Linux/MacOSX: Implement Unicode passwords suppport. Make validation of parameters in GUI more robust.

2025-11-12 11:28:26 -06:00 · 2015-11-30 11:35:41 +01:00
parent cfadb231d2
commit efa436974d
16 changed files with 195 additions and 225 deletions
--- a/src/Main/Forms/ChangePasswordDialog.cpp
+++ b/src/Main/Forms/ChangePasswordDialog.cpp
@@ -85,11 +85,11 @@ namespace VeraCrypt

 		try
 		{
-			shared_ptr <Pkcs5Kdf> currentKdf = CurrentPasswordPanel->GetPkcs5Kdf();
-			if (currentKdf && CurrentPasswordPanel->GetTrueCryptMode() && (currentKdf->GetName() == L"HMAC-SHA-256"))
+			bool bUnsupportedKdf = false;
+			shared_ptr <Pkcs5Kdf> currentKdf = CurrentPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf);
+			if (bUnsupportedKdf)
 			{
 				Gui->ShowWarning (LangString ["ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
-				event.Skip();
 				return;
 			}
 			
@@ -97,15 +97,23 @@ namespace VeraCrypt
 			int newPim = 0;
 			if (DialogMode == Mode::ChangePasswordAndKeyfiles)
 			{
-				newPassword = NewPasswordPanel->GetPassword();
+				try
+				{
+					newPassword = NewPasswordPanel->GetPassword();
+				}
+				catch (PasswordException& e)
+				{
+					Gui->ShowWarning (e);
+					NewPasswordPanel->SetFocusToPasswordTextCtrl();				
+					return;
+				}
 				newPim = NewPasswordPanel->GetVolumePim();
-				newPassword->CheckPortability();

 				if (newPassword->Size() > 0)
 				{
 					if (newPassword->Size() < VolumePassword::WarningSizeThreshold)
 					{
-						if (newPim < 485)
+						if (newPim > 0 && newPim < 485)
 						{
 							Gui->ShowError ("PIM_REQUIRE_LONG_PASSWORD");						
 							return;
@@ -117,7 +125,7 @@ namespace VeraCrypt
 							return;
 						}
 					}
-					else if (newPim < 485)
+					else if (newPim > 0 && newPim < 485)
 					{
 						if (!Gui->AskYesNo (LangString ["PIM_SMALL_WARNING"], false, true))
 						{
@@ -141,7 +149,7 @@ namespace VeraCrypt

 			/* force the display of the random enriching interface */
 			RandomNumberGenerator::SetEnrichedByUserStatus (false);
-			Gui->UserEnrichRandomPool (this, NewPasswordPanel->GetPkcs5Kdf() ? NewPasswordPanel->GetPkcs5Kdf()->GetHash() : shared_ptr <Hash>());
+			Gui->UserEnrichRandomPool (this, NewPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf) ? NewPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf)->GetHash() : shared_ptr <Hash>());

 			{
 #ifdef TC_UNIX
@@ -162,8 +170,8 @@ namespace VeraCrypt
 #endif
 				wxBusyCursor busy;
 				ChangePasswordThreadRoutine routine(Path,	Gui->GetPreferences().DefaultMountOptions.PreserveTimestamps,
-					CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(),
-					newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount());
+					CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(),
+					newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf), NewPasswordPanel->GetHeaderWipeCount());
 				Gui->ExecuteWaitThreadRoutine (this, &routine);
 			}

@@ -208,26 +216,34 @@ namespace VeraCrypt
 	{
 		bool ok = true;

-		bool passwordEmpty = CurrentPasswordPanel->GetPassword()->IsEmpty();
-		bool keyfilesEmpty = !CurrentPasswordPanel->GetKeyfiles() || CurrentPasswordPanel->GetKeyfiles()->empty();
-
-		if (passwordEmpty && keyfilesEmpty)
-			ok = false;
-
-		if (DialogMode == Mode::RemoveAllKeyfiles && (passwordEmpty || keyfilesEmpty))
-			ok = false;
-
-		if (DialogMode == Mode::ChangePasswordAndKeyfiles || DialogMode == Mode::ChangeKeyfiles)
+		try
 		{
-			bool newKeyfilesEmpty = !NewPasswordPanel->GetKeyfiles() || NewPasswordPanel->GetKeyfiles()->empty();

-			if (DialogMode == Mode::ChangeKeyfiles
-				&& ((passwordEmpty && newKeyfilesEmpty) || (keyfilesEmpty && newKeyfilesEmpty)))
+			bool passwordEmpty = CurrentPasswordPanel->GetPassword()->IsEmpty();
+			bool keyfilesEmpty = !CurrentPasswordPanel->GetKeyfiles() || CurrentPasswordPanel->GetKeyfiles()->empty();
+
+			if (passwordEmpty && keyfilesEmpty)
 				ok = false;

-			if (DialogMode == Mode::ChangePasswordAndKeyfiles
-				&& ((NewPasswordPanel->GetPassword()->IsEmpty() && newKeyfilesEmpty) || !NewPasswordPanel->PasswordsMatch()))
+			if (DialogMode == Mode::RemoveAllKeyfiles && (passwordEmpty || keyfilesEmpty))
 				ok = false;
+
+			if (DialogMode == Mode::ChangePasswordAndKeyfiles || DialogMode == Mode::ChangeKeyfiles)
+			{
+				bool newKeyfilesEmpty = !NewPasswordPanel->GetKeyfiles() || NewPasswordPanel->GetKeyfiles()->empty();
+
+				if (DialogMode == Mode::ChangeKeyfiles
+					&& ((passwordEmpty && newKeyfilesEmpty) || (keyfilesEmpty && newKeyfilesEmpty)))
+					ok = false;
+
+				if (DialogMode == Mode::ChangePasswordAndKeyfiles
+					&& ((NewPasswordPanel->GetPassword()->IsEmpty() && newKeyfilesEmpty) || !NewPasswordPanel->PasswordsMatch()))
+					ok = false;
+			}
+		}
+		catch (PasswordException&)
+		{
+			ok = false;
 		}

 		OKButton->Enable (ok);
--- a/src/Main/Forms/MountOptionsDialog.cpp
+++ b/src/Main/Forms/MountOptionsDialog.cpp
@@ -85,12 +85,26 @@ namespace VeraCrypt
 	}

 	void MountOptionsDialog::OnOKButtonClick (wxCommandEvent& event)
-	{
+	{	
+		bool bUnsupportedKdf = false;
 		TransferDataFromWindow();

-		Options.Password = PasswordPanel->GetPassword();
+		try
+		{
+			Options.Password = PasswordPanel->GetPassword();
+		}
+		catch (PasswordException& e)
+		{
+			Gui->ShowWarning (e);
+			return;
+		}
 		Options.Pim = PasswordPanel->GetVolumePim();
-		Options.Kdf = PasswordPanel->GetPkcs5Kdf();
+		Options.Kdf = PasswordPanel->GetPkcs5Kdf(bUnsupportedKdf);
+		if (bUnsupportedKdf)
+		{
+			Gui->ShowWarning (LangString ["ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
+			return;
+		}
 		Options.TrueCryptMode = PasswordPanel->GetTrueCryptMode();
 		Options.Keyfiles = PasswordPanel->GetKeyfiles();

@@ -100,10 +114,23 @@ namespace VeraCrypt
 		}
 		else if (ProtectionCheckBox->IsChecked())
 		{
-			Options.Protection = VolumeProtection::HiddenVolumeReadOnly;
-			Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword();
+			try
+			{
+				Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword();
+			}
+			catch (PasswordException& e)
+			{
+				Gui->ShowWarning (e);
+				return;
+			}
+			Options.Protection = VolumeProtection::HiddenVolumeReadOnly;			
 			Options.ProtectionPim = ProtectionPasswordPanel->GetVolumePim();
-			Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf();
+			Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf(Options.TrueCryptMode, bUnsupportedKdf);
+			if (bUnsupportedKdf)
+			{
+				Gui->ShowWarning (LangString ["ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
+				return;
+			}
 			Options.ProtectionKeyfiles = ProtectionPasswordPanel->GetKeyfiles();
 		}
 		else
@@ -117,23 +144,6 @@ namespace VeraCrypt

 		Options.FilesystemOptions = FilesystemOptionsTextCtrl->GetValue();

-		try
-		{
-			if (Options.Password)
-				Options.Password->CheckPortability();
-		}
-		catch (UnportablePassword &)
-		{
-			Gui->ShowWarning (LangString ["UNSUPPORTED_CHARS_IN_PWD_RECOM"]);
-		}
-		
-		if (Options.TrueCryptMode && Options.Kdf && (Options.Kdf->GetName() == L"HMAC-SHA-256"))
-		{
-			Gui->ShowWarning (LangString ["ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE"]);
-			event.Skip();
-			return;
-		}
-
 		EndModal (wxID_OK);
 	}

--- a/src/Main/Forms/VolumeCreationWizard.cpp
+++ b/src/Main/Forms/VolumeCreationWizard.cpp
@@ -733,22 +733,21 @@ namespace VeraCrypt
 		case Step::VolumePassword:
 			{
 				VolumePasswordWizardPage *page = dynamic_cast <VolumePasswordWizardPage *> (GetCurrentPage());
-				Password = page->GetPassword();
+				try
+				{
+					Password = page->GetPassword();
+				}
+				catch (PasswordException& e)
+				{
+					Gui->ShowWarning (e);
+					return GetCurrentStep();
+				}
+				
 				Kdf = page->GetPkcs5Kdf();
 				Keyfiles = page->GetKeyfiles();

 				if (forward && Password && !Password->IsEmpty())
 				{
-					try
-					{
-						Password->CheckPortability();
-					}
-					catch (UnportablePassword &e)
-					{
-						Gui->ShowError (e);
-						return GetCurrentStep();
-					}
-
 					if (Password->Size() < VolumePassword::WarningSizeThreshold)
 					{
 						if (!Gui->AskYesNo (LangString["PASSWORD_LENGTH_WARNING"], false, true))
--- a/src/Main/Forms/VolumePasswordPanel.cpp
+++ b/src/Main/Forms/VolumePasswordPanel.cpp
@@ -231,7 +231,7 @@ namespace VeraCrypt

 #ifdef TC_WINDOWS
 		int len = GetWindowText (static_cast <HWND> (textCtrl->GetHandle()), passwordBuf, VolumePassword::MaxSize + 1);
-		password.reset (new VolumePassword (passwordBuf, len));
+		password = ToUTF8Password (passwordBuf, len);
 #else
 		wxString passwordStr (textCtrl->GetValue());	// A copy of the password is created here by wxWidgets, which cannot be erased
 		for (size_t i = 0; i < passwordStr.size() && i < VolumePassword::MaxSize; ++i)
@@ -239,19 +239,33 @@ namespace VeraCrypt
 			passwordBuf[i] = (wchar_t) passwordStr[i];
 			passwordStr[i] = L'X';
 		}
-		password.reset (new VolumePassword (passwordBuf, passwordStr.size() <= VolumePassword::MaxSize ? passwordStr.size() : VolumePassword::MaxSize));
+		password = ToUTF8Password (passwordBuf, passwordStr.size() <= VolumePassword::MaxSize ? passwordStr.size() : VolumePassword::MaxSize);
 #endif
 		return password;
 	}

-	shared_ptr <Pkcs5Kdf> VolumePasswordPanel::GetPkcs5Kdf () const
+	shared_ptr <Pkcs5Kdf> VolumePasswordPanel::GetPkcs5Kdf (bool &bUnsupportedKdf) const
 	{
+		return GetPkcs5Kdf (GetTrueCryptMode(), bUnsupportedKdf);
+	}
+
+	shared_ptr <Pkcs5Kdf> VolumePasswordPanel::GetPkcs5Kdf (bool bTrueCryptMode, bool &bUnsupportedKdf) const
+	{
+		bUnsupportedKdf = false;
 		try
 		{
-			return Pkcs5Kdf::GetAlgorithm (wstring (Pkcs5PrfChoice->GetStringSelection()), GetTrueCryptMode());
+			int index = Pkcs5PrfChoice->GetSelection ();
+			if ((wxNOT_FOUND == index) || (0 == index))
+			{
+				// auto-detection
+				return shared_ptr <Pkcs5Kdf> ();
+			}
+			else
+				return Pkcs5Kdf::GetAlgorithm (wstring (Pkcs5PrfChoice->GetStringSelection()), bTrueCryptMode);
 		}
 		catch (ParameterIncorrect&)
 		{
+			bUnsupportedKdf = true;
 			return shared_ptr <Pkcs5Kdf> ();
 		}
 	}
@@ -419,7 +433,14 @@ namespace VeraCrypt
 	bool VolumePasswordPanel::PasswordsMatch () const
 	{
 		assert (ConfirmPasswordStaticText->IsShown());
-		return *GetPassword (PasswordTextCtrl) == *GetPassword (ConfirmPasswordTextCtrl);
+		try
+		{
+			return *GetPassword (PasswordTextCtrl) == *GetPassword (ConfirmPasswordTextCtrl);
+		}
+		catch (PasswordException&)
+		{
+			return false;
+		}
 	}

 	void VolumePasswordPanel::WipeTextCtrl (wxTextCtrl *textCtrl)
--- a/src/Main/Forms/VolumePasswordPanel.h
+++ b/src/Main/Forms/VolumePasswordPanel.h
@@ -28,7 +28,8 @@ namespace VeraCrypt
 		void AddKeyfile (shared_ptr <Keyfile> keyfile);
 		shared_ptr <KeyfileList> GetKeyfiles () const { return UseKeyfilesCheckBox->IsChecked() ? Keyfiles : shared_ptr <KeyfileList> (); }
 		shared_ptr <VolumePassword> GetPassword () const;
-		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const;
+		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf (bool &bUnsupportedKdf) const;
+		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf (bool bTrueCryptMode, bool &bUnsupportedKdf) const;
 		int GetVolumePim () const;
 		bool GetTrueCryptMode () const;
 		int GetHeaderWipeCount () const;
--- a/src/Main/Forms/VolumePasswordWizardPage.cpp
+++ b/src/Main/Forms/VolumePasswordWizardPage.cpp
@@ -35,9 +35,16 @@ namespace VeraCrypt
 		if (ConfirmationMode && !PasswordPanel->PasswordsMatch())
 			return false;

-		shared_ptr <KeyfileList> keyfiles (GetKeyfiles());
-		shared_ptr <VolumePassword> password (GetPassword());
+		try
+		{
+			shared_ptr <KeyfileList> keyfiles (GetKeyfiles());
+			shared_ptr <VolumePassword> password (GetPassword());

-		return (password && !GetPassword()->IsEmpty()) || (keyfiles && !keyfiles->empty());
+			return (password && !GetPassword()->IsEmpty()) || (keyfiles && !keyfiles->empty());
+		}
+		catch (PasswordException&)
+		{
+			return false;
+		}
 	}
 }
--- a/src/Main/Forms/VolumePasswordWizardPage.h
+++ b/src/Main/Forms/VolumePasswordWizardPage.h
@@ -30,7 +30,7 @@ namespace VeraCrypt
 		bool IsPimSelected () const { return PasswordPanel->IsUsePimChecked ();}
 		void SetPimSelected (bool selected) const { PasswordPanel->SetUsePimChecked (selected);}
 		
-		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const { return PasswordPanel->GetPkcs5Kdf(); }
+		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const { bool bUnsupportedKdf; return PasswordPanel->GetPkcs5Kdf(bUnsupportedKdf); }
 		bool IsValid ();
 		void SetMaxStaticTextWidth (int width) { InfoStaticText->Wrap (width); }
 		void SetPageText (const wxString &text) { InfoStaticText->SetLabel (text); }
--- a/src/Main/Forms/WaitDialog.cpp
+++ b/src/Main/Forms/WaitDialog.cpp
@@ -37,6 +37,8 @@ namespace VeraCrypt
 		VC_CONVERT_EXCEPTION (ProtectionPasswordKeyfilesIncorrect);
 		VC_CONVERT_EXCEPTION (PasswordEmpty);
 		VC_CONVERT_EXCEPTION (PasswordTooLong);
+		VC_CONVERT_EXCEPTION (PasswordUTF8TooLong);
+		VC_CONVERT_EXCEPTION (PasswordUTF8Invalid);
 		VC_CONVERT_EXCEPTION (UnportablePassword);
 		VC_CONVERT_EXCEPTION (ElevationFailed);
 		VC_CONVERT_EXCEPTION (RootDeviceUnavailable);