wchar_t wszVolume[26][TC_MAX_PATH]; /* Volume names of mounted volumes */

unsigned __int64 diskLength[26];

int ea[26];

int volumeType[26]; /* Volume type (e.g. PROP_VOL_TYPE_OUTER, PROP_VOL_TYPE_OUTER_VOL_WRITE_PREVENTED, etc.) */

} MOUNT_LIST_STRUCT;

typedef struct

{

int driveNo;

int uniqueId;

wchar_t wszVolume[TC_MAX_PATH];

unsigned __int64 diskLength;

int ea;

int mode;

int pkcs5;

int pkcs5Iterations;

BOOL hiddenVolume;

BOOL readOnly;

BOOL removable;

BOOL partitionInInactiveSysEncScope;

uint32 volumeHeaderFlags;

unsigned __int64 totalBytesRead;

unsigned __int64 totalBytesWritten;

int hiddenVolProtection; /* Hidden volume protection status (e.g. HIDVOL_PROT_STATUS_NONE, HIDVOL_PROT_STATUS_ACTIVE, etc.) */

int volFormatVersion;

} VOLUME_PROPERTIES_STRUCT;

typedef struct

{

WCHAR symLinkName[TC_MAX_PATH];

WCHAR targetName[TC_MAX_PATH];

} RESOLVE_SYMLINK_STRUCT;

typedef struct

{

WCHAR deviceName[TC_MAX_PATH];

PARTITION_INFORMATION partInfo;

BOOL IsGPT;

BOOL IsDynamic;

}

Crypto.c:

Ciphers[]

EncryptionAlgorithms[]

CipherInit()

EncipherBlock()

DecipherBlock()

*/

#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE

// Cipher configuration

static Cipher Ciphers[] =

{

// Block Size Key Size Key Schedule Size

// ID Name (Bytes) (Bytes) (Bytes)

{ AES, "AES", 16, 32, AES_KS },

{ SERPENT, "Serpent", 16, 32, 140*4 },

{ TWOFISH, "Twofish", 16, 32, TWOFISH_KS },

{ 0, 0, 0, 0, 0 }

};

// Encryption algorithm configuration

static EncryptionAlgorithm EncryptionAlgorithms[] =

{

// Cipher(s) Modes FormatEnabled

#ifndef TC_WINDOWS_BOOT

#else // TC_WINDOWS_BOOT

// Encryption algorithms available for boot drive encryption

{ { 0, 0 }, { 0, 0 }, 0 }, // Must be all-zero

{ { AES, 0 }, { XTS, 0 }, 1 },

{ { SERPENT, 0 }, { XTS, 0 }, 1 },

{ { TWOFISH, 0 }, { XTS, 0 }, 1 },

{ { TWOFISH, AES, 0 }, { XTS, 0 }, 1 },

{ { SERPENT, TWOFISH, AES, 0 }, { XTS, 0 }, 1 },

{ { AES, SERPENT, 0 }, { XTS, 0 }, 1 },

{ { AES, TWOFISH, SERPENT, 0 }, { XTS, 0 }, 1 },

{ { SERPENT, TWOFISH, 0 }, { XTS, 0 }, 1 },

{ { 0, 0 }, { 0, 0 }, 0 }, // Must be all-zero

#endif

};

// Hash algorithms

static Hash Hashes[] =

{ // ID Name Deprecated System Encryption

{ RIPEMD160, "RIPEMD-160", FALSE, TRUE },

#ifndef TC_WINDOWS_BOOT

{ SHA512, "SHA-512", FALSE, FALSE },

{ WHIRLPOOL, "Whirlpool", FALSE, FALSE },

#endif

{ 0, 0, 0 }

};

/* Return values: 0 = success, ERR_CIPHER_INIT_FAILURE (fatal), ERR_CIPHER_INIT_WEAK_KEY (non-fatal) */

int CipherInit (int cipher, unsigned char *key, unsigned __int8 *ks)

{

int retVal = ERR_SUCCESS;

switch (cipher)

{

case AES:

#ifndef TC_WINDOWS_BOOT

if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)

return ERR_CIPHER_INIT_FAILURE;

if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof(aes_encrypt_ctx))) != EXIT_SUCCESS)

return ERR_CIPHER_INIT_FAILURE;

#else

if (aes_set_key (key, (length_type) CipherGetKeySize(AES), (aes_context *) ks) != 0)

return ERR_CIPHER_INIT_FAILURE;

#endif

break;

case SERPENT:

serpent_set_key (key, CipherGetKeySize(SERPENT) * 8, ks);

break;

case TWOFISH:

twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key, CipherGetKeySize(TWOFISH) * 8);

break;

default:

// Unknown/wrong cipher ID

return ERR_CIPHER_INIT_FAILURE;

}

return retVal;

}

void EncipherBlock(int cipher, void *data, void *ks)

{

switch (cipher)

{

case AES:

// In 32-bit kernel mode, due to KeSaveFloatingPointState() overhead, AES instructions can be used only when processing the whole data unit.

#if (defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)) && !defined (TC_WINDOWS_BOOT)

if (IsAesHwCpuSupported())

aes_hw_cpu_encrypt (ks, data);

else

#endif

aes_encrypt (data, data, ks);

break;

case TWOFISH: twofish_encrypt (ks, data, data); break;

case SERPENT: serpent_encrypt (data, data, ks); break;

default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID

}

}

#ifndef TC_WINDOWS_BOOT

void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

byte *data = dataPtr;

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

KFLOATING_SAVE floatingPointState;

#endif

if (cipher == AES

&& (blockCount & (32 - 1)) == 0

&& IsAesHwCpuSupported()

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

&& NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))

#endif

)

#endif // !TC_WINDOWS_BOOT

void DecipherBlock(int cipher, void *data, void *ks)

{

switch (cipher)

{

case SERPENT: serpent_decrypt (data, data, ks); break;

case TWOFISH: twofish_decrypt (ks, data, data); break;

#ifndef TC_WINDOWS_BOOT

case AES:

#if defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)

if (IsAesHwCpuSupported())

aes_hw_cpu_decrypt ((byte *) ks + sizeof (aes_encrypt_ctx), data);

else

#endif

aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));

break;

#else

case AES: aes_decrypt (data, data, ks); break;

#endif

default: TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID

}

}

#ifndef TC_WINDOWS_BOOT

void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

byte *data = dataPtr;

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

KFLOATING_SAVE floatingPointState;

#endif

if (cipher == AES

&& (blockCount & (32 - 1)) == 0

&& IsAesHwCpuSupported()

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

#ifndef TC_WINDOWS_BOOT

BOOL EAInitMode (PCRYPTO_INFO ci)

{

switch (ci->mode)

{

case XTS:

// Secondary key schedule

if (EAInit (ci->ea, ci->k2, ci->ks2) != ERR_SUCCESS)

return FALSE;

/* Note: XTS mode could potentially be initialized with a weak key causing all blocks in one data unit

on the volume to be tweaked with zero tweaks (i.e. 512 bytes of the volume would be encrypted in ECB

mode). However, to create a TrueCrypt volume with such a weak key, each human being on Earth would have

to create approximately 11,378,125,361,078,862 (about eleven quadrillion) TrueCrypt volumes (provided

that the size of each of the volumes is 1024 terabytes). */

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

return TRUE;

}

// Returns name of EA, cascaded cipher names are separated by hyphens

char *EAGetName (char *buf, int ea)

{

int i = EAGetLastCipher(ea);

strcpy (buf, (i != 0) ? CipherGetName (i) : "?");

while (i = EAGetPreviousCipher(ea, i))

{

strcat (buf, "-");

strcat (buf, CipherGetName (i));

}

{

if (c == previousModeId)

return EncryptionAlgorithms[ea].Modes[i];

}

return 0;

}

#ifndef TC_WINDOWS_BOOT

// Returns the name of the mode of operation of the whole EA

char *EAGetModeName (int ea, int mode, BOOL capitalLetters)

{

switch (mode)

{

case XTS:

return "XTS";

}

return "[unknown]";

}

#endif // TC_WINDOWS_BOOT

// Returns sum of key schedule sizes of all ciphers of the EA

int EAGetKeyScheduleSize (int ea)

{

int i = EAGetFirstCipher(ea);

int size = CipherGetKeyScheduleSize (i);

while (i = EAGetNextCipher(ea, i))

{

size += CipherGetKeyScheduleSize (i);

}

return size;

}

{

burn (cryptoInfo, sizeof (CRYPTO_INFO));

#ifndef DEVICE_DRIVER

VirtualUnlock (cryptoInfo, sizeof (CRYPTO_INFO));

#endif

TCfree (cryptoInfo);

}

#else // TC_WINDOWS_BOOT

burn (&CryptoInfoBuffer, sizeof (CryptoInfoBuffer));

CryptoInfoBufferInUse = FALSE;

#endif // TC_WINDOWS_BOOT

}

#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE

// EncryptBuffer

//

// buf: data to be encrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// len: number of bytes to encrypt; must be divisible by the block size (for cascaded ciphers, divisible

// by the largest block size used within the cascade)

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

switch (cryptoInfo->mode)

{

case XTS:

{

unsigned __int8 *ks = cryptoInfo->ks;

unsigned __int8 *ks2 = cryptoInfo->ks2;

UINT64_STRUCT dataUnitNo;

int cipher;

// When encrypting/decrypting a buffer (typically a volume header) the sequential number

// of the first XTS data unit in the buffer is always 0 and the start of the buffer is

// always assumed to be aligned with the start of a data unit.

dataUnitNo.LowPart = 0;

dataUnitNo.HighPart = 0;

for (cipher = EAGetFirstCipher (cryptoInfo->ea);

cipher != 0;

cipher = EAGetNextCipher (cryptoInfo->ea, cipher))

{

EncryptBufferXTS (buf, len, &dataUnitNo, 0, ks, ks2, cipher);

ks += CipherGetKeyScheduleSize (cipher);

ks2 += CipherGetKeyScheduleSize (cipher);

}

}

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

// buf: data to be encrypted

// unitNo: sequential number of the data unit with which the buffer starts

// nbrUnits: number of data units in the buffer

void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)

#ifndef TC_WINDOWS_BOOT

{

EncryptionThreadPoolDoWork (EncryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);

}

void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)

#endif // !TC_WINDOWS_BOOT

{

int ea = ci->ea;

unsigned __int8 *ks = ci->ks;

unsigned __int8 *ks2 = ci->ks2;

int cipher;

switch (ci->mode)

{

case XTS:

for (cipher = EAGetFirstCipher (ea); cipher != 0; cipher = EAGetNextCipher (ea, cipher))

{

EncryptBufferXTS (buf,

nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,

structUnitNo,

0,

ks,

ks2,

cipher);

ks += CipherGetKeyScheduleSize (cipher);

ks2 += CipherGetKeyScheduleSize (cipher);

}

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

// DecryptBuffer

//

// buf: data to be decrypted; the start of the buffer is assumed to be aligned with the start of a data unit.

// len: number of bytes to decrypt; must be divisible by the block size (for cascaded ciphers, divisible

// by the largest block size used within the cascade)

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)

{

switch (cryptoInfo->mode)

{

case XTS:

{

unsigned __int8 *ks = cryptoInfo->ks + EAGetKeyScheduleSize (cryptoInfo->ea);

unsigned __int8 *ks2 = cryptoInfo->ks2 + EAGetKeyScheduleSize (cryptoInfo->ea);

UINT64_STRUCT dataUnitNo;

int cipher;

// When encrypting/decrypting a buffer (typically a volume header) the sequential number

// of the first XTS data unit in the buffer is always 0 and the start of the buffer is

// always assumed to be aligned with the start of the data unit 0.

dataUnitNo.LowPart = 0;

dataUnitNo.HighPart = 0;

for (cipher = EAGetLastCipher (cryptoInfo->ea);

cipher != 0;

cipher = EAGetPreviousCipher (cryptoInfo->ea, cipher))

{

ks -= CipherGetKeyScheduleSize (cipher);

ks2 -= CipherGetKeyScheduleSize (cipher);

DecryptBufferXTS (buf, len, &dataUnitNo, 0, ks, ks2, cipher);

}

}

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

// buf: data to be decrypted

// unitNo: sequential number of the data unit with which the buffer starts

// nbrUnits: number of data units in the buffer

void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci)

#ifndef TC_WINDOWS_BOOT

{

EncryptionThreadPoolDoWork (DecryptDataUnitsWork, buf, structUnitNo, nbrUnits, ci);

}

void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)

#endif // !TC_WINDOWS_BOOT

{

int ea = ci->ea;

unsigned __int8 *ks = ci->ks;

unsigned __int8 *ks2 = ci->ks2;

int cipher;

switch (ci->mode)

{

case XTS:

ks += EAGetKeyScheduleSize (ea);

ks2 += EAGetKeyScheduleSize (ea);

for (cipher = EAGetLastCipher (ea); cipher != 0; cipher = EAGetPreviousCipher (ea, cipher))

{

ks -= CipherGetKeyScheduleSize (cipher);

ks2 -= CipherGetKeyScheduleSize (cipher);

DecryptBufferXTS (buf,

nbrUnits * ENCRYPTION_DATA_UNIT_SIZE,

structUnitNo,

0,

ks,

ks2,

cipher);

}

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

// Returns the maximum number of bytes necessary to be generated by the PBKDF2 (PKCS #5)

int GetMaxPkcs5OutSize (void)

{

int size = 32;

size = max (size, EAGetLargestKeyForMode (XTS) * 2); // Sizes of primary + secondary keys

return size;

}

#else // TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE

#if !defined (TC_WINDOWS_BOOT_AES) && !defined (TC_WINDOWS_BOOT_SERPENT) && !defined (TC_WINDOWS_BOOT_TWOFISH)

#error No cipher defined

#endif

void EncipherBlock(int cipher, void *data, void *ks)

{

#ifdef TC_WINDOWS_BOOT_AES

if (IsAesHwCpuSupported())

aes_hw_cpu_encrypt ((byte *) ks, data);

else

aes_encrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_SERPENT)

serpent_encrypt (data, data, ks);

*/

#ifndef CRYPTO_H

#define CRYPTO_H

#include "Tcdefs.h"

#ifdef __cplusplus

extern "C" {

#endif

// Encryption data unit size, which may differ from the sector size and must always be 512

#define ENCRYPTION_DATA_UNIT_SIZE 512

// Size of the salt (in bytes)

#define PKCS5_SALT_SIZE 64

// Size of the volume header area containing concatenated master key(s) and secondary key(s) (XTS mode)

#define MASTER_KEYDATA_SIZE 256

// The first PRF to try when mounting

#define FIRST_PRF_ID 1

// Hash algorithms (pseudorandom functions).

enum

{

RIPEMD160 = FIRST_PRF_ID,

#ifndef TC_WINDOWS_BOOT

SHA512,

WHIRLPOOL,

#endif

HASH_ENUM_END_ID

};

// The last PRF to try when mounting and also the number of implemented PRFs

#define LAST_PRF_ID (HASH_ENUM_END_ID - 1)

#define RIPEMD160_BLOCKSIZE 64

#define RIPEMD160_DIGESTSIZE 20

#define SHA1_BLOCKSIZE 64

#define SHA1_DIGESTSIZE 20

#define SHA512_BLOCKSIZE 128

#define SHA512_DIGESTSIZE 64

#define WHIRLPOOL_BLOCKSIZE 64

#define WHIRLPOOL_DIGESTSIZE 64

#define MAX_DIGESTSIZE WHIRLPOOL_DIGESTSIZE

#define DEFAULT_HASH_ALGORITHM FIRST_PRF_ID

#define DEFAULT_HASH_ALGORITHM_BOOT RIPEMD160

// The mode of operation used for newly created volumes and first to try when mounting

#define FIRST_MODE_OF_OPERATION_ID 1

// Modes of operation

enum

{

/* If you add/remove a mode, update the following: GetMaxPkcs5OutSize(), EAInitMode() */

XTS = FIRST_MODE_OF_OPERATION_ID,

MODE_ENUM_END_ID

};

// The last mode of operation to try when mounting and also the number of implemented modes

#define LAST_MODE_OF_OPERATION (MODE_ENUM_END_ID - 1)

// Ciphertext/plaintext block size for XTS mode (in bytes)

#define BYTES_PER_XTS_BLOCK 16

// Number of ciphertext/plaintext blocks per XTS data unit

#define BLOCKS_PER_XTS_DATA_UNIT (ENCRYPTION_DATA_UNIT_SIZE / BYTES_PER_XTS_BLOCK)

// Cipher IDs

enum

{

NONE = 0,

AES,

SERPENT,

};

typedef struct

{

int Id; // Cipher ID

char *Name; // Name

int BlockSize; // Block size (bytes)

int KeySize; // Key size (bytes)

int KeyScheduleSize; // Scheduled key size (bytes)

} Cipher;

typedef struct

{

int Ciphers[4]; // Null terminated array of ciphers used by encryption algorithm

int Modes[LAST_MODE_OF_OPERATION + 1]; // Null terminated array of modes of operation

int FormatEnabled;

} EncryptionAlgorithm;

typedef struct

{

#else

#define MAX_EXPANDED_KEY (AES_KS + SERPENT_KS + TWOFISH_KS)

#endif

#ifdef DEBUG

# define PRAND_DISK_WIPE_PASSES 3

#else

# define PRAND_DISK_WIPE_PASSES 256

#endif

#if !defined (TC_WINDOWS_BOOT) || defined (TC_WINDOWS_BOOT_AES)

# include "Aes.h"

#else

# include "AesSmall.h"

#endif

#include "Aes_hw_cpu.h"

#include "Serpent.h"

#include "Twofish.h"

#include "Rmd160.h"

#ifndef TC_WINDOWS_BOOT

# include "Sha2.h"

# include "Whirlpool.h"

#endif

#include "GfMul.h"

#include "Password.h"

typedef struct keyInfo_t

{

int noIterations; /* Number of times to iterate (PKCS-5) */

int keyLength; /* Length of the key */

__int8 userKey[MAX_PASSWORD]; /* Password (to which keyfiles may have been applied). WITHOUT +1 for the null terminator. */

__int8 salt[PKCS5_SALT_SIZE]; /* PKCS-5 salt */

__int8 master_keydata[MASTER_KEYDATA_SIZE]; /* Concatenated master primary and secondary key(s) (XTS mode). For LRW (deprecated/legacy), it contains the tweak key before the master key(s). For CBC (deprecated/legacy), it contains the IV seed before the master key(s). */

} KEY_INFO, *PKEY_INFO;

typedef struct CRYPTO_INFO_t

{

int ea; /* Encryption algorithm ID */

int mode; /* Mode of operation (e.g., XTS) */

int EAGetCipherCount (int ea);

int EAGetFirstCipher (int ea);

int EAGetLastCipher (int ea);

int EAGetNextCipher (int ea, int previousCipherId);

int EAGetPreviousCipher (int ea, int previousCipherId);

int EAIsFormatEnabled (int ea);

BOOL EAIsModeSupported (int ea, int testedMode);

const char *HashGetName (int hash_algo_id);

BOOL HashIsDeprecated (int hashId);

int GetMaxPkcs5OutSize (void);

void EncryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);

void EncryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);

void DecryptDataUnits (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, uint32 nbrUnits, PCRYPTO_INFO ci);

void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci);

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

BOOL IsAesHwCpuSupported ();

void EnableHwEncryption (BOOL enable);

BOOL IsHwEncryptionEnabled ();

#ifdef __cplusplus

}

#endif

#endif /* CRYPTO_H */

{

handleError (hwndDlg, tmpRetVal);

return 1;

}

memcpy (&ci->k2, secondaryKey, sizeof (secondaryKey));

if (!EAInitMode (ci))

return 1;

structDataUnitNo.Value = BE64(((unsigned __int64 *)dataUnitNo)[0]);

if (bEncrypt)

EncryptBufferXTS ((unsigned char *) tmp, pt, &structDataUnitNo, blockNo, (unsigned char *) (ci->ks), (unsigned char *) ci->ks2, idTestCipher);

else

DecryptBufferXTS ((unsigned char *) tmp, pt, &structDataUnitNo, blockNo, (unsigned char *) (ci->ks), (unsigned char *) ci->ks2, idTestCipher);

crypto_close (ci);

}

else

{

CipherInit2(idTestCipher, key, ks_tmp, ks);

if (bEncrypt)

{

EncipherBlock(idTestCipher, tmp, ks_tmp);

}

else

{

DecipherBlock(idTestCipher, tmp, ks_tmp);

}

}

*szTmp = 0;

for (n = 0; n < pt; n ++)

{

char szTmp2[3];

StringCbPrintfA(szTmp2, sizeof(szTmp2), "%02x", (int)((unsigned char)tmp[n]));

StringCbCatA(szTmp, sizeof(szTmp), szTmp2);

}

if (bEncrypt)

SetWindowText(GetDlgItem(hwndDlg,IDC_CIPHERTEXT), szTmp);

else

SetWindowText(GetDlgItem(hwndDlg,IDC_PLAINTEXT), szTmp);

}

return 1;

}

if (lw == IDCLOSE || lw == IDCANCEL)

SendMessage (GetDlgItem(hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_RESETCONTENT, 0,0);

ndx = SendMessage (GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_ADDSTRING, 0,(LPARAM) "64");

SendMessage(GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 8);

SendMessage(GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_SETCURSEL, ndx,0);

for (ndx = 0; ndx < BLOCKS_PER_XTS_DATA_UNIT; ndx++)

{

char tmpStr [16];

StringCbPrintfA (tmpStr, sizeof(tmpStr), "%d", ndx);

ndx = SendMessage (GetDlgItem(hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_ADDSTRING, 0,(LPARAM) tmpStr);

SendMessage(GetDlgItem(hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_SETITEMDATA, ndx,(LPARAM) ndx);

}

SendMessage(GetDlgItem(hwndDlg, IDC_TEST_BLOCK_NUMBER), CB_SETCURSEL, 0, 0);

SetWindowText(GetDlgItem(hwndDlg, IDC_SECONDARY_KEY), "0000000000000000000000000000000000000000000000000000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_TEST_DATA_UNIT_NUMBER), "0");

SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), "0000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), "0000000000000000");

if (idTestCipher == AES || idTestCipher == SERPENT || idTestCipher == TWOFISH)

{

ndx = SendMessage (GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_ADDSTRING, 0,(LPARAM) "256");

SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 32);

SendMessage(GetDlgItem(hwndDlg, IDC_KEY_SIZE), CB_SETCURSEL, ndx,0);

SendMessage (GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_RESETCONTENT, 0,0);

ndx = SendMessage (GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_ADDSTRING, 0,(LPARAM) "128");

SendMessage(GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_SETITEMDATA, ndx,(LPARAM) 16);

SendMessage(GetDlgItem(hwndDlg, IDC_PLAINTEXT_SIZE), CB_SETCURSEL, ndx,0);

SetWindowText(GetDlgItem(hwndDlg, IDC_KEY), "0000000000000000000000000000000000000000000000000000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_PLAINTEXT), "00000000000000000000000000000000");

SetWindowText(GetDlgItem(hwndDlg, IDC_CIPHERTEXT), "00000000000000000000000000000000");

}

}

break;

case DeriveKeyWork:

switch (workItem->KeyDerivation.Pkcs5Prf)

{

case RIPEMD160:

derive_key_ripemd160 (TRUE, workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,

workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());

break;

case SHA512:

derive_key_sha512 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,

workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());

break;

case WHIRLPOOL:

derive_key_whirlpool (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,

workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());

break;

default:

TC_THROW_FATAL_EXCEPTION;

}

InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);

TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);

if (InterlockedDecrement (workItem->KeyDerivation.OutstandingWorkItemCount) == 0)

TC_SET_EVENT (*workItem->KeyDerivation.NoOutstandingWorkItemEvent);

SetWorkItemState (workItem, WorkItemFree);

TC_SET_EVENT (WorkItemCompletedEvent);

continue;

default:

TC_THROW_FATAL_EXCEPTION;

}

if (workItem != workItem->FirstFragment)

{

{

for (j = 0; j < 16; j++)

{

int jm = 0;

jm |= (j & 0x1) << 3;

jm |= (j & 0x2) << 1;

jm |= (j & 0x4) >> 1;

jm |= (j & 0x8) >> 3;

memcpy (&ctx->gf_t128[i-16][jm], (unsigned char *)&ctx8k->gf_t8k[31-i][j], 16);

MirrorBits128 ((unsigned char *)&ctx->gf_t128[i-16][jm]);

}

}

burn (ctx8k ,sizeof (*ctx8k));

burn (am, sizeof (am));

TCfree (ctx8k);

return TRUE;

}

#define xor_8kt64(i) \

xor_block_aligned(r, ctx->gf_t128[i + i][a[i] & 15]); \

xor_block_aligned(r, ctx->gf_t128[i + i + 1][a[i] >> 4])

/* Multiply a 128-bit number by a 64-bit number in the finite field GF(2^128) */

void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx)

{

unsigned __int32 r[CBLK_LEN >> 2];

move_block_aligned(r, ctx->gf_t128[7*2][a[7] & 15]);

xor_block_aligned(r, ctx->gf_t128[7*2+1][a[7] >> 4]);

if (*(unsigned __int16 *)a)

{

xor_8kt64(0);

xor_8kt64(1);

}

if (a[2])

{

xor_8kt64(2);

}

xor_8kt64(3);

xor_8kt64(4);

xor_8kt64(5);

xor_8kt64(6);

move_block_aligned(p, r);

}

/* Basic algorithms for testing of optimized algorithms */

static void xor128 (uint64 *a, uint64 *b)

{

*a++ ^= *b++;

*a ^= *b;

}

static void shl128 (unsigned __int8 *a)

{

int i, x = 0, xx;

for (i = 15; i >= 0; i--)

{

xx = (a[i] & 0x80) >> 7;

a[i] = (char) ((a[i] << 1) | x);

x = xx;

}

}

}

}

}

static void xor64 (uint64 *a, uint64 *b)

{

*a ^= *b;

}

static void shl64 (unsigned __int8 *a)

{

int i, x = 0, xx;

for (i = 7; i >= 0; i--)

{

xx = (a[i] & 0x80) >> 7;

a[i] = (char) ((a[i] << 1) | x);

x = xx;

}

}

BOOL GfMulSelfTest ()

{

BOOL result = TRUE;

unsigned __int8 a[16];

unsigned __int8 b[16];

unsigned __int8 p1[16];

unsigned __int8 p2[16];

GfCtx *gfCtx = (GfCtx *) TCalloc (sizeof (GfCtx));

int i, j;

if (!gfCtx)

return FALSE;

/* GF(2^128) */

for (i = 0; i < 0x100; i++)

{

for (j = 0; j < 16; j++)

{

a[j] = (unsigned __int8) i;

b[j] = j < 8 ? 0 : a[j] ^ 0xff;

}

GfMul128Basic (a, b, p1);

Gf128Tab64Init (a, gfCtx);

Gf128MulBy64Tab (b + 8, p2, gfCtx);

if (memcmp (p1, p2, 16) != 0)

result = FALSE;

}

TCfree (gfCtx);

} GfCtx8k;

typedef struct

{

unsigned __int32 gf_t4k[CBLK_LEN8 * 2][16][CBLK_LEN / 4];

} GfCtx4k64;

typedef struct

{

/* union not used to support faster mounting */

unsigned __int32 gf_t128[CBLK_LEN * 2 / 2][16][CBLK_LEN / 4];

unsigned __int32 gf_t64[CBLK_LEN8 * 2][16][CBLK_LEN8 / 4];

} GfCtx;

typedef int ret_type;

void GfMul128 (void *a, const void* b);

void GfMul128Tab(unsigned char a[16], GfCtx8k *ctx);

int Gf128Tab64Init (unsigned __int8 *a, GfCtx *ctx);

void Gf128MulBy64Tab (unsigned __int8 a[8], unsigned __int8 p[16], GfCtx *ctx);

void MirrorBits128 (unsigned __int8 *a);

void MirrorBits64 (unsigned __int8 *a);

BOOL GfMulSelfTest ();

#if defined(__cplusplus)

}

#endif

#endif

/*

Legal Notice: Some portions of the source code contained in this file were

derived from the source code of Encryption for the Masses 2.02a, which is

Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License

Agreement for Encryption for the Masses'. Modifications and additions to

the original source code (contained in this file) and all other portions

of this file are Copyright (c) 2003-2009 TrueCrypt Developers Association

and are governed by the TrueCrypt License 3.0 the full text of which is

contained in the file License.txt included in TrueCrypt binary and source

code distribution packages. */

#include "Tcdefs.h"

#include <memory.h>

#include "Rmd160.h"

#ifndef TC_WINDOWS_BOOT

#include "Sha2.h"

#include "Whirlpool.h"

#endif

#include "Pkcs5.h"

#include "Crypto.h"

void hmac_truncate

(

char *d1, /* data to be truncated */

char *d2, /* truncated data */

int len /* length in bytes to keep */

)

{

int i;

for (i = 0; i < len; i++)

d2[i] = d1[i];

}

#ifndef TC_WINDOWS_BOOT

r = dklen - (l - 1) * SHA512_DIGESTSIZE;

/* first l - 1 blocks */

for (b = 1; b < l; b++)

{

derive_u_sha512 (pwd, pwd_len, salt, salt_len, iterations, u, b);

memcpy (dk, u, SHA512_DIGESTSIZE);

dk += SHA512_DIGESTSIZE;

}

/* last block */

derive_u_sha512 (pwd, pwd_len, salt, salt_len, iterations, u, b);

memcpy (dk, u, r);

/* Prevent possible leaks. */

burn (u, sizeof(u));

}

#endif // TC_WINDOWS_BOOT

void hmac_ripemd160 (char *key, int keylen, char *input, int len, char *digest)

{

RMD160_CTX context;

unsigned char k_ipad[65]; /* inner padding - key XORd with ipad */

unsigned char k_opad[65]; /* outer padding - key XORd with opad */

unsigned char tk[RIPEMD160_DIGESTSIZE];

int i;

/* If the key is longer than the hash algorithm block size,

let key = ripemd160(key), as per HMAC specifications. */

if (keylen > RIPEMD160_BLOCKSIZE)

{

RMD160_CTX tctx;

RMD160Init(&tctx);

RMD160Update(&tctx, (const unsigned char *) key, keylen);

RMD160Final(tk, &tctx);

dk += WHIRLPOOL_DIGESTSIZE;

}

/* last block */

derive_u_whirlpool (pwd, pwd_len, salt, salt_len, iterations, u, b);

memcpy (dk, u, r);

/* Prevent possible leaks. */

burn (u, sizeof(u));

}

char *get_pkcs5_prf_name (int pkcs5_prf_id)

{

switch (pkcs5_prf_id)

{

case SHA512:

return "HMAC-SHA-512";

case RIPEMD160:

return "HMAC-RIPEMD-160";

case WHIRLPOOL:

return "HMAC-Whirlpool";

default:

return "(Unknown)";

}

}

#endif //!TC_WINDOWS_BOOT

int get_pkcs5_iteration_count (int pkcs5_prf_id, BOOL bBoot)

{

switch (pkcs5_prf_id)

{

case RIPEMD160:

return bBoot? 16384 : 32767; /* we multiply this number by 10 inside derive_u_ripemd160 */

#ifndef TC_WINDOWS_BOOT

case SHA512:

case WHIRLPOOL:

return 500000;

#endif

default:

TC_THROW_FATAL_EXCEPTION; // Unknown/wrong ID

}

return 0;

}

return FALSE;

memcpy (&ci->k2, XTS_vectors[i].key2, sizeof (XTS_vectors[i].key2));

if (!EAInitMode (ci))

return FALSE;

memcpy (p, XTS_vectors[i].plaintext, sizeof (p));

dataUnitNo.Value = BE64 (*((unsigned __int64 *) XTS_vectors[i].dataUnitNo));

EncryptBufferXTS (p, sizeof (p), &dataUnitNo, XTS_vectors[i].blockNo, (unsigned char *) (ci->ks), (unsigned char *) ci->ks2, AES);

if (memcmp (XTS_vectors[i].ciphertext, p, sizeof (p)) != 0)

return FALSE;

}

return TRUE;

}

// AES ECB test vectors FIPS-197

#define AES_TEST_COUNT 1

typedef struct {

unsigned char key[32];

unsigned char plaintext[16];

unsigned char ciphertext[16];

} AES_TEST;

AES_TEST aes_ecb_vectors[AES_TEST_COUNT] = {

0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,

0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,

0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,

0x8e,0xa2,0xb7,0xca,0x51,0x67,0x45,0xbf,0xea,0xfc,0x49,0x90,0x4b,0x49,0x60,0x89

};

char *hmac_sha512_test_data[] =

{

"Hi There",

"what do ya want for nothing?",

"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",

"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",

"Test Using Larger Than Block-Size Key - Hash Key First",

"This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",

};

char *hmac_sha512_test_vectors[] =

{

"\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54",

"\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a\x38\xbc\xe7\x37",

"\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59\xe1\x32\x92\xfb",

"\xb0\xba\x46\x56\x37\x45\x8c\x69\x90\xe5\xa8\xc5\xf6\x1d\x4a\xf7\xe5\x76\xd9\x7f\xf9\x4b\x87\x2d\xe7\x6f\x80\x50\x36\x1e\xe3\xdb\xa9\x1c\xa5\xc1\x1a\xa2\x5e\xb4\xd6\x79\x27\x5c\xc5\x78\x80\x63\xa5\xf1\x97\x41\x12\x0c\x4f\x2d\xe2\xad\xeb\xeb\x10\xa2\x98\xdd",

"\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98",

"\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58",

};

char *hmac_ripemd160_test_keys[] =

{

"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x01\x23\x45\x67",

"\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10\x00\x11\x22\x33",

};

char *hmac_ripemd160_test_data[] =

{

"message digest",

"12345678901234567890123456789012345678901234567890123456789012345678901234567890",

};

char *hmac_ripemd160_test_vectors[] =

{

"\xf8\x36\x62\xcc\x8d\x33\x9c\x22\x7e\x60\x0f\xcd\x63\x6c\x57\xd2\x57\x1b\x1c\x34",

"\x85\xf1\x64\x70\x3e\x61\xa6\x31\x31\xbe\x7e\x45\x95\x8e\x07\x94\x12\x39\x04\xf9",

};

char *hmac_whirlpool_test_key =

{

char *hmac_whirlpool_test_data =

{

"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"

};

char *hmac_whirlpool_test_vectors =

{

"\x03\x91\xd2\x80\x00\xb6\x62\xbb\xb8\xe6\x23\x3e\xe8\x6c\xf2\xb2\x84\x74\x4c\x73"

"\x8b\x58\x00\xba\x28\x12\xed\x52\x6f\xe3\x15\x3a\xb1\xba\xe7\xe2\x36\xbe\x96\x54"

"\x49\x3f\x19\xfa\xce\xa6\x44\x1f\x60\xf5\xf0\x18\x93\x09\x11\xa5\xe5\xce\xd8\xf2"

"\x6a\xbf\xa4\x02"

};

unsigned char ks_tmp[MAX_EXPANDED_KEY];

void CipherInit2(int cipher, void* key, void* ks, int key_len)

{

switch (cipher)

{

case AES:

CipherInit(cipher,key,ks);

break;

case SERPENT:

CipherInit(cipher,key,ks);

break;

case TWOFISH:

CipherInit(cipher,key,ks);

break;

default:

/* Unknown/wrong ID */

TC_THROW_FATAL_EXCEPTION;

}

}

BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)

{

unsigned char buf [ENCRYPTION_DATA_UNIT_SIZE * 4];

unsigned int i;

char name[64];

unsigned __int32 crc;

UINT64_STRUCT unitNo;

uint32 nbrUnits;

unsigned __int64 writeOffset;

int testCase = 0;

int nTestsPerformed = 0;

static unsigned char key1[] =

{

0x27, 0x18, 0x28, 0x18, 0x28, 0x45, 0x90, 0x45, 0x23, 0x53, 0x60, 0x28, 0x74, 0x71, 0x35, 0x26, 0x62, 0x49, 0x77, 0x57, 0x24, 0x70, 0x93, 0x69, 0x99, 0x59, 0x57, 0x49, 0x66, 0x96, 0x76, 0x27,

0x31, 0x41, 0x59, 0x26, 0x53, 0x58, 0x97, 0x93, 0x23, 0x84, 0x62, 0x64, 0x33, 0x83, 0x27, 0x95, 0x02, 0x88, 0x41, 0x97, 0x16, 0x93, 0x99, 0x37, 0x51, 0x05, 0x82, 0x09, 0x74, 0x94, 0x45, 0x92,

0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13

};

/* Encryption/decryption of data units (typically, volume data sectors) */

nbrUnits = sizeof (buf) / ENCRYPTION_DATA_UNIT_SIZE;

/* The buffer can accommodate 4 data units and we'll test 4 cases by "scrolling". The data unit 0xFFFFFFFFFF

will "move" from the start of the buffer to its end. For a 512-byte data unit, the byte offset 562949953420800

corresponds to the data unit 0xFFFFFFFFFF. */

for (writeOffset = 562949953420800ULL;

writeOffset > 562949953420800ULL - nbrUnits * ENCRYPTION_DATA_UNIT_SIZE;

writeOffset -= ENCRYPTION_DATA_UNIT_SIZE)

{

unitNo.Value = writeOffset / ENCRYPTION_DATA_UNIT_SIZE;

// Test all EAs that support this mode of operation

for (ci->ea = EAGetFirst (); ci->ea != 0; ci->ea = EAGetNext (ci->ea))

{

if (!EAIsModeSupported (ci->ea, ci->mode))

continue;

EAGetName (name, ci->ea);

if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)

return FALSE;

{

if (crc != 0xbe78cec1)

return FALSE;

nTestsPerformed++;

}

if (crc == 0x9f5edd58)

return FALSE;

DecryptBuffer (buf, sizeof (buf), ci);

if (GetCrc32 (buf, sizeof (buf)) != 0x9f5edd58)

return FALSE;

nTestsPerformed++;

}

return (nTestsPerformed == 80);

}

static BOOL DoAutoTestAlgorithms (void)

{

PCRYPTO_INFO ci;

char key[32];

unsigned char tmp[16];

BOOL bFailed = FALSE;

int i;

ci = crypto_open ();

if (!ci)

return FALSE;

memset (ci, 0, sizeof (*ci));

/* AES */

for (i = 0; i < AES_TEST_COUNT; i++)

{

int cipher = AES;

memcpy(key, aes_ecb_vectors[i].key, 32);

memcpy(tmp, aes_ecb_vectors[i].plaintext, 16);

CipherInit(cipher, key, ks_tmp);

EncipherBlock(cipher, tmp, ks_tmp);

if (memcmp(aes_ecb_vectors[i].ciphertext, tmp, 16) != 0)

break;

DecipherBlock(cipher, tmp, ks_tmp);

if (memcmp(aes_ecb_vectors[i].plaintext, tmp, 16) != 0)

break;

}

if (i != AES_TEST_COUNT)

bFailed = TRUE;

/* PKCS #5 and HMACs */

if (!test_pkcs5 ())

bFailed = TRUE;

/* CRC-32 */

if (!crc32_selftests ())

bFailed = TRUE;

/* GF multiplicator */

#if 0

if (!GfMulSelfTest ())

bFailed = TRUE;

#endif

/* XTS-AES */

if (!XTSAesTest (ci))

bFailed = TRUE;

/* Sector and buffer related algorithms */

if (!TestSectorBufEncryption (ci))

bFailed = TRUE;

crypto_close (ci);

return !bFailed;

}

BOOL AutoTestAlgorithms (void)

{

BOOL result = TRUE;

BOOL hwEncryptionEnabled = IsHwEncryptionEnabled();

EnableHwEncryption (FALSE);

if (!DoAutoTestAlgorithms())

result = FALSE;

EnableHwEncryption (TRUE);

BOOL test_hmac_sha512 ()

{

unsigned int i;

int nTestsPerformed = 0;

for (i = 0; i < sizeof (hmac_sha512_test_data) / sizeof(char *); i++)

{

char digest[SHA512_DIGESTSIZE];

hmac_sha512 (hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), hmac_sha512_test_data[i], (int) strlen (hmac_sha512_test_data[i]), digest, SHA512_DIGESTSIZE);

if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0)

return FALSE;

else

nTestsPerformed++;

}

return (nTestsPerformed == 6);

}

BOOL test_hmac_ripemd160 ()

{

int nTestsPerformed = 0;

unsigned int i;

for (i = 0; i < sizeof (hmac_ripemd160_test_data) / sizeof(char *); i++)

{

char digest[RIPEMD160_DIGESTSIZE];

hmac_ripemd160 (hmac_ripemd160_test_keys[i], RIPEMD160_DIGESTSIZE, hmac_ripemd160_test_data[i], (int) strlen (hmac_ripemd160_test_data[i]), digest);

if (memcmp (digest, hmac_ripemd160_test_vectors[i], RIPEMD160_DIGESTSIZE) != 0)

return FALSE;

else

nTestsPerformed++;

}

return (nTestsPerformed == 2);

}

BOOL test_hmac_whirlpool ()

{

unsigned char digest[WHIRLPOOL_DIGESTSIZE];

hmac_whirlpool (hmac_whirlpool_test_key, 64, hmac_whirlpool_test_data, (int) strlen (hmac_whirlpool_test_data), digest, WHIRLPOOL_DIGESTSIZE);

if (memcmp (digest, hmac_whirlpool_test_vectors, WHIRLPOOL_DIGESTSIZE) != 0)

return FALSE;

return TRUE;

}

BOOL test_pkcs5 ()

{

char dk[144];

/* HMAC-SHA-512 tests */

if (!test_hmac_sha512())

return FALSE;

/* HMAC-RIPEMD-160 tests */

if (test_hmac_ripemd160() == FALSE)

return FALSE;

/* HMAC-Whirlpool tests */

if (test_hmac_whirlpool() == FALSE)

return FALSE;

/* PKCS-5 test 1 with HMAC-SHA-512 used as the PRF */

derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);

if (memcmp (dk, "\x13\x64\xae\xf8", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-SHA-512 used as the PRF (derives a key longer than the underlying

hash output size and block size) */

derive_key_sha512 ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 144);

if (memcmp (dk, "\x13\x64\xae\xf8\x0d\xf5\x57\x6c\x30\xd5\x71\x4c\xa7\x75\x3f\xfd\x00\xe5\x25\x8b\x39\xc7\x44\x7f\xce\x23\x3d\x08\x75\xe0\x2f\x48\xd6\x30\xd7\x00\xb6\x24\xdb\xe0\x5a\xd7\x47\xef\x52\xca\xa6\x34\x83\x47\xe5\xcb\xe9\x87\xf1\x20\x59\x6a\xe6\xa9\xcf\x51\x78\xc6\xb6\x23\xa6\x74\x0d\xe8\x91\xbe\x1a\xd0\x28\xcc\xce\x16\x98\x9a\xbe\xfb\xdc\x78\xc9\xe1\x7d\x72\x67\xce\xe1\x61\x56\x5f\x96\x68\xe6\xe1\xdd\xf4\xbf\x1b\x80\xe0\x19\x1c\xf4\xc4\xd3\xdd\xd5\xd5\x57\x2d\x83\xc7\xa3\x37\x87\xf4\x4e\xe0\xf6\xd8\x6d\x65\xdc\xa0\x52\xa3\x13\xbe\x81\xfc\x30\xbe\x7d\x69\x58\x34\xb6\xdd\x41\xc6", 144) != 0)

return FALSE;

/* PKCS-5 test 1 with HMAC-RIPEMD-160 used as the PRF */

derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);

if (memcmp (dk, "\x7a\x3d\x7c\x03", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-RIPEMD-160 used as the PRF (derives a key longer than the underlying hash) */

derive_key_ripemd160 (FALSE, "password", 8, "\x12\x34\x56\x78", 4, 5, dk, 48);

if (memcmp (dk, "\x7a\x3d\x7c\x03\xe7\x26\x6b\xf8\x3d\x78\xfb\x29\xd2\x64\x1f\x56\xea\xf0\xe5\xf5\xcc\xc4\x3a\x31\xa8\x84\x70\xbf\xbd\x6f\x8e\x78\x24\x5a\xc0\x0a\xf6\xfa\xf0\xf6\xe9\x00\x47\x5f\x73\xce\xe1\x43", 48) != 0)

return FALSE;

/* PKCS-5 test 1 with HMAC-Whirlpool used as the PRF */

derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 4);

if (memcmp (dk, "\x50\x7c\x36\x6f", 4) != 0)

return FALSE;

/* PKCS-5 test 2 with HMAC-Whirlpool used as the PRF (derives a key longer than the underlying hash) */

derive_key_whirlpool ("password", 8, "\x12\x34\x56\x78", 4, 5, dk, 96);

if (memcmp (dk, "\x50\x7c\x36\x6f\xee\x10\x2e\x9a\xe2\x8a\xd5\x82\x72\x7d\x27\x0f\xe8\x4d\x7f\x68\x7a\xcf\xb5\xe7\x43\x67\xaa\x98\x93\x52\x2b\x09\x6e\x42\xdf\x2c\x59\x4a\x91\x6d\x7e\x10\xae\xb2\x1a\x89\x8f\xb9\x8f\xe6\x31\xa9\xd8\x9f\x98\x26\xf4\xda\xcd\x7d\x65\x65\xde\x10\x95\x91\xb4\x84\x26\xae\x43\xa1\x00\x5b\x1e\xb8\x38\x97\xa4\x1e\x4b\xd2\x65\x64\xbc\xfa\x1f\x35\x85\xdb\x4f\x97\x65\x6f\xbd\x24", 96) != 0)

return FALSE;

{

CloseHandle (keyDerivationCompletedEvent);

TCfree (keyDerivationWorkItems);

return ERR_OUTOFMEMORY;

}

#endif

}

#ifndef DEVICE_DRIVER

VirtualLock (&keyInfo, sizeof (keyInfo));

VirtualLock (&dk, sizeof (dk));

#endif

crypto_loadkey (&keyInfo, password->Text, (int) password->Length);

// PKCS5 is used to derive the primary header key(s) and secondary header key(s) (XTS mode) from the password

memcpy (keyInfo.salt, encryptedHeader + HEADER_SALT_OFFSET, PKCS5_SALT_SIZE);

// Test all available PKCS5 PRFs

for (enqPkcs5Prf = FIRST_PRF_ID; enqPkcs5Prf <= LAST_PRF_ID || queuedWorkItems > 0; ++enqPkcs5Prf)

if (encryptionThreadCount > 1)

{

// Enqueue key derivation on thread pool

if (queuedWorkItems < encryptionThreadCount && enqPkcs5Prf <= LAST_PRF_ID)

{

for (i = 0; i < pkcs5PrfCount; ++i)

{

item = &keyDerivationWorkItems[i];

if (item->Free)

{

item->Free = FALSE;

item->KeyReady = FALSE;

item->Pkcs5Prf = enqPkcs5Prf;

EncryptionThreadPoolBeginKeyDerivation (&keyDerivationCompletedEvent, &noOutstandingWorkItemEvent,

&item->KeyReady, &outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey,

keyInfo.keyLength, keyInfo.salt, get_pkcs5_iteration_count (enqPkcs5Prf, bBoot), item->DerivedKey);

++queuedWorkItems;

break;

continue;

KeyReady: ;

}

else

{

pkcs5_prf = enqPkcs5Prf;

keyInfo.noIterations = get_pkcs5_iteration_count (enqPkcs5Prf, bBoot);

switch (pkcs5_prf)

{

case RIPEMD160:

derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

case SHA512:

derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

case WHIRLPOOL:

derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

}

// Test all available modes of operation

for (cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;

cryptoInfo->mode <= LAST_MODE_OF_OPERATION;

cryptoInfo->mode++)

{

switch (cryptoInfo->mode)

{

default:

primaryKeyOffset = 0;

}

// Test all available encryption algorithms

for (cryptoInfo->ea = EAGetFirst ();

cryptoInfo->ea != 0;

cryptoInfo->ea = EAGetNext (cryptoInfo->ea))

{

int blockSize;

if (!EAIsModeSupported (cryptoInfo->ea, cryptoInfo->mode))

continue; // This encryption algorithm has never been available with this mode of operation

blockSize = CipherGetBlockSize (EAGetFirstCipher (cryptoInfo->ea));

status = EAInit (cryptoInfo->ea, dk + primaryKeyOffset, cryptoInfo->ks);

if (status == ERR_CIPHER_INIT_FAILURE)

goto err;

// Init objects related to the mode of operation

if (cryptoInfo->mode == XTS)

{

// Copy the secondary key (if cascade, multiple concatenated)

memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));

// Secondary key schedule

if (!EAInitMode (cryptoInfo))

{

status = ERR_MODE_INIT_FAILED;

goto err;

}

}

{

}

// Copy the header for decryption

memcpy (header, encryptedHeader, sizeof (header));

// Try to decrypt header

DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);

// Magic 'VERA'

if (GetHeaderField32 (header, TC_HEADER_OFFSET_MAGIC) != 0x56455241)

continue;

// Header version

headerVersion = GetHeaderField16 (header, TC_HEADER_OFFSET_VERSION);

if (headerVersion > VOLUME_HEADER_VERSION)

{

status = ERR_NEW_VERSION_REQUIRED;

goto err;

memcpy (cryptoInfo, retHeaderCryptoInfo, sizeof (*cryptoInfo));

}

// Master key data

memcpy (keyInfo.master_keydata, header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE);

memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);

// PKCS #5

memcpy (cryptoInfo->salt, keyInfo.salt, PKCS5_SALT_SIZE);

cryptoInfo->pkcs5 = pkcs5_prf;

cryptoInfo->noIterations = keyInfo.noIterations;

// Init the cipher with the decrypted master key

status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);

if (status == ERR_CIPHER_INIT_FAILURE)

goto err;

switch (cryptoInfo->mode)

{

default:

// The secondary master key (if cascade, multiple concatenated)

memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));

}

if (!EAInitMode (cryptoInfo))

{

status = ERR_MODE_INIT_FAILED;

goto err;

}

status = ERR_SUCCESS;

goto ret;

}

}

}

status = ERR_PASSWORD_WRONG;

int primaryKeyOffset;

if (cryptoInfo == NULL)

return ERR_OUTOFMEMORY;

memset (header, 0, TC_VOLUME_HEADER_EFFECTIVE_SIZE);

VirtualLock (&keyInfo, sizeof (keyInfo));

VirtualLock (&dk, sizeof (dk));

/* Encryption setup */

if (masterKeydata == NULL)

{

// We have no master key data (creating a new volume) so we'll use the TrueCrypt RNG to generate them

int bytesNeeded;

switch (mode)

{

default:

bytesNeeded = EAGetKeySize (ea) * 2; // Size of primary + secondary key(s)

}

if (!RandgetBytes (keyInfo.master_keydata, bytesNeeded, TRUE))

return ERR_CIPHER_INIT_WEAK_KEY;

}

else

{

// We already have existing master key data (the header is being re-encrypted)

memcpy (keyInfo.master_keydata, masterKeydata, MASTER_KEYDATA_SIZE);

}

// User key

memcpy (keyInfo.userKey, password->Text, nUserKeyLen);

keyInfo.keyLength = nUserKeyLen;

keyInfo.noIterations = get_pkcs5_iteration_count (pkcs5_prf, bBoot);

// User selected encryption algorithm

cryptoInfo->ea = ea;

// Mode of operation

cryptoInfo->mode = mode;

// Salt for header key derivation

if (!RandgetBytes (keyInfo.salt, PKCS5_SALT_SIZE, !bWipeMode))

return ERR_CIPHER_INIT_WEAK_KEY;

// PBKDF2 (PKCS5) is used to derive primary header key(s) and secondary header key(s) (XTS) from the password/keyfiles

switch (pkcs5_prf)

{

case SHA512:

derive_key_sha512 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

case RIPEMD160:

derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

case WHIRLPOOL:

derive_key_whirlpool (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt,

PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize());

break;

default:

// Unknown/wrong ID

TC_THROW_FATAL_EXCEPTION;

}

/* Header setup */

// Salt

mputBytes (p, keyInfo.salt, PKCS5_SALT_SIZE);

{

TC_THROW_FATAL_EXCEPTION;

}

cryptoInfo->SectorSize = sectorSize;

mputLong (p, sectorSize);

// CRC of the header fields

x = GetCrc32 (header + TC_HEADER_OFFSET_MAGIC, TC_HEADER_OFFSET_HEADER_CRC - TC_HEADER_OFFSET_MAGIC);

p = header + TC_HEADER_OFFSET_HEADER_CRC;

mputLong (p, x);

// The master key data

memcpy (header + HEADER_MASTER_KEYDATA_OFFSET, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);

/* Header encryption */

switch (mode)

{

default:

// The secondary key (if cascade, multiple concatenated)

memcpy (cryptoInfo->k2, dk + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));

primaryKeyOffset = 0;

}

retVal = EAInit (cryptoInfo->ea, dk + primaryKeyOffset, cryptoInfo->ks);

if (retVal != ERR_SUCCESS)

return retVal;

// Mode of operation

if (!EAInitMode (cryptoInfo))

return ERR_OUTOFMEMORY;

// Encrypt the entire header (except the salt)

EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET,

HEADER_ENCRYPTED_DATA_SIZE,

cryptoInfo);

/* cryptoInfo setup for further use (disk format) */

// Init with the master key(s)

retVal = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);

if (retVal != ERR_SUCCESS)

return retVal;

memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);

switch (cryptoInfo->mode)

{

default:

// The secondary master key (if cascade, multiple concatenated)

memcpy (cryptoInfo->k2, keyInfo.master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea));

}

// Mode of operation

if (!EAInitMode (cryptoInfo))

return ERR_OUTOFMEMORY;

#ifdef VOLFORMAT

if (showKeys && !bInPlaceEncNonSys)

{

BOOL dots3 = FALSE;

int i, j;

j = EAGetKeySize (ea);

if (j > NBR_KEY_BYTES_TO_DISPLAY)

</FileConfiguration>

<FileConfiguration

Name="Release|Win32"

>

<Tool

Name="VCCustomBuildTool"

CommandLine="echo $(InputFileName) &amp; nasm.exe -Xvc -f win32 -Ox --prefix _ -o &quot;$(TargetDir)\$(InputName).obj&quot; -l &quot;$(TargetDir)\$(InputName).lst&quot; &quot;$(InputPath)&quot;&#x0D;&#x0A;"

Outputs="$(TargetDir)\$(InputName).obj"

/>

</FileConfiguration>

</File>

<File

RelativePath=".\Aeskey.c"

>

</File>

<File

RelativePath=".\Aestab.c"

>

</File>

<File

RelativePath=".\Rmd160.c"

>

</File>

<File

RelativePath=".\Serpent.c"

>

</File>

<File

RelativePath=".\Sha2.c"

>

</File>

<File

RelativePath=".\Twofish.c"

>

</File>

<File

RelativePath=".\Whirlpool.c"

>

</File>

</Filter>

<Filter

Name="Header Files"

Filter="h;hpp;hxx;hm;inl;inc;xsd"

UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

>

<File

RelativePath=".\Aes.h"

>

RelativePath="..\Crypto\Aes_hw_cpu.asm"

>

</File>

<File

RelativePath="..\Crypto\Aes_x64.asm"

>

</File>

<File

RelativePath="..\Crypto\Aes_x86.asm"

>

</File>

<File

RelativePath="..\Crypto\Aeskey.c"

>

</File>

<File

RelativePath="..\Crypto\Aestab.c"

>

</File>

<File

RelativePath="..\Crypto\Rmd160.c"

>

</File>

<File

RelativePath="..\Crypto\Serpent.c"

>

</File>

<File

RelativePath="..\Crypto\Sha2.c"

>

</File>

<File

RelativePath="..\Crypto\Twofish.c"

>

</File>

<File

RelativePath="..\Crypto\Whirlpool.c"

>

</File>

</Filter>

</Filter>

<Filter

Name="Header Files"

Filter="h;hpp;hxx;hm;inl;inc;xsd"

UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"

>

<File

RelativePath="..\Common\Apidrvr.h"

}

// Encryption algorithm

ListItemAddW (list, i, GetString ("ENCRYPTION_ALGORITHM"));

if (prop.ea == 0 || prop.ea > EAGetCount ())

{

ListSubItemSet (list, i, 1, "?");

return 1;

}

EAGetName (szTmp, prop.ea);

ListSubItemSet (list, i++, 1, szTmp);

// Key size(s)

{

char name[128];

int size = EAGetKeySize (prop.ea);

EAGetName (name, prop.ea);

// Primary key

ListItemAddW (list, i, GetString ("KEY_SIZE"));

StringCbPrintfW (sw, sizeof(sw), L"%d %s", size * 8, GetString ("BITS"));

ListSubItemSetW (list, i++, 1, sw);

if (strcmp (EAGetModeName (prop.ea, prop.mode, TRUE), "XTS") == 0)

{

// Secondary key (XTS)

ListItemAddW (list, i, GetString ("SECONDARY_KEY_SIZE_XTS"));

ListSubItemSetW (list, i++, 1, sw);

}

}

// Block size

ListItemAddW (list, i, GetString ("BLOCK_SIZE"));

StringCbCatW (sw, sizeof(sw), GetString ("BITS"));

ListSubItemSetW (list, i++, 1, sw);

// Mode

ListItemAddW (list, i, GetString ("MODE_OF_OPERATION"));

ListSubItemSet (list, i++, 1, EAGetModeName (prop.ea, prop.mode, TRUE));

// PKCS 5 PRF

ListItemAddW (list, i, GetString ("PKCS5_PRF"));

ListSubItemSet (list, i++, 1, get_pkcs5_prf_name (prop.pkcs5));

#if 0

// PCKS 5 iterations

ListItemAddW (list, i, GetString ("PKCS5_ITERATIONS"));

sprintf (szTmp, "%d", prop.pkcs5Iterations);

ListSubItemSet (list, i++, 1, szTmp);

#endif

#if 0

{

result = DialogBoxParamW (hInst,

MAKEINTRESOURCEW (IDD_PASSWORD_DLG), hwndDlg,

(DLGPROC) PasswordDlgProc, (LPARAM) password);

if (result != IDOK)

{

password->Length = 0;

burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));

}

return result == IDOK;

}

// GUI actions

static BOOL Mount (HWND hwndDlg, int nDosDriveNo, char *szFileName)

{

BOOL status = FALSE;

char fileName[MAX_PATH];

bPrebootPasswordDlgMode = mountOptions.PartitionInInactiveSysEncScope;

if (nDosDriveNo == 0)

nDosDriveNo = HIWORD (GetSelectedLong (GetDlgItem (hwndDlg, IDC_DRIVELIST))) - 'A';

if (!MultipleMountOperationInProgress)

VolumePassword.Length = 0;

if (szFileName == NULL)

{

GetWindowText (GetDlgItem (hwndDlg, IDC_VOLUME), fileName, sizeof (fileName));

szFileName = fileName;

}

if (strlen(szFileName) == 0)

{

status = FALSE;

goto ret;

}

// If keyfiles are enabled, test empty password first

if (!mounted && KeyFilesEnable && FirstKeyFile)

{

Password emptyPassword;

emptyPassword.Length = 0;

KeyFilesApply (&emptyPassword, FirstKeyFile);

mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &emptyPassword, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);

burn (&emptyPassword, sizeof (emptyPassword));

}

// Test password and/or keyfiles used for the previous volume

if (!mounted && MultipleMountOperationInProgress && VolumePassword.Length != 0)

mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, bCacheInDriver, bForceMount, &mountOptions, Silent, FALSE);

NormalCursor ();

if (mounted)

{

// Check for problematic file extensions (exe, dll, sys)

if (CheckFileExtension(szFileName))

Warning ("EXE_FILE_EXTENSION_MOUNT_WARNING");

}

while (mounted == 0)

{

if (CmdVolumePassword.Length > 0)

{

VolumePassword = CmdVolumePassword;

}

else if (!Silent)

{

StringCbCopyA (PasswordDlgVolume, sizeof(PasswordDlgVolume), szFileName);

if (!AskVolumePassword (hwndDlg, &VolumePassword, NULL, TRUE))

goto ret;

}

WaitCursor ();

if (KeyFilesEnable)

KeyFilesApply (&VolumePassword, FirstKeyFile);

mounted = MountVolume (hwndDlg, nDosDriveNo, szFileName, &VolumePassword, bCacheInDriver, bForceMount, &mountOptions, Silent, !Silent);

NormalCursor ();

// Check for legacy non-ASCII passwords

if (mounted > 0 && !KeyFilesEnable && !CheckPasswordCharEncoding (NULL, &VolumePassword))

Warning ("UNSUPPORTED_CHARS_IN_PWD_RECOM");

// Check for problematic file extensions (exe, dll, sys)

if (mounted > 0 && CheckFileExtension (szFileName))

Warning ("EXE_FILE_EXTENSION_MOUNT_WARNING");

if (!MultipleMountOperationInProgress)

burn (&VolumePassword, sizeof (VolumePassword));

burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));

if (CmdVolumePassword.Length > 0 || Silent)

break;

}

if (mounted > 0)

{

status = TRUE;

return FALSE;

}

if (interact)

MessageBoxW (hwndDlg, GetString ("UNMOUNT_FAILED"), lpszTitle, MB_ICONERROR);

}

else

{

if (bBeep)

MessageBeep (0xFFFFFFFF);

}

return status;

}

static BOOL MountAllDevices (HWND hwndDlg, BOOL bPasswordPrompt)

{

HWND driveList = GetDlgItem (hwndDlg, IDC_DRIVELIST);

int selDrive = ListView_GetSelectionMark (driveList);

vector <HostDevice> devices;

VolumePassword.Length = 0;

mountOptions = defaultMountOptions;

bPrebootPasswordDlgMode = FALSE;

if (selDrive == -1)

selDrive = 0;

ResetWrongPwdRetryCount ();

MultipleMountOperationInProgress = TRUE;

do

{

if (!bHeaderBakRetry)

{

if (!CmdVolumePasswordValid && bPasswordPrompt)

{

PasswordDlgVolume[0] = '\0';

ResetWrongPwdRetryCount ();

if (mounted == 2)

shared = TRUE;

LoadDriveLetters (driveList, (HIWORD (GetItemLong (GetDlgItem (hwndDlg, IDC_DRIVELIST), selDrive))));

selDrive++;

if (bExplore)

{

WaitCursor();

OpenVolumeExplorerWindow (nDosDriveNo);

NormalCursor();

}

if (bBeep)

MessageBeep (0xFFFFFFFF);

status = TRUE;

mountedVolCount++;

// Skip other partitions of the disk if partition0 (whole disk) has been mounted

if (!device.IsPartition)

break;

}

}

}

}

if (mountedVolCount < 1)

{

// Failed to mount any volume

IncreaseWrongPwdRetryCount (1);

if (WrongPwdRetryCountOverLimit ()

&& !mountOptions.UseBackupHeader

&& !bHeaderBakRetry)

{

burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));

}

} while (bPasswordPrompt && mountedVolCount < 1);

/* One or more volumes successfully mounted */

ResetWrongPwdRetryCount ();

if (shared)

Warning ("DEVICE_IN_USE_INFO");

if (mountOptions.ProtectHiddenVolume)

{

if (mountedVolCount > 1)

Info ("HIDVOL_PROT_WARN_AFTER_MOUNT_PLURAL");

else if (mountedVolCount == 1)

Info ("HIDVOL_PROT_WARN_AFTER_MOUNT");

}

// Check for legacy non-ASCII passwords

if (!KeyFilesEnable

&& !FirstCmdKeyFile

&& mountedVolCount > 0

&& !CheckPasswordCharEncoding (NULL, &VolumePassword))

Warning ("UNSUPPORTED_CHARS_IN_PWD_RECOM");

if (status && CloseSecurityTokenSessionsAfterMount)

SecurityToken::CloseAllSessions();

ret:

MultipleMountOperationInProgress = FALSE;

burn (&VolumePassword, sizeof (VolumePassword));

burn (&mountOptions.ProtectedHidVolPassword, sizeof (mountOptions.ProtectedHidVolPassword));

mountOptions.UseBackupHeader = defaultMountOptions.UseBackupHeader;

RestoreDefaultKeyFilesParam ();

/* Except in response to the WM_INITDIALOG and WM_ENDSESSION messages, the dialog box procedure

should return nonzero if it processes a message, and zero if it does not. */

BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)

{

static UINT taskBarCreatedMsg;

WORD lw = LOWORD (wParam);

WORD hw = HIWORD (wParam);

DWORD mPos;

switch (uMsg)

{

case WM_HOTKEY:

HandleHotKey (hwndDlg, wParam);

return 1;

case WM_INITDIALOG:

{

int exitCode = 0;

MainDlg = hwndDlg;

if (IsTrueCryptInstallerRunning())

AbortProcess ("TC_INSTALLER_IS_RUNNING");

// Set critical default options in case UsePreferences is false

bPreserveTimestamp = defaultMountOptions.PreserveTimestamp = TRUE;

ResetWrongPwdRetryCount ();

ExtractCommandLine (hwndDlg, (char *) lParam);

try

{

BootEncStatus = BootEncObj->GetStatus();

RecentBootEncStatus = BootEncStatus;

}

catch (...)

{

}

if (UsePreferences)

{

RestoreDefaultKeyFilesParam ();

bCacheInDriver = bCacheInDriverDefault;

}

if (mounted > 0)

{

if (bBeep)

MessageBeep (0xFFFFFFFF);

if (bExplore)

OpenVolumeExplorerWindow (szDriveLetter[0] - 'A');

RefreshMainDlg(hwndDlg);

if(!Silent)

{

// Check for problematic file extensions (exe, dll, sys)

if (CheckFileExtension (szFileName))

Warning ("EXE_FILE_EXTENSION_MOUNT_WARNING");

}

}

else

exitCode = 1;

}

else if (bExplore && GetMountedVolumeDriveNo (szFileName) != -1)

OpenVolumeExplorerWindow (GetMountedVolumeDriveNo (szFileName));

else if (szFileName[0] != 0 && IsMountedVolume (szFileName))

Warning ("VOL_ALREADY_MOUNTED");

if (!Quit)

RefreshMainDlg(hwndDlg);

}

// Wipe cache

if (bWipe)

WipeCache (hwndDlg, Silent);