From 538319051857a8fb8e9e8c4f1048ab53e9c26b40 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 20 Mar 2022 20:53:20 +0100 Subject: Windows: Block upgrade of VeraCrypt is the system is encrypted using RIPEMD-160 or GOST89 since they are not supported anymore. --- src/Common/BootEncryption.cpp | 28 ++++++++++++++++++++++++++++ src/Common/BootEncryption.h | 1 + src/Common/Language.xml | 1 + src/Setup/Setup.c | 4 ++++ src/SetupDLL/Setup.c | 8 ++++++++ 5 files changed, 42 insertions(+) (limited to 'src') diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 9a16db53..079eacc6 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -5832,4 +5832,32 @@ namespace VeraCrypt { return (::RestartComputer(bShutdown) != FALSE); } + + bool BootEncryption::IsUsingUnsupportedAlgorithm(LONG driverVersion) + { + bool bRet = false; + + try + { + if (driverVersion <= 0x125) + { + // version 1.25 is last version to support RIPEMD160 and GOST89 + static int GOST89_EA = 5; + static int RIPEMD160_PRF = 4; + + VOLUME_PROPERTIES_STRUCT props = {0}; + GetVolumeProperties(&props); + + // + if (props.ea == GOST89_EA || props.pkcs5 == RIPEMD160_PRF) + bRet = true; + } + } + catch(...) + { + + } + + return bRet; + } } diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index e25427dd..03c30ea7 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -313,6 +313,7 @@ namespace VeraCrypt void RestoreSystemLoader (); static void UpdateSetupConfigFile (bool bForInstall); void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded); + bool IsUsingUnsupportedAlgorithm(LONG driverVersion); protected: static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 8002a08c..e4ceac7a 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1567,6 +1567,7 @@ WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting? VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation. Use all available free space + VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again. diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index fbc8a7d8..9433bd40 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -1726,6 +1726,10 @@ BOOL DoDriverUnload (HWND hwndDlg) if (CurrentOSMajor == 6 && CurrentOSMinor == 0 && CurrentOSServicePack < 1) AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ON_VISTA_SP0"); + // check if we are upgrading a system encrypted with unsupported algorithms + if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion)) + AbortProcess ("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM"); + SystemEncryptionUpdate = TRUE; PortableMode = FALSE; } diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c index 7ccd94f9..2afc7312 100644 --- a/src/SetupDLL/Setup.c +++ b/src/SetupDLL/Setup.c @@ -1560,6 +1560,14 @@ BOOL DoDriverUnload_Dll (MSIHANDLE hInstaller, HWND hwnd) goto end; } + // check if we are upgrading a system encrypted with unsupported algorithms + if (bootEnc.IsUsingUnsupportedAlgorithm(driverVersion)) + { + MSILogAndShow(hInstaller, MSI_ERROR_LEVEL, GetString("SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM")); + bOK = FALSE; + goto end; + } + SystemEncryptionUpdate = TRUE; PortableMode = FALSE; } -- cgit v1.2.3