nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-24 12:03:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Implement support for EFI system encryption in Windows GUI.

Browse Source
This commit is contained in:
Mounir IDRASSI 2016-08-09 23:26:15 +02:00
parent 246233c402
commit 07ee8c1069
No known key found for this signature in database
GPG Key ID: DD0C382D5FCFB8FC
18 changed files with 2337 additions and 525 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

217
src/Common/BaseCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -161,6 +161,63 @@ DWORD BaseCom::ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *buff
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
DWORD BaseCom::GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
if (!pSize)
return ERROR_INVALID_PARAMETER;
try
{
std::wstring path (filePath);
File file(filePath, true);
file.CheckOpened (SRC_POS);
file.GetFileSize (*pSize);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
try
{
auto_ptr <File> file (device ? new Device (filePath, readOnly == TRUE) : new File (filePath, readOnly == TRUE));
file->CheckOpened (SRC_POS);
if (!file->IoCtl (dwIoControlCode, (BYTE *) input, !(BYTE *) input ? 0 : ((DWORD *) ((BYTE *) input))[-1],
(BYTE *) *output, !(BYTE *) *output ? 0 : ((DWORD *) ((BYTE *) *output))[-1]))
{
return GetLastError();
}
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::RegisterFilterDriver (BOOL registerDriver, int filterType) DWORD BaseCom::RegisterFilterDriver (BOOL registerDriver, int filterType)
{ {
@ -244,3 +301,161 @@ DWORD BaseCom::WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName
return ERROR_SUCCESS; return ERROR_SUCCESS;
} }
DWORD BaseCom::InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.InstallBootLoader (preserveUserConfig? true : false, hiddenOSCreation? true : false, pim, hashAlg);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::BackupEfiSystemLoader ()
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.BackupSystemLoader ();
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::RestoreEfiSystemLoader ()
{
try
{
BootEncryption bootEnc (NULL);
bootEnc.RestoreSystemLoader ();
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn)
{
if (!pSdn || !(*pSdn) || ((((DWORD *) ((BYTE *) *pSdn))[-1]) < sizeof (STORAGE_DEVICE_NUMBER)))
return ERROR_INVALID_PARAMETER;
try
{
BootEncryption bootEnc (NULL);
bootEnc.GetEfiBootDeviceNumber ((PSTORAGE_DEVICE_NUMBER) *pSdn);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
if (!pContent || !(*pContent))
return ERROR_INVALID_PARAMETER;
try
{
DWORD maxSize = ((DWORD *) ((BYTE *) *pContent))[-1];
BootEncryption bootEnc (NULL);
bootEnc.ReadEfiConfig ((byte*) *pContent, maxSize, pcbRead);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}
DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
if (!customUserMessage)
return ERROR_INVALID_PARAMETER;
try
{
DWORD maxSize = ((DWORD *) ((BYTE *) customUserMessage))[-1];
char* msg = (char*) *customUserMessage;
if (maxSize > 0)
msg [maxSize - 1] = 0;
std::string msgStr = maxSize > 0 ? msg : "";
BootEncryption bootEnc (NULL);
bootEnc.WriteEfiBootSectorUserConfig ((byte) userConfig, msgStr, pim, hashAlg);
}
catch (SystemException &)
{
return GetLastError();
}
catch (Exception &e)
{
e.Show (NULL);
return ERROR_EXCEPTION_IN_SERVICE;
}
catch (...)
{
return ERROR_EXCEPTION_IN_SERVICE;
}
return ERROR_SUCCESS;
}

16
src/Common/BaseCom.h
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -20,11 +20,11 @@ class TrueCryptFactory : public IClassFactory
{ {
public: public:
TrueCryptFactory (DWORD messageThreadId) : TrueCryptFactory (DWORD messageThreadId) :
RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { } RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { }
~TrueCryptFactory () { } ~TrueCryptFactory () { }
virtual ULONG STDMETHODCALLTYPE AddRef () virtual ULONG STDMETHODCALLTYPE AddRef ()
{ {
return InterlockedIncrement (&RefCount) - 1; return InterlockedIncrement (&RefCount) - 1;
@ -53,7 +53,7 @@ class TrueCryptFactory : public IClassFactory
AddRef (); AddRef ();
return S_OK; return S_OK;
} }
virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject) virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject)
{ {
if (pUnkOuter != NULL) if (pUnkOuter != NULL)
@ -110,6 +110,14 @@ class BaseCom
static DWORD RegisterSystemFavoritesService (BOOL registerService); static DWORD RegisterSystemFavoritesService (BOOL registerService);
static DWORD SetDriverServiceStartType (DWORD startType); static DWORD SetDriverServiceStartType (DWORD startType);
static DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); static DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
static DWORD GetFileSize (BSTR filePath, unsigned __int64 *pSize);
static DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
static DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
static DWORD BackupEfiSystemLoader ();
static DWORD RestoreEfiSystemLoader ();
static DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
static DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
static DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
}; };

1553
src/Common/BootEncryption.cpp
View File

File diff suppressed because it is too large Load Diff

97
src/Common/BootEncryption.h
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -18,6 +18,16 @@
#include "Exception.h" #include "Exception.h"
#include "Platform/PlatformBase.h" #include "Platform/PlatformBase.h"
#include "Volumes.h" #include "Volumes.h"
#include <Winternl.h>
#define SYSPARTITIONINFORMATION 0x62
typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
SYSTEM_INFORMATION_CLASS SystemInformationClass,
PVOID SystemInformation,
ULONG SystemInformationLength,
PULONG ReturnLength
);
using namespace std; using namespace std;
@ -26,7 +36,7 @@ namespace VeraCrypt
class File class File
{ {
public: public:
File () : Elevated (false), FileOpen (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { } File () : Elevated (false), FileOpen (false), ReadOnly (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { }
File (wstring path,bool readOnly = false, bool create = false); File (wstring path,bool readOnly = false, bool create = false);
virtual ~File () { Close(); } virtual ~File () { Close(); }
@ -35,10 +45,13 @@ namespace VeraCrypt
DWORD Read (byte *buffer, DWORD size); DWORD Read (byte *buffer, DWORD size);
void Write (byte *buffer, DWORD size); void Write (byte *buffer, DWORD size);
void SeekAt (int64 position); void SeekAt (int64 position);
void GetFileSize (unsigned __int64& size);
bool IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize);
protected: protected:
bool Elevated; bool Elevated;
bool FileOpen; bool FileOpen;
bool ReadOnly;
uint64 FilePointerPosition; uint64 FilePointerPosition;
HANDLE Handle; HANDLE Handle;
bool IsDevice; bool IsDevice;
@ -131,6 +144,67 @@ namespace VeraCrypt
bool SystemLoaderPresent; bool SystemLoaderPresent;
}; };
class EfiBootConf
{
public:
int passwordType;
string passwordMsg;
string passwordPicture;
string hashMsg;
int hashAlgo;
int requestHash;
string pimMsg;
int pim;
int requestPim;
int authorizeVisible;
int authorizeRetry;
EfiBootConf();
static BOOL ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize);
static int ReadConfigInteger (char* configContent, const char *configKey, int defaultValue);
static char *ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen);
static BOOL WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue);
static BOOL WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue);
BOOL Load (const wchar_t* fileName);
void Load (char* configContent);
BOOL Save (const wchar_t* fileName, HWND hwnd);
};
class EfiBoot {
public:
EfiBoot();
void MountBootPartition(WCHAR letter);
void DismountBootPartition();
bool IsEfiBoot();
void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
void SaveFile(wchar_t* name, byte* data, DWORD size);
void GetFileSize(const wchar_t* name, unsigned __int64& size);
void ReadFile(const wchar_t* name, byte* data, DWORD size);
void CopyFile(const wchar_t* name, const wchar_t* targetName);
BOOL RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce);
BOOL DelFile(wchar_t* name);
BOOL MkDir(wchar_t* name, bool& bAlreadyExists);
BOOL ReadConfig (wchar_t* name, EfiBootConf& conf);
BOOL UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg);
BOOL WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
protected:
bool m_bMounted;
WCHAR EfiBootPartPath[3];
STORAGE_DEVICE_NUMBER sdn;
PARTITION_INFORMATION_EX partInfo;
WCHAR tempBuf[1024];
WCHAR systemPartitionPath[MAX_PATH];
};
class BootEncryption class BootEncryption
{ {
public: public:
@ -168,9 +242,9 @@ namespace VeraCrypt
BootEncryptionStatus GetStatus (); BootEncryptionStatus GetStatus ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties); void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration (); SystemDriveConfiguration GetSystemDriveConfiguration ();
void Install (bool hiddenSystem); void Install (bool hiddenSystem, int hashAlgo);
void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1); void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false); void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
bool CheckBootloaderFingerprint (bool bSilent = false); bool CheckBootloaderFingerprint (bool bSilent = false);
void InvalidateCachedSysDriveProperties (); void InvalidateCachedSysDriveProperties ();
bool IsCDRecorderPresent (); bool IsCDRecorderPresent ();
@ -179,8 +253,9 @@ namespace VeraCrypt
void PrepareHiddenOSCreation (int ea, int mode, int pkcs5); void PrepareHiddenOSCreation (int ea, int mode, int pkcs5);
void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath); void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath);
void ProbeRealSystemDriveSize (); void ProbeRealSystemDriveSize ();
void ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr); bool ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
uint32 ReadDriverConfigurationFlags (); uint32 ReadDriverConfigurationFlags ();
void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead);
void RegisterBootDriver (bool hiddenSystem); void RegisterBootDriver (bool hiddenSystem);
void RegisterFilterDriver (bool registerDriver, FilterType filterType); void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService); void RegisterSystemFavoritesService (BOOL registerService);
@ -206,13 +281,16 @@ namespace VeraCrypt
void WipeHiddenOSCreationConfig (); void WipeHiddenOSCreationConfig ();
void WriteBootDriveSector (uint64 offset, byte *data); void WriteBootDriveSector (uint64 offset, byte *data);
void WriteBootSectorConfig (const byte newConfig[]); void WriteBootSectorConfig (const byte newConfig[]);
void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim); void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value); void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value);
void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn);
void BackupSystemLoader ();
void RestoreSystemLoader ();
protected: protected:
static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image
void BackupSystemLoader ();
void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false); void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false);
void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim); void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim);
wstring GetSystemLoaderBackupPath (); wstring GetSystemLoaderBackupPath ();
@ -221,8 +299,7 @@ namespace VeraCrypt
PartitionList GetDrivePartitions (int driveNumber); PartitionList GetDrivePartitions (int driveNumber);
wstring GetRemarksOnHiddenOS (); wstring GetRemarksOnHiddenOS ();
wstring GetWindowsDirectory (); wstring GetWindowsDirectory ();
void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr); void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr);
void RestoreSystemLoader ();
void InstallVolumeHeader (); void InstallVolumeHeader ();
HWND ParentWindow; HWND ParentWindow;

473
src/Common/Dlgcode.c
View File

File diff suppressed because it is too large Load Diff

3
src/Common/Dlgcode.h
View File

@ -510,6 +510,9 @@ void AllowMessageInUIPI (UINT msg);
BOOL IsRepeatedByteArray (byte value, const byte* buffer, size_t bufferSize); BOOL IsRepeatedByteArray (byte value, const byte* buffer, size_t bufferSize);
BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue); BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue);
BOOL CopyTextToClipboard (const wchar_t* txtValue); BOOL CopyTextToClipboard (const wchar_t* txtValue);
BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);
BOOL GetFreeDriveLetter(WCHAR* pCh);
BOOL RaisePrivileges(void);
#ifdef __cplusplus #ifdef __cplusplus
} }

5
src/Common/Language.xml
View File

@ -1077,7 +1077,7 @@
<string lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0">VeraCrypt no longer supports encryption of the system partition/drive on Windows Vista with no Service Pack installed. Before upgrading VeraCrypt, please install Service Pack 1 or higher for Windows Vista.</string> <string lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0">VeraCrypt no longer supports encryption of the system partition/drive on Windows Vista with no Service Pack installed. Before upgrading VeraCrypt, please install Service Pack 1 or higher for Windows Vista.</string>
<string lang="en" key="FEATURE_REQUIRES_INSTALLATION">Error: This feature requires VeraCrypt to be installed on the system (you are running VeraCrypt in portable mode).\n\nPlease install VeraCrypt and then try again.</string> <string lang="en" key="FEATURE_REQUIRES_INSTALLATION">Error: This feature requires VeraCrypt to be installed on the system (you are running VeraCrypt in portable mode).\n\nPlease install VeraCrypt and then try again.</string>
<string lang="en" key="WINDOWS_NOT_ON_BOOT_DRIVE_ERROR">WARNING: Windows does not appear to be installed on the drive from which it boots. This is not supported.\n\nYou should continue only if you are sure that Windows is installed on the drive from which it boots.\n\nDo you want to continue?</string> <string lang="en" key="WINDOWS_NOT_ON_BOOT_DRIVE_ERROR">WARNING: Windows does not appear to be installed on the drive from which it boots. This is not supported.\n\nYou should continue only if you are sure that Windows is installed on the drive from which it boots.\n\nDo you want to continue?</string>
<string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">Your system drive has a GUID partition table (GPT). Currently, only drives with a MBR partition table are supported.</string> <string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">You are running a 32-bit Windows and your system drive has a GUID partition table (GPT). Currently, only Windows 64-bit is supported for GPT system encryption.</string>
<string lang="en" key="TC_BOOT_LOADER_ALREADY_INSTALLED">CAUTION: The VeraCrypt Boot Loader is already installed on your system drive!\n\nIt is possible that another system on your computer is already encrypted.\n\nWARNING: PROCEEDING WITH ENCRYPTION OF THE CURRENTLY RUNNING SYSTEM MAY MAKE OTHER SYSTEM(S) IMPOSSIBLE TO START AND RELATED DATA INACCESSIBLE.\n\nAre you sure you want to continue?</string> <string lang="en" key="TC_BOOT_LOADER_ALREADY_INSTALLED">CAUTION: The VeraCrypt Boot Loader is already installed on your system drive!\n\nIt is possible that another system on your computer is already encrypted.\n\nWARNING: PROCEEDING WITH ENCRYPTION OF THE CURRENTLY RUNNING SYSTEM MAY MAKE OTHER SYSTEM(S) IMPOSSIBLE TO START AND RELATED DATA INACCESSIBLE.\n\nAre you sure you want to continue?</string>
<string lang="en" key="SYS_LOADER_RESTORE_FAILED">Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader.</string> <string lang="en" key="SYS_LOADER_RESTORE_FAILED">Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader.</string>
<string lang="en" key="SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK">The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file).</string> <string lang="en" key="SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK">The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file).</string>
@ -1399,6 +1399,9 @@
<string lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</string> <string lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</string>
<control lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</control> <control lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</control>
<control lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</control> <control lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</control>
<control lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</control>
<string lang="en" key="GOST89_HELP">The GOST block cipher, defined in the standard GOST 28147-89 under name Magma, is a Soviet and Russian government standard symmetric key block cipher.\n\nDeveloped in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. It was a Soviet alternative to the United States standard algorithm, DES.</string>
<string lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</string>
<string lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</string> <string lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</string>
<string lang="en" key="TIME">Time</string> <string lang="en" key="TIME">Time</string>
<string lang="en" key="ITERATIONS">Iterations</string> <string lang="en" key="ITERATIONS">Iterations</string>

10
src/ExpandVolume/WinMain.cpp
View File

@ -504,9 +504,17 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
int i, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); int i, nIndex = SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
BOOL bIsGPT = FALSE;
try
{
BootEncryption BootEncObj (hwndDlg);
bIsGPT = BootEncObj.GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{ {
if (HashForSystemEncryption(i)) if (bIsGPT || HashForSystemEncryption(i))
{ {
nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); nIndex = SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);

44
src/Format/FormatCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -74,7 +74,7 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom
AddRef (); AddRef ();
return S_OK; return S_OK;
} }
virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output) virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output)
{ {
return BaseCom::CallDriver (ioctl, input, output); return BaseCom::CallDriver (ioctl, input, output);
@ -137,6 +137,46 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom
return ::FormatFs (driveNo, clusterSize, fsType); return ::FormatFs (driveNo, clusterSize, fsType);
} }
virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
return BaseCom::GetFileSize (filePath, pSize);
}
virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
}
virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
{
return BaseCom::BackupEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
{
return BaseCom::RestoreEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
{
return BaseCom::GetEfiBootDeviceNumber (pSdn);
}
virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
return BaseCom::ReadEfiConfig (pContent, pcbRead);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
}
protected: protected:
DWORD MessageThreadId; DWORD MessageThreadId;
LONG RefCount; LONG RefCount;

12
src/Format/FormatCom.idl
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -16,7 +16,7 @@ import "..\Common\Password.h";
[ [
uuid(56327DDA-F1A7-4e13-B128-520D129BDEF6), uuid(56327DDA-F1A7-4e13-B128-520D129BDEF6),
helpstring("VeraCrypt Format UAC Support Library"), helpstring("VeraCrypt Format UAC Support Library"),
version(2.5) // Update ComSetup.cpp when changing version number version(2.6) // Update ComSetup.cpp when changing version number
] ]
library TrueCryptFormatCom library TrueCryptFormatCom
{ {
@ -40,6 +40,14 @@ library TrueCryptFormatCom
DWORD SetDriverServiceStartType (DWORD startType); DWORD SetDriverServiceStartType (DWORD startType);
DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
BOOL FormatFs (int driveNo, int clusterSize, int fsType); BOOL FormatFs (int driveNo, int clusterSize, int fsType);
DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
DWORD BackupEfiSystemLoader ();
DWORD RestoreEfiSystemLoader ();
DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
}; };
[ [

61
src/Format/Tcformat.c
View File

@ -931,11 +931,13 @@ static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent)
BOOL SwitchWizardToSysEncMode (void) BOOL SwitchWizardToSysEncMode (void)
{ {
WaitCursor (); WaitCursor ();
SystemDriveConfiguration config;
try try
{ {
BootEncStatus = BootEncObj->GetStatus(); BootEncStatus = BootEncObj->GetStatus();
bWholeSysDrive = BootEncObj->SystemPartitionCoversWholeDrive(); bWholeSysDrive = BootEncObj->SystemPartitionCoversWholeDrive();
config = BootEncObj->GetSystemDriveConfiguration ();
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -1413,6 +1415,18 @@ void ComboSelChangeEA (HWND hwndDlg)
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP")); SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP"));
} }
else if (wcsncmp (name, L"GOST89", 6) == 0)
{
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), L"GOST89");
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("GOST89_HELP"));
}
else if (wcscmp (name, L"Kuznyechik") == 0)
{
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP"));
}
else if (wcscmp (name, L"Camellia") == 0) else if (wcscmp (name, L"Camellia") == 0)
{ {
StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
@ -3612,6 +3626,14 @@ static BOOL FileSize4GBLimitQuestionNeeded (void)
} }
void BlockIfGpt(HWND control) {
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
if (config.SystemPartition.IsGPT) {
EnableWindow(control, FALSE);
}
}
/* Except in response to the WM_INITDIALOG message, the dialog box procedure /* Except in response to the WM_INITDIALOG message, the dialog box procedure
should return nonzero if it processes the message, and zero if it does should return nonzero if it processes the message, and zero if it does
not. - see DialogProc */ not. - see DialogProc */
@ -3669,6 +3691,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
BlockIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN));
CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL)); CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP")); SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP"));
@ -3708,6 +3732,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP")); SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP"));
CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION)); CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION));
BlockIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT")); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV")); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
@ -3785,7 +3810,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL")); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
RefreshMultiBootControls (hwndDlg); RefreshMultiBootControls (hwndDlg);
BlockIfGpt(GetDlgItem(hwndDlg, IDC_MULTI_BOOT));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), nMultiBoot > 0); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), nMultiBoot > 0);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
@ -4061,13 +4086,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (SysEncInEffect ()) if (SysEncInEffect ())
{ {
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
hash_algo = bIsGPT? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT;
RandSetHashFunction (hash_algo); RandSetHashFunction (hash_algo);
for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
{ {
// For now, we keep RIPEMD160 for system encryption // For now, we keep RIPEMD160 for system encryption
if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && HashForSystemEncryption (hid)) if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bIsGPT || HashForSystemEncryption (hid)))
AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid); AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
} }
} }
@ -4461,8 +4487,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO); SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1)); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
// For now, disable verification of Rescue Disk for GPT system encryption
{
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
bDontVerifyRescueDisk = config.SystemPartition.IsGPT;
SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
EnableWindow(GetDlgItem (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION), !config.SystemPartition.IsGPT);
}
break; break;
case SYSENC_RESCUE_DISK_BURN_PAGE: case SYSENC_RESCUE_DISK_BURN_PAGE:
@ -5443,13 +5475,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDC_BENCHMARK && nCurPageNo == CIPHER_PAGE) if (lw == IDC_BENCHMARK && nCurPageNo == CIPHER_PAGE)
{ {
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
// Reduce CPU load // Reduce CPU load
bFastPollEnabled = FALSE; bFastPollEnabled = FALSE;
bRandmixEnabled = FALSE; bRandmixEnabled = FALSE;
DialogBoxParamW (hInst, DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
bFastPollEnabled = TRUE; bFastPollEnabled = TRUE;
bRandmixEnabled = TRUE; bRandmixEnabled = TRUE;
@ -5471,6 +5510,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
Applink ("serpent", FALSE, ""); Applink ("serpent", FALSE, "");
else if (wcscmp (name, L"Twofish") == 0) else if (wcscmp (name, L"Twofish") == 0)
Applink ("twofish", FALSE, ""); Applink ("twofish", FALSE, "");
else if (wcscmp (name, L"GOST89") == 0)
Applink ("gost89", FALSE, "");
else if (wcscmp (name, L"Kuznyechik") == 0)
Applink ("kuznyechik", FALSE, "");
else if (wcscmp (name, L"Camellia") == 0) else if (wcscmp (name, L"Camellia") == 0)
Applink ("camellia", FALSE, ""); Applink ("camellia", FALSE, "");
else if (EAGetCipherCount (nIndex) > 1) else if (EAGetCipherCount (nIndex) > 1)
@ -5793,7 +5836,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{ {
HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO); HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO);
int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0); int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
if (!HashForSystemEncryption(selectedAlgo)) BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
if (!bIsGPT && !HashForSystemEncryption(selectedAlgo))
{ {
hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT); RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);
@ -7332,10 +7376,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else if (nCurPageNo == CIPHER_PAGE) else if (nCurPageNo == CIPHER_PAGE)
{ {
LPARAM nIndex; LPARAM nIndex;
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0); nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0); nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
if (SysEncInEffect () if (!bIsGPT && SysEncInEffect ()
&& EAGetCipherCount (nVolumeEA) > 1) // Cascade? && EAGetCipherCount (nVolumeEA) > 1) // Cascade?
{ {
if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO) if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO)
@ -8033,7 +8078,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
} }
#endif #endif
BootEncObj->Install (bHiddenOS ? true : false); BootEncObj->Install (bHiddenOS ? true : false, hash_algo);
} }
catch (Exception &e) catch (Exception &e)
{ {

42
src/Mount/MainCom.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -158,6 +158,46 @@ class TrueCryptMainCom : public ITrueCryptMainCom
return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd); return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd);
} }
virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
return BaseCom::GetFileSize (filePath, pSize);
}
virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
}
virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
{
return BaseCom::BackupEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
{
return BaseCom::RestoreEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
{
return BaseCom::GetEfiBootDeviceNumber (pSdn);
}
virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
return BaseCom::ReadEfiConfig (pContent, pcbRead);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
}
protected: protected:
DWORD MessageThreadId; DWORD MessageThreadId;
LONG RefCount; LONG RefCount;

12
src/Mount/MainCom.idl
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -16,7 +16,7 @@ import "..\Common\Password.h";
[ [
uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A), uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
helpstring("VeraCrypt Main UAC Support Library"), helpstring("VeraCrypt Main UAC Support Library"),
version(2.7) // Update ComSetup.cpp when changing version number version(2.8) // Update ComSetup.cpp when changing version number
] ]
library TrueCryptMainCom library TrueCryptMainCom
{ {
@ -44,6 +44,14 @@ library TrueCryptMainCom
int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd);
DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
DWORD BackupEfiSystemLoader ();
DWORD RestoreEfiSystemLoader ();
DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
}; };
[ [

213
src/Mount/Mount.c
View File

@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg)
SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info); SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info);
} }
{
BOOL bIsGPT = FALSE;
try
{
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
bIsGPT = config.SystemPartition.IsGPT;
}
catch (Exception &)
{
}
// disable rescue disk operation for GPT system encryption
if (bIsGPT)
{
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED);
}
}
// Disable menu item for changing system header key derivation algorithm until it's implemented // Disable menu item for changing system header key derivation algorithm until it's implemented
EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED); EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED);
@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent)
static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly) static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
{ {
SystemDriveConfiguration config;
try try
{ {
BootEncStatus = BootEncObj->GetStatus(); BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration();
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS")); AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS"));
if (!IsHiddenOSRunning()) if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT)
{ {
AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK")); AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter)
} }
static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg) static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation)
{ {
wchar_t t[TC_MAX_PATH + 1024] = {L'"',0}; wchar_t t[TC_MAX_PATH + 1024] = {L'"',0};
wchar_t *tmp; wchar_t *tmp;
@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
if (!FileExists(t)) if (!FileExists(t))
Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else else
{ {
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread); if (bElevation && !IsAdmin() && IsUacSupported())
{
LaunchElevatedProcess (hwndDlg, t, arg);
}
else
{
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else
{
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
}
}
} }
} }
} }
@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
case IDC_PKCS5_PRF_ID: case IDC_PKCS5_PRF_ID:
if (bSysEncPwdChangeDlgMode) if (bSysEncPwdChangeDlgMode)
{ {
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id)) if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id))
{ {
int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT; int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg); Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{ {
if (HashForSystemEncryption(i)) if (bIsGPT || HashForSystemEncryption(i))
{ {
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF)
// Initiates or resumes encryption of the system partition/drive // Initiates or resumes encryption of the system partition/drive
static void EncryptSystemDevice (HWND hwndDlg) static void EncryptSystemDevice (HWND hwndDlg)
{ {
SystemDriveConfiguration config;
try try
{ {
BootEncStatus = BootEncObj->GetStatus(); BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
} }
catch (Exception &e) catch (Exception &e)
{ {
e.Show (MainDlg); e.Show (MainDlg);
} }
if (!BootEncStatus.DriveEncrypted if (!BootEncStatus.DriveEncrypted
&& !BootEncStatus.DriveMounted && !BootEncStatus.DriveMounted
&& !SysEncryptionOrDecryptionRequired ()) && !SysEncryptionOrDecryptionRequired ())
{ {
@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{ {
LaunchVolCreationWizard (hwndDlg, L"/sysenc"); LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE);
} }
else else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{ {
LaunchVolCreationWizard (hwndDlg, L"/sysenc"); LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE);
} }
else else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg)
// Initiates decryption of the system partition/drive // Initiates decryption of the system partition/drive
static void DecryptSystemDevice (HWND hwndDlg) static void DecryptSystemDevice (HWND hwndDlg)
{ {
SystemDriveConfiguration config;
try try
{ {
BootEncStatus = BootEncObj->GetStatus(); BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg)
return; return;
} }
CloseSysEncMutex (); CloseSysEncMutex ();
LaunchVolCreationWizard (hwndDlg, L"/dsysenc"); LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE);
} }
else else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg)
// such information, but will exit (displaying only an error meessage). // such information, but will exit (displaying only an error meessage).
Info("HIDDEN_OS_PREINFO", hwndDlg); Info("HIDDEN_OS_PREINFO", hwndDlg);
LaunchVolCreationWizard (hwndDlg, L"/isysenc"); LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE);
} }
static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel) static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel)
@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO) if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO)
return; return;
LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ()); LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE);
} }
// Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process // Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process
@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg)
{ {
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{ {
LaunchVolCreationWizard (MainDlg, L"/csysenc"); SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE);
} }
else else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt)
// IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt, // IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt,
// the user would not be able resume encryption and the data on the volume would be inaccessible. // the user would not be able resume encryption and the data on the volume would be inaccessible.
LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace"); LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE);
} }
BOOL SelectContainer (HWND hwndDlg) BOOL SelectContainer (HWND hwndDlg)
@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent)
static void Benchmark (HWND hwndDlg) static void Benchmark (HWND hwndDlg)
{ {
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
} }
@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{ {
// The wizard was not launched during the system startup seq, or the user may have forgotten // The wizard was not launched during the system startup seq, or the user may have forgotten
// to resume the encryption/decryption process. // to resume the encryption/decryption process.
SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE);
LaunchVolCreationWizard (hwndDlg, L"/csysenc");
} }
} }
} }
@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD) if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD)
{ {
LaunchVolCreationWizard (hwndDlg, L""); LaunchVolCreationWizard (hwndDlg, L"", FALSE);
return 1; return 1;
} }
@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS) if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS)
{ {
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0); BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
return 1; return 1;
} }
@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
try try
{ {
VOLUME_PROPERTIES_STRUCT prop; VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
try try
{ {
BootEncStatus = BootEncObj->GetStatus(); BootEncStatus = BootEncObj->GetStatus();
BootEncObj->GetVolumeProperties (&prop); BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
} }
catch (...) catch (...)
{ {
BootEncStatus.DriveMounted = false; BootEncStatus.DriveMounted = false;
} }
if (BootEncStatus.DriveMounted) if (BootEncStatus.DriveMounted && !bIsGPT)
{ {
byte userConfig; byte userConfig;
string customUserMessage; string customUserMessage;
uint16 bootLoaderVersion; uint16 bootLoaderVersion;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
return 1;
if (bootLoaderVersion != VERSION_NUM) if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
else else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION; userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION;
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
} }
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW);
@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{ {
case WM_INITDIALOG: case WM_INITDIALOG:
{ {
if (!BootEncObj->GetStatus().DriveMounted) BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus();
if (!BootEncStatus.DriveMounted)
{ {
Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg); Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg);
EndDialog (hwndDlg, IDCANCEL); EndDialog (hwndDlg, IDCANCEL);
return 1; return 1;
} }
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
try try
{ {
LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS"); LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
uint32 driverConfig = ReadDriverConfigurationFlags(); uint32 driverConfig = ReadDriverConfigurationFlags();
byte userConfig; byte userConfig;
string customUserMessage; string customUserMessage;
uint16 bootLoaderVersion; uint16 bootLoaderVersion = 0;
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE; BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE; BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
if (bootLoaderVersion != VERSION_NUM) if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0); if (bIsGPT)
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str()); {
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED);
}
else
{
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
}
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled); EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDOK: case IDOK:
{ {
VOLUME_PROPERTIES_STRUCT prop; VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
if (!BootEncObj->GetStatus().DriveMounted) if (!BootEncObj->GetStatus().DriveMounted)
{ {
@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
try try
{ {
BootEncObj->GetVolumeProperties (&prop); BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1; return 1;
} }
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1]; char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0};
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage)); if (!bIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
byte userConfig; byte userConfig;
try try
{ {
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig); if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
return 1;
} }
catch (Exception &e) catch (Exception &e)
{ {
@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
else else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM; userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT)) if (bIsGPT)
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE; userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
else else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE; userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
else else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try try
{ {
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD); BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));

9
src/Mount/Mount.h
View File

@ -1,11 +1,11 @@
/* /*
Legal Notice: Some portions of the source code contained in this file were Legal Notice: Some portions of the source code contained in this file were
derived from the source code of TrueCrypt 7.1a, which is derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
and which is governed by the 'License Agreement for Encryption for the Masses' and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate);
int GetCipherBlockSizeByDriveNo (int nDosDriveNo); int GetCipherBlockSizeByDriveNo (int nDosDriveNo);
int GetModeOfOperationByDriveNo (int nDosDriveNo); int GetModeOfOperationByDriveNo (int nDosDriveNo);
void ChangeMainWindowVisibility (); void ChangeMainWindowVisibility ();
void LaunchVolCreationWizard (HWND hwndDlg);
BOOL WholeSysDriveEncryption (BOOL bSilent); BOOL WholeSysDriveEncryption (BOOL bSilent);
BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet); BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet);
BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath); BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath);

74
src/Mount/Mount.rc
View File

@ -283,30 +283,23 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings" CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1 FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, DEFPUSHBUTTON "OK",IDOK,257,115,50,14
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 PUSHBUTTON "Cancel",IDCANCEL,313,115,50,14
DEFPUSHBUTTON "OK",IDOK,257,262,50,14 GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
END END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248 IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@ -386,6 +379,31 @@ BEGIN
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10 CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
END END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
END
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
// //
@ -393,7 +411,7 @@ END
// //
#ifdef APSTUDIO_INVOKED #ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO GUIDELINES DESIGNINFO
BEGIN BEGIN
IDD_PREFERENCES_DLG, DIALOG IDD_PREFERENCES_DLG, DIALOG
BEGIN BEGIN
@ -455,12 +473,12 @@ BEGIN
BOTTOMMARGIN, 192 BOTTOMMARGIN, 192
END END
IDD_SYSENC_SETTINGS, DIALOG IDD_EFI_SYSENC_SETTINGS, DIALOG
BEGIN BEGIN
LEFTMARGIN, 7 LEFTMARGIN, 7
RIGHTMARGIN, 363 RIGHTMARGIN, 363
TOPMARGIN, 7 TOPMARGIN, 7
BOTTOMMARGIN, 276 BOTTOMMARGIN, 129
END END
IDD_PERFORMANCE_SETTINGS, DIALOG IDD_PERFORMANCE_SETTINGS, DIALOG
@ -486,6 +504,14 @@ BEGIN
TOPMARGIN, 7 TOPMARGIN, 7
BOTTOMMARGIN, 58 BOTTOMMARGIN, 58
END END
IDD_SYSENC_SETTINGS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 276
END
END END
#endif // APSTUDIO_INVOKED #endif // APSTUDIO_INVOKED
@ -534,19 +560,19 @@ END
// TEXTINCLUDE // TEXTINCLUDE
// //
1 TEXTINCLUDE 1 TEXTINCLUDE
BEGIN BEGIN
"resource.h\0" "resource.h\0"
END END
2 TEXTINCLUDE 2 TEXTINCLUDE
BEGIN BEGIN
"#include ""afxres.h""\r\n" "#include ""afxres.h""\r\n"
"#include ""..\\\\common\\\\resource.h""\r\n" "#include ""..\\\\common\\\\resource.h""\r\n"
"\0" "\0"
END END
3 TEXTINCLUDE 3 TEXTINCLUDE
BEGIN BEGIN
"#include ""..\\\\common\\\\common.rc""\r\n" "#include ""..\\\\common\\\\common.rc""\r\n"
"\0" "\0"
@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK BITMAP "System_drive_icon_mask_96dpi.bm
// Menu // Menu
// //
IDR_MENU MENU IDR_MENU MENU
BEGIN BEGIN
POPUP "&Volumes" POPUP "&Volumes"
BEGIN BEGIN
@ -691,7 +717,7 @@ END
// String Table // String Table
// //
STRINGTABLE STRINGTABLE
BEGIN BEGIN
IDS_UACSTRING "VeraCrypt" IDS_UACSTRING "VeraCrypt"
END END

10
src/Mount/Resource.h
View File

@ -21,6 +21,7 @@
#define IDD_SYSENC_SETTINGS 116 #define IDD_SYSENC_SETTINGS 116
#define IDD_FAVORITE_VOLUMES 117 #define IDD_FAVORITE_VOLUMES 117
#define IDD_DEFAULT_MOUNT_PARAMETERS 118 #define IDD_DEFAULT_MOUNT_PARAMETERS 118
#define IDD_EFI_SYSENC_SETTINGS 119
#define IDC_PREF_MOUNT_READONLY 1000 #define IDC_PREF_MOUNT_READONLY 1000
#define IDC_PREF_MOUNT_REMOVABLE 1001 #define IDC_PREF_MOUNT_REMOVABLE 1001
#define IDC_VERIFY 1002 #define IDC_VERIFY 1002
@ -179,8 +180,9 @@
#define IDT_VOLUME_ID 1157 #define IDT_VOLUME_ID 1157
#define IDC_FAVORITE_VOLUME_ID 1158 #define IDC_FAVORITE_VOLUME_ID 1158
#define IDC_FAVORITE_USE_VOLUME_ID 1159 #define IDC_FAVORITE_USE_VOLUME_ID 1159
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160 #define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDC_HIDE_WAITING_DIALOG 1161 #define IDC_HIDE_WAITING_DIALOG 1161
#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162
#define IDM_HELP 40001 #define IDM_HELP 40001
#define IDM_ABOUT 40002 #define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003 #define IDM_UNMOUNT_VOLUME 40003
@ -251,13 +253,13 @@
#define IDM_VERIFY_RESCUE_DISK_ISO 40068 #define IDM_VERIFY_RESCUE_DISK_ISO 40068
// Next default values for new objects // Next default values for new objects
// //
#ifdef APSTUDIO_INVOKED #ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS #ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1 #define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119 #define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069 #define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1162 #define _APS_NEXT_CONTROL_VALUE 1163
#define _APS_NEXT_SYMED_VALUE 101 #define _APS_NEXT_SYMED_VALUE 101
#endif #endif
#endif #endif

11
src/Setup/ComSetup.cpp
View File

@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0. by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file) Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source contained in the file License.txt included in VeraCrypt binary and source
@ -11,10 +11,10 @@
*/ */
#define TC_MAIN_COM_VERSION_MAJOR 2 #define TC_MAIN_COM_VERSION_MAJOR 2
#define TC_MAIN_COM_VERSION_MINOR 7 #define TC_MAIN_COM_VERSION_MINOR 8
#define TC_FORMAT_COM_VERSION_MAJOR 2 #define TC_FORMAT_COM_VERSION_MAJOR 2
#define TC_FORMAT_COM_VERSION_MINOR 5 #define TC_FORMAT_COM_VERSION_MINOR 6
#include <atlbase.h> #include <atlbase.h>
#include <comdef.h> #include <comdef.h>
@ -39,9 +39,11 @@ extern "C" BOOL RegisterComServers (wchar_t *modulePath)
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR, 0, SYS_WIN32);
// unregister older versions that may still exist // unregister older versions that may still exist
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32);
wchar_t setupModule[MAX_PATH]; wchar_t setupModule[MAX_PATH];
@ -78,9 +80,12 @@ extern "C" BOOL UnregisterComServers (wchar_t *modulePath)
return FALSE; return FALSE;
// unregister older versions that may still exist // unregister older versions that may still exist
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-4, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-3, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptMainCom, TC_MAIN_COM_VERSION_MAJOR, TC_MAIN_COM_VERSION_MINOR-1, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-2, 0, SYS_WIN32);
UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32); UnRegisterTypeLib (LIBID_TrueCryptFormatCom, TC_FORMAT_COM_VERSION_MAJOR, TC_FORMAT_COM_VERSION_MINOR-1, 0, SYS_WIN32);
wchar_t module[1024]; wchar_t module[1024];