From c3c1bdd29d932f2b38e7c3995498f9a4eab8702b Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 7 Jun 2015 01:37:23 +0200 Subject: Windows: Add support for PIN in favorites. Several enhancements to GUI handling of Dynamic Mode. --- src/Common/Apidrvr.h | 1 + src/Common/Crypto.h | 1 + src/Common/Dlgcode.c | 34 +++++++++++---- src/Common/Dlgcode.h | 2 + src/Common/Language.xml | 12 ++--- src/Common/Volumes.c | 4 ++ src/Driver/DriveFilter.c | 2 + src/Driver/Ntdriver.c | 2 + src/Format/Tcformat.c | 33 ++++++++++++++ src/Mount/Favorites.cpp | 23 ++++++++++ src/Mount/Favorites.h | 2 + src/Mount/Mount.c | 111 ++++++++++++++++++++++++++++++++++++++--------- src/Mount/Mount.rc | 33 +++++++------- 13 files changed, 211 insertions(+), 49 deletions(-) diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index d168cf74..b61370c7 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -145,6 +145,7 @@ typedef struct unsigned __int64 totalBytesWritten; int hiddenVolProtection; /* Hidden volume protection status (e.g. HIDVOL_PROT_STATUS_NONE, HIDVOL_PROT_STATUS_ACTIVE, etc.) */ int volFormatVersion; + int volumePin; } VOLUME_PROPERTIES_STRUCT; typedef struct diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 038e5430..ff743890 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -213,6 +213,7 @@ typedef struct CRYPTO_INFO_t unsigned __int8 salt[PKCS5_SALT_SIZE]; int noIterations; BOOL bTrueCryptMode; + int volumePin; uint64 volume_creation_time; // Legacy uint64 header_creation_time; // Legacy diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index bfa8a32e..cc66506c 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -4353,6 +4353,22 @@ string GetUserFriendlyVersionString (int version) return (versionString); } +string IntToString (int val) +{ + char szTmp [64]; + StringCbPrintfA (szTmp, sizeof(szTmp), "%d", val); + + return szTmp; +} + +wstring IntToWideString (int val) +{ + wchar_t szTmp [64]; + StringCbPrintfW (szTmp, sizeof(szTmp), L"%d", val); + + return szTmp; +} + void GetSizeString (unsigned __int64 size, wchar_t *str, size_t cbStr) { static wchar_t *b, *kb, *mb, *gb, *tb, *pb; @@ -10720,14 +10736,16 @@ std::string FindLatestFileOrDirectory (const std::string &directory, const char int GetPin (HWND hwndDlg, UINT ctrlId) { int pin = 0; - char szTmp[MAX_PIN + 1] = {0}; - GetDlgItemText (hwndDlg, ctrlId, szTmp, MAX_PIN + 1); - if (strlen(szTmp)) - { - char* endPtr = NULL; - pin = strtol(szTmp, &endPtr, 0); - if (pin < 0 || endPtr == szTmp || !endPtr || *endPtr != '\0') - pin = 0; + if (IsWindowEnabled (GetDlgItem (hwndDlg, ctrlId))) + { + char szTmp[MAX_PIN + 1] = {0}; + if (GetDlgItemText (hwndDlg, ctrlId, szTmp, MAX_PIN + 1) > 0) + { + char* endPtr = NULL; + pin = strtol(szTmp, &endPtr, 10); + if (pin < 0 || endPtr == szTmp || !endPtr || *endPtr != '\0') + pin = 0; + } } return pin; } diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 781efeee..a8d571dd 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -548,6 +548,8 @@ std::string VolumeGuidPathToDevicePath (std::string volumeGuidPath); std::string HarddiskVolumePathToPartitionPath (const std::string &harddiskVolumePath); std::string FindLatestFileOrDirectory (const std::string &directory, const char *namePattern, bool findDirectory, bool findFile); std::string GetUserFriendlyVersionString (int version); +std::string IntToString (int val); +std::wstring IntToWideString (int val); // Display a wait dialog while calling the provided callback with the given parameter typedef void (CALLBACK* WaitThreadProc)(void* pArg, HWND hWaitDlg); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e1cdcde7..fe94ab2e 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -597,7 +597,7 @@ Please enter the password and/or keyfile(s) for the non-system volume where you want to resume the process of in-place encryption/decryption.\n\nRemark: After you click Next, VeraCrypt will attempt to find all non-system volumes where the process of encryption/decryption has been interrupted and where the VeraCrypt volume header can be deciphered using the supplied password and/or keyfile(s). If more than one such volume is found, you will need to select one of them in the next step. Please select one of the listed volumes. The list contains each accessible non-system volume where the process of encryption/decryption has been interrupted and where the volume header was successfully deciphered using the supplied password and/or keyfile(s). Please enter the password and/or keyfile(s) for the non-system VeraCrypt volume that you want to decrypt. - It is very important that you choose a good password. You should avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of 2, 3, or 4 such words). It should not contain any names or dates of birth. It should not be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We recommend choosing a password consisting of more than 20 characters (the longer, the better). The maximum possible length is 64 characters. + It is very important that you choose a good password. You should avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of 2, 3, or 4 such words). It should not contain any names or dates of birth. It should not be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We recommend choosing a password consisting of 20 or more characters (the longer, the better). The maximum possible length is 64 characters. Please choose a password for the hidden volume. Please choose a password for the hidden operating system (i.e. for the hidden volume). IMPORTANT: The password that you choose for the hidden operating system in this step must be substantially different from the other two passwords (i.e. from the password for the outer volume and from the password for the decoy operating system). @@ -607,7 +607,7 @@ Outer Volume Password Hidden Volume Password Password for Hidden Operating System - WARNING: Short passwords are easy to crack using brute force techniques!\n\nWe recommend choosing a password consisting of more than 20 characters. Are you sure you want to use a short password? + WARNING: Short passwords are easy to crack using brute force techniques!\n\nWe recommend choosing a password consisting of 20 or more characters. Are you sure you want to use a short password? Volume Password Incorrect password/PRF or not a valid volume. Incorrect keyfile(s) and/or password/PRF or not a valid volume. @@ -616,6 +616,8 @@ Incorrect password/PRF or no valid volume found. Incorrect keyfile(s)/password/PRF or no valid volume found. \n\nWarning: Caps Lock is on. This may cause you to enter your password incorrectly. + Remember Number to Mount Volume + Remember Number to Boot System You have chosen a Personal Iteration Number (PIN) that is smaller than the default VeraCrypt value. Please note that if your password is not strong enough, this could lead to a weaker security.\n\nDo you confirm that you are using a strong password? Personal Iteration Number (PIN) maximum value for system encryption is 65535. \n\nWARNING: Hidden file(s) have been found in a keyfile search path. Such hidden files cannot be used as keyfiles. If you need to use them as keyfiles, remove their 'Hidden' attribute (right-click each of them, select 'Properties', uncheck 'Hidden' and click OK). Note: Hidden files are visible only if the corresponding option is enabled (Computer > Organize > 'Folder and search options' > View). @@ -1068,9 +1070,9 @@ Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions). This algorithm is currently not supported for system encryption. This algorithm is not supported for TrueCrypt mode. - PIN (Personal Iteration Count) not supported for TrueCrypt mode. - Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 485. - Pre-boot authentication Password must contain more than 20 characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is greater than 98. + PIN (Personal Iteration Number) not supported for TrueCrypt mode. + Password must contain 20 or more characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is 485 or greater. + Pre-boot authentication Password must contain 20 or more characters in order to use the specified PIN.\nShorter passwords can only be used if the PIN is 98 or greater. Keyfiles are currently not supported for system encryption. Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly. Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout. diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 567df7ee..283be2ea 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -494,6 +494,7 @@ KeyReady: ; cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo.noIterations; cryptoInfo->bTrueCryptMode = truecryptMode; + cryptoInfo->volumePin = pin; goto ret; } @@ -516,6 +517,7 @@ KeyReady: ; cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->noIterations = keyInfo.noIterations; cryptoInfo->bTrueCryptMode = truecryptMode; + cryptoInfo->volumePin = pin; // Init the cipher with the decrypted master key status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks); @@ -805,6 +807,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, // User selected PRF cryptoInfo->pkcs5 = pkcs5_prf; cryptoInfo->bTrueCryptMode = FALSE; + cryptoInfo->noIterations = keyInfo.noIterations; + cryptoInfo->volumePin = pin; // Mode of operation cryptoInfo->mode = mode; diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 9330f179..007d9d21 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -811,6 +811,7 @@ void ReopenBootVolumeHeader (PIRP irp, PIO_STACK_LOCATION irpSp) BootDriveFilterExtension->Queue.CryptoInfo->header_creation_time = BootDriveFilterExtension->HeaderCryptoInfo->header_creation_time; BootDriveFilterExtension->Queue.CryptoInfo->pkcs5 = BootDriveFilterExtension->HeaderCryptoInfo->pkcs5; BootDriveFilterExtension->Queue.CryptoInfo->noIterations = BootDriveFilterExtension->HeaderCryptoInfo->noIterations; + BootDriveFilterExtension->Queue.CryptoInfo->volumePin = BootDriveFilterExtension->HeaderCryptoInfo->volumePin; irp->IoStatus.Status = STATUS_SUCCESS; } @@ -1584,6 +1585,7 @@ void GetBootDriveVolumeProperties (PIRP irp, PIO_STACK_LOCATION irpSp) prop->mode = Extension->Queue.CryptoInfo->mode; prop->pkcs5 = Extension->Queue.CryptoInfo->pkcs5; prop->pkcs5Iterations = Extension->Queue.CryptoInfo->noIterations; + prop->volumePin = Extension->Queue.CryptoInfo->volumePin; #if 0 prop->volumeCreationTime = Extension->Queue.CryptoInfo->volume_creation_time; prop->headerCreationTime = Extension->Queue.CryptoInfo->header_creation_time; diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 1d29b52f..c3a220e1 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1227,6 +1227,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex prop->mode = ListExtension->cryptoInfo->mode; prop->pkcs5 = ListExtension->cryptoInfo->pkcs5; prop->pkcs5Iterations = ListExtension->cryptoInfo->noIterations; + prop->volumePin = ListExtension->cryptoInfo->volumePin; #if 0 prop->volumeCreationTime = ListExtension->cryptoInfo->volume_creation_time; prop->headerCreationTime = ListExtension->cryptoInfo->header_creation_time; @@ -1424,6 +1425,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex burn (&mount->VolumePin, sizeof (mount->VolumePin)); burn (&mount->bTrueCryptMode, sizeof (mount->bTrueCryptMode)); burn (&mount->ProtectedHidVolPkcs5Prf, sizeof (mount->ProtectedHidVolPkcs5Prf)); + burn (&mount->ProtectedHidVolPin, sizeof (mount->ProtectedHidVolPin)); } break; diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 574d61eb..a59ec4a4 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -3479,12 +3479,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { WORD lw = LOWORD (wParam); WORD hw = HIWORD (wParam); + static BOOL PinValueChangedWarning = FALSE; hCurPage = hwndDlg; switch (uMsg) { case WM_INITDIALOG: + PinValueChangedWarning = FALSE; LocalizeDialog (hwndDlg, "IDD_VOL_CREATION_WIZARD_DLG"); UpdateLastDialogId (); @@ -4154,6 +4156,9 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa char szTmp[MAX_PIN + 1]; StringCbPrintfA(szTmp, sizeof(szTmp), "%d", volumePin); SetWindowText (GetDlgItem (hwndDlg, IDC_PIN), szTmp); + + PinValueChangedWarning = TRUE; + SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (SysEncInEffect ()? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING")); } SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect()); @@ -4913,6 +4918,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa AfterSysEncProgressWMInitTasks (hwndDlg); return 1; + case WM_CTLCOLORSTATIC: + { + if (PinValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIN_HELP)) ) + { + // we're about to draw the static + // set the text colour in (HDC)lParam + SetBkMode((HDC)wParam,TRANSPARENT); + SetTextColor((HDC)wParam, RGB(255,0,0)); + // NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle. + return (BOOL)GetSysColorBrush(COLOR_MENU); + } + } + return 0; + case WM_COMMAND: if (nCurPageNo == INTRO_PAGE) @@ -5293,6 +5312,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect()); volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text); + if (lw == IDC_PIN) + { + if(GetPin (hwndDlg, IDC_PIN) != 0) + { + PinValueChangedWarning = TRUE; + SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (SysEncInEffect ()? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING")); + } + else + { + PinValueChangedWarning = FALSE; + SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIN_HELP)); + } + } + return 1; } diff --git a/src/Mount/Favorites.cpp b/src/Mount/Favorites.cpp index a1a469bc..6fe871a0 100644 --- a/src/Mount/Favorites.cpp +++ b/src/Mount/Favorites.cpp @@ -13,6 +13,7 @@ #include "Dlgcode.h" #include "Language.h" #include "Mount.h" +#include "Common/Resource.h" #include "Resource.h" #include "Xml.h" #include "Favorites.h" @@ -86,6 +87,7 @@ namespace VeraCrypt favorite.Removable = prop.removable ? true : false; favorite.SystemEncryption = prop.partitionInInactiveSysEncScope ? true : false; favorite.OpenExplorerWindow = (bExplore == TRUE); + favorite.Pin = prop.volumePin; if (favorite.VolumePathId.empty() && IsVolumeDeviceHosted (favorite.Path.c_str()) @@ -547,6 +549,11 @@ namespace VeraCrypt XmlGetAttributeText (xml, "label", label, sizeof (label)); favorite.Label = Utf8StringToWide (label); + XmlGetAttributeText (xml, "pin", label, sizeof (label)); + favorite.Pin = strtol (label, NULL, 10); + if (favorite.Pin < 0) + favorite.Pin = 0; + char boolVal[2]; XmlGetAttributeText (xml, "readonly", boolVal, sizeof (boolVal)); if (boolVal[0]) @@ -676,6 +683,9 @@ namespace VeraCrypt if (!favorite.Label.empty()) s += L" label=\"" + favorite.Label + L"\""; + if (favorite.Pin > 0) + s += L" pin=\"" + IntToWideString(favorite.Pin) + L"\""; + if (favorite.ReadOnly) s += L" readonly=\"1\""; @@ -763,6 +773,14 @@ namespace VeraCrypt static void SetControls (HWND hwndDlg, const FavoriteVolume &favorite, bool systemFavoritesMode, bool enable) { + if (favorite.Pin > 0) + { + char szTmp[MAX_PIN + 1]; + StringCbPrintfA (szTmp, sizeof(szTmp), "%d", favorite.Pin); + SetDlgItemText (hwndDlg, IDC_PIN, szTmp); + } + else + SetDlgItemText (hwndDlg, IDC_PIN, ""); SetDlgItemTextW (hwndDlg, IDC_FAVORITE_LABEL, favorite.Label.c_str()); SetCheckBox (hwndDlg, IDC_FAVORITE_MOUNT_ON_LOGON, favorite.MountOnLogOn); SetCheckBox (hwndDlg, IDC_FAVORITE_MOUNT_ON_ARRIVAL, favorite.MountOnArrival); @@ -788,6 +806,9 @@ namespace VeraCrypt EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOVE_UP), enable); EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOVE_DOWN), enable); EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_REMOVE), enable); + EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), enable); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), enable); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), enable); EnableWindow (GetDlgItem (hwndDlg, IDT_FAVORITE_LABEL), enable); EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_LABEL), enable); EnableWindow (GetDlgItem (hwndDlg, IDC_FAVORITE_MOUNT_ON_LOGON), enable && !systemFavoritesMode); @@ -815,6 +836,8 @@ namespace VeraCrypt else favorite.Label.clear(); + favorite.Pin = GetPin (hwndDlg, IDC_PIN); + favorite.ReadOnly = (IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_MOUNT_READONLY) != 0); favorite.Removable = (IsDlgButtonChecked (hwndDlg, IDC_FAVORITE_MOUNT_REMOVABLE) != 0); diff --git a/src/Mount/Favorites.h b/src/Mount/Favorites.h index f91905d8..3a0a771b 100644 --- a/src/Mount/Favorites.h +++ b/src/Mount/Favorites.h @@ -17,6 +17,7 @@ namespace VeraCrypt { FavoriteVolume() : + Pin (0), DisableHotkeyMount (false), DisconnectedDevice (false), MountOnLogOn (false), @@ -32,6 +33,7 @@ namespace VeraCrypt string MountPoint; string VolumePathId; wstring Label; + int Pin; bool DisableHotkeyMount; bool DisconnectedDevice; diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index df9ecb58..ba3ee861 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -1785,6 +1785,7 @@ void CALLBACK RestoreHeaderWaitThreadProc(void* pArg, HWND hwndDlg) BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) { static KeyFilesDlgParam newKeyFilesParam; + static BOOL PinValueChangedWarning = FALSE; WORD lw = LOWORD (wParam); WORD hw = HIWORD (wParam); @@ -1798,6 +1799,8 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR int i; WipeAlgorithmId headerWipeMode = TC_WIPE_3_DOD_5220; + PinValueChangedWarning = FALSE; + ZeroMemory (&newKeyFilesParam, sizeof (newKeyFilesParam)); SetWindowTextW (hwndDlg, GetString ("IDD_PASSWORDCHANGE_DLG")); @@ -1806,6 +1809,8 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0); SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_LIMITTEXT, MAX_PASSWORD, 0); SendMessage (GetDlgItem (hwndDlg, IDC_VERIFY), EM_LIMITTEXT, MAX_PASSWORD, 0); + SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PIN), EM_LIMITTEXT, MAX_PIN, 0); + SendMessage (GetDlgItem (hwndDlg, IDC_PIN), EM_LIMITTEXT, MAX_PIN, 0); EnableWindow (GetDlgItem (hwndDlg, IDOK), FALSE); SetCheckBox (hwndDlg, IDC_ENABLE_KEYFILES, KeyFilesEnable); @@ -1854,7 +1859,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR LocalizeDialog (hwndDlg, "IDD_PCDM_CHANGE_PKCS5_PRF"); EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE); @@ -1868,7 +1875,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR newKeyFilesParam.EnableKeyFiles = TRUE; EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDT_NEW_PASSWORD), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDT_CONFIRM_PASSWORD), FALSE); @@ -1886,7 +1895,9 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_KEYFILES), TRUE); EnableWindow (GetDlgItem (hwndDlg, IDC_PASSWORD), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), FALSE); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_ENABLE_NEW_KEYFILES), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_SHOW_PASSWORD_CHPWD_NEW), FALSE); EnableWindow (GetDlgItem (hwndDlg, IDC_NEW_KEYFILES), FALSE); @@ -2018,6 +2029,20 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR } return 0; + case WM_CTLCOLORSTATIC: + { + if (PinValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIN_HELP)) ) + { + // we're about to draw the static + // set the text colour in (HDC)lParam + SetBkMode((HDC)wParam,TRANSPARENT); + SetTextColor((HDC)wParam, RGB(255,0,0)); + // NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle. + return (BOOL)GetSysColorBrush(COLOR_MENU); + } + } + return 0; + case WM_COMMAND: if (lw == IDCANCEL) { @@ -2040,7 +2065,28 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR IDC_OLD_PASSWORD, KeyFilesEnable && FirstKeyFile != NULL, IDC_PASSWORD, IDC_VERIFY, - newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL); + newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL); + + if ((lw == IDC_OLD_PIN) && IsWindowEnabled (GetDlgItem (hwndDlg, IDC_PIN))) + { + char tmp[MAX_PIN+1] = {0}; + GetDlgItemText (hwndDlg, IDC_OLD_PIN, tmp, MAX_PIN + 1); + SetDlgItemText (hwndDlg, IDC_PIN, tmp); + } + + if (lw == IDC_PIN) + { + if(GetPin (hwndDlg, IDC_OLD_PIN) != GetPin (hwndDlg, IDC_PIN)) + { + PinValueChangedWarning = TRUE; + SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, GetString (bSysEncPwdChangeDlgMode? "PIN_SYSENC_CHANGE_WARNING" : "PIN_CHANGE_WARNING")); + } + else + { + PinValueChangedWarning = FALSE; + SetDlgItemTextW (hwndDlg, IDC_PIN_HELP, (wchar_t *) GetDictionaryValueByInt (IDC_PIN_HELP)); + } + } return 1; } @@ -2154,6 +2200,14 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR } + if (lw == IDC_TRUECRYPT_MODE) + { + BOOL bEnablePin = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE; + EnableWindow (GetDlgItem (hwndDlg, IDT_OLD_PIN), bEnablePin); + EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIN), bEnablePin); + EnableWindow (GetDlgItem (hwndDlg, IDC_OLD_PIN_HELP), bEnablePin); + } + if (lw == IDC_SHOW_PASSWORD_CHPWD_ORI) { SendMessage (GetDlgItem (hwndDlg, IDC_OLD_PASSWORD), @@ -2567,6 +2621,14 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa return 1; } + if (lw == IDC_TRUECRYPT_MODE) + { + BOOL bEnablePin = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE) ? FALSE: TRUE; + EnableWindow (GetDlgItem (hwndDlg, IDT_PIN), bEnablePin); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN), bEnablePin); + EnableWindow (GetDlgItem (hwndDlg, IDC_PIN_HELP), bEnablePin); + } + if (lw == IDC_KEY_FILES) { KeyFilesDlgParam param; @@ -2609,11 +2671,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa *pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); *truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE); - GetWindowText (GetDlgItem (hwndDlg, IDC_PIN), tmp, MAX_PIN + 1); - if (strlen(tmp)) - *pin = (int) strtol(tmp, NULL, 10); /* IDC_PIN is configured to accept only numbers */ - else - *pin = 0; + *pin = GetPin (hwndDlg, IDC_PIN); /* SHA-256 is not supported by TrueCrypt */ if ( (*truecryptMode) @@ -3443,7 +3501,13 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP // PKCS 5 PRF ListItemAddW (list, i, GetString ("PKCS5_PRF")); - ListSubItemSet (list, i++, 1, get_pkcs5_prf_name (prop.pkcs5)); + if (prop.volumePin == 0) + ListSubItemSet (list, i++, 1, get_pkcs5_prf_name (prop.pkcs5)); + else + { + StringCbPrintfA (szTmp, sizeof(szTmp), "%s (Dynamic)", get_pkcs5_prf_name (prop.pkcs5)); + ListSubItemSet (list, i++, 1, szTmp); + } #if 0 // PCKS 5 iterations @@ -3966,12 +4030,13 @@ static int AskVolumePassword (HWND hwndDlg, Password *password, int *pkcs5, int // GUI actions -static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) +static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName, int pin) { BOOL status = FALSE; char fileName[MAX_PATH]; int mounted = 0, EffectiveVolumePkcs5 = CmdVolumePkcs5; BOOL EffectiveVolumeTrueCryptMode = CmdVolumeTrueCryptMode; + int EffectiveVolumePin = (pin < 0)? CmdVolumePin : pin; /* Priority is given to command line parameters * Default values used only when nothing specified in command line @@ -4027,10 +4092,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) // First try cached passwords and if they fail ask user for a new one WaitCursor (); - // try TrueCrypt mode first since it is quick - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + // try TrueCrypt mode first since it is quick, only if pin = 0 + if (EffectiveVolumePin == 0) + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); if (!mounted) - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, NULL, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); // If keyfiles are enabled, test empty password first if (!mounted && KeyFilesEnable && FirstKeyFile) @@ -4039,10 +4105,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) emptyPassword.Length = 0; KeyFilesApply (hwndDlg, &emptyPassword, FirstKeyFile); - // try TrueCrypt mode first since it is quick - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + // try TrueCrypt mode first since it is quick, only if pin = 0 + if (EffectiveVolumePin == 0) + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); if (!mounted) - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); burn (&emptyPassword, sizeof (emptyPassword)); } @@ -4050,10 +4117,11 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) // Test password and/or keyfiles used for the previous volume if (!mounted && bCacheDuringMultipleMount && MultipleMountOperationInProgress && VolumePassword.Length != 0) { - // try TrueCrypt mode first as it is quick - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + // try TrueCrypt mode first as it is quick, only if pin = 0 + if (EffectiveVolumePin == 0) + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, TRUE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); if (!mounted) - mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, 0, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); + mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, 0, EffectiveVolumePin, FALSE, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE); } NormalCursor (); @@ -4073,13 +4141,13 @@ static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName) VolumePassword = CmdVolumePassword; VolumePkcs5 = EffectiveVolumePkcs5; VolumeTrueCryptMode = EffectiveVolumeTrueCryptMode; - VolumePin = CmdVolumePin; + VolumePin = EffectiveVolumePin; } else if (!Silent) { int GuiPkcs5 = EffectiveVolumePkcs5; BOOL GuiTrueCryptMode = EffectiveVolumeTrueCryptMode; - int GuiPin = CmdVolumePin; + int GuiPin = EffectiveVolumePin; StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName); if (!AskVolumePassword (hwndDlg, &VolumePassword, &GuiPkcs5, &GuiPin, &GuiTrueCryptMode, NULL, TRUE)) @@ -4206,7 +4274,7 @@ void __cdecl mountThreadFunction (void *hwndDlgArg) EnableWindow(hwndDlg, FALSE); finally_do_arg (HWND, hwndDlg, { EnableWindow(finally_arg, TRUE); }); - Mount (hwndDlg, 0, 0); + Mount (hwndDlg, 0, 0, -1); } static BOOL DismountAll (HWND hwndDlg, BOOL forceUnmount, BOOL interact, int dismountMaxRetries, int dismountAutoRetryDelay) @@ -8097,6 +8165,7 @@ void DismountIdleVolumes () && prop.pkcs5 >= FIRST_PRF_ID && prop.pkcs5 <= LAST_PRF_ID && prop.pkcs5Iterations > 0 && prop.hiddenVolProtection >= 0 && prop.volFormatVersion >= 0 + && prop.volumePin >= 0 ) ) { @@ -8237,7 +8306,7 @@ BOOL MountFavoriteVolumes (BOOL systemFavorites, BOOL logOnMount, BOOL hotKeyMou BOOL prevReadOnly = mountOptions.ReadOnly; - if (!Mount (MainDlg, drive, (char *) favorite.Path.c_str())) + if (!Mount (MainDlg, drive, (char *) favorite.Path.c_str(), favorite.Pin)) status = FALSE; if (status && mountOptions.ReadOnly != prevReadOnly) diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index d40eb805..135cdd77 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -312,7 +312,7 @@ BEGIN LTEXT "",IDT_LIMIT_ENC_THREAD_POOL_NOTE,18,126,334,33 END -IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 276 +IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 315 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - Favorite Volumes" FONT 8, "MS Shell Dlg", 400, 0, 0x1 @@ -321,25 +321,28 @@ BEGIN PUSHBUTTON "Move &Up",IDC_FAVORITE_MOVE_UP,7,104,63,14 PUSHBUTTON "Move &Down",IDC_FAVORITE_MOVE_DOWN,74,104,63,14 PUSHBUTTON "&Remove",IDC_FAVORITE_REMOVE,310,104,63,14 - EDITTEXT IDC_FAVORITE_LABEL,16,142,204,13,ES_AUTOHSCROLL + EDITTEXT IDC_FAVORITE_LABEL,16,173,204,13,ES_AUTOHSCROLL CONTROL "Mount selected volume as read-o&nly",IDC_FAVORITE_MOUNT_READONLY, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,162,349,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,193,349,10 CONTROL "Mount selected volume as remo&vable medium",IDC_FAVORITE_MOUNT_REMOVABLE, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,176,349,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,207,349,10 CONTROL "Mount selected volume upon log&on",IDC_FAVORITE_MOUNT_ON_LOGON, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,190,349,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,221,349,10 CONTROL "Mount selected volume when its host device gets &connected",IDC_FAVORITE_MOUNT_ON_ARRIVAL, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,204,349,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,235,349,10 CONTROL "Open &Explorer window for selected volume when successfully mounted",IDC_FAVORITE_OPEN_EXPLORER_WIN_ON_MOUNT, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,218,349,11 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,249,349,11 CONTROL "Do not mount selected volume when 'Mount Favorite Volumes' &hot key is pressed",IDC_FAVORITE_DISABLE_HOTKEY, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,232,349,11 - LTEXT "Help on favorite volumes",IDC_FAVORITES_HELP_LINK,17,259,237,10,SS_NOTIFY - DEFPUSHBUTTON "OK",IDOK,269,257,50,14 - PUSHBUTTON "Cancel",IDCANCEL,323,257,50,14 - GROUPBOX "",IDC_FAV_VOL_OPTIONS_GROUP_BOX,7,121,366,130 - LTEXT "Label of selected favorite volume:",IDT_FAVORITE_LABEL,18,132,202,8 - GROUPBOX "Global Settings",IDC_FAV_VOL_OPTIONS_GLOBAL_SETTINGS_BOX,7,202,366,49 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,264,349,11 + LTEXT "Help on favorite volumes",IDC_FAVORITES_HELP_LINK,17,298,237,10,SS_NOTIFY + DEFPUSHBUTTON "OK",IDOK,269,296,50,14 + PUSHBUTTON "Cancel",IDCANCEL,323,296,50,14 + GROUPBOX "",IDC_FAV_VOL_OPTIONS_GROUP_BOX,7,122,366,159 + LTEXT "Label of selected favorite volume:",IDT_FAVORITE_LABEL,18,163,202,8 + GROUPBOX "Global Settings",IDC_FAV_VOL_OPTIONS_GLOBAL_SETTINGS_BOX,7,230,366,57 + EDITTEXT IDC_PIN,16,143,42,14,ES_RIGHT | ES_AUTOHSCROLL | ES_NUMBER + LTEXT "(Empty or 0 for default iterations)",IDC_PIN_HELP,64,145,189,8 + LTEXT "Volume PIN:",IDT_PIN,18,133,65,8 END IDD_DEFAULT_MOUNT_PARAMETERS DIALOGEX 0, 0, 167, 65 @@ -443,7 +446,7 @@ BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 373 TOPMARGIN, 7 - BOTTOMMARGIN, 269 + BOTTOMMARGIN, 308 END IDD_DEFAULT_MOUNT_PARAMETERS, DIALOG -- cgit v1.2.3