}

catch (...) { }

try

{

if (displayWaitDialog)

DisplayStaticModelessWaitDlg (ParentWindow);

finally_do_arg (bool, displayWaitDialog, { if (finally_arg) CloseStaticModelessWaitDlg(); });

RestoreSystemLoader ();

}

catch (Exception &e)

{

e.Show (ParentWindow);

throw ErrorException ("SYS_LOADER_RESTORE_FAILED");

}

}

{

BootEncryptionStatus encStatus = GetStatus();

if (encStatus.SetupInProgress)

throw ParameterIncorrect (SRC_POS);

SystemDriveConfiguration config = GetSystemDriveConfiguration ();

char header[TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE];

Device device (config.DevicePath);

// Only one algorithm is currently supported

if (pkcs5 != 0)

throw ParameterIncorrect (SRC_POS);

int64 headerOffset = TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET;

int64 backupHeaderOffset = -1;

if (encStatus.HiddenSystem)

{

if (status != 0)

{

handleError (ParentWindow, status);

return status;

}

// Change the PKCS-5 PRF if requested by user

if (pkcs5 != 0)

{

cryptoInfo->pkcs5 = pkcs5;

RandSetHashFunction (pkcs5);

}

throw_sys_if (Randinit () != 0);

finally_do ({ RandStop (FALSE); });

NormalCursor();

UserEnrichRandomPool (ParentWindow);

WaitCursor();

techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy

to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22

times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might

impatiently interupt the process (etc.) we will not use the Gutmann's patterns but will write the

valid re-encrypted header, i.e. pseudorandom data, and there will be many more passes than Guttman

recommends. During each pass we will write a valid working header. Each pass will use the same master

key, and also the same header key, secondary key (XTS), etc., derived from the new password. The only

item that will be different for each pass will be the salt. This is sufficient to cause each "version"

of the header to differ substantially and in a random manner from the versions written during the

other passes. */

bool headerUpdated = false;

int result = ERR_SUCCESS;

try

{

BOOL backupHeader = FALSE;

while (TRUE)

{

{

PCRYPTO_INFO tmpCryptoInfo = NULL;

status = CreateVolumeHeaderInMemory (!encStatus.HiddenSystem,

header,

cryptoInfo->ea,

cryptoInfo->mode,

newPassword,

cryptoInfo->pkcs5,

(char *) cryptoInfo->master_keydata,

&tmpCryptoInfo,

cryptoInfo->VolumeSize.Value,

cryptoInfo->hiddenVolumeSize,

cryptoInfo->EncryptedAreaStart.Value,

cryptoInfo->EncryptedAreaLength.Value,

cryptoInfo->RequiredProgramVersion,

cryptoInfo->HeaderFlags | TC_HEADER_FLAG_ENCRYPTED_SYSTEM,

cryptoInfo->SectorSize,

if (tmpCryptoInfo)

crypto_close (tmpCryptoInfo);

if (status != 0)

{

handleError (ParentWindow, status);

return status;

}

device.SeekAt (headerOffset);

device.Write ((byte *) header, sizeof (header));

headerUpdated = true;

}

if (!encStatus.HiddenSystem || backupHeader)

break;

backupHeader = TRUE;

headerOffset = backupHeaderOffset;

bool SystemLoaderPresent;

};

class BootEncryption

{

public:

BootEncryption (HWND parent);

~BootEncryption ();

enum FilterType

{

DriveFilter,

VolumeFilter,

DumpFilter

};

void AbortDecoyOSWipe ();

void AbortSetup ();

void AbortSetupWait ();

void CallDriver (DWORD ioctl, void *input = nullptr, DWORD inputSize = 0, void *output = nullptr, DWORD outputSize = 0);

void CheckDecoyOSWipeResult ();

void CheckEncryptionSetupResult ();

void CheckRequirements ();

void CheckRequirementsHiddenOS ();

void CopyFileAdmin (const string &sourceFile, const string &destinationFile);

void CreateRescueIsoImage (bool initialSetup, const string &isoImagePath);

void Deinstall (bool displayWaitDialog = false);

void DeleteFileAdmin (const string &file);

DecoySystemWipeStatus GetDecoyOSWipeStatus ();

DWORD GetDriverServiceStartType ();

unsigned int GetHiddenOSCreationPhase ();

uint16 GetInstalledBootLoaderVersion ();

Partition GetPartitionForHiddenOS ();

bool IsBootLoaderOnDrive (char *devicePath);

BootEncryptionStatus GetStatus ();

string GetTempPath ();

void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);

SystemDriveConfiguration GetSystemDriveConfiguration ();

void Install (bool hiddenSystem);

void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false);

for (i = 0; i < nCount; i++)

{

x = SendMessage (hComboBox, CB_GETITEMDATA, i, 0);

if (x == (LPARAM) *algo_id)

{

SendMessage (hComboBox, CB_SETCURSEL, i, 0);

return;

}

}

/* Something went wrong ; couldn't find the requested algo id so we drop

back to a default */

*algo_id = SendMessage (hComboBox, CB_GETITEMDATA, 0, 0);

SendMessage (hComboBox, CB_SETCURSEL, 0, 0);

}

{

if (bNA)

{

AddComboPairW (hComboBox, GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE"), TC_WIPE_NONE);

}

else

{

AddComboPairW (hComboBox, GetString ("WIPE_MODE_3_DOD_5220"), TC_WIPE_3_DOD_5220);

AddComboPairW (hComboBox, GetString ("WIPE_MODE_7_DOD_5220"), TC_WIPE_7_DOD_5220);

AddComboPairW (hComboBox, GetString ("WIPE_MODE_35_GUTMANN"), TC_WIPE_35_GUTMANN);

}

}

wchar_t *GetWipeModeName (WipeAlgorithmId modeId)

{

switch (modeId)

{

case TC_WIPE_NONE:

return GetString ("WIPE_MODE_NONE");

case TC_WIPE_1_RAND:

return GetString ("WIPE_MODE_1_RAND");

case TC_WIPE_3_DOD_5220:

return GetString ("WIPE_MODE_3_DOD_5220");

case TC_WIPE_7_DOD_5220:

return GetString ("WIPE_MODE_7_DOD_5220");

case TC_WIPE_35_GUTMANN:

return GetString ("WIPE_MODE_35_GUTMANN");

default:

return GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE");

}

}

wchar_t *GetPathType (const char *path, BOOL bUpperCase, BOOL *bIsPartition)

{

if (strstr (path, "Partition")

&& strstr (path, "Partition0") == NULL)

{

*bIsPartition = TRUE;

return GetString (bUpperCase ? "PARTITION_UPPER_CASE" : "PARTITION_LOWER_CASE");

}

else if (strstr (path, "HarddiskVolume"))

{

*bIsPartition = TRUE;

return GetString (bUpperCase ? "VOLUME_UPPER_CASE" : "VOLUME_LOWER_CASE");

}

*bIsPartition = FALSE;

BOOL IsButtonChecked ( HWND hButton );

void CheckButton ( HWND hButton );

void LeftPadString (char *szTmp, int len, int targetLen, char filler);

void ToSBCS ( LPWSTR lpszText, size_t cbSize );

void ToUNICODE ( char *lpszText , size_t cbSize);

void InitDialog ( HWND hwndDlg );

void ProcessPaintMessages (HWND hwnd, int maxMessagesToProcess);

HDC CreateMemBitmap ( HINSTANCE hInstance , HWND hwnd , char *resource );

HBITMAP RenderBitmap ( char *resource , HWND hwndDest , int x , int y , int nWidth , int nHeight , BOOL bDirectRender , BOOL bKeepAspectRatio);

LRESULT CALLBACK RedTick ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );

BOOL RegisterRedTick ( HINSTANCE hInstance );

BOOL UnregisterRedTick ( HINSTANCE hInstance );

LRESULT CALLBACK SplashDlgProc ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );

void WaitCursor ( void );

void NormalCursor ( void );

void ArrowWaitCursor ( void );

void HandCursor ();

void AddComboPair (HWND hComboBox, const char *lpszItem, int value);

void AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value);

void SelectAlgo ( HWND hComboBox , int *nCipher );

wchar_t *GetWipeModeName (WipeAlgorithmId modeId);

wchar_t *GetPathType (const char *path, BOOL bUpperCase, BOOL *bIsPartition);

LRESULT CALLBACK CustomDlgProc ( HWND hwnd , UINT uMsg , WPARAM wParam , LPARAM lParam );

BOOL TCCreateMutex (volatile HANDLE *hMutex, char *name);

void TCCloseMutex (volatile HANDLE *hMutex);

BOOL MutexExistsOnSystem (char *name);

BOOL CreateSysEncMutex (void);

BOOL InstanceHasSysEncMutex (void);

void CloseSysEncMutex (void);

BOOL CreateNonSysInplaceEncMutex (void);

BOOL InstanceHasNonSysInplaceEncMutex (void);

void CloseNonSysInplaceEncMutex (void);

BOOL NonSysInplaceEncInProgressElsewhere (void);

BOOL CreateDriverSetupMutex (void);

void CloseDriverSetupMutex (void);

BOOL CreateAppSetupMutex (void);

BOOL InstanceHasAppSetupMutex (void);

void CloseAppSetupMutex (void);

BOOL IsTrueCryptInstallerRunning (void);

uint32 ReadDriverConfigurationFlags ();

if (i < len)

return FALSE;

}

return TRUE;

}

BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem)

{

if (GetWindowTextLength (hwndItem) < PASSWORD_LEN_WARNING)

{

#ifndef _DEBUG

if (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES)

return FALSE;

#endif

}

return TRUE;

}

{

int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;

char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];

char szDosDevice[TC_MAX_PATH];

char buffer[TC_VOLUME_HEADER_EFFECTIVE_SIZE];

PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;

void *dev = INVALID_HANDLE_VALUE;

DWORD dwError;

DWORD bytesRead;

BOOL bDevice;

unsigned __int64 hostSize = 0;

int volumeType;

int wipePass;

FILETIME ftCreationTime;

FILETIME ftLastWriteTime;

FILETIME ftLastAccessTime;

BOOL bTimeStampValid = FALSE;

LARGE_INTEGER headerOffset;

BOOL backupHeader;

DISK_GEOMETRY driveInfo;

nStatus = ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG;

goto error;

}

// Change the PKCS-5 PRF if requested by user

if (pkcs5 != 0)

cryptoInfo->pkcs5 = pkcs5;

RandSetHashFunction (cryptoInfo->pkcs5);

NormalCursor();

UserEnrichRandomPool (hwndDlg);

EnableElevatedCursorChange (hwndDlg);

WaitCursor();

/* Re-encrypt the volume header */

backupHeader = FALSE;

while (TRUE)

{

techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy

to recover the overwritten header. According to Peter Gutmann, data should be overwritten 22

times (ideally, 35 times) using non-random patterns and pseudorandom data. However, as users might

impatiently interupt the process (etc.) we will not use the Gutmann's patterns but will write the

valid re-encrypted header, i.e. pseudorandom data, and there will be many more passes than Guttman

recommends. During each pass we will write a valid working header. Each pass will use the same master

key, and also the same header key, secondary key (XTS), etc., derived from the new password. The only

item that will be different for each pass will be the salt. This is sufficient to cause each "version"

of the header to differ substantially and in a random manner from the versions written during the

other passes. */

{

// Prepare new volume header

nStatus = CreateVolumeHeaderInMemory (FALSE,

buffer,

cryptoInfo->ea,

cryptoInfo->mode,

newPassword,

cryptoInfo->pkcs5,

cryptoInfo->master_keydata,

&ci,

cryptoInfo->VolumeSize.Value,

(volumeType == TC_VOLUME_TYPE_HIDDEN || volumeType == TC_VOLUME_TYPE_HIDDEN_LEGACY) ? cryptoInfo->hiddenVolumeSize : 0,

cryptoInfo->EncryptedAreaStart.Value,

cryptoInfo->EncryptedAreaLength.Value,

cryptoInfo->RequiredProgramVersion,

cryptoInfo->HeaderFlags,

cryptoInfo->SectorSize,

if (ci != NULL)

crypto_close (ci);

if (nStatus != 0)

goto error;

if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN))

{

nStatus = ERR_OS_ERROR;

goto error;

}

if (!WriteEffectiveVolumeHeader (bDevice, dev, buffer))

{

nStatus = ERR_OS_ERROR;

goto error;

}

if (bDevice

#define PASSWORD_LEN_WARNING 20 // Display a warning when a password is shorter than this

#ifdef __cplusplus

extern "C" {

#endif

typedef struct

{

// Modifying this structure can introduce incompatibility with previous versions

unsigned __int32 Length;

unsigned char Text[MAX_PASSWORD + 1];

char Pad[3]; // keep 64-bit alignment

} Password;

#if defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)

void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );

BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);

BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);

#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)

#ifdef __cplusplus

}

#endif

#endif // PASSWORD_H

return TRUE;

}

int GetWipePassCount (WipeAlgorithmId algorithm)

{

switch (algorithm)

{

case TC_WIPE_1_RAND:

return 1;

case TC_WIPE_3_DOD_5220:

return 3;

case TC_WIPE_7_DOD_5220:

return 7;

case TC_WIPE_35_GUTMANN:

return 35;

default:

TC_THROW_FATAL_EXCEPTION;

}

return 0; // Prevent compiler warnings

}

BOOL WipeBuffer (WipeAlgorithmId algorithm, byte randChars[TC_WIPE_RAND_CHAR_COUNT], int pass, byte *buffer, size_t size)

{

switch (algorithm)

{

case TC_WIPE_1_RAND:

return Wipe1PseudoRandom (pass, buffer, size);

case TC_WIPE_3_DOD_5220:

return Wipe3Dod5220 (pass, buffer, size);

case TC_WIPE_7_DOD_5220:

return Wipe7Dod5220 (pass, randChars, buffer, size);

case TC_WIPE_35_GUTMANN:

return Wipe35Gutmann (pass, buffer, size);

default:

TC_THROW_FATAL_EXCEPTION;

}

return FALSE; // Prevent compiler warnings

}

*/

#ifndef TC_HEADER_Common_Wipe

#define TC_HEADER_Common_Wipe

#include "Tcdefs.h"

#ifdef __cplusplus

extern "C" {

#endif

typedef enum

{

/* WARNING: As these values are written to config files, if they or their meanings

are changed, incompatiblity with other versions may arise (upgrade, downgrade, etc.).

When adding a new constant, verify that the value is unique within this block. */

TC_WIPE_NONE = 0,

TC_WIPE_1_RAND = 100,

TC_WIPE_3_DOD_5220 = 300,

TC_WIPE_7_DOD_5220 = 700,

} WipeAlgorithmId;

#define TC_WIPE_RAND_CHAR_COUNT 3

int GetWipePassCount (WipeAlgorithmId algorithm);

BOOL WipeBuffer (WipeAlgorithmId algorithm, byte randChars[TC_WIPE_RAND_CHAR_COUNT], int pass, byte *buffer, size_t size);

#ifdef __cplusplus

}

#endif

#endif // TC_HEADER_Common_Wipe