Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: Add option to disable detection of "Evil Maid" attacks. This is helpful for users who have software running the modifies the bootloader, like FLEXnet.

Browse Source
This commit is contained in:
Mounir IDRASSI
2015-10-07 04:35:03 +02:00
parent f3c91cb05c
commit 9a6fc789eb
5 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Common/Apidrvr.h
View File

@@ -336,5 +336,6 @@ typedef struct
#define TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS 0x4 #define TC_DRIVER_CONFIG_DISABLE_NONADMIN_SYS_FAVORITES_ACCESS 0x4
#define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8 #define TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION 0x8
#define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10 #define TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL 0x10
#define TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION 0x20
#endif /* _WIN32 */ #endif /* _WIN32 */

1
src/Common/Language.xml
View File

@@ -120,6 +120,7 @@
<control lang="en" key="IDC_CREATE">Create</control> <control lang="en" key="IDC_CREATE">Create</control>
<control lang="en" key="IDC_CREATE_VOLUME">&amp;Create Volume</control> <control lang="en" key="IDC_CREATE_VOLUME">&amp;Create Volume</control>
<control lang="en" key="IDC_DISABLE_BOOT_LOADER_OUTPUT">Do not &amp;show any texts in the pre-boot authentication screen (except the below custom message)</control> <control lang="en" key="IDC_DISABLE_BOOT_LOADER_OUTPUT">Do not &amp;show any texts in the pre-boot authentication screen (except the below custom message)</control>
<control lang="en" key="IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION">Disable "Evil Maid" attack detection</control>
<control lang="en" key="IDC_ENABLE_HARDWARE_ENCRYPTION">Accelerate AES encryption/decryption by using the AES instructions of the processor (if available)</control> <control lang="en" key="IDC_ENABLE_HARDWARE_ENCRYPTION">Accelerate AES encryption/decryption by using the AES instructions of the processor (if available)</control>
<control lang="en" key="IDC_ENABLE_KEYFILES">Use keyfiles</control> <control lang="en" key="IDC_ENABLE_KEYFILES">Use keyfiles</control>
<control lang="en" key="IDC_ENABLE_NEW_KEYFILES">Use keyfiles</control> <control lang="en" key="IDC_ENABLE_NEW_KEYFILES">Use keyfiles</control>

10
src/Mount/Mount.c
View File

@@ -6206,18 +6206,22 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{ {
if (IsHiddenOSRunning()) if (IsHiddenOSRunning())
{ {
uint32 driverConfig = ReadDriverConfigurationFlags();
if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM) if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM)
Warning ("UPDATE_TC_IN_HIDDEN_OS_TOO", hwndDlg); Warning ("UPDATE_TC_IN_HIDDEN_OS_TOO", hwndDlg);
if (!BootEncObj->CheckBootloaderFingerprint ()) if ( !(driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION)
&& !BootEncObj->CheckBootloaderFingerprint ())
Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg); Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg);
} }
else if (SysDriveOrPartitionFullyEncrypted (TRUE)) else if (SysDriveOrPartitionFullyEncrypted (TRUE))
{ {
uint32 driverConfig = ReadDriverConfigurationFlags();
if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM) if (BootEncObj->GetInstalledBootLoaderVersion() != VERSION_NUM)
{ {
Warning ("BOOT_LOADER_VERSION_DIFFERENT_FROM_DRIVER_VERSION", hwndDlg); Warning ("BOOT_LOADER_VERSION_DIFFERENT_FROM_DRIVER_VERSION", hwndDlg);
} }
if (!BootEncObj->CheckBootloaderFingerprint ()) if ( !(driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION)
&& !BootEncObj->CheckBootloaderFingerprint ())
Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg); Warning ("BOOT_LOADER_FINGERPRINT_CHECK_FAILED", hwndDlg);
} }
} }
@@ -10424,6 +10428,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED);
CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD) ? BST_CHECKED : BST_UNCHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD) ? BST_CHECKED : BST_UNCHECKED);
CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED);
SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP"));
} }
@@ -10480,6 +10485,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
{ {
BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage); BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage);
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD)); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD));
SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION));
} }
catch (Exception &e) catch (Exception &e)
{ {

13
src/Mount/Mount.rc
View File

@@ -275,7 +275,7 @@ BEGIN
LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65
END END
IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 242 IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 261
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt - System Encryption Settings" CAPTION "VeraCrypt - System Encryption Settings"
FONT 8, "MS Shell Dlg", 400, 0, 0x1 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -287,12 +287,14 @@ BEGIN
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,178,339,10 "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,178,339,10
CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,193,340,10 "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,193,340,10
DEFPUSHBUTTON "OK",IDOK,257,220,50,14 DEFPUSHBUTTON "OK",IDOK,257,233,50,14
PUSHBUTTON "Cancel",IDCANCEL,313,220,50,14 PUSHBUTTON "Cancel",IDCANCEL,313,233,50,14
LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,41,337,8 LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,41,337,8
GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,150 GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,150
GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,163,355,49 GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,163,355,62
LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,74,337,73 LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,74,337,73
CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,208,340,10
END END
IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248 IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248
@@ -442,6 +444,7 @@ BEGIN
LEFTMARGIN, 7 LEFTMARGIN, 7
RIGHTMARGIN, 363 RIGHTMARGIN, 363
TOPMARGIN, 7 TOPMARGIN, 7
BOTTOMMARGIN, 247
END END
IDD_PERFORMANCE_SETTINGS, DIALOG IDD_PERFORMANCE_SETTINGS, DIALOG
@@ -588,7 +591,7 @@ BEGIN
MENUITEM SEPARATOR MENUITEM SEPARATOR
MENUITEM "Create Rescue Disk...", IDM_CREATE_RESCUE_DISK MENUITEM "Create Rescue Disk...", IDM_CREATE_RESCUE_DISK
MENUITEM "Verify Rescue Disk", IDM_VERIFY_RESCUE_DISK MENUITEM "Verify Rescue Disk", IDM_VERIFY_RESCUE_DISK
MENUITEM "Verify Rescue Disk ISO Image",IDM_VERIFY_RESCUE_DISK_ISO MENUITEM "Verify Rescue Disk ISO Image", IDM_VERIFY_RESCUE_DISK_ISO
MENUITEM SEPARATOR MENUITEM SEPARATOR
MENUITEM "Mount Without Pre-Boot &Authentication...", IDM_MOUNT_SYSENC_PART_WITHOUT_PBA MENUITEM "Mount Without Pre-Boot &Authentication...", IDM_MOUNT_SYSENC_PART_WITHOUT_PBA
MENUITEM SEPARATOR MENUITEM SEPARATOR

3
src/Mount/Resource.h
View File

@@ -172,6 +172,7 @@
#define IDC_COPY_EXPANDER 1148 #define IDC_COPY_EXPANDER 1148
#define IDT_DRIVER_OPTIONS 1149 #define IDT_DRIVER_OPTIONS 1149
#define IDC_ENABLE_EXTENDED_IOCTL_SUPPORT 1150 #define IDC_ENABLE_EXTENDED_IOCTL_SUPPORT 1150
#define IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION 1151
#define IDM_HELP 40001 #define IDM_HELP 40001
#define IDM_ABOUT 40002 #define IDM_ABOUT 40002
#define IDM_UNMOUNT_VOLUME 40003 #define IDM_UNMOUNT_VOLUME 40003
@@ -248,7 +249,7 @@
#define _APS_NO_MFC 1 #define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 119 #define _APS_NEXT_RESOURCE_VALUE 119
#define _APS_NEXT_COMMAND_VALUE 40069 #define _APS_NEXT_COMMAND_VALUE 40069
#define _APS_NEXT_CONTROL_VALUE 1151 #define _APS_NEXT_CONTROL_VALUE 1152
#define _APS_NEXT_SYMED_VALUE 101 #define _APS_NEXT_SYMED_VALUE 101
#endif #endif
#endif #endif