From d1b26d4bfefe4d7f8581d4555e6634c3603772ed Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 2 Jul 2017 19:35:12 +0200 Subject: Windows: fix documentation and UI messages about the PIM constraints and calculation formula when EFI system encryption is using SHA-512 or Whirlpool. For historical reasons, if SHA-512 or Whirlpool is selected for EFI system encryption, then iterations = 15000 + (PIM x 1000) and not iterations = PIM x 2048 like the other algorithms. --- src/Common/Password.c | 9 +++++---- src/Common/Password.h | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'src/Common') diff --git a/src/Common/Password.c b/src/Common/Password.c index e3876042..8ba91374 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -133,14 +133,15 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw) } -BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning) +BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning) { - BOOL bCustomPimSmall = ((pim != 0) && (pim < (bForBoot? 98 : 485)))? TRUE : FALSE; + BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE; + BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE; if (passwordLength < PASSWORD_LEN_WARNING) { if (bCustomPimSmall) { - Error (bForBoot? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg); + Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg); return FALSE; } @@ -157,7 +158,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim } #endif - if ((pim != 0) && (pim > (bForBoot? 98 : 485))) + if ((pim != 0) && (pim > (bootPimCondition? 98 : 485))) { // warn that mount/boot will take more time Warning ("PIM_LARGE_WARNING", hwndDlg); diff --git a/src/Common/Password.h b/src/Common/Password.h index 9afcd060..b2b0511d 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -39,7 +39,7 @@ typedef struct #if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI) void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled ); -BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning); +BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning); BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw); int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg); -- cgit v1.2.3