From 9913af3a8ed61333cafd0e611f214f7c86652423 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 24 Jun 2015 14:14:34 +0200 Subject: Linux/MacOSX: first dynamic mode implementation --- src/Volume/Pkcs5Kdf.cpp | 4 ++-- src/Volume/Pkcs5Kdf.h | 16 ++++++++-------- src/Volume/Volume.cpp | 16 +++++++++------- src/Volume/Volume.h | 6 ++++-- src/Volume/VolumeHeader.cpp | 4 ++-- src/Volume/VolumeHeader.h | 2 +- src/Volume/VolumeInfo.cpp | 5 ++++- src/Volume/VolumeInfo.h | 1 + 8 files changed, 31 insertions(+), 23 deletions(-) mode change 100644 => 100755 src/Volume/Pkcs5Kdf.cpp mode change 100644 => 100755 src/Volume/Pkcs5Kdf.h mode change 100644 => 100755 src/Volume/VolumeInfo.cpp (limited to 'src/Volume') diff --git a/src/Volume/Pkcs5Kdf.cpp b/src/Volume/Pkcs5Kdf.cpp old mode 100644 new mode 100755 index beccd62b..685bc73d --- a/src/Volume/Pkcs5Kdf.cpp +++ b/src/Volume/Pkcs5Kdf.cpp @@ -20,9 +20,9 @@ namespace VeraCrypt { } - void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const + void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const { - DeriveKey (key, password, salt, GetIterationCount()); + DeriveKey (key, password, salt, GetIterationCount(pim)); } shared_ptr Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode) diff --git a/src/Volume/Pkcs5Kdf.h b/src/Volume/Pkcs5Kdf.h old mode 100644 new mode 100755 index b2a13213..29149229 --- a/src/Volume/Pkcs5Kdf.h +++ b/src/Volume/Pkcs5Kdf.h @@ -23,13 +23,13 @@ namespace VeraCrypt public: virtual ~Pkcs5Kdf (); - virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const; + virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const; virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0; static shared_ptr GetAlgorithm (const wstring &name, bool truecryptMode); static shared_ptr GetAlgorithm (const Hash &hash, bool truecryptMode); static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode); virtual shared_ptr GetHash () const = 0; - virtual int GetIterationCount () const = 0; + virtual int GetIterationCount (int pim) const = 0; virtual wstring GetName () const = 0; virtual Pkcs5Kdf* Clone () const = 0; virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); } @@ -55,7 +55,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 2000 : 655331; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); } @@ -72,7 +72,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Ripemd160); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 327661; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); } virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); } @@ -89,7 +89,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } - virtual int GetIterationCount () const { return 200000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); } @@ -106,7 +106,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha256); } - virtual int GetIterationCount () const { return 500000; } + virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); } virtual wstring GetName () const { return L"HMAC-SHA-256"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); } @@ -123,7 +123,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Sha512); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-SHA-512"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); } @@ -140,7 +140,7 @@ namespace VeraCrypt virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const; virtual shared_ptr GetHash () const { return shared_ptr (new Whirlpool); } - virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; } + virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); } virtual wstring GetName () const { return L"HMAC-Whirlpool"; } virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); } diff --git a/src/Volume/Volume.cpp b/src/Volume/Volume.cpp index 51ebf300..ff373029 100755 --- a/src/Volume/Volume.cpp +++ b/src/Volume/Volume.cpp @@ -24,7 +24,8 @@ namespace VeraCrypt TopWriteOffset (0), TotalDataRead (0), TotalDataWritten (0), - TrueCryptMode (false) + TrueCryptMode (false), + Pim (0) { } @@ -63,7 +64,7 @@ namespace VeraCrypt return EA->GetMode(); } - void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, int protectionPim, shared_ptr protectionKdf, shared_ptr protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { make_shared_auto (File, file); @@ -94,10 +95,10 @@ namespace VeraCrypt throw; } - return Open (file, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); } - void Volume::Open (shared_ptr volumeFile, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, shared_ptr protectionKdf,shared_ptr protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) + void Volume::Open (shared_ptr volumeFile, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection, shared_ptr protectionPassword, int protectionPim, shared_ptr protectionKdf,shared_ptr protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) { if (!volumeFile) throw ParameterIncorrect (SRC_POS); @@ -187,7 +188,7 @@ namespace VeraCrypt shared_ptr header = layout->GetHeader(); - if (header->Decrypt (headerBuffer, *passwordKey, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) + if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes)) { // Header decrypted @@ -200,6 +201,7 @@ namespace VeraCrypt } TrueCryptMode = truecryptMode; + Pim = pim; Type = layout->GetType(); SectorSize = header->GetSectorSize(); @@ -237,9 +239,9 @@ namespace VeraCrypt Volume protectedVolume; protectedVolume.Open (VolumeFile, - protectionPassword, protectionKdf, truecryptMode, protectionKeyfiles, + protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles, VolumeProtection::ReadOnly, - shared_ptr (), shared_ptr (),shared_ptr (), + shared_ptr (), 0, shared_ptr (),shared_ptr (), VolumeType::Hidden, useBackupHeaders); diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index d4a2b5a5..19e3eb2e 100755 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -87,11 +87,12 @@ namespace VeraCrypt uint64 GetTotalDataWritten () const { return TotalDataWritten; } VolumeType::Enum GetType () const { return Type; } bool GetTrueCryptMode() const { return TrueCryptMode; } + int GetPim() const { return Pim;} uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); } bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; } bool IsInSystemEncryptionScope () const { return SystemEncryption; } - void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (),shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); - void Open (shared_ptr volumeFile, shared_ptr password, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (),shared_ptr protectionKeyfiles = shared_ptr (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); + void Open (shared_ptr volumeFile, shared_ptr password, int pim, shared_ptr kdf, bool truecryptMode, shared_ptr keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr protectionPassword = shared_ptr (), int protectionPim = 0, shared_ptr protectionKdf = shared_ptr (), shared_ptr protectionKeyfiles = shared_ptr (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false); void ReadSectors (const BufferPtr &buffer, uint64 byteOffset); void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); @@ -118,6 +119,7 @@ namespace VeraCrypt uint64 TotalDataRead; uint64 TotalDataWritten; bool TrueCryptMode; + int Pim; private: Volume (const Volume &); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index 442c6375..3656aa14 100755 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -78,7 +78,7 @@ namespace VeraCrypt EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf); } - bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) { if (password.Size() < 1) throw PasswordEmpty (SRC_POS); @@ -92,7 +92,7 @@ namespace VeraCrypt if (kdf && (kdf->GetName() != pkcs5->GetName())) continue; - pkcs5->DeriveKey (headerKey, password, salt); + pkcs5->DeriveKey (headerKey, password, pim, salt); foreach (shared_ptr mode, encryptionModes) { diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 40b45b3d..894ca8a1 100755 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -56,7 +56,7 @@ namespace VeraCrypt virtual ~VolumeHeader (); void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options); - bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); + bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes); void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; } uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; } diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp old mode 100644 new mode 100755 index 33e0fd6f..aba7c479 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -51,6 +51,7 @@ namespace VeraCrypt VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("TrueCryptMode", TrueCryptMode); + sr.Deserialize ("Pim", Pim); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr first, shared_ptr second) @@ -91,6 +92,7 @@ namespace VeraCrypt sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("TrueCryptMode", TrueCryptMode); + sr.Serialize ("Pim", Pim); } void VolumeInfo::Set (const Volume &volume) @@ -105,7 +107,7 @@ namespace VeraCrypt HiddenVolumeProtectionTriggered = volume.IsHiddenVolumeProtectionTriggered(); MinRequiredProgramVersion = volume.GetHeader()->GetRequiredMinProgramVersion(); Path = volume.GetPath(); - Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(); + Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(volume.GetPim ()); Pkcs5PrfName = volume.GetPkcs5Kdf()->GetName(); Protection = volume.GetProtectionType(); Size = volume.GetSize(); @@ -115,6 +117,7 @@ namespace VeraCrypt TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); TrueCryptMode = volume.GetTrueCryptMode(); + Pim = volume.GetPim (); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 96796b50..c5bd2021 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -57,6 +57,7 @@ namespace VeraCrypt DevicePath VirtualDevice; VolumeTime VolumeCreationTime; bool TrueCryptMode; + int Pim; private: VolumeInfo (const VolumeInfo &); -- cgit v1.2.3