VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2021-12-04 23:55:41 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2021-12-04 23:59:01 +0100
commita21b2270e8db93d231fa0a3d60776043c9a0f9bc (patch)
treed3de97cc58b1dd4c6b1d62932a6fc5901d1f1226 /src/Common
parent0bc3e36f76d8dad33e91cd324bb170c008b26e65 (diff)
downloadVeraCrypt-a21b2270e8db93d231fa0a3d60776043c9a0f9bc.tar.gz
VeraCrypt-a21b2270e8db93d231fa0a3d60776043c9a0f9bc.zip
Windows: Implement TESTSIGNING build configuration that allows running under Windows Vista,7, 8 and 8.1.
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/BootEncryption.cpp6
-rw-r--r--src/Common/BootEncryption.h10
-rw-r--r--src/Common/Dlgcode.c54
-rw-r--r--src/Common/Dlgcode.h24
-rw-r--r--src/Common/Tcdefs.h2
5 files changed, 80 insertions, 16 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index c8fc90bf..c3ce07ab 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -2218,7 +2218,6 @@ namespace VeraCrypt
#endif // !SETUP
- NtQuerySystemInformationFn NtQuerySystemInformationPtr = NULL;
EfiBootConf::EfiBootConf() : passwordType (0),
passwordMsg ("Password: "),
@@ -2510,14 +2509,13 @@ namespace VeraCrypt
ULONG len;
NTSTATUS res;
WCHAR tempBuf[1024];
+ NtQuerySystemInformationFn NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
memset(tempBuf, 0, sizeof(tempBuf));
// Load NtQuerySystemInformation function point
if (!NtQuerySystemInformationPtr)
{
- NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
- if (!NtQuerySystemInformationPtr)
- throw SystemException (SRC_POS);
+ throw SystemException (SRC_POS);
}
res = NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS)SYSPARTITIONINFORMATION, tempBuf, sizeof(tempBuf), &len);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h
index decacb8b..7f5c3b16 100644
--- a/src/Common/BootEncryption.h
+++ b/src/Common/BootEncryption.h
@@ -18,16 +18,6 @@
#include "Exception.h"
#include "Platform/PlatformBase.h"
#include "Volumes.h"
-#include <Winternl.h>
-
-#define SYSPARTITIONINFORMATION 0x62
-
-typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
- SYSTEM_INFORMATION_CLASS SystemInformationClass,
- PVOID SystemInformation,
- ULONG SystemInformationLength,
- PULONG ReturnLength
-);
typedef ULONG (WINAPI *RtlNtStatusToDosErrorFn)(
NTSTATUS Status
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 6462e319..049dc288 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -166,6 +166,8 @@ BOOL bHistory = FALSE;
#ifndef SETUP
BOOL bLanguageSetInSetup = FALSE;
+#else
+extern BOOL bMakePackage;
#endif
// Status of detection of hidden sectors (whole-system-drive encryption).
@@ -3259,12 +3261,36 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
RemoteSession = GetSystemMetrics (SM_REMOTESESSION) != 0;
+#ifndef VC_SKIP_OS_DRIVER_REQ_CHECK
// OS version check: from version 1.25, only Windows XP, Windows 10 and Windows 11 are supported because of new driver signing requirements
if (!(IsOSVersionAtLeast(WIN_10, 0) || (nCurrentOS == WIN_XP) || (nCurrentOS == WIN_XP64)))
{
MessageBoxW (NULL, GetString ("UNSUPPORTED_OS"), lpszTitle, MB_ICONSTOP);
exit (1);
}
+#else
+ // in TESTSIGNING mode, we support only Windows Vista, Windows 7, Windows 8/8.1
+ if ( !IsOSVersionAtLeast(WIN_VISTA, 0)
+#ifndef SETUP
+ || IsOSVersionAtLeast(WIN_10, 0)
+#else
+ || (IsOSVersionAtLeast(WIN_10, 0) && !bMakePackage)
+#endif
+ )
+ {
+ MessageBoxW (NULL, L"TESTSIGNING version of VeraCrypt targets only Windows Vista, Windows 7 and Windows 8/8.1.\n\nPlease use the standard version of VeraCrypt instead.", lpszTitle, MB_ICONSTOP);
+ exit (1);
+ }
+ else if ( !IsTestSigningModeEnabled()
+#ifdef SETUP
+ && !bMakePackage
+#endif
+ )
+ {
+ MessageBoxW (NULL, L"Test-Signing Mode, which is required to run VeraCrypt TESTSIGNING binaries, is not enabled in Windows.\n\nExecution aborted!", lpszTitle, MB_ICONSTOP);
+ exit (1);
+ }
+#endif
else
{
// Service pack check & warnings about critical MS issues
@@ -14035,7 +14061,7 @@ INT_PTR SecureDesktopDialogBoxParam(
#endif
-#ifdef NDEBUG
+#if !defined(NDEBUG) && !defined(VC_SKIP_OS_DRIVER_REQ_CHECK)
static BOOL InitializeWintrust()
{
if (!hWinTrustLib)
@@ -14086,7 +14112,7 @@ static void FinalizeWintrust()
BOOL VerifyModuleSignature (const wchar_t* path)
{
-#ifdef NDEBUG
+#if !defined(NDEBUG) && !defined (VC_SKIP_OS_DRIVER_REQ_CHECK)
BOOL bResult = FALSE;
HRESULT hResult;
GUID gActionID = WINTRUST_ACTION_GENERIC_VERIFY_V2;
@@ -15233,3 +15259,27 @@ BOOL GetHibernateStatus (BOOL& bHibernateEnabled, BOOL& bHiberbootEnabled)
return bResult;
}
+/* return TRUE if Windows is in Test Signing mode */
+/* ref: https://social.msdn.microsoft.com/Forums/Windowsapps/en-US/e6c1be93-7003-4594-b8e4-18ab4a75d273/detecting-testsigning-onoff-via-api */
+BOOL IsTestSigningModeEnabled ()
+{
+ BOOL bEnabled = FALSE;
+ NtQuerySystemInformationFn NtQuerySystemInformationPtr = (NtQuerySystemInformationFn) GetProcAddress (GetModuleHandle (L"ntdll.dll"), "NtQuerySystemInformation");
+ if(NtQuerySystemInformationPtr)
+ {
+ SYSTEM_CODEINTEGRITY_INFORMATION info = {0};
+ ULONG cbReturnedData = 0;
+ info.Length = sizeof(info);
+ if ( (NtQuerySystemInformationPtr((SYSTEM_INFORMATION_CLASS) SYSTEMCODEINTEGRITYINFORMATION, &info, sizeof(info), &cbReturnedData) >= 0)
+ && (cbReturnedData == sizeof(info))
+ )
+ {
+ if ((info.CodeIntegrityOptions & (CODEINTEGRITY_OPTION_TESTSIGN | CODEINTEGRITY_OPTION_ENABLED)) == (CODEINTEGRITY_OPTION_TESTSIGN | CODEINTEGRITY_OPTION_ENABLED))
+ {
+ bEnabled = TRUE;
+ }
+ }
+ }
+
+ return bEnabled;
+}
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 6370c2a7..3d521a21 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -18,6 +18,7 @@
#include "Apidrvr.h"
#include "Keyfiles.h"
#include "Wipe.h"
+#include <Winternl.h>
#ifdef __cplusplus
extern "C" {
@@ -250,6 +251,28 @@ typedef enum BitLockerEncryptionStatus
BL_Status_Protected
} BitLockerEncryptionStatus;
+#ifndef CODEINTEGRITY_OPTION_ENABLED
+
+#define CODEINTEGRITY_OPTION_ENABLED 0x01
+#define CODEINTEGRITY_OPTION_TESTSIGN 0x02
+
+typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION {
+ ULONG Length;
+ ULONG CodeIntegrityOptions;
+} SYSTEM_CODEINTEGRITY_INFORMATION, *PSYSTEM_CODEINTEGRITY_INFORMATION;
+
+#endif
+
+#define SYSPARTITIONINFORMATION 0x62
+#define SYSTEMCODEINTEGRITYINFORMATION 0x67
+
+typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
+ SYSTEM_INFORMATION_CLASS SystemInformationClass,
+ PVOID SystemInformation,
+ ULONG SystemInformationLength,
+ PULONG ReturnLength
+);
+
#define DEFAULT_VOL_CREATION_WIZARD_MODE WIZARD_MODE_FILE_CONTAINER
@@ -560,6 +583,7 @@ BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void
BOOL EnableProcessProtection();
void SafeOpenURL (LPCWSTR szUrl);
BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter);
+BOOL IsTestSigningModeEnabled ();
#ifdef _WIN64
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
#endif
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index d7dc73d2..d25bf7d5 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -59,6 +59,8 @@ extern unsigned short _rotl16(unsigned short value, unsigned char shift);
#ifdef VC_EFI_CUSTOM_MODE
#define VERSION_STRING_SUFFIX "-CustomEFI"
+#elif defined(VC_SKIP_OS_DRIVER_REQ_CHECK)
+#define VERSION_STRING_SUFFIX "-TESTSIGNING"
#else
#define VERSION_STRING_SUFFIX ""
#endif