Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 03:18:26 -06:00
Code Activity

Windows: Implement support for EFI system encryption in Windows GUI.

Browse Source
This commit is contained in:
Mounir IDRASSI
2016-08-09 23:26:15 +02:00
parent 246233c402
commit 07ee8c1069
18 changed files with 2337 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/Mount/MainCom.cpp
View File

@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -158,6 +158,46 @@ public:
return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd);
}
virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize)
{
return BaseCom::GetFileSize (filePath, pSize);
}
virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
{
return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output);
}
virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
{
return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader ()
{
return BaseCom::BackupEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader ()
{
return BaseCom::RestoreEfiSystemLoader ();
}
virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn)
{
return BaseCom::GetEfiBootDeviceNumber (pSdn);
}
virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
{
return BaseCom::ReadEfiConfig (pContent, pcbRead);
}
virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
{
return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg);
}
protected:
DWORD MessageThreadId;
LONG RefCount;

12
src/Mount/MainCom.idl
View File

@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -16,7 +16,7 @@ import "..\Common\Password.h";
[
uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A),
helpstring("VeraCrypt Main UAC Support Library"),
version(2.7) // Update ComSetup.cpp when changing version number
version(2.8) // Update ComSetup.cpp when changing version number
]
library TrueCryptMainCom
{
@@ -44,6 +44,14 @@ library TrueCryptMainCom
int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd);
int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd);
DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize);
DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
DWORD BackupEfiSystemLoader ();
DWORD RestoreEfiSystemLoader ();
DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
};
[

213
src/Mount/Mount.c
View File

@@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg)
SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info);
}
{
BOOL bIsGPT = FALSE;
try
{
SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration();
bIsGPT = config.SystemPartition.IsGPT;
}
catch (Exception &)
{
}
// disable rescue disk operation for GPT system encryption
if (bIsGPT)
{
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED);
EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED);
}
}
// Disable menu item for changing system header key derivation algorithm until it's implemented
EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED);
@@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent)
static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration();
}
catch (Exception &e)
{
@@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS"));
if (!IsHiddenOSRunning())
if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT)
{
AppendMenu (popup, MF_SEPARATOR, 0, L"");
AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
@@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter)
}
static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation)
{
wchar_t t[TC_MAX_PATH + 1024] = {L'"',0};
wchar_t *tmp;
@@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg)
if (!FileExists(t))
Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else
{
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
if (bElevation && !IsAdmin() && IsUacSupported())
{
LaunchElevatedProcess (hwndDlg, t, arg);
}
else
{
if (wcslen (arg) > 0)
{
StringCbCatW (t, sizeof(t), L" ");
StringCbCatW (t, sizeof(t), arg);
}
if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi))
{
handleWin32Error (hwndDlg, SRC_POS);
}
else
{
CloseHandle (pi.hProcess);
CloseHandle (pi.hThread);
}
}
}
}
}
@@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
case IDC_PKCS5_PRF_ID:
if (bSysEncPwdChangeDlgMode)
{
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA,
SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id))
if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id))
{
int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT;
Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg);
@@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION"));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++)
{
if (HashForSystemEncryption(i))
if (bIsGPT || HashForSystemEncryption(i))
{
nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i));
SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i);
@@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF)
// Initiates or resumes encryption of the system partition/drive
static void EncryptSystemDevice (HWND hwndDlg)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
if (!BootEncStatus.DriveEncrypted
if (!BootEncStatus.DriveEncrypted
&& !BootEncStatus.DriveMounted
&& !SysEncryptionOrDecryptionRequired ())
{
@@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (hwndDlg, L"/sysenc");
LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg)
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (hwndDlg, L"/sysenc");
LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg)
// Initiates decryption of the system partition/drive
static void DecryptSystemDevice (HWND hwndDlg)
{
SystemDriveConfiguration config;
try
{
BootEncStatus = BootEncObj->GetStatus();
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
@@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg)
return;
}
CloseSysEncMutex ();
LaunchVolCreationWizard (hwndDlg, L"/dsysenc");
CloseSysEncMutex ();
LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg)
// such information, but will exit (displaying only an error meessage).
Info("HIDDEN_OS_PREINFO", hwndDlg);
LaunchVolCreationWizard (hwndDlg, L"/isysenc");
LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE);
}
static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel)
@@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection,
if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO)
return;
LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ());
LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE);
}
// Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process
@@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg)
{
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
LaunchVolCreationWizard (MainDlg, L"/csysenc");
SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE);
}
else
Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
@@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt)
// IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt,
// the user would not be able resume encryption and the data on the volume would be inaccessible.
LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace");
LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE);
}
BOOL SelectContainer (HWND hwndDlg)
@@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent)
static void Benchmark (HWND hwndDlg)
{
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
(DLGPROC) BenchmarkDlgProc, (LPARAM) NULL);
(DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT);
}
@@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
// The wizard was not launched during the system startup seq, or the user may have forgotten
// to resume the encryption/decryption process.
SystemDriveConfiguration config;
try
{
config = BootEncObj->GetSystemDriveConfiguration ();
}
catch (Exception &e)
{
e.Show (MainDlg);
}
LaunchVolCreationWizard (hwndDlg, L"/csysenc");
LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE);
}
}
}
@@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD)
{
LaunchVolCreationWizard (hwndDlg, L"");
LaunchVolCreationWizard (hwndDlg, L"", FALSE);
return 1;
}
@@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS)
{
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
BOOL bIsGPT = FALSE;
try
{
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...) {}
DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0);
return 1;
}
@@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
try
{
VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
try
{
BootEncStatus = BootEncObj->GetStatus();
BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (...)
{
BootEncStatus.DriveMounted = false;
BootEncStatus.DriveMounted = false;
}
if (BootEncStatus.DriveMounted)
if (BootEncStatus.DriveMounted && !bIsGPT)
{
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
return 1;
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
@@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION;
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
}
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW);
@@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{
case WM_INITDIALOG:
{
if (!BootEncObj->GetStatus().DriveMounted)
BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus();
if (!BootEncStatus.DriveMounted)
{
Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg);
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
try
{
LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS");
@@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
uint32 driverConfig = ReadDriverConfigurationFlags();
byte userConfig;
string customUserMessage;
uint16 bootLoaderVersion;
uint16 bootLoaderVersion = 0;
BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE;
BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE;
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion))
{
// operations canceled
EndDialog (hwndDlg, IDCANCEL);
return 1;
}
if (bootLoaderVersion != VERSION_NUM)
Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg);
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
if (bIsGPT)
{
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED);
}
else
{
SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0);
SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str());
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
}
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
}
catch (Exception &e)
{
@@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
case IDOK:
{
VOLUME_PROPERTIES_STRUCT prop;
BOOL bIsGPT = FALSE;
if (!BootEncObj->GetStatus().DriveMounted)
{
@@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
try
{
BootEncObj->GetVolumeProperties (&prop);
bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT;
}
catch (Exception &e)
{
@@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
return 1;
}
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0};
if (!bIsGPT)
GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage));
byte userConfig;
try
{
BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig);
if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig))
return 1;
}
catch (Exception &e)
{
@@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
if (bIsGPT)
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT))
userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH;
}
else
{
if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT))
userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE;
@@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
else
userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC;
}
try
{
BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD);
BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim);
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));

9
src/Mount/Mount.h
View File

@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
derived from the source code of TrueCrypt 7.1a, which is
Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate);
int GetCipherBlockSizeByDriveNo (int nDosDriveNo);
int GetModeOfOperationByDriveNo (int nDosDriveNo);
void ChangeMainWindowVisibility ();
void LaunchVolCreationWizard (HWND hwndDlg);
BOOL WholeSysDriveEncryption (BOOL bSilent);
BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet);
BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath);

74
src/Mount/Mount.rc
View File

@@ -283,30 +283,23 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10
DEFPUSHBUTTON "OK",IDOK,257,115,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,115,50,14
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9
END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@@ -386,6 +379,31 @@ BEGIN
CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10
END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9
EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL
CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10
DEFPUSHBUTTON "OK",IDOK,257,262,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10
CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10
CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9
END
/////////////////////////////////////////////////////////////////////////////
//
@@ -393,7 +411,7 @@ END
//
#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
GUIDELINES DESIGNINFO
BEGIN
IDD_PREFERENCES_DLG, DIALOG
BEGIN
@@ -455,12 +473,12 @@ BEGIN
BOTTOMMARGIN, 192
END
IDD_SYSENC_SETTINGS, DIALOG
IDD_EFI_SYSENC_SETTINGS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 276
BOTTOMMARGIN, 129
END
IDD_PERFORMANCE_SETTINGS, DIALOG
@@ -486,6 +504,14 @@ BEGIN
TOPMARGIN, 7
BOTTOMMARGIN, 58
END
IDD_SYSENC_SETTINGS, DIALOG
BEGIN
LEFTMARGIN, 7
RIGHTMARGIN, 363
TOPMARGIN, 7
BOTTOMMARGIN, 276
END
END
#endif // APSTUDIO_INVOKED
@@ -534,19 +560,19 @@ END
// TEXTINCLUDE
//
1 TEXTINCLUDE
1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
2 TEXTINCLUDE
2 TEXTINCLUDE
BEGIN
"#include ""afxres.h""\r\n"
"#include ""..\\\\common\\\\resource.h""\r\n"
"\0"
END
3 TEXTINCLUDE
3 TEXTINCLUDE
BEGIN
"#include ""..\\\\common\\\\common.rc""\r\n"
"\0"
@@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK BITMAP "System_drive_icon_mask_96dpi.bm
// Menu
//
IDR_MENU MENU
IDR_MENU MENU
BEGIN
POPUP "&Volumes"
BEGIN
@@ -691,7 +717,7 @@ END
// String Table
//
STRINGTABLE
STRINGTABLE
BEGIN
IDS_UACSTRING "VeraCrypt"
END

10
src/Mount/Resource.h
View File

@@ -21,6 +21,7 @@
#define IDD_SYSENC_SETTINGS 116
#define IDD_FAVORITE_VOLUMES 117
#define IDD_DEFAULT_MOUNT_PARAMETERS 118
#define IDD_EFI_SYSENC_SETTINGS 119
#define IDC_PREF_MOUNT_READONLY 1000
#define IDC_PREF_MOUNT_REMOVABLE 1001
#define IDC_VERIFY 1002
@@ -179,8 +180,9 @@
#define IDT_VOLUME_ID 1157
#define IDC_FAVORITE_VOLUME_ID 1158
#define IDC_FAVORITE_USE_VOLUME_ID 1159
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160
#define IDC_HIDE_WAITING_DIALOG 1161
#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162
#define IDM_HELP 40001
#define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003
@@ -251,13 +253,13 @@
#define IDM_VERIFY_RESCUE_DISK_ISO 40068
// Next default values for new objects
//
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119
#define _APS_NEXT_RESOURCE_VALUE 120
#define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1162
#define _APS_NEXT_CONTROL_VALUE 1163
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif