diff options
Diffstat (limited to 'src/Common/BootEncryption.cpp')
-rw-r--r-- | src/Common/BootEncryption.cpp | 171 |
1 files changed, 41 insertions, 130 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index c9b275dc..6a36a60f 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -773,11 +773,13 @@ namespace VeraCrypt else { LastError = GetLastError(); +#ifndef SETUP if (LastError == ERROR_ACCESS_DENIED && IsUacSupported()) { Elevated = true; FileOpen = true; } +#endif } FilePointerPosition = 0; @@ -806,12 +808,14 @@ namespace VeraCrypt throw SystemException (SRC_POS); } +#ifndef SETUP if (Elevated) { Elevator::ReadWriteFile (false, IsDevice, Path, buffer, FilePointerPosition, size, &bytesRead); FilePointerPosition += bytesRead; return bytesRead; } +#endif if (!ReadFile (Handle, buffer, size, &bytesRead, NULL)) { @@ -913,6 +917,7 @@ namespace VeraCrypt try { +#ifndef SETUP if (Elevated) { Elevator::ReadWriteFile (true, IsDevice, Path, buffer, FilePointerPosition, size, &bytesWritten); @@ -920,6 +925,7 @@ namespace VeraCrypt throw_sys_if (bytesWritten != size); } else +#endif { if (!WriteFile (Handle, buffer, size, &bytesWritten, NULL)) { @@ -1046,11 +1052,13 @@ namespace VeraCrypt else { LastError = GetLastError (); +#ifndef SETUP if (LastError == ERROR_ACCESS_DENIED && IsUacSupported()) { Elevated = true; FileOpen = true; } +#endif } FilePointerPosition = 0; @@ -1141,7 +1149,7 @@ namespace VeraCrypt // throw ParameterIncorrect (SRC_POS); // It is assumed that CheckRequirements() had been called // Find the first active partition on the system drive - foreach (const Partition &partition, config.Partitions) + for (const Partition& partition : config.Partitions) { if (partition.Info.BootIndicator) { @@ -1154,13 +1162,13 @@ namespace VeraCrypt Partition bootPartition = partition; Partition partitionBehindBoot; - foreach (const Partition &partition, config.Partitions) + for (const Partition &otherPartition : config.Partitions) { - if (partition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart - && partition.Info.StartingOffset.QuadPart < minOffsetFound) + if (otherPartition.Info.StartingOffset.QuadPart > bootPartition.Info.StartingOffset.QuadPart + && otherPartition.Info.StartingOffset.QuadPart < minOffsetFound) { - minOffsetFound = partition.Info.StartingOffset.QuadPart; - partitionBehindBoot = partition; + minOffsetFound = otherPartition.Info.StartingOffset.QuadPart; + partitionBehindBoot = otherPartition; } } @@ -1351,11 +1359,11 @@ namespace VeraCrypt part.IsGPT = diskPartInfo.IsGPT; // Mount point - int driveNumber = GetDiskDeviceDriveLetter ((wchar_t *) partPath.str().c_str()); + int driveLetter = GetDiskDeviceDriveLetter ((wchar_t *) partPath.str().c_str()); - if (driveNumber >= 0) + if (driveLetter >= 0) { - part.MountPoint += (wchar_t) (driveNumber + L'A'); + part.MountPoint += (wchar_t) (driveLetter + L'A'); part.MountPoint += L":"; } @@ -2441,7 +2449,8 @@ namespace VeraCrypt if (!fieldValue.empty() && strlen (fieldValue.c_str())) { string copieValue = fieldValue; - std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(), ::tolower); + std::transform(copieValue.begin(), copieValue.end(), copieValue.begin(), + [](unsigned char c) { return static_cast<char>(std::tolower(c)); }); if (strstr (copieValue.c_str(), "postexec") && strstr (copieValue.c_str(), "file(")) { @@ -2636,7 +2645,7 @@ namespace VeraCrypt bool EfiBoot::IsEfiBoot() { DWORD BootOrderLen; BootOrderLen = GetFirmwareEnvironmentVariable(L"BootOrder", EfiVarGuid, tempBuf, sizeof(tempBuf)); - return BootOrderLen != 0; + return (BootOrderLen != 0) || (GetLastError() != ERROR_INVALID_FUNCTION); } void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) { @@ -2651,16 +2660,9 @@ namespace VeraCrypt } // Check EFI if (!IsEfiBoot()) { - dwLastError = GetLastError(); - if (dwLastError != ERROR_SUCCESS) - { - if (!bPrivilegesSet) - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); - // format message to append the error code to the exception message - wchar_t szMsg[128]; - StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError); - throw ErrorException(szMsg, SRC_POS); - } + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS); } wchar_t varName[256]; StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum); @@ -2720,16 +2722,9 @@ namespace VeraCrypt } // Check EFI if (!IsEfiBoot()) { - dwLastError = GetLastError(); - if (dwLastError != ERROR_SUCCESS) - { - if (!bPrivilegesSet) - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); - // format message to append the error code to the exception message - wchar_t szMsg[1024]; - StringCchPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x%.8X)", dwLastError); - throw ErrorException(szMsg, SRC_POS); - } + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + throw ErrorException(L"Failed to detect EFI environment (error ERROR_INVALID_FUNCTION)", SRC_POS); } if (bDeviceInfoValid) @@ -3207,7 +3202,7 @@ namespace VeraCrypt void BootEncryption::UpdateSetupConfigFile (bool bForInstall) { // starting from Windows 10 1607 (Build 14393), ReflectDrivers in Setupconfig.ini is supported - if (IsOSVersionAtLeast (WIN_10, 0) && CurrentOSBuildNumber >= 14393) + if (IsWin10BuildAtLeast(WIN_10_1607_BUILD)) { wchar_t szInstallPath [TC_MAX_PATH]; wchar_t szSetupconfigLocation [TC_MAX_PATH + 20]; @@ -3337,53 +3332,29 @@ namespace VeraCrypt } } DWORD sizeDcsBoot; -#ifdef _WIN64 uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot); -#else - uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot); -#endif if (!dcsBootImg) throw ErrorException(L"Out of resource DcsBoot", SRC_POS); DWORD sizeDcsInt; -#ifdef _WIN64 uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt); -#else - uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt); -#endif if (!dcsIntImg) throw ErrorException(L"Out of resource DcsInt", SRC_POS); DWORD sizeDcsCfg; -#ifdef _WIN64 uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg); -#else - uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg); -#endif if (!dcsCfgImg) throw ErrorException(L"Out of resource DcsCfg", SRC_POS); DWORD sizeLegacySpeaker; -#ifdef _WIN64 uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker); -#else - uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker); -#endif if (!LegacySpeakerImg) throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS); #ifdef VC_EFI_CUSTOM_MODE DWORD sizeBootMenuLocker; -#ifdef _WIN64 uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker); -#else - uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker); -#endif if (!BootMenuLockerImg) throw ErrorException(L"Out of resource DcsBml", SRC_POS); #endif DWORD sizeDcsInfo; -#ifdef _WIN64 uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo); -#else - uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo); -#endif if (!DcsInfoImg) throw ErrorException(L"Out of resource DcsInfo", SRC_POS); @@ -3395,8 +3366,8 @@ namespace VeraCrypt bool bAlreadyExist; const char* g_szMsBootString = "bootmgfw.pdb"; unsigned __int64 loaderSize = 0; - const wchar_t * szStdEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi": L"\\EFI\\Boot\\bootia32.efi"; - const wchar_t * szBackupEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\original_bootx64.vc_backup": L"\\EFI\\Boot\\original_bootia32.vc_backup"; + const wchar_t * szStdEfiBootloader = L"\\EFI\\Boot\\bootx64.efi"; + const wchar_t * szBackupEfiBootloader = L"\\EFI\\Boot\\original_bootx64.vc_backup"; if (preserveUserConfig) { @@ -3552,10 +3523,7 @@ namespace VeraCrypt // move the original bootloader backup from old location (if it exists) to new location // we don't force the move operation if the new location already exists - if (Is64BitOs()) - EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE); - else - EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootia32_vc_backup.efi", L"\\EFI\\Boot\\original_bootia32.vc_backup", FALSE); + EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE); // Clean beta9 EfiBootInst.DelFile(L"\\DcsBoot.efi"); @@ -3734,61 +3702,33 @@ namespace VeraCrypt { // create EFI disk structure DWORD sizeDcsBoot; -#ifdef _WIN64 uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot); -#else - uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot); -#endif if (!dcsBootImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsInt; -#ifdef _WIN64 uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt); -#else - uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt); -#endif if (!dcsIntImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsCfg; -#ifdef _WIN64 uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg); -#else - uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg); -#endif if (!dcsCfgImg) throw ParameterIncorrect (SRC_POS); DWORD sizeLegacySpeaker; -#ifdef _WIN64 uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker); -#else - uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker); -#endif if (!LegacySpeakerImg) throw ParameterIncorrect (SRC_POS); #ifdef VC_EFI_CUSTOM_MODE DWORD sizeBootMenuLocker; -#ifdef _WIN64 uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker); -#else - uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker); -#endif if (!BootMenuLockerImg) throw ParameterIncorrect (SRC_POS); #endif DWORD sizeDcsRescue; -#ifdef _WIN64 uint8 *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue); -#else - uint8 *DcsRescueImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSRE: IDR_EFI_DCSRE32, &sizeDcsRescue); -#endif if (!DcsRescueImg) throw ParameterIncorrect (SRC_POS); DWORD sizeDcsInfo; -#ifdef _WIN64 uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo); -#else - uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo); -#endif if (!DcsInfoImg) throw ParameterIncorrect (SRC_POS); @@ -3814,7 +3754,7 @@ namespace VeraCrypt finally_do_arg (zip_t**, &z, { if (*finally_arg) zip_discard (*finally_arg);}); - if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue)) + if (!ZipAdd (z, "EFI/Boot/bootx64.efi", DcsRescueImg, sizeDcsRescue)) throw ParameterIncorrect (SRC_POS); #ifdef VC_EFI_CUSTOM_MODE if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker)) @@ -3863,7 +3803,7 @@ namespace VeraCrypt sysBakFile.GetFileSize(fileSize); fileBuf.Resize ((DWORD) fileSize); DWORD sizeLoader = sysBakFile.Read (fileBuf.Ptr (), fileSize); - bLoadAdded = ZipAdd (z, Is64BitOs()? "EFI/Boot/original_bootx64.vc_backup": "EFI/Boot/original_bootia32.vc_backup", fileBuf.Ptr (), sizeLoader); + bLoadAdded = ZipAdd (z, "EFI/Boot/original_bootx64.vc_backup", fileBuf.Ptr (), sizeLoader); } catch (Exception &e) { @@ -4090,19 +4030,6 @@ namespace VeraCrypt L"EFI/VeraCrypt/svh_bak", L"EFI/Boot/original_bootx64.vc_backup" }; - - const wchar_t* efi32Files[] = { - L"EFI/Boot/bootia32.efi", -#ifdef VC_EFI_CUSTOM_MODE - L"EFI/VeraCrypt/DcsBml.dcs", -#endif - L"EFI/VeraCrypt/DcsBoot.efi", - L"EFI/VeraCrypt/DcsCfg.dcs", - L"EFI/VeraCrypt/DcsInt.dcs", - L"EFI/VeraCrypt/LegacySpeaker.dcs", - L"EFI/VeraCrypt/svh_bak", - L"EFI/Boot/original_bootia32.vc_backup" - }; zip_error_t zerr; zip_source_t* zsrc = zip_source_buffer_create (RescueZipData, RescueZipSize, 0, &zerr); @@ -4131,8 +4058,8 @@ namespace VeraCrypt && !wcsncmp (szNameBuffer, L"FAT", 3)) { int i; - const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files; - int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files); + const wchar_t** efiFiles = efi64Files; + int efiFilesSize = ARRAYSIZE(efi64Files); for (i = 0; i < efiFilesSize; i++) { bool bMatch = false; @@ -4285,25 +4212,12 @@ namespace VeraCrypt L"EFI/VeraCrypt/svh_bak", L"EFI/Boot/original_bootx64.vc_backup" }; - - const wchar_t* efi32Files[] = { - L"EFI/Boot/bootia32.efi", -#ifdef VC_EFI_CUSTOM_MODE - L"EFI/VeraCrypt/DcsBml.dcs", -#endif - L"EFI/VeraCrypt/DcsBoot.efi", - L"EFI/VeraCrypt/DcsCfg.dcs", - L"EFI/VeraCrypt/DcsInt.dcs", - L"EFI/VeraCrypt/LegacySpeaker.dcs", - L"EFI/VeraCrypt/svh_bak", - L"EFI/Boot/original_bootia32.vc_backup" - }; int i; zip_stat_t statMem, statFile; zip_int64_t indexMem, indexFile; - const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files; - int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files); + const wchar_t** efiFiles = efi64Files; + int efiFilesSize = ARRAYSIZE(efi64Files); for (i = 0; i < efiFilesSize; i++) { bool bMatch = false; @@ -4396,14 +4310,14 @@ namespace VeraCrypt if (!IsRandomNumberGeneratorStarted()) throw ParameterIncorrect (SRC_POS); - throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, (char *) VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo, + throw_sys_if (CreateVolumeHeaderInMemory (ParentWindow, TRUE, VolumeHeader, ea, mode, password, pkcs5, pim, NULL, &cryptoInfo, volumeSize, 0, encryptedAreaStart, 0, TC_SYSENC_KEYSCOPE_MIN_REQ_PROG_VERSION, TC_HEADER_FLAG_ENCRYPTED_SYSTEM, TC_SECTOR_SIZE_BIOS, FALSE) != 0); finally_do_arg (PCRYPTO_INFO*, &cryptoInfo, { crypto_close (*finally_arg); }); // Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize) memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader)); - if (0 != ReadVolumeHeader (TRUE, (char *) RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo)) + if (0 != ReadVolumeHeader (TRUE, RescueVolumeHeader, password, pkcs5, pim, NULL, cryptoInfo)) throw ParameterIncorrect (SRC_POS); DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo); @@ -4578,10 +4492,7 @@ namespace VeraCrypt EfiBootInst.DeleteStartExec(); EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed - if (Is64BitOs()) - EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); - else - EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootia32.vc_backup", L"\\EFI\\Boot\\bootia32.efi", TRUE); + EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE); if (!EfiBootInst.RenameFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE)) { @@ -5405,7 +5316,7 @@ namespace VeraCrypt SystemDriveConfiguration config = GetSystemDriveConfiguration (); - char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; + unsigned char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; Device device (config.DevicePath); device.CheckOpened (SRC_POS); @@ -5435,7 +5346,7 @@ namespace VeraCrypt } device.SeekAt (headerOffset); - device.Read ((uint8 *) header, sizeof (header)); + device.Read (header, sizeof (header)); PCRYPTO_INFO cryptoInfo = NULL; |