VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/BootEncryption.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common/BootEncryption.cpp')
-rw-r--r--src/Common/BootEncryption.cpp171
1 files changed, 41 insertions, 130 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index c9b275dc..6a36a60f 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -773,11 +773,13 @@ namespace VeraCrypt
else
{
LastError = GetLastError();
+#ifndef SETUP
if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())
{
Elevated = true;
FileOpen = true;
}
+#endif
}
FilePointerPosition = 0;
@@ -806,12 +808,14 @@ namespace VeraCrypt
throw SystemException (SRC_POS);
}
+#ifndef SETUP
if (Elevated)
{
Elevator::ReadWriteFile (false, IsDevice, Path, buffer, FilePointerPosition, size, &bytesRead);
FilePointerPosition += bytesRead;
return bytesRead;
}
+#endif
if (!ReadFile (Handle, buffer, size, &bytesRead, NULL))
{
@@ -913,6 +917,7 @@ namespace VeraCrypt
try
{
+#ifndef SETUP
if (Elevated)
{
Elevator::ReadWriteFile (true, IsDevice, Path, buffer, FilePointerPosition, size, &bytesWritten);
@@ -920,6 +925,7 @@ namespace VeraCrypt
throw_sys_if (bytesWritten != size);
}
else
+#endif
{
if (!WriteFile (Handle, buffer, size, &bytesWritten, NULL))
{
@@ -1046,11 +1052,13 @@ namespace VeraCrypt
else
{
LastError = GetLastError ();
+#ifndef SETUP
if (LastError == ERROR_ACCESS_DENIED && IsUacSupported())
{
Elevated = true;
FileOpen = true;
}
+#endif
}
FilePointerPosition = 0;
@@ -1141,7 +1149,7 @@ namespace VeraCrypt
// throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called
// Find the first active partition on the system drive
- foreach (const Partition &partition, config.Partitions)
+ for (const Partition& partition : config.Partitions)
{
if (partition.Info.BootIndicator)
{
@@ -1154,13 +1162,13 @@ namespace VeraCrypt
Partition bootPartition = partition;
Partition partitionBehindBoot;
- foreach (const Partition &partition, config.Partitions)
+ for (const Partition &otherPartition : config.Partitions)
{
- if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart
- && partition.Info.StartingOffset.QuadPart < minOffsetFound)
+ if (otherPartition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart
+ && otherPartition.Info.StartingOffset.QuadPart < minOffsetFound)
{
- minOffsetFound = partition.Info.StartingOffset.QuadPart;
- partitionBehindBoot = partition;
+ minOffsetFound = otherPartition.Info.StartingOffset.QuadPart;
+ partitionBehindBoot = otherPartition;
}
}
@@ -1351,11 +1359,11 @@ namespace VeraCrypt
part.IsGPT = diskPartInfo.IsGPT;
// Mount point
- int driveNumber = GetDiskDeviceDriveLetter ((wchar_t *) partPath.str().c_str());
+ int driveLetter = GetDiskDeviceDriveLetter ((wchar_t *) partPath.str().c_str());
- if (driveNumber >= 0)
+ if (driveLetter >= 0)
{
- part.MountPoint += (wchar_t) (driveNumber + L'A');
+ part.MountPoint += (wchar_t) (driveLetter + L'A');
part.MountPoint += L":";
}
@@ -2441,7 +2449,8 @@ namespace VeraCrypt
if (!fieldValue.empty() && strlen (fieldValue.c_str()))
{
string copieValue = fieldValue;
- std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(), ::tolower);
+ std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(),
+ [](unsigned char c) { return static_cast<char>(std::tolower(c)); });
if (strstr (copieValue.c_str(), "postexec") && strstr (copieValue.c_str(), "file("))
{
@@ -2636,7 +2645,7 @@ namespace VeraCrypt
bool EfiBoot::IsEfiBoot() {
DWORD BootOrderLen;
BootOrderLen = GetFirmwareEnvironmentVariable(L"BootOrder", EfiVarGuid, tempBuf, sizeof(tempBuf));
- return BootOrderLen != 0;
+ return (BootOrderLen != 0) || (GetLastError() != ERROR_INVALID_FUNCTION);
}
void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) {
@@ -2651,16 +2660,9 @@ namespace VeraCrypt
}
// Check EFI
if (!IsEfiBoot()) {
- dwLastError = GetLastError();
- if (dwLastError != ERROR_SUCCESS)
- {
- if (!bPrivilegesSet)
- SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
- // format message to append the error code to the exception message
- wchar_t szMsg[128];
- StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError);
- throw ErrorException(szMsg, SRC_POS);
- }
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+ throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS);
}
wchar_t varName[256];
StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);
@@ -2720,16 +2722,9 @@ namespace VeraCrypt
}
// Check EFI
if (!IsEfiBoot()) {
- dwLastError = GetLastError();
- if (dwLastError != ERROR_SUCCESS)
- {
- if (!bPrivilegesSet)
- SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
- // format message to append the error code to the exception message
- wchar_t szMsg[1024];
- StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError);
- throw ErrorException(szMsg, SRC_POS);
- }
+ if (!bPrivilegesSet)
+ SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE);
+ throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS);
}
if (bDeviceInfoValid)
@@ -3207,7 +3202,7 @@ namespace VeraCrypt
void BootEncryption::UpdateSetupConfigFile (bool bForInstall)
{
// starting from Windows 10 1607 (Build 14393), ReflectDrivers in Setupconfig.ini is supported
- if (IsOSVersionAtLeast (WIN_10, 0) && CurrentOSBuildNumber >= 14393)
+ if (IsWin10BuildAtLeast(WIN_10_1607_BUILD))
{
wchar_t szInstallPath [TC_MAX_PATH];
wchar_t szSetupconfigLocation [TC_MAX_PATH + 20];
@@ -3337,53 +3332,29 @@ namespace VeraCrypt
}
}
DWORD sizeDcsBoot;
-#ifdef _WIN64
uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);
-#else
- uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot);
-#endif
if (!dcsBootImg)
throw ErrorException(L"Out of resource DcsBoot", SRC_POS);
DWORD sizeDcsInt;
-#ifdef _WIN64
uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);
-#else
- uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt);
-#endif
if (!dcsIntImg)
throw ErrorException(L"Out of resource DcsInt", SRC_POS);
DWORD sizeDcsCfg;
-#ifdef _WIN64
uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);
-#else
- uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg);
-#endif
if (!dcsCfgImg)
throw ErrorException(L"Out of resource DcsCfg", SRC_POS);
DWORD sizeLegacySpeaker;
-#ifdef _WIN64
uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);
-#else
- uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker);
-#endif
if (!LegacySpeakerImg)
throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
DWORD sizeBootMenuLocker;
-#ifdef _WIN64
uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
-#else
- uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker);
-#endif
if (!BootMenuLockerImg)
throw ErrorException(L"Out of resource DcsBml", SRC_POS);
#endif
DWORD sizeDcsInfo;
-#ifdef _WIN64
uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
-#else
- uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo);
-#endif
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
@@ -3395,8 +3366,8 @@ namespace VeraCrypt
bool bAlreadyExist;
const char* g_szMsBootString = "bootmgfw.pdb";
unsigned __int64 loaderSize = 0;
- const wchar_t * szStdEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi": L"\\EFI\\Boot\\bootia32.efi";
- const wchar_t * szBackupEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\original_bootx64.vc_backup": L"\\EFI\\Boot\\original_bootia32.vc_backup";
+ const wchar_t * szStdEfiBootloader = L"\\EFI\\Boot\\bootx64.efi";
+ const wchar_t * szBackupEfiBootloader = L"\\EFI\\Boot\\original_bootx64.vc_backup";
if (preserveUserConfig)
{
@@ -3552,10 +3523,7 @@ namespace VeraCrypt
// move the original bootloader backup from old location (if it exists) to new location
// we don't force the move operation if the new location already exists
- if (Is64BitOs())
- EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE);
- else
- EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootia32_vc_backup.efi", L"\\EFI\\Boot\\original_bootia32.vc_backup", FALSE);
+ EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE);
// Clean beta9
EfiBootInst.DelFile(L"\\DcsBoot.efi");
@@ -3734,61 +3702,33 @@ namespace VeraCrypt
{
// create EFI disk structure
DWORD sizeDcsBoot;
-#ifdef _WIN64
uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);
-#else
- uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot);
-#endif
if (!dcsBootImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsInt;
-#ifdef _WIN64
uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);
-#else
- uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt);
-#endif
if (!dcsIntImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsCfg;
-#ifdef _WIN64
uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);
-#else
- uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg);
-#endif
if (!dcsCfgImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeLegacySpeaker;
-#ifdef _WIN64
uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);
-#else
- uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker);
-#endif
if (!LegacySpeakerImg)
throw ParameterIncorrect (SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
DWORD sizeBootMenuLocker;
-#ifdef _WIN64
uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
-#else
- uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker);
-#endif
if (!BootMenuLockerImg)
throw ParameterIncorrect (SRC_POS);
#endif
DWORD sizeDcsRescue;
-#ifdef _WIN64
uint8 *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue);
-#else
- uint8 *DcsRescueImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSRE: IDR_EFI_DCSRE32, &sizeDcsRescue);
-#endif
if (!DcsRescueImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsInfo;
-#ifdef _WIN64
uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
-#else
- uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo);
-#endif
if (!DcsInfoImg)
throw ParameterIncorrect (SRC_POS);
@@ -3814,7 +3754,7 @@ namespace VeraCrypt
finally_do_arg (zip_t**, &z, { if (*finally_arg) zip_discard (*finally_arg);});
- if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue))
+ if (!ZipAdd (z, "EFI/Boot/bootx64.efi", DcsRescueImg, sizeDcsRescue))
throw ParameterIncorrect (SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker))
@@ -3863,7 +3803,7 @@ namespace VeraCrypt
sysBakFile.GetFileSize(fileSize);
fileBuf.Resize ((DWORD) fileSize);
DWORD sizeLoader = sysBakFile.Read (fileBuf.Ptr (), fileSize);
- bLoadAdded = ZipAdd (z, Is64BitOs()? "EFI/Boot/original_bootx64.vc_backup": "EFI/Boot/original_bootia32.vc_backup", fileBuf.Ptr (), sizeLoader);
+ bLoadAdded = ZipAdd (z, "EFI/Boot/original_bootx64.vc_backup", fileBuf.Ptr (), sizeLoader);
}
catch (Exception &e)
{
@@ -4090,19 +4030,6 @@ namespace VeraCrypt
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootx64.vc_backup"
};
-
- const wchar_t* efi32Files[] = {
- L"EFI/Boot/bootia32.efi",
-#ifdef VC_EFI_CUSTOM_MODE
- L"EFI/VeraCrypt/DcsBml.dcs",
-#endif
- L"EFI/VeraCrypt/DcsBoot.efi",
- L"EFI/VeraCrypt/DcsCfg.dcs",
- L"EFI/VeraCrypt/DcsInt.dcs",
- L"EFI/VeraCrypt/LegacySpeaker.dcs",
- L"EFI/VeraCrypt/svh_bak",
- L"EFI/Boot/original_bootia32.vc_backup"
- };
zip_error_t zerr;
zip_source_t* zsrc = zip_source_buffer_create (RescueZipData, RescueZipSize, 0, &zerr);
@@ -4131,8 +4058,8 @@ namespace VeraCrypt
&& !wcsncmp (szNameBuffer, L"FAT", 3))
{
int i;
- const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files;
- int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files);
+ const wchar_t** efiFiles = efi64Files;
+ int efiFilesSize = ARRAYSIZE(efi64Files);
for (i = 0; i < efiFilesSize; i++)
{
bool bMatch = false;
@@ -4285,25 +4212,12 @@ namespace VeraCrypt
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootx64.vc_backup"
};
-
- const wchar_t* efi32Files[] = {
- L"EFI/Boot/bootia32.efi",
-#ifdef VC_EFI_CUSTOM_MODE
- L"EFI/VeraCrypt/DcsBml.dcs",
-#endif
- L"EFI/VeraCrypt/DcsBoot.efi",
- L"EFI/VeraCrypt/DcsCfg.dcs",
- L"EFI/VeraCrypt/DcsInt.dcs",
- L"EFI/VeraCrypt/LegacySpeaker.dcs",
- L"EFI/VeraCrypt/svh_bak",
- L"EFI/Boot/original_bootia32.vc_backup"
- };
int i;
zip_stat_t statMem, statFile;
zip_int64_t indexMem, indexFile;
- const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files;
- int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files);
+ const wchar_t** efiFiles = efi64Files;
+ int efiFilesSize = ARRAYSIZE(efi64Files);
for (i = 0; i < efiFilesSize; i++)
{
bool bMatch = false;
@@ -4396,14 +4310,14 @@ namespace VeraCrypt
if (!IsRandomNumberGeneratorStarted())
throw ParameterIncorrect (SRC_POS);
- throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, (char *) VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo,
+ throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo,
volumeSize, 0, encryptedAreaStart, 0, TC_SYSENC_KEYSCOPE_MIN_REQ_PROG_VERSION, TC_HEADER_FLAG_ENCRYPTED_SYSTEM, TC_SECTOR_SIZE_BIOS, FALSE) != 0);
finally_do_arg (PCRYPTO_INFO*, &cryptoInfo, { crypto_close (*finally_arg); });
// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)
memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));
- if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo))
+ if (0 != ReadVolumeHeader (TRUE, RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo))
throw ParameterIncorrect (SRC_POS);
DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
@@ -4578,10 +4492,7 @@ namespace VeraCrypt
EfiBootInst.DeleteStartExec();
EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
- if (Is64BitOs())
- EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
- else
- EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootia32.vc_backup", L"\\EFI\\Boot\\bootia32.efi", TRUE);
+ EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
if (!EfiBootInst.RenameFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE))
{
@@ -5405,7 +5316,7 @@ namespace VeraCrypt
SystemDriveConfiguration config = GetSystemDriveConfiguration ();
- char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
+ unsigned char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];
Device device (config.DevicePath);
device.CheckOpened (SRC_POS);
@@ -5435,7 +5346,7 @@ namespace VeraCrypt
}
device.SeekAt (headerOffset);
- device.Read ((uint8 *) header, sizeof (header));
+ device.Read (header, sizeof (header));
PCRYPTO_INFO cryptoInfo = NULL;