From 07ee8c10691d05e4e290ecdaa634ad5311b3cbb1 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 9 Aug 2016 23:26:15 +0200 Subject: Windows: Implement support for EFI system encryption in Windows GUI. --- src/Format/FormatCom.cpp | 44 ++++++++++++++++++++++++++++++++-- src/Format/FormatCom.idl | 12 ++++++++-- src/Format/Tcformat.c | 61 +++++++++++++++++++++++++++++++++++++++++------- 3 files changed, 105 insertions(+), 12 deletions(-) (limited to 'src/Format') diff --git a/src/Format/FormatCom.cpp b/src/Format/FormatCom.cpp index 96e3e3cd..2aa5cea9 100644 --- a/src/Format/FormatCom.cpp +++ b/src/Format/FormatCom.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -74,7 +74,7 @@ public: AddRef (); return S_OK; } - + virtual DWORD STDMETHODCALLTYPE CallDriver (DWORD ioctl, BSTR input, BSTR *output) { return BaseCom::CallDriver (ioctl, input, output); @@ -137,6 +137,46 @@ public: return ::FormatFs (driveNo, clusterSize, fsType); } + virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize) + { + return BaseCom::GetFileSize (filePath, pSize); + } + + virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output) + { + return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output); + } + + virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg) + { + return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg); + } + + virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader () + { + return BaseCom::BackupEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader () + { + return BaseCom::RestoreEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn) + { + return BaseCom::GetEfiBootDeviceNumber (pSdn); + } + + virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead) + { + return BaseCom::ReadEfiConfig (pContent, pcbRead); + } + + virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg) + { + return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg); + } + protected: DWORD MessageThreadId; LONG RefCount; diff --git a/src/Format/FormatCom.idl b/src/Format/FormatCom.idl index 23d987a7..1eb09b43 100644 --- a/src/Format/FormatCom.idl +++ b/src/Format/FormatCom.idl @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -16,7 +16,7 @@ import "..\Common\Password.h"; [ uuid(56327DDA-F1A7-4e13-B128-520D129BDEF6), helpstring("VeraCrypt Format UAC Support Library"), - version(2.5) // Update ComSetup.cpp when changing version number + version(2.6) // Update ComSetup.cpp when changing version number ] library TrueCryptFormatCom { @@ -40,6 +40,14 @@ library TrueCryptFormatCom DWORD SetDriverServiceStartType (DWORD startType); DWORD WriteLocalMachineRegistryDwordValue (BSTR keyPath, BSTR valueName, DWORD value); BOOL FormatFs (int driveNo, int clusterSize, int fsType); + DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize); + DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output); + DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg); + DWORD BackupEfiSystemLoader (); + DWORD RestoreEfiSystemLoader (); + DWORD GetEfiBootDeviceNumber (BSTR* pSdn); + DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead); + DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); }; [ diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index f1ecabe1..186c1199 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -931,11 +931,13 @@ static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent) BOOL SwitchWizardToSysEncMode (void) { WaitCursor (); + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); bWholeSysDrive = BootEncObj->SystemPartitionCoversWholeDrive(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { @@ -1413,6 +1415,18 @@ void ComboSelChangeEA (HWND hwndDlg) SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP")); } + else if (wcsncmp (name, L"GOST89", 6) == 0) + { + StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), L"GOST89"); + + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("GOST89_HELP")); + } + else if (wcscmp (name, L"Kuznyechik") == 0) + { + StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); + + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP")); + } else if (wcscmp (name, L"Camellia") == 0) { StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); @@ -3612,6 +3626,14 @@ static BOOL FileSize4GBLimitQuestionNeeded (void) } +void BlockIfGpt(HWND control) { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + + if (config.SystemPartition.IsGPT) { + EnableWindow(control, FALSE); + } +} + /* Except in response to the WM_INITDIALOG message, the dialog box procedure should return nonzero if it processes the message, and zero if it does not. - see DialogProc */ @@ -3669,6 +3691,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE); + BlockIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN)); + CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL)); SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP")); @@ -3708,6 +3732,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (hwndDlg, IDT_WHOLE_SYS_DRIVE), GetString ("SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP")); CheckButton (GetDlgItem (hwndDlg, bWholeSysDrive ? IDC_WHOLE_SYS_DRIVE : IDC_SYS_PARTITION)); + BlockIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE)); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT")); SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV")); @@ -3785,7 +3810,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL")); RefreshMultiBootControls (hwndDlg); - + BlockIfGpt(GetDlgItem(hwndDlg, IDC_MULTI_BOOT)); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), nMultiBoot > 0); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE); @@ -4061,13 +4086,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (SysEncInEffect ()) { - hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + hash_algo = bIsGPT? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT; RandSetHashFunction (hash_algo); for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++) { // For now, we keep RIPEMD160 for system encryption - if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && HashForSystemEncryption (hid)) + if (((hid == RIPEMD160) || !HashIsDeprecated (hid)) && (bIsGPT || HashForSystemEncryption (hid))) AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid); } } @@ -4461,8 +4487,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1)); EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE); - SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk); + // For now, disable verification of Rescue Disk for GPT system encryption + { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + bDontVerifyRescueDisk = config.SystemPartition.IsGPT; + SetCheckBox (hCurPage, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk); + EnableWindow(GetDlgItem (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION), !config.SystemPartition.IsGPT); + } break; case SYSENC_RESCUE_DISK_BURN_PAGE: @@ -5443,13 +5475,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDC_BENCHMARK && nCurPageNo == CIPHER_PAGE) { + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + // Reduce CPU load bFastPollEnabled = FALSE; bRandmixEnabled = FALSE; DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, - (DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); + (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT); bFastPollEnabled = TRUE; bRandmixEnabled = TRUE; @@ -5471,6 +5510,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa Applink ("serpent", FALSE, ""); else if (wcscmp (name, L"Twofish") == 0) Applink ("twofish", FALSE, ""); + else if (wcscmp (name, L"GOST89") == 0) + Applink ("gost89", FALSE, ""); + else if (wcscmp (name, L"Kuznyechik") == 0) + Applink ("kuznyechik", FALSE, ""); else if (wcscmp (name, L"Camellia") == 0) Applink ("camellia", FALSE, ""); else if (EAGetCipherCount (nIndex) > 1) @@ -5793,7 +5836,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { HWND hHashAlgoItem = GetDlgItem (hwndDlg, IDC_COMBO_BOX_HASH_ALGO); int selectedAlgo = (int) SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0); - if (!HashForSystemEncryption(selectedAlgo)) + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + if (!bIsGPT && !HashForSystemEncryption(selectedAlgo)) { hash_algo = DEFAULT_HASH_ALGORITHM_BOOT; RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT); @@ -7332,10 +7376,11 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa else if (nCurPageNo == CIPHER_PAGE) { LPARAM nIndex; + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0); nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0); - if (SysEncInEffect () + if (!bIsGPT && SysEncInEffect () && EAGetCipherCount (nVolumeEA) > 1) // Cascade? { if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO) @@ -8033,7 +8078,7 @@ retryCDDriveCheck: } #endif - BootEncObj->Install (bHiddenOS ? true : false); + BootEncObj->Install (bHiddenOS ? true : false, hash_algo); } catch (Exception &e) { -- cgit v1.2.3