VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-09 23:26:15 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-15 01:09:13 +0200
commit07ee8c10691d05e4e290ecdaa634ad5311b3cbb1 (patch)
tree436fc236acefb75237622da0e4cf7f3f05f7f48b /src/Common
parent246233c40262c5be2edfa916cf841dd4bce6598e (diff)
downloadVeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.tar.gz
VeraCrypt-07ee8c10691d05e4e290ecdaa634ad5311b3cbb1.zip
Windows: Implement support for EFI system encryption in Windows GUI.
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/BaseCom.cpp217
-rw-r--r--src/Common/BaseCom.h16
-rw-r--r--src/Common/BootEncryption.cpp1517
-rw-r--r--src/Common/BootEncryption.h97
-rw-r--r--src/Common/Dlgcode.c473
-rw-r--r--src/Common/Dlgcode.h3
-rw-r--r--src/Common/Language.xml5
7 files changed, 1924 insertions, 404 deletions
diff --git a/src/Common/BaseCom.cpp b/src/Common/BaseCom.cpp
index 5905b6a8..26e2650a 100644
--- a/src/Common/BaseCom.cpp
+++ b/src/Common/BaseCom.cpp
@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -161,6 +161,63 @@ DWORD BaseCom::ReadWriteFile (BOOL write, BOOL device, BSTR filePath, BSTR *buff
return ERROR_SUCCESS;
}
+DWORD BaseCom::GetFileSize (BSTR filePath, unsigned __int64 *pSize)
+{
+ if (!pSize)
+ return ERROR_INVALID_PARAMETER;
+
+ try
+ {
+ std::wstring path (filePath);
+ File file(filePath, true);
+ file.CheckOpened (SRC_POS);
+ file.GetFileSize (*pSize);
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output)
+{
+ try
+ {
+ auto_ptr <File> file (device ? new Device (filePath, readOnly == TRUE) : new File (filePath, readOnly == TRUE));
+ file->CheckOpened (SRC_POS);
+ if (!file->IoCtl (dwIoControlCode, (BYTE *) input, !(BYTE *) input ? 0 : ((DWORD *) ((BYTE *) input))[-1],
+ (BYTE *) *output, !(BYTE *) *output ? 0 : ((DWORD *) ((BYTE *) *output))[-1]))
+ {
+ return GetLastError();
+ }
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
DWORD BaseCom::RegisterFilterDriver (BOOL registerDriver, int filterType)
{
@@ -244,3 +301,161 @@ DWORD BaseCom::WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName
return ERROR_SUCCESS;
}
+DWORD BaseCom::InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg)
+{
+ try
+ {
+ BootEncryption bootEnc (NULL);
+ bootEnc.InstallBootLoader (preserveUserConfig? true : false, hiddenOSCreation? true : false, pim, hashAlg);
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::BackupEfiSystemLoader ()
+{
+ try
+ {
+ BootEncryption bootEnc (NULL);
+ bootEnc.BackupSystemLoader ();
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::RestoreEfiSystemLoader ()
+{
+ try
+ {
+ BootEncryption bootEnc (NULL);
+ bootEnc.RestoreSystemLoader ();
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::GetEfiBootDeviceNumber (BSTR* pSdn)
+{
+ if (!pSdn || !(*pSdn) || ((((DWORD *) ((BYTE *) *pSdn))[-1]) < sizeof (STORAGE_DEVICE_NUMBER)))
+ return ERROR_INVALID_PARAMETER;
+
+ try
+ {
+ BootEncryption bootEnc (NULL);
+ bootEnc.GetEfiBootDeviceNumber ((PSTORAGE_DEVICE_NUMBER) *pSdn);
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::ReadEfiConfig (BSTR* pContent, DWORD *pcbRead)
+{
+ if (!pContent || !(*pContent))
+ return ERROR_INVALID_PARAMETER;
+
+ try
+ {
+ DWORD maxSize = ((DWORD *) ((BYTE *) *pContent))[-1];
+ BootEncryption bootEnc (NULL);
+ bootEnc.ReadEfiConfig ((byte*) *pContent, maxSize, pcbRead);
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+}
+
+DWORD BaseCom::WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg)
+{
+ if (!customUserMessage)
+ return ERROR_INVALID_PARAMETER;
+
+ try
+ {
+ DWORD maxSize = ((DWORD *) ((BYTE *) customUserMessage))[-1];
+ char* msg = (char*) *customUserMessage;
+ if (maxSize > 0)
+ msg [maxSize - 1] = 0;
+ std::string msgStr = maxSize > 0 ? msg : "";
+ BootEncryption bootEnc (NULL);
+ bootEnc.WriteEfiBootSectorUserConfig ((byte) userConfig, msgStr, pim, hashAlg);
+ }
+ catch (SystemException &)
+ {
+ return GetLastError();
+ }
+ catch (Exception &e)
+ {
+ e.Show (NULL);
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+ catch (...)
+ {
+ return ERROR_EXCEPTION_IN_SERVICE;
+ }
+
+ return ERROR_SUCCESS;
+} \ No newline at end of file
diff --git a/src/Common/BaseCom.h b/src/Common/BaseCom.h
index a5b27473..b103ad59 100644
--- a/src/Common/BaseCom.h
+++ b/src/Common/BaseCom.h
@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -20,11 +20,11 @@ class TrueCryptFactory : public IClassFactory
{
public:
- TrueCryptFactory (DWORD messageThreadId) :
+ TrueCryptFactory (DWORD messageThreadId) :
RefCount (1), ServerLockCount (0), MessageThreadId (messageThreadId) { }
~TrueCryptFactory () { }
-
+
virtual ULONG STDMETHODCALLTYPE AddRef ()
{
return InterlockedIncrement (&RefCount) - 1;
@@ -53,7 +53,7 @@ public:
AddRef ();
return S_OK;
}
-
+
virtual HRESULT STDMETHODCALLTYPE CreateInstance (IUnknown *pUnkOuter, REFIID riid, void **ppvObject)
{
if (pUnkOuter != NULL)
@@ -110,6 +110,14 @@ public:
static DWORD RegisterSystemFavoritesService (BOOL registerService);
static DWORD SetDriverServiceStartType (DWORD startType);
static DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value);
+ static DWORD GetFileSize (BSTR filePath, unsigned __int64 *pSize);
+ static DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output);
+ static DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg);
+ static DWORD BackupEfiSystemLoader ();
+ static DWORD RestoreEfiSystemLoader ();
+ static DWORD GetEfiBootDeviceNumber (BSTR* pSdn);
+ static DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead);
+ static DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg);
};
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index b18d1ce1..dd0b9d13 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -28,6 +28,7 @@
#include "Random.h"
#include "Registry.h"
#include "Volumes.h"
+#include "Xml.h"
#ifdef VOLFORMAT
#include "Format/FormatCom.h"
@@ -44,7 +45,7 @@ namespace VeraCrypt
class Elevator
{
public:
-
+
static void AddReference ()
{
++ReferenceCount;
@@ -160,6 +161,75 @@ namespace VeraCrypt
memcpy (buffer, (BYTE *) bufferBstr.m_str, size);
}
+ static void GetFileSize (const wstring &filePath, unsigned __int64* pSize)
+ {
+ Elevate();
+
+ DWORD result;
+ CComBSTR fileBstr;
+ BSTR bstr = W2BSTR(filePath.c_str());
+ if (bstr)
+ {
+ fileBstr.Attach (bstr);
+ result = ElevatedComInstance->GetFileSize (fileBstr, pSize);
+ }
+ else
+ {
+ result = ERROR_OUTOFMEMORY;
+ }
+
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static BOOL DeviceIoControl (BOOL readOnly, BOOL device, const wstring &filePath, DWORD dwIoControlCode, LPVOID input, DWORD inputSize,
+ LPVOID output, DWORD outputSize)
+ {
+ Elevate();
+
+ DWORD result;
+
+ BSTR bstr = W2BSTR(filePath.c_str());
+ if (bstr)
+ {
+ CComBSTR inputBstr;
+ if (input && inputBstr.AppendBytes ((const char *) input, inputSize) != S_OK)
+ {
+ SetLastError (ERROR_INVALID_PARAMETER);
+ return FALSE;
+ }
+
+ CComBSTR outputBstr;
+ if (output && outputBstr.AppendBytes ((const char *) output, outputSize) != S_OK)
+ {
+ SetLastError (ERROR_INVALID_PARAMETER);
+ return FALSE;
+ }
+
+ CComBSTR fileBstr;
+ fileBstr.Attach (bstr);
+ result = ElevatedComInstance->DeviceIoControl (readOnly, device, fileBstr, dwIoControlCode, inputBstr, &outputBstr);
+
+ if (output)
+ memcpy (output, *(void **) &outputBstr, outputSize);
+ }
+ else
+ {
+ result = ERROR_OUTOFMEMORY;
+ }
+
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ return FALSE;
+ }
+ else
+ return TRUE;
+ }
+
static BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly)
{
Elevate();
@@ -225,6 +295,112 @@ namespace VeraCrypt
}
}
+ static void InstallEfiBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg)
+ {
+ Elevate();
+
+ DWORD result = ElevatedComInstance->InstallEfiBootLoader (preserveUserConfig ? TRUE : FALSE, hiddenOSCreation ? TRUE : FALSE, pim, hashAlg);
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static void BackupEfiSystemLoader ()
+ {
+ Elevate();
+
+ DWORD result = ElevatedComInstance->BackupEfiSystemLoader ();
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static void RestoreEfiSystemLoader ()
+ {
+ Elevate();
+
+ DWORD result = ElevatedComInstance->RestoreEfiSystemLoader ();
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn)
+ {
+ Elevate();
+
+ CComBSTR outputBstr;
+ if (pSdn && outputBstr.AppendBytes ((const char *) pSdn, sizeof (STORAGE_DEVICE_NUMBER)) != S_OK)
+ {
+ SetLastError (ERROR_INVALID_PARAMETER);
+ throw SystemException(SRC_POS);
+ }
+
+ DWORD result = ElevatedComInstance->GetEfiBootDeviceNumber (&outputBstr);
+
+ if (pSdn)
+ memcpy (pSdn, *(void **) &outputBstr, sizeof (STORAGE_DEVICE_NUMBER));
+
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead)
+ {
+ Elevate();
+
+ CComBSTR outputBstr;
+ if (confContent && outputBstr.AppendBytes ((const char *) confContent, maxSize) != S_OK)
+ {
+ SetLastError (ERROR_INVALID_PARAMETER);
+ throw SystemException(SRC_POS);
+ }
+
+ DWORD result = ElevatedComInstance->ReadEfiConfig (&outputBstr, pcbRead);
+
+ if (confContent)
+ memcpy (confContent, *(void **) &outputBstr, maxSize);
+
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
+ static void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg)
+ {
+ Elevate();
+
+ DWORD result;
+ CComBSTR customUserMessageBstr;
+ BSTR bstr = A2BSTR(customUserMessage.c_str());
+ if (bstr)
+ {
+ customUserMessageBstr.Attach (bstr);
+ result = ElevatedComInstance->WriteEfiBootSectorUserConfig ((DWORD) userConfig, customUserMessageBstr, pim, hashAlg);
+ }
+ else
+ {
+ result = ERROR_OUTOFMEMORY;
+ }
+
+ if (result != ERROR_SUCCESS)
+ {
+ SetLastError (result);
+ throw SystemException(SRC_POS);
+ }
+ }
+
static void Release ()
{
if (--ReferenceCount == 0 && ElevatedComInstance)
@@ -292,12 +468,19 @@ namespace VeraCrypt
static void RegisterFilterDriver (bool registerDriver, BootEncryption::FilterType filterType) { throw ParameterIncorrect (SRC_POS); }
static void Release () { }
static void SetDriverServiceStartType (DWORD startType) { throw ParameterIncorrect (SRC_POS); }
+ static void GetFileSize (const wstring &filePath, unsigned __int64 *pSize) { throw ParameterIncorrect (SRC_POS); }
+ static BOOL DeviceIoControl (BOOL readOnly, BOOL device, const wstring &filePath, DWORD dwIoControlCode, LPVOID input, DWORD inputSize, LPVOID output, DWORD outputSize) { throw ParameterIncorrect (SRC_POS); }
+ static void InstallEfiBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg) { throw ParameterIncorrect (SRC_POS); }
+ static void BackupEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); }
+ static void RestoreEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); }
+ static void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn) { throw ParameterIncorrect (SRC_POS); }
+ static void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead) { throw ParameterIncorrect (SRC_POS); }
+ static void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg) { throw ParameterIncorrect (SRC_POS); }
};
#endif // SETUP
-
- File::File (wstring path, bool readOnly, bool create) : Elevated (false), FileOpen (false), LastError(0)
+ File::File (wstring path, bool readOnly, bool create) : Elevated (false), FileOpen (false), ReadOnly (readOnly), LastError(0)
{
Handle = CreateFile (path.c_str(),
readOnly ? GENERIC_READ : GENERIC_READ | GENERIC_WRITE,
@@ -375,6 +558,27 @@ namespace VeraCrypt
}
}
+ void File::GetFileSize (unsigned __int64& size)
+ {
+ if (!FileOpen)
+ {
+ SetLastError (LastError);
+ throw SystemException (SRC_POS);
+ }
+
+ if (Elevated)
+ {
+ Elevator::GetFileSize (Path, &size);
+ }
+ else
+ {
+ LARGE_INTEGER lSize;
+ lSize.QuadPart = 0;
+ throw_sys_if (!GetFileSizeEx (Handle, &lSize));
+ size = (size_t) lSize.QuadPart;
+ }
+ }
+
void File::Write (byte *buffer, DWORD size)
{
DWORD bytesWritten;
@@ -416,6 +620,25 @@ namespace VeraCrypt
}
}
+ bool File::IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize)
+ {
+ if (!FileOpen)
+ {
+ SetLastError (LastError);
+ throw SystemException (SRC_POS);
+ }
+
+ if (Elevated)
+ {
+ return TRUE == Elevator::DeviceIoControl (ReadOnly, IsDevice, Path, code, inBuf, inBufSize, outBuf, outBufSize);
+ }
+ else
+ {
+ DWORD bytesReturned = 0;
+ return TRUE == DeviceIoControl(Handle, code, inBuf, inBufSize, outBuf, outBufSize, &bytesReturned, NULL);
+ }
+ }
+
void Show (HWND parent, const wstring &str)
{
MessageBox (parent, str.c_str(), NULL, 0);
@@ -449,8 +672,10 @@ namespace VeraCrypt
FilePointerPosition = 0;
IsDevice = true;
Path = path;
+ ReadOnly = readOnly;
}
+ static EfiBoot EfiBootInst;
BootEncryption::BootEncryption (HWND parent)
: DriveConfigValid (false),
@@ -513,50 +738,54 @@ namespace VeraCrypt
bool activePartitionFound = false;
bool candidateForHiddenOSFound = false;
- if (config.SystemPartition.IsGPT)
- throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called
-
- // Find the first active partition on the system drive
- foreach (const Partition &partition, config.Partitions)
+ if (!config.SystemPartition.IsGPT)
{
- if (partition.Info.BootIndicator)
+// throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called
+
+ // Find the first active partition on the system drive
+ foreach (const Partition &partition, config.Partitions)
{
- if (partition.Info.PartitionNumber != config.SystemPartition.Number)
+ if (partition.Info.BootIndicator)
{
- // If there is an extra boot partition, the system partition must be located right behind it
- if (IsOSAtLeast (WIN_7) && config.ExtraBootPartitionPresent)
+ if (partition.Info.PartitionNumber != config.SystemPartition.Number)
{
- int64 minOffsetFound = config.DrivePartition.Info.PartitionLength.QuadPart;
- Partition bootPartition = partition;
- Partition partitionBehindBoot;
-
- foreach (const Partition &partition, config.Partitions)
+ // If there is an extra boot partition, the system partition must be located right behind it
+ if (IsOSAtLeast (WIN_7) && config.ExtraBootPartitionPresent)
{
- if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart
- && partition.Info.StartingOffset.QuadPart < minOffsetFound)
+ int64 minOffsetFound = config.DrivePartition.Info.PartitionLength.QuadPart;
+ Partition bootPartition = partition;
+ Partition partitionBehindBoot;
+
+ foreach (const Partition &partition, config.Partitions)
{
- minOffsetFound = partition.Info.StartingOffset.QuadPart;
- partitionBehindBoot = partition;
+ if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart
+ && partition.Info.StartingOffset.QuadPart < minOffsetFound)
+ {
+ minOffsetFound = partition.Info.StartingOffset.QuadPart;
+ partitionBehindBoot = partition;
+ }
}
- }
- if (minOffsetFound != config.DrivePartition.Info.PartitionLength.QuadPart
- && partitionBehindBoot.Number == config.SystemPartition.Number)
- {
- activePartitionFound = true;
- break;
+ if (minOffsetFound != config.DrivePartition.Info.PartitionLength.QuadPart
+ && partitionBehindBoot.Number == config.SystemPartition.Number)
+ {
+ activePartitionFound = true;
+ break;
+ }
}
+
+ throw ErrorException (wstring (GetString ("SYSTEM_PARTITION_NOT_ACTIVE"))
+ + GetRemarksOnHiddenOS(), SRC_POS);
}
- throw ErrorException (wstring (GetString ("SYSTEM_PARTITION_NOT_ACTIVE"))
- + GetRemarksOnHiddenOS(), SRC_POS);
+ activePartitionFound = true;
+ break;
}
-
- activePartitionFound = true;
- break;
}
+ } else {
+ // For GPT
+ activePartitionFound = true;
}
-
/* WARNING: Note that the partition number at the end of a device path (\Device\HarddiskY\PartitionX) must
NOT be used to find the first partition physically located behind the active one. The reason is that the
user may have deleted and created partitions during this session and e.g. the second partition could have
@@ -1065,6 +1294,7 @@ namespace VeraCrypt
int ea = 0;
int pkcs5_prf = 0;
+ BOOL bIsGPT = GetSystemDriveConfiguration().SystemPartition.IsGPT;
if (GetStatus().DriveMounted)
{
try
@@ -1126,8 +1356,8 @@ namespace VeraCrypt
pkcs5_prf = SelectedPrfAlgorithmId;
}
- // Only RIPEMD160 and SHA-256 are supported for boot loader
- if (pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
+ // Only RIPEMD160 and SHA-256 are supported for MBR boot loader
+ if (!bIsGPT && pkcs5_prf != RIPEMD160 && pkcs5_prf != SHA256)
throw ParameterIncorrect (SRC_POS);
int bootSectorId = 0;
@@ -1261,47 +1491,128 @@ namespace VeraCrypt
}
}
-
- void BootEncryption::ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig, string *customUserMessage, uint16 *bootLoaderVersion)
+ void BootEncryption::ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead)
{
- if (config && bufLength < TC_BOOT_CFG_FLAG_AREA_SIZE)
+ if (!pcbRead)
throw ParameterIncorrect (SRC_POS);
- GetSystemDriveConfigurationRequest request;
- StringCchCopyW (request.DevicePath, ARRAYSIZE (request.DevicePath), GetSystemDriveConfiguration().DeviceKernelPath.c_str());
+ if (!IsAdmin() && IsUacSupported())
+ {
+ Elevator::ReadEfiConfig (confContent, maxSize, pcbRead);
+ }
+ else
+ {
+ unsigned __int64 ui64Size = 0;
+
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
+ EfiBootInst.MountBootPartition(0);
+
+ EfiBootInst.GetFileSize(L"\\EFI\\VeraCrypt\\DcsProp", ui64Size);
+
+ *pcbRead = (DWORD) ui64Size;
+ if (*pcbRead > maxSize)
+ throw ParameterIncorrect (SRC_POS);
+
+ EfiBootInst.ReadFile (L"\\EFI\\VeraCrypt\\DcsProp", confContent, *pcbRead);
+ }
+ }
+
+ // return false when the user cancel an elevation request
+ bool BootEncryption::ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig, string *customUserMessage, uint16 *bootLoaderVersion)
+ {
+ bool bCanceled = false, bExceptionOccured = false;
try
{
- CallDriver (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG, &request, sizeof (request), &request, sizeof (request));
- if (config)
- *config = request.Configuration;
+ if (GetSystemDriveConfiguration().SystemPartition.IsGPT)
+ {
+ byte confContent[4096];
+ DWORD dwSize;
- if (userConfig)
- *userConfig = request.UserConfiguration;
+ // for now, we don't support any boot config flags, like hidden OS one
+ if (config)
+ memset (config, 0, bufLength);
- if (customUserMessage)
- {
- request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0;
- *customUserMessage = request.CustomUserMessage;
+ // call ReadEfiConfig only when needed since it requires elevation
+ if (userConfig || customUserMessage || bootLoaderVersion)
+ {
+ ReadEfiConfig (confContent, sizeof (confContent) - 1, &dwSize);
+
+ confContent[dwSize] = 0;
+
+ EfiBootConf conf;
+ conf.Load ((char*) confContent);
+
+ if (userConfig)
+ {
+ *userConfig = 0;
+ if (!conf.requestPim)
+ *userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_PIM;
+ if (!conf.requestHash)
+ *userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH;
+
+ }
+
+ if (customUserMessage)
+ customUserMessage->clear();
+
+ if (bootLoaderVersion)
+ {
+ *bootLoaderVersion = GetStatus().BootLoaderVersion;
+ }
+ }
}
+ else
+ {
+ if (config && bufLength < TC_BOOT_CFG_FLAG_AREA_SIZE)
+ throw ParameterIncorrect (SRC_POS);
- if (bootLoaderVersion)
- *bootLoaderVersion = request.BootLoaderVersion;
+ GetSystemDriveConfigurationRequest request;
+ StringCchCopyW (request.DevicePath, ARRAYSIZE (request.DevicePath), GetSystemDriveConfiguration().DeviceKernelPath.c_str());
+
+ CallDriver (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG, &request, sizeof (request), &request, sizeof (request));
+ if (config)
+ *config = request.Configuration;
+
+ if (userConfig)
+ *userConfig = request.UserConfiguration;
+
+ if (customUserMessage)
+ {
+ request.CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH] = 0;
+ *customUserMessage = request.CustomUserMessage;
+ }
+
+ if (bootLoaderVersion)
+ *bootLoaderVersion = request.BootLoaderVersion;
+ }
+ }
+ catch (UserAbort&)
+ {
+ bCanceled = true;
+ bExceptionOccured= true;
}
catch (...)
{
+ bExceptionOccured = true;
+ }
+
+ if (bExceptionOccured)
+ {
if (config)
*config = 0;
if (userConfig)
*userConfig = 0;
-
+
if (customUserMessage)
customUserMessage->clear();
if (bootLoaderVersion)
*bootLoaderVersion = 0;
}
+
+ return !bCanceled;
}
@@ -1327,52 +1638,78 @@ namespace VeraCrypt
throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
}
-
- void BootEncryption::WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim)
+ void BootEncryption::WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg)
{
- Device device (GetSystemDriveConfiguration().DevicePath);
- device.CheckOpened (SRC_POS);
- byte mbr[TC_SECTOR_SIZE_BIOS];
-
- device.SeekAt (0);
- device.Read (mbr, sizeof (mbr));
-
- if (!BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME)
- || BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)) != VERSION_NUM)
+ if (!IsAdmin() && IsUacSupported())
{
- return;
+ Elevator::WriteEfiBootSectorUserConfig (userConfig, customUserMessage, pim, hashAlg);
}
-
- mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = userConfig;
-
- memset (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, 0, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
-
- if (!customUserMessage.empty())
+ else
{
- if (customUserMessage.size() > TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)
- throw ParameterIncorrect (SRC_POS);
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
+ EfiBootInst.MountBootPartition(0);
- memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size());
+ if (! (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM))
+ pim = -1;
+ if (! (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH))
+ hashAlg = -1;
+
+ EfiBootInst.UpdateConfig (L"\\EFI\\VeraCrypt\\DcsProp", pim, hashAlg, ParentWindow);
}
+ }
- if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ void BootEncryption::WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg)
+ {
+ if (GetSystemDriveConfiguration().SystemPartition.IsGPT)
{
- // PIM for pre-boot authentication can be encoded on two bytes since its maximum
- // value is 65535 (0xFFFF)
- memcpy (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ WriteEfiBootSectorUserConfig (userConfig, customUserMessage, pim, hashAlg);
}
else
- memset (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, 0, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ {
+ Device device (GetSystemDriveConfiguration().DevicePath);
+ device.CheckOpened (SRC_POS);
+ byte mbr[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Write (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Read (mbr, sizeof (mbr));
- byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbrVerificationBuf, sizeof (mbr));
+ if (!BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME)
+ || BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET)) != VERSION_NUM)
+ {
+ return;
+ }
- if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
- throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = userConfig;
+
+ memset (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, 0, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
+
+ if (!customUserMessage.empty())
+ {
+ if (customUserMessage.size() > TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)
+ throw ParameterIncorrect (SRC_POS);
+
+ memcpy (mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, customUserMessage.c_str(), customUserMessage.size());
+ }
+
+ if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ {
+ // PIM for pre-boot authentication can be encoded on two bytes since its maximum
+ // value is 65535 (0xFFFF)
+ memcpy (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ }
+ else
+ memset (mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, 0, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+
+ device.SeekAt (0);
+ device.Write (mbr, sizeof (mbr));
+
+ byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
+ device.SeekAt (0);
+ device.Read (mbrVerificationBuf, sizeof (mbr));
+
+ if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
+ throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ }
}
@@ -1414,7 +1751,7 @@ namespace VeraCrypt
ZeroMemory (&request, sizeof (request));
request.WipeAlgorithm = wipeAlgorithm;
-
+
if (Randinit() != ERR_SUCCESS)
{
if (CryptoAPILastError == ERROR_SUCCESS)
@@ -1442,7 +1779,7 @@ namespace VeraCrypt
CallDriver (TC_IOCTL_ABORT_DECOY_SYSTEM_WIPE);
}
-
+
DecoySystemWipeStatus BootEncryption::GetDecoyOSWipeStatus ()
{
DecoySystemWipeStatus status;
@@ -1476,7 +1813,7 @@ namespace VeraCrypt
device.SeekAt (0);
device.Read (mbr, sizeof (mbr));
-
+
finally_do_arg (BootEncryption *, this,
{
try
@@ -1522,66 +1859,762 @@ namespace VeraCrypt
#endif // !SETUP
+ NtQuerySystemInformationFn NtQuerySystemInformationPtr = NULL;
+
+ EfiBootConf::EfiBootConf() : passwordType (0),
+ passwordMsg ("Enter Password: "),
+ passwordPicture ("login.bmp"),
+ hashMsg ("(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: "),
+ hashAlgo (0),
+ requestHash (0),
+ pimMsg ("PIM (Leave empty for default): "),
+ pim (0),
+ requestPim (1),
+ authorizeVisible (0),
+ authorizeRetry (10)
+ {
+
+ }
+
+ BOOL EfiBootConf::ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize)
+ {
+ char *xml;
+
+ xml = configContent;
+ if (xml != NULL)
+ {
+ xml = XmlFindElementByAttributeValue (xml, "config", "key", configKey);
+ if (xml != NULL)
+ {
+ XmlGetNodeText (xml, configValue, maxValueSize);
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+ }
+
+
+ int EfiBootConf::ReadConfigInteger (char* configContent, const char *configKey, int defaultValue)
+ {
+ char s[32];
+ int iRet;
+ if (ReadConfigValue (configContent, configKey, s, sizeof (s)))
+ iRet = atoi (s);
+ else
+ iRet = defaultValue;
+ burn (s, sizeof (s));
+ return iRet;
+ }
+
+
+ char* EfiBootConf::ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen)
+ {
+ if (ReadConfigValue (configContent, configKey, str, maxLen))
+ return str;
+ else
+ {
+ StringCbCopyA (str, maxLen, defaultValue);
+ return defaultValue;
+ }
+ }
+
+ BOOL EfiBootConf::WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue)
+ {
+
+ BOOL bRet = FALSE;
+ if (configFile)
+ {
+ char *c;
+ // Mark previous config value as updated
+ if (configContent != NULL)
+ {
+ c = XmlFindElementByAttributeValue (configContent, "config", "key", configKey);
+ if (c != NULL)
+ c[1] = '!';
+ }
+
+ if ( 0 != fwprintf (
+ configFile, L"\n\t\t<config key=\"%hs\">%hs</config>",
+ configKey, configValue))
+ {
+ bRet = TRUE;
+ }
+ }
+ return bRet;
+ }
+
+ BOOL EfiBootConf::WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue)
+ {
+ BOOL bRet = FALSE;
+ if (configFile)
+ {
+ char val[32];
+ StringCbPrintfA (val, sizeof(val), "%d", configValue);
+ bRet = WriteConfigString (configFile, configContent, configKey, val);
+ burn (val, sizeof (val));
+ }
+ return bRet;
+ }
+
+ BOOL EfiBootConf::Load (const wchar_t* fileName)
+ {
+ DWORD size = 0;
+ char* configContent = LoadFile (fileName, &size);
+ if (configContent)
+ {
+ Load (configContent);
+ burn (configContent, size);
+ free (configContent);
+ return TRUE;
+ }
+ else
+ return FALSE;
+ }
- void BootEncryption::InstallBootLoader (bool preserveUserConfig, bool hiddenOSCreation)
+ void EfiBootConf::Load (char* configContent)
+ {
+ char buffer[1024];
+
+ passwordType = ReadConfigInteger (configContent, "PasswordType", 0);
+ passwordMsg = ReadConfigString (configContent, "PasswordMsg", "Enter password: ", buffer, sizeof (buffer));
+ passwordPicture = ReadConfigString (configContent, "PasswordPicture", "\\EFI\\VeraCrypt\\login.bmp", buffer, sizeof (buffer));
+ //hashMsg = ReadConfigString (configContent, "HashMsg", "(0) TEST ALL (1) SHA512 (2) WHIRLPOOL (3) SHA256 (4) RIPEMD160 (5) STREEBOG\nHash: ", buffer, sizeof (buffer));
+ hashAlgo = ReadConfigInteger (configContent, "Hash", 0);
+ requestHash = ReadConfigInteger (configContent, "HashRqt", 1);
+ pimMsg = ReadConfigString (configContent, "PimMsg", "PIM: ", buffer, sizeof (buffer));
+ pim = ReadConfigInteger (configContent, "Pim", 0);
+ requestPim = ReadConfigInteger (configContent, "PimRqt", 1);
+ authorizeVisible = ReadConfigInteger (configContent, "AuthorizeVisible", 0);
+ authorizeRetry = ReadConfigInteger (configContent, "AuthorizeRetry", 0);
+
+ burn (buffer, sizeof (buffer));
+ }
+
+ BOOL EfiBootConf::Save (const wchar_t* fileName, HWND hwnd)
+ {
+ FILE *configFile = _wfopen (fileName, L"w,ccs=UTF-8");
+ if (configFile == NULL)
+ return FALSE;
+
+ BOOL bRet = FALSE;
+ DWORD size = 0;
+ char* configContent = LoadFile (fileName, &size);
+
+
+ XmlWriteHeader (configFile);
+ fputws (L"\n\t<configuration>", configFile);
+
+ WriteConfigInteger (configFile, configContent, "PasswordType", passwordType);
+ WriteConfigString (configFile, configContent, "PasswordMsg", passwordMsg.c_str());
+ WriteConfigString (configFile, configContent, "PasswordPicture", passwordPicture.c_str());
+ WriteConfigString (configFile, configContent, "HashMsg", hashMsg.c_str());
+ WriteConfigInteger (configFile, configContent, "Hash", hashAlgo);
+ WriteConfigInteger (configFile, configContent, "HashRqt", requestHash);
+ WriteConfigString (configFile, configContent, "PimMsg", pimMsg.c_str());
+ WriteConfigInteger (configFile, configContent, "Pim", pim);
+ WriteConfigInteger (configFile, configContent, "PimRqt", requestPim);
+ WriteConfigInteger (configFile, configContent, "AuthorizeVisible", authorizeVisible);
+ WriteConfigInteger (configFile, configContent, "AuthorizeRetry", authorizeRetry);
+
+ // Write unmodified values
+ char* xml = configContent;
+ char key[128], value[2048];
+ while (xml && (xml = XmlFindElement (xml, "config")))
+ {
+ XmlGetAttributeText (xml, "key", key, sizeof (key));
+ XmlGetNodeText (xml, value, sizeof (value));
+
+ fwprintf (configFile, L"\n\t\t<config key=\"%hs\">%hs</config>", key, value);
+ xml++;
+ }
+
+ fputws (L"\n\t</configuration>", configFile);
+ XmlWriteFooter (configFile);
+
+ TCFlushFile (configFile);
+
+ bRet = CheckFileStreamWriteErrors (hwnd, configFile, fileName);
+
+ fclose (configFile);
+
+ if (configContent != NULL)
+ {
+ burn (configContent, size);
+ free (configContent);
+ }
+
+ return bRet;
+ }
+
+ static const wchar_t* EfiVarGuid = L"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}";
+
+ EfiBoot::EfiBoot() {
+ ZeroMemory(EfiBootPartPath, sizeof(EfiBootPartPath));
+ ZeroMemory (systemPartitionPath, sizeof (systemPartitionPath));
+ m_bMounted = false;
+ }
+
+ void EfiBoot::MountBootPartition(WCHAR letter) {
+ NTSTATUS res;
+ ULONG len;
+ memset(tempBuf, 0, sizeof(tempBuf));
+
+ // Load NtQuerySystemInformation function point
+ if (!NtQuerySystemInformationPtr)
+ {
+ NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
+ if (!NtQuerySystemInformationPtr)
+ throw SystemException (SRC_POS);
+ }
+
+ res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
+ if (res != S_OK)
+ {
+ SetLastError (res);
+ throw SystemException (SRC_POS);
+ }
+
+ PUNICODE_STRING pStr = (PUNICODE_STRING) tempBuf;
+ memcpy (systemPartitionPath, pStr->Buffer, min (pStr->Length, (sizeof (systemPartitionPath) - 2)));
+
+ if (!letter) {
+ if (!GetFreeDriveLetter(&EfiBootPartPath[0])) {
+ throw ErrorException(L"No free letter to mount EFI boot partition", SRC_POS);
+ }
+ } else {
+ EfiBootPartPath[0] = letter;
+ }
+ EfiBootPartPath[1] = ':';
+ EfiBootPartPath[2] = 0;
+ throw_sys_if(!DefineDosDevice(DDD_RAW_TARGET_PATH, EfiBootPartPath, systemPartitionPath));
+
+ Device dev(EfiBootPartPath, TRUE);
+
+ try
+ {
+ dev.CheckOpened(SRC_POS);
+ }
+ catch (...)
+ {
+ DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
+ throw;
+ }
+
+ bool bSuccess = dev.IoCtl(IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, &sdn, sizeof(sdn))
+ && dev.IoCtl(IOCTL_DISK_GET_PARTITION_INFO_EX, NULL, 0, &partInfo, sizeof(partInfo));
+ DWORD dwLastError = GetLastError ();
+ dev.Close();
+ if (!bSuccess)
+ {
+ DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
+ SetLastError (dwLastError);
+ throw SystemException(SRC_POS);
+ }
+
+ m_bMounted = true;
+ }
+
+ void EfiBoot::DismountBootPartition() {
+ if (m_bMounted)
+ {
+ DefineDosDevice(DDD_REMOVE_DEFINITION, EfiBootPartPath, NULL);
+ m_bMounted = false;
+ }
+ }
+
+ bool EfiBoot::IsEfiBoot() {
+ DWORD BootOrderLen;
+ BootOrderLen = GetFirmwareEnvironmentVariable(L"BootOrder", EfiVarGuid, tempBuf, sizeof(tempBuf));
+ return BootOrderLen != 0;
+ }
+
+ void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) {
+ RaisePrivileges();
+ // Check EFI
+ if (!IsEfiBoot()) {
+ throw ErrorException(L"can not detect EFI environment", SRC_POS);
+ }
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
+ SetFirmwareEnvironmentVariable(varName, EfiVarGuid, NULL, 0);
+
+ wstring order = L"Order";
+ order.insert(0, type == NULL ? L"Boot" : type);
+ uint32 startOrderLen = GetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, tempBuf, sizeof(tempBuf));
+ uint32 startOrderNumPos = UINT_MAX;
+ bool startOrderUpdate = false;
+ uint16* startOrder = (uint16*)tempBuf;
+ for (uint32 i = 0; i < startOrderLen / 2; i++) {
+ if (startOrder[i] == statrtOrderNum) {
+ startOrderNumPos = i;
+ break;
+ }
+ }
+
+ // delete entry if present
+ if (startOrderNumPos != UINT_MAX) {
+ for (uint32 i = startOrderNumPos; i < ((startOrderLen / 2) - 1); ++i) {
+ startOrder[i] = startOrder[i + 1];
+ }
+ startOrderLen -= 2;
+ startOrderUpdate = true;
+ }
+
+ if (startOrderUpdate) {
+ SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+
+ // remove ourselves from BootNext value
+ uint16 bootNextValue = 0;
+ wstring next = L"Next";
+ next.insert(0, type == NULL ? L"Boot" : type);
+
+ if ( (GetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &bootNextValue, 2) == 2)
+ && (bootNextValue == statrtOrderNum)
+ )
+ {
+ SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, startOrder, 0);
+ }
+ }
+ }
+
+ void EfiBoot::SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum , wchar_t* type, uint32 attr) {
+ RaisePrivileges();
+ // Check EFI
+ if (!IsEfiBoot()) {
+ throw ErrorException(L"can not detect EFI environment", SRC_POS);
+ }
+
+ uint32 varSize = 56;
+ varSize += ((uint32) description.length()) * 2 + 2;
+ varSize += ((uint32) execPath.length()) * 2 + 2;
+ byte *startVar = new byte[varSize];
+ byte *pVar = startVar;
+
+ // Attributes (1b Active, 1000b - Hidden)
+ *(uint32 *)pVar = attr;
+ pVar += sizeof(uint32);
+
+ // Size Of device path + file path
+ *(uint16 *)pVar = (uint16)(50 + execPath.length() * 2 + 2);
+ pVar += sizeof(uint16);
+
+ // description
+ for (uint32 i = 0; i < description.length(); i++) {
+ *(uint16 *)pVar = description[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
+ pVar += sizeof(uint16);
+
+ /* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */
+
+ // Type
+ *(byte *)pVar = 0x04;
+ pVar += sizeof(byte);
+
+ // SubType
+ *(byte *)pVar = 0x01;
+ pVar += sizeof(byte);
+
+ // HDD dev path length
+ *(uint16 *)pVar = 0x2A; // 42
+ pVar += sizeof(uint16);
+
+ // PartitionNumber
+ *(uint32 *)pVar = (uint32)partInfo.PartitionNumber;
+ pVar += sizeof(uint32);
+
+ // PartitionStart
+ *(uint64 *)pVar = partInfo.StartingOffset.QuadPart >> 9;
+ pVar += sizeof(uint64);
+
+ // PartitiontSize
+ *(uint64 *)pVar = partInfo.PartitionLength.QuadPart >> 9;
+ pVar += sizeof(uint64);
+
+ // GptGuid
+ memcpy(pVar, &partInfo.Gpt.PartitionId, 16);
+ pVar += 16;
+
+ // MbrType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
+
+ // SigType
+ *(byte *)pVar = 0x02;
+ pVar += sizeof(byte);
+
+ // Type and sub type 04 04 (file path)
+ *(uint16 *)pVar = 0x0404;
+ pVar += sizeof(uint16);
+
+ // SizeOfFilePath ((CHAR16)FullPath.length + sizeof(EndOfrecord marker) )
+ *(uint16 *)pVar = (uint16)(execPath.length() * 2 + 2 + sizeof(uint32));
+ pVar += sizeof(uint16);
+
+ // FilePath
+ for (uint32 i = 0; i < execPath.length(); i++) {
+ *(uint16 *)pVar = execPath[i];
+ pVar += sizeof(uint16);
+ }
+ *(uint16 *)pVar = 0;
+ pVar += sizeof(uint16);
+
+ // EndOfrecord
+ *(uint32 *)pVar = 0x04ff7f;
+ pVar += sizeof(uint32);
+
+ // Set variable
+ wchar_t varName[256];
+ StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
+ SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);
+ delete startVar;
+
+ // Update order
+ wstring order = L"Order";
+ order.insert(0, type == NULL ? L"Boot" : type);
+
+ uint32 startOrderLen = GetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, tempBuf, sizeof(tempBuf));
+ uint32 startOrderNumPos = UINT_MAX;
+ bool startOrderUpdate = false;
+ uint16* startOrder = (uint16*)tempBuf;
+ for (uint32 i = 0; i < startOrderLen / 2; i++) {
+ if (startOrder[i] == statrtOrderNum) {
+ startOrderNumPos = i;
+ break;
+ }
+ }
+
+ // Create new entry if absent
+ if (startOrderNumPos == UINT_MAX) {
+ for (uint32 i = startOrderLen / 2; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ startOrderLen += 2;
+ startOrderUpdate = true;
+ } else if (startOrderNumPos > 0) {
+ for (uint32 i = startOrderNumPos; i > 0; --i) {
+ startOrder[i] = startOrder[i - 1];
+ }
+ startOrder[0] = statrtOrderNum;
+ startOrderUpdate = true;
+ }
+
+ if (startOrderUpdate) {
+ SetFirmwareEnvironmentVariable(order.c_str(), EfiVarGuid, startOrder, startOrderLen);
+ }
+
+ // set BootNext value
+ wstring next = L"Next";
+ next.insert(0, type == NULL ? L"Boot" : type);
+
+ SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2);
+
+ }
+
+ void EfiBoot::SaveFile(wchar_t* name, byte* data, DWORD size) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ File f(path, false, true);
+ f.Write(data, size);
+ f.Close();
+ }
+
+ void EfiBoot::GetFileSize(const wchar_t* name, unsigned __int64& size) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ File f(path, true);
+ f.GetFileSize(size);
+ f.Close();
+ }
+
+ void EfiBoot::ReadFile(const wchar_t* name, byte* data, DWORD size) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ File f(path, true);
+ f.Read(data, size);
+ f.Close();
+ }
+
+ void EfiBoot::CopyFile(const wchar_t* name, const wchar_t* targetName) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ wstring targetPath;
+ if (targetName[0] == L'\\')
+ {
+ targetPath = EfiBootPartPath;
+ targetPath += targetName;
+ }
+ else
+ targetPath = targetName;
+ throw_sys_if (!::CopyFileW (path.c_str(), targetPath.c_str(), FALSE));
+ }
+
+ BOOL EfiBoot::RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ wstring pathNew = EfiBootPartPath;
+ pathNew += nameNew;
+ return MoveFileExW(path.c_str(), pathNew.c_str(), bForce? MOVEFILE_REPLACE_EXISTING : 0);
+ }
+
+ BOOL EfiBoot::DelFile(wchar_t* name) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ return DeleteFile(path.c_str());
+ }
+
+ BOOL EfiBoot::MkDir(wchar_t* name, bool& bAlreadyExists) {
+ wstring path = EfiBootPartPath;
+ path += name;
+ bAlreadyExists = false;
+ BOOL bRet = CreateDirectory(path.c_str(), NULL);
+ if (!bRet && (GetLastError () == ERROR_ALREADY_EXISTS))
+ {
+ bRet = TRUE;
+ bAlreadyExists = true;
+ }
+ return bRet;
+ }
+
+ BOOL EfiBoot::ReadConfig (wchar_t* name, EfiBootConf& conf)
+ {
+ wstring path = EfiBootPartPath;
+ path += name;
+
+ return conf.Load (path.c_str());
+ }
+
+ BOOL EfiBoot::UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg)
+ {
+ BOOL bRet = FALSE;
+ EfiBootConf conf;
+ wstring path = EfiBootPartPath;
+ path += name;
+
+ if (conf.Load (path.c_str()))
+ {
+ if (pim >= 0)
+ {
+ conf.pim = pim;
+ conf.requestPim = 0;
+ }
+ else
+ {
+ conf.pim = 0;
+ conf.requestPim = 1;
+ }
+
+ if (hashAlgo >= 0)
+ {
+ conf.hashAlgo = hashAlgo;
+ conf.requestHash = 0;
+ }
+ else
+ {
+ conf.hashAlgo = 0;
+ conf.requestHash = 1;
+ }
+
+ return conf.Save (path.c_str(), hwndDlg);
+ }
+
+ return bRet;
+ }
+
+ BOOL EfiBoot::WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg)
+ {
+ EfiBootConf conf;
+ wstring path = EfiBootPartPath;
+ path += name;
+
+ if (preserveUserConfig)
+ {
+ conf.Load (path.c_str());
+ if (pim >= 0 && (conf.requestPim == 0))
+ {
+ conf.pim = pim;
+ }
+ if (hashAlgo >= 0 && (conf.requestHash == 0))
+ {
+ conf.hashAlgo = hashAlgo;
+ }
+ }
+ else
+ {
+ if (pim >= 0)
+ {
+ conf.pim = pim;
+ conf.requestPim = 0;
+ }
+ else
+ {
+ conf.pim = 0;
+ conf.requestPim = 1;
+ }
+
+ if (hashAlgo >= 0)
+ {
+ conf.hashAlgo = hashAlgo;
+ conf.requestHash = 0;
+ }
+ else
+ {
+ conf.hashAlgo = 0;
+ conf.requestHash = 1;
+ }
+ }
+
+ if (passPromptMsg && strlen (passPromptMsg))
+ {
+ conf.passwordMsg = passPromptMsg;
+ }
+
+ return conf.Save (path.c_str(), hwndDlg);
+ }
+
+ void BootEncryption::InstallBootLoader (bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg)
{
Device device (GetSystemDriveConfiguration().DevicePath);
device.CheckOpened (SRC_POS);
- InstallBootLoader (device, preserveUserConfig, hiddenOSCreation);
+ InstallBootLoader (device, preserveUserConfig, hiddenOSCreation, pim, hashAlg);
}
- void BootEncryption::InstallBootLoader (Device& device, bool preserveUserConfig, bool hiddenOSCreation, int pim)
+ void BootEncryption::InstallBootLoader (Device& device, bool preserveUserConfig, bool hiddenOSCreation, int pim, int hashAlg)
{
- byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
- CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
+ SystemDriveConfiguration config = GetSystemDriveConfiguration();
- // Write MBR
- byte mbr[TC_SECTOR_SIZE_BIOS];
+ if (config.SystemPartition.IsGPT) {
+ if (!IsAdmin()) {
+ if (IsUacSupported())
+ {
+ Elevator::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg);
+ return;
+ }
+ else
+ {
+ Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow);
+ }
+ }
+ DWORD sizeDcsBoot;
+ byte *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);
+ if (!dcsBootImg)
+ throw ErrorException(L"Out of resource DcsBoot", SRC_POS);
+ DWORD sizeDcsInt;
+ byte *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);
+ if (!dcsIntImg)
+ throw ErrorException(L"Out of resource DcsInt", SRC_POS);
+ DWORD sizeDcsCfg;
+ byte *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);
+ if (!dcsCfgImg)
+ throw ErrorException(L"Out of resource DcsCfg", SRC_POS);
+ DWORD sizeLegacySpeaker;
+ byte *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);
+ if (!LegacySpeakerImg)
+ throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);
+
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
+ EfiBootInst.MountBootPartition(0);
- device.SeekAt (0);
- device.Read (mbr, sizeof (mbr));
+ try
+ {
+ // Save modules
+ bool bAlreadyExist;
+
+ EfiBootInst.MkDir(L"\\EFI\\VeraCrypt", bAlreadyExist);
+ EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsBoot.efi", dcsBootImg, sizeDcsBoot);
+ EfiBootInst.SaveFile(L"\\EFI\\Boot\\bootx64.efi", dcsBootImg, sizeDcsBoot);
+ EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs", dcsIntImg, sizeDcsInt);
+ EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs", dcsCfgImg, sizeDcsCfg);
+ EfiBootInst.SaveFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs", LegacySpeakerImg, sizeLegacySpeaker);
+ EfiBootInst.SetStartExec(L"VeraCrypt BootLoader (DcsBoot)", L"\\EFI\\VeraCrypt\\DcsBoot.efi");
+
+ // move configuration file from old location (if it exists) to new location
+ // we don't force the move operation if the new location already exists
+ EfiBootInst.RenameFile (L"\\DcsProp", L"\\EFI\\VeraCrypt\\DcsProp", FALSE);
+ EfiBootInst.RenameFile (L"\\DcsBoot", L"\\EFI\\VeraCrypt\\DcsBoot", FALSE);
+
+ // move the original bootloader backup from old location (if it exists) to new location
+ // we don't force the move operation if the new location already exists
+ EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE);
+
+ // Clean beta9
+ EfiBootInst.DelFile(L"\\DcsBoot.efi");
+ EfiBootInst.DelFile(L"\\DcsInt.efi");
+ EfiBootInst.DelFile(L"\\DcsCfg.efi");
+ EfiBootInst.DelFile(L"\\LegacySpeaker.efi");
+ EfiBootInst.DelFile(L"\\DcsBoot");
+ EfiBootInst.DelFile(L"\\DcsProp");
+ }
+ catch (...)
+ {
+ throw;
+ }
- if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
+ EfiBootInst.WriteConfig (L"\\EFI\\VeraCrypt\\DcsProp", preserveUserConfig, pim, hashAlg, NULL, ParentWindow);
+ }
+ else
{
- uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
- if (version != 0)
- {
- bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
+ byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
+ CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);
+
+ // Write MBR
+ byte mbr[TC_SECTOR_SIZE_BIOS];
+
+ device.SeekAt (0);
+ device.Read (mbr, sizeof (mbr));
- if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ if (preserveUserConfig && BufferContainsString (mbr, sizeof (mbr), TC_APP_NAME))
+ {
+ uint16 version = BE16 (*(uint16 *) (mbr + TC_BOOT_SECTOR_VERSION_OFFSET));
+ if (version != 0)
{
- if (pim >= 0)
+ bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] = mbr[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, mbr + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);
+
+ if (bootLoaderBuf[TC_BOOT_SECTOR_USER_CONFIG_OFFSET] & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
{
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ if (pim >= 0)
+ {
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, &pim, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
+ }
+ else
+ memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
- else
- memcpy (bootLoaderBuf + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, mbr + TC_BOOT_SECTOR_PIM_VALUE_OFFSET, TC_BOOT_SECTOR_PIM_VALUE_SIZE);
}
}
- }
- memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
+ memcpy (mbr, bootLoaderBuf, TC_MAX_MBR_BOOT_CODE_SIZE);
- device.SeekAt (0);
- device.Write (mbr, sizeof (mbr));
+ device.SeekAt (0);
+ device.Write (mbr, sizeof (mbr));
- byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbrVerificationBuf, sizeof (mbr));
+ byte mbrVerificationBuf[TC_SECTOR_SIZE_BIOS];
+ device.SeekAt (0);
+ device.Read (mbrVerificationBuf, sizeof (mbr));
- if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
- throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
+ if (memcmp (mbr, mbrVerificationBuf, sizeof (mbr)) != 0)
+ throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);
- // Write boot loader
- device.SeekAt (TC_SECTOR_SIZE_BIOS);
- device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ // Write boot loader
+ device.SeekAt (TC_SECTOR_SIZE_BIOS);
+ device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS);
+ }
}
#ifndef SETUP
bool BootEncryption::CheckBootloaderFingerprint (bool bSilent)
{
+ SystemDriveConfiguration config = GetSystemDriveConfiguration();
+
+ // return true for now when EFI system encryption is used until we implement
+ // a dedicated EFI fingerprinting mechanism in VeraCrypt driver
+ if (config.SystemPartition.IsGPT)
+ return true;
+
byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0};
byte fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE];
byte expectedFingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE];
@@ -1622,7 +2655,7 @@ namespace VeraCrypt
WCHAR pathBuf[MAX_PATH];
throw_sys_if (!SUCCEEDED (SHGetFolderPath (NULL, CSIDL_COMMON_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, pathBuf)));
-
+
wstring path = wstring (pathBuf) + L"\\" _T(TC_APP_NAME);
CreateDirectory (path.c_str(), NULL);
@@ -1652,7 +2685,7 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
Buffer imageBuf (RescueIsoImageSize);
-
+
byte *image = imageBuf.Ptr();
memset (image, 0, RescueIsoImageSize);
@@ -1749,7 +2782,7 @@ namespace VeraCrypt
File sysBakFile (GetSystemLoaderBackupPath(), true);
sysBakFile.CheckOpened (SRC_POS);
sysBakFile.Read (image + TC_CD_BOOTSECTOR_OFFSET + TC_ORIG_BOOT_LOADER_BACKUP_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE);
-
+
image[TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_SECTOR_CONFIG_OFFSET] |= TC_BOOT_CFG_FLAG_RESCUE_DISK_ORIG_SYS_LOADER;
}
catch (Exception &e)
@@ -1757,7 +2790,7 @@ namespace VeraCrypt
e.Show (ParentWindow);
Warning ("SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK", ParentWindow);
}
-
+
// Boot loader backup
CreateBootLoaderInMemory (image + TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_LOADER_BACKUP_RESCUE_DISK_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE, false);
@@ -1805,7 +2838,7 @@ namespace VeraCrypt
UINT driveType = GetDriveType (rootPath);
// check that it is a CD/DVD drive or a removable media in case a bootable
// USB key was created from the rescue disk ISO file
- if ((DRIVE_CDROM == driveType) || (DRIVE_REMOVABLE == driveType))
+ if ((DRIVE_CDROM == driveType) || (DRIVE_REMOVABLE == driveType))
{
rootPath[2] = 0; // remove trailing backslash
@@ -1841,7 +2874,7 @@ namespace VeraCrypt
Buffer buffer ((verifiedSectorCount + 1) * 2048);
DWORD bytesRead = isoFile.Read (buffer.Ptr(), (DWORD) buffer.Size());
- if ( (bytesRead == buffer.Size())
+ if ( (bytesRead == buffer.Size())
&& (memcmp (buffer.Ptr(), RescueIsoImage, buffer.Size()) == 0)
)
{
@@ -1928,51 +2961,132 @@ namespace VeraCrypt
}
+#define VC_EFI_BOOTLOADER_NAME L"DcsBoot"
+
void BootEncryption::BackupSystemLoader ()
{
- Device device (GetSystemDriveConfiguration().DevicePath, true);
- device.CheckOpened (SRC_POS);
- byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS];
+ if (GetSystemDriveConfiguration().SystemPartition.IsGPT)
+ {
+ if (!IsAdmin()) {
+ if (IsUacSupported())
+ {
+ Elevator::BackupEfiSystemLoader ();
+ return;
+ }
+ else
+ {
+ Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow);
+ }
+ }
+ unsigned __int64 loaderSize = 0;
- device.SeekAt (0);
- device.Read (bootLoaderBuf, sizeof (bootLoaderBuf));
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
- // Prevent TrueCrypt loader from being backed up
- for (size_t i = 0; i < sizeof (bootLoaderBuf) - strlen (TC_APP_NAME); ++i)
- {
- if (memcmp (bootLoaderBuf + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0)
+ EfiBootInst.MountBootPartition(0);
+
+ EfiBootInst.GetFileSize(L"\\EFI\\Boot\\bootx64.efi", loaderSize);
+
+ std::vector<byte> bootLoaderBuf ((size_t) loaderSize);
+
+ EfiBootInst.ReadFile(L"\\EFI\\Boot\\bootx64.efi", &bootLoaderBuf[0], (DWORD) loaderSize);
+
+ // Prevent VeraCrypt EFI loader from being backed up
+ for (size_t i = 0; i < (size_t) loaderSize - (wcslen (VC_EFI_BOOTLOADER_NAME) * 2); ++i)
{
- if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO)
- throw UserAbort (SRC_POS);
- return;
+ if (memcmp (&bootLoaderBuf[i], VC_EFI_BOOTLOADER_NAME, wcslen (VC_EFI_BOOTLOADER_NAME) * 2) == 0)
+ {
+ if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO)
+ throw UserAbort (SRC_POS);
+ return;
+ }
}
+
+ EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", GetSystemLoaderBackupPath().c_str());
+ EfiBootInst.CopyFile(L"\\EFI\\Boot\\bootx64.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup");
}
+ else
+ {
+ Device device (GetSystemDriveConfiguration().DevicePath, true);
+ device.CheckOpened (SRC_POS);
+ byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS];
+
+ device.SeekAt (0);
+ device.Read (bootLoaderBuf, sizeof (bootLoaderBuf));
+
+ // Prevent TrueCrypt loader from being backed up
+ for (size_t i = 0; i < sizeof (bootLoaderBuf) - strlen (TC_APP_NAME); ++i)
+ {
+ if (memcmp (bootLoaderBuf + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0)
+ {
+ if (AskWarnNoYes ("TC_BOOT_LOADER_ALREADY_INSTALLED", ParentWindow) == IDNO)
+ throw UserAbort (SRC_POS);
+ return;
+ }
+ }
- File backupFile (GetSystemLoaderBackupPath(), false, true);
- backupFile.Write (bootLoaderBuf, sizeof (bootLoaderBuf));
+ File backupFile (GetSystemLoaderBackupPath(), false, true);
+ backupFile.Write (bootLoaderBuf, sizeof (bootLoaderBuf));
+ }
}
void BootEncryption::RestoreSystemLoader ()
{
- byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS];
+ SystemDriveConfiguration config = GetSystemDriveConfiguration();
+ if (config.SystemPartition.IsGPT) {
+ if (!IsAdmin()) {
+ if (IsUacSupported())
+ {
+ Elevator::RestoreEfiSystemLoader ();
+ return;
+ }
+ else
+ {
+ Warning ("ADMIN_PRIVILEGES_WARN_DEVICES", ParentWindow);
+ }
+ }
- File backupFile (GetSystemLoaderBackupPath(), true);
- backupFile.CheckOpened(SRC_POS);
- if (backupFile.Read (bootLoaderBuf, sizeof (bootLoaderBuf)) != sizeof (bootLoaderBuf))
- throw ParameterIncorrect (SRC_POS);
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
- Device device (GetSystemDriveConfiguration().DevicePath);
- device.CheckOpened (SRC_POS);
+ EfiBootInst.MountBootPartition(0);
- // Preserve current partition table
- byte mbr[TC_SECTOR_SIZE_BIOS];
- device.SeekAt (0);
- device.Read (mbr, sizeof (mbr));
- memcpy (bootLoaderBuf + TC_MAX_MBR_BOOT_CODE_SIZE, mbr + TC_MAX_MBR_BOOT_CODE_SIZE, sizeof (mbr) - TC_MAX_MBR_BOOT_CODE_SIZE);
+ EfiBootInst.DeleteStartExec();
+ EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
- device.SeekAt (0);
- device.Write (bootLoaderBuf, sizeof (bootLoaderBuf));
+ EfiBootInst.DelFile(L"\\DcsBoot.efi");
+ EfiBootInst.DelFile(L"\\DcsInt.efi");
+ EfiBootInst.DelFile(L"\\DcsCfg.efi");
+ EfiBootInst.DelFile(L"\\LegacySpeaker.efi");
+ EfiBootInst.DelFile(L"\\DcsBoot");
+ EfiBootInst.DelFile(L"\\DcsProp");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsBoot.efi");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsInt.dcs");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsCfg.dcs");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\LegacySpeaker.dcs");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsBoot");
+ EfiBootInst.DelFile(L"\\EFI\\VeraCrypt\\DcsProp");
+ }
+ else
+ {
+ byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS];
+
+ File backupFile (GetSystemLoaderBackupPath(), true);
+ backupFile.CheckOpened(SRC_POS);
+ if (backupFile.Read (bootLoaderBuf, sizeof (bootLoaderBuf)) != sizeof (bootLoaderBuf))
+ throw ParameterIncorrect (SRC_POS);
+
+ Device device (GetSystemDriveConfiguration().DevicePath);
+ device.CheckOpened (SRC_POS);
+
+ // Preserve current partition table
+ byte mbr[TC_SECTOR_SIZE_BIOS];
+ device.SeekAt (0);
+ device.Read (mbr, sizeof (mbr));
+ memcpy (bootLoaderBuf + TC_MAX_MBR_BOOT_CODE_SIZE, mbr + TC_MAX_MBR_BOOT_CODE_SIZE, sizeof (mbr) - TC_MAX_MBR_BOOT_CODE_SIZE);
+
+ device.SeekAt (0);
+ device.Write (bootLoaderBuf, sizeof (bootLoaderBuf));
+ }
}
#endif // SETUP
@@ -2211,11 +3325,34 @@ namespace VeraCrypt
RegisterSystemFavoritesService (registerService, FALSE);
}
+ void BootEncryption::GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn)
+ {
+ SystemDriveConfiguration config = GetSystemDriveConfiguration ();
+ if (config.SystemPartition.IsGPT && pSdn)
+ {
+ if (!IsAdmin() && IsUacSupported())
+ {
+ Elevator::GetEfiBootDeviceNumber (pSdn);
+ }
+ else
+ {
+ finally_do ({ EfiBootInst.DismountBootPartition(); });
+ EfiBootInst.MountBootPartition(0);
+ memcpy (pSdn, EfiBootInst.GetStorageDeviceNumber(), sizeof (STORAGE_DEVICE_NUMBER));
+ }
+ }
+ else
+ {
+ SetLastError (ERROR_INVALID_PARAMETER);
+ throw SystemException (SRC_POS);
+ }
+ }
+
void BootEncryption::CheckRequirements ()
{
if (nCurrentOS == WIN_2000)
throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_CURRENT_OS", SRC_POS);
-
+
if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1)
throw ErrorException ("SYS_ENCRYPTION_UNSUPPORTED_ON_VISTA_SP0", SRC_POS);
@@ -2224,7 +3361,7 @@ namespace VeraCrypt
SystemDriveConfiguration config = GetSystemDriveConfiguration ();
- if (config.SystemPartition.IsGPT)
+ if (config.SystemPartition.IsGPT && !Is64BitOs())
throw ErrorException ("GPT_BOOT_DRIVE_UNSUPPORTED", SRC_POS);
if (SystemDriveIsDynamic())
@@ -2239,7 +3376,13 @@ namespace VeraCrypt
throw ErrorException ("SYSENC_UNSUPPORTED_SECTOR_SIZE_BIOS", SRC_POS);
bool activePartitionFound = false;
- if (!config.SystemPartition.IsGPT)
+ if (config.SystemPartition.IsGPT)
+ {
+ STORAGE_DEVICE_NUMBER sdn;
+ GetEfiBootDeviceNumber (&sdn);
+ activePartitionFound = (config.DriveNumber == (int) sdn.DeviceNumber);
+ }
+ else
{
// Determine whether there is an Active partition on the system drive
foreach (const Partition &partition, config.Partitions)
@@ -2300,7 +3443,7 @@ namespace VeraCrypt
if (!pagingFilesOk)
{
- if (AskWarnYesNoString ((wchar_t *) (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION"))
+ if (AskWarnYesNoString ((wchar_t *) (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION")
+ L"\n\n\n"
+ GetString ("RESTRICT_PAGING_FILES_TO_SYS_PARTITION")
@@ -2311,7 +3454,7 @@ namespace VeraCrypt
AbortProcessSilent();
}
- throw ErrorException (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION"))
+ throw ErrorException (wstring (GetString ("PAGING_FILE_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);
}
@@ -2319,14 +3462,14 @@ namespace VeraCrypt
wchar_t *configPath = GetConfigPath (L"dummy");
if (configPath && towupper (configPath[0]) != windowsDrive)
{
- throw ErrorException (wstring (GetString ("USER_PROFILE_NOT_ON_SYS_PARTITION"))
+ throw ErrorException (wstring (GetString ("USER_PROFILE_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);
}
// Temporary files
if (towupper (GetTempPathString()[0]) != windowsDrive)
{
- throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION"))
+ throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);
}
}
@@ -2343,19 +3486,21 @@ namespace VeraCrypt
SystemDriveConfiguration config = GetSystemDriveConfiguration ();
- if (encStatus.VolumeHeaderPresent)
- {
- // Verify CRC of header salt
- Device device (config.DevicePath, true);
- device.CheckOpened (SRC_POS);
- byte header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
+ if (!config.SystemPartition.IsGPT) {
+ if (encStatus.VolumeHeaderPresent)
+ {
+ // Verify CRC of header salt
+ Device device(config.DevicePath, true);
+ device.CheckOpened(SRC_POS);
+ byte header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
- device.SeekAt (TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET);
- device.Read (header, sizeof (header));
+ device.SeekAt(TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET);
+ device.Read(header, sizeof(header));
- if (encStatus.VolumeHeaderSaltCrc32 != GetCrc32 ((byte *) header, PKCS5_SALT_SIZE))
- throw ParameterIncorrect (SRC_POS);
- }
+ if (encStatus.VolumeHeaderSaltCrc32 != GetCrc32((byte *)header, PKCS5_SALT_SIZE))
+ throw ParameterIncorrect(SRC_POS);
+ }
+ }
try
{
@@ -2442,7 +3587,7 @@ namespace VeraCrypt
device.Read ((byte *) header, sizeof (header));
PCRYPTO_INFO cryptoInfo = NULL;
-
+
int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, FALSE, &cryptoInfo, NULL);
finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
@@ -2475,7 +3620,7 @@ namespace VeraCrypt
UserEnrichRandomPool (hwndDlg);
WaitCursor();
- /* The header will be re-encrypted wipePassCount times to prevent adversaries from using
+ /* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
@@ -2558,20 +3703,24 @@ namespace VeraCrypt
try
{
// check if PIM is stored in MBR
- byte userConfig;
- ReadBootSectorConfig (nullptr, 0, &userConfig);
- if (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ byte userConfig = 0;
+ if ( ReadBootSectorConfig (nullptr, 0, &userConfig)
+ && (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)
+ )
+ {
storedPimUpdateNeeded = true;
+ }
}
catch (...)
- {}
+ {
+ }
}
try
{
// force update of bootloader if fingerprint doesn't match or if the stored PIM changed
if (storedPimUpdateNeeded || !CheckBootloaderFingerprint (true))
- InstallBootLoader (device, true, false, pim);
+ InstallBootLoader (device, true, false, pim, cryptoInfo->pkcs5);
}
catch (...)
{}
@@ -2589,7 +3738,7 @@ namespace VeraCrypt
}
- void BootEncryption::Install (bool hiddenSystem)
+ void BootEncryption::Install (bool hiddenSystem, int hashAlgo)
{
BootEncryptionStatus encStatus = GetStatus();
if (encStatus.DriveMounted)
@@ -2597,7 +3746,7 @@ namespace VeraCrypt
try
{
- InstallBootLoader (false, hiddenSystem);
+ InstallBootLoader (false, hiddenSystem, -1, hashAlgo);
if (!hiddenSystem)
InstallVolumeHeader ();
@@ -2691,7 +3840,7 @@ namespace VeraCrypt
SelectedEncryptionAlgorithmId = ea;
SelectedPrfAlgorithmId = pkcs5;
CreateVolumeHeader (volumeSize, encryptedAreaStart, &password, ea, mode, pkcs5, pim);
-
+
if (!rescueIsoImagePath.empty())
CreateRescueIsoImage (true, rescueIsoImagePath);
}
@@ -2733,7 +3882,7 @@ namespace VeraCrypt
BootEncryptionSetupRequest request;
ZeroMemory (&request, sizeof (request));
-
+
request.SetupMode = SetupDecryption;
request.DiscardUnreadableEncryptedSectors = discardUnreadableEncryptedSectors;
@@ -2749,7 +3898,7 @@ namespace VeraCrypt
BootEncryptionSetupRequest request;
ZeroMemory (&request, sizeof (request));
-
+
request.SetupMode = SetupEncryption;
request.WipeAlgorithm = wipeAlgorithm;
request.ZeroUnreadableSectors = zeroUnreadableSectors;
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index d75b650c..dd8346d7 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -18,6 +18,16 @@
#include "Exception.h"
#include "Platform/PlatformBase.h"
#include "Volumes.h"
+#include <Winternl.h>
+
+#define SYSPARTITIONINFORMATION 0x62
+
+typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
+ SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ PVOID SystemInformation,
+ ULONG SystemInformationLength,
+ PULONG ReturnLength
+);
using namespace std;
@@ -26,7 +36,7 @@ namespace VeraCrypt
class File
{
public:
- File () : Elevated (false), FileOpen (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { }
+ File () : Elevated (false), FileOpen (false), ReadOnly (false), FilePointerPosition(0), Handle(INVALID_HANDLE_VALUE), IsDevice(false), LastError(0) { }
File (wstring path,bool readOnly = false, bool create = false);
virtual ~File () { Close(); }
@@ -35,10 +45,13 @@ namespace VeraCrypt
DWORD Read (byte *buffer, DWORD size);
void Write (byte *buffer, DWORD size);
void SeekAt (int64 position);
+ void GetFileSize (unsigned __int64& size);
+ bool IoCtl(DWORD code, void* inBuf, DWORD inBufSize, void* outBuf, DWORD outBufSize);
protected:
bool Elevated;
bool FileOpen;
+ bool ReadOnly;
uint64 FilePointerPosition;
HANDLE Handle;
bool IsDevice;
@@ -131,6 +144,67 @@ namespace VeraCrypt
bool SystemLoaderPresent;
};
+ class EfiBootConf
+ {
+ public:
+
+ int passwordType;
+ string passwordMsg;
+ string passwordPicture;
+ string hashMsg;
+ int hashAlgo;
+ int requestHash;
+ string pimMsg;
+ int pim;
+ int requestPim;
+ int authorizeVisible;
+ int authorizeRetry;
+
+ EfiBootConf();
+
+ static BOOL ReadConfigValue (char* configContent, const char *configKey, char *configValue, int maxValueSize);
+ static int ReadConfigInteger (char* configContent, const char *configKey, int defaultValue);
+ static char *ReadConfigString (char* configContent, const char *configKey, char *defaultValue, char *str, int maxLen);
+ static BOOL WriteConfigString (FILE* configFile, char* configContent, const char *configKey, const char *configValue);
+ static BOOL WriteConfigInteger (FILE* configFile, char* configContent, const char *configKey, int configValue);
+ BOOL Load (const wchar_t* fileName);
+ void Load (char* configContent);
+ BOOL Save (const wchar_t* fileName, HWND hwnd);
+ };
+
+ class EfiBoot {
+ public:
+ EfiBoot();
+
+ void MountBootPartition(WCHAR letter);
+ void DismountBootPartition();
+ bool IsEfiBoot();
+
+ void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);
+ void SetStartExec(wstring description, wstring execPath, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);
+ void SaveFile(wchar_t* name, byte* data, DWORD size);
+ void GetFileSize(const wchar_t* name, unsigned __int64& size);
+ void ReadFile(const wchar_t* name, byte* data, DWORD size);
+ void CopyFile(const wchar_t* name, const wchar_t* targetName);
+
+ BOOL RenameFile(wchar_t* name, wchar_t* nameNew, BOOL bForce);
+ BOOL DelFile(wchar_t* name);
+ BOOL MkDir(wchar_t* name, bool& bAlreadyExists);
+ BOOL ReadConfig (wchar_t* name, EfiBootConf& conf);
+ BOOL UpdateConfig (wchar_t* name, int pim, int hashAlgo, HWND hwndDlg);
+ BOOL WriteConfig (wchar_t* name, bool preserveUserConfig, int pim, int hashAlgo, const char* passPromptMsg, HWND hwndDlg);
+
+ PSTORAGE_DEVICE_NUMBER GetStorageDeviceNumber () { return &sdn;}
+
+ protected:
+ bool m_bMounted;
+ WCHAR EfiBootPartPath[3];
+ STORAGE_DEVICE_NUMBER sdn;
+ PARTITION_INFORMATION_EX partInfo;
+ WCHAR tempBuf[1024];
+ WCHAR systemPartitionPath[MAX_PATH];
+ };
+
class BootEncryption
{
public:
@@ -168,9 +242,9 @@ namespace VeraCrypt
BootEncryptionStatus GetStatus ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration ();
- void Install (bool hiddenSystem);
- void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1);
- void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false);
+ void Install (bool hiddenSystem, int hashAlgo);
+ void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
+ void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false, int pim = -1, int hashAlg = -1);
bool CheckBootloaderFingerprint (bool bSilent = false);
void InvalidateCachedSysDriveProperties ();
bool IsCDRecorderPresent ();
@@ -179,8 +253,9 @@ namespace VeraCrypt
void PrepareHiddenOSCreation (int ea, int mode, int pkcs5);
void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath);
void ProbeRealSystemDriveSize ();
- void ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
+ bool ReadBootSectorConfig (byte *config, size_t bufLength, byte *userConfig = nullptr, string *customUserMessage = nullptr, uint16 *bootLoaderVersion = nullptr);
uint32 ReadDriverConfigurationFlags ();
+ void ReadEfiConfig (byte* confContent, DWORD maxSize, DWORD* pcbRead);
void RegisterBootDriver (bool hiddenSystem);
void RegisterFilterDriver (bool registerDriver, FilterType filterType);
void RegisterSystemFavoritesService (BOOL registerService);
@@ -206,13 +281,16 @@ namespace VeraCrypt
void WipeHiddenOSCreationConfig ();
void WriteBootDriveSector (uint64 offset, byte *data);
void WriteBootSectorConfig (const byte newConfig[]);
- void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim);
+ void WriteBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
+ void WriteEfiBootSectorUserConfig (byte userConfig, const string &customUserMessage, int pim, int hashAlg);
void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value);
+ void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn);
+ void BackupSystemLoader ();
+ void RestoreSystemLoader ();
protected:
static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image
- void BackupSystemLoader ();
void CreateBootLoaderInMemory (byte *buffer, size_t bufferSize, bool rescueDisk, bool hiddenOSCreation = false);
void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim);
wstring GetSystemLoaderBackupPath ();
@@ -221,8 +299,7 @@ namespace VeraCrypt
PartitionList GetDrivePartitions (int driveNumber);
wstring GetRemarksOnHiddenOS ();
wstring GetWindowsDirectory ();
- void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr);
- void RestoreSystemLoader ();
+ void RegisterFilter (bool registerFilter, FilterType filterType, const GUID *deviceClassGuid = nullptr);
void InstallVolumeHeader ();
HWND ParentWindow;
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 31be6b90..30571260 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -114,9 +114,9 @@ BOOL bMountFavoritesOnLogon = FALSE;
BOOL bHistory = FALSE;
-// Status of detection of hidden sectors (whole-system-drive encryption).
+// Status of detection of hidden sectors (whole-system-drive encryption).
// 0 - Unknown/undetermined/completed, 1: Detection is or was in progress (but did not complete e.g. due to system crash).
-int HiddenSectorDetectionStatus = 0;
+int HiddenSectorDetectionStatus = 0;
OSVersionEnum nCurrentOS = WIN_UNKNOWN;
int CurrentOSMajor = 0;
@@ -129,7 +129,7 @@ BOOL bPortableModeConfirmed = FALSE; // TRUE if it is certain that the instance
BOOL bInPlaceEncNonSysPending = FALSE; // TRUE if the non-system in-place encryption config file indicates that one or more partitions are scheduled to be encrypted. This flag is set only when config files are loaded during app startup.
-/* Globals used by Mount and Format (separately per instance) */
+/* Globals used by Mount and Format (separately per instance) */
BOOL PimEnable = FALSE;
BOOL KeyFilesEnable = FALSE;
KeyFile *FirstKeyFile = NULL;
@@ -148,7 +148,7 @@ BOOL WaitDialogDisplaying = FALSE;
HANDLE hDriver = INVALID_HANDLE_VALUE;
/* This mutex is used to prevent multiple instances of the wizard or main app from dealing with system encryption */
-volatile HANDLE hSysEncMutex = NULL;
+volatile HANDLE hSysEncMutex = NULL;
/* This mutex is used for non-system in-place encryption but only for informative (non-blocking) purposes,
such as whether an app should prompt the user whether to resume scheduled process. */
@@ -172,7 +172,7 @@ ATOM hDlgClass, hSplashClass;
/* This value may changed only by calling ChangeSystemEncryptionStatus(). Only the wizard can change it
(others may still read it though). */
-int SystemEncryptionStatus = SYSENC_STATUS_NONE;
+int SystemEncryptionStatus = SYSENC_STATUS_NONE;
/* Only the wizard can change this value (others may only read it). */
WipeAlgorithmId nWipeMode = TC_WIPE_NONE;
@@ -329,7 +329,7 @@ enum
BENCHMARK_SORT_BY_SPEED
};
-typedef struct
+typedef struct
{
int id;
wchar_t name[100];
@@ -352,7 +352,7 @@ BOOL benchmarkGPT = FALSE;
#endif // #ifndef SETUP
-typedef struct
+typedef struct
{
void *strings;
BOOL bold;
@@ -745,7 +745,7 @@ BOOL IsDiskError (DWORD error)
DWORD handleWin32Error (HWND hwndDlg, const char* srcPos)
{
PWSTR lpMsgBuf;
- DWORD dwError = GetLastError ();
+ DWORD dwError = GetLastError ();
wchar_t szErrorValue[32];
wchar_t* pszDesc;
@@ -868,7 +868,7 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)
{
SIZE sizes;
TEXTMETRIC textMetrics;
- HDC hdc = GetDC (hwndDlgItem);
+ HDC hdc = GetDC (hwndDlgItem);
SelectObject(hdc, (HGDIOBJ) hFont);
@@ -876,7 +876,7 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)
GetTextMetrics(hdc, &textMetrics); // Necessary for non-TrueType raster fonts (tmOverhang)
- ReleaseDC (hwndDlgItem, hdc);
+ ReleaseDC (hwndDlgItem, hdc);
return ((int) sizes.cx - (int) textMetrics.tmOverhang);
}
@@ -885,13 +885,13 @@ int GetTextGfxWidth (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)
int GetTextGfxHeight (HWND hwndDlgItem, const wchar_t *text, HFONT hFont)
{
SIZE sizes;
- HDC hdc = GetDC (hwndDlgItem);
+ HDC hdc = GetDC (hwndDlgItem);
SelectObject(hdc, (HGDIOBJ) hFont);
GetTextExtentPoint32W (hdc, text, (int) wcslen (text), &sizes);
- ReleaseDC (hwndDlgItem, hdc);
+ ReleaseDC (hwndDlgItem, hdc);
return ((int) sizes.cy);
}
@@ -907,7 +907,7 @@ std::wstring FitPathInGfxWidth (HWND hwnd, HFONT hFont, LONG width, const std::w
rect.right = width;
rect.bottom = LONG_MAX;
- HDC hdc = GetDC (hwnd);
+ HDC hdc = GetDC (hwnd);
SelectObject (hdc, (HGDIOBJ) hFont);
wchar_t pathBuf[TC_MAX_PATH];
@@ -916,7 +916,7 @@ std::wstring FitPathInGfxWidth (HWND hwnd, HFONT hFont, LONG width, const std::w
if (DrawText (hdc, pathBuf, (int) path.size(), &rect, DT_CALCRECT | DT_MODIFYSTRING | DT_PATH_ELLIPSIS | DT_SINGLELINE) != 0)
newPath = pathBuf;
- ReleaseDC (hwnd, hdc);
+ ReleaseDC (hwnd, hdc);
return newPath;
}
@@ -996,12 +996,12 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h
width = GetTextGfxWidth (hwndCtrl, text, hFont);
height = GetTextGfxHeight (hwndCtrl, text, hFont);
- GetClientRect (hwndCtrl, &rec);
+ GetClientRect (hwndCtrl, &rec);
origWidth = rec.right;
origHeight = rec.bottom;
if (width >= 0
- && (!bFirstUpdate || origWidth > width)) // The original width of the field is the maximum allowed size
+ && (!bFirstUpdate || origWidth > width)) // The original width of the field is the maximum allowed size
{
horizSubOffset = origWidth - width;
vertSubOffset = origHeight - height;
@@ -1024,7 +1024,7 @@ void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT h
alignPosDiff = horizSubOffset / 2;
else if (windowInfo.dwStyle & SS_RIGHT)
alignPosDiff = horizSubOffset;
-
+
// Resize/move
if (alignPosDiff > 0)
{
@@ -1079,7 +1079,7 @@ static LRESULT CALLBACK BootPwdFieldProc (HWND hwnd, UINT message, WPARAM wParam
// Protects an input field from having its content updated by a Paste action. Used for pre-boot password
-// input fields (only the US keyboard layout is supported in pre-boot environment so we must prevent the
+// input fields (only the US keyboard layout is supported in pre-boot environment so we must prevent the
// user from pasting a password typed using a non-US keyboard layout).
void ToBootPwdField (HWND hwndDlg, UINT ctrlId)
{
@@ -1106,7 +1106,7 @@ BOOL CALLBACK AuxiliaryDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP
if (hDC)
{
ScreenDPI = GetDeviceCaps (hDC, LOGPIXELSY);
- ReleaseDC (hwndDlg, hDC);
+ ReleaseDC (hwndDlg, hDC);
}
DPIScaleFactorX = 1;
@@ -1115,7 +1115,7 @@ BOOL CALLBACK AuxiliaryDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP
if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)
{
- // Windows skews the GUI aspect ratio if the user has a non-default DPI. Hence, working with
+ // Windows skews the GUI aspect ratio if the user has a non-default DPI. Hence, working with
// actual screen DPI is redundant and leads to incorrect results. What really matters here is
// how Windows actually renders our GUI. This is determined by comparing the expected and current
// sizes of a hidden calibration text field.
@@ -1174,7 +1174,7 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam
GetClientRect (GetDlgItem (hwndDlg, IDC_ABOUT_LOGO_AREA), &rec);
SetWindowPos (GetDlgItem (hwndDlg, IDC_ABOUT_BKG), HWND_TOP, 0, 0, rec.right, rec.bottom, SWP_NOMOVE);
- // Resize the logo bitmap if the user has a non-default DPI
+ // Resize the logo bitmap if the user has a non-default DPI
if (ScreenDPI != USER_DEFAULT_SCREEN_DPI)
{
// Logo (must recreate and keep the original aspect ratio as Windows distorts it)
@@ -1490,7 +1490,7 @@ void InitDialog (HWND hwndDlg)
void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess)
{
MSG paintMsg;
- int msgCounter = maxMessagesToProcess;
+ int msgCounter = maxMessagesToProcess;
while (PeekMessageW (&paintMsg, hwnd, 0, 0, PM_REMOVE | PM_QS_PAINT) != 0 && msgCounter-- > 0)
{
@@ -1518,16 +1518,16 @@ HDC CreateMemBitmap (HINSTANCE hInstance, HWND hwnd, wchar_t *resource)
}
-/* Renders the specified bitmap at the specified location and stretches it to fit (anti-aliasing is applied).
+/* Renders the specified bitmap at the specified location and stretches it to fit (anti-aliasing is applied).
If bDirectRender is FALSE and both nWidth and nHeight are zero, the width and height of hwndDest are
retrieved and adjusted according to screen DPI (the width and height of the resultant image are adjusted the
same way); furthermore, if bKeepAspectRatio is TRUE, the smaller DPI factor of the two (i.e. horiz. or vert.)
is used both for horiz. and vert. scaling (note that the overall GUI aspect ratio changes irregularly in
-both directions depending on the DPI). If bDirectRender is TRUE, bKeepAspectRatio is ignored.
+both directions depending on the DPI). If bDirectRender is TRUE, bKeepAspectRatio is ignored.
This function returns a handle to the scaled bitmap. When the bitmap is no longer needed, it should be
-deleted by calling DeleteObject() with the handle passed as the parameter.
-Known Windows issues:
-- For some reason, anti-aliasing is not applied if the source bitmap contains less than 16K pixels.
+deleted by calling DeleteObject() with the handle passed as the parameter.
+Known Windows issues:
+- For some reason, anti-aliasing is not applied if the source bitmap contains less than 16K pixels.
- Windows 2000 may produce slightly inaccurate colors even when source, buffer, and target are 24-bit true color. */
HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth, int nHeight, BOOL bDirectRender, BOOL bKeepAspectRatio)
{
@@ -1576,11 +1576,11 @@ HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth
GetObject (picture, sizeof (BITMAP), &bitmap);
- hdcRescaled = CreateCompatibleDC (hdcSrc);
+ hdcRescaled = CreateCompatibleDC (hdcSrc);
if (hdcRescaled)
{
- hbmpRescaled = CreateCompatibleBitmap (hdcSrc, nWidth, nHeight);
+ hbmpRescaled = CreateCompatibleBitmap (hdcSrc, nWidth, nHeight);
SelectObject (hdcRescaled, hbmpRescaled);
@@ -1596,7 +1596,7 @@ HBITMAP RenderBitmap (wchar_t *resource, HWND hwndDest, int x, int y, int nWidth
hdcSrc,
0,
0,
- bitmap.bmWidth,
+ bitmap.bmWidth,
bitmap.bmHeight,
SRCCOPY);
@@ -1705,8 +1705,8 @@ RegisterRedTick (HINSTANCE hInstance)
wc.hCursor = NULL;
wc.hbrBackground = (HBRUSH) GetStockObject (LTGRAY_BRUSH);
wc.lpszClassName = L"VCREDTICK";
- wc.lpfnWndProc = &RedTick;
-
+ wc.lpfnWndProc = &RedTick;
+
rc = (ULONG) RegisterClassW (&wc);
return rc == 0 ? FALSE : TRUE;
@@ -1823,7 +1823,7 @@ void PopulateWipeModeCombo (HWND hComboBox, BOOL bNA, BOOL bInPlaceEncryption, B
{
if (!bHeaderWipe)
{
- AddComboPair (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
+ AddComboPair (hComboBox, GetString ("WIPE_MODE_NONE"), TC_WIPE_NONE);
}
AddComboPair (hComboBox, GetString ("WIPE_MODE_1_RAND"), TC_WIPE_1_RAND);
@@ -2090,7 +2090,7 @@ void ExceptionHandlerThread (void *threadArg)
else
lpack[0] = 0;
-
+
sprintf (url, TC_APPLINK_SECURE "&dest=err-report%s&os=%s&osver=%d.%d.%d&arch=%s&cpus=%d&app=%s&cksum=%x&dlg=%s&err=%x&addr=%x"
, lpack
, GetWindowsEdition().c_str()
@@ -2157,9 +2157,48 @@ static LRESULT CALLBACK NonInstallUacWndProc (HWND hWnd, UINT message, WPARAM wP
return DefWindowProcW (hWnd, message, wParam, lParam);
}
+BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args)
+{
+ wchar_t newCmdLine[4096];
+ WNDCLASSEXW wcex;
+ HWND hWnd;
+
+ memset (&wcex, 0, sizeof (wcex));
+ wcex.cbSize = sizeof(WNDCLASSEX);
+ wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc;
+ wcex.hInstance = hInst;
+ wcex.lpszClassName = L"VeraCrypt";
+ RegisterClassExW (&wcex);
+
+ // A small transparent window is necessary to bring the new instance to foreground
+ hWnd = CreateWindowExW (WS_EX_TOOLWINDOW | WS_EX_LAYERED,
+ L"VeraCrypt", L"VeraCrypt", 0,
+ GetSystemMetrics (SM_CXSCREEN)/2,
+ GetSystemMetrics (SM_CYSCREEN)/2,
+ 1, 1, NULL, NULL, hInst, NULL);
+
+ SetLayeredWindowAttributes (hWnd, 0, 0, LWA_ALPHA);
+ ShowWindow (hWnd, SW_SHOWNORMAL);
+
+ StringCbCopyW (newCmdLine, sizeof(newCmdLine), L"/q UAC ");
+ StringCbCatW (newCmdLine, sizeof (newCmdLine), args);
+
+ if ((int)ShellExecuteW (hWnd, L"runas", szModPath, newCmdLine, NULL, SW_SHOWNORMAL) <= 32)
+ {
+ if (hwndDlg)
+ handleWin32Error (hwndDlg, SRC_POS);
+ return FALSE;
+ }
+ else
+ {
+ Sleep (2000);
+ return TRUE;
+ }
+}
+
// Mutex handling to prevent multiple instances of the wizard or main app from dealing with system encryption.
-// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
+// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
BOOL CreateSysEncMutex (void)
{
return TCCreateMutex (&hSysEncMutex, TC_MUTEX_NAME_SYSENC);
@@ -2179,7 +2218,7 @@ void CloseSysEncMutex (void)
}
-// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
+// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
BOOL CreateNonSysInplaceEncMutex (void)
{
return TCCreateMutex (&hNonSysInplaceEncMutex, TC_MUTEX_NAME_NONSYS_INPLACE_ENC);
@@ -2201,14 +2240,14 @@ void CloseNonSysInplaceEncMutex (void)
// Returns TRUE if another instance of the wizard is preparing, resuming or performing non-system in-place encryption
BOOL NonSysInplaceEncInProgressElsewhere (void)
{
- return (!InstanceHasNonSysInplaceEncMutex ()
+ return (!InstanceHasNonSysInplaceEncMutex ()
&& MutexExistsOnSystem (TC_MUTEX_NAME_NONSYS_INPLACE_ENC));
}
// Mutex handling to prevent multiple instances of the wizard or main app from trying to install
// or register the driver or from trying to launch it in portable mode at the same time.
-// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
+// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
BOOL CreateDriverSetupMutex (void)
{
return TCCreateMutex (&hDriverSetupMutex, TC_MUTEX_NAME_DRIVER_SETUP);
@@ -2239,7 +2278,7 @@ BOOL IsTrueCryptInstallerRunning (void)
}
-// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
+// Returns TRUE if the mutex is (or had been) successfully acquired (otherwise FALSE).
BOOL TCCreateMutex (volatile HANDLE *hMutex, wchar_t *name)
{
if (*hMutex != NULL)
@@ -2279,7 +2318,7 @@ void TCCloseMutex (volatile HANDLE *hMutex)
}
-// Returns TRUE if a process running on the system has the specified mutex (otherwise FALSE).
+// Returns TRUE if a process running on the system has the specified mutex (otherwise FALSE).
BOOL MutexExistsOnSystem (wchar_t *name)
{
if (name[0] == 0)
@@ -2293,7 +2332,7 @@ BOOL MutexExistsOnSystem (wchar_t *name)
return FALSE;
if (GetLastError () == ERROR_ACCESS_DENIED) // On Vista, this is returned if the owner of the mutex is elevated while we are not
- return TRUE;
+ return TRUE;
// The call failed and it is not certain whether the mutex exists or not
return FALSE;
@@ -2565,8 +2604,8 @@ static void LoadSystemDll (LPCTSTR szModuleName, HMODULE *pHandle, BOOL bIgnoreE
void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
{
WNDCLASSW wc;
- char langId[6];
- InitCommonControlsPtr InitCommonControlsFn = NULL;
+ char langId[6];
+ InitCommonControlsPtr InitCommonControlsFn = NULL;
/* remove current directory from dll search path */
SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW");
@@ -2580,7 +2619,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
if (SetDefaultDllDirectoriesFn)
SetDefaultDllDirectoriesFn (LOAD_LIBRARY_SEARCH_SYSTEM32);
- InitOSVersionInfo();
+ InitOSVersionInfo();
VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin));
@@ -2604,9 +2643,9 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
LoadSystemDll (L"dwmapi.dll", &hdwmapidll, TRUE, SRC_POS);
LoadSystemDll (L"UXTheme.dll", &hUXThemeDll, TRUE, SRC_POS);
- LoadSystemDll (L"msls31.dll", &hMsls31, TRUE, SRC_POS);
+ LoadSystemDll (L"msls31.dll", &hMsls31, TRUE, SRC_POS);
LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll, FALSE, SRC_POS);
- LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll, FALSE, SRC_POS);
+ LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll, FALSE, SRC_POS);
LoadSystemDll (L"userenv.dll", &hUserenvDll, TRUE, SRC_POS);
LoadSystemDll (L"rsaenh.dll", &hRsaenhDll, TRUE, SRC_POS);
@@ -2623,7 +2662,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
}
if (IsOSAtLeast (WIN_VISTA))
- {
+ {
LoadSystemDll (L"netapi32.dll", &hnetapi32dll, TRUE, SRC_POS);
LoadSystemDll (L"authz.dll", &hauthzdll, TRUE, SRC_POS);
LoadSystemDll (L"xmllite.dll", &hxmllitedll, TRUE, SRC_POS);
@@ -2631,7 +2670,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
}
if (IsOSAtLeast (WIN_VISTA))
- {
+ {
LoadSystemDll (L"atl.dll", &hsppdll, TRUE, SRC_POS);
LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS);
LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS);
@@ -2648,15 +2687,15 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
LoadSystemDll (L"crypt32.dll", &hcrypt32dll, TRUE, SRC_POS);
LoadSystemDll (L"bcrypt.dll", &hbcryptdll, TRUE, SRC_POS);
- LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS);
+ LoadSystemDll (L"bcryptprimitives.dll", &hbcryptprimitivesdll, TRUE, SRC_POS);
}
- }
+ }
#else
LoadSystemDll (L"WINSCARD.DLL", &hwinscarddll, TRUE, SRC_POS);
#endif
LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll, FALSE, SRC_POS);
-
+
// call InitCommonControls function
InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");
ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");
@@ -2717,7 +2756,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
// Language
langId[0] = 0;
SetPreferredLangId (ConfigReadString ("Language", "", langId, sizeof (langId)));
-
+
if (langId[0] == 0)
{
if (IsNonInstallMode ())
@@ -2742,9 +2781,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
// A new instance of the application must be created with elevated privileges.
if (IsNonInstallMode () && !IsAdmin () && IsUacSupported ())
{
- wchar_t modPath[MAX_PATH], newCmdLine[4096];
- WNDCLASSEXW wcex;
- HWND hWnd;
+ wchar_t modPath[MAX_PATH];
if (wcsstr (lpszCommandLine, L"/q UAC ") == lpszCommandLine)
{
@@ -2752,33 +2789,12 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
exit (1);
}
- memset (&wcex, 0, sizeof (wcex));
- wcex.cbSize = sizeof(WNDCLASSEX);
- wcex.lpfnWndProc = (WNDPROC) NonInstallUacWndProc;
- wcex.hInstance = hInstance;
- wcex.lpszClassName = L"VeraCrypt";
- RegisterClassExW (&wcex);
-
- // A small transparent window is necessary to bring the new instance to foreground
- hWnd = CreateWindowExW (WS_EX_TOOLWINDOW | WS_EX_LAYERED,
- L"VeraCrypt", L"VeraCrypt", 0,
- GetSystemMetrics (SM_CXSCREEN)/2,
- GetSystemMetrics (SM_CYSCREEN)/2,
- 1, 1, NULL, NULL, hInstance, NULL);
-
- SetLayeredWindowAttributes (hWnd, 0, 0, LWA_ALPHA);
- ShowWindow (hWnd, SW_SHOWNORMAL);
-
GetModuleFileNameW (NULL, modPath, ARRAYSIZE (modPath));
- StringCbCopyW (newCmdLine, sizeof(newCmdLine), L"/q UAC ");
- StringCbCatW (newCmdLine, sizeof (newCmdLine), lpszCommandLine);
-
- if ((int)ShellExecuteW (hWnd, L"runas", modPath, newCmdLine, NULL, SW_SHOWNORMAL) <= 32)
+ if (LaunchElevatedProcess (NULL, modPath, lpszCommandLine))
+ exit (0);
+ else
exit (1);
-
- Sleep (2000);
- exit (0);
}
#endif
@@ -2831,7 +2847,7 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
break;
}
}
-
+
/* Get the attributes for the standard dialog class */
if ((GetClassInfoW (hInst, WINDOWS_DIALOG_CLASS, &wc)) == 0)
{
@@ -3022,7 +3038,7 @@ BOOL OpenDevice (const wchar_t *lpszPath, OPEN_TEST_STRUCT *driver, BOOL detectF
&dwResult, NULL);
// check variable driver
- if ( bResult
+ if ( bResult
&& ( (driver->bDetectTCBootLoader != TRUE && driver->bDetectTCBootLoader != FALSE) ||
(driver->TCBootLoaderDetected != TRUE && driver->TCBootLoaderDetected != FALSE) ||
(driver->DetectFilesystem != TRUE && driver->DetectFilesystem != FALSE) ||
@@ -3048,7 +3064,7 @@ BOOL OpenDevice (const wchar_t *lpszPath, OPEN_TEST_STRUCT *driver, BOOL detectF
else
return FALSE;
}
-
+
return TRUE;
}
@@ -3076,10 +3092,10 @@ BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize)
/* Stores the device path of the system partition in SysPartitionDevicePath and the device path of the system drive
in SysDriveDevicePath.
-IMPORTANT: As this may take a very long time if called for the first time, it should be called only before performing
- a dangerous operation (such as header backup restore or formatting a supposedly non-system device) never
- at WM_INITDIALOG or any other GUI events -- instead call IsSystemDevicePath (path, hwndDlg, FALSE) for
- very fast preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK
+IMPORTANT: As this may take a very long time if called for the first time, it should be called only before performing
+ a dangerous operation (such as header backup restore or formatting a supposedly non-system device) never
+ at WM_INITDIALOG or any other GUI events -- instead call IsSystemDevicePath (path, hwndDlg, FALSE) for
+ very fast preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK
return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the user
selected the system partition/device.
After this function completes successfully, the results are cached for the rest of the session and repeated
@@ -3087,13 +3103,13 @@ executions complete very fast. Returns TRUE if successful (otherwise FALSE). */
BOOL GetSysDevicePaths (HWND hwndDlg)
{
if (!bCachedSysDevicePathsValid
- || wcslen (SysPartitionDevicePath) <= 1
+ || wcslen (SysPartitionDevicePath) <= 1
|| wcslen (SysDriveDevicePath) <= 1)
{
foreach (const HostDevice &device, GetAvailableHostDevices (false, true))
{
if (device.ContainsSystem)
- StringCchCopyW (device.IsPartition ? SysPartitionDevicePath : SysDriveDevicePath, TC_MAX_PATH, device.Path.c_str());
+ StringCchCopyW (device.IsPartition ? SysPartitionDevicePath : SysDriveDevicePath, TC_MAX_PATH, device.Path.c_str());
}
if (IsOSAtLeast (WIN_7))
@@ -3120,24 +3136,24 @@ BOOL GetSysDevicePaths (HWND hwndDlg)
bCachedSysDevicePathsValid = 1;
}
- return (bCachedSysDevicePathsValid
- && wcslen (SysPartitionDevicePath) > 1
+ return (bCachedSysDevicePathsValid
+ && wcslen (SysPartitionDevicePath) > 1
&& wcslen (SysDriveDevicePath) > 1);
}
-/* Determines whether the device path is the path of the system partition or of the system drive (or neither).
-If bReliableRequired is TRUE, very fast execution is guaranteed, but the results cannot be relied upon.
+/* Determines whether the device path is the path of the system partition or of the system drive (or neither).
+If bReliableRequired is TRUE, very fast execution is guaranteed, but the results cannot be relied upon.
If it's FALSE and the function is called for the first time, execution may take up to one minute but the
results are reliable.
IMPORTANT: As the execution may take a very long time if called for the first time with bReliableRequired set
to TRUE, it should be called with bReliableRequired set to TRUE only before performing a dangerous
- operation (such as header backup restore or formatting a supposedly non-system device) never at
- WM_INITDIALOG or any other GUI events (use IsSystemDevicePath(path, hwndDlg, FALSE) for fast
- preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK
+ operation (such as header backup restore or formatting a supposedly non-system device) never at
+ WM_INITDIALOG or any other GUI events (use IsSystemDevicePath(path, hwndDlg, FALSE) for fast
+ preliminary GUI checks; also note that right after the "Select Device" dialog exits with an OK
return code, you can use the global flags bSysPartitionSelected and bSysDriveSelected to see if the
user selected the system partition/device).
After this function completes successfully, the results are cached for the rest of the session, bReliableRequired
-is ignored (TRUE implied), repeated executions complete very fast, and the results are always reliable.
+is ignored (TRUE implied), repeated executions complete very fast, and the results are always reliable.
Return codes:
1 - it is the system partition path (e.g. \Device\Harddisk0\Partition1)
2 - it is the system drive path (e.g. \Device\Harddisk0\Partition0)
@@ -3172,10 +3188,10 @@ int IsSystemDevicePath (const wchar_t *path, HWND hwndDlg, BOOL bReliableRequire
/* Determines whether the path points to a non-system partition on the system drive.
IMPORTANT: As this may take a very long time if called for the first time, it should be called
- only before performing a dangerous operation, never at WM_INITDIALOG or any other GUI events.
+ only before performing a dangerous operation, never at WM_INITDIALOG or any other GUI events.
Return codes:
-0 - it isn't a non-system partition on the system drive
-1 - it's a non-system partition on the system drive
+0 - it isn't a non-system partition on the system drive
+1 - it's a non-system partition on the system drive
-1 - the result can't be determined, isn't reliable, or there was an error. */
int IsNonSysPartitionOnSysDrive (const wchar_t *path)
{
@@ -3215,12 +3231,12 @@ int IsNonSysPartitionOnSysDrive (const wchar_t *path)
if (wcsncmp (tmpPath, SysDriveDevicePath, max (wcslen(tmpPath), wcslen(SysDriveDevicePath))) == 0)
{
- // It is a non-system partition on the system drive
+ // It is a non-system partition on the system drive
return 1;
}
- else
+ else
{
- // The partition is not on the system drive
+ // The partition is not on the system drive
return 0;
}
}
@@ -3465,17 +3481,17 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
LocalizeDialog (hwndDlg, "IDD_RAWDEVICES_DLG");
SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,
- LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_TWOCLICKACTIVATE|LVS_EX_LABELTIP
- );
+ LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_TWOCLICKACTIVATE|LVS_EX_LABELTIP
+ );
- memset (&LvCol,0,sizeof(LvCol));
- LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT;
+ memset (&LvCol,0,sizeof(LvCol));
+ LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT;
LvCol.pszText = GetString ("DEVICE");
LvCol.cx = CompensateXDPI (186);
LvCol.fmt = LVCFMT_LEFT;
SendMessage (hList,LVM_INSERTCOLUMNW,0,(LPARAM)&LvCol);
- LvCol.pszText = GetString ("DRIVE");
+ LvCol.pszText = GetString ("DRIVE");
LvCol.cx = CompensateXDPI (38);
LvCol.fmt = LVCFMT_LEFT;
SendMessage (hList,LVM_INSERTCOLUMNW,1,(LPARAM)&LvCol);
@@ -3529,7 +3545,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
// Path
if (!device.IsPartition || device.DynamicVolume)
{
- if (!device.Floppy && (device.Size == 0)
+ if (!device.Floppy && (device.Size == 0)
&& (device.IsPartition || device.Partitions.empty() || device.Partitions[0].Size == 0)
)
continue;
@@ -3537,7 +3553,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
if (line > 1)
{
ListItemAdd (hList, item.iItem, L"");
- item.iItem = line++;
+ item.iItem = line++;
}
if (device.Floppy || device.DynamicVolume)
@@ -3590,7 +3606,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
}
#endif
- item.iItem = line++;
+ item.iItem = line++;
}
SendMessageW(hList, LVM_SETCOLUMNWIDTH, 0, MAKELPARAM(LVSCW_AUTOSIZE_USEHEADER, 0));
@@ -3613,8 +3629,8 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
{
BOOL bEnableOkButton = FALSE;
LVITEM LvItem;
- memset(&LvItem,0,sizeof(LvItem));
- LvItem.mask = LVIF_TEXT | LVIF_PARAM;
+ memset(&LvItem,0,sizeof(LvItem));
+ LvItem.mask = LVIF_TEXT | LVIF_PARAM;
LvItem.iItem = ((LPNMLISTVIEW) lParam)->iItem;
LvItem.pszText = lpszFileName;
LvItem.cchTextMax = TC_MAX_PATH;
@@ -3647,7 +3663,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
int selectedItem = ListView_GetSelectionMark (GetDlgItem (hwndDlg, IDC_DEVICELIST));
if (selectedItem == -1 || itemToDeviceMap.find (selectedItem) == itemToDeviceMap.end())
- return 1; // non-device line selected
+ return 1; // non-device line selected
const HostDevice selectedDevice = itemToDeviceMap[selectedItem];
StringCchCopyW (lpszFileName, TC_MAX_PATH, selectedDevice.Path.c_str());
@@ -3760,7 +3776,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
}
}
- // Disallow format if the device contains partitions, but not if the partition is virtual or system
+ // Disallow format if the device contains partitions, but not if the partition is virtual or system
if (!selectedDevice.IsVirtualPartition
&& !bHiddenVolDirect)
{
@@ -3781,7 +3797,7 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
#endif // #ifdef VOLFORMAT
}
- else
+ else
bSysDriveSelected = FALSE;
#ifdef VOLFORMAT
@@ -3958,7 +3974,7 @@ BOOL DriverUnload ()
if (hDriver == INVALID_HANDLE_VALUE)
return TRUE;
-
+
try
{
if (BootEncryption (NULL).GetStatus().DeviceFilterActive)
@@ -4075,7 +4091,7 @@ start:
}
// Try to open a handle to the driver again (keep the mutex in case the other instance failed)
- goto start;
+ goto start;
}
else
{
@@ -4084,7 +4100,7 @@ start:
if (SystemEncryptionStatus != SYSENC_STATUS_NONE)
{
// This is an inconsistent state. The config file indicates system encryption should be
- // active, but the driver is not running. This may happen e.g. when the pretest fails and
+ // active, but the driver is not running. This may happen e.g. when the pretest fails and
// the user selects "Last Known Good Configuration" from the Windows boot menu.
// To fix this, we're going to reinstall the driver, start it, and register it for boot.
@@ -4118,7 +4134,7 @@ load:
return res;
bPortableModeConfirmed = TRUE;
-
+
if (hDriver != INVALID_HANDLE_VALUE)
CloseHandle (hDriver);
hDriver = CreateFile (WIN32_ROOT_PREFIX, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
@@ -4292,7 +4308,7 @@ BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileN
| OFN_PATHMUSTEXIST
| OFN_ALLOWMULTISELECT
| (keepHistory ? 0 : OFN_DONTADDTORECENT);
-
+
if (!keepHistory)
CleanLastVisitedMRU ();
@@ -4322,7 +4338,7 @@ BOOL SelectMultipleFiles (HWND hwndDlg, const char *stringId, wchar_t *lpszFileN
CleanLastVisitedMRU ();
status = TRUE;
-
+
ret:
SystemFileSelectorCallPending = FALSE;
ResetCurrentDirectory();
@@ -4356,10 +4372,10 @@ BOOL SelectMultipleFilesNext (wchar_t *lpszFileName, size_t cbFileName)
}
-static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pData)
+static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pData)
{
switch(uMsg) {
- case BFFM_INITIALIZED:
+ case BFFM_INITIALIZED:
{
/* WParam is TRUE since we are passing a path.
It would be FALSE if we were passing a pidl. */
@@ -4367,12 +4383,12 @@ static int CALLBACK BrowseCallbackProc(HWND hwnd,UINT uMsg,LPARAM lp, LPARAM pDa
break;
}
- case BFFM_SELCHANGED:
+ case BFFM_SELCHANGED:
{
wchar_t szDir[TC_MAX_PATH];
/* Set the status window to the currently selected path. */
- if (SHGetPathFromIDList((LPITEMIDLIST) lp ,szDir))
+ if (SHGetPathFromIDList((LPITEMIDLIST) lp ,szDir))
{
SendMessage (hwnd,BFFM_SETSTATUSTEXT,0,(LPARAM)szDir);
}
@@ -4396,7 +4412,7 @@ BOOL BrowseDirectories (HWND hwndDlg, char *lpszTitle, wchar_t *dirName)
CoInitialize (NULL);
- if (SUCCEEDED (SHGetMalloc (&pMalloc)))
+ if (SUCCEEDED (SHGetMalloc (&pMalloc)))
{
ZeroMemory (&bi, sizeof(bi));
bi.hwndOwner = hwndDlg;
@@ -4408,9 +4424,9 @@ BOOL BrowseDirectories (HWND hwndDlg, char *lpszTitle, wchar_t *dirName)
bi.lParam = (LPARAM)dirName;
pidl = SHBrowseForFolderW (&bi);
- if (pidl != NULL)
+ if (pidl != NULL)
{
- if (SHGetPathFromIDList(pidl, dirName))
+ if (SHGetPathFromIDList(pidl, dirName))
{
bOK = TRUE;
}
@@ -4624,7 +4640,7 @@ static BOOL CALLBACK LocalizeDialogEnum( HWND hwnd, LPARAM font)
// Font
SendMessageW (hwnd, WM_SETFONT, (WPARAM) font, 0);
-
+
return TRUE;
}
@@ -4638,7 +4654,7 @@ void LocalizeDialog (HWND hwnd, char *stringId)
SetWindowTextW (hwnd, L"VeraCrypt");
else
SetWindowTextW (hwnd, GetString (stringId));
-
+
if (hUserFont != 0)
EnumChildWindows (hwnd, LocalizeDialogEnum, (LPARAM) hUserFont);
}
@@ -4719,10 +4735,10 @@ BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValu
DWORD cbLabelLen = (DWORD) ((wcslen (effectiveLabel) + 1) * sizeof (wchar_t));
BOOL bToBeDeleted = FALSE;
- StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s\\DefaultLabel", driveStr);
-
+ StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s\\DefaultLabel", driveStr);
+
if (bSetValue)
- lStatus = RegCreateKeyExW (HKEY_CURRENT_USER, wszRegPath, NULL, NULL, 0,
+ lStatus = RegCreateKeyExW (HKEY_CURRENT_USER, wszRegPath, NULL, NULL, 0,
KEY_READ | KEY_WRITE | KEY_SET_VALUE, NULL, &hKey, NULL);
else
lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);
@@ -4746,7 +4762,7 @@ BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValu
if (bToBeDeleted)
{
- StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s", driveStr);
+ StringCbPrintfW (wszRegPath, sizeof (wszRegPath), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DriveIcons\\%s", driveStr);
lStatus = RegOpenKeyExW (HKEY_CURRENT_USER, wszRegPath, 0, KEY_READ | KEY_WRITE | KEY_SET_VALUE, &hKey);
if (ERROR_SUCCESS == lStatus)
{
@@ -4772,7 +4788,7 @@ wstring GetUserFriendlyVersionString (int version)
versionString.insert (version > 0xfff ? 2 : 1,L".");
if (versionString[versionString.length()-1] == L'0')
- versionString.erase (versionString.length()-1, 1);
+ versionString.erase (versionString.length()-1, 1);
return (versionString);
}
@@ -4824,7 +4840,7 @@ bool HexWideStringToArray (const wchar_t* hexStr, std::vector<byte>& arr)
arr.clear();
if (len %2)
return false;
-
+
for (i = 0; i < len/2; i++)
{
if (!HexToByte (*hexStr++, b1) || !HexToByte (*hexStr++, b2))
@@ -4887,7 +4903,7 @@ void GetSpeedString (unsigned __int64 speed, wchar_t *str, size_t cbStr)
{
static wchar_t *b, *kb, *mb, *gb, *tb, *pb;
static int serNo;
-
+
if (b == NULL || serNo != LocalizationSerialNo)
{
serNo = LocalizationSerialNo;
@@ -5029,7 +5045,7 @@ static void DisplayBenchmarkResults (HWND hwndDlg)
}
break;
}
-
+
for (i = 0; i < benchmarkTotalItems; i++)
{
ea = benchmarkTable[i].id;
@@ -5087,7 +5103,7 @@ static void DisplayBenchmarkResults (HWND hwndDlg)
typedef struct
{
HWND hBenchDlg;
- BOOL bStatus;
+ BOOL bStatus;
} BenchmarkThreadParam;
static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg);
@@ -5284,7 +5300,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
if (thid == SHA256)
{
#ifdef _WIN64
- benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26);
+ benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26);
#else
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 24);
#endif
@@ -5292,7 +5308,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
else
{
#ifdef _WIN64
- benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5;
+ benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5;
#else
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 18) / 5;
#endif
@@ -5389,7 +5405,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
return TRUE;
counter_error:
-
+
if (ci)
crypto_close (ci);
@@ -5441,11 +5457,11 @@ BOOL CALLBACK BenchmarkDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP
benchmarkGPT = FALSE;
SendMessage (hList,LVM_SETEXTENDEDLISTVIEWSTYLE,0,
- LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_LABELTIP
- );
+ LVS_EX_FULLROWSELECT|LVS_EX_HEADERDRAGDROP|LVS_EX_LABELTIP
+ );
- memset (&LvCol,0,sizeof(LvCol));
- LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT;
+ memset (&LvCol,0,sizeof(LvCol));
+ LvCol.mask = LVCF_TEXT|LVCF_WIDTH|LVCF_SUBITEM|LVCF_FMT;
LvCol.pszText = GetString ("ALGORITHM");
LvCol.cx = CompensateXDPI (114);
LvCol.fmt = LVCFMT_LEFT;
@@ -5733,7 +5749,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA
SetTimer (hwndDlg, 0xfd, RANDPOOL_DISPLAY_REFRESH_INTERVAL, NULL);
SendMessage (GetDlgItem (hwndDlg, IDC_POOL_CONTENTS), WM_SETFONT, (WPARAM) hFixedDigitFont, (LPARAM) TRUE);
-
+
hEntropyBar = GetDlgItem (hwndDlg, IDC_ENTROPY_BAR);
SendMessage (hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel);
SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);
@@ -5768,7 +5784,7 @@ static BOOL CALLBACK RandomPoolEnrichementDlgProc (HWND hwndDlg, UINT msg, WPARA
else if (bUseMask)
{
/* use mask to compute a randomized ascii representation */
- tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] -
+ tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] -
lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];
tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');
tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');
@@ -5929,8 +5945,8 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
SendMessage (hEntropyBar, PBM_SETSTEP, 1, 0);
SendMessage (hEntropyBar, PBM_SETSTATE, PBST_ERROR, 0);
-#ifndef VOLFORMAT
- if (Randinit ())
+#ifndef VOLFORMAT
+ if (Randinit ())
{
handleError (hwndDlg, (CryptoAPILastError == ERROR_SUCCESS)? ERR_RAND_INIT_FAILED : ERR_CAPI_INIT_FAILED, SRC_POS);
EndDialog (hwndDlg, IDCLOSE);
@@ -5976,7 +5992,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
else if (bUseMask)
{
/* use mask to compute a randomized ASCII representation */
- tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] -
+ tmpByte = (randPool[row * RANDPOOL_DISPLAY_COLUMNS + col] -
lastRandPool[row * RANDPOOL_DISPLAY_COLUMNS + col]) ^ maskRandPool [row * RANDPOOL_DISPLAY_COLUMNS + col];
tmp[0] = (wchar_t) (((tmpByte >> 4) % 6) + L'*');
tmp[1] = (wchar_t) (((tmpByte & 0x0F) % 6) + L'*');
@@ -6104,7 +6120,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
for (i= 0; i < keyfilesCount; i++)
{
StringCbCopyW(szFileName, sizeof(szFileName), szDirName);
-
+
if (i > 0)
{
StringCbPrintfW(szSuffix, sizeof(szSuffix), L"_%d", i);
@@ -6161,7 +6177,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
NormalCursor();
return 1;
}
-
+
/* since keyfilesSize < 1024 * 1024, we mask with 0x000FFFFF */
keyfilesSize = (long) (((unsigned long) keyfilesSize) & 0x000FFFFF);
@@ -6169,7 +6185,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
keyfilesSize += 64;
}
- /* Generate the keyfile */
+ /* Generate the keyfile */
if (!RandgetBytesFull (hwndDlg, keyfile, keyfilesSize, TRUE, TRUE))
{
_close (fhKeyfile);
@@ -6177,7 +6193,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
TCfree(keyfile);
NormalCursor();
return 1;
- }
+ }
/* Write the keyfile */
status = _write (fhKeyfile, keyfile, keyfilesSize);
@@ -6190,7 +6206,7 @@ BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
NormalCursor();
handleWin32Error (hwndDlg, SRC_POS);
return 1;
- }
+ }
}
TCfree(keyfile);
@@ -6209,7 +6225,7 @@ exit:
WaitCursor();
KillTimer (hwndDlg, 0xfd);
-#ifndef VOLFORMAT
+#ifndef VOLFORMAT
RandStop (FALSE);
#endif
/* Cleanup */
@@ -6324,7 +6340,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);
SetWindowTextW(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), GetString ("TESTS_FAILED"));
- }
+ }
else
{
ShowWindow(GetDlgItem(hwndDlg, IDC_TESTS_MESSAGE), SW_SHOWNORMAL);
@@ -6430,7 +6446,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
inputtext[n] = (char) x;
}
-
+
// XTS
if (bXTSTestEnabled)
{
@@ -6487,10 +6503,10 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
blockNo = (int) SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_GETCURSEL, 0, 0), 0);
} // if (bXTSTestEnabled)
-
+
/* Perform the actual tests */
- if (ks != CB_ERR && pt != CB_ERR)
+ if (ks != CB_ERR && pt != CB_ERR)
{
char tmp[128];
int tmpRetVal;
@@ -6587,7 +6603,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
return 0;
}
-void
+void
ResetCipherTest(HWND hwndDlg, int idTestCipher)
{
int ndx;
@@ -6621,7 +6637,7 @@ ResetCipherTest(HWND hwndDlg, int idTestCipher)
SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), L"0000000000000000000000000000000000000000000000000000000000000000");
SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), L"0");
-
+
SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), L"0000000000000000");
SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), L"0000000000000000");
@@ -6696,7 +6712,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
pStr++;
pwStr++;
- do
+ do
{
if (*pStr != 0)
{
@@ -6710,7 +6726,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
hUserFont),
nLongestButtonCaptionWidth);
- nLongestButtonCaptionCharLen = max (nLongestButtonCaptionCharLen,
+ nLongestButtonCaptionCharLen = max (nLongestButtonCaptionCharLen,
(int) wcslen ((const wchar_t *) (bResolve ? GetString(*pStr) : *pwStr)));
}
@@ -6729,14 +6745,14 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
// Length of main message in characters (not bytes)
nMainTextLenInChars = (int) wcslen ((const wchar_t *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)));
- if (nMainTextLenInChars > 200
+ if (nMainTextLenInChars > 200
&& nMainTextLenInChars / nLongestButtonCaptionCharLen >= 10)
{
- // As the main text is longer than 200 characters, we will "pad" the widest button caption with
- // spaces (if it is not wide enough) so as to increase the width of the whole dialog window.
+ // As the main text is longer than 200 characters, we will "pad" the widest button caption with
+ // spaces (if it is not wide enough) so as to increase the width of the whole dialog window.
// Otherwise, it would look too tall (dialog boxes look better when they are more wide than tall).
nLongestButtonCaptionWidth = CompensateXDPI (max (
- nLongestButtonCaptionWidth,
+ nLongestButtonCaptionWidth,
min (350, nMainTextLenInChars)));
}
@@ -6764,10 +6780,10 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
do
{
- offset = FindString ((char *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)),
+ offset = FindString ((char *) (bResolve ? GetString(*(pStrOrig+1)) : *(pwStrOrig+1)),
(char *) L"\n",
- nMainTextLenInChars * 2,
- (int) wcslen (L"\n") * 2,
+ nMainTextLenInChars * 2,
+ (int) wcslen (L"\n") * 2,
offset + 1);
newLineSeqCount++;
@@ -6788,8 +6804,8 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
// Reduction in height according to the number of shown buttons
vertSubOffset = ((MAX_MULTI_CHOICES - nActiveChoices) * nBaseButtonHeight);
- if (horizSubOffset > 0
- || vertMsgHeightOffset > 0
+ if (horizSubOffset > 0
+ || vertMsgHeightOffset > 0
|| vertOffset > 0)
{
// Resize/move each button if necessary
@@ -6823,7 +6839,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
trec.right + 2 + horizSubOffset,
trec.bottom + 2,
TRUE);
-
+
GetWindowRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &rec);
GetClientRect(GetDlgItem(hwndDlg, IDC_MC_DLG_HR2), &trec);
MoveWindow (GetDlgItem(hwndDlg, IDC_MC_DLG_HR2),
@@ -6877,7 +6893,7 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
BOOL CheckCapsLock (HWND hwnd, BOOL quiet)
{
- if ((GetKeyState(VK_CAPITAL) & 1) != 0)
+ if ((GetKeyState(VK_CAPITAL) & 1) != 0)
{
if (!quiet)
{
@@ -6906,7 +6922,7 @@ BOOL CheckFileExtension (wchar_t *fileName)
L".vb", L".vbe", L".vbs", L".vsmacros", L".vss", L".vst", L".vsw", L".ws", L".wsc", L".wsf", L".wsh", L".xsd", L".xsl",
// These additional file extensions are usually watched by antivirus programs
L".386", L".acm", L".ade", L".adp", L".ani", L".app", L".asd", L".asf", L".asx", L".awx", L".ax", L".boo", L".bz2", L".cdf",
- L".class", L".dhtm", L".dhtml",L".dlo", L".emf", L".eml", L".flt", L".fot", L".gz", L".hlp", L".htm", L".html", L".ini",
+ L".class", L".dhtm", L".dhtml",L".dlo", L".emf", L".eml", L".flt", L".fot", L".gz", L".hlp", L".htm", L".html", L".ini",
L".j2k", L".jar", L".jff", L".jif", L".jmh", L".jng", L".jp2", L".jpe", L".jpeg", L".jpg", L".lsp", L".mod", L".nws",
L".obj", L".olb", L".osd", L".ov1", L".ov2", L".ov3", L".ovl", L".ovl", L".ovr", L".pdr", L".pgm", L".php", L".pkg",
L".pl", L".png", L".pot", L".pps", L".ppt", L".ps1", L".ps1xml", L".psc1", L".rar", L".rpl", L".rtf", L".sbf", L".script", L".sh", L".sha", L".shtm",
@@ -7078,7 +7094,7 @@ int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced)
memcpy (wszLabel, prop.wszLabel, sizeof (wszLabel));
bDriverSetLabel = prop.bDriverSetLabel;
}
-
+
unmount.nDosDriveNo = nDosDriveNo;
unmount.ignoreOpenFiles = forced;
@@ -7148,11 +7164,11 @@ void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap)
}
}
- dbv.dbcv_size = sizeof (dbv);
- dbv.dbcv_devicetype = DBT_DEVTYP_VOLUME;
+ dbv.dbcv_size = sizeof (dbv);
+ dbv.dbcv_devicetype = DBT_DEVTYP_VOLUME;
dbv.dbcv_reserved = 0;
dbv.dbcv_unitmask = driveMap;
- dbv.dbcv_flags = 0;
+ dbv.dbcv_flags = 0;
UINT timeOut = 1000;
@@ -7252,8 +7268,8 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
SetWindowLongPtrW (hProgress, GWL_STYLE, PBS_MARQUEE | GetWindowLongPtrW (hProgress, GWL_STYLE));
::SendMessageW(hProgress, PBM_SETMARQUEE, (WPARAM) TRUE, (LPARAM) 0);
}
-
- thParam->hwnd = hwndDlg;
+
+ thParam->hwnd = hwndDlg;
// For now, we don't have system menu is the resources but we leave this code
// if it is enabled in the future
@@ -7267,8 +7283,8 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
HICON hIcon = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXICON), ::GetSystemMetrics(SM_CYICON), LR_DEFAULTCOLOR);
::SendMessage(hwndDlg, WM_SETICON, TRUE, (LPARAM)hIcon);
HICON hIconSmall = (HICON)::LoadImage(hInst, MAKEINTRESOURCE(IDI_TRUECRYPT_ICON), IMAGE_ICON, ::GetSystemMetrics(SM_CXSMICON), ::GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);
- ::SendMessage(hwndDlg, WM_SETICON, FALSE, (LPARAM)hIconSmall);
- }
+ ::SendMessage(hwndDlg, WM_SETICON, FALSE, (LPARAM)hIconSmall);
+ }
LocalizeDialog (hwndDlg, NULL);
_beginthread(WaitThread, 0, thParam);
@@ -7296,26 +7312,26 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
void BringToForeground(HWND hWnd)
{
if(!::IsWindow(hWnd)) return;
-
+
DWORD lockTimeOut = 0;
HWND hCurrWnd = ::GetForegroundWindow();
DWORD dwThisTID = ::GetCurrentThreadId(),
dwCurrTID = ::GetWindowThreadProcessId(hCurrWnd,0);
-
+
if (hCurrWnd != hWnd)
{
if(dwThisTID != dwCurrTID)
{
::AttachThreadInput(dwThisTID, dwCurrTID, TRUE);
-
+
::SystemParametersInfo(SPI_GETFOREGROUNDLOCKTIMEOUT,0,&lockTimeOut,0);
::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,0,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE);
-
+
::AllowSetForegroundWindow(ASFW_ANY);
}
-
+
::SetForegroundWindow(hWnd);
-
+
if(dwThisTID != dwCurrTID)
{
::SystemParametersInfo(SPI_SETFOREGROUNDLOCKTIMEOUT,0,(PVOID)lockTimeOut,SPIF_SENDWININICHANGE | SPIF_UPDATEINIFILE);
@@ -7388,12 +7404,12 @@ static BOOL PerformMountIoctl (MOUNT_STRUCT* pmount, LPDWORD pdwResult, BOOL use
CreateFullVolumePath (pmount->wszVolume, sizeof(pmount->wszVolume), devicePath.c_str(), &bDevice);
}
}
-
+
return DeviceIoControl (hDriver, TC_IOCTL_MOUNT_VOLUME, pmount,
sizeof (MOUNT_STRUCT), pmount, sizeof (MOUNT_STRUCT), pdwResult, NULL);
}
-// specific definitions and implementation for support of mount operation
+// specific definitions and implementation for support of mount operation
// in wait dialog mechanism
typedef struct
@@ -7526,7 +7542,7 @@ retry:
path = path.substr (4);
StringCchCopyW (volumePath, TC_MAX_PATH, path.c_str());
}
-
+
if (path.find (L"Volume{") == 0 && path.rfind (L"}\\") == path.size() - 2)
{
wstring resolvedPath = VolumeGuidPathToDevicePath (path);
@@ -7538,7 +7554,7 @@ retry:
if ((path.length () >= 3) && (_wcsnicmp (path.c_str(), L"ID:", 3) == 0))
{
std::vector<byte> arr;
- if ( (path.length() == (3 + 2*VOLUME_ID_SIZE))
+ if ( (path.length() == (3 + 2*VOLUME_ID_SIZE))
&& HexWideStringToArray (path.c_str() + 3, arr)
&& (arr.size() == VOLUME_ID_SIZE)
)
@@ -7575,7 +7591,7 @@ retry:
mount.BytesPerSector = bps;
mount.BytesPerPhysicalSector = bps;
}
-
+
if (IsOSAtLeast (WIN_VISTA))
{
if ( (wcslen(root) >= 2)
@@ -7683,7 +7699,7 @@ retry:
goto retry;
}
- // Ask user
+ // Ask user
if (IDYES == AskWarnNoYes ("FILE_IN_USE", hwndDlg))
{
mount.bExclusiveAccess = FALSE;
@@ -7704,12 +7720,12 @@ retry:
{
if (mount.nReturnCode == ERR_PASSWORD_WRONG)
{
- // Do not report wrong password, if not instructed to
+ // Do not report wrong password, if not instructed to
if (bReportWrongPassword)
{
IncreaseWrongPwdRetryCount (1); // We increase the count here only if bReportWrongPassword is TRUE, because "Auto-Mount All Devices" and other callers do it separately
- if (WrongPwdRetryCountOverLimit ()
+ if (WrongPwdRetryCountOverLimit ()
&& !mount.UseBackupHeader)
{
// Retry using embedded header backup (if any)
@@ -7757,7 +7773,7 @@ retry:
if (bReportWrongPassword && !Silent)
Warning ("HEADER_DAMAGED_AUTO_USED_HEADER_BAK", hwndDlg);
}
-
+
LastMountedVolumeDirty = mount.FilesystemDirty;
if (mount.FilesystemDirty)
@@ -12132,3 +12148,52 @@ BOOL CopyTextToClipboard (LPCWSTR txtValue)
return bRet;
}
+
+BOOL GetFreeDriveLetter(WCHAR* pCh) {
+ DWORD dwUsedDrives = GetLogicalDrives();
+ WCHAR l;
+ for (l = L'A'; l <= L'Z'; l++) {
+ if ((dwUsedDrives & 1) == 0) {
+ *pCh = l;
+ return TRUE;
+ }
+ dwUsedDrives = dwUsedDrives >> 1;
+ }
+ return FALSE;
+}
+
+BOOL RaisePrivileges(void)
+{
+ HANDLE hToken;
+ TOKEN_PRIVILEGES tkp;
+ BOOL bRet = FALSE;
+ DWORD dwLastError = 0;
+
+ if (OpenProcessToken(GetCurrentProcess(),
+ TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+ &hToken))
+ {
+ if (LookupPrivilegeValue(NULL, SE_SYSTEM_ENVIRONMENT_NAME,
+ &tkp.Privileges[0].Luid))
+ {
+ DWORD len;
+
+ tkp.PrivilegeCount = 1;
+ tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+
+ bRet = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, &len);
+ if (!bRet)
+ dwLastError = GetLastError ();
+ }
+ else
+ dwLastError = GetLastError ();
+
+ CloseHandle(hToken);
+ }
+ else
+ dwLastError = GetLastError ();
+
+ SetLastError (dwLastError);
+
+ return bRet;
+} \ No newline at end of file
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index bc818e77..9ae9d5b2 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -510,6 +510,9 @@ void AllowMessageInUIPI (UINT msg);
BOOL IsRepeatedByteArray (byte value, const byte* buffer, size_t bufferSize);
BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue);
BOOL CopyTextToClipboard (const wchar_t* txtValue);
+BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);
+BOOL GetFreeDriveLetter(WCHAR* pCh);
+BOOL RaisePrivileges(void);
#ifdef __cplusplus
}
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index fdd194fe..5350ece1 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1077,7 +1077,7 @@
<string lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0">VeraCrypt no longer supports encryption of the system partition/drive on Windows Vista with no Service Pack installed. Before upgrading VeraCrypt, please install Service Pack 1 or higher for Windows Vista.</string>
<string lang="en" key="FEATURE_REQUIRES_INSTALLATION">Error: This feature requires VeraCrypt to be installed on the system (you are running VeraCrypt in portable mode).\n\nPlease install VeraCrypt and then try again.</string>
<string lang="en" key="WINDOWS_NOT_ON_BOOT_DRIVE_ERROR">WARNING: Windows does not appear to be installed on the drive from which it boots. This is not supported.\n\nYou should continue only if you are sure that Windows is installed on the drive from which it boots.\n\nDo you want to continue?</string>
- <string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">Your system drive has a GUID partition table (GPT). Currently, only drives with a MBR partition table are supported.</string>
+ <string lang="en" key="GPT_BOOT_DRIVE_UNSUPPORTED">You are running a 32-bit Windows and your system drive has a GUID partition table (GPT). Currently, only Windows 64-bit is supported for GPT system encryption.</string>
<string lang="en" key="TC_BOOT_LOADER_ALREADY_INSTALLED">CAUTION: The VeraCrypt Boot Loader is already installed on your system drive!\n\nIt is possible that another system on your computer is already encrypted.\n\nWARNING: PROCEEDING WITH ENCRYPTION OF THE CURRENTLY RUNNING SYSTEM MAY MAKE OTHER SYSTEM(S) IMPOSSIBLE TO START AND RELATED DATA INACCESSIBLE.\n\nAre you sure you want to continue?</string>
<string lang="en" key="SYS_LOADER_RESTORE_FAILED">Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader.</string>
<string lang="en" key="SYS_LOADER_UNAVAILABLE_FOR_RESCUE_DISK">The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file).</string>
@@ -1399,6 +1399,9 @@
<string lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</string>
<control lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</control>
<control lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</control>
+ <control lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</control>
+ <string lang="en" key="GOST89_HELP">The GOST block cipher, defined in the standard GOST 28147-89 under name Magma, is a Soviet and Russian government standard symmetric key block cipher.\n\nDeveloped in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. It was a Soviet alternative to the United States standard algorithm, DES.</string>
+ <string lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</string>
<string lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</string>
<string lang="en" key="TIME">Time</string>
<string lang="en" key="ITERATIONS">Iterations</string>