VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorAlex <kavsrf@gmail.com>2016-08-09 22:08:47 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-15 01:09:12 +0200
commit246233c40262c5be2edfa916cf841dd4bce6598e (patch)
tree75f17aeeb2aca66ac1cda709311ae710ae3d10d3 /src/Common
parent58cff70724e9d90902a33b0718ccbe8ee4c7b329 (diff)
downloadVeraCrypt-246233c40262c5be2edfa916cf841dd4bce6598e.tar.gz
VeraCrypt-246233c40262c5be2edfa916cf841dd4bce6598e.zip
Windows EFI Bootloader: modifications to prepare EFI system encryption support (common files with DcsBoot)
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Common.rc10
-rw-r--r--src/Common/Crypto.c86
-rw-r--r--src/Common/Crypto.h24
-rw-r--r--src/Common/Endian.h14
-rw-r--r--src/Common/Password.h16
-rw-r--r--src/Common/Pkcs5.c59
-rw-r--r--src/Common/Resource.h8
-rw-r--r--src/Common/Tcdefs.h91
-rw-r--r--src/Common/Volumes.c58
-rw-r--r--src/Common/Volumes.h22
-rw-r--r--src/Common/Xml.c18
-rw-r--r--src/Common/Xml.h13
12 files changed, 279 insertions, 140 deletions
diff --git a/src/Common/Common.rc b/src/Common/Common.rc
index c87dcb75..d082dc3e 100644
--- a/src/Common/Common.rc
+++ b/src/Common/Common.rc
@@ -532,6 +532,10 @@ IDR_RESCUE_LOADER_AES_SHA2 BIN "..\\Boot\\Windows\\Rescue_AE
IDR_RESCUE_LOADER_SERPENT_SHA2 BIN "..\\Boot\\Windows\\Rescue_Serpent_SHA2\\BootLoader.com.gz"
IDR_RESCUE_LOADER_TWOFISH_SHA2 BIN "..\\Boot\\Windows\\Rescue_Twofish_SHA2\\BootLoader.com.gz"
IDR_RESCUE_LOADER_CAMELLIA_SHA2 BIN "..\\Boot\\Windows\\Rescue_Camellia_SHA2\\BootLoader.com.gz"
+IDR_EFI_DCSBOOT BIN "..\\Boot\\EFI\\DcsBoot.efi"
+IDR_EFI_DCSINT BIN "..\\Boot\\EFI\\DcsInt.efi"
+IDR_EFI_DCSCFG BIN "..\\Boot\\EFI\\DcsCfg.efi"
+IDR_EFI_LEGACYSPEAKER BIN "..\\Boot\\EFI\\LegacySpeaker.efi"
/////////////////////////////////////////////////////////////////////////////
//
@@ -560,18 +564,18 @@ IDR_LICENSE TEXT "..\\Resources\\Texts\\License.r
// TEXTINCLUDE
//
-1 TEXTINCLUDE
+1 TEXTINCLUDE
BEGIN
"resource.h\0"
END
-2 TEXTINCLUDE
+2 TEXTINCLUDE
BEGIN
"#include ""afxres.h""\r\n"
"\0"
END
-3 TEXTINCLUDE
+3 TEXTINCLUDE
BEGIN
"\r\n"
"\0"
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 69d5b5dc..e9a3da68 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -16,10 +16,12 @@
#include "Xts.h"
#include "Crc.h"
#include "Common/Endian.h"
+#if !defined(_UEFI)
#include <string.h>
#ifndef TC_WINDOWS_BOOT
#include "EncryptionThreadPool.h"
#endif
+#endif
#include "Volumes.h"
#include "cpu.h"
@@ -71,21 +73,21 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
#ifndef TC_WINDOWS_BOOT
- { { 0, 0 }, { 0, 0}, 0 }, // Must be all-zero
- { { AES, 0 }, { XTS, 0 }, 1 },
- { { SERPENT, 0 }, { XTS, 0 }, 1 },
- { { TWOFISH, 0 }, { XTS, 0 }, 1 },
- { { CAMELLIA, 0 }, { XTS, 0 }, 1 },
+ { { 0, 0 }, { 0, 0}, 0 }, // Must be all-zero
+ { { AES, 0 }, { XTS, 0 }, 1 },
+ { { SERPENT, 0 }, { XTS, 0 }, 1 },
+ { { TWOFISH, 0 }, { XTS, 0 }, 1 },
+ { { CAMELLIA, 0 }, { XTS, 0 }, 1 },
#if defined(CIPHER_GOST89)
- { { GOST89, 0 }, { XTS, 0 }, 1 },
+ { { GOST89, 0 }, { XTS, 0 }, 1 },
#endif // defined(CIPHER_GOST89)
{ { KUZNYECHIK, 0 }, { XTS, 0 }, 1 },
- { { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
+ { { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1 },
- { { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
+ { { AES, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },
{ { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },
- { { 0, 0 }, { 0, 0}, 0 } // Must be all-zero
+ { { 0, 0 }, { 0, 0}, 0 } // Must be all-zero
#else // TC_WINDOWS_BOOT
@@ -109,11 +111,11 @@ static EncryptionAlgorithm EncryptionAlgorithms[] =
#ifndef TC_WINDOWS_BOOT
// Hash algorithms
static Hash Hashes[] =
-{ // ID Name Deprecated System Encryption
- { SHA512, L"SHA-512", FALSE, FALSE },
- { WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
- { SHA256, L"SHA-256", FALSE, TRUE },
- { RIPEMD160, L"RIPEMD-160", TRUE, TRUE },
+{ // ID Name Deprecated System Encryption
+ { SHA512, L"SHA-512", FALSE, FALSE },
+ { WHIRLPOOL, L"Whirlpool", FALSE, FALSE },
+ { SHA256, L"SHA-256", FALSE, TRUE },
+ { RIPEMD160, L"RIPEMD-160", TRUE, TRUE },
{ STREEBOG, L"Streebog", FALSE, FALSE },
{ 0, 0, 0 }
};
@@ -142,11 +144,11 @@ int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)
case SERPENT:
serpent_set_key (key, ks);
break;
-
+
case TWOFISH:
twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key);
break;
-
+
#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_CAMELLIA)
case CAMELLIA:
camellia_set_key (key, ks);
@@ -176,7 +178,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
{
switch (cipher)
{
- case AES:
+ case AES:
// In 32-bit kernel mode, due to KeSaveFloatingPointState() overhead, AES instructions can be used only when processing the whole data unit.
#if (defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)) && !defined (TC_WINDOWS_BOOT)
if (IsAesHwCpuSupported())
@@ -456,11 +458,11 @@ BOOL EAInitMode (PCRYPTO_INFO ci)
/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit
on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB
mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have
- to create approximately 11,378,125,361,078,862 (about eleven quadrillion) TrueCrypt volumes (provided
+ to create approximately 11,378,125,361,078,862 (about eleven quadrillion) TrueCrypt volumes (provided
that the size of each of the volumes is 1024 terabytes). */
break;
- default:
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -507,8 +509,12 @@ int EAGetByName (wchar_t *name)
do
{
- EAGetName (n, ea, 1);
- if (_wcsicmp (n, name) == 0)
+ EAGetName(n, ea, 1);
+#if defined(_UEFI)
+ if (wcscmp(n, name) == 0)
+#else
+ if (_wcsicmp(n, name) == 0)
+#endif
return ea;
}
while (ea = EAGetNext (ea));
@@ -545,7 +551,7 @@ int EAGetNextMode (int ea, int previousModeId)
int c, i = 0;
while (c = EncryptionAlgorithms[ea].Modes[i++])
{
- if (c == previousModeId)
+ if (c == previousModeId)
return EncryptionAlgorithms[ea].Modes[i];
}
@@ -648,7 +654,7 @@ int EAGetNextCipher (int ea, int previousCipherId)
int c, i = 0;
while (c = EncryptionAlgorithms[ea].Ciphers[i++])
{
- if (c == previousCipherId)
+ if (c == previousCipherId)
return EncryptionAlgorithms[ea].Ciphers[i];
}
@@ -665,7 +671,7 @@ int EAGetPreviousCipher (int ea, int previousCipherId)
while (c = EncryptionAlgorithms[ea].Ciphers[i++])
{
- if (c == previousCipherId)
+ if (c == previousCipherId)
return EncryptionAlgorithms[ea].Ciphers[i - 2];
}
@@ -777,7 +783,7 @@ PCRYPTO_INFO crypto_open ()
memset (cryptoInfo, 0, sizeof (CRYPTO_INFO));
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualLock (cryptoInfo, sizeof (CRYPTO_INFO));
#endif
@@ -812,7 +818,7 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
if (cryptoInfo != NULL)
{
burn (cryptoInfo, sizeof (CRYPTO_INFO));
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualUnlock (cryptoInfo, sizeof (CRYPTO_INFO));
#endif
TCfree (cryptoInfo);
@@ -834,7 +840,7 @@ void crypto_close (PCRYPTO_INFO cryptoInfo)
// EncryptBuffer
//
// buf: data to be encrypted; the start of the buffer is assumed to be aligned with the start of a data unit.
-// len: number of bytes to encrypt; must be divisible by the block size (for cascaded ciphers, divisible
+// len: number of bytes to encrypt; must be divisible by the block size (for cascaded ciphers, divisible
// by the largest block size used within the cascade)
void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)
{
@@ -865,7 +871,7 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
}
break;
- default:
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -876,7 +882,7 @@ void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
// unitNo: sequential number of the data unit with which the buffer starts
// nbrUnits: number of data units in the buffer
void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)
-#ifndef TC_WINDOWS_BOOT
+#if !defined(TC_WINDOWS_BOOT) && !defined(_UEFI)
{
EncryptionThreadPoolDoWork (EncryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);
}
@@ -907,7 +913,7 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
}
break;
- default:
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -916,7 +922,7 @@ void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
// DecryptBuffer
//
// buf: data to be decrypted; the start of the buffer is assumed to be aligned with the start of a data unit.
-// len: number of bytes to decrypt; must be divisible by the block size (for cascaded ciphers, divisible
+// len: number of bytes to decrypt; must be divisible by the block size (for cascaded ciphers, divisible
// by the largest block size used within the cascade)
void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)
{
@@ -947,7 +953,7 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
}
break;
- default:
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -957,7 +963,7 @@ void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_
// unitNo: sequential number of the data unit with which the buffer starts
// nbrUnits: number of data units in the buffer
void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)
-#ifndef TC_WINDOWS_BOOT
+#if !defined(TC_WINDOWS_BOOT) && !defined(_UEFI)
{
EncryptionThreadPoolDoWork (DecryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);
}
@@ -992,7 +998,7 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
}
break;
- default:
+ default:
// Unknown/wrong ID
TC_THROW_FATAL_EXCEPTION;
}
@@ -1012,7 +1018,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
if (IsAesHwCpuSupported())
aes_hw_cpu_encrypt ((byte *) ks, data);
else
- aes_encrypt (data, data, ks);
+ aes_encrypt (data, data, ks);
#elif defined (TC_WINDOWS_BOOT_SERPENT)
serpent_encrypt (data, data, ks);
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
@@ -1028,7 +1034,7 @@ void DecipherBlock(int cipher, void *data, void *ks)
if (IsAesHwCpuSupported())
aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx) + 14 * 16, data);
else
- aes_decrypt (data, data, (aes_decrypt_ctx *) ((byte *) ks + sizeof(aes_encrypt_ctx)));
+ aes_decrypt (data, data, (aes_decrypt_ctx *) ((byte *) ks + sizeof(aes_encrypt_ctx)));
#elif defined (TC_WINDOWS_BOOT_SERPENT)
serpent_decrypt (data, data, ks);
#elif defined (TC_WINDOWS_BOOT_TWOFISH)
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index abcdfa5b..c4bc4fa9 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -45,9 +45,9 @@ extern "C" {
#define MASTER_KEYDATA_SIZE 256
// The first PRF to try when mounting
-#define FIRST_PRF_ID 1
+#define FIRST_PRF_ID 1
-// Hash algorithms (pseudorandom functions).
+// Hash algorithms (pseudorandom functions).
enum
{
SHA512 = FIRST_PRF_ID,
@@ -59,7 +59,7 @@ enum
};
// The last PRF to try when mounting and also the number of implemented PRFs
-#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
+#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)
#define RIPEMD160_BLOCKSIZE 64
#define RIPEMD160_DIGESTSIZE 20
@@ -109,7 +109,7 @@ enum
{
NONE = 0,
AES,
- SERPENT,
+ SERPENT,
TWOFISH,
CAMELLIA,
GOST89,
@@ -238,12 +238,12 @@ typedef struct CRYPTO_INFO_t
#ifndef TC_WINDOWS_BOOT
uint16 HeaderVersion;
- GfCtx gf_ctx;
+ GfCtx gf_ctx;
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 master_keydata[MASTER_KEYDATA_SIZE]; /* This holds the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */
CRYPTOPP_ALIGN_DATA(16) unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */
unsigned __int8 salt[PKCS5_SALT_SIZE];
- int noIterations;
+ int noIterations;
BOOL bTrueCryptMode;
int volumePim;
@@ -252,7 +252,7 @@ typedef struct CRYPTO_INFO_t
BOOL bProtectHiddenVolume; // Indicates whether the volume contains a hidden volume to be protected against overwriting
BOOL bHiddenVolProtectionAction; // TRUE if a write operation has been denied by the driver in order to prevent the hidden volume from being overwritten (set to FALSE upon volume mount).
-
+
uint64 volDataAreaOffset; // Absolute position, in bytes, of the first data sector of the volume.
uint64 hiddenVolumeSize; // Size of the hidden volume excluding the header (in bytes). Set to 0 for standard volumes.
@@ -279,7 +279,7 @@ typedef struct CRYPTO_INFO_t
} CRYPTO_INFO, *PCRYPTO_INFO;
-#ifdef _WIN32
+#if defined(_WIN32) || defined(_UEFI)
#pragma pack (push)
#pragma pack(1)
diff --git a/src/Common/Endian.h b/src/Common/Endian.h
index 00fed048..fd4c901c 100644
--- a/src/Common/Endian.h
+++ b/src/Common/Endian.h
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -21,7 +21,7 @@ extern "C"
{
#endif
-#ifdef _WIN32
+#if defined(_WIN32) || defined(_UEFI)
# ifndef LITTLE_ENDIAN
# define LITTLE_ENDIAN 1234
@@ -110,7 +110,7 @@ extern "C"
( ( unsigned __int32 ) memPtr[ -2 ] << 8 ) | ( unsigned __int32 ) memPtr[ -1 ] )
#define mgetWord(memPtr) \
- ( memPtr += 2, ((( unsigned short ) memPtr[ -2 ] << 8 ) | ( ( unsigned short ) memPtr[ -1 ] )) )
+ ( memPtr += 2, ((( unsigned short ) memPtr[ -2 ] << 8 ) | ( ( unsigned short ) memPtr[ -1 ] )) )
#define mgetByte(memPtr) \
( ( unsigned char ) *memPtr++ )
@@ -139,7 +139,7 @@ unsigned __int16 MirrorBytes16 (unsigned __int16 x);
unsigned __int32 MirrorBytes32 (unsigned __int32 x);
#ifndef TC_NO_COMPILER_INT64
uint64 MirrorBytes64 (uint64 x);
-#endif
+#endif
void LongReverse ( unsigned __int32 *buffer , unsigned byteCount );
#if defined(__cplusplus)
diff --git a/src/Common/Password.h b/src/Common/Password.h
index 8818804e..9ef2f035 100644
--- a/src/Common/Password.h
+++ b/src/Common/Password.h
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -36,14 +36,14 @@ typedef struct
char Pad[3]; // keep 64-bit alignment
} Password;
-#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
+#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );
-BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning);
-BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
+BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim, BOOL bForBoot, BOOL bSkipPasswordWarning, BOOL bSkipPimWarning);
+BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);
int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg);
-#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)
+#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER) && !defined(_UEFI)
#ifdef __cplusplus
}
diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c
index 2ce475ef..3dbfd322 100644
--- a/src/Common/Pkcs5.c
+++ b/src/Common/Pkcs5.c
@@ -1,20 +1,21 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages. */
#include "Tcdefs.h"
-
+#if !defined(_UEFI)
#include <memory.h>
#include <stdlib.h>
+#endif
#include "Rmd160.h"
#ifndef TC_WINDOWS_BOOT
#include "Sha2.h"
@@ -151,7 +152,7 @@ static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, u
char* k = hmac->k;
char* u = hmac->u;
uint32 c;
- int i;
+ int i;
#ifdef TC_WINDOWS_BOOT
/* In bootloader mode, least significant bit of iterations is a boolean (TRUE for boot derivation mode, FALSE otherwise)
@@ -170,7 +171,7 @@ static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, u
/* iteration 1 */
memcpy (k, salt, salt_len); /* salt */
-
+
/* big-endian block number */
memset (&k[salt_len], 0, 3);
k[salt_len + 3] = (char) b;
@@ -192,7 +193,7 @@ static void derive_u_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, u
void derive_key_sha256 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
-{
+{
hmac_sha256_ctx hmac;
sha256_ctx* ctx;
char* buf = hmac.k;
@@ -316,7 +317,7 @@ void hmac_sha512
char *k, /* secret key */
int lk, /* length of the key in bytes */
char *d, /* data and also output buffer of at least 64 bytes */
- int ld /* length of data in bytes */
+ int ld /* length of data in bytes */
)
{
hmac_sha512_ctx hmac;
@@ -522,7 +523,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
/* If the key is longer than the hash algorithm block size,
let key = ripemd160(key), as per HMAC specifications. */
- if (keylen > RIPEMD160_BLOCKSIZE)
+ if (keylen > RIPEMD160_BLOCKSIZE)
{
RMD160_CTX tctx;
@@ -534,14 +535,14 @@ void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
keylen = RIPEMD160_DIGESTSIZE;
burn (&tctx, sizeof(tctx)); // Prevent leaks
- }
+ }
/* perform inner RIPEMD-160 */
ctx = &(hmac.inner_digest_ctx);
/* start out by storing key in pads */
memset(k_pad, 0x36, 64);
/* XOR key with ipad and opad values */
- for (i=0; i<keylen; i++)
+ for (i=0; i<keylen; i++)
{
k_pad[i] ^= key[i];
}
@@ -552,7 +553,7 @@ void hmac_ripemd160 (char *key, int keylen, char *input_digest, int len)
/* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
memset(k_pad, 0x5c, 64);
- for (i=0; i<keylen; i++)
+ for (i=0; i<keylen; i++)
{
k_pad[i] ^= key[i];
}
@@ -592,7 +593,7 @@ static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len
/* iteration 1 */
memcpy (k, salt, salt_len); /* salt */
-
+
/* big-endian block number */
memset (&k[salt_len], 0, 3);
k[salt_len + 3] = (char) b;
@@ -613,7 +614,7 @@ static void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len
}
void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uint32 iterations, char *dk, int dklen)
-{
+{
int b, l, r;
hmac_ripemd160_ctx hmac;
RMD160_CTX* ctx;
@@ -622,7 +623,7 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uin
unsigned char tk[RIPEMD160_DIGESTSIZE];
/* If the password is longer than the hash algorithm block size,
let password = ripemd160(password), as per HMAC specifications. */
- if (pwd_len > RIPEMD160_BLOCKSIZE)
+ if (pwd_len > RIPEMD160_BLOCKSIZE)
{
RMD160_CTX tctx;
@@ -653,7 +654,7 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uin
/* start out by storing key in pads */
memset(k_pad, 0x36, 64);
/* XOR key with ipad and opad values */
- for (b=0; b<pwd_len; b++)
+ for (b=0; b<pwd_len; b++)
{
k_pad[b] ^= pwd[b];
}
@@ -664,7 +665,7 @@ void derive_key_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, uin
/* perform outer RIPEMD-160 */
ctx = &(hmac.outer_digest_ctx);
memset(k_pad, 0x5c, 64);
- for (b=0; b<pwd_len; b++)
+ for (b=0; b<pwd_len; b++)
{
k_pad[b] ^= pwd[b];
}
@@ -809,7 +810,7 @@ static void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len
/* iteration 1 */
memcpy (k, salt, salt_len); /* salt */
/* big-endian block number */
- memset (&k[salt_len], 0, 3);
+ memset (&k[salt_len], 0, 3);
k[salt_len + 3] = (char) b;
hmac_whirlpool_internal (pwd, pwd_len, k, salt_len + 4, hmac);
@@ -1132,22 +1133,22 @@ wchar_t *get_pkcs5_prf_name (int pkcs5_prf_id)
{
switch (pkcs5_prf_id)
{
- case SHA512:
+ case SHA512:
return L"HMAC-SHA-512";
- case SHA256:
+ case SHA256:
return L"HMAC-SHA-256";
- case RIPEMD160:
+ case RIPEMD160:
return L"HMAC-RIPEMD-160";
- case WHIRLPOOL:
+ case WHIRLPOOL:
return L"HMAC-Whirlpool";
case STREEBOG:
return L"HMAC-STREEBOG";
- default:
+ default:
return L"(Unknown)";
}
}
@@ -1166,7 +1167,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
switch (pkcs5_prf_id)
{
- case RIPEMD160:
+ case RIPEMD160:
if (truecryptMode)
return bBoot ? 1000 : 2000;
else if (pim == 0)
@@ -1176,10 +1177,10 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
return bBoot? pim * 2048 : 15000 + pim * 1000;
}
- case SHA512:
+ case SHA512:
return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000);
- case WHIRLPOOL:
+ case WHIRLPOOL:
return truecryptMode? 1000 : ((pim == 0)? 500000 : 15000 + pim * 1000);
case SHA256:
@@ -1192,7 +1193,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
return bBoot? pim * 2048 : 15000 + pim * 1000;
}
- case STREEBOG:
+ case STREEBOG:
if (truecryptMode)
return 1000;
else if (pim == 0)
@@ -1202,7 +1203,7 @@ int get_pkcs5_iteration_count (int pkcs5_prf_id, int pim, BOOL truecryptMode, BO
return bBoot? pim * 2048 : 15000 + pim * 1000;
}
- default:
+ default:
TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID
}
return 0;
diff --git a/src/Common/Resource.h b/src/Common/Resource.h
index 8f3c78e4..739732c9 100644
--- a/src/Common/Resource.h
+++ b/src/Common/Resource.h
@@ -67,6 +67,10 @@
#define IDR_BOOT_LOADER_CAMELLIA_SHA2 563
#define IDR_RESCUE_BOOT_SECTOR_CAMELLIA_SHA2 564
#define IDR_RESCUE_LOADER_CAMELLIA_SHA2 565
+#define IDR_EFI_DCSBOOT 566
+#define IDR_EFI_DCSINT 567
+#define IDR_EFI_DCSCFG 568
+#define IDR_EFI_LEGACYSPEAKER 569
#define IDC_HW_AES_LABEL_LINK 5000
#define IDC_HW_AES 5001
#define IDC_PARALLELIZATION_LABEL_LINK 5002
@@ -210,11 +214,11 @@
#define IDC_BENCHMARK_PREBOOT 5140
// Next default values for new objects
-//
+//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
-#define _APS_NEXT_RESOURCE_VALUE 566
+#define _APS_NEXT_RESOURCE_VALUE 570
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 5141
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 72d0e4ae..a58df2e3 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -14,6 +14,44 @@
#ifndef TCDEFS_H
#define TCDEFS_H
+#if defined(_UEFI)
+#undef _WIN32
+#undef _WIN64
+#undef _DEBUG
+
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+
+void* VeraCryptMemAlloc(IN UINTN size);
+void VeraCryptMemFree(IN VOID* ptr);
+
+#define BOOL int
+#ifndef FALSE
+#define FALSE 0
+#define TRUE 1
+#endif
+
+#define max(a,b) ((a)>(b))?(a):(b)
+#define min(a,b) ((a)<(b))?(a):(b)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+extern unsigned __int64 __cdecl _rotl64(unsigned __int64,int);
+extern unsigned __int64 __cdecl _rotr64(unsigned __int64,int);
+extern unsigned int __cdecl _rotl(unsigned int,int);
+extern unsigned int __cdecl _rotr(unsigned int,int);
+extern unsigned char _rotr8(unsigned char value, unsigned char shift);
+extern unsigned short _rotr16(unsigned short value, unsigned char shift);
+extern unsigned char _rotl8(unsigned char value, unsigned char shift);
+extern unsigned short _rotl16(unsigned short value, unsigned char shift);
+#ifdef __cplusplus
+}
+#endif
+
+#endif // defined(_UEFI)
+
#define TC_APP_NAME "VeraCrypt"
// Version displayed to user
@@ -55,6 +93,9 @@ typedef unsigned __int64 uint64;
#define LL(x) x##ui64
#endif
+#pragma warning( disable : 4201 ) // disable: 4201 nonstandard extension used : nameless struct/union
+#pragma warning( disable : 4324 ) // disable: 4324 structure was padded due to __declspec(align())
+
#else // !_MSC_VER
#include <inttypes.h>
@@ -123,6 +164,41 @@ typedef union
#define __has_builtin(x) 0 // Compatibility with non-clang compilers
#endif
+#if defined(_UEFI)
+typedef UINTN size_t;
+typedef uint64 uint_64t;
+typedef CHAR16 wchar_t;
+typedef int LONG;
+
+#define wcscpy StrCpy
+#define wcslen StrLen
+#define wcscmp StrCmp
+#define wcscat StrCat
+
+#define memcpy(dest,source,count) CopyMem(dest,source,(UINTN)(count))
+#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch))
+#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch)
+#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count)))
+
+#define MAX_STRING_SIZE 0x1000
+#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
+#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
+#define strcmp AsciiStrCmp
+#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
+#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
+#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
+#define strlen(str) (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE))
+#define strstr AsciiStrStr
+
+// #define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
+// #define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
+// #define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
+// #define rotl64(x,n) (((x) << n) | ((x) >> (64 - n)))
+// #define bswap_32(x) (rotl32((((x) & 0xFF00FF00) >> 8) | (((x) & 0x00FF00FF) << 8), 16U))
+// #define bswap_64(x) rotl64(((((((x & LL(0xFF00FF00FF00FF00)) >> 8) | ((x & LL(0x00FF00FF00FF00FF)) << 8)) & LL(0xFFFF0000FFFF0000)) >> 16) | (((((x & LL(0xFF00FF00FF00FF00)) >> 8) | ((x & LL(0x00FF00FF00FF00FF)) << 8)) & LL(0x0000FFFF0000FFFF)) << 16)), 32U)
+
+#endif
+
#ifdef TC_WINDOWS_BOOT
# ifdef __cplusplus
@@ -133,6 +209,9 @@ void ThrowFatalException (int line);
# define TC_THROW_FATAL_EXCEPTION ThrowFatalException (__LINE__)
#elif defined (TC_WINDOWS_DRIVER)
# define TC_THROW_FATAL_EXCEPTION KeBugCheckEx (SECURITY_SYSTEM, __LINE__, 0, 0, 'VC')
+#elif defined(_UEFI)
+void ThrowFatalException(int line);
+# define TC_THROW_FATAL_EXCEPTION ThrowFatalException (__LINE__)
#elif (defined(__clang__) && __has_builtin(__builtin_trap)) \
|| (defined(__GNUC__ ) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 3))) \
|| (__has_builtin(__builtin_trap))
@@ -170,9 +249,13 @@ typedef int BOOL;
#endif
#else /* !TC_WINDOWS_DRIVER */
-
+#if !defined(_UEFI)
#define TCalloc malloc
#define TCfree free
+#else
+#define TCalloc VeraCryptMemAlloc
+#define TCfree VeraCryptMemFree
+#endif //!defined(_UEFI)
#ifdef _WIN32
@@ -217,6 +300,8 @@ typedef int BOOL;
# define trace_msg Dump
# elif defined (_WIN32)
# define trace_msg(...) do { char msg[2048]; StringCbPrintfA (msg, sizeof (msg), __VA_ARGS__); OutputDebugString (msg); } while (0)
+# else
+# define trace_msg(...)
# endif
# define trace_point trace_msg (__FUNCTION__ ":" TC_TO_STRING(__LINE__) "\n")
# else
@@ -233,7 +318,7 @@ typedef int BOOL;
# define TC_WAIT_EVENT(EVENT) WaitForSingleObject (EVENT, INFINITE)
#endif
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
#define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); size_t burnc = size; RtlSecureZeroMemory (mem, size); while (burnc--) *burnm++ = 0; } while (0)
#else
#define burn(mem,size) do { volatile char *burnm = (volatile char *)(mem); int burnc = size; while (burnc--) *burnm++ = 0; } while (0)
@@ -251,7 +336,7 @@ typedef int BOOL;
# define max(a,b) (((a) > (b)) ? (a) : (b))
# endif
-# ifdef __cplusplus
+# if defined(__cplusplus) && !defined(_UEFI)
extern "C"
# endif
void EraseMemory (void *memory, int size);
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 21b34f6d..35ba5bd2 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -12,8 +12,8 @@
code distribution packages. */
#include "Tcdefs.h"
-
-#ifndef TC_WINDOWS_BOOT
+#if !defined(_UEFI)
+#if !defined(TC_WINDOWS_BOOT)
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -28,6 +28,7 @@
#ifndef DEVICE_DRIVER
#include "Random.h"
#endif
+#endif // !defined(_UEFI)
#include "Crc.h"
#include "Crypto.h"
@@ -35,7 +36,7 @@
#include "Volumes.h"
#include "Pkcs5.h"
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
#include <Strsafe.h>
#include "../Boot/Windows/BootCommon.h"
#endif
@@ -176,16 +177,17 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
uint16 headerVersion;
int status = ERR_PARAMETER_INCORRECT;
int primaryKeyOffset;
-
+ int pkcs5PrfCount = LAST_PRF_ID - FIRST_PRF_ID + 1;
+#if !defined(_UEFI)
TC_EVENT keyDerivationCompletedEvent;
TC_EVENT noOutstandingWorkItemEvent;
KeyDerivationWorkItem *keyDerivationWorkItems;
KeyDerivationWorkItem *item;
- int pkcs5PrfCount = LAST_PRF_ID - FIRST_PRF_ID + 1;
size_t encryptionThreadCount = GetEncryptionThreadCount();
- size_t queuedWorkItems = 0;
LONG outstandingWorkItemCount = 0;
int i;
+#endif
+ size_t queuedWorkItems = 0;
// if no PIM specified, use default value
if (pim < 0)
@@ -212,7 +214,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
if (cryptoInfo == NULL)
return ERR_OUTOFMEMORY;
}
-
+#if !defined(_UEFI)
/* use thread pool only if no PRF was specified */
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
{
@@ -244,10 +246,11 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
#endif
}
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER)
VirtualLock (&keyInfo, sizeof (keyInfo));
VirtualLock (&dk, sizeof (dk));
#endif
+#endif // !defined(_UEFI)
crypto_loadkey (&keyInfo, password->Text, (int) password->Length);
@@ -264,7 +267,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
// skip SHA-256 in case of TrueCrypt mode
if (truecryptMode && (enqPkcs5Prf == SHA256))
continue;
-
+#if !defined(_UEFI)
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
{
// Enqueue key derivation on thread pool
@@ -319,6 +322,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
KeyReady: ;
}
else
+#endif // !defined(_UEFI)
{
pkcs5_prf = enqPkcs5Prf;
keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, pim, truecryptMode, bBoot);
@@ -568,11 +572,12 @@ ret:
burn (&keyInfo, sizeof (keyInfo));
burn (dk, sizeof(dk));
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER) && !defined(_UEFI)
VirtualUnlock (&keyInfo, sizeof (keyInfo));
VirtualUnlock (&dk, sizeof (dk));
#endif
+#if !defined(_UEFI)
if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))
{
TC_WAIT_EVENT (noOutstandingWorkItemEvent);
@@ -580,16 +585,16 @@ ret:
burn (keyDerivationWorkItems, sizeof (KeyDerivationWorkItem) * pkcs5PrfCount);
TCfree (keyDerivationWorkItems);
-#ifndef DEVICE_DRIVER
+#if !defined(DEVICE_DRIVER)
CloseHandle (keyDerivationCompletedEvent);
CloseHandle (noOutstandingWorkItemEvent);
#endif
}
-
+#endif
return status;
}
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint)
{
// compute Whirlpool+SHA512 fingerprint of bootloader including MBR
@@ -805,10 +810,17 @@ ret:
#endif
// Creates a volume header in memory
+#if defined(_UEFI)
+int CreateVolumeHeaderInMemory(BOOL bBoot, char *header, int ea, int mode, Password *password,
+ int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
+ unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
+ unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
+#else
int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea, int mode, Password *password,
int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo,
unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize,
unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode)
+#endif // !defined(_UEFI)
{
unsigned char *p = (unsigned char *) header;
static CRYPTOPP_ALIGN_DATA(16) KEY_INFO keyInfo;
@@ -828,9 +840,10 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
pim = 0;
memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
-
+#if !defined(_UEFI)
VirtualLock (&keyInfo, sizeof (keyInfo));
VirtualLock (&dk, sizeof (dk));
+#endif // !defined(_UEFI)
/* Encryption setup */
@@ -847,7 +860,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
bytesNeeded = EAGetKeySize (ea) * 2; // Size of primary + secondary key(s)
}
+#if !defined(_UEFI)
if (!RandgetBytes (hwndDlg, keyInfo.master_keydata, bytesNeeded, TRUE))
+#else
+ if (!RandgetBytes(keyInfo.master_keydata, bytesNeeded, TRUE))
+#endif
{
crypto_close (cryptoInfo);
return ERR_CIPHER_INIT_WEAK_KEY;
@@ -885,7 +902,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
cryptoInfo->mode = mode;
// Salt for header key derivation
- if (!RandgetBytes (hwndDlg, keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#if !defined(_UEFI)
+ if (!RandgetBytes(hwndDlg, keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#else
+ if (!RandgetBytes(keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))
+#endif
{
crypto_close (cryptoInfo);
return ERR_CIPHER_INIT_WEAK_KEY;
@@ -930,7 +951,11 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
else
{
// generate a random key
+#if !defined(_UEFI)
if (!RandgetBytes(hwndDlg, dk, GetMaxPkcs5OutSize(), !bWipeMode))
+#else
+ if (!RandgetBytes(dk, GetMaxPkcs5OutSize(), !bWipeMode))
+#endif
{
crypto_close (cryptoInfo);
return ERR_CIPHER_INIT_WEAK_KEY;
@@ -1111,7 +1136,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
return 0;
}
-
+#if !defined(_UEFI)
BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead)
{
#if TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE
@@ -1324,4 +1349,5 @@ final_seq:
return nStatus;
}
+#endif // !defined(_UEFI)
#endif // !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)
diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h
index fdd1444f..3fe3a450 100644
--- a/src/Common/Volumes.h
+++ b/src/Common/Volumes.h
@@ -1,11 +1,11 @@
/*
Legal Notice: Some portions of the source code contained in this file were
- derived from the source code of TrueCrypt 7.1a, which is
- Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
+ derived from the source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2003-2012 TrueCrypt Developers Association and which is
governed by the TrueCrypt License 3.0, also from the source code of
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
- and which is governed by the 'License Agreement for Encryption for the Masses'
- Modifications and additions to the original source code (contained in this file)
+ and which is governed by the 'License Agreement for Encryption for the Masses'
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -19,7 +19,7 @@ extern "C" {
#endif
// Volume header version
-#define VOLUME_HEADER_VERSION 0x0005
+#define VOLUME_HEADER_VERSION 0x0005
// Version number written to volume header during format;
// specifies the minimum program version required to mount the volume
@@ -101,7 +101,7 @@ extern "C" {
#define HEADER_SALT_OFFSET 0
#define HEADER_ENCRYPTED_DATA_OFFSET PKCS5_SALT_SIZE
#define HEADER_MASTER_KEYDATA_OFFSET 256
-
+
#define TC_HEADER_OFFSET_MAGIC 64
#define TC_HEADER_OFFSET_VERSION 68
#define TC_HEADER_OFFSET_REQUIRED_VERSION 70
@@ -130,16 +130,20 @@ extern BOOL ReadVolumeHeaderRecoveryMode;
uint16 GetHeaderField16 (byte *header, int offset);
uint32 GetHeaderField32 (byte *header, int offset);
UINT64_STRUCT GetHeaderField64 (byte *header, int offset);
-#ifdef TC_WINDOWS_BOOT
+#if defined(TC_WINDOWS_BOOT)
int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+#elif defined(_UEFI)
+int ReadVolumeHeader(BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
+int CreateVolumeHeaderInMemory(BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
+BOOL RandgetBytes(unsigned char *buf, int len, BOOL forceSlowPoll);
#else
int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);
-#ifdef _WIN32
+#if defined(_WIN32) && !defined(_UEFI)
void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint);
#endif
#endif
-#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)
+#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) && !defined(_UEFI)
int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);
BOOL ReadEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header, DWORD *bytesRead);
BOOL WriteEffectiveVolumeHeader (BOOL device, HANDLE fileHandle, byte *header);
diff --git a/src/Common/Xml.c b/src/Common/Xml.c
index 6e6f8724..6abbed6d 100644
--- a/src/Common/Xml.c
+++ b/src/Common/Xml.c
@@ -9,9 +9,13 @@
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
-
+#if !defined(_UEFI)
#include <windows.h>
#include <stdio.h>
+#else
+#include "Tcdefs.h"
+#pragma warning( disable : 4706 ) // assignment within conditional expression
+#endif
#include "Xml.h"
@@ -59,7 +63,7 @@ char *XmlFindElement (char *xmlNode, char *nodeName)
}
-char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName, char *attrValue)
+char *XmlFindElementByAttributeValue (char *xml, char *nodeName, const char *attrName, const char *attrValue)
{
char attr[2048];
@@ -76,7 +80,7 @@ char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName,
}
-char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize)
+char *XmlGetAttributeText (char *xmlNode, const char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize)
{
char *t = xmlNode;
char *e = xmlNode;
@@ -105,7 +109,7 @@ char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue,
if (t == NULL || t > e) return NULL;
- t = strchr (t, '"') + 1;
+ t = ((char*)strchr (t, '"')) + 1;
e = strchr (t, '"');
l = (int)(e - t);
if (e == NULL || l > xmlAttrValueSize) return NULL;
@@ -128,7 +132,7 @@ char *XmlGetNodeText (char *xmlNode, char *xmlText, int xmlTextSize)
if (t[0] != '<')
return NULL;
- t = strchr (t, '>');
+ t = (char*) strchr (t, '>');
if (t == NULL) return NULL;
t++;
@@ -256,7 +260,8 @@ wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMax
return textDst;
}
-
+#if !defined(_UEFI)
+#pragma warning( default : 4706 )
int XmlWriteHeader (FILE *file)
{
return fputws (L"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<VeraCrypt>", file);
@@ -267,3 +272,4 @@ int XmlWriteFooter (FILE *file)
{
return fputws (L"\n</VeraCrypt>", file);
}
+#endif !defined(_UEFI)
diff --git a/src/Common/Xml.h b/src/Common/Xml.h
index 3dfb58e1..ceae2bf1 100644
--- a/src/Common/Xml.h
+++ b/src/Common/Xml.h
@@ -3,7 +3,7 @@
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
- Modifications and additions to the original source code (contained in this file)
+ Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
@@ -16,14 +16,17 @@ extern "C" {
char *XmlNextNode (char *xmlNode);
char *XmlFindElement (char *xmlNode, char *nodeName);
-char *XmlGetAttributeText (char *xmlNode, char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize);
+char *XmlGetAttributeText (char *xmlNode, const char *xmlAttrName, char *xmlAttrValue, int xmlAttrValueSize);
char *XmlGetNodeText (char *xmlNode, char *xmlText, int xmlTextSize);
-int XmlWriteHeader (FILE *file);
-int XmlWriteFooter (FILE *file);
-char *XmlFindElementByAttributeValue (char *xml, char *nodeName, char *attrName, char *attrValue);
+char *XmlFindElementByAttributeValue (char *xml, char *nodeName, const char *attrName, const char *attrValue);
char *XmlQuoteText (const char *textSrc, char *textDst, int textDstMaxSize);
wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMaxSize);
+#if !defined(_UEFI)
+int XmlWriteHeader (FILE *file);
+int XmlWriteFooter (FILE *file);
+#endif !defined(_UEFI)
+
#ifdef __cplusplus
}
#endif