Windows: Add functionality to verify Rescue Disk ISO image file.

src/Common/BootEncryption.cpp

@@ -1795,6 +1795,31 @@ namespace VeraCrypt
 		return false;
 	}
 
+	bool BootEncryption::VerifyRescueDiskIsoImage (const char* imageFile)
+	{
+		if (!RescueIsoImage)
+			throw ParameterIncorrect (SRC_POS);
+
+		try
+		{
+			File isoFile (imageFile, true);
+			isoFile.CheckOpened (SRC_POS);
+			size_t verifiedSectorCount = (TC_CD_BOOTSECTOR_OFFSET + TC_ORIG_BOOT_LOADER_BACKUP_SECTOR_OFFSET + TC_BOOT_LOADER_AREA_SIZE) / 2048;
+			Buffer buffer ((verifiedSectorCount + 1) * 2048);
+
+			DWORD bytesRead = isoFile.Read (buffer.Ptr(), (DWORD) buffer.Size());
+			if (	(bytesRead == buffer.Size()) 
+				&& (memcmp (buffer.Ptr(), RescueIsoImage, buffer.Size()) == 0)
+				)
+			{
+				return true;
+			}
+		}
+		catch (...) { }
+
+		return false;
+	}
+
 
 #ifndef SETUP
 

src/Common/BootEncryption.h

@@ -203,6 +203,7 @@ namespace VeraCrypt
 		bool SystemPartitionCoversWholeDrive ();
 		bool SystemDriveIsDynamic ();
 		bool VerifyRescueDisk ();
+		bool VerifyRescueDiskIsoImage (const char* imageFile);
 		void WipeHiddenOSCreationConfig ();
 		void WriteBootDriveSector (uint64 offset, byte *data);
 		void WriteBootSectorConfig (const byte newConfig[]);

src/Common/Language.xml

@@ -256,6 +256,7 @@
     <control lang="en" key="IDM_UNMOUNTALL">Dismount All Mounted Volumes</control>
     <control lang="en" key="IDM_UNMOUNT_VOLUME">Dismount Volume</control>
     <control lang="en" key="IDM_VERIFY_RESCUE_DISK">Verify Rescue Disk</control>
+    <control lang="en" key="IDM_VERIFY_RESCUE_DISK_ISO">Verify Rescue Disk ISO Image</control>
     <control lang="en" key="IDM_VERSION_HISTORY">Version History</control>
     <control lang="en" key="IDM_VOLUME_EXPANDER">Volume Expander</control>
     <control lang="en" key="IDM_VOLUME_PROPERTIES">Volume Properties</control>
@@ -961,6 +962,8 @@
     <string lang="en" key="RESCUE_DISK_NON_WIZARD_CHECK_INSERT">Please insert your VeraCrypt Rescue Disk into your CD/DVD drive and click OK to verify it.</string>
     <string lang="en" key="RESCUE_DISK_NON_WIZARD_CHECK_PASSED">The VeraCrypt Rescue Disk has been successfully verified.</string>
     <string lang="en" key="RESCUE_DISK_NON_WIZARD_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly burned.\n\nIf you have burned the Rescue Disk, please eject and reinsert the CD/DVD; then try again. If this does not help, please try other CD/DVD recording software and/or medium.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created for a different master key, password, salt, etc., please note that such Rescue Disk will always fail this verification. To create a new Rescue Disk fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</string>
+    <string lang="en" key="RESCUE_DISK_ISO_IMAGE_CHECK_PASSED">The VeraCrypt Rescue Disk ISO image has been successfully verified.</string>
+    <string lang="en" key="RESCUE_DISK_ISO_IMAGE_CHECK_FAILED">The Rescue Disk ISO image verification failed.\n\nIf you attempted to verify a VeraCrypt Rescue Disk ISO image created for a different master key, password, salt, etc., please note that such Rescue Disk ISO image will always fail this verification. To create a new Rescue Disk ISO image fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</string>
     <string lang="en" key="ERROR_CREATING_RESCUE_DISK">Error creating VeraCrypt Rescue Disk.</string>
     <string lang="en" key="CANNOT_CREATE_RESCUE_DISK_ON_HIDDEN_OS">VeraCrypt Rescue Disk cannot be created when a hidden operating system is running.\n\nTo create a VeraCrypt Rescue Disk, boot the decoy operating system and then select 'System' > 'Create Rescue Disk'.</string>
     <string lang="en" key="RESCUE_DISK_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly burned.\n\nIf you have burned the Rescue Disk, please eject and reinsert the CD/DVD; then click Next to try again. If this does not help, please try another medium%s.\n\nIf you have not burned the Rescue Disk yet, please do so, and then click Next.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created before you started this wizard, please note that such Rescue Disk cannot be used, because it was created for a different master key. You need to burn the newly generated Rescue Disk.</string>

src/Mount/Mount.c

@@ -1092,6 +1092,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly)
 		AppendMenu (popup, MF_SEPARATOR, 0, "");
 		AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK"));
 		AppendMenuW (popup, MF_STRING, IDM_VERIFY_RESCUE_DISK, GetString ("IDM_VERIFY_RESCUE_DISK"));
+		AppendMenuW (popup, MF_STRING, IDM_VERIFY_RESCUE_DISK_ISO, GetString ("IDM_VERIFY_RESCUE_DISK_ISO"));
 	}
 
 	if (!bToolsOnly)
@@ -5567,7 +5568,7 @@ void CreateRescueDisk (HWND hwndDlg)
 		Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg);
 }
 
-static void VerifyRescueDisk (HWND hwndDlg)
+static void VerifyRescueDisk (HWND hwndDlg, bool checkIsoFile)
 {
 	try
 	{
@@ -5598,7 +5599,7 @@ static void VerifyRescueDisk (HWND hwndDlg)
 	{
 		try
 		{
-			if (AskOkCancel ("RESCUE_DISK_NON_WIZARD_CHECK_INSERT", hwndDlg) != IDOK)
+			if (!checkIsoFile && (AskOkCancel ("RESCUE_DISK_NON_WIZARD_CHECK_INSERT", hwndDlg) != IDOK))
 			{		
 				CloseSysEncMutex ();
 				return;
@@ -5607,11 +5608,33 @@ static void VerifyRescueDisk (HWND hwndDlg)
 			// Create a temporary up-to-date rescue disk image in RAM (with it the CD/DVD content will be compared)
 			BootEncObj->CreateRescueIsoImage (false, "");
 
-			WaitCursor();
+			
-			if (!BootEncObj->VerifyRescueDisk ())
+			if (checkIsoFile)
-				Error ("RESCUE_DISK_NON_WIZARD_CHECK_FAILED", hwndDlg);
+			{
+				char szRescueDiskISO [TC_MAX_PATH+1];
+				char initialDir[MAX_PATH];
+				SHGetFolderPath (NULL, CSIDL_MYDOCUMENTS, NULL, 0, initialDir);
+
+				if (!BrowseFilesInDir (hwndDlg, "OPEN_TITLE", initialDir, szRescueDiskISO, FALSE, FALSE, NULL, L"VeraCrypt Rescue Disk.iso", L"iso"))
+				{		
+					CloseSysEncMutex ();
+					return;
+				}
+
+				WaitCursor();
+				if (!BootEncObj->VerifyRescueDiskIsoImage (szRescueDiskISO))
+					Error ("RESCUE_DISK_ISO_IMAGE_CHECK_FAILED", hwndDlg);
+				else
+					Info ("RESCUE_DISK_ISO_IMAGE_CHECK_PASSED", hwndDlg);	
+			}
 			else
-				Info ("RESCUE_DISK_NON_WIZARD_CHECK_PASSED", hwndDlg);
+			{
+				WaitCursor();
+				if (!BootEncObj->VerifyRescueDisk ())
+					Error ("RESCUE_DISK_NON_WIZARD_CHECK_FAILED", hwndDlg);
+				else
+					Info ("RESCUE_DISK_NON_WIZARD_CHECK_PASSED", hwndDlg);
+			}
 		}
 		catch (Exception &e)
 		{
@@ -7136,7 +7159,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 			CreateRescueDisk (hwndDlg);
 			break;
 		case IDM_VERIFY_RESCUE_DISK:
-			VerifyRescueDisk (hwndDlg);
+			VerifyRescueDisk (hwndDlg, false);
+			break;
+		case IDM_VERIFY_RESCUE_DISK_ISO:
+			VerifyRescueDisk (hwndDlg, true);
 			break;
 		case IDM_MOUNT_SYSENC_PART_WITHOUT_PBA:
 

src/Mount/Mount.rc

@@ -588,6 +588,7 @@ BEGIN
         MENUITEM SEPARATOR
         MENUITEM "Create Rescue Disk...",       IDM_CREATE_RESCUE_DISK
         MENUITEM "Verify Rescue Disk",          IDM_VERIFY_RESCUE_DISK
+        MENUITEM "Verify Rescue Disk ISO Image",IDM_VERIFY_RESCUE_DISK_ISO
         MENUITEM SEPARATOR
         MENUITEM "Mount Without Pre-Boot &Authentication...", IDM_MOUNT_SYSENC_PART_WITHOUT_PBA
         MENUITEM SEPARATOR

src/Mount/Resource.h

@@ -239,6 +239,7 @@
 #define IDM_VOLUME_EXPANDER             40065
 #define IDM_DEFAULT_MOUNT_PARAMETERS    40066
 #define IDM_DECRYPT_NONSYS_VOL          40067
+#define IDM_VERIFY_RESCUE_DISK_ISO      40068
 
 // Next default values for new objects
 // 
@@ -246,7 +247,7 @@
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        119
-#define _APS_NEXT_COMMAND_VALUE         40068
+#define _APS_NEXT_COMMAND_VALUE         40069
 #define _APS_NEXT_CONTROL_VALUE         1151
 #define _APS_NEXT_SYMED_VALUE           101
 #endif