diff --git a/src/COMReg/COMReg.cpp b/src/COMReg/COMReg.cpp index 9582b413..426f38b8 100644 --- a/src/COMReg/COMReg.cpp +++ b/src/COMReg/COMReg.cpp @@ -21,8 +21,12 @@ int APIENTRY _tWinMain(HINSTANCE hInstance, if (s) s[1] = 0; - /* Create self-extracting package */ - MakeSelfExtractingPackage (NULL, SetupFilesDir, TRUE); + /* + * Create a self-extracting package containing the traveler files. + * The MSI traveler creation path verifies this IDRIX-signed package + * instead of verifying individual WHQL-signed driver files. + */ + MakeSelfExtractingPackage (NULL, SetupFilesDir, FALSE); } return 0; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 0842c94f..b51f1bf1 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -314,15 +314,41 @@ static unsigned char gpbSha512CodeSignCertFingerprint[64] = { 0xF1, 0x08, 0xF3, 0xA8 }; -static unsigned char gpbSha512MSCodeSignCertFingerprint[64] = { - 0x17, 0x8C, 0x1B, 0x37, 0x70, 0xBF, 0x8B, 0xDF, 0x84, 0x55, 0xC5, 0x18, - 0x13, 0x64, 0xE9, 0x65, 0x6D, 0x67, 0xCA, 0x0C, 0xD6, 0x3B, 0x9E, 0x7B, - 0x9B, 0x6A, 0x63, 0xD6, 0x19, 0xAE, 0xD7, 0xBA, 0xBE, 0x5C, 0xCB, 0xD1, - 0x07, 0x89, 0x07, 0xFB, 0x12, 0xC0, 0x2C, 0x94, 0x86, 0xEB, 0x67, 0x0B, - 0x9C, 0x97, 0xEB, 0x20, 0x38, 0x13, 0x9C, 0x0F, 0x56, 0x93, 0x1B, 0x19, - 0x6F, 0x8F, 0x6A, 0x39 +/* + * SHA-512 hashes of the DER-encoded Authenticode leaf certificates used by + * Microsoft WHQL signing for the current VeraCrypt driver files. These are + * accepted only by VerifyModuleSignatureAllowingMicrosoftWHQL(), which is used + * for loose portable driver files that cannot be signed by the IDRIX + * certificate. + */ +static unsigned char gpbSha512MSWHQLCertFingerprints[][64] = { + /* + * SHA-1 thumbprint 3847B761C2846DB72F61149176D09F9BB2D43E8A, + * observed on the latest WHQL signing certificate. + */ + { + 0x29, 0x85, 0xDC, 0xD4, 0x85, 0xBF, 0x3C, 0x48, 0xA6, 0x08, 0x13, 0x8E, + 0x53, 0xE6, 0x7A, 0x98, 0x7F, 0xE8, 0x1D, 0x9C, 0xE8, 0x37, 0xDF, 0xE0, + 0xCD, 0x68, 0xF9, 0x97, 0x11, 0x14, 0xF7, 0xEF, 0x69, 0xF7, 0x53, 0x24, + 0x82, 0x0E, 0x8D, 0x49, 0x37, 0xFA, 0xFD, 0xC5, 0x48, 0x76, 0xF0, 0xC0, + 0x5D, 0xF1, 0xCA, 0xAC, 0x7C, 0xC4, 0x5E, 0xC0, 0x93, 0x0C, 0x8E, 0x64, + 0x7C, 0x57, 0xFE, 0xEB + } }; +static BOOL IsKnownMSWHQLCertFingerprint (const unsigned char hashVal[64]) +{ + size_t i; + + for (i = 0; i < sizeof (gpbSha512MSWHQLCertFingerprints) / sizeof (gpbSha512MSWHQLCertFingerprints[0]); ++i) + { + if (0 == memcmp (hashVal, gpbSha512MSWHQLCertFingerprints[i], 64)) + return TRUE; + } + + return FALSE; +} + /* Windows dialog class */ #define WINDOWS_DIALOG_CLASS L"#32770" @@ -944,7 +970,7 @@ cleanup: } #endif -BOOL VerifyModuleSignature (const wchar_t* path) +static BOOL VerifyModuleSignatureInternal (const wchar_t* path, BOOL bAllowMicrosoftWHQL) { #if defined(NDEBUG) && !defined (VC_SKIP_OS_DRIVER_REQ_CHECK) BOOL bResult = FALSE; @@ -995,9 +1021,8 @@ BOOL VerifyModuleSignature (const wchar_t* path) BYTE hashVal[64]; sha512 (hashVal, pProviderCert->pCert->pbCertEncoded, pProviderCert->pCert->cbCertEncoded); - if ( (0 == memcmp (hashVal, gpbSha512CodeSignCertFingerprint, 64)) - || (0 == memcmp (hashVal, gpbSha512MSCodeSignCertFingerprint, 64)) - ) + if ((0 == memcmp (hashVal, gpbSha512CodeSignCertFingerprint, 64)) + || (bAllowMicrosoftWHQL && IsKnownMSWHQLCertFingerprint (hashVal))) { bResult = TRUE; } @@ -1016,6 +1041,16 @@ BOOL VerifyModuleSignature (const wchar_t* path) #endif } +BOOL VerifyModuleSignature (const wchar_t* path) +{ + return VerifyModuleSignatureInternal (path, FALSE); +} + +BOOL VerifyModuleSignatureAllowingMicrosoftWHQL (const wchar_t* path) +{ + return VerifyModuleSignatureInternal (path, TRUE); +} + DWORD handleWin32Error (HWND hwndDlg, const char* srcPos) { #if !defined(VC_COMREG) && !defined(VCSDK_DLL) diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 6fded2f3..d7b2693c 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -594,6 +594,7 @@ BOOL DeleteDirectory (const wchar_t* szDirName); BOOL IsThreadInSecureDesktop(DWORD dwThreadID); INT_PTR SecureDesktopDialogBoxParam (HINSTANCE, LPCWSTR, HWND, DLGPROC, LPARAM); BOOL VerifyModuleSignature (const wchar_t* path); +BOOL VerifyModuleSignatureAllowingMicrosoftWHQL (const wchar_t* path); void GetInstallationPath (HWND hwndDlg, wchar_t* szInstallPath, DWORD cchSize, BOOL* pbInstallPathDetermined); BOOL GetSetupconfigLocation (wchar_t* path, DWORD cchSize); BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void* pattern, size_t patternLen); diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index a032e214..cf003208 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -4941,7 +4941,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa // Driver StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt.sys", dstDir); - if (!VerifyModuleSignature (srcPath)) + if (!VerifyModuleSignatureAllowingMicrosoftWHQL (srcPath)) { Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); goto stop; @@ -4955,7 +4955,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa // Driver x64 StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt-x64.sys", appDir); StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir); - if (!VerifyModuleSignature (srcPath)) + if (!VerifyModuleSignatureAllowingMicrosoftWHQL (srcPath)) { Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); goto stop; @@ -4969,7 +4969,7 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa // Driver ARM64 StringCbPrintfW(srcPath, sizeof(srcPath), L"%s\\veracrypt-arm64.sys", appDir); StringCbPrintfW(dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-arm64.sys", dstDir); - if (!VerifyModuleSignature(srcPath)) + if (!VerifyModuleSignatureAllowingMicrosoftWHQL(srcPath)) { Error("DIST_PACKAGE_CORRUPTED", hwndDlg); goto stop; @@ -4983,19 +4983,23 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa else { int fileNo = 0; - BOOL bMsiX64Case = FALSE; - // get file from the Setup binary after checking its signature and its version + BOOL bMsiPackage = FALSE; + BOOL bCopiedX64App = FALSE; + BOOL bCopiedX64Driver = FALSE; + BOOL bCopiedX64Wizard = FALSE; + BOOL bCopiedX64Expander = FALSE; + // Get files from the IDRIX-signed setup or COMReg package after checking its signature and integrity. StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt COMReg.exe", appDir); // MSI installation case if (FileExists(srcPath)) { - bMsiX64Case = TRUE; + bMsiPackage = TRUE; } else StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Setup.exe", appDir); // EXE installation case FreeAllFileBuffers (); - if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath, TRUE) || (!bMsiX64Case && (Decompressed_Files_Count != NBR_COMPRESSED_FILES))) + if (!VerifyPackageIntegrity (srcPath) || !SelfExtractInMemory (srcPath, TRUE) || (!bMsiPackage && (Decompressed_Files_Count != NBR_COMPRESSED_FILES))) { MessageBoxW (hwndDlg, GetString ("DIST_PACKAGE_CORRUPTED"), lpszTitle, MB_ICONEXCLAMATION); goto stop; @@ -5071,71 +5075,21 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONERROR | MB_SETFOREGROUND | MB_TOPMOST); goto stop; } + + if (wcscmp (fileName, L"VeraCrypt-x64.exe") == 0) + bCopiedX64App = TRUE; + else if (wcscmp (fileName, L"veracrypt-x64.sys") == 0) + bCopiedX64Driver = TRUE; + else if (wcscmp (fileName, L"VeraCrypt Format-x64.exe") == 0) + bCopiedX64Wizard = TRUE; + else if (wcscmp (fileName, L"VeraCryptExpander-x64.exe") == 0) + bCopiedX64Expander = TRUE; } - if (bMsiX64Case) + if (bMsiPackage && (!bCopiedX64App || !bCopiedX64Driver || (copyWizard && !bCopiedX64Wizard) || (copyExpander && !bCopiedX64Expander))) { - // Main app - StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt.exe", appDir); - StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt-x64.exe", dstDir); - if (!VerifyModuleSignature (srcPath)) - { - Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); - goto stop; - } - else if (!TCCopyFile (srcPath, dstPath)) - { - handleWin32Error (hwndDlg, SRC_POS); - goto stop; - } - - // Wizard - if (copyWizard) - { - StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCrypt Format.exe", appDir); - StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCrypt Format-x64.exe", dstDir); - if (!VerifyModuleSignature (srcPath)) - { - Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); - goto stop; - } - else if (!TCCopyFile (srcPath, dstPath)) - { - handleWin32Error (hwndDlg, SRC_POS); - goto stop; - } - } - - // Expander - if (copyExpander) - { - StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\VeraCryptExpander.exe", appDir); - StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\VeraCryptExpander-x64.exe", dstDir); - if (!VerifyModuleSignature (srcPath)) - { - Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); - goto stop; - } - else if (!TCCopyFile (srcPath, dstPath)) - { - handleWin32Error (hwndDlg, SRC_POS); - goto stop; - } - } - - // Driver - StringCbPrintfW (srcPath, sizeof(srcPath), L"%s\\veracrypt.sys", appDir); - StringCbPrintfW (dstPath, sizeof(dstPath), L"%s\\VeraCrypt\\veracrypt-x64.sys", dstDir); - if (!VerifyModuleSignature (srcPath)) - { - Error ("DIST_PACKAGE_CORRUPTED", hwndDlg); - goto stop; - } - else if (!TCCopyFile (srcPath, dstPath)) - { - handleWin32Error (hwndDlg, SRC_POS); - goto stop; - } + MessageBoxW (hwndDlg, GetString ("DIST_PACKAGE_CORRUPTED"), lpszTitle, MB_ICONEXCLAMATION); + goto stop; } }