Automatically truncate passwords for TrueCrypt volumes and System Encryption to the first 64 characters. This fix issues encountered by users of TrueCrypt volumes who were using passwords longer than 64 characters that were truncated in previous version.

This commit is contained in:
Mounir IDRASSI 2019-02-04 11:37:37 +01:00
parent 5d3278bcf2
commit 6bb1f24ed5
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
8 changed files with 57 additions and 28 deletions

View File

@ -13047,13 +13047,15 @@ void SetPim (HWND hwndDlg, UINT ctrlId, int pim)
SetDlgItemText (hwndDlg, ctrlId, L"");
}
BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bShowError)
BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bLegacyPassword, BOOL bShowError)
{
wchar_t tmp [MAX_PASSWORD + 1];
int utf8Len;
BOOL bRet = FALSE;
GetWindowText (GetDlgItem (hwndDlg, ctrlID), tmp, ARRAYSIZE (tmp));
if (bLegacyPassword && (lstrlen (tmp) > MAX_LEGACY_PASSWORD))
wmemset (&tmp[MAX_LEGACY_PASSWORD], 0, MAX_PASSWORD + 1 - MAX_LEGACY_PASSWORD);
utf8Len = WideCharToMultiByte (CP_UTF8, 0, tmp, -1, passValue, bufSize, NULL, NULL);
burn (tmp, sizeof (tmp));
if (utf8Len > 0)

View File

@ -515,7 +515,7 @@ BOOL LaunchWindowsIsoBurner (HWND hwnd, const wchar_t *isoPath);
BOOL IsApplicationInstalled (const wchar_t *appName);
int GetPim (HWND hwndDlg, UINT ctrlId, int defaultPim);
void SetPim (HWND hwndDlg, UINT ctrlId, int pim);
BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bShowError);
BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bLegacyPassword, BOOL bShowError);
void SetPassword (HWND hwndDlg, UINT ctrlID, char* passValue);
void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id, UINT edit2Id);
HKEY OpenDeviceClassRegKey (const GUID *deviceClassGuid);

View File

@ -673,17 +673,18 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
if (lw == IDOK)
{
BOOL bTrueCryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
if (mountOptions.ProtectHiddenVolume && hidVolProtKeyFilesParam.EnableKeyFiles)
KeyFilesApply (hwndDlg, &mountOptions.ProtectedHidVolPassword, hidVolProtKeyFilesParam.FirstKeyFile, PasswordDlgVolume);
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, MAX_PASSWORD + 1, TRUE))
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, MAX_PASSWORD + 1, bTrueCryptMode, TRUE))
szXPwd->Length = (unsigned __int32) (strlen ((char *) szXPwd->Text));
else
return 1;
bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE));
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
*truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
*truecryptMode = bTrueCryptMode;
*pim = GetPim (hwndDlg, IDC_PIM, 0);

View File

@ -5755,7 +5755,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
if (hw == EN_CHANGE)
{
GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, MAX_PASSWORD + 1, FALSE);
GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, MAX_PASSWORD + 1, FALSE, FALSE);
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
return 1;
}
@ -7575,7 +7575,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
// Store the password in case we need to restore it after keyfile is applied to it
if (!GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, sizeof (szRawPassword), TRUE))
if (!GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, sizeof (szRawPassword), FALSE, TRUE))
return 1;
if (!SysEncInEffect ())
@ -7684,7 +7684,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
WaitCursor ();
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, MAX_PASSWORD + 1, TRUE))
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, MAX_PASSWORD + 1, FALSE, TRUE))
{
NormalCursor ();
return 1;
@ -7696,7 +7696,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
volumePim = GetPim (hCurPage, IDC_PIM, 0);
// Store the password in case we need to restore it after keyfile is applied to it
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, sizeof (szRawPassword), TRUE))
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, sizeof (szRawPassword), FALSE, TRUE))
{
NormalCursor ();
return 1;
@ -8791,7 +8791,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else if (nCurPageNo == PASSWORD_PAGE)
{
// Store the password in case we need to restore it after keyfile is applied to it
GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, sizeof (szRawPassword), FALSE);
GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, sizeof (szRawPassword), FALSE, FALSE);
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (MainDlg, IDC_NEXT),
GetDlgItem (hCurPage, IDC_PASSWORD),
@ -8833,7 +8833,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
// Store the password in case we need to restore it after keyfile is applied to it
GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, MAX_PASSWORD + 1, FALSE);
GetPassword (hCurPage, IDC_PASSWORD_DIRECT, szRawPassword, MAX_PASSWORD + 1, FALSE, FALSE);
memcpy (volumePassword.Text, szRawPassword, MAX_PASSWORD + 1);
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);

View File

@ -133,7 +133,7 @@ namespace VeraCrypt
try
{
Options.Password = PasswordPanel->GetPassword();
Options.Password = PasswordPanel->GetPassword(Options.PartitionInSystemEncryptionScope);
}
catch (PasswordException& e)
{
@ -165,7 +165,7 @@ namespace VeraCrypt
{
try
{
Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword();
Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword(Options.TrueCryptMode);
}
catch (PasswordException& e)
{

View File

@ -219,15 +219,16 @@ namespace VeraCrypt
SetPimValidator ();
}
shared_ptr <VolumePassword> VolumePasswordPanel::GetPassword () const
shared_ptr <VolumePassword> VolumePasswordPanel::GetPassword (bool bForceLegacyPassword) const
{
return GetPassword (PasswordTextCtrl);
return GetPassword (PasswordTextCtrl, bForceLegacyPassword || GetTrueCryptMode());
}
shared_ptr <VolumePassword> VolumePasswordPanel::GetPassword (wxTextCtrl *textCtrl) const
shared_ptr <VolumePassword> VolumePasswordPanel::GetPassword (wxTextCtrl *textCtrl, bool bLegacyPassword) const
{
shared_ptr <VolumePassword> password;
wchar_t passwordBuf[VolumePassword::MaxSize + 1];
size_t maxPasswordLength = bLegacyPassword? VolumePassword::MaxLegacySize: VolumePassword::MaxSize;
finally_do_arg (BufferPtr, BufferPtr (reinterpret_cast <byte *> (passwordBuf), sizeof (passwordBuf)), { finally_arg.Erase(); });
#ifdef TC_WINDOWS
@ -235,12 +236,12 @@ namespace VeraCrypt
password = ToUTF8Password (passwordBuf, len);
#else
wxString passwordStr (textCtrl->GetValue()); // A copy of the password is created here by wxWidgets, which cannot be erased
for (size_t i = 0; i < passwordStr.size() && i < VolumePassword::MaxSize; ++i)
for (size_t i = 0; i < passwordStr.size() && i < maxPasswordLength; ++i)
{
passwordBuf[i] = (wchar_t) passwordStr[i];
passwordStr[i] = L'X';
}
password = ToUTF8Password (passwordBuf, passwordStr.size() <= VolumePassword::MaxSize ? passwordStr.size() : VolumePassword::MaxSize);
password = ToUTF8Password (passwordBuf, passwordStr.size() <= maxPasswordLength ? passwordStr.size() : maxPasswordLength);
#endif
return password;
}

View File

@ -27,7 +27,7 @@ namespace VeraCrypt
void AddKeyfile (shared_ptr <Keyfile> keyfile);
shared_ptr <KeyfileList> GetKeyfiles () const { return UseKeyfilesCheckBox->IsChecked() ? Keyfiles : shared_ptr <KeyfileList> (); }
shared_ptr <VolumePassword> GetPassword () const;
shared_ptr <VolumePassword> GetPassword (bool bForceLegacyPassword = false) const;
shared_ptr <Pkcs5Kdf> GetPkcs5Kdf (bool &bUnsupportedKdf) const;
shared_ptr <Pkcs5Kdf> GetPkcs5Kdf (bool bTrueCryptMode, bool &bUnsupportedKdf) const;
int GetVolumePim () const;
@ -49,7 +49,7 @@ namespace VeraCrypt
protected:
void SetPimValidator ();
void DisplayPassword (bool display, wxTextCtrl **textCtrl, int row);
shared_ptr <VolumePassword> GetPassword (wxTextCtrl *textCtrl) const;
shared_ptr <VolumePassword> GetPassword (wxTextCtrl *textCtrl, bool bLegacyPassword = false) const;
void OnAddKeyfileDirMenuItemSelected (wxCommandEvent& event);
void OnAddKeyfilesMenuItemSelected (wxCommandEvent& event);
void OnAddSecurityTokenSignatureMenuItemSelected (wxCommandEvent& event);

View File

@ -2733,7 +2733,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
GetVolumePath (hParent, szFileName, ARRAYSIZE (szFileName));
if (GetPassword (hwndDlg, IDC_OLD_PASSWORD, (LPSTR) oldPassword.Text, sizeof (oldPassword.Text), TRUE))
if (GetPassword (hwndDlg, IDC_OLD_PASSWORD, (LPSTR) oldPassword.Text, sizeof (oldPassword.Text), truecryptMode, TRUE))
oldPassword.Length = (unsigned __int32) strlen ((char *) oldPassword.Text);
else
{
@ -2751,7 +2751,7 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
break;
default:
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) newPassword.Text, sizeof (newPassword.Text), TRUE))
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) newPassword.Text, sizeof (newPassword.Text), FALSE, TRUE))
newPassword.Length = (unsigned __int32) strlen ((char *) newPassword.Text);
else
return 1;
@ -3155,17 +3155,18 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
if (lw == IDOK)
{
BOOL bTrueCryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
if (mountOptions.ProtectHiddenVolume && hidVolProtKeyFilesParam.EnableKeyFiles)
KeyFilesApply (hwndDlg, &mountOptions.ProtectedHidVolPassword, hidVolProtKeyFilesParam.FirstKeyFile, wcslen (PasswordDlgVolume) > 0 ? PasswordDlgVolume : NULL);
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, MAX_PASSWORD + 1, TRUE))
if (GetPassword (hwndDlg, IDC_PASSWORD, (LPSTR) szXPwd->Text, MAX_PASSWORD + 1, bTrueCryptMode, TRUE))
szXPwd->Length = (unsigned __int32) strlen ((char *) szXPwd->Text);
else
return 1;
bCacheInDriver = IsButtonChecked (GetDlgItem (hwndDlg, IDC_CACHE));
*pkcs5 = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
*truecryptMode = GetCheckBox (hwndDlg, IDC_TRUECRYPT_MODE);
*truecryptMode = bTrueCryptMode;
*pim = GetPim (hwndDlg, IDC_PIM, 0);
@ -3717,7 +3718,7 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
{
GetPassword (hwndDlg, IDC_PASSWORD_PROT_HIDVOL,
(LPSTR) mountOptions->ProtectedHidVolPassword.Text, MAX_PASSWORD + 1,
FALSE);
FALSE, FALSE);
mountOptions->ProtectedHidVolPassword.Length = (unsigned __int32) strlen ((char *) mountOptions->ProtectedHidVolPassword.Text);
@ -8798,6 +8799,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
wchar_t **lpszCommandLineArgs = NULL; /* Array of command line arguments */
int nNoCommandLineArgs; /* The number of arguments in the array */
wchar_t tmpPath[MAX_PATH * 2];
wchar_t CmdRawPassword[MAX_PASSWORD + 1]; /* Raw value of password passed from command line */
/* Defaults */
mountOptions.PreserveTimestamp = TRUE;
@ -9119,20 +9121,21 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
case OptionPassword:
{
wchar_t szTmp[MAX_PASSWORD + 1];
if (HAS_ARGUMENT == GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs,
szTmp, ARRAYSIZE (szTmp)))
CmdRawPassword, ARRAYSIZE (CmdRawPassword)))
{
int iLen = WideCharToMultiByte (CP_UTF8, 0, szTmp, -1, (char*) CmdVolumePassword.Text, MAX_PASSWORD + 1, NULL, NULL);
burn (szTmp, sizeof (szTmp));
int iLen = WideCharToMultiByte (CP_UTF8, 0, CmdRawPassword, -1, (char*) CmdVolumePassword.Text, MAX_PASSWORD + 1, NULL, NULL);
if (iLen > 0)
{
CmdVolumePassword.Length = (unsigned __int32) (iLen - 1);
CmdVolumePasswordValid = TRUE;
}
else
{
burn (CmdRawPassword, sizeof (CmdRawPassword));
AbortProcess ("COMMAND_LINE_ERROR");
}
}
else
AbortProcess ("COMMAND_LINE_ERROR");
}
@ -9285,6 +9288,28 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
}
}
if (CmdVolumePasswordValid && (CmdVolumeTrueCryptMode || (CmdMountOptionsValid && bPrebootPasswordDlgMode)))
{
/* truncate the password to 64 first characer in case of TrueCrypt Mode or System Encryption */
if (lstrlen (CmdRawPassword) > MAX_LEGACY_PASSWORD)
{
int iLen;
wmemset (&CmdRawPassword[MAX_LEGACY_PASSWORD], 0, MAX_PASSWORD + 1 - MAX_LEGACY_PASSWORD);
iLen = WideCharToMultiByte (CP_UTF8, 0, CmdRawPassword, -1, (char*) CmdVolumePassword.Text, MAX_PASSWORD + 1, NULL, NULL);
if (iLen > 0)
{
CmdVolumePassword.Length = (unsigned __int32) (iLen - 1);
}
else
{
burn (CmdRawPassword, sizeof (CmdRawPassword));
AbortProcess ("COMMAND_LINE_ERROR");
}
}
}
burn (CmdRawPassword, sizeof (CmdRawPassword));
/* Free up the command line arguments */
while (--nNoCommandLineArgs >= 0)
{