diff --git a/src/Common/BaseCom.cpp b/src/Common/BaseCom.cpp index 5905b6a8..26e2650a 100644 --- a/src/Common/BaseCom.cpp +++ b/src/Common/BaseCom.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -161,6 +161,63 @@ DWORD BaseCom::ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *buff return ERROR_SUCCESS; } +DWORD BaseCom::GetFileSize (BSTR filePath, unsigned __int64 *pSize) +{ + if (!pSize) + return ERROR_INVALID_PARAMETER; + + try + { + std::wstring path (filePath); + File file(filePath, true); + file.CheckOpened (SRC_POS); + file.GetFileSize (*pSize); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output) +{ + try + { + auto_ptr file (device ? new Device (filePath, readOnly == TRUE) : new File (filePath, readOnly == TRUE)); + file->CheckOpened (SRC_POS); + if (!file->IoCtl (dwIoControlCode, (BYTE *) input, !(BYTE *) input ? 0 : ((DWORD *) ((BYTE *) input))[-1], + (BYTE *) *output, !(BYTE *) *output ? 0 : ((DWORD *) ((BYTE *) *output))[-1])) + { + return GetLastError(); + } + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} DWORD BaseCom::RegisterFilterDriver (BOOL registerDriver, int filterType) { @@ -244,3 +301,161 @@ DWORD BaseCom::WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName return ERROR_SUCCESS; } +DWORD BaseCom::InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg) +{ + try + { + BootEncryption bootEnc (NULL); + bootEnc.InstallBootLoader (preserveUserConfig? true : false, hiddenOSCreation? true : false, pim, hashAlg); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::BackupEfiSystemLoader () +{ + try + { + BootEncryption bootEnc (NULL); + bootEnc.BackupSystemLoader (); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::RestoreEfiSystemLoader () +{ + try + { + BootEncryption bootEnc (NULL); + bootEnc.RestoreSystemLoader (); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn) +{ + if (!pSdn || !(*pSdn) || ((((DWORD *) ((BYTE *) *pSdn))[-1]) < sizeof (STORAGE_DEVICE_NUMBER))) + return ERROR_INVALID_PARAMETER; + + try + { + BootEncryption bootEnc (NULL); + bootEnc.GetEfiBootDeviceNumber ((PSTORAGE_DEVICE_NUMBER) *pSdn); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::ReadEfiConfig (BSTR* pContent, DWORD *pcbRead) +{ + if (!pContent || !(*pContent)) + return ERROR_INVALID_PARAMETER; + + try + { + DWORD maxSize = ((DWORD *) ((BYTE *) *pContent))[-1]; + BootEncryption bootEnc (NULL); + bootEnc.ReadEfiConfig ((byte*) *pContent, maxSize, pcbRead); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} + +DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg) +{ + if (!customUserMessage) + return ERROR_INVALID_PARAMETER; + + try + { + DWORD maxSize = ((DWORD *) ((BYTE *) customUserMessage))[-1]; + char* msg = (char*) *customUserMessage; + if (maxSize > 0) + msg [maxSize - 1] = 0; + std::string msgStr = maxSize > 0 ? msg : ""; + BootEncryption bootEnc (NULL); + bootEnc.WriteEfiBootSectorUserConfig ((byte) userConfig, msgStr, pim, hashAlg); + } + catch (SystemException &) + { + return GetLastError(); + } + catch (Exception &e) + { + e.Show (NULL); + return ERROR_EXCEPTION_IN_SERVICE; + } + catch (...) + { + return ERROR_EXCEPTION_IN_SERVICE; + } + + return ERROR_SUCCESS; +} \ No newline at end of file diff --git a/src/Common/BaseCom.h b/src/Common/BaseCom.h index a5b27473..b103ad59 100644 --- a/src/Common/BaseCom.h +++ b/src/Common/BaseCom.h @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -20,11 +20,11 @@ class TrueCryptFactory : public IClassFactory { public: - TrueCryptFactory (DWORD messageThreadId) : + TrueCryptFactory (DWORD messageThreadId) : RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { } ~TrueCryptFactory () { } - + virtual ULONG STDMETHODCALLTYPE AddRef () { return InterlockedIncrement (&RefCount) - 1; @@ -53,7 +53,7 @@ class TrueCryptFactory : public IClassFactory AddRef (); return S_OK; } - + virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject) { if (pUnkOuter != NULL) @@ -110,6 +110,14 @@ class BaseCom static DWORD RegisterSystemFavoritesService (BOOL registerService); static DWORD SetDriverServiceStartType (DWORD startType); static DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); + static DWORD GetFileSize (BSTR filePath, unsigned __int64 *pSize); + static DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output); + static DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg); + static DWORD BackupEfiSystemLoader (); + static DWORD RestoreEfiSystemLoader (); + static DWORD GetEfiBootDeviceNumber (BSTR* pSdn); + static DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead); + static DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); }; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index b18d1ce1..dd0b9d13 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -28,6 +28,7 @@ #include "Random.h" #include "Registry.h" #include "Volumes.h" +#include "Xml.h" #ifdef VOLFORMAT #include "Format/FormatCom.h" @@ -44,7 +45,7 @@ namespace VeraCrypt class Elevator { public: - + static void AddReference () { ++ReferenceCount; @@ -160,6 +161,75 @@ namespace VeraCrypt memcpy (buffer, (BYTE *) bufferBstr.m_str, size); } + static void GetFileSize (const wstring &filePath, unsigned __int64* pSize) + { + Elevate(); + + DWORD result; + CComBSTR fileBstr; + BSTR bstr = W2BSTR(filePath.c_str()); + if (bstr) + { + fileBstr.Attach (bstr); + result = ElevatedComInstance->GetFileSize (fileBstr, pSize); + } + else + { + result = ERROR_OUTOFMEMORY; + } + + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static BOOL DeviceIoControl (BOOL readOnly, BOOL device, const wstring &filePath, DWORD dwIoControlCode, LPVOID input, DWORD inputSize, + LPVOID output, DWORD outputSize) + { + Elevate(); + + DWORD result; + + BSTR bstr = W2BSTR(filePath.c_str()); + if (bstr) + { + CComBSTR inputBstr; + if (input && inputBstr.AppendBytes ((const char *) input, inputSize) != S_OK) + { + SetLastError (ERROR_INVALID_PARAMETER); + return FALSE; + } + + CComBSTR outputBstr; + if (output && outputBstr.AppendBytes ((const char *) output, outputSize) != S_OK) + { + SetLastError (ERROR_INVALID_PARAMETER); + return FALSE; + } + + CComBSTR fileBstr; + fileBstr.Attach (bstr); + result = ElevatedComInstance->DeviceIoControl (readOnly, device, fileBstr, dwIoControlCode, inputBstr, &outputBstr); + + if (output) + memcpy (output, *(void **) &outputBstr, outputSize); + } + else + { + result = ERROR_OUTOFMEMORY; + } + + if (result != ERROR_SUCCESS) + { + SetLastError (result); + return FALSE; + } + else + return TRUE; + } + static BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly) { Elevate(); @@ -225,6 +295,112 @@ namespace VeraCrypt } } + static void InstallEfiBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg) + { + Elevate(); + + DWORD result = ElevatedComInstance->InstallEfiBootLoader (preserveUserConfig ? TRUE : FALSE, hiddenOSCreation ? TRUE : FALSE, pim, hashAlg); + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static void BackupEfiSystemLoader () + { + Elevate(); + + DWORD result = ElevatedComInstance->BackupEfiSystemLoader (); + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static void RestoreEfiSystemLoader () + { + Elevate(); + + DWORD result = ElevatedComInstance->RestoreEfiSystemLoader (); + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn) + { + Elevate(); + + CComBSTR outputBstr; + if (pSdn && outputBstr.AppendBytes ((const char *) pSdn, sizeof (STORAGE_DEVICE_NUMBER)) != S_OK) + { + SetLastError (ERROR_INVALID_PARAMETER); + throw SystemException(SRC_POS); + } + + DWORD result = ElevatedComInstance->GetEfiBootDeviceNumber (&outputBstr); + + if (pSdn) + memcpy (pSdn, *(void **) &outputBstr, sizeof (STORAGE_DEVICE_NUMBER)); + + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead) + { + Elevate(); + + CComBSTR outputBstr; + if (confContent && outputBstr.AppendBytes ((const char *) confContent, maxSize) != S_OK) + { + SetLastError (ERROR_INVALID_PARAMETER); + throw SystemException(SRC_POS); + } + + DWORD result = ElevatedComInstance->ReadEfiConfig (&outputBstr, pcbRead); + + if (confContent) + memcpy (confContent, *(void **) &outputBstr, maxSize); + + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + + static void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg) + { + Elevate(); + + DWORD result; + CComBSTR customUserMessageBstr; + BSTR bstr = A2BSTR(customUserMessage.c_str()); + if (bstr) + { + customUserMessageBstr.Attach (bstr); + result = ElevatedComInstance->WriteEfiBootSectorUserConfig ((DWORD) userConfig, customUserMessageBstr, pim, hashAlg); + } + else + { + result = ERROR_OUTOFMEMORY; + } + + if (result != ERROR_SUCCESS) + { + SetLastError (result); + throw SystemException(SRC_POS); + } + } + static void Release () { if (--ReferenceCount == 0 && ElevatedComInstance) @@ -292,12 +468,19 @@ namespace VeraCrypt static void RegisterFilterDriver (bool registerDriver, BootEncryption::FilterType filterType) { throw ParameterIncorrect (SRC_POS); } static void Release () { } static void SetDriverServiceStartType (DWORD startType) { throw ParameterIncorrect (SRC_POS); } + static void GetFileSize (const wstring &filePath, unsigned __int64 *pSize) { throw ParameterIncorrect (SRC_POS); } + static BOOL DeviceIoControl (BOOL readOnly, BOOL device, const wstring &filePath, DWORD dwIoControlCode, LPVOID input, DWORD inputSize, LPVOID output, DWORD outputSize) { throw ParameterIncorrect (SRC_POS); } + static void InstallEfiBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg) { throw ParameterIncorrect (SRC_POS); } + static void BackupEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); } + static void RestoreEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); } + static void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn) { throw ParameterIncorrect (SRC_POS); } + static void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead) { throw ParameterIncorrect (SRC_POS); } + static void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg) { throw ParameterIncorrect (SRC_POS); } }; #endif // SETUP - - File::File (wstring path, bool readOnly, bool create) : Elevated (false), FileOpen (false), LastError(0) + File::File (wstring path, bool readOnly, bool create) : Elevated (false), FileOpen (false), ReadOnly (readOnly), LastError(0) { Handle = CreateFile (path.c_str(), readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE, @@ -375,6 +558,27 @@ namespace VeraCrypt } } + void File::GetFileSize (unsigned __int64& size) + { + if (!FileOpen) + { + SetLastError (LastError); + throw SystemException (SRC_POS); + } + + if (Elevated) + { + Elevator::GetFileSize (Path, &size); + } + else + { + LARGE_INTEGER lSize; + lSize.QuadPart = 0; + throw_sys_if (!GetFileSizeEx (Handle, &lSize)); + size = (size_t) lSize.QuadPart; + } + } + void File::Write (byte *buffer, DWORD size) { DWORD bytesWritten; @@ -416,6 +620,25 @@ namespace VeraCrypt } } + bool File::IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize) + { + if (!FileOpen) + { + SetLastError (LastError); + throw SystemException (SRC_POS); + } + + if (Elevated) + { + return TRUE == Elevator::DeviceIoControl (ReadOnly, IsDevice, Path, code, inBuf, inBufSize, outBuf, outBufSize); + } + else + { + DWORD bytesReturned = 0; + return TRUE == DeviceIoControl(Handle, code, inBuf, inBufSize, outBuf, outBufSize, &bytesReturned, NULL); + } + } + void Show (HWND parent, const wstring &str) { MessageBox (parent, str.c_str(), NULL, 0); @@ -449,8 +672,10 @@ namespace VeraCrypt FilePointerPosition = 0; IsDevice = true; Path = path; + ReadOnly = readOnly; } + static EfiBoot EfiBootInst; BootEncryption::BootEncryption (HWND parent) : DriveConfigValid (false), @@ -513,50 +738,54 @@ namespace VeraCrypt bool activePartitionFound = false; bool candidateForHiddenOSFound = false; - if (config.SystemPartition.IsGPT) - throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called - - // Find the first active partition on the system drive - foreach (const Partition &partition, config.Partitions) + if (!config.SystemPartition.IsGPT) { - if (partition.Info.BootIndicator) - { - if (partition.Info.PartitionNumber != config.SystemPartition.Number) - { - // If there is an extra boot partition, the system partition must be located right behind it - if (IsOSAtLeast (WIN_7) && config.ExtraBootPartitionPresent) - { - int64 minOffsetFound = config.DrivePartition.Info.PartitionLength.QuadPart; - Partition bootPartition = partition; - Partition partitionBehindBoot; +// throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called - foreach (const Partition &partition, config.Partitions) + // Find the first active partition on the system drive + foreach (const Partition &partition, config.Partitions) + { + if (partition.Info.BootIndicator) + { + if (partition.Info.PartitionNumber != config.SystemPartition.Number) + { + // If there is an extra boot partition, the system partition must be located right behind it + if (IsOSAtLeast (WIN_7) && config.ExtraBootPartitionPresent) { - if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart - && partition.Info.StartingOffset.QuadPart < minOffsetFound) + int64 minOffsetFound = config.DrivePartition.Info.PartitionLength.QuadPart; + Partition bootPartition = partition; + Partition partitionBehindBoot; + + foreach (const Partition &partition, config.Partitions) { - minOffsetFound = partition.Info.StartingOffset.QuadPart; - partitionBehindBoot = partition; + if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart + && partition.Info.StartingOffset.QuadPart < minOffsetFound) + { + minOffsetFound = partition.Info.StartingOffset.QuadPart; + partitionBehindBoot = partition; + } + } + + if (minOffsetFound != config.DrivePartition.Info.PartitionLength.QuadPart + && partitionBehindBoot.Number == config.SystemPartition.Number) + { + activePartitionFound = true; + break; } } - if (minOffsetFound != config.DrivePartition.Info.PartitionLength.QuadPart - && partitionBehindBoot.Number == config.SystemPartition.Number) - { - activePartitionFound = true; - break; - } + throw ErrorException (wstring (GetString ("SYSTEM_PARTITION_NOT_ACTIVE")) + + GetRemarksOnHiddenOS(), SRC_POS); } - throw ErrorException (wstring (GetString ("SYSTEM_PARTITION_NOT_ACTIVE")) - + GetRemarksOnHiddenOS(), SRC_POS); + activePartitionFound = true; + break; } - - activePartitionFound = true; - break; } + } else { + // For GPT + activePartitionFound = true; } - /* WARNING: Note that the partition number at the end of a device path (\Device\HarddiskY\PartitionX) must NOT be used to find the first partition physically located behind the active one. The reason is that the user may have deleted and created partitions during this session and e.g. the second partition could have @@ -1065,6 +1294,7 @@ namespace VeraCrypt int ea = 0; int pkcs5_prf = 0; + BOOL bIsGPT = GetSystemDriveConfiguration().SystemPartition.IsGPT; if (GetStatus().DriveMounted) { try @@ -1126,8 +1356,8 @@ namespace VeraCrypt pkcs5_prf = SelectedPrfAlgorithmId; } - // Only RIPEMD160 and SHA-256 are supported for boot loader - if (pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256) + // Only RIPEMD160 and SHA-256 are supported for MBR boot loader + if (!bIsGPT && pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256) throw ParameterIncorrect (SRC_POS); int bootSectorId = 0; @@ -1261,47 +1491,128 @@ namespace VeraCrypt } } - - void BootEncryption::ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig, string *customUserMessage, uint16 *bootLoaderVersion) + void BootEncryption::ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead) { - if (config && bufLength < TC_BOOT_CFG_FLAG_AREA_SIZE) + if (!pcbRead) throw ParameterIncorrect (SRC_POS); - GetSystemDriveConfigurationRequest request; - StringCchCopyW (request.DevicePath, ARRAYSIZE (request.DevicePath), GetSystemDriveConfiguration().DeviceKernelPath.c_str()); + if (!IsAdmin() && IsUacSupported()) + { + Elevator::ReadEfiConfig (confContent, maxSize, pcbRead); + } + else + { + unsigned __int64 ui64Size = 0; + finally_do ({ EfiBootInst.DismountBootPartition(); }); + EfiBootInst.MountBootPartition(0); + + EfiBootInst.GetFileSize(L"\\EFI\\VeraCrypt\\DcsProp", ui64Size); + + *pcbRead = (DWORD) ui64Size; + + if (*pcbRead > maxSize) + throw ParameterIncorrect (SRC_POS); + + EfiBootInst.ReadFile (L"\\EFI\\VeraCrypt\\DcsProp", confContent, *pcbRead); + } + } + + // return false when the user cancel an elevation request + bool BootEncryption::ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig, string *customUserMessage, uint16 *bootLoaderVersion) + { + bool bCanceled = false, bExceptionOccured = false; try { - CallDriver (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG, &request, sizeof (request), &request, sizeof (request)); - if (config) - *config = request.Configuration; - - if (userConfig) - *userConfig = request.UserConfiguration; - - if (customUserMessage) + if (GetSystemDriveConfiguration().SystemPartition.IsGPT) { - request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0; - *customUserMessage = request.CustomUserMessage; - } + byte confContent[4096]; + DWORD dwSize; - if (bootLoaderVersion) - *bootLoaderVersion = request.BootLoaderVersion; + // for now, we don't support any boot config flags, like hidden OS one + if (config) + memset (config, 0, bufLength); + + // call ReadEfiConfig only when needed since it requires elevation + if (userConfig || customUserMessage || bootLoaderVersion) + { + ReadEfiConfig (confContent, sizeof (confContent) - 1, &dwSize); + + confContent[dwSize] = 0; + + EfiBootConf conf; + conf.Load ((char*) confContent); + + if (userConfig) + { + *userConfig = 0; + if (!conf.requestPim) + *userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM; + if (!conf.requestHash) + *userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH; + + } + + if (customUserMessage) + customUserMessage->clear(); + + if (bootLoaderVersion) + { + *bootLoaderVersion = GetStatus().BootLoaderVersion; + } + } + } + else + { + if (config && bufLength < TC_BOOT_CFG_FLAG_AREA_SIZE) + throw ParameterIncorrect (SRC_POS); + + GetSystemDriveConfigurationRequest request; + StringCchCopyW (request.DevicePath, ARRAYSIZE (request.DevicePath), GetSystemDriveConfiguration().DeviceKernelPath.c_str()); + + CallDriver (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG, &request, sizeof (request), &request, sizeof (request)); + if (config) + *config = request.Configuration; + + if (userConfig) + *userConfig = request.UserConfiguration; + + if (customUserMessage) + { + request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0; + *customUserMessage = request.CustomUserMessage; + } + + if (bootLoaderVersion) + *bootLoaderVersion = request.BootLoaderVersion; + } + } + catch (UserAbort&) + { + bCanceled = true; + bExceptionOccured= true; } catch (...) + { + bExceptionOccured = true; + } + + if (bExceptionOccured) { if (config) *config = 0; if (userConfig) *userConfig = 0; - + if (customUserMessage) customUserMessage->clear(); if (bootLoaderVersion) *bootLoaderVersion = 0; } + + return !bCanceled; } @@ -1327,52 +1638,78 @@ namespace VeraCrypt throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS); } - - void BootEncryption::WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim) + void BootEncryption::WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg) { - Device device (GetSystemDriveConfiguration().DevicePath); - device.CheckOpened (SRC_POS); - byte mbr[TC_SECTOR_SIZE_BIOS]; - - device.SeekAt (0); - device.Read (mbr, sizeof (mbr)); - - if (!BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME) - || BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)) != VERSION_NUM) + if (!IsAdmin() && IsUacSupported()) { - return; - } - - mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = userConfig; - - memset (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, 0, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH); - - if (!customUserMessage.empty()) - { - if (customUserMessage.size() > TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH) - throw ParameterIncorrect (SRC_POS); - - memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size()); - } - - if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) - { - // PIM for pre-boot authentication can be encoded on two bytes since its maximum - // value is 65535 (0xFFFF) - memcpy (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + Elevator::WriteEfiBootSectorUserConfig (userConfig, customUserMessage, pim, hashAlg); } else - memset (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, 0, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + { + finally_do ({ EfiBootInst.DismountBootPartition(); }); + EfiBootInst.MountBootPartition(0); - device.SeekAt (0); - device.Write (mbr, sizeof (mbr)); + if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)) + pim = -1; + if (! (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH)) + hashAlg = -1; - byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS]; - device.SeekAt (0); - device.Read (mbrVerificationBuf, sizeof (mbr)); + EfiBootInst.UpdateConfig (L"\\EFI\\VeraCrypt\\DcsProp", pim, hashAlg, ParentWindow); + } + } - if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0) - throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS); + void BootEncryption::WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg) + { + if (GetSystemDriveConfiguration().SystemPartition.IsGPT) + { + WriteEfiBootSectorUserConfig (userConfig, customUserMessage, pim, hashAlg); + } + else + { + Device device (GetSystemDriveConfiguration().DevicePath); + device.CheckOpened (SRC_POS); + byte mbr[TC_SECTOR_SIZE_BIOS]; + + device.SeekAt (0); + device.Read (mbr, sizeof (mbr)); + + if (!BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME) + || BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)) != VERSION_NUM) + { + return; + } + + mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = userConfig; + + memset (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, 0, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH); + + if (!customUserMessage.empty()) + { + if (customUserMessage.size() > TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH) + throw ParameterIncorrect (SRC_POS); + + memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size()); + } + + if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + { + // PIM for pre-boot authentication can be encoded on two bytes since its maximum + // value is 65535 (0xFFFF) + memcpy (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + } + else + memset (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, 0, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + + device.SeekAt (0); + device.Write (mbr, sizeof (mbr)); + + byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS]; + device.SeekAt (0); + device.Read (mbrVerificationBuf, sizeof (mbr)); + + if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0) + throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS); + } } @@ -1414,7 +1751,7 @@ namespace VeraCrypt ZeroMemory (&request, sizeof (request)); request.WipeAlgorithm = wipeAlgorithm; - + if (Randinit() != ERR_SUCCESS) { if (CryptoAPILastError == ERROR_SUCCESS) @@ -1442,7 +1779,7 @@ namespace VeraCrypt CallDriver (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE); } - + DecoySystemWipeStatus BootEncryption::GetDecoyOSWipeStatus () { DecoySystemWipeStatus status; @@ -1476,7 +1813,7 @@ namespace VeraCrypt device.SeekAt (0); device.Read (mbr, sizeof (mbr)); - + finally_do_arg (BootEncryption *, this, { try @@ -1522,66 +1859,762 @@ namespace VeraCrypt #endif // !SETUP + NtQuerySystemInformationFn NtQuerySystemInformationPtr = NULL; - void BootEncryption::InstallBootLoader (bool preserveUserConfig, bool hiddenOSCreation) + EfiBootConf::EfiBootConf() : passwordType (0), + passwordMsg ("Enter Password: "), + passwordPicture ("login.bmp"), + hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: "), + hashAlgo (0), + requestHash (0), + pimMsg ("PIM (Leave empty for default): "), + pim (0), + requestPim (1), + authorizeVisible (0), + authorizeRetry (10) + { + + } + + BOOL EfiBootConf::ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize) + { + char *xml; + + xml = configContent; + if (xml != NULL) + { + xml = XmlFindElementByAttributeValue (xml, "config", "key", configKey); + if (xml != NULL) + { + XmlGetNodeText (xml, configValue, maxValueSize); + return TRUE; + } + } + + return FALSE; + } + + + int EfiBootConf::ReadConfigInteger (char* configContent, const char *configKey, int defaultValue) + { + char s[32]; + int iRet; + if (ReadConfigValue (configContent, configKey, s, sizeof (s))) + iRet = atoi (s); + else + iRet = defaultValue; + burn (s, sizeof (s)); + return iRet; + } + + + char* EfiBootConf::ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen) + { + if (ReadConfigValue (configContent, configKey, str, maxLen)) + return str; + else + { + StringCbCopyA (str, maxLen, defaultValue); + return defaultValue; + } + } + + BOOL EfiBootConf::WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue) + { + + BOOL bRet = FALSE; + if (configFile) + { + char *c; + // Mark previous config value as updated + if (configContent != NULL) + { + c = XmlFindElementByAttributeValue (configContent, "config", "key", configKey); + if (c != NULL) + c[1] = '!'; + } + + if ( 0 != fwprintf ( + configFile, L"\n\t\t%hs", + configKey, configValue)) + { + bRet = TRUE; + } + } + return bRet; + } + + BOOL EfiBootConf::WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue) + { + BOOL bRet = FALSE; + if (configFile) + { + char val[32]; + StringCbPrintfA (val, sizeof(val), "%d", configValue); + bRet = WriteConfigString (configFile, configContent, configKey, val); + burn (val, sizeof (val)); + } + return bRet; + } + + BOOL EfiBootConf::Load (const wchar_t* fileName) + { + DWORD size = 0; + char* configContent = LoadFile (fileName, &size); + if (configContent) + { + Load (configContent); + burn (configContent, size); + free (configContent); + return TRUE; + } + else + return FALSE; + } + + void EfiBootConf::Load (char* configContent) + { + char buffer[1024]; + + passwordType = ReadConfigInteger (configContent, "PasswordType", 0); + passwordMsg = ReadConfigString (configContent, "PasswordMsg", "Enter password: ", buffer, sizeof (buffer)); + passwordPicture = ReadConfigString (configContent, "PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", buffer, sizeof (buffer)); + //hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: ", buffer, sizeof (buffer)); + hashAlgo = ReadConfigInteger (configContent, "Hash", 0); + requestHash = ReadConfigInteger (configContent, "HashRqt", 1); + pimMsg = ReadConfigString (configContent, "PimMsg", "PIM: ", buffer, sizeof (buffer)); + pim = ReadConfigInteger (configContent, "Pim", 0); + requestPim = ReadConfigInteger (configContent, "PimRqt", 1); + authorizeVisible = ReadConfigInteger (configContent, "AuthorizeVisible", 0); + authorizeRetry = ReadConfigInteger (configContent, "AuthorizeRetry", 0); + + burn (buffer, sizeof (buffer)); + } + + BOOL EfiBootConf::Save (const wchar_t* fileName, HWND hwnd) + { + FILE *configFile = _wfopen (fileName, L"w,ccs=UTF-8"); + if (configFile == NULL) + return FALSE; + + BOOL bRet = FALSE; + DWORD size = 0; + char* configContent = LoadFile (fileName, &size); + + + XmlWriteHeader (configFile); + fputws (L"\n\t", configFile); + + WriteConfigInteger (configFile, configContent, "PasswordType", passwordType); + WriteConfigString (configFile, configContent, "PasswordMsg", passwordMsg.c_str()); + WriteConfigString (configFile, configContent, "PasswordPicture", passwordPicture.c_str()); + WriteConfigString (configFile, configContent, "HashMsg", hashMsg.c_str()); + WriteConfigInteger (configFile, configContent, "Hash", hashAlgo); + WriteConfigInteger (configFile, configContent, "HashRqt", requestHash); + WriteConfigString (configFile, configContent, "PimMsg", pimMsg.c_str()); + WriteConfigInteger (configFile, configContent, "Pim", pim); + WriteConfigInteger (configFile, configContent, "PimRqt", requestPim); + WriteConfigInteger (configFile, configContent, "AuthorizeVisible", authorizeVisible); + WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry); + + // Write unmodified values + char* xml = configContent; + char key[128], value[2048]; + while (xml && (xml = XmlFindElement (xml, "config"))) + { + XmlGetAttributeText (xml, "key", key, sizeof (key)); + XmlGetNodeText (xml, value, sizeof (value)); + + fwprintf (configFile, L"\n\t\t%hs", key, value); + xml++; + } + + fputws (L"\n\t", configFile); + XmlWriteFooter (configFile); + + TCFlushFile (configFile); + + bRet = CheckFileStreamWriteErrors (hwnd, configFile, fileName); + + fclose (configFile); + + if (configContent != NULL) + { + burn (configContent, size); + free (configContent); + } + + return bRet; + } + + static const wchar_t* EfiVarGuid = L"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}"; + + EfiBoot::EfiBoot() { + ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath)); + ZeroMemory (systemPartitionPath, sizeof (systemPartitionPath)); + m_bMounted = false; + } + + void EfiBoot::MountBootPartition(WCHAR letter) { + NTSTATUS res; + ULONG len; + memset(tempBuf, 0, sizeof(tempBuf)); + + // Load NtQuerySystemInformation function point + if (!NtQuerySystemInformationPtr) + { + NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation"); + if (!NtQuerySystemInformationPtr) + throw SystemException (SRC_POS); + } + + res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len); + if (res != S_OK) + { + SetLastError (res); + throw SystemException (SRC_POS); + } + + PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf; + memcpy (systemPartitionPath, pStr->Buffer, min (pStr->Length, (sizeof (systemPartitionPath) - 2))); + + if (!letter) { + if (!GetFreeDriveLetter(&EfiBootPartPath[0])) { + throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS); + } + } else { + EfiBootPartPath[0] = letter; + } + EfiBootPartPath[1] = ':'; + EfiBootPartPath[2] = 0; + throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, systemPartitionPath)); + + Device dev(EfiBootPartPath, TRUE); + + try + { + dev.CheckOpened(SRC_POS); + } + catch (...) + { + DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); + throw; + } + + bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn)) + && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo)); + DWORD dwLastError = GetLastError (); + dev.Close(); + if (!bSuccess) + { + DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); + SetLastError (dwLastError); + throw SystemException(SRC_POS); + } + + m_bMounted = true; + } + + void EfiBoot::DismountBootPartition() { + if (m_bMounted) + { + DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL); + m_bMounted = false; + } + } + + bool EfiBoot::IsEfiBoot() { + DWORD BootOrderLen; + BootOrderLen = GetFirmwareEnvironmentVariable(L"BootOrder", EfiVarGuid, tempBuf, sizeof(tempBuf)); + return BootOrderLen != 0; + } + + void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) { + RaisePrivileges(); + // Check EFI + if (!IsEfiBoot()) { + throw ErrorException(L"can not detect EFI environment", SRC_POS); + } + wchar_t varName[256]; + StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum); + SetFirmwareEnvironmentVariable(varName, EfiVarGuid, NULL, 0); + + wstring order = L"Order"; + order.insert(0, type == NULL ? L"Boot" : type); + uint32 startOrderLen = GetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, tempBuf, sizeof(tempBuf)); + uint32 startOrderNumPos = UINT_MAX; + bool startOrderUpdate = false; + uint16* startOrder = (uint16*)tempBuf; + for (uint32 i = 0; i < startOrderLen / 2; i++) { + if (startOrder[i] == statrtOrderNum) { + startOrderNumPos = i; + break; + } + } + + // delete entry if present + if (startOrderNumPos != UINT_MAX) { + for (uint32 i = startOrderNumPos; i < ((startOrderLen / 2) - 1); ++i) { + startOrder[i] = startOrder[i + 1]; + } + startOrderLen -= 2; + startOrderUpdate = true; + } + + if (startOrderUpdate) { + SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen); + + // remove ourselves from BootNext value + uint16 bootNextValue = 0; + wstring next = L"Next"; + next.insert(0, type == NULL ? L"Boot" : type); + + if ( (GetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &bootNextValue, 2) == 2) + && (bootNextValue == statrtOrderNum) + ) + { + SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, startOrder, 0); + } + } + } + + void EfiBoot::SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum , wchar_t* type, uint32 attr) { + RaisePrivileges(); + // Check EFI + if (!IsEfiBoot()) { + throw ErrorException(L"can not detect EFI environment", SRC_POS); + } + + uint32 varSize = 56; + varSize += ((uint32) description.length()) * 2 + 2; + varSize += ((uint32) execPath.length()) * 2 + 2; + byte *startVar = new byte[varSize]; + byte *pVar = startVar; + + // Attributes (1b Active, 1000b - Hidden) + *(uint32 *)pVar = attr; + pVar += sizeof(uint32); + + // Size Of device path + file path + *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2); + pVar += sizeof(uint16); + + // description + for (uint32 i = 0; i < description.length(); i++) { + *(uint16 *)pVar = description[i]; + pVar += sizeof(uint16); + } + *(uint16 *)pVar = 0; + pVar += sizeof(uint16); + + /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */ + + // Type + *(byte *)pVar = 0x04; + pVar += sizeof(byte); + + // SubType + *(byte *)pVar = 0x01; + pVar += sizeof(byte); + + // HDD dev path length + *(uint16 *)pVar = 0x2A; // 42 + pVar += sizeof(uint16); + + // PartitionNumber + *(uint32 *)pVar = (uint32)partInfo.PartitionNumber; + pVar += sizeof(uint32); + + // PartitionStart + *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9; + pVar += sizeof(uint64); + + // PartitiontSize + *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9; + pVar += sizeof(uint64); + + // GptGuid + memcpy(pVar, &partInfo.Gpt.PartitionId, 16); + pVar += 16; + + // MbrType + *(byte *)pVar = 0x02; + pVar += sizeof(byte); + + // SigType + *(byte *)pVar = 0x02; + pVar += sizeof(byte); + + // Type and sub type 04 04 (file path) + *(uint16 *)pVar = 0x0404; + pVar += sizeof(uint16); + + // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) ) + *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32)); + pVar += sizeof(uint16); + + // FilePath + for (uint32 i = 0; i < execPath.length(); i++) { + *(uint16 *)pVar = execPath[i]; + pVar += sizeof(uint16); + } + *(uint16 *)pVar = 0; + pVar += sizeof(uint16); + + // EndOfrecord + *(uint32 *)pVar = 0x04ff7f; + pVar += sizeof(uint32); + + // Set variable + wchar_t varName[256]; + StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum); + SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize); + delete startVar; + + // Update order + wstring order = L"Order"; + order.insert(0, type == NULL ? L"Boot" : type); + + uint32 startOrderLen = GetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, tempBuf, sizeof(tempBuf)); + uint32 startOrderNumPos = UINT_MAX; + bool startOrderUpdate = false; + uint16* startOrder = (uint16*)tempBuf; + for (uint32 i = 0; i < startOrderLen / 2; i++) { + if (startOrder[i] == statrtOrderNum) { + startOrderNumPos = i; + break; + } + } + + // Create new entry if absent + if (startOrderNumPos == UINT_MAX) { + for (uint32 i = startOrderLen / 2; i > 0; --i) { + startOrder[i] = startOrder[i - 1]; + } + startOrder[0] = statrtOrderNum; + startOrderLen += 2; + startOrderUpdate = true; + } else if (startOrderNumPos > 0) { + for (uint32 i = startOrderNumPos; i > 0; --i) { + startOrder[i] = startOrder[i - 1]; + } + startOrder[0] = statrtOrderNum; + startOrderUpdate = true; + } + + if (startOrderUpdate) { + SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen); + } + + // set BootNext value + wstring next = L"Next"; + next.insert(0, type == NULL ? L"Boot" : type); + + SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2); + + } + + void EfiBoot::SaveFile(wchar_t* name, byte* data, DWORD size) { + wstring path = EfiBootPartPath; + path += name; + File f(path, false, true); + f.Write(data, size); + f.Close(); + } + + void EfiBoot::GetFileSize(const wchar_t* name, unsigned __int64& size) { + wstring path = EfiBootPartPath; + path += name; + File f(path, true); + f.GetFileSize(size); + f.Close(); + } + + void EfiBoot::ReadFile(const wchar_t* name, byte* data, DWORD size) { + wstring path = EfiBootPartPath; + path += name; + File f(path, true); + f.Read(data, size); + f.Close(); + } + + void EfiBoot::CopyFile(const wchar_t* name, const wchar_t* targetName) { + wstring path = EfiBootPartPath; + path += name; + wstring targetPath; + if (targetName[0] == L'\\') + { + targetPath = EfiBootPartPath; + targetPath += targetName; + } + else + targetPath = targetName; + throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE)); + } + + BOOL EfiBoot::RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce) { + wstring path = EfiBootPartPath; + path += name; + wstring pathNew = EfiBootPartPath; + pathNew += nameNew; + return MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0); + } + + BOOL EfiBoot::DelFile(wchar_t* name) { + wstring path = EfiBootPartPath; + path += name; + return DeleteFile(path.c_str()); + } + + BOOL EfiBoot::MkDir(wchar_t* name, bool& bAlreadyExists) { + wstring path = EfiBootPartPath; + path += name; + bAlreadyExists = false; + BOOL bRet = CreateDirectory(path.c_str(), NULL); + if (!bRet && (GetLastError () == ERROR_ALREADY_EXISTS)) + { + bRet = TRUE; + bAlreadyExists = true; + } + return bRet; + } + + BOOL EfiBoot::ReadConfig (wchar_t* name, EfiBootConf& conf) + { + wstring path = EfiBootPartPath; + path += name; + + return conf.Load (path.c_str()); + } + + BOOL EfiBoot::UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg) + { + BOOL bRet = FALSE; + EfiBootConf conf; + wstring path = EfiBootPartPath; + path += name; + + if (conf.Load (path.c_str())) + { + if (pim >= 0) + { + conf.pim = pim; + conf.requestPim = 0; + } + else + { + conf.pim = 0; + conf.requestPim = 1; + } + + if (hashAlgo >= 0) + { + conf.hashAlgo = hashAlgo; + conf.requestHash = 0; + } + else + { + conf.hashAlgo = 0; + conf.requestHash = 1; + } + + return conf.Save (path.c_str(), hwndDlg); + } + + return bRet; + } + + BOOL EfiBoot::WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg) + { + EfiBootConf conf; + wstring path = EfiBootPartPath; + path += name; + + if (preserveUserConfig) + { + conf.Load (path.c_str()); + if (pim >= 0 && (conf.requestPim == 0)) + { + conf.pim = pim; + } + if (hashAlgo >= 0 && (conf.requestHash == 0)) + { + conf.hashAlgo = hashAlgo; + } + } + else + { + if (pim >= 0) + { + conf.pim = pim; + conf.requestPim = 0; + } + else + { + conf.pim = 0; + conf.requestPim = 1; + } + + if (hashAlgo >= 0) + { + conf.hashAlgo = hashAlgo; + conf.requestHash = 0; + } + else + { + conf.hashAlgo = 0; + conf.requestHash = 1; + } + } + + if (passPromptMsg && strlen (passPromptMsg)) + { + conf.passwordMsg = passPromptMsg; + } + + return conf.Save (path.c_str(), hwndDlg); + } + + void BootEncryption::InstallBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg) { Device device (GetSystemDriveConfiguration().DevicePath); device.CheckOpened (SRC_POS); - InstallBootLoader (device, preserveUserConfig, hiddenOSCreation); + InstallBootLoader (device, preserveUserConfig, hiddenOSCreation, pim, hashAlg); } - void BootEncryption::InstallBootLoader (Device& device, bool preserveUserConfig, bool hiddenOSCreation, int pim) + void BootEncryption::InstallBootLoader (Device& device, bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg) { - byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0}; - CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation); + SystemDriveConfiguration config = GetSystemDriveConfiguration(); - // Write MBR - byte mbr[TC_SECTOR_SIZE_BIOS]; - - device.SeekAt (0); - device.Read (mbr, sizeof (mbr)); - - if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME)) - { - uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)); - if (version != 0) - { - bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET]; - memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH); - - if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + if (config.SystemPartition.IsGPT) { + if (!IsAdmin()) { + if (IsUacSupported()) { - if (pim >= 0) - { - memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE); - } - else - memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + Elevator::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg); + return; + } + else + { + Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow); } } + DWORD sizeDcsBoot; + byte *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot); + if (!dcsBootImg) + throw ErrorException(L"Out of resource DcsBoot", SRC_POS); + DWORD sizeDcsInt; + byte *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt); + if (!dcsIntImg) + throw ErrorException(L"Out of resource DcsInt", SRC_POS); + DWORD sizeDcsCfg; + byte *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg); + if (!dcsCfgImg) + throw ErrorException(L"Out of resource DcsCfg", SRC_POS); + DWORD sizeLegacySpeaker; + byte *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker); + if (!LegacySpeakerImg) + throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS); + + finally_do ({ EfiBootInst.DismountBootPartition(); }); + EfiBootInst.MountBootPartition(0); + + try + { + // Save modules + bool bAlreadyExist; + + EfiBootInst.MkDir(L"\\EFI\\VeraCrypt", bAlreadyExist); + EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsBoot.efi", dcsBootImg, sizeDcsBoot); + EfiBootInst.SaveFile(L"\\EFI\\Boot\\bootx64.efi", dcsBootImg, sizeDcsBoot); + EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs", dcsIntImg, sizeDcsInt); + EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs", dcsCfgImg, sizeDcsCfg); + EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", LegacySpeakerImg, sizeLegacySpeaker); + EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi"); + + // move configuration file from old location (if it exists) to new location + // we don't force the move operation if the new location already exists + EfiBootInst.RenameFile (L"\\DcsProp", L"\\EFI\\VeraCrypt\\DcsProp", FALSE); + EfiBootInst.RenameFile (L"\\DcsBoot", L"\\EFI\\VeraCrypt\\DcsBoot", FALSE); + + // move the original bootloader backup from old location (if it exists) to new location + // we don't force the move operation if the new location already exists + EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE); + + // Clean beta9 + EfiBootInst.DelFile(L"\\DcsBoot.efi"); + EfiBootInst.DelFile(L"\\DcsInt.efi"); + EfiBootInst.DelFile(L"\\DcsCfg.efi"); + EfiBootInst.DelFile(L"\\LegacySpeaker.efi"); + EfiBootInst.DelFile(L"\\DcsBoot"); + EfiBootInst.DelFile(L"\\DcsProp"); + } + catch (...) + { + throw; + } + + EfiBootInst.WriteConfig (L"\\EFI\\VeraCrypt\\DcsProp", preserveUserConfig, pim, hashAlg, NULL, ParentWindow); } + else + { + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0}; + CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation); - memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE); + // Write MBR + byte mbr[TC_SECTOR_SIZE_BIOS]; - device.SeekAt (0); - device.Write (mbr, sizeof (mbr)); + device.SeekAt (0); + device.Read (mbr, sizeof (mbr)); - byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS]; - device.SeekAt (0); - device.Read (mbrVerificationBuf, sizeof (mbr)); + if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME)) + { + uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)); + if (version != 0) + { + bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET]; + memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH); - if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0) - throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS); + if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + { + if (pim >= 0) + { + memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + } + else + memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE); + } + } + } - // Write boot loader - device.SeekAt (TC_SECTOR_SIZE_BIOS); - device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS); + memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE); + + device.SeekAt (0); + device.Write (mbr, sizeof (mbr)); + + byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS]; + device.SeekAt (0); + device.Read (mbrVerificationBuf, sizeof (mbr)); + + if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0) + throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS); + + // Write boot loader + device.SeekAt (TC_SECTOR_SIZE_BIOS); + device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS); + } } #ifndef SETUP bool BootEncryption::CheckBootloaderFingerprint (bool bSilent) { + SystemDriveConfiguration config = GetSystemDriveConfiguration(); + + // return true for now when EFI system encryption is used until we implement + // a dedicated EFI fingerprinting mechanism in VeraCrypt driver + if (config.SystemPartition.IsGPT) + return true; + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0}; byte fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; byte expectedFingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; @@ -1622,7 +2655,7 @@ namespace VeraCrypt WCHAR pathBuf[MAX_PATH]; throw_sys_if (!SUCCEEDED (SHGetFolderPath (NULL, CSIDL_COMMON_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, pathBuf))); - + wstring path = wstring (pathBuf) + L"\\" _T(TC_APP_NAME); CreateDirectory (path.c_str(), NULL); @@ -1652,7 +2685,7 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); Buffer imageBuf (RescueIsoImageSize); - + byte *image = imageBuf.Ptr(); memset (image, 0, RescueIsoImageSize); @@ -1749,7 +2782,7 @@ namespace VeraCrypt File sysBakFile (GetSystemLoaderBackupPath(), true); sysBakFile.CheckOpened (SRC_POS); sysBakFile.Read (image + TC_CD_BOOTSECTOR_OFFSET + TC_ORIG_BOOT_LOADER_BACKUP_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE); - + image[TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_RESCUE_DISK_ORIG_SYS_LOADER; } catch (Exception &e) @@ -1757,7 +2790,7 @@ namespace VeraCrypt e.Show (ParentWindow); Warning ("SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK", ParentWindow); } - + // Boot loader backup CreateBootLoaderInMemory (image + TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_LOADER_BACKUP_RESCUE_DISK_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE, false); @@ -1805,7 +2838,7 @@ namespace VeraCrypt UINT driveType = GetDriveType (rootPath); // check that it is a CD/DVD drive or a removable media in case a bootable // USB key was created from the rescue disk ISO file - if ((DRIVE_CDROM == driveType) || (DRIVE_REMOVABLE == driveType)) + if ((DRIVE_CDROM == driveType) || (DRIVE_REMOVABLE == driveType)) { rootPath[2] = 0; // remove trailing backslash @@ -1841,7 +2874,7 @@ namespace VeraCrypt Buffer buffer ((verifiedSectorCount + 1) * 2048); DWORD bytesRead = isoFile.Read (buffer.Ptr(), (DWORD) buffer.Size()); - if ( (bytesRead == buffer.Size()) + if ( (bytesRead == buffer.Size()) && (memcmp (buffer.Ptr(), RescueIsoImage, buffer.Size()) == 0) ) { @@ -1928,51 +2961,132 @@ namespace VeraCrypt } +#define VC_EFI_BOOTLOADER_NAME L"DcsBoot" + void BootEncryption::BackupSystemLoader () { - Device device (GetSystemDriveConfiguration().DevicePath, true); - device.CheckOpened (SRC_POS); - byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS]; - - device.SeekAt (0); - device.Read (bootLoaderBuf, sizeof (bootLoaderBuf)); - - // Prevent TrueCrypt loader from being backed up - for (size_t i = 0; i < sizeof (bootLoaderBuf) - strlen (TC_APP_NAME); ++i) + if (GetSystemDriveConfiguration().SystemPartition.IsGPT) { - if (memcmp (bootLoaderBuf + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0) - { - if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO) - throw UserAbort (SRC_POS); - return; + if (!IsAdmin()) { + if (IsUacSupported()) + { + Elevator::BackupEfiSystemLoader (); + return; + } + else + { + Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow); + } } - } + unsigned __int64 loaderSize = 0; - File backupFile (GetSystemLoaderBackupPath(), false, true); - backupFile.Write (bootLoaderBuf, sizeof (bootLoaderBuf)); + finally_do ({ EfiBootInst.DismountBootPartition(); }); + + EfiBootInst.MountBootPartition(0); + + EfiBootInst.GetFileSize(L"\\EFI\\Boot\\bootx64.efi", loaderSize); + + std::vector bootLoaderBuf ((size_t) loaderSize); + + EfiBootInst.ReadFile(L"\\EFI\\Boot\\bootx64.efi", &bootLoaderBuf[0], (DWORD) loaderSize); + + // Prevent VeraCrypt EFI loader from being backed up + for (size_t i = 0; i < (size_t) loaderSize - (wcslen (VC_EFI_BOOTLOADER_NAME) * 2); ++i) + { + if (memcmp (&bootLoaderBuf[i], VC_EFI_BOOTLOADER_NAME, wcslen (VC_EFI_BOOTLOADER_NAME) * 2) == 0) + { + if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO) + throw UserAbort (SRC_POS); + return; + } + } + + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", GetSystemLoaderBackupPath().c_str()); + EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup"); + } + else + { + Device device (GetSystemDriveConfiguration().DevicePath, true); + device.CheckOpened (SRC_POS); + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS]; + + device.SeekAt (0); + device.Read (bootLoaderBuf, sizeof (bootLoaderBuf)); + + // Prevent TrueCrypt loader from being backed up + for (size_t i = 0; i < sizeof (bootLoaderBuf) - strlen (TC_APP_NAME); ++i) + { + if (memcmp (bootLoaderBuf + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0) + { + if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO) + throw UserAbort (SRC_POS); + return; + } + } + + File backupFile (GetSystemLoaderBackupPath(), false, true); + backupFile.Write (bootLoaderBuf, sizeof (bootLoaderBuf)); + } } void BootEncryption::RestoreSystemLoader () { - byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS]; + SystemDriveConfiguration config = GetSystemDriveConfiguration(); + if (config.SystemPartition.IsGPT) { + if (!IsAdmin()) { + if (IsUacSupported()) + { + Elevator::RestoreEfiSystemLoader (); + return; + } + else + { + Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow); + } + } - File backupFile (GetSystemLoaderBackupPath(), true); - backupFile.CheckOpened(SRC_POS); - if (backupFile.Read (bootLoaderBuf, sizeof (bootLoaderBuf)) != sizeof (bootLoaderBuf)) - throw ParameterIncorrect (SRC_POS); + finally_do ({ EfiBootInst.DismountBootPartition(); }); - Device device (GetSystemDriveConfiguration().DevicePath); - device.CheckOpened (SRC_POS); + EfiBootInst.MountBootPartition(0); - // Preserve current partition table - byte mbr[TC_SECTOR_SIZE_BIOS]; - device.SeekAt (0); - device.Read (mbr, sizeof (mbr)); - memcpy (bootLoaderBuf + TC_MAX_MBR_BOOT_CODE_SIZE, mbr + TC_MAX_MBR_BOOT_CODE_SIZE, sizeof (mbr) - TC_MAX_MBR_BOOT_CODE_SIZE); + EfiBootInst.DeleteStartExec(); + EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); - device.SeekAt (0); - device.Write (bootLoaderBuf, sizeof (bootLoaderBuf)); + EfiBootInst.DelFile(L"\\DcsBoot.efi"); + EfiBootInst.DelFile(L"\\DcsInt.efi"); + EfiBootInst.DelFile(L"\\DcsCfg.efi"); + EfiBootInst.DelFile(L"\\LegacySpeaker.efi"); + EfiBootInst.DelFile(L"\\DcsBoot"); + EfiBootInst.DelFile(L"\\DcsProp"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsBoot.efi"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsBoot"); + EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsProp"); + } + else + { + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS]; + + File backupFile (GetSystemLoaderBackupPath(), true); + backupFile.CheckOpened(SRC_POS); + if (backupFile.Read (bootLoaderBuf, sizeof (bootLoaderBuf)) != sizeof (bootLoaderBuf)) + throw ParameterIncorrect (SRC_POS); + + Device device (GetSystemDriveConfiguration().DevicePath); + device.CheckOpened (SRC_POS); + + // Preserve current partition table + byte mbr[TC_SECTOR_SIZE_BIOS]; + device.SeekAt (0); + device.Read (mbr, sizeof (mbr)); + memcpy (bootLoaderBuf + TC_MAX_MBR_BOOT_CODE_SIZE, mbr + TC_MAX_MBR_BOOT_CODE_SIZE, sizeof (mbr) - TC_MAX_MBR_BOOT_CODE_SIZE); + + device.SeekAt (0); + device.Write (bootLoaderBuf, sizeof (bootLoaderBuf)); + } } #endif // SETUP @@ -2211,11 +3325,34 @@ namespace VeraCrypt RegisterSystemFavoritesService (registerService, FALSE); } + void BootEncryption::GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn) + { + SystemDriveConfiguration config = GetSystemDriveConfiguration (); + if (config.SystemPartition.IsGPT && pSdn) + { + if (!IsAdmin() && IsUacSupported()) + { + Elevator::GetEfiBootDeviceNumber (pSdn); + } + else + { + finally_do ({ EfiBootInst.DismountBootPartition(); }); + EfiBootInst.MountBootPartition(0); + memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER)); + } + } + else + { + SetLastError (ERROR_INVALID_PARAMETER); + throw SystemException (SRC_POS); + } + } + void BootEncryption::CheckRequirements () { if (nCurrentOS == WIN_2000) throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS", SRC_POS); - + if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1) throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0", SRC_POS); @@ -2224,7 +3361,7 @@ namespace VeraCrypt SystemDriveConfiguration config = GetSystemDriveConfiguration (); - if (config.SystemPartition.IsGPT) + if (config.SystemPartition.IsGPT && !Is64BitOs()) throw ErrorException ("GPT_BOOT_DRIVE_UNSUPPORTED", SRC_POS); if (SystemDriveIsDynamic()) @@ -2239,7 +3376,13 @@ namespace VeraCrypt throw ErrorException ("SYSENC_UNSUPPORTED_SECTOR_SIZE_BIOS", SRC_POS); bool activePartitionFound = false; - if (!config.SystemPartition.IsGPT) + if (config.SystemPartition.IsGPT) + { + STORAGE_DEVICE_NUMBER sdn; + GetEfiBootDeviceNumber (&sdn); + activePartitionFound = (config.DriveNumber == (int) sdn.DeviceNumber); + } + else { // Determine whether there is an Active partition on the system drive foreach (const Partition &partition, config.Partitions) @@ -2300,7 +3443,7 @@ namespace VeraCrypt if (!pagingFilesOk) { - if (AskWarnYesNoString ((wchar_t *) (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION")) + if (AskWarnYesNoString ((wchar_t *) (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION")) + GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION") + L"\n\n\n" + GetString ("RESTRICT_PAGING_FILES_TO_SYS_PARTITION") @@ -2311,7 +3454,7 @@ namespace VeraCrypt AbortProcessSilent(); } - throw ErrorException (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION")) + throw ErrorException (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION")) + GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS); } @@ -2319,14 +3462,14 @@ namespace VeraCrypt wchar_t *configPath = GetConfigPath (L"dummy"); if (configPath && towupper (configPath[0]) != windowsDrive) { - throw ErrorException (wstring (GetString ("USER_PROFILE_NOT_ON_SYS_PARTITION")) + throw ErrorException (wstring (GetString ("USER_PROFILE_NOT_ON_SYS_PARTITION")) + GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS); } // Temporary files if (towupper (GetTempPathString()[0]) != windowsDrive) { - throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION")) + throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION")) + GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS); } } @@ -2343,19 +3486,21 @@ namespace VeraCrypt SystemDriveConfiguration config = GetSystemDriveConfiguration (); - if (encStatus.VolumeHeaderPresent) - { - // Verify CRC of header salt - Device device (config.DevicePath, true); - device.CheckOpened (SRC_POS); - byte header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; + if (!config.SystemPartition.IsGPT) { + if (encStatus.VolumeHeaderPresent) + { + // Verify CRC of header salt + Device device(config.DevicePath, true); + device.CheckOpened(SRC_POS); + byte header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; - device.SeekAt (TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET); - device.Read (header, sizeof (header)); + device.SeekAt(TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET); + device.Read(header, sizeof(header)); - if (encStatus.VolumeHeaderSaltCrc32 != GetCrc32 ((byte *) header, PKCS5_SALT_SIZE)) - throw ParameterIncorrect (SRC_POS); - } + if (encStatus.VolumeHeaderSaltCrc32 != GetCrc32((byte *)header, PKCS5_SALT_SIZE)) + throw ParameterIncorrect(SRC_POS); + } + } try { @@ -2442,7 +3587,7 @@ namespace VeraCrypt device.Read ((byte *) header, sizeof (header)); PCRYPTO_INFO cryptoInfo = NULL; - + int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, FALSE, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); @@ -2475,7 +3620,7 @@ namespace VeraCrypt UserEnrichRandomPool (hwndDlg); WaitCursor(); - /* The header will be re-encrypted wipePassCount times to prevent adversaries from using + /* The header will be re-encrypted wipePassCount times to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22 times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might @@ -2558,20 +3703,24 @@ namespace VeraCrypt try { // check if PIM is stored in MBR - byte userConfig; - ReadBootSectorConfig (nullptr, 0, &userConfig); - if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + byte userConfig = 0; + if ( ReadBootSectorConfig (nullptr, 0, &userConfig) + && (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) + ) + { storedPimUpdateNeeded = true; + } } catch (...) - {} + { + } } try { // force update of bootloader if fingerprint doesn't match or if the stored PIM changed if (storedPimUpdateNeeded || !CheckBootloaderFingerprint (true)) - InstallBootLoader (device, true, false, pim); + InstallBootLoader (device, true, false, pim, cryptoInfo->pkcs5); } catch (...) {} @@ -2589,7 +3738,7 @@ namespace VeraCrypt } - void BootEncryption::Install (bool hiddenSystem) + void BootEncryption::Install (bool hiddenSystem, int hashAlgo) { BootEncryptionStatus encStatus = GetStatus(); if (encStatus.DriveMounted) @@ -2597,7 +3746,7 @@ namespace VeraCrypt try { - InstallBootLoader (false, hiddenSystem); + InstallBootLoader (false, hiddenSystem, -1, hashAlgo); if (!hiddenSystem) InstallVolumeHeader (); @@ -2691,7 +3840,7 @@ namespace VeraCrypt SelectedEncryptionAlgorithmId = ea; SelectedPrfAlgorithmId = pkcs5; CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5, pim); - + if (!rescueIsoImagePath.empty()) CreateRescueIsoImage (true, rescueIsoImagePath); } @@ -2733,7 +3882,7 @@ namespace VeraCrypt BootEncryptionSetupRequest request; ZeroMemory (&request, sizeof (request)); - + request.SetupMode = SetupDecryption; request.DiscardUnreadableEncryptedSectors = discardUnreadableEncryptedSectors; @@ -2749,7 +3898,7 @@ namespace VeraCrypt BootEncryptionSetupRequest request; ZeroMemory (&request, sizeof (request)); - + request.SetupMode = SetupEncryption; request.WipeAlgorithm = wipeAlgorithm; request.ZeroUnreadableSectors = zeroUnreadableSectors; diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index d75b650c..dd8346d7 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -18,6 +18,16 @@ #include "Exception.h" #include "Platform/PlatformBase.h" #include "Volumes.h" +#include + +#define SYSPARTITIONINFORMATION 0x62 + +typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)( + SYSTEM_INFORMATION_CLASS SystemInformationClass, + PVOID SystemInformation, + ULONG SystemInformationLength, + PULONG ReturnLength +); using namespace std; @@ -26,7 +36,7 @@ namespace VeraCrypt class File { public: - File () : Elevated (false), FileOpen (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { } + File () : Elevated (false), FileOpen (false), ReadOnly (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { } File (wstring path,bool readOnly = false, bool create = false); virtual ~File () { Close(); } @@ -35,10 +45,13 @@ namespace VeraCrypt DWORD Read (byte *buffer, DWORD size); void Write (byte *buffer, DWORD size); void SeekAt (int64 position); + void GetFileSize (unsigned __int64& size); + bool IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize); protected: bool Elevated; bool FileOpen; + bool ReadOnly; uint64 FilePointerPosition; HANDLE Handle; bool IsDevice; @@ -131,6 +144,67 @@ namespace VeraCrypt bool SystemLoaderPresent; }; + class EfiBootConf + { + public: + + int passwordType; + string passwordMsg; + string passwordPicture; + string hashMsg; + int hashAlgo; + int requestHash; + string pimMsg; + int pim; + int requestPim; + int authorizeVisible; + int authorizeRetry; + + EfiBootConf(); + + static BOOL ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize); + static int ReadConfigInteger (char* configContent, const char *configKey, int defaultValue); + static char *ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen); + static BOOL WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue); + static BOOL WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue); + BOOL Load (const wchar_t* fileName); + void Load (char* configContent); + BOOL Save (const wchar_t* fileName, HWND hwnd); + }; + + class EfiBoot { + public: + EfiBoot(); + + void MountBootPartition(WCHAR letter); + void DismountBootPartition(); + bool IsEfiBoot(); + + void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL); + void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1); + void SaveFile(wchar_t* name, byte* data, DWORD size); + void GetFileSize(const wchar_t* name, unsigned __int64& size); + void ReadFile(const wchar_t* name, byte* data, DWORD size); + void CopyFile(const wchar_t* name, const wchar_t* targetName); + + BOOL RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce); + BOOL DelFile(wchar_t* name); + BOOL MkDir(wchar_t* name, bool& bAlreadyExists); + BOOL ReadConfig (wchar_t* name, EfiBootConf& conf); + BOOL UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg); + BOOL WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg); + + PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;} + + protected: + bool m_bMounted; + WCHAR EfiBootPartPath[3]; + STORAGE_DEVICE_NUMBER sdn; + PARTITION_INFORMATION_EX partInfo; + WCHAR tempBuf[1024]; + WCHAR systemPartitionPath[MAX_PATH]; + }; + class BootEncryption { public: @@ -168,9 +242,9 @@ namespace VeraCrypt BootEncryptionStatus GetStatus (); void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties); SystemDriveConfiguration GetSystemDriveConfiguration (); - void Install (bool hiddenSystem); - void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1); - void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false); + void Install (bool hiddenSystem, int hashAlgo); + void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1); + void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1); bool CheckBootloaderFingerprint (bool bSilent = false); void InvalidateCachedSysDriveProperties (); bool IsCDRecorderPresent (); @@ -179,8 +253,9 @@ namespace VeraCrypt void PrepareHiddenOSCreation (int ea, int mode, int pkcs5); void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath); void ProbeRealSystemDriveSize (); - void ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr); + bool ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr); uint32 ReadDriverConfigurationFlags (); + void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead); void RegisterBootDriver (bool hiddenSystem); void RegisterFilterDriver (bool registerDriver, FilterType filterType); void RegisterSystemFavoritesService (BOOL registerService); @@ -206,13 +281,16 @@ namespace VeraCrypt void WipeHiddenOSCreationConfig (); void WriteBootDriveSector (uint64 offset, byte *data); void WriteBootSectorConfig (const byte newConfig[]); - void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim); + void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg); + void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg); void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value); + void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn); + void BackupSystemLoader (); + void RestoreSystemLoader (); protected: static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image - void BackupSystemLoader (); void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false); void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim); wstring GetSystemLoaderBackupPath (); @@ -221,8 +299,7 @@ namespace VeraCrypt PartitionList GetDrivePartitions (int driveNumber); wstring GetRemarksOnHiddenOS (); wstring GetWindowsDirectory (); - void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr); - void RestoreSystemLoader (); + void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr); void InstallVolumeHeader (); HWND ParentWindow; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 31be6b90..30571260 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -1,11 +1,11 @@ /* Legal Notice: Some portions of the source code contained in this file were - derived from the source code of TrueCrypt 7.1a, which is - Copyright (c) 2003-2012 TrueCrypt Developers Association and which is + derived from the source code of TrueCrypt 7.1a, which is + Copyright (c) 2003-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux - and which is governed by the 'License Agreement for Encryption for the Masses' - Modifications and additions to the original source code (contained in this file) + and which is governed by the 'License Agreement for Encryption for the Masses' + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -114,9 +114,9 @@ BOOL bMountFavoritesOnLogon = FALSE; BOOL bHistory = FALSE; -// Status of detection of hidden sectors (whole-system-drive encryption). +// Status of detection of hidden sectors (whole-system-drive encryption). // 0 - Unknown/undetermined/completed, 1: Detection is or was in progress (but did not complete e.g. due to system crash). -int HiddenSectorDetectionStatus = 0; +int HiddenSectorDetectionStatus = 0; OSVersionEnum nCurrentOS = WIN_UNKNOWN; int CurrentOSMajor = 0; @@ -129,7 +129,7 @@ BOOL bPortableModeConfirmed = FALSE; // TRUE if it is certain that the instance BOOL bInPlaceEncNonSysPending = FALSE; // TRUE if the non-system in-place encryption config file indicates that one or more partitions are scheduled to be encrypted. This flag is set only when config files are loaded during app startup. -/* Globals used by Mount and Format (separately per instance) */ +/* Globals used by Mount and Format (separately per instance) */ BOOL PimEnable = FALSE; BOOL KeyFilesEnable = FALSE; KeyFile *FirstKeyFile = NULL; @@ -148,7 +148,7 @@ BOOL WaitDialogDisplaying = FALSE; HANDLE hDriver = INVALID_HANDLE_VALUE; /* This mutex is used to prevent multiple instances of the wizard or main app from dealing with system encryption */ -volatile HANDLE hSysEncMutex = NULL; +volatile HANDLE hSysEncMutex = NULL; /* This mutex is used for non-system in-place encryption but only for informative (non-blocking) purposes, such as whether an app should prompt the user whether to resume scheduled process. */ @@ -172,7 +172,7 @@ ATOM hDlgClass, hSplashClass; /* This value may changed only by calling ChangeSystemEncryptionStatus(). Only the wizard can change it (others may still read it though). */ -int SystemEncryptionStatus = SYSENC_STATUS_NONE; +int SystemEncryptionStatus = SYSENC_STATUS_NONE; /* Only the wizard can change this value (others may only read it). */ WipeAlgorithmId nWipeMode = TC_WIPE_NONE; @@ -329,7 +329,7 @@ enum BENCHMARK_SORT_BY_SPEED }; -typedef struct +typedef struct { int id; wchar_t name[100]; @@ -352,7 +352,7 @@ BOOL benchmarkGPT = FALSE; #endif // #ifndef SETUP -typedef struct +typedef struct { void *strings; BOOL bold; @@ -745,7 +745,7 @@ BOOL IsDiskError (DWORD error) DWORD handleWin32Error (HWND hwndDlg, const char* srcPos) { PWSTR lpMsgBuf; - DWORD dwError = GetLastError (); + DWORD dwError = GetLastError (); wchar_t szErrorValue[32]; wchar_t* pszDesc; @@ -868,7 +868,7 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont) { SIZE sizes; TEXTMETRIC textMetrics; - HDC hdc = GetDC (hwndDlgItem); + HDC hdc = GetDC (hwndDlgItem); SelectObject(hdc, (HGDIOBJ) hFont); @@ -876,7 +876,7 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont) GetTextMetrics(hdc, &textMetrics); // Necessary for non-TrueType raster fonts (tmOverhang) - ReleaseDC (hwndDlgItem, hdc); + ReleaseDC (hwndDlgItem, hdc); return ((int) sizes.cx - (int) textMetrics.tmOverhang); } @@ -885,13 +885,13 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont) int GetTextGfxHeight (HWND hwndDlgItem, const wchar_t *text, HFONT hFont) { SIZE sizes; - HDC hdc = GetDC (hwndDlgItem); + HDC hdc = GetDC (hwndDlgItem); SelectObject(hdc, (HGDIOBJ) hFont); GetTextExtentPoint32W (hdc, text, (int) wcslen (text), &sizes); - ReleaseDC (hwndDlgItem, hdc); + ReleaseDC (hwndDlgItem, hdc); return ((int) sizes.cy); } @@ -907,7 +907,7 @@ std::wstring FitPathInGfxWidth (HWND hwnd, HFONT hFont, LONG width, const std::w rect.right = width; rect.bottom = LONG_MAX; - HDC hdc = GetDC (hwnd); + HDC hdc = GetDC (hwnd); SelectObject (hdc, (HGDIOBJ) hFont); wchar_t pathBuf[TC_MAX_PATH]; @@ -916,7 +916,7 @@ std::wstring FitPathInGfxWidth (HWND hwnd, HFONT hFont, LONG width, const std::w if (DrawText (hdc, pathBuf, (int) path.size(), &rect, DT_CALCRECT | DT_MODIFYSTRING | DT_PATH_ELLIPSIS | DT_SINGLELINE) != 0) newPath = pathBuf; - ReleaseDC (hwnd, hdc); + ReleaseDC (hwnd, hdc); return newPath; } @@ -996,12 +996,12 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h width = GetTextGfxWidth (hwndCtrl, text, hFont); height = GetTextGfxHeight (hwndCtrl, text, hFont); - GetClientRect (hwndCtrl, &rec); + GetClientRect (hwndCtrl, &rec); origWidth = rec.right; origHeight = rec.bottom; if (width >= 0 - && (!bFirstUpdate || origWidth > width)) // The original width of the field is the maximum allowed size + && (!bFirstUpdate || origWidth > width)) // The original width of the field is the maximum allowed size { horizSubOffset = origWidth - width; vertSubOffset = origHeight - height; @@ -1024,7 +1024,7 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h alignPosDiff = horizSubOffset / 2; else if (windowInfo.dwStyle & SS_RIGHT) alignPosDiff = horizSubOffset; - + // Resize/move if (alignPosDiff > 0) { @@ -1079,7 +1079,7 @@ static LRESULT CALLBACK BootPwdFieldProc (HWND hwnd, UINT message, WPARAM wParam // Protects an input field from having its content updated by a Paste action. Used for pre-boot password -// input fields (only the US keyboard layout is supported in pre-boot environment so we must prevent the +// input fields (only the US keyboard layout is supported in pre-boot environment so we must prevent the // user from pasting a password typed using a non-US keyboard layout). void ToBootPwdField (HWND hwndDlg, UINT ctrlId) { @@ -1106,7 +1106,7 @@ BOOL CALLBACK AuxiliaryDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP if (hDC) { ScreenDPI = GetDeviceCaps (hDC, LOGPIXELSY); - ReleaseDC (hwndDlg, hDC); + ReleaseDC (hwndDlg, hDC); } DPIScaleFactorX = 1; @@ -1115,7 +1115,7 @@ BOOL CALLBACK AuxiliaryDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP if (ScreenDPI != USER_DEFAULT_SCREEN_DPI) { - // Windows skews the GUI aspect ratio if the user has a non-default DPI. Hence, working with + // Windows skews the GUI aspect ratio if the user has a non-default DPI. Hence, working with // actual screen DPI is redundant and leads to incorrect results. What really matters here is // how Windows actually renders our GUI. This is determined by comparing the expected and current // sizes of a hidden calibration text field. @@ -1174,7 +1174,7 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam GetClientRect (GetDlgItem (hwndDlg, IDC_ABOUT_LOGO_AREA), &rec); SetWindowPos (GetDlgItem (hwndDlg, IDC_ABOUT_BKG), HWND_TOP, 0, 0, rec.right, rec.bottom, SWP_NOMOVE); - // Resize the logo bitmap if the user has a non-default DPI + // Resize the logo bitmap if the user has a non-default DPI if (ScreenDPI != USER_DEFAULT_SCREEN_DPI) { // Logo (must recreate and keep the original aspect ratio as Windows distorts it) @@ -1490,7 +1490,7 @@ void InitDialog (HWND hwndDlg) void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess) { MSG paintMsg; - int msgCounter = maxMessagesToProcess; + int msgCounter = maxMessagesToProcess; while (PeekMessageW (&paintMsg, hwnd, 0, 0, PM_REMOVE | PM_QS_PAINT) != 0 && msgCounter-- > 0) { @@ -1518,16 +1518,16 @@ HDC CreateMemBitmap (HINSTANCE hInstance, HWND hwnd, wchar_t *resource) } -/* Renders the specified bitmap at the specified location and stretches it to fit (anti-aliasing is applied). +/* Renders the specified bitmap at the specified location and stretches it to fit (anti-aliasing is applied). If bDirectRender is FALSE and both nWidth and nHeight are zero, the width and height of hwndDest are retrieved and adjusted according to screen DPI (the width and height of the resultant image are adjusted the same way); furthermore, if bKeepAspectRatio is TRUE, the smaller DPI factor of the two (i.e. horiz. or vert.) is used both for horiz. and vert. scaling (note that the overall GUI aspect ratio changes irregularly in -both directions depending on the DPI). If bDirectRender is TRUE, bKeepAspectRatio is ignored. +both directions depending on the DPI). If bDirectRender is TRUE, bKeepAspectRatio is ignored. This function returns a handle to the scaled bitmap. When the bitmap is no longer needed, it should be -deleted by calling DeleteObject() with the handle passed as the parameter. -Known Windows issues: -- For some reason, anti-aliasing is not applied if the source bitmap contains less than 16K pixels. +deleted by calling DeleteObject() with the handle passed as the parameter. +Known Windows issues: +- For some reason, anti-aliasing is not applied if the source bitmap contains less than 16K pixels. - Windows 2000 may produce slightly inaccurate colors even when source, buffer, and target are 24-bit true color. */ HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth, int nHeight, BOOL bDirectRender, BOOL bKeepAspectRatio) { @@ -1576,11 +1576,11 @@ HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth GetObject (picture, sizeof (BITMAP), &bitmap); - hdcRescaled = CreateCompatibleDC (hdcSrc); + hdcRescaled = CreateCompatibleDC (hdcSrc); if (hdcRescaled) { - hbmpRescaled = CreateCompatibleBitmap (hdcSrc, nWidth, nHeight); + hbmpRescaled = CreateCompatibleBitmap (hdcSrc, nWidth, nHeight); SelectObject (hdcRescaled, hbmpRescaled); @@ -1596,7 +1596,7 @@ HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth hdcSrc, 0, 0, - bitmap.bmWidth, + bitmap.bmWidth, bitmap.bmHeight, SRCCOPY); @@ -1705,8 +1705,8 @@ RegisterRedTick (HINSTANCE hInstance) wc.hCursor = NULL; wc.hbrBackground = (HBRUSH) GetStockObject (LTGRAY_BRUSH); wc.lpszClassName = L"VCREDTICK"; - wc.lpfnWndProc = &RedTick; - + wc.lpfnWndProc = &RedTick; + rc = (ULONG) RegisterClassW (&wc); return rc == 0 ? FALSE : TRUE; @@ -1823,7 +1823,7 @@ void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, B { if (!bHeaderWipe) { - AddComboPair (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE); + AddComboPair (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE); } AddComboPair (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND); @@ -2090,7 +2090,7 @@ void ExceptionHandlerThread (void *threadArg) else lpack[0] = 0; - + sprintf (url, TC_APPLINK_SECURE "&dest=err-report%s&os=%s&osver=%d.%d.%d&arch=%s&cpus=%d&app=%s&cksum=%x&dlg=%s&err=%x&addr=%x" , lpack , GetWindowsEdition().c_str() @@ -2157,9 +2157,48 @@ static LRESULT CALLBACK NonInstallUacWndProc (HWND hWnd, UINT message, WPARAM wP return DefWindowProcW (hWnd, message, wParam, lParam); } +BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args) +{ + wchar_t newCmdLine[4096]; + WNDCLASSEXW wcex; + HWND hWnd; + + memset (&wcex, 0, sizeof (wcex)); + wcex.cbSize = sizeof(WNDCLASSEX); + wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc; + wcex.hInstance = hInst; + wcex.lpszClassName = L"VeraCrypt"; + RegisterClassExW (&wcex); + + // A small transparent window is necessary to bring the new instance to foreground + hWnd = CreateWindowExW (WS_EX_TOOLWINDOW | WS_EX_LAYERED, + L"VeraCrypt", L"VeraCrypt", 0, + GetSystemMetrics (SM_CXSCREEN)/2, + GetSystemMetrics (SM_CYSCREEN)/2, + 1, 1, NULL, NULL, hInst, NULL); + + SetLayeredWindowAttributes (hWnd, 0, 0, LWA_ALPHA); + ShowWindow (hWnd, SW_SHOWNORMAL); + + StringCbCopyW (newCmdLine, sizeof(newCmdLine), L"/q UAC "); + StringCbCatW (newCmdLine, sizeof (newCmdLine), args); + + if ((int)ShellExecuteW (hWnd, L"runas", szModPath, newCmdLine, NULL, SW_SHOWNORMAL) <= 32) + { + if (hwndDlg) + handleWin32Error (hwndDlg, SRC_POS); + return FALSE; + } + else + { + Sleep (2000); + return TRUE; + } +} + // Mutex handling to prevent multiple instances of the wizard or main app from dealing with system encryption. -// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). +// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). BOOL CreateSysEncMutex (void) { return TCCreateMutex (&hSysEncMutex, TC_MUTEX_NAME_SYSENC); @@ -2179,7 +2218,7 @@ void CloseSysEncMutex (void) } -// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). +// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). BOOL CreateNonSysInplaceEncMutex (void) { return TCCreateMutex (&hNonSysInplaceEncMutex, TC_MUTEX_NAME_NONSYS_INPLACE_ENC); @@ -2201,14 +2240,14 @@ void CloseNonSysInplaceEncMutex (void) // Returns TRUE if another instance of the wizard is preparing, resuming or performing non-system in-place encryption BOOL NonSysInplaceEncInProgressElsewhere (void) { - return (!InstanceHasNonSysInplaceEncMutex () + return (!InstanceHasNonSysInplaceEncMutex () && MutexExistsOnSystem (TC_MUTEX_NAME_NONSYS_INPLACE_ENC)); } // Mutex handling to prevent multiple instances of the wizard or main app from trying to install // or register the driver or from trying to launch it in portable mode at the same time. -// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). +// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). BOOL CreateDriverSetupMutex (void) { return TCCreateMutex (&hDriverSetupMutex, TC_MUTEX_NAME_DRIVER_SETUP); @@ -2239,7 +2278,7 @@ BOOL IsTrueCryptInstallerRunning (void) } -// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). +// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE). BOOL TCCreateMutex (volatile HANDLE *hMutex, wchar_t *name) { if (*hMutex != NULL) @@ -2279,7 +2318,7 @@ void TCCloseMutex (volatile HANDLE *hMutex) } -// Returns TRUE if a process running on the system has the specified mutex (otherwise FALSE). +// Returns TRUE if a process running on the system has the specified mutex (otherwise FALSE). BOOL MutexExistsOnSystem (wchar_t *name) { if (name[0] == 0) @@ -2293,7 +2332,7 @@ BOOL MutexExistsOnSystem (wchar_t *name) return FALSE; if (GetLastError () == ERROR_ACCESS_DENIED) // On Vista, this is returned if the owner of the mutex is elevated while we are not - return TRUE; + return TRUE; // The call failed and it is not certain whether the mutex exists or not return FALSE; @@ -2565,8 +2604,8 @@ static void LoadSystemDll (LPCTSTR szModuleName, HMODULE *pHandle, BOOL bIgnoreE void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) { WNDCLASSW wc; - char langId[6]; - InitCommonControlsPtr InitCommonControlsFn = NULL; + char langId[6]; + InitCommonControlsPtr InitCommonControlsFn = NULL; /* remove current directory from dll search path */ SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW"); @@ -2580,7 +2619,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) if (SetDefaultDllDirectoriesFn) SetDefaultDllDirectoriesFn (LOAD_LIBRARY_SEARCH_SYSTEM32); - InitOSVersionInfo(); + InitOSVersionInfo(); VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin)); @@ -2604,9 +2643,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) LoadSystemDll (L"dwmapi.dll", &hdwmapidll, TRUE, SRC_POS); LoadSystemDll (L"UXTheme.dll", &hUXThemeDll, TRUE, SRC_POS); - LoadSystemDll (L"msls31.dll", &hMsls31, TRUE, SRC_POS); + LoadSystemDll (L"msls31.dll", &hMsls31, TRUE, SRC_POS); LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll, FALSE, SRC_POS); - LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll, FALSE, SRC_POS); + LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll, FALSE, SRC_POS); LoadSystemDll (L"userenv.dll", &hUserenvDll, TRUE, SRC_POS); LoadSystemDll (L"rsaenh.dll", &hRsaenhDll, TRUE, SRC_POS); @@ -2623,7 +2662,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) } if (IsOSAtLeast (WIN_VISTA)) - { + { LoadSystemDll (L"netapi32.dll", &hnetapi32dll, TRUE, SRC_POS); LoadSystemDll (L"authz.dll", &hauthzdll, TRUE, SRC_POS); LoadSystemDll (L"xmllite.dll", &hxmllitedll, TRUE, SRC_POS); @@ -2631,7 +2670,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) } if (IsOSAtLeast (WIN_VISTA)) - { + { LoadSystemDll (L"atl.dll", &hsppdll, TRUE, SRC_POS); LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS); LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS); @@ -2648,15 +2687,15 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS); LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS); - LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS); + LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS); } - } + } #else LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS); #endif LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll, FALSE, SRC_POS); - + // call InitCommonControls function InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls"); ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add"); @@ -2717,7 +2756,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) // Language langId[0] = 0; SetPreferredLangId (ConfigReadString ("Language", "", langId, sizeof (langId))); - + if (langId[0] == 0) { if (IsNonInstallMode ()) @@ -2742,9 +2781,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) // A new instance of the application must be created with elevated privileges. if (IsNonInstallMode () && !IsAdmin () && IsUacSupported ()) { - wchar_t modPath[MAX_PATH], newCmdLine[4096]; - WNDCLASSEXW wcex; - HWND hWnd; + wchar_t modPath[MAX_PATH]; if (wcsstr (lpszCommandLine, L"/q UAC ") == lpszCommandLine) { @@ -2752,33 +2789,12 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) exit (1); } - memset (&wcex, 0, sizeof (wcex)); - wcex.cbSize = sizeof(WNDCLASSEX); - wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc; - wcex.hInstance = hInstance; - wcex.lpszClassName = L"VeraCrypt"; - RegisterClassExW (&wcex); - - // A small transparent window is necessary to bring the new instance to foreground - hWnd = CreateWindowExW (WS_EX_TOOLWINDOW | WS_EX_LAYERED, - L"VeraCrypt", L"VeraCrypt", 0, - GetSystemMetrics (SM_CXSCREEN)/2, - GetSystemMetrics (SM_CYSCREEN)/2, - 1, 1, NULL, NULL, hInstance, NULL); - - SetLayeredWindowAttributes (hWnd, 0, 0, LWA_ALPHA); - ShowWindow (hWnd, SW_SHOWNORMAL); - GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath)); - StringCbCopyW (newCmdLine, sizeof(newCmdLine), L"/q UAC "); - StringCbCatW (newCmdLine, sizeof (newCmdLine), lpszCommandLine); - - if ((int)ShellExecuteW (hWnd, L"runas", modPath, newCmdLine, NULL, SW_SHOWNORMAL) <= 32) + if (LaunchElevatedProcess (NULL, modPath, lpszCommandLine)) + exit (0); + else exit (1); - - Sleep (2000); - exit (0); } #endif @@ -2831,7 +2847,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) break; } } - + /* Get the attributes for the standard dialog class */ if ((GetClassInfoW (hInst, WINDOWS_DIALOG_CLASS, &wc)) == 0) { @@ -3022,7 +3038,7 @@ BOOL OpenDevice (const wchar_t *lpszPath, OPEN_TEST_STRUCT *driver, BOOL detectF &dwResult, NULL); // check variable driver - if ( bResult + if ( bResult && ( (driver->bDetectTCBootLoader != TRUE && driver->bDetectTCBootLoader != FALSE) || (driver->TCBootLoaderDetected != TRUE && driver->TCBootLoaderDetected != FALSE) || (driver->DetectFilesystem != TRUE && driver->DetectFilesystem != FALSE) || @@ -3048,7 +3064,7 @@ BOOL OpenDevice (const wchar_t *lpszPath, OPEN_TEST_STRUCT *driver, BOOL detectF else return FALSE; } - + return TRUE; } @@ -3076,10 +3092,10 @@ BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize) /* Stores the device path of the system partition in SysPartitionDevicePath and the device path of the system drive in SysDriveDevicePath. -IMPORTANT: As this may take a very long time if called for the first time, it should be called only before performing - a dangerous operation (such as header backup restore or formatting a supposedly non-system device) never - at WM_INITDIALOG or any other GUI events -- instead call IsSystemDevicePath (path, hwndDlg, FALSE) for - very fast preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK +IMPORTANT: As this may take a very long time if called for the first time, it should be called only before performing + a dangerous operation (such as header backup restore or formatting a supposedly non-system device) never + at WM_INITDIALOG or any other GUI events -- instead call IsSystemDevicePath (path, hwndDlg, FALSE) for + very fast preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the user selected the system partition/device. After this function completes successfully, the results are cached for the rest of the session and repeated @@ -3087,13 +3103,13 @@ executions complete very fast. Returns TRUE if successful (otherwise FALSE). */ BOOL GetSysDevicePaths (HWND hwndDlg) { if (!bCachedSysDevicePathsValid - || wcslen (SysPartitionDevicePath) <= 1 + || wcslen (SysPartitionDevicePath) <= 1 || wcslen (SysDriveDevicePath) <= 1) { foreach (const HostDevice &device, GetAvailableHostDevices (false, true)) { if (device.ContainsSystem) - StringCchCopyW (device.IsPartition ? SysPartitionDevicePath : SysDriveDevicePath, TC_MAX_PATH, device.Path.c_str()); + StringCchCopyW (device.IsPartition ? SysPartitionDevicePath : SysDriveDevicePath, TC_MAX_PATH, device.Path.c_str()); } if (IsOSAtLeast (WIN_7)) @@ -3120,24 +3136,24 @@ BOOL GetSysDevicePaths (HWND hwndDlg) bCachedSysDevicePathsValid = 1; } - return (bCachedSysDevicePathsValid - && wcslen (SysPartitionDevicePath) > 1 + return (bCachedSysDevicePathsValid + && wcslen (SysPartitionDevicePath) > 1 && wcslen (SysDriveDevicePath) > 1); } -/* Determines whether the device path is the path of the system partition or of the system drive (or neither). -If bReliableRequired is TRUE, very fast execution is guaranteed, but the results cannot be relied upon. +/* Determines whether the device path is the path of the system partition or of the system drive (or neither). +If bReliableRequired is TRUE, very fast execution is guaranteed, but the results cannot be relied upon. If it's FALSE and the function is called for the first time, execution may take up to one minute but the results are reliable. IMPORTANT: As the execution may take a very long time if called for the first time with bReliableRequired set to TRUE, it should be called with bReliableRequired set to TRUE only before performing a dangerous - operation (such as header backup restore or formatting a supposedly non-system device) never at - WM_INITDIALOG or any other GUI events (use IsSystemDevicePath(path, hwndDlg, FALSE) for fast - preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK + operation (such as header backup restore or formatting a supposedly non-system device) never at + WM_INITDIALOG or any other GUI events (use IsSystemDevicePath(path, hwndDlg, FALSE) for fast + preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the user selected the system partition/device). After this function completes successfully, the results are cached for the rest of the session, bReliableRequired -is ignored (TRUE implied), repeated executions complete very fast, and the results are always reliable. +is ignored (TRUE implied), repeated executions complete very fast, and the results are always reliable. Return codes: 1 - it is the system partition path (e.g. \Device\Harddisk0\Partition1) 2 - it is the system drive path (e.g. \Device\Harddisk0\Partition0) @@ -3172,10 +3188,10 @@ int IsSystemDevicePath (const wchar_t *path, HWND hwndDlg, BOOL bReliableRequire /* Determines whether the path points to a non-system partition on the system drive. IMPORTANT: As this may take a very long time if called for the first time, it should be called - only before performing a dangerous operation, never at WM_INITDIALOG or any other GUI events. + only before performing a dangerous operation, never at WM_INITDIALOG or any other GUI events. Return codes: -0 - it isn't a non-system partition on the system drive -1 - it's a non-system partition on the system drive +0 - it isn't a non-system partition on the system drive +1 - it's a non-system partition on the system drive -1 - the result can't be determined, isn't reliable, or there was an error. */ int IsNonSysPartitionOnSysDrive (const wchar_t *path) { @@ -3215,12 +3231,12 @@ int IsNonSysPartitionOnSysDrive (const wchar_t *path) if (wcsncmp (tmpPath, SysDriveDevicePath, max (wcslen(tmpPath), wcslen(SysDriveDevicePath))) == 0) { - // It is a non-system partition on the system drive + // It is a non-system partition on the system drive return 1; } - else + else { - // The partition is not on the system drive + // The partition is not on the system drive return 0; } } @@ -3465,17 +3481,17 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l LocalizeDialog (hwndDlg, "IDD_RAWDEVICES_DLG"); SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0, - LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_TWOCLICKACTIVATE|LVS_EX_LABELTIP - ); + LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_TWOCLICKACTIVATE|LVS_EX_LABELTIP + ); - memset (&LvCol,0,sizeof(LvCol)); - LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT; + memset (&LvCol,0,sizeof(LvCol)); + LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT; LvCol.pszText = GetString ("DEVICE"); LvCol.cx = CompensateXDPI (186); LvCol.fmt = LVCFMT_LEFT; SendMessage (hList,LVM_INSERTCOLUMNW,0,(LPARAM)&LvCol); - LvCol.pszText = GetString ("DRIVE"); + LvCol.pszText = GetString ("DRIVE"); LvCol.cx = CompensateXDPI (38); LvCol.fmt = LVCFMT_LEFT; SendMessage (hList,LVM_INSERTCOLUMNW,1,(LPARAM)&LvCol); @@ -3529,7 +3545,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l // Path if (!device.IsPartition || device.DynamicVolume) { - if (!device.Floppy && (device.Size == 0) + if (!device.Floppy && (device.Size == 0) && (device.IsPartition || device.Partitions.empty() || device.Partitions[0].Size == 0) ) continue; @@ -3537,7 +3553,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l if (line > 1) { ListItemAdd (hList, item.iItem, L""); - item.iItem = line++; + item.iItem = line++; } if (device.Floppy || device.DynamicVolume) @@ -3590,7 +3606,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l } #endif - item.iItem = line++; + item.iItem = line++; } SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0)); @@ -3613,8 +3629,8 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l { BOOL bEnableOkButton = FALSE; LVITEM LvItem; - memset(&LvItem,0,sizeof(LvItem)); - LvItem.mask = LVIF_TEXT | LVIF_PARAM; + memset(&LvItem,0,sizeof(LvItem)); + LvItem.mask = LVIF_TEXT | LVIF_PARAM; LvItem.iItem = ((LPNMLISTVIEW) lParam)->iItem; LvItem.pszText = lpszFileName; LvItem.cchTextMax = TC_MAX_PATH; @@ -3647,7 +3663,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l int selectedItem = ListView_GetSelectionMark (GetDlgItem (hwndDlg, IDC_DEVICELIST)); if (selectedItem == -1 || itemToDeviceMap.find (selectedItem) == itemToDeviceMap.end()) - return 1; // non-device line selected + return 1; // non-device line selected const HostDevice selectedDevice = itemToDeviceMap[selectedItem]; StringCchCopyW (lpszFileName, TC_MAX_PATH, selectedDevice.Path.c_str()); @@ -3760,7 +3776,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l } } - // Disallow format if the device contains partitions, but not if the partition is virtual or system + // Disallow format if the device contains partitions, but not if the partition is virtual or system if (!selectedDevice.IsVirtualPartition && !bHiddenVolDirect) { @@ -3781,7 +3797,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l #endif // #ifdef VOLFORMAT } - else + else bSysDriveSelected = FALSE; #ifdef VOLFORMAT @@ -3958,7 +3974,7 @@ BOOL DriverUnload () if (hDriver == INVALID_HANDLE_VALUE) return TRUE; - + try { if (BootEncryption (NULL).GetStatus().DeviceFilterActive) @@ -4075,7 +4091,7 @@ int DriverAttach (void) } // Try to open a handle to the driver again (keep the mutex in case the other instance failed) - goto start; + goto start; } else { @@ -4084,7 +4100,7 @@ int DriverAttach (void) if (SystemEncryptionStatus != SYSENC_STATUS_NONE) { // This is an inconsistent state. The config file indicates system encryption should be - // active, but the driver is not running. This may happen e.g. when the pretest fails and + // active, but the driver is not running. This may happen e.g. when the pretest fails and // the user selects "Last Known Good Configuration" from the Windows boot menu. // To fix this, we're going to reinstall the driver, start it, and register it for boot. @@ -4118,7 +4134,7 @@ int DriverAttach (void) return res; bPortableModeConfirmed = TRUE; - + if (hDriver != INVALID_HANDLE_VALUE) CloseHandle (hDriver); hDriver = CreateFile (WIN32_ROOT_PREFIX, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); @@ -4292,7 +4308,7 @@ BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileN | OFN_PATHMUSTEXIST | OFN_ALLOWMULTISELECT | (keepHistory ? 0 : OFN_DONTADDTORECENT); - + if (!keepHistory) CleanLastVisitedMRU (); @@ -4322,7 +4338,7 @@ BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileN CleanLastVisitedMRU (); status = TRUE; - + ret: SystemFileSelectorCallPending = FALSE; ResetCurrentDirectory(); @@ -4356,10 +4372,10 @@ BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName) } -static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pData) +static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pData) { switch(uMsg) { - case BFFM_INITIALIZED: + case BFFM_INITIALIZED: { /* WParam is TRUE since we are passing a path. It would be FALSE if we were passing a pidl. */ @@ -4367,12 +4383,12 @@ static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pDa break; } - case BFFM_SELCHANGED: + case BFFM_SELCHANGED: { wchar_t szDir[TC_MAX_PATH]; /* Set the status window to the currently selected path. */ - if (SHGetPathFromIDList((LPITEMIDLIST) lp ,szDir)) + if (SHGetPathFromIDList((LPITEMIDLIST) lp ,szDir)) { SendMessage (hwnd,BFFM_SETSTATUSTEXT,0,(LPARAM)szDir); } @@ -4396,7 +4412,7 @@ BOOL BrowseDirectories (HWND hwndDlg, char *lpszTitle, wchar_t *dirName) CoInitialize (NULL); - if (SUCCEEDED (SHGetMalloc (&pMalloc))) + if (SUCCEEDED (SHGetMalloc (&pMalloc))) { ZeroMemory (&bi, sizeof(bi)); bi.hwndOwner = hwndDlg; @@ -4408,9 +4424,9 @@ BOOL BrowseDirectories (HWND hwndDlg, char *lpszTitle, wchar_t *dirName) bi.lParam = (LPARAM)dirName; pidl = SHBrowseForFolderW (&bi); - if (pidl != NULL) + if (pidl != NULL) { - if (SHGetPathFromIDList(pidl, dirName)) + if (SHGetPathFromIDList(pidl, dirName)) { bOK = TRUE; } @@ -4624,7 +4640,7 @@ static BOOL CALLBACK LocalizeDialogEnum( HWND hwnd, LPARAM font) // Font SendMessageW (hwnd, WM_SETFONT, (WPARAM) font, 0); - + return TRUE; } @@ -4638,7 +4654,7 @@ void LocalizeDialog (HWND hwnd, char *stringId) SetWindowTextW (hwnd, L"VeraCrypt"); else SetWindowTextW (hwnd, GetString (stringId)); - + if (hUserFont != 0) EnumChildWindows (hwnd, LocalizeDialogEnum, (LPARAM) hUserFont); } @@ -4719,10 +4735,10 @@ BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValu DWORD cbLabelLen = (DWORD) ((wcslen (effectiveLabel) + 1) * sizeof (wchar_t)); BOOL bToBeDeleted = FALSE; - StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s\\DefaultLabel", driveStr); - + StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s\\DefaultLabel", driveStr); + if (bSetValue) - lStatus = RegCreateKeyExW (HKEY_CURRENT_USER, wszRegPath, NULL, NULL, 0, + lStatus = RegCreateKeyExW (HKEY_CURRENT_USER, wszRegPath, NULL, NULL, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, NULL, &hKey, NULL); else lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey); @@ -4746,7 +4762,7 @@ BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValu if (bToBeDeleted) { - StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s", driveStr); + StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s", driveStr); lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey); if (ERROR_SUCCESS == lStatus) { @@ -4772,7 +4788,7 @@ wstring GetUserFriendlyVersionString (int version) versionString.insert (version > 0xfff ? 2 : 1,L"."); if (versionString[versionString.length()-1] == L'0') - versionString.erase (versionString.length()-1, 1); + versionString.erase (versionString.length()-1, 1); return (versionString); } @@ -4824,7 +4840,7 @@ bool HexWideStringToArray (const wchar_t* hexStr, std::vector& arr) arr.clear(); if (len %2) return false; - + for (i = 0; i < len/2; i++) { if (!HexToByte (*hexStr++, b1) || !HexToByte (*hexStr++, b2)) @@ -4887,7 +4903,7 @@ void GetSpeedString (unsigned __int64 speed, wchar_t *str, size_t cbStr) { static wchar_t *b, *kb, *mb, *gb, *tb, *pb; static int serNo; - + if (b == NULL || serNo != LocalizationSerialNo) { serNo = LocalizationSerialNo; @@ -5029,7 +5045,7 @@ static void DisplayBenchmarkResults (HWND hwndDlg) } break; } - + for (i = 0; i < benchmarkTotalItems; i++) { ea = benchmarkTable[i].id; @@ -5087,7 +5103,7 @@ static void DisplayBenchmarkResults (HWND hwndDlg) typedef struct { HWND hBenchDlg; - BOOL bStatus; + BOOL bStatus; } BenchmarkThreadParam; static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg); @@ -5284,7 +5300,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) if (thid == SHA256) { #ifdef _WIN64 - benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26); + benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26); #else benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 24); #endif @@ -5292,7 +5308,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) else { #ifdef _WIN64 - benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5; + benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5; #else benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 18) / 5; #endif @@ -5389,7 +5405,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) return TRUE; counter_error: - + if (ci) crypto_close (ci); @@ -5441,11 +5457,11 @@ BOOL CALLBACK BenchmarkDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP benchmarkGPT = FALSE; SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0, - LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_LABELTIP - ); + LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_LABELTIP + ); - memset (&LvCol,0,sizeof(LvCol)); - LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT; + memset (&LvCol,0,sizeof(LvCol)); + LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT; LvCol.pszText = GetString ("ALGORITHM"); LvCol.cx = CompensateXDPI (114); LvCol.fmt = LVCFMT_LEFT; @@ -5733,7 +5749,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA SetTimer (hwndDlg, 0xfd, RANDPOOL_DISPLAY_REFRESH_INTERVAL, NULL); SendMessage (GetDlgItem (hwndDlg, IDC_POOL_CONTENTS), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE); - + hEntropyBar = GetDlgItem (hwndDlg, IDC_ENTROPY_BAR); SendMessage (hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel); SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0); @@ -5768,7 +5784,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA else if (bUseMask) { /* use mask to compute a randomized ascii representation */ - tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] - + tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] - lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col]; tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*'); tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*'); @@ -5929,8 +5945,8 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0); SendMessage (hEntropyBar, PBM_SETSTATE, PBST_ERROR, 0); -#ifndef VOLFORMAT - if (Randinit ()) +#ifndef VOLFORMAT + if (Randinit ()) { handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS); EndDialog (hwndDlg, IDCLOSE); @@ -5976,7 +5992,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP else if (bUseMask) { /* use mask to compute a randomized ASCII representation */ - tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] - + tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] - lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col]; tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*'); tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*'); @@ -6104,7 +6120,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP for (i= 0; i < keyfilesCount; i++) { StringCbCopyW(szFileName, sizeof(szFileName), szDirName); - + if (i > 0) { StringCbPrintfW(szSuffix, sizeof(szSuffix), L"_%d", i); @@ -6161,7 +6177,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP NormalCursor(); return 1; } - + /* since keyfilesSize < 1024 * 1024, we mask with 0x000FFFFF */ keyfilesSize = (long) (((unsigned long) keyfilesSize) & 0x000FFFFF); @@ -6169,7 +6185,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP keyfilesSize += 64; } - /* Generate the keyfile */ + /* Generate the keyfile */ if (!RandgetBytesFull (hwndDlg, keyfile, keyfilesSize, TRUE, TRUE)) { _close (fhKeyfile); @@ -6177,7 +6193,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP TCfree(keyfile); NormalCursor(); return 1; - } + } /* Write the keyfile */ status = _write (fhKeyfile, keyfile, keyfilesSize); @@ -6190,7 +6206,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP NormalCursor(); handleWin32Error (hwndDlg, SRC_POS); return 1; - } + } } TCfree(keyfile); @@ -6209,7 +6225,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP WaitCursor(); KillTimer (hwndDlg, 0xfd); -#ifndef VOLFORMAT +#ifndef VOLFORMAT RandStop (FALSE); #endif /* Cleanup */ @@ -6324,7 +6340,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL); SetWindowTextW(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), GetString ("TESTS_FAILED")); - } + } else { ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL); @@ -6430,7 +6446,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) inputtext[n] = (char) x; } - + // XTS if (bXTSTestEnabled) { @@ -6487,10 +6503,10 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) blockNo = (int) SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETCURSEL, 0, 0), 0); } // if (bXTSTestEnabled) - + /* Perform the actual tests */ - if (ks != CB_ERR && pt != CB_ERR) + if (ks != CB_ERR && pt != CB_ERR) { char tmp[128]; int tmpRetVal; @@ -6587,7 +6603,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) return 0; } -void +void ResetCipherTest(HWND hwndDlg, int idTestCipher) { int ndx; @@ -6621,7 +6637,7 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher) SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), L"0000000000000000000000000000000000000000000000000000000000000000"); SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), L"0"); - + SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), L"0000000000000000"); SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000"); @@ -6696,7 +6712,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA pStr++; pwStr++; - do + do { if (*pStr != 0) { @@ -6710,7 +6726,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA hUserFont), nLongestButtonCaptionWidth); - nLongestButtonCaptionCharLen = max (nLongestButtonCaptionCharLen, + nLongestButtonCaptionCharLen = max (nLongestButtonCaptionCharLen, (int) wcslen ((const wchar_t *) (bResolve ? GetString(*pStr) : *pwStr))); } @@ -6729,14 +6745,14 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA // Length of main message in characters (not bytes) nMainTextLenInChars = (int) wcslen ((const wchar_t *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1))); - if (nMainTextLenInChars > 200 + if (nMainTextLenInChars > 200 && nMainTextLenInChars / nLongestButtonCaptionCharLen >= 10) { - // As the main text is longer than 200 characters, we will "pad" the widest button caption with - // spaces (if it is not wide enough) so as to increase the width of the whole dialog window. + // As the main text is longer than 200 characters, we will "pad" the widest button caption with + // spaces (if it is not wide enough) so as to increase the width of the whole dialog window. // Otherwise, it would look too tall (dialog boxes look better when they are more wide than tall). nLongestButtonCaptionWidth = CompensateXDPI (max ( - nLongestButtonCaptionWidth, + nLongestButtonCaptionWidth, min (350, nMainTextLenInChars))); } @@ -6764,10 +6780,10 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA do { - offset = FindString ((char *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)), + offset = FindString ((char *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)), (char *) L"\n", - nMainTextLenInChars * 2, - (int) wcslen (L"\n") * 2, + nMainTextLenInChars * 2, + (int) wcslen (L"\n") * 2, offset + 1); newLineSeqCount++; @@ -6788,8 +6804,8 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA // Reduction in height according to the number of shown buttons vertSubOffset = ((MAX_MULTI_CHOICES - nActiveChoices) * nBaseButtonHeight); - if (horizSubOffset > 0 - || vertMsgHeightOffset > 0 + if (horizSubOffset > 0 + || vertMsgHeightOffset > 0 || vertOffset > 0) { // Resize/move each button if necessary @@ -6823,7 +6839,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA trec.right + 2 + horizSubOffset, trec.bottom + 2, TRUE); - + GetWindowRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &rec); GetClientRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &trec); MoveWindow (GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), @@ -6877,7 +6893,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA BOOL CheckCapsLock (HWND hwnd, BOOL quiet) { - if ((GetKeyState(VK_CAPITAL) & 1) != 0) + if ((GetKeyState(VK_CAPITAL) & 1) != 0) { if (!quiet) { @@ -6906,7 +6922,7 @@ BOOL CheckFileExtension (wchar_t *fileName) L".vb", L".vbe", L".vbs", L".vsmacros", L".vss", L".vst", L".vsw", L".ws", L".wsc", L".wsf", L".wsh", L".xsd", L".xsl", // These additional file extensions are usually watched by antivirus programs L".386", L".acm", L".ade", L".adp", L".ani", L".app", L".asd", L".asf", L".asx", L".awx", L".ax", L".boo", L".bz2", L".cdf", - L".class", L".dhtm", L".dhtml",L".dlo", L".emf", L".eml", L".flt", L".fot", L".gz", L".hlp", L".htm", L".html", L".ini", + L".class", L".dhtm", L".dhtml",L".dlo", L".emf", L".eml", L".flt", L".fot", L".gz", L".hlp", L".htm", L".html", L".ini", L".j2k", L".jar", L".jff", L".jif", L".jmh", L".jng", L".jp2", L".jpe", L".jpeg", L".jpg", L".lsp", L".mod", L".nws", L".obj", L".olb", L".osd", L".ov1", L".ov2", L".ov3", L".ovl", L".ovl", L".ovr", L".pdr", L".pgm", L".php", L".pkg", L".pl", L".png", L".pot", L".pps", L".ppt", L".ps1", L".ps1xml", L".psc1", L".rar", L".rpl", L".rtf", L".sbf", L".script", L".sh", L".sha", L".shtm", @@ -7078,7 +7094,7 @@ int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced) memcpy (wszLabel, prop.wszLabel, sizeof (wszLabel)); bDriverSetLabel = prop.bDriverSetLabel; } - + unmount.nDosDriveNo = nDosDriveNo; unmount.ignoreOpenFiles = forced; @@ -7148,11 +7164,11 @@ void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap) } } - dbv.dbcv_size = sizeof (dbv); - dbv.dbcv_devicetype = DBT_DEVTYP_VOLUME; + dbv.dbcv_size = sizeof (dbv); + dbv.dbcv_devicetype = DBT_DEVTYP_VOLUME; dbv.dbcv_reserved = 0; dbv.dbcv_unitmask = driveMap; - dbv.dbcv_flags = 0; + dbv.dbcv_flags = 0; UINT timeOut = 1000; @@ -7252,8 +7268,8 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) SetWindowLongPtrW (hProgress, GWL_STYLE, PBS_MARQUEE | GetWindowLongPtrW (hProgress, GWL_STYLE)); ::SendMessageW(hProgress, PBM_SETMARQUEE, (WPARAM) TRUE, (LPARAM) 0); } - - thParam->hwnd = hwndDlg; + + thParam->hwnd = hwndDlg; // For now, we don't have system menu is the resources but we leave this code // if it is enabled in the future @@ -7267,8 +7283,8 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) HICON hIcon = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXICON), ::GetSystemMetrics(SM_CYICON), LR_DEFAULTCOLOR); ::SendMessage(hwndDlg, WM_SETICON, TRUE, (LPARAM)hIcon); HICON hIconSmall = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR); - ::SendMessage(hwndDlg, WM_SETICON, FALSE, (LPARAM)hIconSmall); - } + ::SendMessage(hwndDlg, WM_SETICON, FALSE, (LPARAM)hIconSmall); + } LocalizeDialog (hwndDlg, NULL); _beginthread(WaitThread, 0, thParam); @@ -7296,26 +7312,26 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam) void BringToForeground(HWND hWnd) { if(!::IsWindow(hWnd)) return; - + DWORD lockTimeOut = 0; HWND hCurrWnd = ::GetForegroundWindow(); DWORD dwThisTID = ::GetCurrentThreadId(), dwCurrTID = ::GetWindowThreadProcessId(hCurrWnd,0); - + if (hCurrWnd != hWnd) { if(dwThisTID != dwCurrTID) { ::AttachThreadInput(dwThisTID, dwCurrTID, TRUE); - + ::SystemParametersInfo(SPI_GETFOREGROUNDLOCKTIMEOUT,0,&lockTimeOut,0); ::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,0,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE); - + ::AllowSetForegroundWindow(ASFW_ANY); } - + ::SetForegroundWindow(hWnd); - + if(dwThisTID != dwCurrTID) { ::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,(PVOID)lockTimeOut,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE); @@ -7388,12 +7404,12 @@ static BOOL PerformMountIoctl (MOUNT_STRUCT* pmount, LPDWORD pdwResult, BOOL use CreateFullVolumePath (pmount->wszVolume, sizeof(pmount->wszVolume), devicePath.c_str(), &bDevice); } } - + return DeviceIoControl (hDriver, TC_IOCTL_MOUNT_VOLUME, pmount, sizeof (MOUNT_STRUCT), pmount, sizeof (MOUNT_STRUCT), pdwResult, NULL); } -// specific definitions and implementation for support of mount operation +// specific definitions and implementation for support of mount operation // in wait dialog mechanism typedef struct @@ -7526,7 +7542,7 @@ int MountVolume (HWND hwndDlg, path = path.substr (4); StringCchCopyW (volumePath, TC_MAX_PATH, path.c_str()); } - + if (path.find (L"Volume{") == 0 && path.rfind (L"}\\") == path.size() - 2) { wstring resolvedPath = VolumeGuidPathToDevicePath (path); @@ -7538,7 +7554,7 @@ int MountVolume (HWND hwndDlg, if ((path.length () >= 3) && (_wcsnicmp (path.c_str(), L"ID:", 3) == 0)) { std::vector arr; - if ( (path.length() == (3 + 2*VOLUME_ID_SIZE)) + if ( (path.length() == (3 + 2*VOLUME_ID_SIZE)) && HexWideStringToArray (path.c_str() + 3, arr) && (arr.size() == VOLUME_ID_SIZE) ) @@ -7575,7 +7591,7 @@ int MountVolume (HWND hwndDlg, mount.BytesPerSector = bps; mount.BytesPerPhysicalSector = bps; } - + if (IsOSAtLeast (WIN_VISTA)) { if ( (wcslen(root) >= 2) @@ -7683,7 +7699,7 @@ int MountVolume (HWND hwndDlg, goto retry; } - // Ask user + // Ask user if (IDYES == AskWarnNoYes ("FILE_IN_USE", hwndDlg)) { mount.bExclusiveAccess = FALSE; @@ -7704,12 +7720,12 @@ int MountVolume (HWND hwndDlg, { if (mount.nReturnCode == ERR_PASSWORD_WRONG) { - // Do not report wrong password, if not instructed to + // Do not report wrong password, if not instructed to if (bReportWrongPassword) { IncreaseWrongPwdRetryCount (1); // We increase the count here only if bReportWrongPassword is TRUE, because "Auto-Mount All Devices" and other callers do it separately - if (WrongPwdRetryCountOverLimit () + if (WrongPwdRetryCountOverLimit () && !mount.UseBackupHeader) { // Retry using embedded header backup (if any) @@ -7757,7 +7773,7 @@ int MountVolume (HWND hwndDlg, if (bReportWrongPassword && !Silent) Warning ("HEADER_DAMAGED_AUTO_USED_HEADER_BAK", hwndDlg); } - + LastMountedVolumeDirty = mount.FilesystemDirty; if (mount.FilesystemDirty) @@ -12132,3 +12148,52 @@ BOOL CopyTextToClipboard (LPCWSTR txtValue) return bRet; } + +BOOL GetFreeDriveLetter(WCHAR* pCh) { + DWORD dwUsedDrives = GetLogicalDrives(); + WCHAR l; + for (l = L'A'; l <= L'Z'; l++) { + if ((dwUsedDrives & 1) == 0) { + *pCh = l; + return TRUE; + } + dwUsedDrives = dwUsedDrives >> 1; + } + return FALSE; +} + +BOOL RaisePrivileges(void) +{ + HANDLE hToken; + TOKEN_PRIVILEGES tkp; + BOOL bRet = FALSE; + DWORD dwLastError = 0; + + if (OpenProcessToken(GetCurrentProcess(), + TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, + &hToken)) + { + if (LookupPrivilegeValue(NULL, SE_SYSTEM_ENVIRONMENT_NAME, + &tkp.Privileges[0].Luid)) + { + DWORD len; + + tkp.PrivilegeCount = 1; + tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + + bRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, &len); + if (!bRet) + dwLastError = GetLastError (); + } + else + dwLastError = GetLastError (); + + CloseHandle(hToken); + } + else + dwLastError = GetLastError (); + + SetLastError (dwLastError); + + return bRet; +} \ No newline at end of file diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index bc818e77..9ae9d5b2 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -510,6 +510,9 @@ void AllowMessageInUIPI (UINT msg); BOOL IsRepeatedByteArray (byte value, const byte* buffer, size_t bufferSize); BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue); BOOL CopyTextToClipboard (const wchar_t* txtValue); +BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args); +BOOL GetFreeDriveLetter(WCHAR* pCh); +BOOL RaisePrivileges(void); #ifdef __cplusplus } diff --git a/src/Common/Language.xml b/src/Common/Language.xml index fdd194fe..5350ece1 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1077,7 +1077,7 @@ VeraCrypt no longer supports encryption of the system partition/drive on Windows Vista with no Service Pack installed. Before upgrading VeraCrypt, please install Service Pack 1 or higher for Windows Vista. Error: This feature requires VeraCrypt to be installed on the system (you are running VeraCrypt in portable mode).\n\nPlease install VeraCrypt and then try again. WARNING: Windows does not appear to be installed on the drive from which it boots. This is not supported.\n\nYou should continue only if you are sure that Windows is installed on the drive from which it boots.\n\nDo you want to continue? - Your system drive has a GUID partition table (GPT). Currently, only drives with a MBR partition table are supported. + You are running a 32-bit Windows and your system drive has a GUID partition table (GPT). Currently, only Windows 64-bit is supported for GPT system encryption. CAUTION: The VeraCrypt Boot Loader is already installed on your system drive!\n\nIt is possible that another system on your computer is already encrypted.\n\nWARNING: PROCEEDING WITH ENCRYPTION OF THE CURRENTLY RUNNING SYSTEM MAY MAKE OTHER SYSTEM(S) IMPOSSIBLE TO START AND RELATED DATA INACCESSIBLE.\n\nAre you sure you want to continue? Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader. The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file). @@ -1399,6 +1399,9 @@ Personal Iterations Multiplier (PIM) maximum value is 2147468. Skip Rescue Disk verification Don't show wait message dialog when performing operations + Do not request Hash algorithm in the pre-boot authentication screen + The GOST block cipher, defined in the standard GOST 28147-89 under name Magma, is a Soviet and Russian government standard symmetric key block cipher.\n\nDeveloped in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. It was a Soviet alternative to the United States standard algorithm, DES. + Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS. Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. Time Iterations diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp index ad0d2f50..42aa6a70 100644 --- a/src/ExpandVolume/WinMain.cpp +++ b/src/ExpandVolume/WinMain.cpp @@ -504,9 +504,17 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA int i, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); + BOOL bIsGPT = FALSE; + try + { + BootEncryption BootEncObj (hwndDlg); + bIsGPT = BootEncObj.GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) { - if (HashForSystemEncryption(i)) + if (bIsGPT || HashForSystemEncryption(i)) { nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); diff --git a/src/Format/FormatCom.cpp b/src/Format/FormatCom.cpp index 96e3e3cd..2aa5cea9 100644 --- a/src/Format/FormatCom.cpp +++ b/src/Format/FormatCom.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -74,7 +74,7 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom AddRef (); return S_OK; } - + virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output) { return BaseCom::CallDriver (ioctl, input, output); @@ -137,6 +137,46 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom return ::FormatFs (driveNo, clusterSize, fsType); } + virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize) + { + return BaseCom::GetFileSize (filePath, pSize); + } + + virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output) + { + return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output); + } + + virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg) + { + return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg); + } + + virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader () + { + return BaseCom::BackupEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader () + { + return BaseCom::RestoreEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn) + { + return BaseCom::GetEfiBootDeviceNumber (pSdn); + } + + virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead) + { + return BaseCom::ReadEfiConfig (pContent, pcbRead); + } + + virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg) + { + return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg); + } + protected: DWORD MessageThreadId; LONG RefCount; diff --git a/src/Format/FormatCom.idl b/src/Format/FormatCom.idl index 23d987a7..1eb09b43 100644 --- a/src/Format/FormatCom.idl +++ b/src/Format/FormatCom.idl @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -16,7 +16,7 @@ import "..\Common\Password.h"; [ uuid(56327DDA-F1A7-4e13-B128-520D129BDEF6), helpstring("VeraCrypt Format UAC Support Library"), - version(2.5) // Update ComSetup.cpp when changing version number + version(2.6) // Update ComSetup.cpp when changing version number ] library TrueCryptFormatCom { @@ -40,6 +40,14 @@ library TrueCryptFormatCom DWORD SetDriverServiceStartType (DWORD startType); DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); BOOL FormatFs (int driveNo, int clusterSize, int fsType); + DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize); + DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output); + DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg); + DWORD BackupEfiSystemLoader (); + DWORD RestoreEfiSystemLoader (); + DWORD GetEfiBootDeviceNumber (BSTR* pSdn); + DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead); + DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); }; [ diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index f1ecabe1..186c1199 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -931,11 +931,13 @@ static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent) BOOL SwitchWizardToSysEncMode (void) { WaitCursor (); + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); bWholeSysDrive = BootEncObj->SystemPartitionCoversWholeDrive(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { @@ -1413,6 +1415,18 @@ void ComboSelChangeEA (HWND hwndDlg) SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP")); } + else if (wcsncmp (name, L"GOST89", 6) == 0) + { + StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), L"GOST89"); + + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("GOST89_HELP")); + } + else if (wcscmp (name, L"Kuznyechik") == 0) + { + StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); + + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP")); + } else if (wcscmp (name, L"Camellia") == 0) { StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); @@ -3612,6 +3626,14 @@ static BOOL FileSize4GBLimitQuestionNeeded (void) } +void BlockIfGpt(HWND control) { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + + if (config.SystemPartition.IsGPT) { + EnableWindow(control, FALSE); + } +} + /* Except in response to the WM_INITDIALOG message, the dialog box procedure should return nonzero if it processes the message, and zero if it does not. - see DialogProc */ @@ -3669,6 +3691,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); + BlockIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN)); + CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL)); SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP")); @@ -3708,6 +3732,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP")); CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION)); + BlockIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE)); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT")); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV")); @@ -3785,7 +3810,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL")); RefreshMultiBootControls (hwndDlg); - + BlockIfGpt(GetDlgItem(hwndDlg, IDC_MULTI_BOOT)); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), nMultiBoot > 0); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE); @@ -4061,13 +4086,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (SysEncInEffect ()) { - hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + hash_algo = bIsGPT? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT; RandSetHashFunction (hash_algo); for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) { // For now, we keep RIPEMD160 for system encryption - if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && HashForSystemEncryption (hid)) + if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bIsGPT || HashForSystemEncryption (hid))) AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid); } } @@ -4461,8 +4487,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1)); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); - SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk); + // For now, disable verification of Rescue Disk for GPT system encryption + { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + bDontVerifyRescueDisk = config.SystemPartition.IsGPT; + SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk); + EnableWindow(GetDlgItem (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION), !config.SystemPartition.IsGPT); + } break; case SYSENC_RESCUE_DISK_BURN_PAGE: @@ -5443,13 +5475,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDC_BENCHMARK && nCurPageNo == CIPHER_PAGE) { + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + // Reduce CPU load bFastPollEnabled = FALSE; bRandmixEnabled = FALSE; DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, - (DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); + (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT); bFastPollEnabled = TRUE; bRandmixEnabled = TRUE; @@ -5471,6 +5510,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa Applink ("serpent", FALSE, ""); else if (wcscmp (name, L"Twofish") == 0) Applink ("twofish", FALSE, ""); + else if (wcscmp (name, L"GOST89") == 0) + Applink ("gost89", FALSE, ""); + else if (wcscmp (name, L"Kuznyechik") == 0) + Applink ("kuznyechik", FALSE, ""); else if (wcscmp (name, L"Camellia") == 0) Applink ("camellia", FALSE, ""); else if (EAGetCipherCount (nIndex) > 1) @@ -5793,7 +5836,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO); int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0); - if (!HashForSystemEncryption(selectedAlgo)) + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + if (!bIsGPT && !HashForSystemEncryption(selectedAlgo)) { hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT); @@ -7332,10 +7376,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa else if (nCurPageNo == CIPHER_PAGE) { LPARAM nIndex; + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0); nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0); - if (SysEncInEffect () + if (!bIsGPT && SysEncInEffect () && EAGetCipherCount (nVolumeEA) > 1) // Cascade? { if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO) @@ -8033,7 +8078,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa } #endif - BootEncObj->Install (bHiddenOS ? true : false); + BootEncObj->Install (bHiddenOS ? true : false, hash_algo); } catch (Exception &e) { diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp index 8f3927ad..6056697c 100644 --- a/src/Mount/MainCom.cpp +++ b/src/Mount/MainCom.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -158,6 +158,46 @@ class TrueCryptMainCom : public ITrueCryptMainCom return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd); } + virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize) + { + return BaseCom::GetFileSize (filePath, pSize); + } + + virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output) + { + return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output); + } + + virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg) + { + return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg); + } + + virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader () + { + return BaseCom::BackupEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader () + { + return BaseCom::RestoreEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn) + { + return BaseCom::GetEfiBootDeviceNumber (pSdn); + } + + virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead) + { + return BaseCom::ReadEfiConfig (pContent, pcbRead); + } + + virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg) + { + return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg); + } + protected: DWORD MessageThreadId; LONG RefCount; diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl index 9362fd42..9c3ef372 100644 --- a/src/Mount/MainCom.idl +++ b/src/Mount/MainCom.idl @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -16,7 +16,7 @@ import "..\Common\Password.h"; [ uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A), helpstring("VeraCrypt Main UAC Support Library"), - version(2.7) // Update ComSetup.cpp when changing version number + version(2.8) // Update ComSetup.cpp when changing version number ] library TrueCryptMainCom { @@ -44,6 +44,14 @@ library TrueCryptMainCom int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd); + DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize); + DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output); + DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg); + DWORD BackupEfiSystemLoader (); + DWORD RestoreEfiSystemLoader (); + DWORD GetEfiBootDeviceNumber (BSTR* pSdn); + DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead); + DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); }; [ diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 82fa4134..a7e6da51 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg) SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info); } + { + BOOL bIsGPT = FALSE; + try + { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + bIsGPT = config.SystemPartition.IsGPT; + } + catch (Exception &) + { + } + + // disable rescue disk operation for GPT system encryption + if (bIsGPT) + { + EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED); + } + } + // Disable menu item for changing system header key derivation algorithm until it's implemented EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED); @@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent) static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration(); } catch (Exception &e) { @@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly) AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS")); - if (!IsHiddenOSRunning()) + if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT) { AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK")); @@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter) } -static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg) +static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation) { wchar_t t[TC_MAX_PATH + 1024] = {L'"',0}; wchar_t *tmp; @@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg) if (!FileExists(t)) Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do - - if (wcslen (arg) > 0) - { - StringCbCatW (t, sizeof(t), L" "); - StringCbCatW (t, sizeof(t), arg); - } - - if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) - { - handleWin32Error (hwndDlg, SRC_POS); - } else { - CloseHandle (pi.hProcess); - CloseHandle (pi.hThread); + + if (bElevation && !IsAdmin() && IsUacSupported()) + { + LaunchElevatedProcess (hwndDlg, t, arg); + } + else + { + if (wcslen (arg) > 0) + { + StringCbCatW (t, sizeof(t), L" "); + StringCbCatW (t, sizeof(t), arg); + } + if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) + { + handleWin32Error (hwndDlg, SRC_POS); + } + else + { + CloseHandle (pi.hProcess); + CloseHandle (pi.hThread); + } + } } } } @@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR case IDC_PKCS5_PRF_ID: if (bSysEncPwdChangeDlgMode) { - int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, + int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} - if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id)) + if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id)) { int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT; Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg); @@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) { - if (HashForSystemEncryption(i)) + if (bIsGPT || HashForSystemEncryption(i)) { nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); @@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF) // Initiates or resumes encryption of the system partition/drive static void EncryptSystemDevice (HWND hwndDlg) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { e.Show (MainDlg); } - if (!BootEncStatus.DriveEncrypted + if (!BootEncStatus.DriveEncrypted && !BootEncStatus.DriveMounted && !SysEncryptionOrDecryptionRequired ()) { @@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg) if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (hwndDlg, L"/sysenc"); + LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg) if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (hwndDlg, L"/sysenc"); + LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg) // Initiates decryption of the system partition/drive static void DecryptSystemDevice (HWND hwndDlg) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { @@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg) return; } - CloseSysEncMutex (); - LaunchVolCreationWizard (hwndDlg, L"/dsysenc"); + CloseSysEncMutex (); + LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg) // such information, but will exit (displaying only an error meessage). Info("HIDDEN_OS_PREINFO", hwndDlg); - LaunchVolCreationWizard (hwndDlg, L"/isysenc"); + LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE); } static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel) @@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO) return; - LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ()); + LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE); } // Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process @@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg) { if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (MainDlg, L"/csysenc"); + SystemDriveConfiguration config; + try + { + config = BootEncObj->GetSystemDriveConfiguration (); + } + catch (Exception &e) + { + e.Show (MainDlg); + } + + LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt) // IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt, // the user would not be able resume encryption and the data on the volume would be inaccessible. - LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace"); + LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE); } BOOL SelectContainer (HWND hwndDlg) @@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent) static void Benchmark (HWND hwndDlg) { + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, - (DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); + (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT); } @@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { // The wizard was not launched during the system startup seq, or the user may have forgotten // to resume the encryption/decryption process. + SystemDriveConfiguration config; + try + { + config = BootEncObj->GetSystemDriveConfiguration (); + } + catch (Exception &e) + { + e.Show (MainDlg); + } - - LaunchVolCreationWizard (hwndDlg, L"/csysenc"); + LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE); } } } @@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD) { - LaunchVolCreationWizard (hwndDlg, L""); + LaunchVolCreationWizard (hwndDlg, L"", FALSE); return 1; } @@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS) { - DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + + DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0); return 1; } @@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM try { VOLUME_PROPERTIES_STRUCT prop; + BOOL bIsGPT = FALSE; try { BootEncStatus = BootEncObj->GetStatus(); BootEncObj->GetVolumeProperties (&prop); + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; } catch (...) { - BootEncStatus.DriveMounted = false; + BootEncStatus.DriveMounted = false; } - if (BootEncStatus.DriveMounted) + if (BootEncStatus.DriveMounted && !bIsGPT) { byte userConfig; string customUserMessage; uint16 bootLoaderVersion; - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) + return 1; if (bootLoaderVersion != VERSION_NUM) Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); @@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION; - BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); + BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); } SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW); @@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA { case WM_INITDIALOG: { - if (!BootEncObj->GetStatus().DriveMounted) + BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus(); + if (!BootEncStatus.DriveMounted) { Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg); EndDialog (hwndDlg, IDCANCEL); return 1; } + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; try { LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS"); @@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA uint32 driverConfig = ReadDriverConfigurationFlags(); byte userConfig; string customUserMessage; - uint16 bootLoaderVersion; + uint16 bootLoaderVersion = 0; BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE; BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE; - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) + { + // operations canceled + EndDialog (hwndDlg, IDCANCEL); + return 1; + } if (bootLoaderVersion != VERSION_NUM) Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); - SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0); - SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str()); + if (bIsGPT) + { + CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED); + } + else + { + SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0); + SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str()); + CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); + CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED); + SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); + } CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED); EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED); - - SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); } catch (Exception &e) { @@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA case IDOK: { VOLUME_PROPERTIES_STRUCT prop; + BOOL bIsGPT = FALSE; if (!BootEncObj->GetStatus().DriveMounted) { @@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA try { BootEncObj->GetVolumeProperties (&prop); + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; } catch (Exception &e) { @@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA return 1; } - char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1]; - GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage)); + char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0}; + if (!bIsGPT) + GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage)); byte userConfig; try { - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig)) + return 1; } catch (Exception &e) { @@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM; - if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT)) + if (bIsGPT) + { + if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT)) + userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH; + else + userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH; + } + else + { + if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT)) userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE; else userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE; @@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; + } try { BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD); BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); - BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); + BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); diff --git a/src/Mount/Mount.h b/src/Mount/Mount.h index 3a2a4056..4a50ef3c 100644 --- a/src/Mount/Mount.h +++ b/src/Mount/Mount.h @@ -1,11 +1,11 @@ /* Legal Notice: Some portions of the source code contained in this file were - derived from the source code of TrueCrypt 7.1a, which is - Copyright (c) 2003-2012 TrueCrypt Developers Association and which is + derived from the source code of TrueCrypt 7.1a, which is + Copyright (c) 2003-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux - and which is governed by the 'License Agreement for Encryption for the Masses' - Modifications and additions to the original source code (contained in this file) + and which is governed by the 'License Agreement for Encryption for the Masses' + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate); int GetCipherBlockSizeByDriveNo (int nDosDriveNo); int GetModeOfOperationByDriveNo (int nDosDriveNo); void ChangeMainWindowVisibility (); -void LaunchVolCreationWizard (HWND hwndDlg); BOOL WholeSysDriveEncryption (BOOL bSilent); BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet); BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath); diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index 6aa544fa..cae65984 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -283,30 +283,23 @@ BEGIN LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 END -IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 +IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN - CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9 - EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 - CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 - DEFPUSHBUTTON "OK",IDOK,257,262,50,14 - PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 - LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8 - GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75 - LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73 - CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10 + DEFPUSHBUTTON "OK",IDOK,257,115,50,14 + PUSHBUTTON "Cancel",IDCANCEL,313,115,50,14 + GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44 CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, - "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10 CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 + CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9 END IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248 @@ -386,6 +379,31 @@ BEGIN CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10 END +IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 +STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU +CAPTION "VeraCrypt - System Encryption Settings" +FONT 8, "MS Shell Dlg", 400, 0, 0x1 +BEGIN + CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9 + EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL + CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 + CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 + DEFPUSHBUTTON "OK",IDOK,257,262,50,14 + PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 + LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8 + GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75 + LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73 + CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 + CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 + CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 +END ///////////////////////////////////////////////////////////////////////////// // @@ -393,7 +411,7 @@ END // #ifdef APSTUDIO_INVOKED -GUIDELINES DESIGNINFO +GUIDELINES DESIGNINFO BEGIN IDD_PREFERENCES_DLG, DIALOG BEGIN @@ -455,12 +473,12 @@ BEGIN BOTTOMMARGIN, 192 END - IDD_SYSENC_SETTINGS, DIALOG + IDD_EFI_SYSENC_SETTINGS, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 363 TOPMARGIN, 7 - BOTTOMMARGIN, 276 + BOTTOMMARGIN, 129 END IDD_PERFORMANCE_SETTINGS, DIALOG @@ -486,6 +504,14 @@ BEGIN TOPMARGIN, 7 BOTTOMMARGIN, 58 END + + IDD_SYSENC_SETTINGS, DIALOG + BEGIN + LEFTMARGIN, 7 + RIGHTMARGIN, 363 + TOPMARGIN, 7 + BOTTOMMARGIN, 276 + END END #endif // APSTUDIO_INVOKED @@ -534,19 +560,19 @@ END // TEXTINCLUDE // -1 TEXTINCLUDE +1 TEXTINCLUDE BEGIN "resource.h\0" END -2 TEXTINCLUDE +2 TEXTINCLUDE BEGIN "#include ""afxres.h""\r\n" "#include ""..\\\\common\\\\resource.h""\r\n" "\0" END -3 TEXTINCLUDE +3 TEXTINCLUDE BEGIN "#include ""..\\\\common\\\\common.rc""\r\n" "\0" @@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK BITMAP "System_drive_icon_mask_96dpi.bm // Menu // -IDR_MENU MENU +IDR_MENU MENU BEGIN POPUP "&Volumes" BEGIN @@ -691,7 +717,7 @@ END // String Table // -STRINGTABLE +STRINGTABLE BEGIN IDS_UACSTRING "VeraCrypt" END diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 3d93d81f..12860915 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -21,6 +21,7 @@ #define IDD_SYSENC_SETTINGS 116 #define IDD_FAVORITE_VOLUMES 117 #define IDD_DEFAULT_MOUNT_PARAMETERS 118 +#define IDD_EFI_SYSENC_SETTINGS 119 #define IDC_PREF_MOUNT_READONLY 1000 #define IDC_PREF_MOUNT_REMOVABLE 1001 #define IDC_VERIFY 1002 @@ -179,8 +180,9 @@ #define IDT_VOLUME_ID 1157 #define IDC_FAVORITE_VOLUME_ID 1158 #define IDC_FAVORITE_USE_VOLUME_ID 1159 -#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160 +#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160 #define IDC_HIDE_WAITING_DIALOG 1161 +#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -251,13 +253,13 @@ #define IDM_VERIFY_RESCUE_DISK_ISO 40068 // Next default values for new objects -// +// #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NO_MFC 1 -#define _APS_NEXT_RESOURCE_VALUE 119 +#define _APS_NEXT_RESOURCE_VALUE 120 #define _APS_NEXT_COMMAND_VALUE 40069 -#define _APS_NEXT_CONTROL_VALUE 1162 +#define _APS_NEXT_CONTROL_VALUE 1163 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/src/Setup/ComSetup.cpp b/src/Setup/ComSetup.cpp index 1b3220d9..7fe3ef49 100644 --- a/src/Setup/ComSetup.cpp +++ b/src/Setup/ComSetup.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -11,10 +11,10 @@ */ #define TC_MAIN_COM_VERSION_MAJOR 2 -#define TC_MAIN_COM_VERSION_MINOR 7 +#define TC_MAIN_COM_VERSION_MINOR 8 #define TC_FORMAT_COM_VERSION_MAJOR 2 -#define TC_FORMAT_COM_VERSION_MINOR 5 +#define TC_FORMAT_COM_VERSION_MINOR 6 #include #include @@ -39,9 +39,11 @@ extern "C" BOOL RegisterComServers (wchar_t *modulePath) UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR, 0, SYS_WIN32); // unregister older versions that may still exist + UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32); + UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32); wchar_t setupModule[MAX_PATH]; @@ -78,9 +80,12 @@ extern "C" BOOL UnregisterComServers (wchar_t *modulePath) return FALSE; // unregister older versions that may still exist + UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32); + UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32); + UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32); wchar_t module[1024];