From c2d0d5e344fe250591e06208f118519d819324b2 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 5 Aug 2015 12:06:00 +0200 Subject: Windows: Add extra checks for bootloader tampering. --- src/Common/BootEncryption.cpp | 5 +++++ src/Driver/DriveFilter.c | 37 ++++++++++++++++++++++++++++++------- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index d9570062..5da2988e 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1565,6 +1565,11 @@ namespace VeraCrypt bRet = true; } } + catch (SystemException &e) + { + if (!bSilent && (GetLastError () != ERROR_INVALID_IMAGE_HASH)) + e.Show (ParentWindow); + } catch (Exception& e) { if (!bSilent) diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 4b9117eb..566aacda 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -1764,17 +1764,40 @@ void GetBootLoaderFingerprint (PIRP irp, PIO_STACK_LOCATION irpSp) { if (ValidateIOBufferSize (irp, sizeof (BootLoaderFingerprintRequest), ValidateOutput)) { - if (BootArgsValid) + irp->IoStatus.Information = 0; + if (BootArgsValid && BootDriveFound && BootDriveFilterExtension && BootDriveFilterExtension->DriveMounted && BootDriveFilterExtension->HeaderCryptoInfo) { - BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer; - memcpy (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint)); - irp->IoStatus.Information = sizeof (BootLoaderFingerprintRequest); - irp->IoStatus.Status = STATUS_SUCCESS; + BootLoaderFingerprintRequest *bootLoaderFingerprint = (BootLoaderFingerprintRequest *) irp->AssociatedIrp.SystemBuffer; + + /* compute the fingerprint again and check if it is the same as the one retrieved during boot */ + char *header = TCalloc (TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE); + if (!header) + { + irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES; + } + else + { + memcpy (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint)); + ComputeBootLoaderFingerprint (BootDriveFilterExtension->LowerDeviceObject, header); + + burn (header, TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE); + TCfree (header); + + if (0 == memcmp (bootLoaderFingerprint->Fingerprint, BootLoaderFingerprint, sizeof (BootLoaderFingerprint))) + { + irp->IoStatus.Information = sizeof (BootLoaderFingerprintRequest); + irp->IoStatus.Status = STATUS_SUCCESS; + } + else + { + /* fingerprint mismatch.*/ + irp->IoStatus.Status = STATUS_INVALID_IMAGE_HASH; + } + } } else { - irp->IoStatus.Status = STATUS_INVALID_PARAMETER; - irp->IoStatus.Information = 0; + irp->IoStatus.Status = STATUS_INVALID_PARAMETER; } } } -- cgit v1.2.3