VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Mount
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2018-04-16 00:23:05 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2018-04-23 16:59:27 +0200
commit0a737c8c87fded05a74cad5232c9c973b3037d61 (patch)
tree44113dbadbb96d90fe7ddfe13136b237d07c911c /src/Mount
parent9e36039630db3935e316ecd378e6826f4e5c3a5c (diff)
downloadVeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.tar.gz
VeraCrypt-0a737c8c87fded05a74cad5232c9c973b3037d61.zip
Windows: implement internal verification of Authenticode digital signature for all modules to protect against simple binaries tampering.
Diffstat (limited to 'src/Mount')
-rw-r--r--src/Mount/Mount.c62
1 files changed, 53 insertions, 9 deletions
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index b3ad6f6d..3f508d14 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -1507,6 +1507,10 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bEle
if (!FileExists(t))
Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do
+ else if (!VerifyModuleSignature (t))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ }
else
{
@@ -4425,13 +4429,18 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
goto stop;
}
- // Main app 32-bit
+ // Main app 32-bit
if (Is64BitOs () && !IsNonInstallMode ())
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x86.exe", appDir);
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4443,7 +4452,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4458,7 +4472,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4470,7 +4489,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4486,7 +4510,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4498,7 +4527,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
else
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander-x64.exe", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4508,7 +4542,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;
@@ -4517,7 +4556,12 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
// Driver x64
StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt-x64.sys", appDir);
StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir);
- if (!TCCopyFile (srcPath, dstPath))
+ if (!VerifyModuleSignature (srcPath))
+ {
+ Error ("DIST_PACKAGE_CORRUPTED", hwndDlg);
+ goto stop;
+ }
+ else if (!TCCopyFile (srcPath, dstPath))
{
handleWin32Error (hwndDlg, SRC_POS);
goto stop;