword.Length > MAX_PASSWORD
|| request->pkcs5_prf < 0
|| request->pkcs5_prf > LAST_PRF_ID
+ || request->pin < 0
+ || request->pin > 65535
)
{
irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
@@ -800,7 +804,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp)
goto ret;
}
- if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, FALSE, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
+ if (ReadVolumeHeader (!BootDriveFilterExtension->HiddenSystem, header, &request->VolumePassword, request->pkcs5_prf, request->pin, FALSE, NULL, BootDriveFilterExtension->HeaderCryptoInfo) == 0)
{
Dump ("Header reopened\n");
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 2b0c0355..1d29b52f 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1403,6 +1403,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
|| mount->pkcs5_prf < 0 || mount->pkcs5_prf > LAST_PRF_ID
+ || mount->VolumePin < 0 || mount->VolumePin == INT_MAX
|| mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID
|| (mount->bTrueCryptMode != FALSE && mount->bTrueCryptMode != TRUE)
)
@@ -1420,6 +1421,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
burn (&mount->VolumePassword, sizeof (mount->VolumePassword));
burn (&mount->ProtectedHidVolPassword, sizeof (mount->ProtectedHidVolPassword));
burn (&mount->pkcs5_prf, sizeof (mount->pkcs5_prf));
+ burn (&mount->VolumePin, sizeof (mount->VolumePin));
burn (&mount->bTrueCryptMode, sizeof (mount->bTrueCryptMode));
burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf));
}
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index 9acebaed..577effa0 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -467,6 +467,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
readBuffer,
&mount->ProtectedHidVolPassword,
mount->ProtectedHidVolPkcs5Prf,
+ mount->ProtectedHidVolPin,
mount->bTrueCryptMode,
&tmpCryptoInfo);
}
@@ -478,6 +479,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
readBuffer,
&mount->VolumePassword,
mount->pkcs5_prf,
+ mount->VolumePin,
mount->bTrueCryptMode,
&Extension->cryptoInfo);
}
diff --git a/src/ExpandVolume/DlgExpandVolume.cpp b/src/ExpandVolume/DlgExpandVolume.cpp
index d6982933..554f4f6f 100644
--- a/src/ExpandVolume/DlgExpandVolume.cpp
+++ b/src/ExpandVolume/DlgExpandVolume.cpp
@@ -72,7 +72,7 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
namespace VeraCryptExpander
{
/* defined in WinMain.c, referenced by ExpandVolumeWizard() */
-int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions);
+int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int *pin, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions);
}
@@ -406,6 +406,7 @@ typedef struct
const char *volumePath;
Password *password;
int pkcs5_prf;
+ int pin;
BOOL truecryptMode;
BOOL write;
BOOL preserveTimestamps;
@@ -418,7 +419,7 @@ void CALLBACK OpenVolumeWaitThreadProc(void* pArg, HWND hwndDlg)
OpenVolumeThreadParam* pThreadParam = (OpenVolumeThreadParam*) pArg;
*(pThreadParam)->nStatus = OpenVolume(pThreadParam->context, pThreadParam->volumePath, pThreadParam->password, pThreadParam->pkcs5_prf,
- pThreadParam->truecryptMode, pThreadParam->write, pThreadParam->preserveTimestamps, pThreadParam->useBackupHeader);
+ pThreadParam->pin, pThreadParam->truecryptMode, pThreadParam->write, pThreadParam->preserveTimestamps, pThreadParam->useBackupHeader);
}
/*
@@ -444,7 +445,7 @@ void ExpandVolumeWizard (HWND hwndDlg, char *lpszVolume)
int nStatus = ERR_OS_ERROR;
wchar_t szTmp[4096];
Password VolumePassword;
- int VolumePkcs5 = 0;
+ int VolumePkcs5 = 0, VolumePin = -1;
uint64 hostSize, volSize, hostSizeFree, maxSizeFS;
BOOL bIsDevice, bIsLegacy;
DWORD dwError;
@@ -512,7 +513,7 @@ void ExpandVolumeWizard (HWND hwndDlg, char *lpszVolume)
OpenVolumeContext expandVol;
BOOL truecryptMode = FALSE;
- if (!VeraCryptExpander::ExtcvAskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &truecryptMode, "ENTER_NORMAL_VOL_PASSWORD", FALSE))
+ if (!VeraCryptExpander::ExtcvAskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumePin, &truecryptMode, "ENTER_NORMAL_VOL_PASSWORD", FALSE))
{
goto ret;
}
@@ -530,6 +531,7 @@ void ExpandVolumeWizard (HWND hwndDlg, char *lpszVolume)
threadParam.volumePath = lpszVolume;
threadParam.password = &VolumePassword;
threadParam.pkcs5_prf = VolumePkcs5;
+ threadParam.pin = VolumePin;
threadParam.truecryptMode = FALSE;
threadParam.write = FALSE;
threadParam.preserveTimestamps = bPreserveTimestamp;
@@ -576,7 +578,7 @@ void ExpandVolumeWizard (HWND hwndDlg, char *lpszVolume)
WaitCursor();
// auto mount the volume to check the file system type
- nStatus=MountVolTemp(hwndDlg, lpszVolume, &driveNo, &VolumePassword, VolumePkcs5);
+ nStatus=MountVolTemp(hwndDlg, lpszVolume, &driveNo, &VolumePassword, VolumePkcs5, VolumePin);
if (nStatus != ERR_SUCCESS)
goto error;
@@ -651,6 +653,7 @@ void ExpandVolumeWizard (HWND hwndDlg, char *lpszVolume)
VolExpandParam.FileSystem = volFSType;
VolExpandParam.pVolumePassword = &VolumePassword;
VolExpandParam.VolumePkcs5 = VolumePkcs5;
+ VolExpandParam.VolumePin = VolumePin;
VolExpandParam.bIsDevice = bIsDevice;
VolExpandParam.bIsLegacy = bIsLegacy;
VolExpandParam.oldSize = bIsDevice ? volSize : hostSize;
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index 1d777a11..5b9509be 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -98,7 +98,7 @@ static int FsctlExtendVolume(char * szVolume, LONGLONG nTotalSectors );
int with Truecrypt error code (ERR_SUCCESS on success)
*/
-int MountVolTemp (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5)
+int MountVolTemp (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5, int pin)
{
MountOptions mountOptions;
ZeroMemory (&mountOptions, sizeof (mountOptions));
@@ -118,7 +118,7 @@ int MountVolTemp (HWND hwndDlg, char *volumePath, int *driveNo, Password *passwo
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
- if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5, FALSE, FALSE, TRUE, &mountOptions, FALSE, FALSE) < 1)
+ if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5, pin, FALSE, FALSE, TRUE, &mountOptions, FALSE, FALSE) < 1)
{
*driveNo = -3;
return ERR_VOL_MOUNT_FAILED;
@@ -385,7 +385,7 @@ uint64 GetVolumeSizeByDataAreaSize (uint64 dataAreaSize, BOOL legacyVolume)
}
-int ExtendFileSystem (HWND hwndDlg , char *lpszVolume, Password *pVolumePassword, int VolumePkcs5, uint64 newDataAreaSize)
+int ExtendFileSystem (HWND hwndDlg , char *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePin, uint64 newDataAreaSize)
{
char szVolumeGUID[128];
int driveNo = -1;
@@ -399,7 +399,7 @@ int ExtendFileSystem (HWND hwndDlg , char *lpszVolume, Password *pVolumePassword
DebugAddProgressDlgStatus (hwndDlg, "Mounting volume ...\r\n");
- nStatus=MountVolTemp(hwndDlg, lpszVolume, &driveNo, pVolumePassword, VolumePkcs5);
+ nStatus=MountVolTemp(hwndDlg, lpszVolume, &driveNo, pVolumePassword, VolumePkcs5, VolumePin);
if (nStatus!=ERR_SUCCESS)
{
driveNo = -1;
@@ -500,7 +500,7 @@ error:
Remarks: a lot of code is from TrueCrypt 'Common\Password.c' :: ChangePwd()
*/
-static int ExpandVolume (HWND hwndDlg, char *lpszVolume, Password *pVolumePassword, int VolumePkcs5, uint64 newHostSize, BOOL initFreeSpace)
+static int ExpandVolume (HWND hwndDlg, char *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePin, uint64 newHostSize, BOOL initFreeSpace)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
@@ -644,7 +644,7 @@ static int ExpandVolume (HWND hwndDlg, char *lpszVolume, Password *pVolumePasswo
/* Try to decrypt the header */
- nStatus = ReadVolumeHeader (FALSE, buffer, pVolumePassword, VolumePkcs5, FALSE, &cryptoInfo, NULL);
+ nStatus = ReadVolumeHeader (FALSE, buffer, pVolumePassword, VolumePkcs5, VolumePin, FALSE, &cryptoInfo, NULL);
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
@@ -802,6 +802,7 @@ static int ExpandVolume (HWND hwndDlg, char *lpszVolume, Password *pVolumePasswo
cryptoInfo->mode,
pVolumePassword,
cryptoInfo->pkcs5,
+ VolumePin,
(char*)(cryptoInfo->master_keydata),
&ci,
newDataAreaSize,
@@ -968,7 +969,7 @@ error:
if (nStatus == ERR_SUCCESS)
{
- nStatus = ExtendFileSystem (hwndDlg, lpszVolume, pVolumePassword, VolumePkcs5, newDataAreaSize);
+ nStatus = ExtendFileSystem (hwndDlg, lpszVolume, pVolumePassword, VolumePkcs5, VolumePin, newDataAreaSize);
}
return nStatus;
@@ -983,7 +984,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
HWND hwndDlg = (HWND) pParam->hwndDlg;
nStatus = ExpandVolume (hwndDlg, (char*)pParam->szVolumeName, pParam->pVolumePassword,
- pParam->VolumePkcs5, pParam->newSize, pParam->bInitFreeSpace );
+ pParam->VolumePkcs5, pParam->VolumePin, pParam->newSize, pParam->bInitFreeSpace );
if (nStatus!=ERR_SUCCESS && nStatus!=ERR_USER_ABORT)
handleError (hwndDlg, nStatus);
diff --git a/src/ExpandVolume/ExpandVolume.h b/src/ExpandVolume/ExpandVolume.h
index 805f1c02..8fc7c9b7 100644
--- a/src/ExpandVolume/ExpandVolume.h
+++ b/src/ExpandVolume/ExpandVolume.h
@@ -59,6 +59,7 @@ typedef struct
BOOL bInitFreeSpace;
Password *pVolumePassword;
int VolumePkcs5;
+ int VolumePin;
HWND hwndDlg;
} EXPAND_VOL_THREAD_PARAMS;
@@ -74,7 +75,7 @@ extern volatile BOOL bVolTransformThreadCancel; /* TRUE if the user cancels/paus
uint64 GetVolumeDataAreaSize (uint64 volumeSize, BOOL legacyVolume);
uint64 GetVolumeSizeByDataAreaSize (uint64 dataSize, BOOL legacyVolume);
int QueryVolumeInfo (HWND hwndDlg, const char *lpszVolume, uint64 * pHostSizeFree, uint64 * pSizeLimitFS );
-int MountVolTemp (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5);
+int MountVolTemp (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5, int pin);
BOOL GetFileSystemType(const char *szFileName, enum EV_FileSystem *pFS);
BOOL GetNtfsNumberOfSectors(char *rootPath, uint64 *pNumberOfSectors, DWORD *pBytesPerSector);
void __cdecl volTransformThreadFunction (void *hwndDlgArg);
diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc
index 4f337133..7bae8494 100644
--- a/src/ExpandVolume/ExpandVolume.rc
+++ b/src/ExpandVolume/ExpandVolume.rc
@@ -113,24 +113,27 @@ BEGIN
LTEXT "Static",IDC_INFOEXPAND,8,6,361,134,SS_NOPREFIX | SS_SUNKEN,WS_EX_STATICEDGE
END
-IDD_PASSWORD_DLG DIALOGEX 0, 0, 322, 91
+IDD_PASSWORD_DLG DIALOGEX 0, 0, 322, 107
STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION
CAPTION "Enter VeraCrypt Volume Password"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PASSWORD,69,8,166,14,ES_PASSWORD | ES_AUTOHSCROLL
CONTROL "Cache passwords and keyfil&es in memory",IDC_CACHE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,50,153,10
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,63,83,10
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,75,83,11
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,171,72,64,14
- PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,243,72,64,14
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,63,153,10
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,76,83,10
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,89,83,11
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,171,86,64,14
+ PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,243,86,64,14
DEFPUSHBUTTON "OK",IDOK,243,8,64,14
PUSHBUTTON "Cancel",IDCANCEL,243,25,64,14
RTEXT "Password:",IDT_PASSWORD,0,10,65,13
COMBOBOX IDC_PKCS5_PRF_ID,69,26,86,90,CBS_DROPDOWNLIST | WS_TABSTOP
RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,27,65,13
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,159,28,76,10
+ RTEXT "Volume PIN:",IDT_PIN,0,46,65,13
+ EDITTEXT IDC_PIN,69,43,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,115,46,189,8
END
IDD_EXPAND_PROGRESS_DLG DIALOGEX 0, 0, 376, 271
@@ -183,7 +186,7 @@ BEGIN
IDD_PASSWORD_DLG, DIALOG
BEGIN
- BOTTOMMARGIN, 63
+ BOTTOMMARGIN, 102
END
IDD_EXPAND_PROGRESS_DLG, DIALOG
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp
index 68ef281c..f8b3234c 100644
--- a/src/ExpandVolume/WinMain.cpp
+++ b/src/ExpandVolume/WinMain.cpp
@@ -392,6 +392,7 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
WORD lw = LOWORD (wParam);
static Password *szXPwd;
static int *pkcs5;
+ static int *pin;
static BOOL* truecryptMode;
switch (msg)
@@ -401,6 +402,7 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
int i, nIndex;
szXPwd = ((PasswordDlgParam *) lParam) -> password;
pkcs5 = ((PasswordDlgParam *) lParam) -> pkcs5;
+ pin = ((PasswordDlgParam *) lParam) -> pin;
truecryptMode = ((PasswordDlgParam *) lParam) -> truecryptMode;
LocalizeDialog (hwndDlg, "IDD_PASSWORD_DLG");
DragAcceptFiles (hwndDlg, TRUE);
@@ -443,6 +445,16 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_CACHE), BM_SETCHECK, bCacheInDriver ? BST_CHECKED:BST_UNCHECKED, 0);
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, MAX_PIN, 0);
+
+ if (*pin >= 0)
+ {
+ /* display the given PIN */
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", *pin);
+
+ SetDlgItemText (hwndDlg, IDC_PIN, szTmp);
+ }
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable);
@@ -538,6 +550,19 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_SETPASSWORDCHAR, '*', 0);
InvalidateRect (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL, TRUE);
+ SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), FALSE);
+
+ if (*pin >= 0)
+ {
+ /* display the given PIN */
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", *pin);
+
+ SetDlgItemText (hwndDlg, IDC_PIN, szTmp);
+ }
+
bPrebootPasswordDlgMode = TRUE;
}
return 1;
@@ -647,6 +672,13 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE));
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
*truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
+
+ GetWindowText (GetDlgItem (hwndDlg, IDC_PIN), tmp, MAX_PIN + 1);
+ if (strlen(tmp))
+ *pin = (int) strtol(tmp, NULL, 10); /* IDC_PIN is configured to accept only numbers */
+ else
+ *pin = 0;
+
/* SHA-256 is not supported by TrueCrypt */
if ( (*truecryptMode)
&& ((*pkcs5 == SHA256) || (mountOptions.ProtectHiddenVolume && mountOptions.ProtectedHidVolPkcs5Prf == SHA256))
@@ -655,6 +687,14 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
return 1;
}
+
+ if ( (*truecryptMode)
+ && (*pin != 0)
+ )
+ {
+ Error ("PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
+ return 1;
+ }
}
// Attempt to wipe password stored in the input field buffer
@@ -753,7 +793,7 @@ int RestoreVolumeHeader (HWND hwndDlg, char *lpszVolume)
return 0;
}
-int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions)
+int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int *pin, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions)
{
int result;
PasswordDlgParam dlgParam;
@@ -763,6 +803,7 @@ int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL*
dlgParam.password = password;
dlgParam.pkcs5 = pkcs5;
+ dlgParam.pin = pin;
dlgParam.truecryptMode = truecryptMode;
result = DialogBoxParamW (hInst,
@@ -773,6 +814,7 @@ int ExtcvAskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL*
{
password->Length = 0;
*pkcs5 = 0;
+ *pin = 0;
*truecryptMode = FALSE;
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
diff --git a/src/ExpandVolume/resource.h b/src/ExpandVolume/resource.h
index 9e2a2d87..29a451db 100644
--- a/src/ExpandVolume/resource.h
+++ b/src/ExpandVolume/resource.h
@@ -66,6 +66,13 @@
#define IDC_EDIT1 1114
#define IDC_BOX_STATUS 1114
#define IDC_TRUECRYPT_MODE 1140
+#define IDC_PREF_TEMP_CACHE_ON_MULTIPLE_MOUNT 1141
+#define IDT_PIN 1142
+#define IDC_PIN 1143
+#define IDC_PIN_HELP 1144
+#define IDT_OLD_PIN 1145
+#define IDC_OLD_PIN 1146
+#define IDC_OLD_PIN_HELP 1147
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -137,7 +144,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40064
-#define _APS_NEXT_CONTROL_VALUE 1116
+#define _APS_NEXT_CONTROL_VALUE 1148
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index 51564a64..c4e50fdd 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -79,23 +79,23 @@ IDR_FORMAT_TLB TYPELIB "Format.tlb"
// Dialog
//
-IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 400, 209
+IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 400, 229
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Creation Wizard"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "&Help",IDHELP,176,189,50,14
- PUSHBUTTON "",IDC_PREV,235,189,50,14
- DEFPUSHBUTTON "",IDC_NEXT,285,189,50,14
- PUSHBUTTON "Cancel",IDCANCEL,343,189,50,14
+ PUSHBUTTON "&Help",IDHELP,176,209,50,14
+ PUSHBUTTON "",IDC_PREV,235,209,50,14
+ DEFPUSHBUTTON "",IDC_NEXT,285,209,50,14
+ PUSHBUTTON "Cancel",IDCANCEL,343,209,50,14
LTEXT "",IDC_BOX_TITLE,160,8,233,17
- GROUPBOX "",IDC_STATIC,4,0,392,183
+ GROUPBOX "",IDC_STATIC,4,0,392,203
CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,169
- LTEXT "",IDC_POS_BOX,160,24,231,152
+ LTEXT "",IDC_POS_BOX,160,24,231,172
END
-IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -110,21 +110,24 @@ BEGIN
LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,97,124,115,8,SS_NOTIFY
END
-IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PASSWORD,53,3,163,14,ES_PASSWORD | ES_AUTOHSCROLL
EDITTEXT IDC_VERIFY,53,19,163,14,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,45,95,11,WS_EX_TRANSPARENT
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,35,95,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,36,64,14,WS_DISABLED
+ EDITTEXT IDC_PIN,53,35,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,65,95,11,WS_EX_TRANSPARENT
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,53,55,95,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,152,56,64,14,WS_DISABLED
RTEXT "Password:",IDT_PASSWORD,1,6,50,8
RTEXT "&Confirm:",IDT_CONFIRM,1,23,50,8
- LTEXT "",IDC_BOX_HELP,0,59,225,89
+ LTEXT "",IDC_BOX_HELP,0,79,225,89
+ RTEXT "Volume Pin:",IDT_PIN,1,38,50,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,97,38,126,8
END
-IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -136,17 +139,17 @@ BEGIN
LTEXT "",IDC_SPACE_LEFT,0,44,214,21
END
-IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_VOLUME_LOCATION_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
COMBOBOX IDC_COMBO_BOX,0,9,148,80,CBS_DROPDOWN | CBS_AUTOHSCROLL | WS_VSCROLL | WS_TABSTOP
CONTROL "&Never save history",IDC_NO_HISTORY,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,3,28,137,10
PUSHBUTTON "",IDC_SELECT_VOLUME_LOCATION,155,9,62,14
- LTEXT "",IDC_BOX_HELP,0,45,219,104
+ LTEXT "",IDC_BOX_HELP,0,45,219,108
END
-IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_FORMAT_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -176,7 +179,7 @@ BEGIN
CONTROL "",IDC_RANDOM_BYTES,"Static",SS_SIMPLE | WS_GROUP,57,38,155,8,WS_EX_TRANSPARENT
END
-IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_INTRO_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -193,22 +196,22 @@ BEGIN
LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,100,205,33
END
-IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "",IDC_BOX_HELP,0,10,225,137
END
-IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,6,226,130
- PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,136,85,14
+ LTEXT "",IDC_BOX_HELP,0,6,226,138
+ PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,146,85,14
END
-IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -218,32 +221,35 @@ BEGIN
LTEXT "",IDC_BOX_HELP2,16,89,205,50
END
-IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_PASSWORD_ENTRY_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PASSWORD_DIRECT,50,2,149,14,ES_PASSWORD | ES_AUTOHSCROLL
COMBOBOX IDC_PKCS5_PRF_ID,50,17,91,90,CBS_DROPDOWNLIST | WS_TABSTOP
- CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,31,84,11,WS_EX_TRANSPARENT
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,42,82,11
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,142,39,64,14
- LTEXT "",IDC_BOX_HELP,0,57,225,94
+ EDITTEXT IDC_PIN,50,32,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "&Display password",IDC_SHOW_PASSWORD_SINGLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,46,84,11,WS_EX_TRANSPARENT
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,50,57,82,11
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,142,54,64,14
+ LTEXT "",IDC_BOX_HELP,0,74,225,94
RTEXT "Password:",IDT_PASSWORD,0,6,48,8
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,17,48,8
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,19,48,8
+ RTEXT "Volume PIN:",IDT_PIN,0,34,48,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,96,34,127,8
END
-IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_VOLUME_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Standard VeraCrypt volume",IDC_STD_VOL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
CONTROL "Hi&dden VeraCrypt volume ",IDC_HIDDEN_VOL,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,125,205,10,SS_NOTIFY
+ LTEXT "More information about hidden volumes",IDC_HIDDEN_VOL_HELP,16,126,205,10,SS_NOTIFY
LTEXT "",IDC_BOX_HELP_NORMAL_VOL,16,20,205,25
LTEXT "",IDC_BOX_HELP,16,66,205,57
END
-IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_SPAN_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -251,19 +257,19 @@ BEGIN
"Button",BS_AUTORADIOBUTTON,0,7,212,10
CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,53,212,10
LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,205,32
- LTEXT "",IDT_WHOLE_SYS_DRIVE,16,66,205,79
+ LTEXT "",IDT_WHOLE_SYS_DRIVE,16,70,205,95
END
-IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,135,163,13,ES_AUTOHSCROLL
- PUSHBUTTON "Bro&wse...",IDC_BROWSE,166,134,59,14
- LTEXT "",IDT_RESCUE_DISK_INFO,0,1,225,129
+ EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,152,163,13,ES_AUTOHSCROLL
+ PUSHBUTTON "Bro&wse...",IDC_BROWSE,166,151,59,14
+ LTEXT "",IDT_RESCUE_DISK_INFO,0,1,225,145
END
-IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -273,7 +279,7 @@ BEGIN
GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,222,88
END
-IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_MULTI_BOOT_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -283,7 +289,7 @@ BEGIN
LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,66,205,72
END
-IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -291,7 +297,7 @@ BEGIN
LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,225,128
END
-IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -300,7 +306,7 @@ BEGIN
LTEXT "",IDT_WIPE_MODE_INFO,0,19,225,128
END
-IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -320,7 +326,7 @@ BEGIN
GROUPBOX "",IDC_STATIC,0,32,225,41
END
-IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -334,7 +340,7 @@ BEGIN
GROUPBOX "",-1,0,65,225,26
END
-IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -343,7 +349,7 @@ BEGIN
LTEXT "",IDC_BOX_HELP,1,34,220,112
END
-IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -352,18 +358,18 @@ BEGIN
LTEXT "Progress:",IDT_PROGRESS,2,104,57,8
END
-IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,212,10
CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,53,212,10
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,138,205,10,SS_NOTIFY
+ LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,148,205,10,SS_NOTIFY
LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,205,25
- LTEXT "",IDC_BOX_HELP,16,66,205,72
+ LTEXT "",IDC_BOX_HELP,16,67,205,72
END
-IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -371,7 +377,7 @@ BEGIN
LTEXT "",IDC_BOX_HELP,0,2,225,136
END
-IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
@@ -390,7 +396,7 @@ BEGIN
LTEXT "",IDC_WIPE_MODE,67,21,125,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
END
-IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_DEVICE_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -399,7 +405,7 @@ BEGIN
LTEXT "",IDT_WIPE_MODE_INFO,0,29,225,122
END
-IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 226, 152
+IDD_DEVICE_TRANSFORM_MODE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -408,10 +414,10 @@ BEGIN
CONTROL "Encrypt partition in place",IDC_DEVICE_TRANSFORM_MODE_INPLACE,
"Button",BS_AUTORADIOBUTTON,0,98,217,10
LTEXT "",IDC_BOX_HELP,16,21,205,74
- LTEXT "",IDC_BOX_HELP2,16,111,205,34
+ LTEXT "",IDC_BOX_HELP2,16,112,205,53
END
-IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 226, 152
+IDD_EXPANDED_LIST_SELECT_PAGE_DLG DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -419,7 +425,7 @@ BEGIN
LISTBOX IDC_LIST_BOX,0,3,222,100,LBS_NOINTEGRALHEIGHT | LBS_DISABLENOSCROLL | WS_VSCROLL
END
-IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 226, 152
+IDD_DRIVE_LETTER_SELECTION_PAGE DIALOGEX 0, 0, 226, 172
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
@@ -468,38 +474,38 @@ BEGIN
BEGIN
RIGHTMARGIN, 393
TOPMARGIN, 1
- BOTTOMMARGIN, 207
- HORZGUIDE, 196
+ BOTTOMMARGIN, 227
+ HORZGUIDE, 216
END
IDD_CIPHER_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 141
+ BOTTOMMARGIN, 161
END
IDD_PASSWORD_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 123
+ BOTTOMMARGIN, 143
END
IDD_SIZE_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_VOLUME_LOCATION_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 147
+ BOTTOMMARGIN, 167
END
IDD_FORMAT_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -509,7 +515,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_INFO_PAGE_DLG, DIALOG
@@ -517,7 +523,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_HIDVOL_HOST_FILL_PAGE_DLG, DIALOG
@@ -525,7 +531,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_HIDDEN_VOL_WIZARD_MODE_PAGE_DLG, DIALOG
@@ -533,13 +539,13 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_PASSWORD_ENTRY_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 123
+ BOTTOMMARGIN, 143
END
IDD_VOLUME_TYPE_PAGE_DLG, DIALOG
@@ -547,7 +553,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_SYSENC_SPAN_PAGE_DLG, DIALOG
@@ -555,19 +561,19 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_SYSENC_RESCUE_DISK_CREATION_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 147
+ BOTTOMMARGIN, 167
END
IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -577,13 +583,13 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 147
+ BOTTOMMARGIN, 167
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG, DIALOG
@@ -591,13 +597,13 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -605,7 +611,7 @@ BEGIN
IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -615,13 +621,13 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_SYSENC_DRIVE_ANALYSIS_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -631,19 +637,19 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 223
- BOTTOMMARGIN, 147
+ BOTTOMMARGIN, 167
END
IDD_DEVICE_WIPE_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 217
- BOTTOMMARGIN, 133
+ BOTTOMMARGIN, 153
HORZGUIDE, 80
HORZGUIDE, 96
END
@@ -653,7 +659,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_DEVICE_TRANSFORM_MODE_DLG, DIALOG
@@ -661,7 +667,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_EXPANDED_LIST_SELECT_PAGE_DLG, DIALOG
@@ -669,7 +675,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
IDD_DRIVE_LETTER_SELECTION_PAGE, DIALOG
@@ -677,7 +683,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 219
TOPMARGIN, 7
- BOTTOMMARGIN, 145
+ BOTTOMMARGIN, 165
END
END
#endif // APSTUDIO_INVOKED
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index cf96b813..043c1cd7 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -570,6 +570,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
FIRST_MODE_OF_OPERATION_ID,
volParams->password,
volParams->pkcs5,
+ volParams->pin,
wipePass == 0 ? NULL : (char *) cryptoInfo->master_keydata,
&cryptoInfo,
dataAreaSize,
@@ -609,7 +610,7 @@ int EncryptPartitionInPlaceBegin (volatile FORMAT_VOL_PARAMETERS *volParams, vol
/* Now we will try to decrypt the backup header to verify it has been correctly written. */
- nStatus = OpenBackupHeader (dev, volParams->volumePath, volParams->password, volParams->pkcs5,&cryptoInfo2, NULL, deviceSize);
+ nStatus = OpenBackupHeader (dev, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pin, &cryptoInfo2, NULL, deviceSize);
if (nStatus != ERR_SUCCESS
|| cryptoInfo->EncryptedAreaStart.Value != cryptoInfo2->EncryptedAreaStart.Value
@@ -725,6 +726,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
char *devicePath = volParams->volumePath;
Password *password = volParams->password;
int pkcs5_prf = volParams->pkcs5;
+ int pin = volParams->pin;
DISK_GEOMETRY driveGeometry;
HWND hwndDlg = volParams->hwndDlg;
@@ -818,7 +820,7 @@ int EncryptPartitionInPlaceResume (HANDLE dev,
sectorSize = driveGeometry.BytesPerSector;
- nStatus = OpenBackupHeader (dev, devicePath, password, pkcs5_prf, &masterCryptoInfo, headerCryptoInfo, deviceSize);
+ nStatus = OpenBackupHeader (dev, devicePath, password, pkcs5_prf, pin, &masterCryptoInfo, headerCryptoInfo, deviceSize);
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -1048,6 +1050,7 @@ inplace_enc_read:
headerCryptoInfo->mode,
password,
masterCryptoInfo->pkcs5,
+ pin,
(char *) masterCryptoInfo->master_keydata,
&tmpCryptoInfo,
masterCryptoInfo->VolumeSize.Value,
@@ -1198,6 +1201,7 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
Password *password = volParams->password;
HWND hwndDlg = volParams->hwndDlg;
int pkcs5_prf = volParams->pkcs5;
+ int pin = volParams->pin;
DISK_GEOMETRY driveGeometry;
@@ -1291,7 +1295,7 @@ int DecryptPartitionInPlace (volatile FORMAT_VOL_PARAMETERS *volParams, volatile
}
- nStatus = OpenBackupHeader (dev, devicePath, password, pkcs5_prf, &masterCryptoInfo, headerCryptoInfo, deviceSize);
+ nStatus = OpenBackupHeader (dev, devicePath, password, pkcs5_prf, pin, &masterCryptoInfo, headerCryptoInfo, deviceSize);
if (nStatus != ERR_SUCCESS)
goto closing_seq;
@@ -2081,7 +2085,7 @@ closing_seq:
}
-static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *password, int pkcs5, PCRYPTO_INFO *retMasterCryptoInfo, CRYPTO_INFO *headerCryptoInfo, __int64 deviceSize)
+static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *password, int pkcs5, int pin, PCRYPTO_INFO *retMasterCryptoInfo, CRYPTO_INFO *headerCryptoInfo, __int64 deviceSize)
{
LARGE_INTEGER offset;
DWORD n;
@@ -2107,7 +2111,7 @@ static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *passw
}
- nStatus = ReadVolumeHeader (FALSE, header, password, pkcs5, FALSE, retMasterCryptoInfo, headerCryptoInfo);
+ nStatus = ReadVolumeHeader (FALSE, header, password, pkcs5, pin, FALSE, retMasterCryptoInfo, headerCryptoInfo);
if (nStatus != ERR_SUCCESS)
goto closing_seq;
diff --git a/src/Format/InPlace.h b/src/Format/InPlace.h
index 6b59bbd4..d482c714 100644
--- a/src/Format/InPlace.h
+++ b/src/Format/InPlace.h
@@ -40,7 +40,7 @@ static int ConcealNTFS (HANDLE dev);
BOOL SaveNonSysInPlaceEncSettings (int delta, WipeAlgorithmId wipeAlgorithm, BOOL bDecrypting);
static void ExportProgressStats (__int64 bytesDone, __int64 totalSize);
int ZeroUnreadableSectors (HANDLE dev, LARGE_INTEGER startOffset, int64 size, int sectorSize, uint64 *zeroedSectorCount);
-static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *password, int pkcs5, PCRYPTO_INFO *retCryptoInfo, CRYPTO_INFO *headerCryptoInfo, __int64 deviceSize);
+static int OpenBackupHeader (HANDLE dev, const char *devicePath, Password *password, int pkcs5, int pin, PCRYPTO_INFO *retCryptoInfo, CRYPTO_INFO *headerCryptoInfo, __int64 deviceSize);
BOOL MoveClustersBeforeThreshold (HANDLE volumeHandle, PWSTR volumeDevicePath, int64 clusterThreshold);
#ifdef __cplusplus
diff --git a/src/Format/Resource.h b/src/Format/Resource.h
index feba5ec3..2dc03faa 100644
--- a/src/Format/Resource.h
+++ b/src/Format/Resource.h
@@ -138,8 +138,12 @@
#define IDT_PASS 1100
#define IDC_DEVICE_TRANSFORM_MODE_FORMAT 1101
#define IDC_DEVICE_TRANSFORM_MODE_INPLACE 1102
-#define IDC_DRIVE_LETTER_LIST 1103
-#define IDT_DRIVE_LETTER 1104
+#define IDC_DRIVE_LETTER_LIST 1103
+#define IDT_DRIVE_LETTER 1104
+#define IDT_PIN 1105
+#define IDC_PIN 1106
+#define IDC_PIN_HELP 1107
+#define IDC_EDIT1 1108
// Next default values for new objects
//
@@ -148,7 +152,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 133
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1105
+#define _APS_NEXT_CONTROL_VALUE 1109
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index bc59a433..574d61eb 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -228,6 +228,7 @@ Password volumePassword; /* User password */
char szVerify[MAX_PASSWORD + 1]; /* Tmp password buffer */
char szRawPassword[MAX_PASSWORD + 1]; /* Password before keyfile was applied to it */
+int volumePin = 0;
BOOL bHistoryCmdLine = FALSE; /* History control is always disabled */
BOOL ComServerMode = FALSE;
@@ -278,7 +279,7 @@ void CALLBACK ResumeInPlaceEncWaitThreadProc(void* pArg, HWND hwndDlg)
if (device.Path == szDevicePath)
{
OpenVolumeContext volume;
- int status = OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, FALSE, FALSE, FALSE, TRUE);
+ int status = OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, volumePin, FALSE, FALSE, FALSE, TRUE);
if ( status == ERR_SUCCESS)
{
@@ -324,7 +325,7 @@ void CALLBACK ResumeInPlaceEncWaitThreadProc(void* pArg, HWND hwndDlg)
OpenVolumeContext volume;
- if (OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, FALSE, FALSE, FALSE, TRUE) == ERR_SUCCESS)
+ if (OpenVolume (&volume, device.Path.c_str(), &volumePassword, hash_algo, volumePin, FALSE, FALSE, FALSE, TRUE) == ERR_SUCCESS)
{
if ((volume.CryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0
&& volume.CryptoInfo->EncryptedAreaLength.Value != volume.CryptoInfo->VolumeSize.Value)
@@ -2500,6 +2501,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
volParams->sectorSize = GetFormatSectorSize();
volParams->realClusterSize = &realClusterSize;
volParams->password = &volumePassword;
+ volParams->pin = volumePin;
volParams->hwndDlg = hwndDlg;
if (bInPlaceDecNonSys)
@@ -2571,7 +2573,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
if (bHiddenVolHost && !bVolTransformThreadCancel && nStatus == 0)
{
/* Auto mount the newly created hidden volume host */
- switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, FALSE))
+ switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, volumePin, FALSE))
{
case ERR_NO_FREE_DRIVES:
MessageBoxW (hwndDlg, GetString ("NO_FREE_DRIVE_FOR_OUTER_VOL"), lpszTitle, ICON_HAND);
@@ -4064,6 +4066,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD_DIRECT));
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, MAX_PIN, 0);
+ if (volumePin > 0)
+ {
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_PIN), szTmp);
+ }
+
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (bInPlaceEncNonSys ? (bInPlaceEncNonSysResumed ? "NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE_HELP" : "NONSYS_INPLACE_DEC_PASSWORD_PAGE_HELP") : "PASSWORD_HIDDENVOL_HOST_DIRECT_HELP"));
@@ -4084,7 +4094,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
wchar_t str[1000];
hPasswordInputField = GetDlgItem (hwndDlg, IDC_PASSWORD);
- hVerifyPasswordInputField = GetDlgItem (hwndDlg, IDC_VERIFY);
+ hVerifyPasswordInputField = GetDlgItem (hwndDlg, IDC_VERIFY);
if (SysEncInEffect ())
{
@@ -4138,6 +4148,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIN: MAX_PIN, 0);
+ if (volumePin > 0)
+ {
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_PIN), szTmp);
+ }
+
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable);
@@ -4164,6 +4182,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
NULL,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+
}
break;
@@ -6941,16 +6960,24 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+ volumePin = GetPin (hCurPage, IDC_PIN);
+
if (volumePassword.Length > 0)
- {
+ {
// Password character encoding
if (!CheckPasswordCharEncoding (GetDlgItem (hCurPage, IDC_PASSWORD), NULL))
{
Error ("UNSUPPORTED_CHARS_IN_PWD", hwndDlg);
return 1;
}
+ else if (SysEncInEffect() && (volumePin > MAX_BOOT_PIN_VALUE))
+ {
+ SetFocus (GetDlgItem(hCurPage, IDC_PIN));
+ Error ("PIN_SYSENC_TOO_BIG", hwndDlg);
+ return 1;
+ }
// Check password length (check also done for outer volume which is not the case in TrueCrypt).
- else if (!CheckPasswordLength (hwndDlg, GetDlgItem (hCurPage, IDC_PASSWORD)))
+ else if (!CheckPasswordLength (hwndDlg, GetDlgItem (hCurPage, IDC_PASSWORD), volumePin, SysEncInEffect()))
{
return 1;
}
@@ -7013,6 +7040,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
hash_algo = (int) SendMessage (GetDlgItem (hCurPage, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hCurPage, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
+ volumePin = GetPin (hCurPage, IDC_PIN);
+
// Store the password in case we need to restore it after keyfile is applied to it
GetWindowText (GetDlgItem (hCurPage, IDC_PASSWORD_DIRECT), szRawPassword, sizeof (szRawPassword));
@@ -7050,7 +7079,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
// Mount the hidden volume host as read-only (to ensure consistent and secure
// results of the volume bitmap scanning)
- switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, TRUE))
+ switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, volumePin, TRUE))
{
case ERR_NO_FREE_DRIVES:
NormalCursor ();
@@ -7218,7 +7247,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
// Check that it is not a hidden or legacy volume
- if (MountVolume (hwndDlg, driveNo, szFileName, &volumePassword, hash_algo, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+ if (MountVolume (hwndDlg, driveNo, szFileName, &volumePassword, hash_algo, volumePin, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
NormalCursor();
return 1;
@@ -7260,7 +7289,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
mountOptions.UseBackupHeader = TRUE; // This must be TRUE at this point (we won't be using the regular header, which will be lost soon after the decryption process starts)
- if (MountVolume (hwndDlg, driveNo, szFileName, &volumePassword, hash_algo, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+ if (MountVolume (hwndDlg, driveNo, szFileName, &volumePassword, hash_algo, volumePin, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
NormalCursor();
return 1;
@@ -7326,7 +7355,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
try
{
WaitCursor();
- BootEncObj->PrepareInstallation (!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, "");
+ BootEncObj->PrepareInstallation (!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, volumePin, "");
}
catch (Exception &e)
{
@@ -7872,7 +7901,7 @@ retryCDDriveCheck:
{
// Remount the hidden volume host as read-only (to ensure consistent and secure
// results of the volume bitmap scanning)
- switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, TRUE))
+ switch (MountHiddenVolHost (hwndDlg, szDiskFile, &hiddenVolHostDriveNo, &volumePassword, hash_algo, volumePin, TRUE))
{
case ERR_NO_FREE_DRIVES:
MessageBoxW (hwndDlg, GetString ("NO_FREE_DRIVE_FOR_OUTER_VOL"), lpszTitle, ICON_HAND);
@@ -8096,6 +8125,8 @@ ovf_end:
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+ volumePin = GetPin (hCurPage, IDC_PIN);
+
nNewPageNo = SIZE_PAGE + 1; // Skip the hidden volume host password page
if (SysEncInEffect ())
@@ -8691,7 +8722,7 @@ efsf_error:
// Mounts a volume within which the user intends to create a hidden volume
-int MountHiddenVolHost (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5_prf, BOOL bReadOnly)
+int MountHiddenVolHost (HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5_prf, int pin, BOOL bReadOnly)
{
MountOptions mountOptions;
ZeroMemory (&mountOptions, sizeof (mountOptions));
@@ -8711,7 +8742,7 @@ int MountHiddenVolHost (HWND hwndDlg, char *volumePath, int *driveNo, Password *
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
- if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5_prf, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
+ if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5_prf, pin, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
*driveNo = -3;
return ERR_VOL_MOUNT_FAILED;
diff --git a/src/Format/Tcformat.h b/src/Format/Tcformat.h
index 15a81534..11d5b354 100644
--- a/src/Format/Tcformat.h
+++ b/src/Format/Tcformat.h
@@ -68,7 +68,7 @@ static void NonSysInplaceEncPause (void);
static void NonSysInplaceEncResume (void);
void ShowNonSysInPlaceEncUIStatus (void);
void UpdateNonSysInPlaceEncControls (void);
-int MountHiddenVolHost ( HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5_prf, BOOL bReadOnly );
+int MountHiddenVolHost ( HWND hwndDlg, char *volumePath, int *driveNo, Password *password, int pkcs5_prf, int pin, BOOL bReadOnly );
int AnalyzeHiddenVolumeHost (HWND hwndDlg, int *driveNo, __int64 hiddenVolHostSize, int *realClusterSize, __int64 *pnbrFreeClusters);
int ScanVolClusterBitmap ( HWND hwndDlg, int *driveNo, __int64 nbrClusters, __int64 *nbrFreeClusters);
static void WipeStart (void);
diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp
index 69f8bd4e..b527d428 100644
--- a/src/Mount/MainCom.cpp
+++ b/src/Mount/MainCom.cpp
@@ -67,6 +67,12 @@ public:
return S_OK;
}
+ virtual void STDMETHODCALLTYPE AnalyzeKernelMiniDump (LONG_PTR hwndDlg)
+ {
+ // Do nothing
+ MainDlg = (HWND) hwndDlg;
+ }
+
virtual int STDMETHODCALLTYPE BackupVolumeHeader (LONG_PTR hwndDlg, BOOL bRequireConfirmation, BSTR lpszVolume)
{
USES_CONVERSION;
@@ -100,7 +106,7 @@ public:
CW2A volumePathA(volumePath);
MainDlg = (HWND) hWnd;
if (volumePathA.m_psz)
- return ::ChangePwd (volumePathA.m_psz, oldPassword, 0, FALSE, newPassword, pkcs5, wipePassCount, (HWND) hWnd);
+ return ::ChangePwd (volumePathA.m_psz, oldPassword, 0, 0, FALSE, newPassword, pkcs5, 0, wipePassCount, (HWND) hWnd);
else
return ERR_OUTOFMEMORY;
}
@@ -151,7 +157,7 @@ public:
CW2A volumePathA(volumePath);
MainDlg = (HWND) hWnd;
if (volumePathA.m_psz)
- return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, FALSE, newPassword, pkcs5, wipePassCount, (HWND) hWnd);
+ return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, 0, FALSE, newPassword, pkcs5, 0, wipePassCount, (HWND) hWnd);
else
return ERR_OUTOFMEMORY;
}
@@ -162,7 +168,18 @@ public:
CW2A volumePathA(volumePath);
MainDlg = (HWND) hWnd;
if (volumePathA.m_psz)
- return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, truecryptMode, newPassword, pkcs5, wipePassCount, (HWND) hWnd);
+ return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, 0, truecryptMode, newPassword, pkcs5, 0, wipePassCount, (HWND) hWnd);
+ else
+ return ERR_OUTOFMEMORY;
+ }
+
+ virtual int STDMETHODCALLTYPE ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, LONG_PTR hWnd)
+ {
+ USES_CONVERSION;
+ CW2A volumePathA(volumePath);
+ MainDlg = (HWND) hWnd;
+ if (volumePathA.m_psz)
+ return ::ChangePwd (volumePathA.m_psz, oldPassword, old_pkcs5, old_pin, truecryptMode, newPassword, pkcs5, pin, wipePassCount, (HWND) hWnd);
else
return ERR_OUTOFMEMORY;
}
@@ -280,7 +297,7 @@ extern "C" int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume)
}
-extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg)
+extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg)
{
CComPtr<ITrueCryptMainCom> tc;
int r;
@@ -294,7 +311,7 @@ extern "C" int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pk
{
volumeBstr.Attach (bstr);
- r = tc->ChangePasswordEx2 (volumeBstr, oldPassword, old_pkcs5, truecryptMode, newPassword, pkcs5, wipePassCount, (LONG_PTR) hwndDlg);
+ r = tc->ChangePasswordEx3 (volumeBstr, oldPassword, old_pkcs5, old_pin, truecryptMode, newPassword, pkcs5, pin, wipePassCount, (LONG_PTR) hwndDlg);
}
else
r = ERR_OUTOFMEMORY;
diff --git a/src/Mount/MainCom.h b/src/Mount/MainCom.h
index c42094da..0a2afe60 100644
--- a/src/Mount/MainCom.h
+++ b/src/Mount/MainCom.h
@@ -22,7 +22,7 @@ extern "C" {
BOOL ComServerMain ();
int UacBackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, char *lpszVolume);
int UacRestoreVolumeHeader (HWND hwndDlg, char *lpszVolume);
-int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, HWND hwndDlg);
+int UacChangePwd (char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, HWND hwndDlg);
#ifdef __cplusplus
}
diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl
index 6f04bef3..91eacb6e 100644
--- a/src/Mount/MainCom.idl
+++ b/src/Mount/MainCom.idl
@@ -24,6 +24,7 @@ library TrueCryptMainCom
]
interface ITrueCryptMainCom : IUnknown
{
+ void AnalyzeKernelMiniDump (LONG_PTR hwndDlg);
int BackupVolumeHeader (LONG_PTR hwndDlg, BOOL bRequireConfirmation, BSTR lpszVolume);
DWORD CallDriver (DWORD ioctl, BSTR input, BSTR *output);
int ChangePassword (BSTR volumePath, Password *oldPassword, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
@@ -38,6 +39,7 @@ library TrueCryptMainCom
DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
+ int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pin, BOOL truecryptMode, Password *newPassword, int pkcs5, int pin, int wipePassCount, LONG_PTR hWnd);
};
[
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index 87f4acd0..7f8cbca2 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -123,6 +123,8 @@ Password VolumePassword; /* Password used for mounting volumes */
Password CmdVolumePassword; /* Password passed from command line */
int VolumePkcs5 = 0;
int CmdVolumePkcs5 = 0;
+int VolumePin = 0;
+int CmdVolumePin = 0;
int DefaultVolumePkcs5 = 0;
BOOL VolumeTrueCryptMode = FALSE;
BOOL CmdVolumeTrueCryptMode = FALSE;
@@ -220,6 +222,8 @@ static void localcleanup (void)
burn (&CmdVolumePassword, sizeof (CmdVolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&CmdVolumePkcs5, sizeof (CmdVolumePkcs5));
+ burn (&VolumePin, sizeof (VolumePin));
+ burn (&CmdVolumePin, sizeof (CmdVolumePin));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&CmdVolumeTrueCryptMode, sizeof (CmdVolumeTrueCryptMode));
burn (&mountOptions, sizeof (mountOptions));
@@ -682,6 +686,7 @@ void LoadSettings (HWND hwndDlg)
defaultMountOptions.ReadOnly = ConfigReadInt ("MountVolumesReadOnly", FALSE);
defaultMountOptions.ProtectHiddenVolume = FALSE;
defaultMountOptions.ProtectedHidVolPkcs5Prf = 0;
+ defaultMountOptions.ProtectedHidVolPin = 0;
defaultMountOptions.PartitionInInactiveSysEncScope = FALSE;
defaultMountOptions.RecoveryMode = FALSE;
defaultMountOptions.UseBackupHeader = FALSE;
@@ -1683,8 +1688,10 @@ typedef struct
{
Password *oldPassword;
int old_pkcs5;
+ int old_pin;
Password *newPassword;
int pkcs5;
+ int pin;
int wipePassCount;
BOOL truecryptMode;
int* pnStatus;
@@ -1711,7 +1718,7 @@ void CALLBACK ChangePwdWaitThreadProc(void* pArg, HWND hwndDlg)
try
{
- *pThreadParam->pnStatus = BootEncObj->ChangePassword (pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg);
+ *pThreadParam->pnStatus = BootEncObj->ChangePassword (pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pin, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pin, pThreadParam->wipePassCount, hwndDlg);
}
catch (Exception &e)
{
@@ -1723,14 +1730,14 @@ void CALLBACK ChangePwdWaitThreadProc(void* pArg, HWND hwndDlg)
{
// Non-system
- *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg);
+ *pThreadParam->pnStatus = ChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pin, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pin, pThreadParam->wipePassCount, hwndDlg);
if (*pThreadParam->pnStatus == ERR_OS_ERROR
&& GetLastError () == ERROR_ACCESS_DENIED
&& IsUacSupported ()
&& IsVolumeDeviceHosted (szFileName))
{
- *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->wipePassCount, hwndDlg);
+ *pThreadParam->pnStatus = UacChangePwd (szFileName, pThreadParam->oldPassword, pThreadParam->old_pkcs5, pThreadParam->old_pin, pThreadParam->truecryptMode, pThreadParam->newPassword, pThreadParam->pkcs5, pThreadParam->pin, pThreadParam->wipePassCount, hwndDlg);
}
}
}
@@ -1847,6 +1854,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
LocalizeDialog (hwndDlg, "IDD_PCDM_CHANGE_PKCS5_PRF");
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE);
@@ -1860,6 +1868,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
newKeyFilesParam.EnableKeyFiles = TRUE;
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_NEW_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_CONFIRM_PASSWORD), FALSE);
@@ -1877,6 +1886,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_KEYFILES), TRUE);
EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE);
@@ -2186,11 +2196,19 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
BOOL truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
+ int old_pin = GetPin (hwndDlg, IDC_OLD_PIN);
+ int pin = GetPin (hwndDlg, IDC_PIN);
+
if (truecryptMode && (old_pkcs5 == SHA256))
{
Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
return 1;
}
+ else if (truecryptMode && (old_pin != 0))
+ {
+ Error ("PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
+ return 1;
+ }
if (!CheckPasswordCharEncoding (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL))
{
@@ -2198,6 +2216,13 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
return 1;
}
+ if (bSysEncPwdChangeDlgMode && (pin > MAX_BOOT_PIN_VALUE))
+ {
+ SetFocus (GetDlgItem(hwndDlg, IDC_PIN));
+ Error ("PIN_SYSENC_TOO_BIG", hwndDlg);
+ return 1;
+ }
+
if (pwdChangeDlgMode == PCDM_CHANGE_PKCS5_PRF)
{
newKeyFilesParam.EnableKeyFiles = KeyFilesEnable;
@@ -2205,7 +2230,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
else if (!(newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL)
&& pwdChangeDlgMode == PCDM_CHANGE_PASSWORD)
{
- if (!CheckPasswordLength (hwndDlg, GetDlgItem (hwndDlg, IDC_PASSWORD)))
+ if (!CheckPasswordLength (hwndDlg, GetDlgItem (hwndDlg, IDC_PASSWORD), pin, bSysEncPwdChangeDlgMode))
return 1;
}
@@ -2221,6 +2246,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
case PCDM_CHANGE_PKCS5_PRF:
memcpy (newPassword.Text, oldPassword.Text, sizeof (newPassword.Text));
newPassword.Length = (unsigned __int32) strlen ((char *) oldPassword.Text);
+ pin = old_pin;
break;
default:
@@ -2245,8 +2271,10 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
ChangePwdThreadParam changePwdParam;
changePwdParam.oldPassword = &oldPassword;
changePwdParam.old_pkcs5 = old_pkcs5;
+ changePwdParam.old_pin = old_pin;
changePwdParam.newPassword = &newPassword;
changePwdParam.pkcs5 = pkcs5;
+ changePwdParam.pin = pin;
changePwdParam.wipePassCount = GetWipePassCount(headerWiperMode);
changePwdParam.pnStatus = &nStatus;
changePwdParam.truecryptMode = truecryptMode;
@@ -2256,6 +2284,8 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
err:
burn (&oldPassword, sizeof (oldPassword));
burn (&newPassword, sizeof (newPassword));
+ burn (&old_pin, sizeof(old_pin));
+ burn (&pin, sizeof(pin));
NormalCursor ();
@@ -2299,6 +2329,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
WORD lw = LOWORD (wParam);
static Password *szXPwd;
static int *pkcs5;
+ static int *pin;
static BOOL* truecryptMode;
switch (msg)
@@ -2308,6 +2339,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
int i, nIndex, defaultPrfIndex = 0;
szXPwd = ((PasswordDlgParam *) lParam) -> password;
pkcs5 = ((PasswordDlgParam *) lParam) -> pkcs5;
+ pin = ((PasswordDlgParam *) lParam) -> pin;
truecryptMode = ((PasswordDlgParam *) lParam) -> truecryptMode;
LocalizeDialog (hwndDlg, "IDD_PASSWORD_DLG");
DragAcceptFiles (hwndDlg, TRUE);
@@ -2356,6 +2388,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_CACHE), BM_SETCHECK, bCacheInDriver ? BST_CHECKED:BST_UNCHECKED, 0);
+ SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, MAX_PIN, 0);
+
+ if (*pin > 0)
+ {
+ /* display the given PIN */
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", *pin);
+
+ SetDlgItemText (hwndDlg, IDC_PIN, szTmp);
+ }
SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable);
@@ -2453,6 +2495,19 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_SETPASSWORDCHAR, '*', 0);
InvalidateRect (GetDlgItem (hwndDlg, IDC_PASSWORD), NULL, TRUE);
+ SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES), FALSE);
+
+ if (*pin >= 0)
+ {
+ /* display the given PIN */
+ char szTmp[MAX_PIN + 1];
+ StringCbPrintfA(szTmp, sizeof(szTmp), "%d", *pin);
+
+ SetDlgItemText (hwndDlg, IDC_PIN, szTmp);
+ }
+
bPrebootPasswordDlgMode = TRUE;
}
return 1;
@@ -2504,6 +2559,8 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
/* Use default PRF specified by the user if any */
if (mountOptions.ProtectedHidVolPkcs5Prf == 0)
mountOptions.ProtectedHidVolPkcs5Prf = *pkcs5;
+ if (mountOptions.ProtectedHidVolPin == 0)
+ mountOptions.ProtectedHidVolPin = *pin;
DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_MOUNT_OPTIONS), hwndDlg,
(DLGPROC) MountOptionsDlgProc, (LPARAM) &mountOptions);
@@ -2565,6 +2622,13 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE));
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
*truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
+
+ GetWindowText (GetDlgItem (hwndDlg, IDC_PIN), tmp, MAX_PIN + 1);
+ if (strlen(tmp))
+ *pin = (int) strtol(tmp, NULL, 10); /* IDC_PIN is configured to accept only numbers */
+ else
+ *pin = 0;
+
/* SHA-256 is not supported by TrueCrypt */
if ( (*truecryptMode)
&& ((*pkcs5 == SHA256) || (mountOptions.ProtectHiddenVolume && mountOptions.ProtectedHidVolPkcs5Prf == SHA256))
@@ -2573,6 +2637,14 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
Error ("ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
return 1;
}
+
+ if ( (*truecryptMode)
+ && (*pin != 0)
+ )
+ {
+ Error ("PIN_NOT_SUPPORTED_FOR_TRUECRYPT_MODE", hwndDlg);
+ return 1;
+ }
}
// Attempt to wipe password stored in the input field buffer
@@ -3290,7 +3362,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
ListSubItemSetW (list, i++, 1, GetString (IsHiddenOSRunning() ? "TYPE_HIDDEN_SYSTEM_ADJECTIVE" : "SYSTEM_VOLUME_TYPE_ADJECTIVE"));
else
{
- bool truecryptMode = prop.pkcs5Iterations == get_pkcs5_iteration_count(prop.pkcs5, TRUE, prop.partitionInInactiveSysEncScope);
+ bool truecryptMode = prop.pkcs5Iterations == get_pkcs5_iteration_count(prop.pkcs5, 0, TRUE, prop.partitionInInactiveSysEncScope);
s = prop.hiddenVolume ? GetString ("HIDDEN") :
(prop.hiddenVolProtection != HIDVOL_PROT_STATUS_NONE ? GetString ("OUTER") : GetString ("NORMAL"));
@@ -3865,7 +3937,7 @@ LPARAM GetItemLong (HWND hTree, int itemNo)
return item.lParam;
}
-static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions)
+static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int *pin, BOOL* truecryptMode, char *titleStringId, BOOL enableMountOptions)
{
INT_PTR result;
PasswordDlgParam dlgParam;
@@ -3875,6 +3947,7 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL
dlgParam.password = password;
dlgParam.pkcs5 = pkcs5;
+ dlgParam.pin = pin;
dlgParam.truecryptMode = truecryptMode;
result = DialogBoxParamW (hInst,
@@ -3885,6 +3958,7 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, BOOL
{
password->Length = 0;
*pkcs5 = 0;
+ *pin = 0;
*truecryptMode = FALSE;
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -3920,6 +3994,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
VolumePassword.Length = 0;
VolumePkcs5 = 0;
VolumeTrueCryptMode = FALSE;
+ VolumePin = 0;
}
if (szFileName == NULL)
@@ -3956,9 +4031,9 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
WaitCursor ();
// try TrueCrypt mode first since it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
// If keyfiles are enabled, test empty password first
if (!mounted && KeyFilesEnable && FirstKeyFile)
@@ -3968,9 +4043,9 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
KeyFilesApply (hwndDlg, &emptyPassword, FirstKeyFile);
// try TrueCrypt mode first since it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
burn (&emptyPassword, sizeof (emptyPassword));
}
@@ -3979,9 +4054,9 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
if (!mounted && bCacheDuringMultipleMount && MultipleMountOperationInProgress && VolumePassword.Length != 0)
{
// try TrueCrypt mode first as it is quick
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
if (!mounted)
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
}
NormalCursor ();
@@ -4001,21 +4076,25 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
VolumePassword = CmdVolumePassword;
VolumePkcs5 = EffectiveVolumePkcs5;
VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ VolumePin = CmdVolumePin;
}
else if (!Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ int GuiPin = CmdVolumePin;
StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPin, &GuiTrueCryptMode, NULL, TRUE))
goto ret;
else
{
VolumePkcs5 = GuiPkcs5;
VolumeTrueCryptMode = GuiTrueCryptMode;
+ VolumePin = GuiPin;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
+ burn (&GuiPin, sizeof(GuiPin));
}
}
@@ -4024,7 +4103,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
if (KeyFilesEnable)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile);
- mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, !Silent);
+ mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePin, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, !Silent);
NormalCursor ();
// Check for legacy non-ASCII passwords
@@ -4040,6 +4119,7 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
+ burn (&VolumePin, sizeof (VolumePin));
}
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
@@ -4075,6 +4155,7 @@ ret:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
+ burn (&VolumePin, sizeof (VolumePin));
}
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
@@ -4304,15 +4385,18 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ int GuiPin = CmdVolumePin;
PasswordDlgVolume[0] = '\0';
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPin, &GuiTrueCryptMode, NULL, TRUE))
goto ret;
else
{
VolumePkcs5 = GuiPkcs5;
VolumeTrueCryptMode = GuiTrueCryptMode;
+ VolumePin = GuiPin;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
+ burn (&GuiPin, sizeof(GuiPin));
}
}
else if (CmdVolumePasswordValid)
@@ -4321,6 +4405,7 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt)
VolumePassword = CmdVolumePassword;
VolumePkcs5 = EffectiveVolumePkcs5;
VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode;
+ VolumePin = CmdVolumePin;
}
WaitCursor();
@@ -4374,8 +4459,8 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt)
goto ret;
// First try user password then cached passwords
- if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0
- || (mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0)
+ if ((mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, VolumePkcs5, VolumePin, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0
+ || (mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, VolumePkcs5, VolumePin, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, TRUE, FALSE)) > 0)
{
// A volume has been successfully mounted
@@ -4455,6 +4540,7 @@ static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt)
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
}
@@ -4492,6 +4578,7 @@ ret:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -5485,7 +5572,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EffectiveVolumeTrueCryptMode = DefaultVolumeTrueCryptMode;
// Cached password
- mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, NULL, EffectiveVolumePkcs5, EffectiveVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
+ mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, NULL, EffectiveVolumePkcs5, CmdVolumePin, EffectiveVolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);
// Command line password or keyfiles
if (!mounted && (CmdVolumePassword.Length != 0 || FirstCmdKeyFile))
@@ -5496,7 +5583,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
KeyFilesApply (hwndDlg, &CmdVolumePassword, FirstCmdKeyFile);
mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A',
- szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, EffectiveVolumeTrueCryptMode, bCacheInDriver, bForceMount,
+ szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, CmdVolumePin, EffectiveVolumeTrueCryptMode, bCacheInDriver, bForceMount,
&mountOptions, Silent, reportBadPasswd);
burn (&CmdVolumePassword, sizeof (CmdVolumePassword));
@@ -5512,17 +5599,20 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
while (!mounted && !Silent)
{
int GuiPkcs5 = EffectiveVolumePkcs5;
+ int GuiPin = CmdVolumePin;
BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode;
VolumePassword.Length = 0;
StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume),szFileName);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiTrueCryptMode, NULL, TRUE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPin, &GuiTrueCryptMode, NULL, TRUE))
break;
else
{
VolumePkcs5 = GuiPkcs5;
+ VolumePin = GuiPin;
VolumeTrueCryptMode = GuiTrueCryptMode;
burn (&GuiPkcs5, sizeof(GuiPkcs5));
+ burn (&GuiPin, sizeof(GuiPin));
burn (&GuiTrueCryptMode, sizeof(GuiTrueCryptMode));
}
@@ -5531,10 +5621,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile);
- mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, FALSE, TRUE);
+ mounted = MountVolume (hwndDlg, szDriveLetter[0] - 'A', szFileName, &VolumePassword, VolumePkcs5, VolumePin, VolumeTrueCryptMode, bCacheInDriver, bForceMount, &mountOptions, FALSE, TRUE);
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));
burn (&mountOptions.ProtectedHidVolPkcs5Prf, sizeof (mountOptions.ProtectedHidVolPkcs5Prf));
@@ -6254,6 +6345,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
mountOptions.ProtectedHidVolPkcs5Prf = DefaultVolumePkcs5;
else
mountOptions.ProtectedHidVolPkcs5Prf = CmdVolumePkcs5;
+ mountOptions.ProtectedHidVolPin = CmdVolumePin;
if (IDCANCEL == DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_MOUNT_OPTIONS), hwndDlg,
@@ -7387,6 +7479,7 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine)
CommandWipeCache,
OptionPkcs5,
OptionTrueCryptMode,
+ OptionPin,
};
argument args[]=
@@ -7410,6 +7503,7 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine)
{ CommandWipeCache, "/wipecache", "/w", FALSE },
{ OptionPkcs5, "/hash", NULL , FALSE },
{ OptionTrueCryptMode, "/truecrypt", "/tc", FALSE },
+ { OptionPin, "/pin", NULL, FALSE },
};
argumentspec as;
@@ -7683,6 +7777,27 @@ void ExtractCommandLine (HWND hwndDlg, char *lpszCommandLine)
AbortProcess ("COMMAND_LINE_ERROR");
}
break;
+
+ case OptionPin:
+ {
+ char szTmp[32] = {0};
+ if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs,
+ &i, nNoCommandLineArgs, szTmp, sizeof (szTmp)))
+ {
+ char* endPtr = NULL;
+ CmdVolumePin = (int) strtol(szTmp, &endPtr, 0);
+ if (CmdVolumePin < 0 || endPtr == szTmp || *endPtr != '\0')
+ {
+ CmdVolumePin = 0;
+ AbortProcess ("COMMAND_LINE_ERROR");
+ }
+
+ }
+ else
+ AbortProcess ("COMMAND_LINE_ERROR");
+ }
+ break;
+
case OptionTrueCryptMode:
CmdVolumeTrueCryptMode = TRUE;
break;
@@ -8115,6 +8230,7 @@ BOOL MountFavoriteVolumes (BOOL systemFavorites, BOOL logOnMount, BOOL hotKeyMou
mountOptions.ProtectedHidVolPkcs5Prf = DefaultVolumePkcs5;
else
mountOptions.ProtectedHidVolPkcs5Prf = CmdVolumePkcs5;
+ mountOptions.ProtectedHidVolPin = CmdVolumePin;
if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_MOUNT_OPTIONS), MainDlg, (DLGPROC) MountOptionsDlgProc, (LPARAM) &mountOptions) == IDCANCEL)
{
status = FALSE;
@@ -8167,6 +8283,7 @@ skipMount:
MultipleMountOperationInProgress = FALSE;
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
if (status && CloseSecurityTokenSessionsAfterMount)
@@ -8373,6 +8490,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const char *lps
OpenVolumeContext volume;
OpenVolumeContext hiddenVolume;
Password hiddenVolPassword;
+ int hiddenVolPkcs5 = 0, hiddenVolPin = 0;
byte temporaryKey[MASTER_KEYDATA_SIZE];
byte originalK2[MASTER_KEYDATA_SIZE];
@@ -8418,10 +8536,12 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const char *lps
{
OpenVolumeContext *askVol = (type == TC_VOLUME_TYPE_HIDDEN ? &hiddenVolume : &volume);
Password *askPassword = (type == TC_VOLUME_TYPE_HIDDEN ? &hiddenVolPassword : &VolumePassword);
+ int* askPkcs5 = (type == TC_VOLUME_TYPE_HIDDEN ? &hiddenVolPkcs5 : &VolumePkcs5);
+ int* askPin = (type == TC_VOLUME_TYPE_HIDDEN ? &hiddenVolPin : &VolumePin);
while (TRUE)
{
- if (!AskVolumePassword (hwndDlg, askPassword, &VolumePkcs5, &VolumeTrueCryptMode, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE))
+ if (!AskVolumePassword (hwndDlg, askPassword, askPkcs5, askPin, &VolumeTrueCryptMode, type == TC_VOLUME_TYPE_HIDDEN ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD", FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -8432,7 +8552,7 @@ int BackupVolumeHeader (HWND hwndDlg, BOOL bRequireConfirmation, const char *lps
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, askPassword, FirstKeyFile);
- nStatus = OpenVolume (askVol, lpszVolume, askPassword, VolumePkcs5, VolumeTrueCryptMode, FALSE, bPreserveTimestamp, FALSE);
+ nStatus = OpenVolume (askVol, lpszVolume, askPassword, *askPkcs5, *askPin, VolumeTrueCryptMode, FALSE, bPreserveTimestamp, FALSE);
NormalCursor();
@@ -8549,14 +8669,14 @@ noHidden:
}
// Store header encrypted with a new key
- nStatus = ReEncryptVolumeHeader (hwndDlg, (char *) backup, FALSE, volume.CryptoInfo, &VolumePassword, FALSE);
+ nStatus = ReEncryptVolumeHeader (hwndDlg, (char *) backup, FALSE, volume.CryptoInfo, &VolumePassword, VolumePin, FALSE);
if (nStatus != ERR_SUCCESS)
goto error;
if (hiddenVolume.VolumeIsOpen)
{
nStatus = ReEncryptVolumeHeader (hwndDlg, (char *) backup + (legacyVolume ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE),
- FALSE, hiddenVolume.CryptoInfo, &hiddenVolPassword, FALSE);
+ FALSE, hiddenVolume.CryptoInfo, &hiddenVolPassword, hiddenVolPin, FALSE);
if (nStatus != ERR_SUCCESS)
goto error;
@@ -8589,6 +8709,7 @@ error:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
burn (&hiddenVolPassword, sizeof (hiddenVolPassword));
burn (temporaryKey, sizeof (temporaryKey));
@@ -8691,7 +8812,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
while (TRUE)
{
StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), lpszVolume);
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumeTrueCryptMode, NULL, FALSE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumePin, &VolumeTrueCryptMode, NULL, FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -8702,7 +8823,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
if (KeyFilesEnable && FirstKeyFile)
KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile);
- nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode,TRUE, bPreserveTimestamp, TRUE);
+ nStatus = OpenVolume (&volume, lpszVolume, &VolumePassword, VolumePkcs5, VolumePin, VolumeTrueCryptMode,TRUE, bPreserveTimestamp, TRUE);
NormalCursor();
@@ -8725,7 +8846,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
// Create a new header with a new salt
char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
- nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, volume.CryptoInfo, &VolumePassword, FALSE);
+ nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, volume.CryptoInfo, &VolumePassword, VolumePin, FALSE);
if (nStatus != 0)
goto error;
@@ -8893,7 +9014,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
// Open the header
while (TRUE)
{
- if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumeTrueCryptMode, "ENTER_HEADER_BACKUP_PASSWORD", FALSE))
+ if (!AskVolumePassword (hwndDlg, &VolumePassword, &VolumePkcs5, &VolumePin, &VolumeTrueCryptMode, "ENTER_HEADER_BACKUP_PASSWORD", FALSE))
{
nStatus = ERR_SUCCESS;
goto ret;
@@ -8909,7 +9030,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
if (type == TC_VOLUME_TYPE_HIDDEN)
headerOffsetBackupFile += (legacyBackup ? TC_VOLUME_HEADER_SIZE_LEGACY : TC_VOLUME_HEADER_SIZE);
- nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, VolumeTrueCryptMode, &restoredCryptoInfo, NULL);
+ nStatus = ReadVolumeHeader (FALSE, buffer + headerOffsetBackupFile, &VolumePassword, VolumePkcs5, VolumePin, VolumeTrueCryptMode, &restoredCryptoInfo, NULL);
if (nStatus == ERR_SUCCESS)
break;
}
@@ -8938,7 +9059,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
WaitCursor();
// Restore header encrypted with a new key
- nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, restoredCryptoInfo, &VolumePassword, FALSE);
+ nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, restoredCryptoInfo, &VolumePassword, VolumePin, FALSE);
if (nStatus != ERR_SUCCESS)
goto error;
@@ -8957,7 +9078,7 @@ int RestoreVolumeHeader (HWND hwndDlg, const char *lpszVolume)
if (!restoredCryptoInfo->LegacyVolume)
{
// Restore backup header encrypted with a new key
- nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, restoredCryptoInfo, &VolumePassword, FALSE);
+ nStatus = ReEncryptVolumeHeader (hwndDlg, buffer, FALSE, restoredCryptoInfo, &VolumePassword, VolumePin, FALSE);
if (nStatus != ERR_SUCCESS)
goto error;
@@ -9014,6 +9135,7 @@ error:
burn (&VolumePassword, sizeof (VolumePassword));
burn (&VolumePkcs5, sizeof (VolumePkcs5));
+ burn (&VolumePin, sizeof (VolumePin));
burn (&VolumeTrueCryptMode, sizeof (VolumeTrueCryptMode));
RestoreDefaultKeyFilesParam();
RandStop (FALSE);
@@ -9574,6 +9696,7 @@ void MountSelectedVolume (HWND hwndDlg, BOOL mountWithOptions)
mountOptions.ProtectedHidVolPkcs5Prf = DefaultVolumePkcs5;
else
mountOptions.ProtectedHidVolPkcs5Prf = CmdVolumePkcs5;
+ mountOptions.ProtectedHidVolPin = CmdVolumePin;
if (IDCANCEL == DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_MOUNT_OPTIONS), hwndDlg,
(DLGPROC) MountOptionsDlgProc, (LPARAM) &mountOptions))
diff --git a/src/Mount/Mount.h b/src/Mount/Mount.h
index d6e18bb8..5a8e9fe4 100644
--- a/src/Mount/Mount.h
+++ b/src/Mount/Mount.h
@@ -52,6 +52,7 @@ typedef struct
{
Password *password;
int* pkcs5;
+ int* pin;
BOOL* truecryptMode;
} PasswordDlgParam;
diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc
index e2aa43a3..d40eb805 100644
--- a/src/Mount/Mount.rc
+++ b/src/Mount/Mount.rc
@@ -105,35 +105,41 @@ BEGIN
CONTROL "",IDC_VOLUME_PROPERTIES_LIST,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,7,6,269,192
END
-IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 330, 207
+IDD_PASSWORDCHANGE_DLG DIALOGEX 0, 0, 330, 245
STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Change Password or Keyfiles"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_OLD_PASSWORD,89,14,162,13,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "Use keyfiles",IDC_ENABLE_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,53,98,10
- PUSHBUTTON "Keyfiles...",IDC_KEYFILES,192,50,59,14
- CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_ORI,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,65,138,10,WS_EX_TRANSPARENT
- EDITTEXT IDC_PASSWORD,89,99,162,13,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_VERIFY,89,115,162,13,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "Use keyfiles",IDC_ENABLE_NEW_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,134,99,11
- PUSHBUTTON "Keyfiles...",IDC_NEW_KEYFILES,192,132,59,14
- CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_NEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,146,160,11,WS_EX_TRANSPARENT
- COMBOBOX IDC_PKCS5_PRF_ID,89,161,85,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ COMBOBOX IDC_PKCS5_OLD_PRF_ID,89,33,85,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,179,35,78,10
+ EDITTEXT IDC_OLD_PIN,89,51,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "Use keyfiles",IDC_ENABLE_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,72,98,10
+ PUSHBUTTON "Keyfiles...",IDC_KEYFILES,192,70,59,14
+ CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_ORI,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,85,138,10,WS_EX_TRANSPARENT
+ EDITTEXT IDC_PASSWORD,89,121,162,13,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_VERIFY,89,137,162,13,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_PIN,89,154,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
+ CONTROL "Use keyfiles",IDC_ENABLE_NEW_KEYFILES,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,172,99,11
+ PUSHBUTTON "Keyfiles...",IDC_NEW_KEYFILES,192,170,59,14
+ CONTROL "Display password",IDC_SHOW_PASSWORD_CHPWD_NEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,184,160,11,WS_EX_TRANSPARENT
+ COMBOBOX IDC_PKCS5_PRF_ID,89,199,85,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ COMBOBOX IDC_WIPE_MODE,89,218,106,90,CBS_DROPDOWNLIST | WS_TABSTOP
DEFPUSHBUTTON "OK",IDOK,264,7,59,14
PUSHBUTTON "Cancel",IDCANCEL,264,24,59,14
RTEXT "Password:",IDT_PASSWORD,12,16,72,8
- RTEXT "Password:",IDT_NEW_PASSWORD,8,102,76,8
- RTEXT "Confirm Password:",IDT_CONFIRM_PASSWORD,9,118,75,16
- RTEXT "PKCS-5 PRF:",IDT_NEW_PKCS5_PRF,9,162,74,10,SS_CENTERIMAGE
- GROUPBOX "Current",IDT_CURRENT,6,3,252,77
- GROUPBOX "New",IDT_NEW,6,87,252,113
- COMBOBOX IDC_WIPE_MODE,89,180,106,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,9,182,74,8,0,WS_EX_RIGHT
- COMBOBOX IDC_PKCS5_OLD_PRF_ID,89,33,85,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Password:",IDT_NEW_PASSWORD,8,124,76,8
+ RTEXT "Confirm Password:",IDT_CONFIRM_PASSWORD,9,140,75,16
+ RTEXT "PKCS-5 PRF:",IDT_NEW_PKCS5_PRF,9,200,74,10,SS_CENTERIMAGE
+ GROUPBOX "Current",IDT_CURRENT,6,3,252,97
+ GROUPBOX "New",IDT_NEW,6,108,252,130
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,9,220,74,8,0,WS_EX_RIGHT
RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,12,34,74,10,SS_CENTERIMAGE
- CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,179,35,78,10
+ RTEXT "Volume PIN:",IDT_OLD_PIN,12,54,74,10
+ LTEXT "(Empty or 0 for default iterations)",IDC_OLD_PIN_HELP,135,54,119,8
+ RTEXT "Volume PIN:",IDT_PIN,9,157,75,16
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,135,157,119,8
END
IDD_MOUNT_DLG DIALOGEX 0, 0, 375, 271
@@ -166,24 +172,27 @@ BEGIN
CONTROL "",IDC_STATIC,"Static",SS_ETCHEDFRAME,2,151,372,119
END
-IDD_PASSWORD_DLG DIALOGEX 0, 0, 322, 91
+IDD_PASSWORD_DLG DIALOGEX 0, 0, 322, 103
STYLE DS_SETFONT | DS_MODALFRAME | DS_3DLOOK | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_VISIBLE | WS_CAPTION
CAPTION "Enter VeraCrypt Volume Password"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PASSWORD,69,8,166,14,ES_PASSWORD | ES_AUTOHSCROLL
+ COMBOBOX IDC_PKCS5_PRF_ID,69,26,86,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,159,28,76,10
+ EDITTEXT IDC_PIN,69,43,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER
CONTROL "Cache passwords and keyfil&es in memory",IDC_CACHE,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,50,153,10
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,63,83,10
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,75,83,11
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,171,72,64,14
- PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,243,72,64,14
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,61,153,10
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,74,83,10
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,70,87,83,11
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,171,84,64,14
+ PUSHBUTTON "Mount Opti&ons...",IDC_MOUNT_OPTIONS,243,84,64,14
DEFPUSHBUTTON "OK",IDOK,243,8,64,14
PUSHBUTTON "Cancel",IDCANCEL,243,25,64,14
RTEXT "Password:",IDT_PASSWORD,0,10,65,13
- COMBOBOX IDC_PKCS5_PRF_ID,69,26,86,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,27,65,13
- CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,159,28,76,10
+ RTEXT "PKCS-5 PRF:",IDT_PKCS5_PRF,0,27,65,11
+ RTEXT "Volume PIN:",IDT_PIN,0,46,65,8
+ LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,115,46,189,8
END
IDD_TRAVELER_DLG DIALOGEX 0, 0, 300, 269
@@ -375,7 +384,7 @@ BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 323
TOPMARGIN, 7
- BOTTOMMARGIN, 200
+ BOTTOMMARGIN, 238
END
IDD_MOUNT_DLG, DIALOG
@@ -387,7 +396,7 @@ BEGIN
IDD_PASSWORD_DLG, DIALOG
BEGIN
RIGHTMARGIN, 313
- BOTTOMMARGIN, 86
+ BOTTOMMARGIN, 98
END
IDD_TRAVELER_DLG, DIALOG
diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h
index fe57e0d1..857ef197 100644
--- a/src/Mount/Resource.h
+++ b/src/Mount/Resource.h
@@ -163,6 +163,12 @@
#define IDC_PKCS5_OLD_PRF_ID 1139
#define IDC_TRUECRYPT_MODE 1140
#define IDC_PREF_TEMP_CACHE_ON_MULTIPLE_MOUNT 1141
+#define IDT_PIN 1142
+#define IDC_PIN 1143
+#define IDC_PIN_HELP 1144
+#define IDT_OLD_PIN 1145
+#define IDC_OLD_PIN 1146
+#define IDC_OLD_PIN_HELP 1147
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -238,7 +244,7 @@
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119
#define _APS_NEXT_COMMAND_VALUE 40068
-#define _APS_NEXT_CONTROL_VALUE 1142
+#define _APS_NEXT_CONTROL_VALUE 1148
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/VeraCrypt.sln b/src/VeraCrypt.sln
index 6186c012..c4caa8ab 100644
--- a/src/VeraCrypt.sln
+++ b/src/VeraCrypt.sln
@@ -22,6 +22,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Mount", "Mount\Mount.vcproj
{EF5EF444-18D0-40D7-8DFA-775EC4448602} = {EF5EF444-18D0-40D7-8DFA-775EC4448602}
{8B7F059F-E4C7-4E11-88F5-EE8B8433072E} = {8B7F059F-E4C7-4E11-88F5-EE8B8433072E}
{993245CF-6B70-47EE-91BB-39F8FC6DC0E7} = {993245CF-6B70-47EE-91BB-39F8FC6DC0E7}
+ {9DC1ABE2-D18B-48FB-81D2-8C50ADC57BCF} = {9DC1ABE2-D18B-48FB-81D2-8C50ADC57BCF}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Setup", "Setup\Setup.vcproj", "{DF5F654D-BD44-4E31-B92E-B68074DC37A8}"
@@ -37,7 +38,9 @@ EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExpandVolume", "ExpandVolume\ExpandVolume.vcproj", "{9715FF1D-599B-4BBC-AD96-BEF6E08FF827}"
ProjectSection(ProjectDependencies) = postProject
{EF5EF444-18D0-40D7-8DFA-775EC4448602} = {EF5EF444-18D0-40D7-8DFA-775EC4448602}
+ {E4C40F94-E7F9-4981-86E4-186B46F993F3} = {E4C40F94-E7F9-4981-86E4-186B46F993F3}
{8B7F059F-E4C7-4E11-88F5-EE8B8433072E} = {8B7F059F-E4C7-4E11-88F5-EE8B8433072E}
+ {9DC1ABE2-D18B-48FB-81D2-8C50ADC57BCF} = {9DC1ABE2-D18B-48FB-81D2-8C50ADC57BCF}
EndProjectSection
EndProject
Global