nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-24 12:03:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Implement support for EFI system encryption in Windows GUI.

Browse Source
This commit is contained in:
Mounir IDRASSI 2016-08-09 23:26:15 +02:00
parent 246233c402
commit 07ee8c1069
No known key found for this signature in database
GPG Key ID: DD0C382D5FCFB8FC
18 changed files with 2337 additions and 525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

217
src/Common/BaseCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -161,6 +161,63 @@ DWORD BaseCom::ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *buff
return ERROR_SUCCESS;
}
DWORD BaseCom::GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
if (!pSize)
return ERROR_INVALID_PARAMETER;
try
{
std::wstring path (filePath);
File file(filePath, true);
file.CheckOpened (SRC_POS);
file.GetFileSize (*pSize);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
try
{
auto_ptr <File> file (device ? new Device (filePath, readOnly == TRUE) : new File (filePath, readOnly == TRUE));
file->CheckOpened (SRC_POS);
if (!file->IoCtl (dwIoControlCode, (BYTE *) input, !(BYTE *) input ? 0 : ((DWORD *) ((BYTE *) input))[-1],
(BYTE *) *output, !(BYTE *) *output ? 0 : ((DWORD *) ((BYTE *) *output))[-1]))
{
return GetLastError();
}
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::RegisterFilterDriver (BOOL registerDriver, int filterType)
{
@ -244,3 +301,161 @@ DWORD BaseCom::WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName
return ERROR_SUCCESS;
}
DWORD BaseCom::InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.InstallBootLoader (preserveUserConfig? true : false, hiddenOSCreation? true : false, pim, hashAlg);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::BackupEfiSystemLoader ()
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.BackupSystemLoader ();
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::RestoreEfiSystemLoader ()
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.RestoreSystemLoader ();
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn)
{
if (!pSdn || !(*pSdn) || ((((DWORD *) ((BYTE *) *pSdn))[-1]) < sizeof (STORAGE_DEVICE_NUMBER)))
return ERROR_INVALID_PARAMETER;
try
{
BootEncryption bootEnc (NULL);
bootEnc.GetEfiBootDeviceNumber ((PSTORAGE_DEVICE_NUMBER) *pSdn);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
if (!pContent || !(*pContent))
return ERROR_INVALID_PARAMETER;
try
{
DWORD maxSize = ((DWORD *) ((BYTE *) *pContent))[-1];
BootEncryption bootEnc (NULL);
bootEnc.ReadEfiConfig ((byte*) *pContent, maxSize, pcbRead);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
if (!customUserMessage)
return ERROR_INVALID_PARAMETER;
try
{
DWORD maxSize = ((DWORD *) ((BYTE *) customUserMessage))[-1];
char* msg = (char*) *customUserMessage;
if (maxSize > 0)
msg [maxSize - 1] = 0;
std::string msgStr = maxSize > 0 ? msg : "";
BootEncryption bootEnc (NULL);
bootEnc.WriteEfiBootSectorUserConfig ((byte) userConfig, msgStr, pim, hashAlg);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}

16
src/Common/BaseCom.h
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -20,11 +20,11 @@ class TrueCryptFactory : public IClassFactory
{
public:
TrueCryptFactory (DWORD messageThreadId) :
TrueCryptFactory (DWORD messageThreadId) :
RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { }
~TrueCryptFactory () { }
virtual ULONG STDMETHODCALLTYPE AddRef ()
{
return InterlockedIncrement (&RefCount) - 1;
@ -53,7 +53,7 @@ class TrueCryptFactory : public IClassFactory
AddRef ();
return S_OK;
}
virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject)
{
if (pUnkOuter != NULL)
@ -110,6 +110,14 @@ class BaseCom
static DWORD RegisterSystemFavoritesService (BOOL registerService);
static DWORD SetDriverServiceStartType (DWORD startType);
static DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
static DWORD GetFileSize (BSTR filePath, unsigned __int64 *pSize);
static DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
static DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
static DWORD BackupEfiSystemLoader ();
static DWORD RestoreEfiSystemLoader ();
static DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
static DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
static DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
};

1553
src/Common/BootEncryption.cpp
View File

File diff suppressed because it is too large Load Diff

97
src/Common/BootEncryption.h
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -18,6 +18,16 @@
#include "Exception.h"
#include "Platform/PlatformBase.h"
#include "Volumes.h"
#include <Winternl.h>
#define SYSPARTITIONINFORMATION 0x62
typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
using namespace std;
@ -26,7 +36,7 @@ namespace VeraCrypt
class File
{
public:
File () : Elevated (false), FileOpen (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { }
File () : Elevated (false), FileOpen (false), ReadOnly (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { }
File (wstring path,bool readOnly = false, bool create = false);
virtual ~File () { Close(); }
@ -35,10 +45,13 @@ namespace VeraCrypt
DWORD Read (byte *buffer, DWORD size);
void Write (byte *buffer, DWORD size);
void SeekAt (int64 position);
void GetFileSize (unsigned __int64& size);
bool IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize);
protected:
bool Elevated;
bool FileOpen;
bool ReadOnly;
uint64 FilePointerPosition;
HANDLE Handle;
bool IsDevice;
@ -131,6 +144,67 @@ namespace VeraCrypt
bool SystemLoaderPresent;
};
class EfiBootConf
{
public:
int passwordType;
string passwordMsg;
string passwordPicture;
string hashMsg;
int hashAlgo;
int requestHash;
string pimMsg;
int pim;
int requestPim;
int authorizeVisible;
int authorizeRetry;
EfiBootConf();
static BOOL ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize);
static int ReadConfigInteger (char* configContent, const char *configKey, int defaultValue);
static char *ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen);
static BOOL WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue);
static BOOL WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue);
BOOL Load (const wchar_t* fileName);
void Load (char* configContent);
BOOL Save (const wchar_t* fileName, HWND hwnd);
};
class EfiBoot {
public:
EfiBoot();
void MountBootPartition(WCHAR letter);
void DismountBootPartition();
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
void SaveFile(wchar_t* name, byte* data, DWORD size);
void GetFileSize(const wchar_t* name, unsigned __int64& size);
void ReadFile(const wchar_t* name, byte* data, DWORD size);
void CopyFile(const wchar_t* name, const wchar_t* targetName);
BOOL RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce);
BOOL DelFile(wchar_t* name);
BOOL MkDir(wchar_t* name, bool& bAlreadyExists);
BOOL ReadConfig (wchar_t* name, EfiBootConf& conf);
BOOL UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg);
BOOL WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
protected:
bool m_bMounted;
WCHAR EfiBootPartPath[3];
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
WCHAR tempBuf[1024];
WCHAR systemPartitionPath[MAX_PATH];
};
class BootEncryption
{
public:
@ -168,9 +242,9 @@ namespace VeraCrypt
BootEncryptionStatus GetStatus ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration ();
void Install (bool hiddenSystem);
void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1);
void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false);
void Install (bool hiddenSystem, int hashAlgo);
void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
bool CheckBootloaderFingerprint (bool bSilent = false);
void InvalidateCachedSysDriveProperties ();
bool IsCDRecorderPresent ();
@ -179,8 +253,9 @@ namespace VeraCrypt
void PrepareHiddenOSCreation (int ea, int mode, int pkcs5);
void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath);
void ProbeRealSystemDriveSize ();
void ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
bool ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
uint32 ReadDriverConfigurationFlags ();
void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead);
void RegisterBootDriver (bool hiddenSystem);
void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService);
@ -206,13 +281,16 @@ namespace VeraCrypt
void WipeHiddenOSCreationConfig ();
void WriteBootDriveSector (uint64 offset, byte *data);
void WriteBootSectorConfig (const byte newConfig[]);
void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim);
void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value);
void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn);
void BackupSystemLoader ();
void RestoreSystemLoader ();
protected:
static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image
void BackupSystemLoader ();
void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false);
void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim);
wstring GetSystemLoaderBackupPath ();
@ -221,8 +299,7 @@ namespace VeraCrypt
PartitionList GetDrivePartitions (int driveNumber);
wstring GetRemarksOnHiddenOS ();
wstring GetWindowsDirectory ();
void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr);
void RestoreSystemLoader ();
void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr);
void InstallVolumeHeader ();
HWND ParentWindow;

473
src/Common/Dlgcode.c
View File

File diff suppressed because it is too large Load Diff

3
src/Common/Dlgcode.h
View File

@ -510,6 +510,9 @@ void AllowMessageInUIPI (UINT msg);
BOOL IsRepeatedByteArray (byte value, const byte* buffer, size_t bufferSize);
BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue);
BOOL CopyTextToClipboard (const wchar_t* txtValue);
BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);
BOOL GetFreeDriveLetter(WCHAR* pCh);
BOOL RaisePrivileges(void);
#ifdef __cplusplus
}

5
src/Common/Language.xml
View File

@ -1077,7 +1077,7 @@
<string lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0">VeraCrypt no longer supports encryption of the system partition/drive on Windows Vista with no Service Pack installed. Before upgrading VeraCrypt, please install Service Pack 1 or higher for Windows Vista.</string>
<string lang="en" key="FEATURE_REQUIRES_INSTALLATION">Error: This feature requires VeraCrypt to be installed on the system (you are running VeraCrypt in portable mode).\n\nPlease install VeraCrypt and then try again.</string>
<string lang="en" key="WINDOWS_NOT_ON_BOOT_DRIVE_ERROR">WARNING: Windows does not appear to be installed on the drive from which it boots. This is not supported.\n\nYou should continue only if you are sure that Windows is installed on the drive from which it boots.\n\nDo you want to continue?</string>
<string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">Your system drive has a GUID partition table (GPT). Currently, only drives with a MBR partition table are supported.</string>
<string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">You are running a 32-bit Windows and your system drive has a GUID partition table (GPT). Currently, only Windows 64-bit is supported for GPT system encryption.</string>
<string lang="en" key="TC_BOOT_LOADER_ALREADY_INSTALLED">CAUTION: The VeraCrypt Boot Loader is already installed on your system drive!\n\nIt is possible that another system on your computer is already encrypted.\n\nWARNING: PROCEEDING WITH ENCRYPTION OF THE CURRENTLY RUNNING SYSTEM MAY MAKE OTHER SYSTEM(S) IMPOSSIBLE TO START AND RELATED DATA INACCESSIBLE.\n\nAre you sure you want to continue?</string>
<string lang="en" key="SYS_LOADER_RESTORE_FAILED">Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader.</string>
<string lang="en" key="SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK">The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file).</string>
@ -1399,6 +1399,9 @@
<string lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</string>
<control lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</control>
<control lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</control>
<control lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</control>
<string lang="en" key="GOST89_HELP">The GOST block cipher, defined in the standard GOST 28147-89 under name Magma, is a Soviet and Russian government standard symmetric key block cipher.\n\nDeveloped in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. It was a Soviet alternative to the United States standard algorithm, DES.</string>
<string lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</string>
<string lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</string>
<string lang="en" key="TIME">Time</string>
<string lang="en" key="ITERATIONS">Iterations</string>

10
src/ExpandVolume/WinMain.cpp
View File

@ -504,9 +504,17 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
int i, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
BOOL bIsGPT = FALSE;
try
{
BootEncryption BootEncObj (hwndDlg);
bIsGPT = BootEncObj.GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
if (HashForSystemEncryption(i))
if (bIsGPT || HashForSystemEncryption(i))
{
nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);

44
src/Format/FormatCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -74,7 +74,7 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom
AddRef ();
return S_OK;
}
virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output)
{
return BaseCom::CallDriver (ioctl, input, output);
@ -137,6 +137,46 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom
return ::FormatFs (driveNo, clusterSize, fsType);
}
virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
return BaseCom::GetFileSize (filePath, pSize);
}
virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
}
virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
{
return BaseCom::BackupEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
{
return BaseCom::RestoreEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
{
return BaseCom::GetEfiBootDeviceNumber (pSdn);
}
virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
return BaseCom::ReadEfiConfig (pContent, pcbRead);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
}
protected:
DWORD MessageThreadId;
LONG RefCount;

12
src/Format/FormatCom.idl
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -16,7 +16,7 @@ import "..\Common\Password.h";
[
uuid(56327DDA-F1A7-4e13-B128-520D129BDEF6),
helpstring("VeraCrypt Format UAC Support Library"),
version(2.5) // Update ComSetup.cpp when changing version number
version(2.6) // Update ComSetup.cpp when changing version number
]
library TrueCryptFormatCom
{
@ -40,6 +40,14 @@ library TrueCryptFormatCom
DWORD SetDriverServiceStartType (DWORD startType);
DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
BOOL FormatFs (int driveNo, int clusterSize, int fsType);
DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
DWORD BackupEfiSystemLoader ();
DWORD RestoreEfiSystemLoader ();
DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
};
[

61
src/Format/Tcformat.c
View File

@ -931,11 +931,13 @@ static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent)
BOOL SwitchWizardToSysEncMode (void)
{
WaitCursor ();
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
bWholeSysDrive = BootEncObj->SystemPartitionCoversWholeDrive();
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
@ -1413,6 +1415,18 @@ void ComboSelChangeEA (HWND hwndDlg)
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP"));
}
else if (wcsncmp (name, L"GOST89", 6) == 0)
{
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), L"GOST89");
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("GOST89_HELP"));
}
else if (wcscmp (name, L"Kuznyechik") == 0)
{
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP"));
}
else if (wcscmp (name, L"Camellia") == 0)
{
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
@ -3612,6 +3626,14 @@ static BOOL FileSize4GBLimitQuestionNeeded (void)
}
void BlockIfGpt(HWND control) {
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
if (config.SystemPartition.IsGPT) {
EnableWindow(control, FALSE);
}
}
/* Except in response to the WM_INITDIALOG message, the dialog box procedure
should return nonzero if it processes the message, and zero if it does
not. - see DialogProc */
@ -3669,6 +3691,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
BlockIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN));
CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP"));
@ -3708,6 +3732,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP"));
CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION));
BlockIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
@ -3785,7 +3810,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
RefreshMultiBootControls (hwndDlg);
BlockIfGpt(GetDlgItem(hwndDlg, IDC_MULTI_BOOT));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), nMultiBoot > 0);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
@ -4061,13 +4086,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (SysEncInEffect ())
{
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
hash_algo = bIsGPT? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT;
RandSetHashFunction (hash_algo);
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{
// For now, we keep RIPEMD160 for system encryption
if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && HashForSystemEncryption (hid))
if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bIsGPT || HashForSystemEncryption (hid)))
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
}
}
@ -4461,8 +4487,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
// For now, disable verification of Rescue Disk for GPT system encryption
{
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
bDontVerifyRescueDisk = config.SystemPartition.IsGPT;
SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
EnableWindow(GetDlgItem (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION), !config.SystemPartition.IsGPT);
}
break;
case SYSENC_RESCUE_DISK_BURN_PAGE:
@ -5443,13 +5475,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDC_BENCHMARK && nCurPageNo == CIPHER_PAGE)
{
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
// Reduce CPU load
bFastPollEnabled = FALSE;
bRandmixEnabled = FALSE;
DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL);
(DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
bFastPollEnabled = TRUE;
bRandmixEnabled = TRUE;
@ -5471,6 +5510,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
Applink ("serpent", FALSE, "");
else if (wcscmp (name, L"Twofish") == 0)
Applink ("twofish", FALSE, "");
else if (wcscmp (name, L"GOST89") == 0)
Applink ("gost89", FALSE, "");
else if (wcscmp (name, L"Kuznyechik") == 0)
Applink ("kuznyechik", FALSE, "");
else if (wcscmp (name, L"Camellia") == 0)
Applink ("camellia", FALSE, "");
else if (EAGetCipherCount (nIndex) > 1)
@ -5793,7 +5836,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO);
int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
if (!HashForSystemEncryption(selectedAlgo))
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
if (!bIsGPT && !HashForSystemEncryption(selectedAlgo))
{
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);
@ -7332,10 +7376,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else if (nCurPageNo == CIPHER_PAGE)
{
LPARAM nIndex;
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
if (SysEncInEffect ()
if (!bIsGPT && SysEncInEffect ()
&& EAGetCipherCount (nVolumeEA) > 1) // Cascade?
{
if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO)
@ -8033,7 +8078,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
#endif
BootEncObj->Install (bHiddenOS ? true : false);
BootEncObj->Install (bHiddenOS ? true : false, hash_algo);
}
catch (Exception &e)
{

42
src/Mount/MainCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -158,6 +158,46 @@ class TrueCryptMainCom : public ITrueCryptMainCom
return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd);
}
virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
return BaseCom::GetFileSize (filePath, pSize);
}
virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
}
virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
{
return BaseCom::BackupEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
{
return BaseCom::RestoreEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
{
return BaseCom::GetEfiBootDeviceNumber (pSdn);
}
virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
return BaseCom::ReadEfiConfig (pContent, pcbRead);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
}
protected:
DWORD MessageThreadId;
LONG RefCount;

12
src/Mount/MainCom.idl
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -16,7 +16,7 @@ import "..\Common\Password.h";
[
uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
helpstring("VeraCrypt Main UAC Support Library"),
version(2.7) // Update ComSetup.cpp when changing version number
version(2.8) // Update ComSetup.cpp when changing version number
]
library TrueCryptMainCom
{
@ -44,6 +44,14 @@ library TrueCryptMainCom
int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd);
DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
DWORD BackupEfiSystemLoader ();
DWORD RestoreEfiSystemLoader ();
DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
};
[

213
src/Mount/Mount.c
View File

@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg)
SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info);
}
{
BOOL bIsGPT = FALSE;
try
{
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
bIsGPT = config.SystemPartition.IsGPT;
}
catch (Exception &)
{
}
// disable rescue disk operation for GPT system encryption
if (bIsGPT)
{
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED);
}
}
// Disable menu item for changing system header key derivation algorithm until it's implemented
EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED);
@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent)
static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration();
}
catch (Exception &e)
{
@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS"));
if (!IsHiddenOSRunning())
if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT)
{
AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter)
}
static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation)
{
wchar_t t[TC_MAX_PATH + 1024] = {L'"',0};
wchar_t *tmp;
@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
if (!FileExists(t))
Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else
{
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
if (bElevation && !IsAdmin() && IsUacSupported())
{
LaunchElevatedProcess (hwndDlg, t, arg);
}
else
{
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else
{
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
}
}
}
}
}
@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
case IDC_PKCS5_PRF_ID:
if (bSysEncPwdChangeDlgMode)
{
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id))
if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id))
{
int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
if (HashForSystemEncryption(i))
if (bIsGPT || HashForSystemEncryption(i))
{
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF)
// Initiates or resumes encryption of the system partition/drive
static void EncryptSystemDevice (HWND hwndDlg)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
if (!BootEncStatus.DriveEncrypted
if (!BootEncStatus.DriveEncrypted
&& !BootEncStatus.DriveMounted
&& !SysEncryptionOrDecryptionRequired ())
{
@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (hwndDlg, L"/sysenc");
LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (hwndDlg, L"/sysenc");
LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg)
// Initiates decryption of the system partition/drive
static void DecryptSystemDevice (HWND hwndDlg)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg)
return;
}
CloseSysEncMutex ();
LaunchVolCreationWizard (hwndDlg, L"/dsysenc");
CloseSysEncMutex ();
LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg)
// such information, but will exit (displaying only an error meessage).
Info("HIDDEN_OS_PREINFO", hwndDlg);
LaunchVolCreationWizard (hwndDlg, L"/isysenc");
LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE);
}
static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel)
@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO)
return;
LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ());
LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE);
}
// Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process
@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg)
{
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (MainDlg, L"/csysenc");
SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt)
// IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt,
// the user would not be able resume encryption and the data on the volume would be inaccessible.
LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace");
LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE);
}
BOOL SelectContainer (HWND hwndDlg)
@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent)
static void Benchmark (HWND hwndDlg)
{
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL);
(DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
}
@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
// The wizard was not launched during the system startup seq, or the user may have forgotten
// to resume the encryption/decryption process.
SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (hwndDlg, L"/csysenc");
LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE);
}
}
}
@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD)
{
LaunchVolCreationWizard (hwndDlg, L"");
LaunchVolCreationWizard (hwndDlg, L"", FALSE);
return 1;
}
@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS)
{
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
return 1;
}
@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
try
{
VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
try
{
BootEncStatus = BootEncObj->GetStatus();
BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...)
{
BootEncStatus.DriveMounted = false;
BootEncStatus.DriveMounted = false;
}
if (BootEncStatus.DriveMounted)
if (BootEncStatus.DriveMounted && !bIsGPT)
{
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
return 1;
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION;
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
}
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW);
@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
case WM_INITDIALOG:
{
if (!BootEncObj->GetStatus().DriveMounted)
BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus();
if (!BootEncStatus.DriveMounted)
{
Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
try
{
LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
uint32 driverConfig = ReadDriverConfigurationFlags();
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion;
uint16 bootLoaderVersion = 0;
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
if (bIsGPT)
{
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED);
}
else
{
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
}
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
}
catch (Exception &e)
{
@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDOK:
{
VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
if (!BootEncObj->GetStatus().DriveMounted)
{
@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
try
{
BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (Exception &e)
{
@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0};
if (!bIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
byte userConfig;
try
{
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
return 1;
}
catch (Exception &e)
{
@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
if (bIsGPT)
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
{
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));

9
src/Mount/Mount.h
View File

@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate);
int GetCipherBlockSizeByDriveNo (int nDosDriveNo);
int GetModeOfOperationByDriveNo (int nDosDriveNo);
void ChangeMainWindowVisibility ();
void LaunchVolCreationWizard (HWND hwndDlg);
BOOL WholeSysDriveEncryption (BOOL bSilent);
BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet);
BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath);

74
src/Mount/Mount.rc
View File

@ -283,30 +283,23 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10
DEFPUSHBUTTON "OK",IDOK,257,115,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,115,50,14
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@ -386,6 +379,31 @@ BEGIN
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
END
/////////////////////////////////////////////////////////////////////////////
//
@ -393,7 +411,7 @@ END
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
GUIDELINES DESIGNINFO
BEGIN
IDD_PREFERENCES_DLG, DIALOG
BEGIN
@ -455,12 +473,12 @@ BEGIN
BOTTOMMARGIN, 192
END
IDD_SYSENC_SETTINGS, DIALOG
IDD_EFI_SYSENC_SETTINGS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 276
BOTTOMMARGIN, 129
END
IDD_PERFORMANCE_SETTINGS, DIALOG
@ -486,6 +504,14 @@ BEGIN
TOPMARGIN, 7
BOTTOMMARGIN, 58
END
IDD_SYSENC_SETTINGS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 276
END
END
#endif // APSTUDIO_INVOKED
@ -534,19 +560,19 @@ END
// TEXTINCLUDE
//
1 TEXTINCLUDE
1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE
2 TEXTINCLUDE
BEGIN
"#include ""afxres.h""\r\n"
"#include ""..\\\\common\\\\resource.h""\r\n"
"\0"
END
3 TEXTINCLUDE
3 TEXTINCLUDE
BEGIN
"#include ""..\\\\common\\\\common.rc""\r\n"
"\0"
@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK BITMAP "System_drive_icon_mask_96dpi.bm
// Menu
//
IDR_MENU MENU
IDR_MENU MENU
BEGIN
POPUP "&Volumes"
BEGIN
@ -691,7 +717,7 @@ END
// String Table
//
STRINGTABLE
STRINGTABLE
BEGIN
IDS_UACSTRING "VeraCrypt"
END

10
src/Mount/Resource.h
View File

@ -21,6 +21,7 @@
#define IDD_SYSENC_SETTINGS 116
#define IDD_FAVORITE_VOLUMES 117
#define IDD_DEFAULT_MOUNT_PARAMETERS 118
#define IDD_EFI_SYSENC_SETTINGS 119
#define IDC_PREF_MOUNT_READONLY 1000
#define IDC_PREF_MOUNT_REMOVABLE 1001
#define IDC_VERIFY 1002
@ -179,8 +180,9 @@
#define IDT_VOLUME_ID 1157
#define IDC_FAVORITE_VOLUME_ID 1158
#define IDC_FAVORITE_USE_VOLUME_ID 1159
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDC_HIDE_WAITING_DIALOG 1161
#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@ -251,13 +253,13 @@
#define IDM_VERIFY_RESCUE_DISK_ISO 40068
// Next default values for new objects
//
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1162
#define _APS_NEXT_CONTROL_VALUE 1163
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif

11
src/Setup/ComSetup.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@ -11,10 +11,10 @@
*/
#define TC_MAIN_COM_VERSION_MAJOR 2
#define TC_MAIN_COM_VERSION_MINOR 7
#define TC_MAIN_COM_VERSION_MINOR 8
#define TC_FORMAT_COM_VERSION_MAJOR 2
#define TC_FORMAT_COM_VERSION_MINOR 5
#define TC_FORMAT_COM_VERSION_MINOR 6
#include <atlbase.h>
#include <comdef.h>
@ -39,9 +39,11 @@ extern "C" BOOL RegisterComServers (wchar_t *modulePath)
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR, 0, SYS_WIN32);
// unregister older versions that may still exist
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32);
wchar_t setupModule[MAX_PATH];
@ -78,9 +80,12 @@ extern "C" BOOL UnregisterComServers (wchar_t *modulePath)
return FALSE;
// unregister older versions that may still exist
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32);
wchar_t module[1024];