Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-09 22:36:59 -05:00
Code Activity

Windows: Fix MSI traveler disk creation with WHQL-signed drivers

Browse Source 
Make MSI-installed VeraCrypt use the IDRIX-signed COMReg package as the
source for traveler files, matching the EXE installer flow. COMReg now
packages the x64 traveler payload, so traveler creation no longer has to
copy the installed x64 driver from appDir\veracrypt.sys and verify it
against a Microsoft WHQL certificate fingerprint.

Keep Microsoft WHQL certificate verification only for the loose portable
driver fallback, where driver files cannot be signed with the IDRIX code
signing certificate. The normal VerifyModuleSignature path now remains
IDRIX-only.

Also validate that an MSI COMReg package actually contains the required
x64 traveler files before reporting success, avoiding partial traveler
directories when the package payload is incomplete.
This commit is contained in:
Mounir IDRASSI
2026-04-14 18:43:07 +09:00
parent 250a488a84
commit 976bb3767b
4 changed files with 76 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Mount/Mount.c
+23 -69
View File
@@ -4941,7 +4941,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir);
if (!VerifyModuleSignature (srcPath))
if (!VerifyModuleSignatureAllowingMicrosoftWHQL (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
@@ -4955,7 +4955,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver x64
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt-x64.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
if (!VerifyModuleSignature (srcPath))
if (!VerifyModuleSignatureAllowingMicrosoftWHQL (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
@@ -4969,7 +4969,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver ARM64
StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\veracrypt-arm64.sys", appDir);
StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-arm64.sys", dstDir);
if (!VerifyModuleSignature(srcPath))
if (!VerifyModuleSignatureAllowingMicrosoftWHQL(srcPath))
{
Error("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
@@ -4983,19 +4983,23 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
{
int fileNo = 0;
BOOL bMsiX64Case = FALSE;
// get file from the Setup binary after checking its signature and its version
BOOL bMsiPackage = FALSE;
BOOL bCopiedX64App = FALSE;
BOOL bCopiedX64Driver = FALSE;
BOOL bCopiedX64Wizard = FALSE;
BOOL bCopiedX64Expander = FALSE;
// Get files from the IDRIX-signed setup or COMReg package after checking its signature and integrity.
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt COMReg.exe", appDir); // MSI installation case
if (FileExists(srcPath))
{
bMsiX64Case = TRUE;
bMsiPackage = TRUE;
}
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Setup.exe", appDir); // EXE installation case
FreeAllFileBuffers ();
if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath, TRUE) || (!bMsiX64Case && (Decompressed_Files_Count != NBR_COMPRESSED_FILES)))
if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath, TRUE) || (!bMsiPackage && (Decompressed_Files_Count != NBR_COMPRESSED_FILES)))
{
MessageBoxW (hwndDlg, GetString ("DIST_PACKAGE_CORRUPTED"), lpszTitle, MB_ICONEXCLAMATION);
goto stop;
@@ -5071,71 +5075,21 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONERROR | MB_SETFOREGROUND | MB_TOPMOST);
goto stop;
}
if (wcscmp (fileName, L"VeraCrypt-x64.exe") == 0)
bCopiedX64App = TRUE;
else if (wcscmp (fileName, L"veracrypt-x64.sys") == 0)
bCopiedX64Driver = TRUE;
else if (wcscmp (fileName, L"VeraCrypt Format-x64.exe") == 0)
bCopiedX64Wizard = TRUE;
else if (wcscmp (fileName, L"VeraCryptExpander-x64.exe") == 0)
bCopiedX64Expander = TRUE;
}
if (bMsiX64Case)
if (bMsiPackage && (!bCopiedX64App || !bCopiedX64Driver || (copyWizard && !bCopiedX64Wizard) || (copyExpander && !bCopiedX64Expander)))
{
// Main app
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir);
if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
// Wizard
if (copyWizard)
{
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir);
if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
}
// Expander
if (copyExpander)
{
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir);
if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
}
// Driver
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
if (!VerifyModuleSignature (srcPath))
{
Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
goto stop;
}
else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
}
MessageBoxW (hwndDlg, GetString ("DIST_PACKAGE_CORRUPTED"), lpszTitle, MB_ICONEXCLAMATION);
goto stop;
}
}