Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 29 additions & 15 deletions src/Common/Dlgcode.c
Original file line number Diff line number Diff line change
Expand Up @@ -5748,19 +5748,19 @@ BOOL BrowseDirectories(HWND hwndDlg, char *lpszDlgTitle, wchar_t *dirName, const
return bOK;
}

std::wstring GetWrongPasswordErrorMessage (HWND hwndDlg)
static std::wstring GetWrongPasswordErrorMessageEx (HWND hwndDlg, BOOL hiddenVolumeProtection)
{
WCHAR szTmp[8192];

StringCbPrintfW (szTmp, sizeof(szTmp), GetString (KeyFilesEnable ? "PASSWORD_OR_KEYFILE_WRONG" : "PASSWORD_WRONG"));
StringCbPrintfW (szTmp, sizeof(szTmp), GetString (hiddenVolumeProtection ? "HIDVOL_PROT_PASSWORD_OR_KEYFILE_WRONG" : (KeyFilesEnable ? "PASSWORD_OR_KEYFILE_WRONG" : "PASSWORD_WRONG")));
if (CheckCapsLock (hwndDlg, TRUE))
StringCbCatW (szTmp, sizeof(szTmp), GetString ("PASSWORD_WRONG_CAPSLOCK_ON"));

#ifdef TCMOUNT
wchar_t szDevicePath [TC_MAX_PATH+1] = {0};
GetWindowText (GetDlgItem (MainDlg, IDC_VOLUME), szDevicePath, ARRAYSIZE (szDevicePath));

if (TCBootLoaderOnInactiveSysEncDrive (szDevicePath))
if (!hiddenVolumeProtection && TCBootLoaderOnInactiveSysEncDrive (szDevicePath))
{
StringCbPrintfW (szTmp, sizeof(szTmp), GetString (KeyFilesEnable ? "PASSWORD_OR_KEYFILE_OR_MODE_WRONG" : "PASSWORD_OR_MODE_WRONG"));

Expand All @@ -5784,6 +5784,11 @@ std::wstring GetWrongPasswordErrorMessage (HWND hwndDlg)
return msg;
}

std::wstring GetWrongPasswordErrorMessage (HWND hwndDlg)
{
return GetWrongPasswordErrorMessageEx (hwndDlg, FALSE);
}


void handleError (HWND hwndDlg, int code, const char* srcPos)
{
Expand Down Expand Up @@ -9577,24 +9582,33 @@ int MountVolume (HWND hwndDlg,
goto retry;
}

if (bDevice && mount.bProtectHiddenVolume)
if (mount.bProtectHiddenVolume)
{
int diskNo;
BOOL passwordErrorMessageShown = FALSE;

if (swscanf (volumePath, L"\\Device\\Harddisk%d\\Partition", &diskNo) == 1)
if (bDevice)
{
OPEN_TEST_STRUCT openTestStruct;
memset (&openTestStruct, 0, sizeof (openTestStruct));
int diskNo;

if (swscanf (volumePath, L"\\Device\\Harddisk%d\\Partition", &diskNo) == 1)
{
OPEN_TEST_STRUCT openTestStruct;
memset (&openTestStruct, 0, sizeof (openTestStruct));

openTestStruct.bDetectTCBootLoader = TRUE;
StringCchPrintfW ((wchar_t *) openTestStruct.wszFileName, array_capacity (openTestStruct.wszFileName), L"\\Device\\Harddisk%d\\Partition0", diskNo);
openTestStruct.bDetectTCBootLoader = TRUE;
StringCchPrintfW ((wchar_t *) openTestStruct.wszFileName, array_capacity (openTestStruct.wszFileName), L"\\Device\\Harddisk%d\\Partition0", diskNo);

DWORD cbBytesReturned;
if (DeviceIoControl (hDriver, TC_IOCTL_OPEN_TEST, &openTestStruct, sizeof (OPEN_TEST_STRUCT), &openTestStruct, sizeof (OPEN_TEST_STRUCT), &cbBytesReturned, NULL) && openTestStruct.TCBootLoaderDetected)
WarningDirect ((GetWrongPasswordErrorMessage (hwndDlg) + L"\n\n" + GetString ("HIDDEN_VOL_PROT_PASSWORD_US_KEYB_LAYOUT")).c_str(), hwndDlg);
else
handleError (hwndDlg, mount.nReturnCode, SRC_POS);
DWORD cbBytesReturned;
if (DeviceIoControl (hDriver, TC_IOCTL_OPEN_TEST, &openTestStruct, sizeof (OPEN_TEST_STRUCT), &openTestStruct, sizeof (OPEN_TEST_STRUCT), &cbBytesReturned, NULL) && openTestStruct.TCBootLoaderDetected)
{
WarningDirect ((GetWrongPasswordErrorMessageEx (hwndDlg, TRUE) + L"\n\n" + GetString ("HIDDEN_VOL_PROT_PASSWORD_US_KEYB_LAYOUT")).c_str(), hwndDlg);
passwordErrorMessageShown = TRUE;
}
}
}

if (!passwordErrorMessageShown)
MessageBoxW (hwndDlg, AppendSrcPos (GetWrongPasswordErrorMessageEx (hwndDlg, TRUE).c_str(), SRC_POS).c_str(), lpszTitle, MB_ICONWARNING);
}
else
handleError (hwndDlg, mount.nReturnCode, SRC_POS);
Expand Down
7 changes: 5 additions & 2 deletions src/Common/Language.xml
Original file line number Diff line number Diff line change
Expand Up @@ -350,8 +350,6 @@
<entry lang="en" key="IDT_BOX_BENCHMARK_INFO">Speed is affected by CPU load and storage device characteristics.\n\nThese tests take place in RAM.</entry>
<entry lang="en" key="IDT_BUFFER_SIZE">Buffer Size:</entry>
<entry lang="en" key="IDT_CIPHER">Cipher:</entry>
<entry lang="en" key="IDT_HIDDEN_PROT_PASSWD">P&amp;assword to hidden volume:\n(if empty, cache is used)</entry>
<entry lang="en" key="IDT_HIDDEN_VOL_PROTECTION">Hidden Volume Protection</entry>
<entry lang="en" key="IDT_KEY">Key size:</entry>
<entry lang="en" key="IDT_KEYFILE_GENERATOR_NOTE">IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the keyfile.</entry>
<entry lang="en" key="IDT_KEYFILE_WARNING">WARNING: If you lose a keyfile or if any bit of its first 1024 kilobytes changes, it will be impossible to mount volumes that use the keyfile!</entry>
Expand Down Expand Up @@ -1690,6 +1688,11 @@
<entry lang="en" key="MACOSX_REPAIR_FILESYS">A Terminal window will open after you press 'OK' and attempt to repair the file system on the selected VeraCrypt volume using 'diskutil'. The result will be shown in that window.\n\nIf the repair cannot be started, Disk Utility will be launched instead.</entry>
<entry lang="en" key="SYSENC_EFI_LOADER_NOT_TRUSTED_BY_SECUREBOOT">Warning: Secure Boot is enabled, but the Microsoft UEFI CA that signs the installed VeraCrypt EFI bootloader was not found in the firmware Secure Boot database (db). The firmware may refuse to start VeraCrypt at the next reboot, so Windows will not start until Secure Boot is disabled or the trusted certificates/loader set are repaired.\n\nBefore restarting this computer, do not disable or remove Microsoft Corporation UEFI CA 2011 unless the firmware db contains both Microsoft UEFI CA 2023 and Microsoft Option ROM UEFI CA 2023 and VeraCrypt has been repaired/reinstalled so the 2023-signed loader set is installed. Enable the required Microsoft certificates in the BIOS/UEFI settings if needed, then run VeraCrypt Repair/Reinstall. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting.</entry>
<entry lang="en" key="SYSENC_EFI_WINDOWS_LOADER_NOT_TRUSTED_BY_SECUREBOOT">Warning: Secure Boot is enabled, but the Microsoft CA that signs the Windows Boot Manager copy used by VeraCrypt (bootmgfw_ms.vc) was not found in the firmware Secure Boot database (db). After successful pre-boot authentication, the handoff to Windows may fail and the computer may return to the VeraCrypt password prompt.\n\nBefore restarting this computer, do not disable or revoke Microsoft Windows Production PCA 2011 unless Windows Boot Manager has migrated to a Windows UEFI CA 2023-signed version and the firmware db contains Windows UEFI CA 2023. Apply the Windows Secure Boot certificate updates, then run VeraCrypt Repair/Reinstall if needed. Make sure you have an up-to-date VeraCrypt Rescue Disk before restarting.</entry>
<entry lang="en" key="IDT_OUTER_VOL_PASSWORD">Outer p&amp;assword:</entry>
<entry lang="en" key="IDT_HIDDEN_PROT_PASSWD">Hidden volume p&amp;assword:\n(if empty, cache is used)</entry>
<entry lang="en" key="IDT_HIDDEN_VOL_PROTECTION">Hidden Volume Protection (Hidden Credentials)</entry>
<entry lang="en" key="HIDVOL_PROT_PASSWORD_OR_KEYFILE_WRONG">Operation failed while hidden volume protection was enabled.\n\nUse the OUTER (decoy) volume password, PIM, PRF, and keyfile(s), if any, in the main password dialog. Use the HIDDEN volume password, PIM, PRF, and keyfile(s), if any, in Mount Options &gt; Hidden Volume Protection.\n\nOne or more credentials may be incorrect, or the selected volume may be invalid or unsupported.</entry>
<entry lang="en" key="HIDVOL_PROT_OUTER_CREDENTIALS_NOTE">Use OUTER (decoy) volume password, PIM, PRF/KDF, and keyfile(s) here. Use HIDDEN credentials in Mount Options &gt; Hidden Volume Protection.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
Expand Down
24 changes: 23 additions & 1 deletion src/Mount/Mount.c
Original file line number Diff line number Diff line change
Expand Up @@ -3572,6 +3572,25 @@ static wchar_t PasswordDlgVolume[MAX_PATH + 1];
static BOOL PasswordDialogDisableMountOptions;
static char *PasswordDialogTitleStringId;

static void UpdatePasswordDlgPasswordLabel (HWND hwndDlg)
{
SetDlgItemTextW (hwndDlg, IDT_PASSWORD,
GetString (!PasswordDialogDisableMountOptions && mountOptions.ProtectHiddenVolume ? "IDT_OUTER_VOL_PASSWORD" : "IDT_PASSWORD"));

if (!PasswordDialogDisableMountOptions && mountOptions.ProtectHiddenVolume)
{
EDITBALLOONTIP ebt;
ebt.cbStruct = sizeof (EDITBALLOONTIP);
ebt.pszText = GetString ("HIDVOL_PROT_OUTER_CREDENTIALS_NOTE");
ebt.pszTitle = GetString ("IDT_HIDDEN_VOL_PROTECTION");
ebt.ttiIcon = TTI_INFO_LARGE;

SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_SHOWBALLOONTIP, 0, (LPARAM) &ebt);
}
else
SendMessage (GetDlgItem (hwndDlg, IDC_PASSWORD), EM_HIDEBALLOONTIP, 0, 0);
}

/* Except in response to the WM_INITDIALOG message, the dialog box procedure
should return nonzero if it processes the message, and zero if it does
not. - see DialogProc */
Expand Down Expand Up @@ -3639,6 +3658,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
SendMessage (hComboBox, CB_SETCURSEL, defaultPrfIndex, 0);

ToNormalPwdField (hwndDlg, IDC_PASSWORD);
UpdatePasswordDlgPasswordLabel (hwndDlg);
SendMessage (GetDlgItem (hwndDlg, IDC_CACHE), BM_SETCHECK, bCacheInDriver ? BST_CHECKED:BST_UNCHECKED, 0);
SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, MAX_PIM, 0);

Expand Down Expand Up @@ -3842,6 +3862,7 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
DialogBoxParamW (hInst,
MAKEINTRESOURCEW (IDD_MOUNT_OPTIONS), hwndDlg,
(DLGPROC) MountOptionsDlgProc, (LPARAM) &mountOptions);
UpdatePasswordDlgPasswordLabel (hwndDlg);

if (!bPrebootPasswordDlgMode && mountOptions.PartitionInInactiveSysEncScope)
SendMessage (hwndDlg, TC_APPMSG_PREBOOT_PASSWORD_MODE, 0, 0);
Expand Down Expand Up @@ -6618,7 +6639,8 @@ static BOOL MountAllDevicesThreadCode (HWND hwndDlg, MountAllDevicesThreadParam*
{
WCHAR szTmp[4096];

StringCbPrintfW (szTmp, sizeof(szTmp), GetString (KeyFilesEnable || FirstCmdKeyFile ? "PASSWORD_OR_KEYFILE_WRONG_AUTOMOUNT" : "PASSWORD_WRONG_AUTOMOUNT"));
StringCbPrintfW (szTmp, sizeof(szTmp),
GetString (mountOptions.ProtectHiddenVolume ? "HIDVOL_PROT_PASSWORD_OR_KEYFILE_WRONG" : (KeyFilesEnable || FirstCmdKeyFile ? "PASSWORD_OR_KEYFILE_WRONG_AUTOMOUNT" : "PASSWORD_WRONG_AUTOMOUNT")));
if (CheckCapsLock (hwndDlg, TRUE))
StringCbCatW (szTmp, sizeof(szTmp), GetString ("PASSWORD_WRONG_CAPSLOCK_ON"));

Expand Down
Loading