/*
ExpandVolume
Sets the volume size in the volume header (and backup header) to a larger value,
and resizes the filesystem within the volume (only NTFS supported)
Parameters:
hwndDlg : HWND
[in] handle to progress dialog
lpszVolume : char *
[in] Pointer to a string that contains the path to the truecrypt volume
pVolumePassword : Password *
[in] Pointer to the volume password
newHostSize : uint64
[in] new value of the volume host size (can be zero for devices,
which means the volume should use all space of the host device)
initFreeSpace : BOOL
[in] if true, the new volume space will be initalized with random data
Return value:
int with Truecrypt error code (ERR_SUCCESS on success)
Remarks: a lot of code is from TrueCrypt 'Common\Password.c' :: ChangePwd()
*/
static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePassword, int VolumePkcs5, int VolumePim, uint64 newHostSize, BOOL initFreeSpace)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
wchar_t szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
wchar_t szDosDevice[TC_MAX_PATH];
char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
void *dev = INVALID_HANDLE_VALUE;
DWORD dwError;
BOOL bDevice;
uint64 hostSize=0, newDataAreaSize, currentVolSize;
DWORD HostSectorSize;
FILETIME ftCreationTime;
FILETIME ftLastWriteTime;
FILETIME ftLastAccessTime;
BOOL bTimeStampValid = FALSE;
LARGE_INTEGER headerOffset;
BOOL backupHeader;
byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
if (pVolumePassword->Length == 0) return -1;
WaitCursor ();
CreateFullVolumePath (szDiskFile, sizeof(szDiskFile), lpszVolume, &bDevice);
if (bDevice == FALSE)
{
wcscpy (szCFDevice, szDiskFile);
}
else
{
nDosLinkCreated = FakeDosNameForDevice (szDiskFile, szDosDevice, sizeof(szDosDevice), szCFDevice, sizeof(szCFDevice), FALSE);
if (nDosLinkCreated != 0) // note: nStatus == ERR_OS_ERROR
goto error;
}
dev = CreateFile (szCFDevice, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (dev == INVALID_HANDLE_VALUE)
goto error;
if (bDevice)
{
/* This is necessary to determine the hidden volume header offset */
if (dev == INVALID_HANDLE_VALUE)
{
goto error;
}
else
{
PARTITION_INFORMATION diskInfo;
DWORD dwResult;
BOOL bResult;
bResult = GetPartitionInfo (lpszVolume, &diskInfo);
if (bResult)
{
hostSize = diskInfo.PartitionLength.QuadPart;
HostSectorSize = TC_SECTOR_SIZE_FILE_HOSTED_VOLUME; //TO DO: get the real host disk sector size
}
else
{
DISK_GEOMETRY driveInfo;
bResult = DeviceIoControl (dev, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0,
&driveInfo, sizeof (driveInfo), &dwResult, NULL);
if (!bResult)
goto error;
hostSize = driveInfo.Cylinders.QuadPart * driveInfo.BytesPerSector *
driveInfo.SectorsPerTrack * driveInfo.TracksPerCylinder;
HostSectorSize = driveInfo.BytesPerSector;
}
if (hostSize == 0)
{
nStatus = ERR_VOL_SIZE_WRONG;
goto error;
}
}
}
else
{
LARGE_INTEGER fileSize;
if (!GetFileSizeEx (dev, &fileSize))
{
nStatus = ERR_OS_ERROR;
goto error;
}
hostSize = fileSize.QuadPart;
HostSectorSize = TC_SECTOR_SIZE_FILE_HOSTED_VOLUME; //TO DO: get the real host disk sector size
}
if (Randinit ())
{
if (CryptoAPILastError == ERROR_SUCCESS)
nStatus = ERR_RAND_INIT_FAILED;
else
nStatus = ERR_CAPI_INIT_FAILED;
goto error;
}
if (!bDevice && bPreserveTimestamp)
{
/* Remember the container modification/creation date and time, (used to reset file date and time of
file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
of hidden volumes (last password change time is stored in the volume header). */
if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
{
bTimeStampValid = FALSE;
MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
}
else
bTimeStampValid = TRUE;
}
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
/* Read in volume header */
nStatus = _lread ((HFILE) dev, buffer, sizeof (buffer));
if (nStatus != sizeof (buffer))
{
// Windows may report EOF when reading sectors from the last cluster of a device formatted as NTFS
memset (buffer, 0, sizeof (buffer));
}
/* Try to decrypt the header */
nStatus = ReadVolumeHeader (FALSE, buffer, pVolumePassword, VolumePkcs5, VolumePim, FALSE, &cryptoInfo, NULL);
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
if (nStatus != 0)
{
cryptoInfo = NULL;
goto error;
}
if (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_ENCRYPTED_SYSTEM)
{
nStatus = ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG;
goto error;
}
if (bDevice && newHostSize == 0)
{
// this means we shall take all host space as new volume size
newHostSize = hostSize;
}
if ( newHostSize % cryptoInfo->SectorSize != 0 || newHostSize > TC_MAX_VOLUME_SIZE || (bDevice && newHostSize > hostSize) )
{
// 1. must be multiple of sector size
// 2. truecrypt volume size limit
// 3. for devices volume size can't be larger than host size
cryptoInfo = NULL;
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
}
newDataAreaSize = GetVolumeDataAreaSize (newHostSize, cryptoInfo->LegacyVolume);
if (cryptoInfo->LegacyVolume)
{
if (bDevice)
{
if (initFreeSpace)
{
// unsupported
cryptoInfo = NULL;
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
}
else
{
// note: dummy value (only used for parameter checks)
cryptoInfo->VolumeSize.Value = newDataAreaSize - TC_MINVAL_FS_EXPAND;
}
}
else
{
cryptoInfo->VolumeSize.Value = GetVolumeDataAreaSize (hostSize, TRUE);
}
}
currentVolSize = GetVolumeSizeByDataAreaSize (cryptoInfo->VolumeSize.Value, cryptoInfo->LegacyVolume);
if ( newDataAreaSize < cryptoInfo->VolumeSize.Value + TC_MINVAL_FS_EXPAND )
{
// shrinking a volume or enlarging by less then TC_MINVAL_FS_EXPAND is not allowed
cryptoInfo = NULL;
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
}
InitProgressBar ( newHostSize, currentVolSize, FALSE, FALSE, FALSE, TRUE);
if (bVolTransformThreadCancel)
{
SetLastError(0);
nStatus = ERR_USER_ABORT;
goto error;
}
if (!bDevice) {
LARGE_INTEGER liNewSize;
liNewSize.QuadPart=(LONGLONG)newHostSize;
// Preallocate the file
if (!SetFilePointerEx (dev, liNewSize, NULL, FILE_BEGIN)
|| !SetEndOfFile (dev)
|| SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
{
nStatus = ERR_OS_ERROR;
goto error;
}
}
if (initFreeSpace)
{
uint64 startSector;
int64 num_sectors;
// fill new space with random data
startSector = currentVolSize/HostSectorSize ;
num_sectors = (newHostSize/HostSectorSize) - startSector;
if (bDevice && !StartFormatWriteThread())
{
nStatus = ERR_OS_ERROR;
goto error;
}
DebugAddProgressDlgStatus(hwndDlg, L"Writing random data to new space ...\r\n");
SetFormatSectorSize(HostSectorSize);
nStatus = FormatNoFs (hwndDlg, startSector, num_sectors, dev, cryptoInfo, FALSE);
dwError = GetLastError();
StopFormatWriteThread();
SetLastError (dwError);
}
else
{
UpdateProgressBar(newHostSize);
}
if (nStatus != ERR_SUCCESS)
{
dwError = GetLastError();
DebugAddProgressDlgStatus(hwndDlg, L"Error: failed to write random data ...\r\n");
if ( !bDevice ) {
// restore original size of the container file
LARGE_INTEGER liOldSize;
liOldSize.QuadPart=(LONGLONG)hostSize;
if (!SetFilePointerEx (dev, liOldSize, NULL, FILE_BEGIN) || !SetEndOfFile (dev))
{
DebugAddProgressDlgStatus(hwndDlg, L"Warning: failed to restore original size of the container file\r\n");
}
}
SetLastError (dwError);
goto error;
}
RandSetHashFunction (cryptoInfo->pkcs5);
// Re-encrypt the volume header forn non-legacy volumes: backup header first
backupHeader = TRUE;
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET + newHostSize - TC_VOLUME_HEADER_GROUP_SIZE;
/* note: updating the header is not neccessary for legay volumes */
while ( !cryptoInfo->LegacyVolume )
{
if (backupHeader)
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted backup header ...\r\n");
else
DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer,
cryptoInfo->ea,
cryptoInfo->mode,
pVolumePassword,
cryptoInfo->pkcs5,
VolumePim,
(char*)(cryptoInfo->master_keydata),
&ci,
newDataAreaSize,
0, // hiddenVolumeSize
cryptoInfo->EncryptedAreaStart.Value,
newDataAreaSize,
cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags,
cryptoInfo->SectorSize,
TRUE ); // use slow poll
if (ci != NULL)
crypto_close (ci);
if (nStatus != 0)
goto error;
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
nStatus = _lwrite ((HFILE) dev, buffer, TC_VOLUME_HEADER_EFFECTIVE_SIZE);
if (nStatus != TC_VOLUME_HEADER_EFFECTIVE_SIZE)
{
nStatus = ERR_OS_ERROR;
goto error;
}
if ( ( backupHeader && !initFreeSpace )
|| ( bDevice
&& !cryptoInfo->LegacyVolume
&& !cryptoInfo->hiddenVolume
&& cryptoInfo->HeaderVersion == 4 // BUG in TrueCrypt: doing this only for v4 make no sense
&& (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0
&& (cryptoInfo->HeaderFlags & ~TC_HEADER_FLAG_NONSYS_INPLACE_ENC) == 0 )
)
{
//DebugAddProgressDlgStatus(hwndDlg, L"WriteRandomDataToReservedHeaderAreas() ...\r\n");
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
if (nStatus != ERR_SUCCESS)
goto error;
}
FlushFileBuffers (dev);
if (!backupHeader)
break;
backupHeader = FALSE;
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET; // offset for main header
}
/* header successfully updated */
nStatus = ERR_SUCCESS;
if (bVolTransformThreadCancel)
{
nStatus = ERR_USER_ABORT;
goto error;
}
/* wipe old backup header */
if ( !cryptoInfo->LegacyVolume )
{
byte wipeRandChars [TC_WIPE_RAND_CHAR_COUNT];
byte wipeRandCharsUpdate [TC_WIPE_RAND_CHAR_COUNT];
byte wipePass;
UINT64_STRUCT unitNo;
LARGE_INTEGER offset;
WipeAlgorithmId wipeAlgorithm = TC_WIPE_35_GUTMANN;
if ( !RandgetBytes (hwndDlg, wipeRandChars, TC_WIPE_RAND_CHAR_COUNT, TRUE)
|| !RandgetBytes (hwndDlg, wipeRandCharsUpdate, TC_WIPE_RAND_CHAR_COUNT, TRUE)
)
{
nStatus = ERR_OS_ERROR;
goto error;
}
DebugAddProgressDlgStatus(hwndDlg, L"Wiping old backup header ...\r\n");
wipeBuffer = (byte *) TCalloc (workChunkSize);
if (!wipeBuffer)
{
nStatus = ERR_OUTOFMEMORY;
goto error;
}
offset.QuadPart = currentVolSize - TC_VOLUME_HEADER_GROUP_SIZE;
unitNo.Value = offset.QuadPart;
for (wipePass = 1; wipePass <= GetWipePassCount (wipeAlgorithm); ++wipePass)
{
if (!WipeBuffer (wipeAlgorithm, wipeRandChars, wipePass, wipeBuffer, workChunkSize))
{
ULONG i;
for (i = 0; i < workChunkSize; ++i)
{
wipeBuffer[i] = wipePass;
}
EncryptDataUnits (wipeBuffer, &unitNo, workChunkSize / ENCRYPTION_DATA_UNIT_SIZE, cryptoInfo);
memcpy (wipeRandCharsUpdate, wipeBuffer, sizeof (wipeRandCharsUpdate));
}
if ( !SetFilePointerEx (dev, offset, NULL, FILE_BEGIN)
|| _lwrite ((HFILE)dev, (LPCSTR)wipeBuffer, workChunkSize) == HFILE_ERROR
)
{
// Write error
DebugAddProgressDlgStatus(hwndDlg, L"Warning: Failed to wipe old backup header\r\n");
MessageBoxW (hwndDlg, L"WARNING: Failed to wipe old backup header!\n\nIt may be possible to use the current volume password to decrypt the old backup header even after a future password change.\n", lpszTitle, MB_OK | MB_ICONEXCLAMATION);
if (wipePass == 1)
continue; // retry once
// non-critical error - it's better to continue
nStatus = ERR_SUCCESS;
goto error;
}
FlushFileBuffers(dev);
// we don't check FlushFileBuffers() return code, because it fails for devices
// (same implementation in password.c - a bug or not ???)
}
burn (wipeRandChars, TC_WIPE_RAND_CHAR_COUNT);
burn (wipeRandCharsUpdate, TC_WIPE_RAND_CHAR_COUNT);
}
error:
dwError = GetLastError ();
if (wipeBuffer)
{
burn (wipeBuffer, workChunkSize);
TCfree (wipeBuffer);
wipeBuffer = NULL;
}
burn (buffer, sizeof (buffer));
if (cryptoInfo != NULL)
crypto_close (cryptoInfo);
if (bTimeStampValid)
{
// Restore the container timestamp (to preserve plausible deniability of possible hidden volume).
if (SetFileTime (dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
MessageBoxW (hwndDlg, GetString ("SETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
}
if (dev != INVALID_HANDLE_VALUE)
CloseHandle ((HANDLE) dev);
if (nDosLinkCreated == 0)
RemoveFakeDosName (szDiskFile, szDosDevice);
RandStop (FALSE);
if (bVolTransformThreadCancel)
nStatus = ERR_USER_ABORT;
SetLastError (dwError);
if (nStatus == ERR_SUCCESS)
{
nStatus = ExtendFileSystem (hwndDlg, lpszVolume, pVolumePassword, VolumePkcs5, VolumePim, newDataAreaSize);
}
return nStatus;
}
int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
{
int nStatus;
PCRYPTO_INFO cryptoInfo = NULL;
HANDLE dev = INVALID_HANDLE_VALUE;
DWORD dwError;
char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
unsigned __int64 num_sectors, startSector;
fatparams ft;
FILETIME ftCreationTime;
FILETIME ftLastWriteTime;
FILETIME ftLastAccessTime;
BOOL bTimeStampValid = FALSE;
BOOL bInstantRetryOtherFilesys = FALSE;
char dosDev[TC_MAX_PATH] = { 0 };
char devName[MAX_PATH] = { 0 };
int driveLetter = -1;
WCHAR deviceName[MAX_PATH];
uint64 dataOffset, dataAreaSize;
LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg;
FormatSectorSize = volParams->sectorSize;
if (FormatSectorSize < TC_MIN_VOLUME_SECTOR_SIZE
|| FormatSectorSize > TC_MAX_VOLUME_SECTOR_SIZE
|| FormatSectorSize % ENCRYPTION_DATA_UNIT_SIZE != 0)
{
Error ("SECTOR_SIZE_UNSUPPORTED", hwndDlg);
return ERR_DONT_REPORT;
}
/* WARNING: Note that if Windows fails to format the volume as NTFS and the volume size is
less than the maximum FAT size, the user is asked within this function whether he wants to instantly
retry FAT format instead (to avoid having to re-create the whole container again). If the user
answers yes, some of the input parameters are modified, the code below 'begin_format' is re-executed
and some destructive operations that were performed during the first attempt must be (and are) skipped.
Therefore, whenever adding or modifying any potentially destructive operations below 'begin_format',
determine whether they (or their portions) need to be skipped during such a second attempt; if so,
use the 'bInstantRetryOtherFilesys' flag to skip them. */
if (volParams->hiddenVol)
{
dataOffset = volParams->hiddenVolHostSize - TC_VOLUME_HEADER_GROUP_SIZE - volParams->size;
}
else
{
if (volParams->size <= TC_TOTAL_VOLUME_HEADERS_SIZE)
return ERR_VOL_SIZE_WRONG;
dataOffset = TC_VOLUME_DATA_OFFSET;
}
dataAreaSize = GetVolumeDataAreaSize (volParams->hiddenVol, volParams->size);
num_sectors = dataAreaSize / FormatSectorSize;
if (volParams->bDevice)
{
StringCbCopyA ((char *)deviceName, sizeof(deviceName), volParams->volumePath);
ToUNICODE ((char *)deviceName, sizeof(deviceName));
driveLetter = GetDiskDeviceDriveLetter (deviceName);
}
VirtualLock (header, sizeof (header));
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
volParams->ea,
FIRST_MODE_OF_OPERATION_ID,
volParams->password,
volParams->pkcs5,
volParams->pim,
NULL,
&cryptoInfo,
dataAreaSize,
volParams->hiddenVol ? dataAreaSize : 0,
dataOffset,
dataAreaSize,
0,
volParams->headerFlags,
FormatSectorSize,
FALSE);
if (nStatus != 0)
{
burn (header, sizeof (header));
VirtualUnlock (header, sizeof (header));
return nStatus;
}
begin_format:
if (volParams->bDevice)
{
/* Device-hosted volume */
DWORD dwResult;
int nPass;
if (FakeDosNameForDevice (volParams->volumePath, dosDev, sizeof(dosDev), devName, sizeof(devName), FALSE) != 0)
return ERR_OS_ERROR;
if (IsDeviceMounted (devName))
{
if ((dev = DismountDrive (devName, volParams->volumePath)) == INVALID_HANDLE_VALUE)
{
Error ("FORMAT_CANT_DISMOUNT_FILESYS", hwndDlg);
nStatus = ERR_DONT_REPORT;
goto error;
}
/* Gain "raw" access to the partition (it contains a live filesystem and the filesystem driver
would otherwise prevent us from writing to hidden sectors). */
if (!DeviceIoControl (dev,
FSCTL_ALLOW_EXTENDED_DASD_IO,
NULL,
0,
NULL,
0,
&dwResult,
NULL))
{
bFailedRequiredDASD = TRUE;
}
}
else if (IsOSAtLeast (WIN_VISTA) && driveLetter == -1)
{
// Windows Vista doesn't allow overwriting sectors belonging to an unformatted partition
// to which no drive letter has been assigned under the system. This problem can be worked
// around by assigning a drive letter to the partition temporarily.
char szDriveLetter[] = { 'A', ':', 0 };
char rootPath[] = { 'A', ':', '\\', 0 };
char uniqVolName[MAX_PATH+1] = { 0 };
int tmpDriveLetter = -1;
BOOL bResult = FALSE;
tmpDriveLetter = GetFirstAvailableDrive ();
if (tmpDriveLetter != -1)
{
rootPath[0] += (char) tmpDriveLetter;
szDriveLetter[0] += (char) tmpDriveLetter;
if (DefineDosDevice (DDD_RAW_TARGET_PATH, szDriveLetter, volParams->volumePath))
{
bResult = GetVolumeNameForVolumeMountPoint (rootPath, uniqVolName, MAX_PATH);
DefineDosDevice (DDD_RAW_TARGET_PATH|DDD_REMOVE_DEFINITION|DDD_EXACT_MATCH_ON_REMOVE,
szDriveLetter,
volParams->volumePath);
if (bResult
&& SetVolumeMountPoint (rootPath, uniqVolName))
{
// The drive letter can be removed now
DeleteVolumeMountPoint (rootPath);
}
}
}
}
// For extra safety, we will try to gain "raw" access to the partition. Note that this should actually be
// redundant because if the filesystem was mounted, we already tried to obtain DASD above. If we failed,
// bFailedRequiredDASD was set to TRUE and therefore we will perform pseudo "quick format" below. However,
// for extra safety, in case IsDeviceMounted() failed to detect a live filesystem, we will blindly
// send FSCTL_ALLOW_EXTENDED_DASD_IO (possibly for a second time) without checking the result.
DeviceIoControl (dev,
FSCTL_ALLOW_EXTENDED_DASD_IO,
NULL,
0,
NULL,
0,
&dwResult,
NULL);
// If DASD is needed but we failed to obtain it, perform open - 'quick format' - close - open
// so that the filesystem driver does not prevent us from formatting hidden sectors.
for (nPass = (bFailedRequiredDASD ? 0 : 1); nPass < 2; nPass++)
{
int retryCount;
retryCount = 0;
// Try exclusive access mode first
// Note that when exclusive access is denied, it is worth retrying (usually succeeds after a few tries).
while (dev == INVALID_HANDLE_VALUE && retryCount++ < EXCL_ACCESS_MAX_AUTO_RETRIES)
{
dev = CreateFile (devName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (retryCount > 1)
Sleep (EXCL_ACCESS_AUTO_RETRY_DELAY);
}
if (dev == INVALID_HANDLE_VALUE)
{
// Exclusive access denied -- retry in shared mode
dev = CreateFile (devName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (dev != INVALID_HANDLE_VALUE)
{
if (!volParams->bForceOperation && (Silent || (IDNO == MessageBoxW (volParams->hwndDlg, GetString ("DEVICE_IN_USE_FORMAT"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2))))
{
nStatus = ERR_DONT_REPORT;
goto error;
}
}
else
{
handleWin32Error (volParams->hwndDlg, SRC_POS);
Error ("CANT_ACCESS_VOL", hwndDlg);
nStatus = ERR_DONT_REPORT;
goto error;
}
}
if (volParams->hiddenVol || bInstantRetryOtherFilesys)
break; // The following "quick format" operation would damage the outer volume
if (nPass == 0)
{
char buf [2 * TC_MAX_VOLUME_SECTOR_SIZE];
DWORD bw;
// Perform pseudo "quick format" so that the filesystem driver does not prevent us from
// formatting hidden sectors
memset (buf, 0, sizeof (buf));
if (!WriteFile (dev, buf, sizeof (buf), &bw, NULL))
{
nStatus = ERR_OS_ERROR;
goto error;
}
FlushFileBuffers (dev);
CloseHandle (dev);
dev = INVALID_HANDLE_VALUE;
}
}
if (DeviceIoControl (dev, FSCTL_IS_VOLUME_MOUNTED, NULL, 0, NULL, 0, &dwResult, NULL))
{
Error ("FORMAT_CANT_DISMOUNT_FILESYS", hwndDlg);
nStatus = ERR_DONT_REPORT;
goto error;
}
}
else
{
/* File-hosted volume */
dev = CreateFile (volParams->volumePath, GENERIC_READ | GENERIC_WRITE,
(volParams->hiddenVol || bInstantRetryOtherFilesys) ? (FILE_SHARE_READ | FILE_SHARE_WRITE) : 0,
NULL, (volParams->hiddenVol || bInstantRetryOtherFilesys) ? OPEN_EXISTING : CREATE_ALWAYS, 0, NULL);
if (dev == INVALID_HANDLE_VALUE)
{
nStatus = ERR_OS_ERROR;
goto error;
}
DisableFileCompression (dev);
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{
LARGE_INTEGER volumeSize;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
if (volParams->sparseFileSwitch && volParams->quickFormat)
{
// Create as sparse file container
DWORD tmp;
if (!DeviceIoControl (dev, FSCTL_SET_SPARSE, NULL, 0, NULL, 0, &tmp, NULL))
{
nStatus = ERR_OS_ERROR;
goto error;
}
}
// Preallocate the file
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
|| !SetEndOfFile (dev)
|| SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0)
{
nStatus = ERR_OS_ERROR;
goto error;
}
}
}
if (volParams->hiddenVol && !volParams->bDevice && bPreserveTimestamp)
{
if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
bTimeStampValid = FALSE;
else
bTimeStampValid = TRUE;
}
if (volParams->hwndDlg && volParams->bGuiMode) KillTimer (volParams->hwndDlg, TIMER_ID_RANDVIEW);
/* Volume header */
// Hidden volume setup
if (volParams->hiddenVol)
{
LARGE_INTEGER headerOffset;
// Check hidden volume size
if (volParams->hiddenVolHostSize < TC_MIN_HIDDEN_VOLUME_HOST_SIZE || volParams->hiddenVolHostSize > TC_MAX_HIDDEN_VOLUME_HOST_SIZE)
{
nStatus = ERR_VOL_SIZE_WRONG;
goto error;
}
// Seek to hidden volume header location
headerOffset.QuadPart = TC_HIDDEN_VOLUME_HEADER_OFFSET;
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
}
else if (bInstantRetryOtherFilesys)
{
// The previous file system format failed and the user wants to try again with a different file system.
// The volume header had been written successfully so we need to seek to the byte after the header.
LARGE_INTEGER offset;
offset.QuadPart = TC_VOLUME_DATA_OFFSET;
if (!SetFilePointerEx ((HANDLE) dev, offset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
}
if (!bInstantRetryOtherFilesys)
{
// Write the volume header
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
nStatus = ERR_OS_ERROR;
goto error;
}
// To prevent fragmentation, write zeroes to reserved header sectors which are going to be filled with random data
if (!volParams->bDevice && !volParams->hiddenVol)
{
byte buf[TC_VOLUME_HEADER_GROUP_SIZE - TC_VOLUME_HEADER_EFFECTIVE_SIZE];
DWORD bytesWritten;
ZeroMemory (buf, sizeof (buf));
if (!WriteFile (dev, buf, sizeof (buf), &bytesWritten, NULL))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (bytesWritten != sizeof (buf))
{
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
}
}
}
if (volParams->hiddenVol)
{
// Calculate data area position of hidden volume
cryptoInfo->hiddenVolumeOffset = dataOffset;
// Validate the offset
if (dataOffset % FormatSectorSize != 0)
{
nStatus = ERR_VOL_SIZE_WRONG;
goto error;
}
volParams->quickFormat = TRUE; // To entirely format a hidden volume would be redundant
}
/* Data area */
startSector = dataOffset / FormatSectorSize;
// Format filesystem
switch (volParams->fileSystem)
{
case FILESYS_NONE:
case FILESYS_NTFS:
if (volParams->bDevice && !StartFormatWriteThread())
{
nStatus = ERR_OS_ERROR;
goto error;
}
nStatus = FormatNoFs (hwndDlg, startSector, num_sectors, dev, cryptoInfo, volParams->quickFormat);
if (volParams->bDevice)
StopFormatWriteThread();
break;
case FILESYS_FAT:
if (num_sectors > 0xFFFFffff)
{
nStatus = ERR_VOL_SIZE_WRONG;
goto error;
}
// Calculate the fats, root dir etc
ft.num_sectors = (unsigned int) (num_sectors);
#if TC_MAX_VOLUME_SECTOR_SIZE > 0xFFFF
#error TC_MAX_VOLUME_SECTOR_SIZE > 0xFFFF
#endif
ft.sector_size = (uint16) FormatSectorSize;
ft.cluster_size = volParams->clusterSize;
memcpy (ft.volume_name, "NO NAME ", 11);
GetFatParams (&ft);
*(volParams->realClusterSize) = ft.cluster_size * FormatSectorSize;
if (volParams->bDevice && !StartFormatWriteThread())
{
nStatus = ERR_OS_ERROR;
goto error;
}
nStatus = FormatFat (hwndDlg, startSector, &ft, (void *) dev, cryptoInfo, volParams->quickFormat);
if (volParams->bDevice)
StopFormatWriteThread();
break;
default:
nStatus = ERR_PARAMETER_INCORRECT;
goto error;
}
if (nStatus != ERR_SUCCESS)
goto error;
// Write header backup
offset.QuadPart = volParams->hiddenVol ? volParams->hiddenVolHostSize - TC_HIDDEN_VOLUME_HEADER_OFFSET : dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
if (!SetFilePointerEx ((HANDLE) dev, offset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
volParams->ea,
FIRST_MODE_OF_OPERATION_ID,
volParams->password,
volParams->pkcs5,
volParams->pim,
cryptoInfo->master_keydata,
&cryptoInfo,
dataAreaSize,
volParams->hiddenVol ? dataAreaSize : 0,
dataOffset,
dataAreaSize,
0,
volParams->headerFlags,
FormatSectorSize,
FALSE);
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
nStatus = ERR_OS_ERROR;
goto error;
}
// Fill reserved header sectors (including the backup header area) with random data
if (!volParams->hiddenVol)
{
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
if (nStatus != ERR_SUCCESS)
goto error;
}
#ifndef DEBUG
if (volParams->quickFormat && volParams->fileSystem != FILESYS_NTFS)
Sleep (500); // User-friendly GUI
#endif
error:
dwError = GetLastError();
burn (header, sizeof (header));
VirtualUnlock (header, sizeof (header));
if (dev != INVALID_HANDLE_VALUE)
{
if (!volParams->bDevice && !volParams->hiddenVol && nStatus != 0)
{
// Remove preallocated part before closing file handle if format failed
if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) == 0)
SetEndOfFile (dev);
}
FlushFileBuffers (dev);
if (bTimeStampValid)
SetFileTime (dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
CloseHandle (dev);
dev = INVALID_HANDLE_VALUE;
}
if (nStatus != 0)
{
SetLastError(dwError);
goto fv_end;
}
if (volParams->fileSystem == FILESYS_NTFS)
{
// Quick-format volume as NTFS
int driveNo = GetLastAvailableDrive ();
MountOptions mountOptions;
int retCode;
ZeroMemory (&mountOptions, sizeof (mountOptions));
if (driveNo == -1)
{
if (!Silent)
{
MessageBoxW (volParams->hwndDlg, GetString ("NO_FREE_DRIVES"), lpszTitle, ICON_HAND);
MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND);
}
nStatus = ERR_NO_FREE_DRIVES;
goto fv_end;
}
mountOptions.ReadOnly = FALSE;
mountOptions.Removable = FALSE;
mountOptions.ProtectHiddenVolume = FALSE;
mountOptions.PreserveTimestamp = bPreserveTimestamp;
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
if (MountVolume (volParams->hwndDlg, driveNo, volParams->volumePath, volParams->password, volParams->pkcs5, volParams->pim, FALSE, FALSE, TRUE, &mountOptions, FALSE, TRUE) < 1)
{
if (!Silent)
{
MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND);
MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND);
}
nStatus = ERR_VOL_MOUNT_FAILED;
goto fv_end;
}
if (!Silent && !IsAdmin () && IsUacSupported ())
retCode = UacFormatNtfs (volParams->hwndDlg, driveNo, volParams->clusterSize);
else
retCode = FormatNtfs (driveNo, volParams->clusterSize);
if (retCode != TRUE)
{
if (!UnmountVolumeAfterFormatExCall (volParams->hwndDlg, driveNo) && !Silent)
MessageBoxW (volParams->hwndDlg, GetString ("CANT_DISMOUNT_VOLUME"), lpszTitle, ICON_HAND);
if (dataAreaSize <= TC_MAX_FAT_SECTOR_COUNT * FormatSectorSize)
{
if (AskErrYesNo ("FORMAT_NTFS_FAILED_ASK_FAT", hwndDlg) == IDYES)
{
// NTFS format failed and the user wants to try FAT format immediately
volParams->fileSystem = FILESYS_FAT;
bInstantRetryOtherFilesys = TRUE;
volParams->quickFormat = TRUE; // Volume has already been successfully TC-formatted
volParams->clusterSize = 0; // Default cluster size
goto begin_format;
}
}
else
Error ("FORMAT_NTFS_FAILED", hwndDlg);
nStatus = ERR_DONT_REPORT;
goto fv_end;
}
if (!UnmountVolumeAfterFormatExCall (volParams->hwndDlg, driveNo) && !Silent)
MessageBoxW (volParams->hwndDlg, GetString ("CANT_DISMOUNT_VOLUME"), lpszTitle, ICON_HAND);
}
fv_end:
dwError = GetLastError();
if (dosDev[0])
RemoveFakeDosName (volParams->volumePath, dosDev);
crypto_close (cryptoInfo);
SetLastError (dwError);
return nStatus;
}
int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, int old_pim, BOOL truecryptMode, Password *newPassword, int pkcs5, int pim, int wipePassCount, HWND hwndDlg)
{
int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;
char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];
char szDosDevice[TC_MAX_PATH];
char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];
PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
void *dev = INVALID_HANDLE_VALUE;
DWORD dwError;
DWORD bytesRead;
BOOL bDevice;
unsigned __int64 hostSize = 0;
int volumeType;
int wipePass;
FILETIME ftCreationTime;
FILETIME ftLastWriteTime;
FILETIME ftLastAccessTime;
BOOL bTimeStampValid = FALSE;
LARGE_INTEGER headerOffset;
BOOL backupHeader;
DISK_GEOMETRY driveInfo;
if (oldPassword->Length == 0 || newPassword->Length == 0) return -1;
if ((wipePassCount <= 0) || (truecryptMode && (old_pkcs5 == SHA256)))
{
nStatus = ERR_PARAMETER_INCORRECT;
handleError (hwndDlg, nStatus, SRC_POS);
return nStatus;
}
if (!lpszVolume)
{
nStatus = ERR_OUTOFMEMORY;
handleError (hwndDlg, nStatus, SRC_POS);
return nStatus;
}
WaitCursor ();
CreateFullVolumePath (szDiskFile, sizeof(szDiskFile), lpszVolume, &bDevice);
if (bDevice == FALSE)
{
strcpy (szCFDevice, szDiskFile);
}
else
{
nDosLinkCreated = FakeDosNameForDevice (szDiskFile, szDosDevice, sizeof(szDosDevice), szCFDevice, sizeof(szCFDevice),FALSE);
if (nDosLinkCreated != 0)
goto error;
}
dev = CreateFile (szCFDevice, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (dev == INVALID_HANDLE_VALUE)
goto error;
if (bDevice)
{
/* This is necessary to determine the hidden volume header offset */
if (dev == INVALID_HANDLE_VALUE)
{
goto error;
}
else
{
PARTITION_INFORMATION diskInfo;
DWORD dwResult;
BOOL bResult;
bResult = DeviceIoControl (dev, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0,
&driveInfo, sizeof (driveInfo), &dwResult, NULL);
if (!bResult)
goto error;
bResult = GetPartitionInfo (lpszVolume, &diskInfo);
if (bResult)
{
hostSize = diskInfo.PartitionLength.QuadPart;
}
else
{
hostSize = driveInfo.Cylinders.QuadPart * driveInfo.BytesPerSector *
driveInfo.SectorsPerTrack * driveInfo.TracksPerCylinder;
}
if (hostSize == 0)
{
nStatus = ERR_VOL_SIZE_WRONG;
goto error;
}
}
}
else
{
LARGE_INTEGER fileSize;
if (!GetFileSizeEx (dev, &fileSize))
{
nStatus = ERR_OS_ERROR;
goto error;
}
hostSize = fileSize.QuadPart;
}
if (Randinit ())
{
if (CryptoAPILastError == ERROR_SUCCESS)
nStatus = ERR_RAND_INIT_FAILED;
else
nStatus = ERR_CAPI_INIT_FAILED;
goto error;
}
SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */
if (!bDevice && bPreserveTimestamp)
{
if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
bTimeStampValid = FALSE;
else
bTimeStampValid = TRUE;
}
for (volumeType = TC_VOLUME_TYPE_NORMAL; volumeType < TC_VOLUME_TYPE_COUNT; volumeType++)
{
// Seek the volume header
switch (volumeType)
{
case TC_VOLUME_TYPE_NORMAL:
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
break;
case TC_VOLUME_TYPE_HIDDEN:
if (TC_HIDDEN_VOLUME_HEADER_OFFSET + TC_VOLUME_HEADER_SIZE > hostSize)
continue;
headerOffset.QuadPart = TC_HIDDEN_VOLUME_HEADER_OFFSET;
break;
}
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
/* Read in volume header */
if (!ReadEffectiveVolumeHeader (bDevice, dev, buffer, &bytesRead))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (bytesRead != sizeof (buffer))
{
// Windows may report EOF when reading sectors from the last cluster of a device formatted as NTFS
memset (buffer, 0, sizeof (buffer));
}
/* Try to decrypt the header */
nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, old_pim, truecryptMode, &cryptoInfo, NULL);
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
if (nStatus == ERR_PASSWORD_WRONG)
{
continue; // Try next volume type
}
else if (nStatus != 0)
{
cryptoInfo = NULL;
goto error;
}
else
break;
}
if (nStatus != 0)
{
cryptoInfo = NULL;
goto error;
}
if (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_ENCRYPTED_SYSTEM)
{
nStatus = ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG;
goto error;
}
// Change the PKCS-5 PRF if requested by user
if (pkcs5 != 0)
cryptoInfo->pkcs5 = pkcs5;
RandSetHashFunction (cryptoInfo->pkcs5);
NormalCursor();
UserEnrichRandomPool (hwndDlg);
EnableElevatedCursorChange (hwndDlg);
WaitCursor();
/* Re-encrypt the volume header */
backupHeader = FALSE;
while (TRUE)
{
/* The header will be re-encrypted wipePassCount times to prevent adversaries from using
techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy
to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22
times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might
impatiently interupt the process (etc.) we will not use the Gutmann's patterns but will write the
valid re-encrypted header, i.e. pseudorandom data, and there will be many more passes than Guttman
recommends. During each pass we will write a valid working header. Each pass will use the same master
key, and also the same header key, secondary key (XTS), etc., derived from the new password. The only
item that will be different for each pass will be the salt. This is sufficient to cause each "version"
of the header to differ substantially and in a random manner from the versions written during the
other passes. */
for (wipePass = 0; wipePass < wipePassCount; wipePass++)
{
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
buffer,
cryptoInfo->ea,
cryptoInfo->mode,
newPassword,
cryptoInfo->pkcs5,
pim,
cryptoInfo->master_keydata,
&ci,
cryptoInfo->VolumeSize.Value,
(volumeType == TC_VOLUME_TYPE_HIDDEN) ? cryptoInfo->hiddenVolumeSize : 0,
cryptoInfo->EncryptedAreaStart.Value,
cryptoInfo->EncryptedAreaLength.Value,
truecryptMode? 0 : cryptoInfo->RequiredProgramVersion,
cryptoInfo->HeaderFlags,
cryptoInfo->SectorSize,
wipePass < wipePassCount - 1);
if (ci != NULL)
crypto_close (ci);
if (nStatus != 0)
goto error;
if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (!WriteEffectiveVolumeHeader (bDevice, dev, buffer))
{
nStatus = ERR_OS_ERROR;
goto error;
}
if (bDevice
&& !cryptoInfo->LegacyVolume
&& !cryptoInfo->hiddenVolume
&& cryptoInfo->HeaderVersion == 4
&& (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0
&& (cryptoInfo->HeaderFlags & ~TC_HEADER_FLAG_NONSYS_INPLACE_ENC) == 0)
{
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader);
if (nStatus != ERR_SUCCESS)
goto error;
}
FlushFileBuffers (dev);
}
if (backupHeader || cryptoInfo->LegacyVolume)
break;
backupHeader = TRUE;
headerOffset.QuadPart += hostSize - TC_VOLUME_HEADER_GROUP_SIZE;
}
/* Password successfully changed */
nStatus = 0;
error:
dwError = GetLastError ();
burn (buffer, sizeof (buffer));
if (cryptoInfo != NULL)
crypto_close (cryptoInfo);
if (bTimeStampValid)
SetFileTime (dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime);
if (dev != INVALID_HANDLE_VALUE)
CloseHandle ((HANDLE) dev);
if (nDosLinkCreated == 0)
RemoveFakeDosName (szDiskFile, szDosDevice);
RandStop (FALSE);
NormalCursor ();
SetLastError (dwError);
if (nStatus == ERR_OS_ERROR && dwError == ERROR_ACCESS_DENIED
&& bDevice
&& !UacElevated
&& IsUacSupported ())
return nStatus;
if (nStatus != 0)
handleError (hwndDlg, nStatus, SRC_POS);
return nStatus;
}