From d1b26d4bfefe4d7f8581d4555e6634c3603772ed Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 2 Jul 2017 19:35:12 +0200 Subject: Windows: fix documentation and UI messages about the PIM constraints and calculation formula when EFI system encryption is using SHA-512 or Whirlpool. For historical reasons, if SHA-512 or Whirlpool is selected for EFI system encryption, then iterations = 15000 + (PIM x 1000) and not iterations = PIM x 2048 like the other algorithms. --- src/Common/Password.c | 9 +++++---- src/Common/Password.h | 2 +- src/Format/Tcformat.c | 8 ++++---- src/Mount/Mount.c | 14 +++++++++++++- 4 files changed, 23 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/Common/Password.c b/src/Common/Password.c index e3876042..8ba91374 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -133,14 +133,15 @@ BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw) } -BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning) +BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning) { - BOOL bCustomPimSmall = ((pim != 0) && (pim < (bForBoot? 98 : 485)))? TRUE : FALSE; + BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE; + BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE; if (passwordLength < PASSWORD_LEN_WARNING) { if (bCustomPimSmall) { - Error (bForBoot? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg); + Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg); return FALSE; } @@ -157,7 +158,7 @@ BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim } #endif - if ((pim != 0) && (pim > (bForBoot? 98 : 485))) + if ((pim != 0) && (pim > (bootPimCondition? 98 : 485))) { // warn that mount/boot will take more time Warning ("PIM_LARGE_WARNING", hwndDlg); diff --git a/src/Common/Password.h b/src/Common/Password.h index 9afcd060..b2b0511d 100644 --- a/src/Common/Password.h +++ b/src/Common/Password.h @@ -39,7 +39,7 @@ typedef struct #if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI) void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled ); -BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning); +BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, int bootPRF, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning); BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw); int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg); diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 5b1b0d16..09c52705 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -4404,7 +4404,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetFocus (GetDlgItem (hwndDlg, IDC_PIM)); - SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect ()? "PIM_SYSENC_HELP" : "PIM_HELP")); + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString (SysEncInEffect () && hash_algo != SHA512 && hash_algo != WHIRLPOOL? "PIM_SYSENC_HELP" : "PIM_HELP")); ToHyperlink (hwndDlg, IDC_LINK_PIM_INFO); @@ -6238,7 +6238,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (volumePassword.Length > 0) { // Check password length (check also done for outer volume which is not the case in TrueCrypt). - if (!CheckPasswordLength (NULL, volumePassword.Length, volumePim, FALSE, Silent, Silent)) + if (!CheckPasswordLength (NULL, volumePassword.Length, volumePim, FALSE, 0, Silent, Silent)) { exit (1); } @@ -7514,7 +7514,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa return 1; } // Check password length (check also done for outer volume which is not the case in TrueCrypt). - else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), FALSE, FALSE)) + else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE)) { return 1; } @@ -7601,7 +7601,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa return 1; } // Check password length (check also done for outer volume which is not the case in TrueCrypt). - else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), TRUE, FALSE)) + else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, TRUE, FALSE)) { return 1; } diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index b0439ea5..6a4a57a7 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -2672,7 +2672,19 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR else if (!(newKeyFilesParam.EnableKeyFiles && newKeyFilesParam.FirstKeyFile != NULL) && pwdChangeDlgMode == PCDM_CHANGE_PASSWORD) { - if (!CheckPasswordLength (hwndDlg, GetWindowTextLength(GetDlgItem (hwndDlg, IDC_PASSWORD)), pim, bSysEncPwdChangeDlgMode, FALSE, FALSE)) + int bootPRF = 0; + if (bSysEncPwdChangeDlgMode) + { + try + { + VOLUME_PROPERTIES_STRUCT properties; + BootEncObj->GetVolumeProperties(&properties); + bootPRF = properties.pkcs5; + } + catch(...) + {} + } + if (!CheckPasswordLength (hwndDlg, GetWindowTextLength(GetDlgItem (hwndDlg, IDC_PASSWORD)), pim, bSysEncPwdChangeDlgMode, bootPRF, FALSE, FALSE)) return 1; } -- cgit v1.2.3