From 07ee8c10691d05e4e290ecdaa634ad5311b3cbb1 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 9 Aug 2016 23:26:15 +0200 Subject: Windows: Implement support for EFI system encryption in Windows GUI. --- src/Mount/MainCom.cpp | 42 +++++++++- src/Mount/MainCom.idl | 12 ++- src/Mount/Mount.c | 213 ++++++++++++++++++++++++++++++++++++++------------ src/Mount/Mount.h | 9 +-- src/Mount/Mount.rc | 74 ++++++++++++------ src/Mount/Resource.h | 10 ++- 6 files changed, 273 insertions(+), 87 deletions(-) (limited to 'src/Mount') diff --git a/src/Mount/MainCom.cpp b/src/Mount/MainCom.cpp index 8f3927ad..6056697c 100644 --- a/src/Mount/MainCom.cpp +++ b/src/Mount/MainCom.cpp @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -158,6 +158,46 @@ public: return ::ChangePwd (volumePath, oldPassword, old_pkcs5, old_pim, truecryptMode, newPassword, pkcs5, pim, wipePassCount, (HWND) hWnd); } + virtual DWORD STDMETHODCALLTYPE GetFileSize (BSTR filePath, unsigned __int64 *pSize) + { + return BaseCom::GetFileSize (filePath, pSize); + } + + virtual DWORD STDMETHODCALLTYPE DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output) + { + return BaseCom::DeviceIoControl (readOnly, device, filePath, dwIoControlCode, input, output); + } + + virtual DWORD STDMETHODCALLTYPE InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg) + { + return BaseCom::InstallEfiBootLoader (preserveUserConfig, hiddenOSCreation, pim, hashAlg); + } + + virtual DWORD STDMETHODCALLTYPE BackupEfiSystemLoader () + { + return BaseCom::BackupEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE RestoreEfiSystemLoader () + { + return BaseCom::RestoreEfiSystemLoader (); + } + + virtual DWORD STDMETHODCALLTYPE GetEfiBootDeviceNumber (BSTR* pSdn) + { + return BaseCom::GetEfiBootDeviceNumber (pSdn); + } + + virtual DWORD STDMETHODCALLTYPE ReadEfiConfig (BSTR* pContent, DWORD *pcbRead) + { + return BaseCom::ReadEfiConfig (pContent, pcbRead); + } + + virtual DWORD STDMETHODCALLTYPE WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg) + { + return BaseCom::WriteEfiBootSectorUserConfig (userConfig, customUserMessage,pim, hashAlg); + } + protected: DWORD MessageThreadId; LONG RefCount; diff --git a/src/Mount/MainCom.idl b/src/Mount/MainCom.idl index 9362fd42..9c3ef372 100644 --- a/src/Mount/MainCom.idl +++ b/src/Mount/MainCom.idl @@ -3,7 +3,7 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. - Modifications and additions to the original source code (contained in this file) + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -16,7 +16,7 @@ import "..\Common\Password.h"; [ uuid(9ACF6176-5FC4-4690-A025-B3306A50EB6A), helpstring("VeraCrypt Main UAC Support Library"), - version(2.7) // Update ComSetup.cpp when changing version number + version(2.8) // Update ComSetup.cpp when changing version number ] library TrueCryptMainCom { @@ -44,6 +44,14 @@ library TrueCryptMainCom int ChangePasswordEx (BSTR volumePath, Password *oldPassword, int old_pkcs5, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx2 (BSTR volumePath, Password *oldPassword, int old_pkcs5, BOOL truecryptMode, Password *newPassword, int pkcs5, int wipePassCount, LONG_PTR hWnd); int ChangePasswordEx3 (BSTR volumePath, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, LONG_PTR hWnd); + DWORD GetFileSize (BSTR filePath, unsigned __int64* pSize); + DWORD DeviceIoControl (BOOL readOnly, BOOL device, BSTR filePath, DWORD dwIoControlCode, BSTR input, BSTR *output); + DWORD InstallEfiBootLoader (BOOL preserveUserConfig, BOOL hiddenOSCreation, int pim, int hashAlg); + DWORD BackupEfiSystemLoader (); + DWORD RestoreEfiSystemLoader (); + DWORD GetEfiBootDeviceNumber (BSTR* pSdn); + DWORD ReadEfiConfig (BSTR* pContent, DWORD *pcbRead); + DWORD WriteEfiBootSectorUserConfig (DWORD userConfig, BSTR customUserMessage, int pim, int hashAlg); }; [ diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 82fa4134..a7e6da51 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -346,6 +346,27 @@ static void InitMainDialog (HWND hwndDlg) SetMenuItemInfoW (GetMenu (hwndDlg), i, TRUE, &info); } + { + BOOL bIsGPT = FALSE; + try + { + SystemDriveConfiguration config = BootEncObj->GetSystemDriveConfiguration(); + bIsGPT = config.SystemPartition.IsGPT; + } + catch (Exception &) + { + } + + // disable rescue disk operation for GPT system encryption + if (bIsGPT) + { + EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_HIDDEN_OS, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_CREATE_RESCUE_DISK, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK, MF_GRAYED); + EnableMenuItem (GetMenu (hwndDlg), IDM_VERIFY_RESCUE_DISK_ISO, MF_GRAYED); + } + } + // Disable menu item for changing system header key derivation algorithm until it's implemented EnableMenuItem (GetMenu (hwndDlg), IDM_CHANGE_SYS_HEADER_KEY_DERIV_ALGO, MF_GRAYED); @@ -1081,9 +1102,11 @@ unsigned __int64 GetSysEncDeviceEncryptedPartSize (BOOL bSilent) static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration(); } catch (Exception &e) { @@ -1111,7 +1134,7 @@ static void PopulateSysEncContextMenu (HMENU popup, BOOL bToolsOnly) AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenuW (popup, MF_STRING, IDM_SYS_ENC_SETTINGS, GetString ("IDM_SYS_ENC_SETTINGS")); - if (!IsHiddenOSRunning()) + if (!IsHiddenOSRunning() && !config.SystemPartition.IsGPT) { AppendMenu (popup, MF_SEPARATOR, 0, L""); AppendMenuW (popup, MF_STRING, IDM_CREATE_RESCUE_DISK, GetString ("IDM_CREATE_RESCUE_DISK")); @@ -1314,7 +1337,7 @@ BOOL SelectItem (HWND hTree, wchar_t nLetter) } -static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg) +static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg, BOOL bElevation) { wchar_t t[TC_MAX_PATH + 1024] = {L'"',0}; wchar_t *tmp; @@ -1348,21 +1371,30 @@ static void LaunchVolCreationWizard (HWND hwndDlg, const wchar_t *arg) if (!FileExists(t)) Error ("VOL_CREATION_WIZARD_NOT_FOUND", hwndDlg); // Display a user-friendly error message and advise what to do - - if (wcslen (arg) > 0) - { - StringCbCatW (t, sizeof(t), L" "); - StringCbCatW (t, sizeof(t), arg); - } - - if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) - { - handleWin32Error (hwndDlg, SRC_POS); - } else { - CloseHandle (pi.hProcess); - CloseHandle (pi.hThread); + + if (bElevation && !IsAdmin() && IsUacSupported()) + { + LaunchElevatedProcess (hwndDlg, t, arg); + } + else + { + if (wcslen (arg) > 0) + { + StringCbCatW (t, sizeof(t), L" "); + StringCbCatW (t, sizeof(t), arg); + } + if (!CreateProcess (NULL, (LPWSTR) t, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, &pi)) + { + handleWin32Error (hwndDlg, SRC_POS); + } + else + { + CloseHandle (pi.hProcess); + CloseHandle (pi.hThread); + } + } } } } @@ -2426,10 +2458,16 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR case IDC_PKCS5_PRF_ID: if (bSysEncPwdChangeDlgMode) { - int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, + int new_hash_algo_id = (int) SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETITEMDATA, SendMessage (GetDlgItem (hwndDlg, IDC_PKCS5_PRF_ID), CB_GETCURSEL, 0, 0), 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} - if (new_hash_algo_id != 0 && !HashForSystemEncryption(new_hash_algo_id)) + if (new_hash_algo_id != 0 && !bIsGPT && !HashForSystemEncryption(new_hash_algo_id)) { int new_hash_algo_id = DEFAULT_HASH_ALGORITHM_BOOT; Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", hwndDlg); @@ -2761,9 +2799,16 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa int i, defaultPrfIndex = 0, nIndex = (int) SendMessageW (hComboBox, CB_ADDSTRING, 0, (LPARAM) GetString ("AUTODETECTION")); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + for (i = FIRST_PRF_ID; i <= LAST_PRF_ID; i++) { - if (HashForSystemEncryption(i)) + if (bIsGPT || HashForSystemEncryption(i)) { nIndex = (int) SendMessage (hComboBox, CB_ADDSTRING, 0, (LPARAM) get_pkcs5_prf_name(i)); SendMessage (hComboBox, CB_SETITEMDATA, nIndex, (LPARAM) i); @@ -5469,16 +5514,18 @@ static void ChangeSysEncPassword (HWND hwndDlg, BOOL bOnlyChangeKDF) // Initiates or resumes encryption of the system partition/drive static void EncryptSystemDevice (HWND hwndDlg) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { e.Show (MainDlg); } - if (!BootEncStatus.DriveEncrypted + if (!BootEncStatus.DriveEncrypted && !BootEncStatus.DriveMounted && !SysEncryptionOrDecryptionRequired ()) { @@ -5486,7 +5533,7 @@ static void EncryptSystemDevice (HWND hwndDlg) if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (hwndDlg, L"/sysenc"); + LaunchVolCreationWizard (hwndDlg, L"/sysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5500,7 +5547,7 @@ static void EncryptSystemDevice (HWND hwndDlg) if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (hwndDlg, L"/sysenc"); + LaunchVolCreationWizard (hwndDlg, L"/sysenc",FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5516,9 +5563,11 @@ static void EncryptSystemDevice (HWND hwndDlg) // Initiates decryption of the system partition/drive static void DecryptSystemDevice (HWND hwndDlg) { + SystemDriveConfiguration config; try { BootEncStatus = BootEncObj->GetStatus(); + config = BootEncObj->GetSystemDriveConfiguration (); } catch (Exception &e) { @@ -5579,8 +5628,8 @@ static void DecryptSystemDevice (HWND hwndDlg) return; } - CloseSysEncMutex (); - LaunchVolCreationWizard (hwndDlg, L"/dsysenc"); + CloseSysEncMutex (); + LaunchVolCreationWizard (hwndDlg, L"/dsysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5595,7 +5644,7 @@ static void CreateHiddenOS (HWND hwndDlg) // such information, but will exit (displaying only an error meessage). Info("HIDDEN_OS_PREINFO", hwndDlg); - LaunchVolCreationWizard (hwndDlg, L"/isysenc"); + LaunchVolCreationWizard (hwndDlg, L"/isysenc", FALSE); } static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, BOOL bUseDriveListSel) @@ -5706,7 +5755,7 @@ static void DecryptNonSysDevice (HWND hwndDlg, BOOL bResolveAmbiguousSelection, if (AskWarnNoYes ("CONFIRM_DECRYPT_NON_SYS_DEVICE_CAUTION", hwndDlg) == IDNO) return; - LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str ()); + LaunchVolCreationWizard (hwndDlg, (wstring (L"/inplacedec \"") + scPath + L"\"").c_str (), FALSE); } // Blindly attempts (without any checks) to instruct the wizard to resume whatever system encryption process @@ -5715,7 +5764,17 @@ static void ResumeInterruptedSysEncProcess (HWND hwndDlg) { if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { - LaunchVolCreationWizard (MainDlg, L"/csysenc"); + SystemDriveConfiguration config; + try + { + config = BootEncObj->GetSystemDriveConfiguration (); + } + catch (Exception &e) + { + e.Show (MainDlg); + } + + LaunchVolCreationWizard (MainDlg, L"/csysenc", FALSE); } else Warning ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", hwndDlg); @@ -5936,7 +5995,7 @@ static void ResumeInterruptedNonSysInplaceEncProcess (BOOL bDecrypt) // IMPORTANT: This function must not check any config files! Otherwise, if a config file was lost or corrupt, // the user would not be able resume encryption and the data on the volume would be inaccessible. - LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace"); + LaunchVolCreationWizard (MainDlg, bDecrypt? L"/resumeinplacedec" : L"/zinplace", FALSE); } BOOL SelectContainer (HWND hwndDlg) @@ -5989,8 +6048,15 @@ static void WipeCache (HWND hwndDlg, BOOL silent) static void Benchmark (HWND hwndDlg) { + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg, - (DLGPROC) BenchmarkDlgProc, (LPARAM) NULL); + (DLGPROC) BenchmarkDlgProc, (LPARAM) bIsGPT); } @@ -6741,9 +6807,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { // The wizard was not launched during the system startup seq, or the user may have forgotten // to resume the encryption/decryption process. + SystemDriveConfiguration config; + try + { + config = BootEncObj->GetSystemDriveConfiguration (); + } + catch (Exception &e) + { + e.Show (MainDlg); + } - - LaunchVolCreationWizard (hwndDlg, L"/csysenc"); + LaunchVolCreationWizard (hwndDlg, L"/csysenc", FALSE); } } } @@ -7723,7 +7797,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDC_CREATE_VOLUME || lw == IDM_CREATE_VOLUME || lw == IDM_VOLUME_WIZARD) { - LaunchVolCreationWizard (hwndDlg, L""); + LaunchVolCreationWizard (hwndDlg, L"", FALSE); return 1; } @@ -8013,7 +8087,14 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (lw == IDM_SYSENC_SETTINGS || lw == IDM_SYS_ENC_SETTINGS) { - DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0); + BOOL bIsGPT = FALSE; + try + { + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; + } + catch (...) {} + + DialogBoxParamW (hInst, MAKEINTRESOURCEW (bIsGPT? IDD_EFI_SYSENC_SETTINGS : IDD_SYSENC_SETTINGS), hwndDlg, (DLGPROC) BootLoaderPreferencesDlgProc, 0); return 1; } @@ -10423,23 +10504,26 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM try { VOLUME_PROPERTIES_STRUCT prop; + BOOL bIsGPT = FALSE; try { BootEncStatus = BootEncObj->GetStatus(); BootEncObj->GetVolumeProperties (&prop); + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; } catch (...) { - BootEncStatus.DriveMounted = false; + BootEncStatus.DriveMounted = false; } - if (BootEncStatus.DriveMounted) + if (BootEncStatus.DriveMounted && !bIsGPT) { byte userConfig; string customUserMessage; uint16 bootLoaderVersion; - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) + return 1; if (bootLoaderVersion != VERSION_NUM) Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); @@ -10449,7 +10533,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_HW_ENCRYPTION; - BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); + BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); } SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION, disableHW); @@ -10763,13 +10847,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA { case WM_INITDIALOG: { - if (!BootEncObj->GetStatus().DriveMounted) + BootEncryptionStatus BootEncStatus = BootEncObj->GetStatus(); + if (!BootEncStatus.DriveMounted) { Warning ("SYS_DRIVE_NOT_ENCRYPTED", hwndDlg); EndDialog (hwndDlg, IDCANCEL); return 1; } + BOOL bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; try { LocalizeDialog (hwndDlg, "IDD_SYSENC_SETTINGS"); @@ -10777,27 +10863,38 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA uint32 driverConfig = ReadDriverConfigurationFlags(); byte userConfig; string customUserMessage; - uint16 bootLoaderVersion; + uint16 bootLoaderVersion = 0; BOOL bPasswordCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD)? TRUE : FALSE; BOOL bPimCacheEnabled = (driverConfig & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)? TRUE : FALSE; - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig, &customUserMessage, &bootLoaderVersion)) + { + // operations canceled + EndDialog (hwndDlg, IDCANCEL); + return 1; + } if (bootLoaderVersion != VERSION_NUM) Warning ("BOOT_LOADER_VERSION_INCORRECT_PREFERENCES", hwndDlg); - SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0); - SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str()); + if (bIsGPT) + { + CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_STORE_HASH) ? BST_CHECKED : BST_UNCHECKED); + } + else + { + SendMessage (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE), EM_LIMITTEXT, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, 0); + SetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage.c_str()); + CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); + CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); + CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED); + SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); + } CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM) ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT, (userConfig & TC_BOOT_USER_CFG_FLAG_SILENT_MODE) ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_ALLOW_ESC_PBA_BYPASS, (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_ESC) ? BST_UNCHECKED : BST_CHECKED); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD, bPasswordCacheEnabled ? BST_CHECKED : BST_UNCHECKED); - CheckDlgButton (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, (driverConfig & TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION) ? BST_CHECKED : BST_UNCHECKED); EnableWindow (GetDlgItem (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM), bPasswordCacheEnabled); CheckDlgButton (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? BST_CHECKED : BST_UNCHECKED); - - SetWindowTextW (GetDlgItem (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP), GetString("CUSTOM_BOOT_LOADER_MESSAGE_HELP")); } catch (Exception &e) { @@ -10819,6 +10916,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA case IDOK: { VOLUME_PROPERTIES_STRUCT prop; + BOOL bIsGPT = FALSE; if (!BootEncObj->GetStatus().DriveMounted) { @@ -10829,6 +10927,7 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA try { BootEncObj->GetVolumeProperties (&prop); + bIsGPT = BootEncObj->GetSystemDriveConfiguration().SystemPartition.IsGPT; } catch (Exception &e) { @@ -10837,13 +10936,15 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA return 1; } - char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1]; - GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage)); + char customUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1] = {0}; + if (!bIsGPT) + GetDlgItemTextA (hwndDlg, IDC_CUSTOM_BOOT_LOADER_MESSAGE, customUserMessage, sizeof (customUserMessage)); byte userConfig; try { - BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig); + if (!BootEncObj->ReadBootSectorConfig (nullptr, 0, &userConfig)) + return 1; } catch (Exception &e) { @@ -10856,7 +10957,16 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_PIM; - if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT)) + if (bIsGPT) + { + if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_HASH_PROMPT)) + userConfig |= TC_BOOT_USER_CFG_FLAG_STORE_HASH; + else + userConfig &= ~TC_BOOT_USER_CFG_FLAG_STORE_HASH; + } + else + { + if (IsDlgButtonChecked (hwndDlg, IDC_DISABLE_BOOT_LOADER_OUTPUT)) userConfig |= TC_BOOT_USER_CFG_FLAG_SILENT_MODE; else userConfig &= ~TC_BOOT_USER_CFG_FLAG_SILENT_MODE; @@ -10865,12 +10975,13 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA userConfig |= TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; else userConfig &= ~TC_BOOT_USER_CFG_FLAG_DISABLE_ESC; + } try { BOOL bPasswordCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PASSWORD); BOOL bPimCacheEnabled = IsDlgButtonChecked (hwndDlg, IDC_BOOT_LOADER_CACHE_PIM); - BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim); + BootEncObj->WriteBootSectorUserConfig (userConfig, customUserMessage, prop.volumePim, prop.pkcs5); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD, bPasswordCacheEnabled); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_CACHE_BOOT_PIM, (bPasswordCacheEnabled && bPimCacheEnabled)? TRUE : FALSE); SetDriverConfigurationFlag (TC_DRIVER_CONFIG_DISABLE_EVIL_MAID_ATTACK_DETECTION, IsDlgButtonChecked (hwndDlg, IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION)); diff --git a/src/Mount/Mount.h b/src/Mount/Mount.h index 3a2a4056..4a50ef3c 100644 --- a/src/Mount/Mount.h +++ b/src/Mount/Mount.h @@ -1,11 +1,11 @@ /* Legal Notice: Some portions of the source code contained in this file were - derived from the source code of TrueCrypt 7.1a, which is - Copyright (c) 2003-2012 TrueCrypt Developers Association and which is + derived from the source code of TrueCrypt 7.1a, which is + Copyright (c) 2003-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux - and which is governed by the 'License Agreement for Encryption for the Masses' - Modifications and additions to the original source code (contained in this file) + and which is governed by the 'License Agreement for Encryption for the Masses' + Modifications and additions to the original source code (contained in this file) and all other portions of this file are Copyright (c) 2013-2016 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source @@ -99,7 +99,6 @@ static BOOL CheckMountList (HWND hwndDlg, BOOL bForceTaskBarUpdate); int GetCipherBlockSizeByDriveNo (int nDosDriveNo); int GetModeOfOperationByDriveNo (int nDosDriveNo); void ChangeMainWindowVisibility (); -void LaunchVolCreationWizard (HWND hwndDlg); BOOL WholeSysDriveEncryption (BOOL bSilent); BOOL CheckSysEncMountWithoutPBA (HWND hwndDlg, const wchar_t *devicePath, BOOL quiet); BOOL TCBootLoaderOnInactiveSysEncDrive (wchar_t *szDevicePath); diff --git a/src/Mount/Mount.rc b/src/Mount/Mount.rc index 6aa544fa..cae65984 100644 --- a/src/Mount/Mount.rc +++ b/src/Mount/Mount.rc @@ -283,30 +283,23 @@ BEGIN LTEXT "",IDT_PKCS11_LIB_HELP,16,63,286,65 END -IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 +IDD_EFI_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 139 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "VeraCrypt - System Encryption Settings" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN - CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9 - EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 - CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 - DEFPUSHBUTTON "OK",IDOK,257,262,50,14 - PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 - LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8 - GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165 - GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75 - LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73 - CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,79,339,10 + DEFPUSHBUTTON "OK",IDOK,257,115,50,14 + PUSHBUTTON "Cancel",IDCANCEL,313,115,50,14 + GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,53 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,64,355,44 CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, - "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,94,340,10 CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 + CONTROL "Do not request Hash algorithm in the pre-boot authentication screen",IDC_DISABLE_BOOT_LOADER_HASH_PROMPT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,35,339,9 END IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 370, 248 @@ -386,6 +379,31 @@ BEGIN CONTROL "TrueCrypt Mode",IDC_TRUECRYPT_MODE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,76,10 END +IDD_SYSENC_SETTINGS DIALOGEX 0, 0, 370, 286 +STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU +CAPTION "VeraCrypt - System Encryption Settings" +FONT 8, "MS Shell Dlg", 400, 0, 0x1 +BEGIN + CONTROL "Do not &show any texts in the pre-boot authentication screen (except the below custom message)",IDC_DISABLE_BOOT_LOADER_OUTPUT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,37,339,9 + EDITTEXT IDC_CUSTOM_BOOT_LOADER_MESSAGE,18,67,216,14,ES_AUTOHSCROLL + CONTROL "&Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)",IDC_BOOT_LOADER_CACHE_PASSWORD, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,192,339,10 + CONTROL "Allow pre-boot &authentication to be bypassed by pressing the Esc key (enables boot manager)",IDC_ALLOW_ESC_PBA_BYPASS, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,222,340,10 + DEFPUSHBUTTON "OK",IDOK,257,262,50,14 + PUSHBUTTON "Cancel",IDCANCEL,313,262,50,14 + LTEXT "Display this custom message in the pre-boot authentication screen (24 characters maximum):",IDT_CUSTOM_BOOT_LOADER_MESSAGE,18,56,337,8 + GROUPBOX "Boot Loader Screen Options",IDT_BOOT_LOADER_SCREEN_OPTIONS,8,7,355,165 + GROUPBOX "Security Options",IDT_SECURITY_OPTIONS,8,177,355,75 + LTEXT "",IDC_CUSTOM_BOOT_LOADER_MESSAGE_HELP,18,89,337,73 + CONTROL "Disable ""Evil Maid"" attack detection",IDC_DISABLE_EVIL_MAID_ATTACK_DETECTION, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,340,10 + CONTROL "Include PIM when caching pre-boot authentication password",IDC_BOOT_LOADER_CACHE_PIM, + "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,18,207,340,10 + CONTROL "Do not request PIM in the pre-boot authentication screen (PIM value is stored unencrypted on disk)",IDC_DISABLE_BOOT_LOADER_PIM_PROMPT, + "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,20,339,9 +END ///////////////////////////////////////////////////////////////////////////// // @@ -393,7 +411,7 @@ END // #ifdef APSTUDIO_INVOKED -GUIDELINES DESIGNINFO +GUIDELINES DESIGNINFO BEGIN IDD_PREFERENCES_DLG, DIALOG BEGIN @@ -455,12 +473,12 @@ BEGIN BOTTOMMARGIN, 192 END - IDD_SYSENC_SETTINGS, DIALOG + IDD_EFI_SYSENC_SETTINGS, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 363 TOPMARGIN, 7 - BOTTOMMARGIN, 276 + BOTTOMMARGIN, 129 END IDD_PERFORMANCE_SETTINGS, DIALOG @@ -486,6 +504,14 @@ BEGIN TOPMARGIN, 7 BOTTOMMARGIN, 58 END + + IDD_SYSENC_SETTINGS, DIALOG + BEGIN + LEFTMARGIN, 7 + RIGHTMARGIN, 363 + TOPMARGIN, 7 + BOTTOMMARGIN, 276 + END END #endif // APSTUDIO_INVOKED @@ -534,19 +560,19 @@ END // TEXTINCLUDE // -1 TEXTINCLUDE +1 TEXTINCLUDE BEGIN "resource.h\0" END -2 TEXTINCLUDE +2 TEXTINCLUDE BEGIN "#include ""afxres.h""\r\n" "#include ""..\\\\common\\\\resource.h""\r\n" "\0" END -3 TEXTINCLUDE +3 TEXTINCLUDE BEGIN "#include ""..\\\\common\\\\common.rc""\r\n" "\0" @@ -572,7 +598,7 @@ IDB_SYS_DRIVEICON_MASK BITMAP "System_drive_icon_mask_96dpi.bm // Menu // -IDR_MENU MENU +IDR_MENU MENU BEGIN POPUP "&Volumes" BEGIN @@ -691,7 +717,7 @@ END // String Table // -STRINGTABLE +STRINGTABLE BEGIN IDS_UACSTRING "VeraCrypt" END diff --git a/src/Mount/Resource.h b/src/Mount/Resource.h index 3d93d81f..12860915 100644 --- a/src/Mount/Resource.h +++ b/src/Mount/Resource.h @@ -21,6 +21,7 @@ #define IDD_SYSENC_SETTINGS 116 #define IDD_FAVORITE_VOLUMES 117 #define IDD_DEFAULT_MOUNT_PARAMETERS 118 +#define IDD_EFI_SYSENC_SETTINGS 119 #define IDC_PREF_MOUNT_READONLY 1000 #define IDC_PREF_MOUNT_REMOVABLE 1001 #define IDC_VERIFY 1002 @@ -179,8 +180,9 @@ #define IDT_VOLUME_ID 1157 #define IDC_FAVORITE_VOLUME_ID 1158 #define IDC_FAVORITE_USE_VOLUME_ID 1159 -#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160 +#define IDC_DISABLE_BOOT_LOADER_PIM_PROMPT 1160 #define IDC_HIDE_WAITING_DIALOG 1161 +#define IDC_DISABLE_BOOT_LOADER_HASH_PROMPT 1162 #define IDM_HELP 40001 #define IDM_ABOUT 40002 #define IDM_UNMOUNT_VOLUME 40003 @@ -251,13 +253,13 @@ #define IDM_VERIFY_RESCUE_DISK_ISO 40068 // Next default values for new objects -// +// #ifdef APSTUDIO_INVOKED #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NO_MFC 1 -#define _APS_NEXT_RESOURCE_VALUE 119 +#define _APS_NEXT_RESOURCE_VALUE 120 #define _APS_NEXT_COMMAND_VALUE 40069 -#define _APS_NEXT_CONTROL_VALUE 1162 +#define _APS_NEXT_CONTROL_VALUE 1163 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif -- cgit v1.2.3