}

}

DWORD sizeDcsBoot;

uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);

if (!dcsBootImg)

throw ErrorException(L"Out of resource DcsBoot", SRC_POS);

DWORD sizeDcsInt;

uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);

if (!dcsIntImg)

throw ErrorException(L"Out of resource DcsInt", SRC_POS);

DWORD sizeDcsCfg;

uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);

if (!dcsCfgImg)

throw ErrorException(L"Out of resource DcsCfg", SRC_POS);

DWORD sizeLegacySpeaker;

uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);

if (!LegacySpeakerImg)

throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);

#ifdef VC_EFI_CUSTOM_MODE

DWORD sizeBootMenuLocker;

uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);

if (!BootMenuLockerImg)

throw ErrorException(L"Out of resource DcsBml", SRC_POS);

#endif

DWORD sizeDcsInfo;

uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);

if (!DcsInfoImg)

throw ErrorException(L"Out of resource DcsInfo", SRC_POS);

bool bAlreadyExist;

const char* g_szMsBootString = "bootmgfw.pdb";

unsigned __int64 loaderSize = 0;

if (preserveUserConfig)

{

// move the original bootloader backup from old location (if it exists) to new location

// we don't force the move operation if the new location already exists

// Clean beta9

EfiBootInst.DelFile(L"\\DcsBoot.efi");

{

// create EFI disk structure

DWORD sizeDcsBoot;

uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);

if (!dcsBootImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsInt;

uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);

if (!dcsIntImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsCfg;

uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);

if (!dcsCfgImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeLegacySpeaker;

uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);

if (!LegacySpeakerImg)

throw ParameterIncorrect (SRC_POS);

#ifdef VC_EFI_CUSTOM_MODE

DWORD sizeBootMenuLocker;

uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);

if (!BootMenuLockerImg)

throw ParameterIncorrect (SRC_POS);

#endif

DWORD sizeDcsRescue;

uint8 *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue);

if (!DcsRescueImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsInfo;

uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);

if (!DcsInfoImg)

throw ParameterIncorrect (SRC_POS);

finally_do_arg (zip_t**, &z, { if (*finally_arg) zip_discard (*finally_arg);});

throw ParameterIncorrect (SRC_POS);

#ifdef VC_EFI_CUSTOM_MODE

if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker))

sysBakFile.GetFileSize(fileSize);

fileBuf.Resize ((DWORD) fileSize);

DWORD sizeLoader = sysBakFile.Read (fileBuf.Ptr (), fileSize);

}

catch (Exception &e)

{

L"EFI/VeraCrypt/svh_bak",

L"EFI/Boot/original_bootx64.vc_backup"

};

zip_error_t zerr;

zip_source_t* zsrc = zip_source_buffer_create (RescueZipData, RescueZipSize, 0, &zerr);

&& !wcsncmp (szNameBuffer, L"FAT", 3))

{

int i;

for (i = 0; i < efiFilesSize; i++)

{

bool bMatch = false;

L"EFI/VeraCrypt/svh_bak",

L"EFI/Boot/original_bootx64.vc_backup"

};

int i;

zip_stat_t statMem, statFile;

zip_int64_t indexMem, indexFile;

for (i = 0; i < efiFilesSize; i++)

{

bool bMatch = false;

EfiBootInst.DeleteStartExec();

EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed

if (!EfiBootInst.RenameFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE))

{

int cacheEmpty = 1;

static int nPasswordIdx = 0;

uint64 VcGetPasswordEncryptionID (Password* pPassword)

{

return ((uint64) pPassword->Text) + ((uint64) pPassword);

VcProtectPassword (pPassword, encID);

}

int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)

{

int nReturnCode = ERR_PASSWORD_WRONG;

/* Save mount passwords back into cache if asked to do so */

if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))

{

Password tmpPass;

for (i = 0; i < CACHE_SIZE; i++)

{

Password* pCurrentPassword = &CachedPasswords[i];

if (IsRamEncryptionEnabled())

{

memcpy (&tmpPass, pCurrentPassword, sizeof (Password));

VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));

pCurrentPassword = &tmpPass;

}

if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)

break;

}

if (IsRamEncryptionEnabled())

burn (&tmpPass, sizeof (Password));

if (i == CACHE_SIZE)

{

/* Store the password */

CachedPasswords[nPasswordIdx] = *password;

if (IsRamEncryptionEnabled ())

VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));

/* Store also PIM if requested, otherwise set to default */

if (bCachePim && (pim > 0))

}

else if (!cacheEmpty)

{

Password tmpPass;

/* Attempt to recognize volume using cached passwords */

for (i = 0; i < CACHE_SIZE; i++)

{

Password* pCurrentPassword = &CachedPasswords[i];

if (IsRamEncryptionEnabled())

{

memcpy (&tmpPass, pCurrentPassword, sizeof (Password));

VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));

pCurrentPassword = &tmpPass;

}

if ((pCurrentPassword->Length > 0) && (pCurrentPassword->Length <= (unsigned int) ((bBoot? MAX_LEGACY_PASSWORD: MAX_PASSWORD))))

{

if (pim == -1)

break;

}

}

if (IsRamEncryptionEnabled())

burn (&tmpPass, sizeof (Password));

}

return nReturnCode;

void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)

{

Password tmpPass;

int i;

for (i = 0; i < CACHE_SIZE; i++)

{

Password* pCurrentPassword = &CachedPasswords[i];

if (IsRamEncryptionEnabled())

{

memcpy (&tmpPass, pCurrentPassword, sizeof (Password));

VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));

pCurrentPassword = &tmpPass;

}

if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)

break;

}

if (i == CACHE_SIZE)

{

CachedPasswords[nPasswordIdx] = *password;

if (IsRamEncryptionEnabled ())

VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));

/* Store also PIM if requested, otherwise set to default */

if (bCachePim && (pim > 0))

CachedPim[nPasswordIdx] = pim;

{

CachedPim[i] = pim > 0? pim : 0;

}

if (IsRamEncryptionEnabled())

burn (&tmpPass, sizeof (Password));

}

void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)

*tmp = 0;

#if (defined(_DEBUG) || defined(DEBUG))

StringCchCatW (tmp, 8192, L" (debug)");

#endif

#endif

IDR_EFI_DCSRE BIN "..\\Boot\\EFI\\DcsRe.efi"

IDR_EFI_DCSINFO BIN "..\\Boot\\EFI\\DcsInfo.efi"

#endif

/////////////////////////////////////////////////////////////////////////////

//

switch (cipher)

{

case AES:

if (IsAesHwCpuSupported())

aes_hw_cpu_encrypt (ks, data);

else

void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

uint8 *data = dataPtr;

if (cipher == AES

&& (blockCount & (32 - 1)) == 0

&& IsAesHwCpuSupported()

)

{

while (blockCount > 0)

blockCount -= 32;

}

}

#ifndef WOLFCRYPT_BACKEND

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)

else if (cipher == SERPENT

&& (blockCount >= 4)

&& HasSSE2()

)

{

serpent_encrypt_blocks (data, data, blockCount, ks);

}

#endif

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)

else if (cipher == KUZNYECHIK

&& HasSSE2()

)

{

kuznyechik_encrypt_blocks (data, data, blockCount, ks);

}

#endif

#endif

#ifndef TC_WINDOWS_BOOT

case AES:

if (IsAesHwCpuSupported())

aes_hw_cpu_decrypt ((uint8 *) ks + sizeof (aes_encrypt_ctx), data);

else

aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));

break;

void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

uint8 *data = dataPtr;

if (cipher == AES

&& (blockCount & (32 - 1)) == 0

&& IsAesHwCpuSupported()

)

{

while (blockCount > 0)

blockCount -= 32;

}

}

#ifndef WOLFCRYPT_BACKEND

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)

else if (cipher == SERPENT

&& (blockCount >= 4)

&& HasSSE2()

)

{

serpent_decrypt_blocks (data, data, blockCount, ks);

}

#endif

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)

else if (cipher == KUZNYECHIK

&& HasSSE2()

)

{

kuznyechik_decrypt_blocks (data, data, blockCount, ks);

}

#endif

#endif

BOOL IsRamEncryptionSupported ()

{

if (t1ha_selfcheck__t1ha2() == 0)

return TRUE;

else

return FALSE;

}

void EnableRamEncryption (BOOL enable)

# include "Camellia.h"

#if !defined (_UEFI)

# include "chachaRng.h"

# include "t1ha.h"

#endif

#else

# include "CamelliaSmall.h"

void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);

BOOL InitializeSecurityParameters(GetRandSeedFn rngCallback);

void ClearSecurityParameters();

#ifdef TC_WINDOWS_DRIVER

// Version

SendMessage (GetDlgItem (hwndDlg, IDT_ABOUT_VERSION), WM_SETFONT, (WPARAM) hUserBoldFont, 0);

#if (defined(_DEBUG) || defined(DEBUG))

StringCbCatW (szTmp, sizeof(szTmp), L" (debug)");

#endif

AbortProcessDirect(L"VeraCrypt requires at least Windows 10 to run.");

}

SetDefaultDllDirectoriesFn = (SetDefaultDllDirectoriesPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDefaultDllDirectories");

if (!SetDefaultDllDirectoriesFn)

{

InitHelpFileName ();

#ifndef SETUP

EnableRamEncryption ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE);

if (IsRamEncryptionEnabled())

{

if (!InitializeSecurityParameters(GetAppRandomSeed))

AbortProcess("OUTOFMEMORY");

}

if (!EncryptionThreadPoolStart (ReadEncryptionThreadPoolFreeCpuCountLimit()))

{

handleWin32Error (NULL, SRC_POS);

else

*tmp = 0;

file = FindFirstFile (driverPath, &find);

{

if (thid == SHA256)

{

benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26);

}

else

{

benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5;

}

}

}

if (EAInitMode (ci, ci->k2))

{

int i;

if (IsRamEncryptionEnabled ())

VcProtectKeys (ci, VcGetEncryptionID (ci));

for (i = 0; i < 10; i++)

{

if (!EAInitMode (ci, ci->k2))

goto counter_error;

if (IsRamEncryptionEnabled ())

VcProtectKeys (ci, VcGetEncryptionID (ci));

if (QueryPerformanceCounter (&performanceCountStart) == 0)

goto counter_error;

{

wchar_t sysPath[TC_MAX_PATH];

{

typedef UINT (WINAPI *GetSystemWow64Directory_t) (LPWSTR lpBuffer, UINT uSize);

else if (wcsstr(productName, L"Basic") != 0)

osname += L"-basic";

if (CurrentOSServicePack > 0)

{

SHGetSpecialFolderLocation (hwndDlg, CSIDL_PROGRAM_FILES, &itemList);

SHGetPathFromIDList (itemList, path);

{

}

StringCbCatW (path, sizeof(path), L"\\VeraCrypt\\");

}

}

#define RtlGenRandom SystemFunction036

extern "C" BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);

BOOL IsTestSigningModeEnabled ();

DWORD SendServiceNotification (DWORD dwNotificationCmd);

DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize);

void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);

#endif

BOOL IsInternetConnected();

static TC_EVENT WorkItemReadyEvent;

static TC_EVENT WorkItemCompletedEvent;

void EncryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)

{

if (IsRamEncryptionEnabled())

DecryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, ci);

}

static WorkItemState GetWorkItemState (EncryptionThreadPoolWorkItem *workItem)

{

return InterlockedExchangeAdd ((LONG *) &workItem->State, 0);

return ERR_MODE_INIT_FAILED;

}

if (IsRamEncryptionEnabled ())

VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));

x = ft->num_sectors - ft->reserved - ft->size_root_dir / ft->sector_size - ft->fat_length * 2;

while (x--)

LARGE_INTEGER offset;

BOOL bFailedRequiredDASD = FALSE;

HWND hwndDlg = volParams->hwndDlg;

CRYPTO_INFO tmpCI;

PCRYPTO_INFO cryptoInfoBackup = NULL;

FormatSectorSize = volParams->sectorSize;

return nStatus? nStatus : ERR_OUTOFMEMORY;

}

if (IsRamEncryptionEnabled ())

{

VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));

}

begin_format:

goto error;

}

if (IsRamEncryptionEnabled ())

{

VirtualLock (&tmpCI, sizeof (tmpCI));

cryptoInfoBackup = cryptoInfo;

cryptoInfo = &tmpCI;

}

nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,

header,

FormatSectorSize,

FALSE);

if (IsRamEncryptionEnabled ())

{

cryptoInfo = cryptoInfoBackup;

burn (&tmpCI, sizeof (CRYPTO_INFO));

VirtualUnlock (&tmpCI, sizeof (tmpCI));

}

if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))

{

{

BOOL bUpdateBackup = FALSE;

if (IsRamEncryptionEnabled ())

{

VirtualLock (&tmpCI, sizeof (tmpCI));

cryptoInfoBackup = cryptoInfo;

cryptoInfo = &tmpCI;

}

nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);

if (IsRamEncryptionEnabled ())

{

cryptoInfo = cryptoInfoBackup;

burn (&tmpCI, sizeof (CRYPTO_INFO));

VirtualUnlock (&tmpCI, sizeof (tmpCI));

}

if (nStatus != ERR_SUCCESS)

goto error;

LARGE_INTEGER startOffset;

LARGE_INTEGER newOffset;

CRYPTO_INFO tmpCI;

// Seek to start sector

startOffset.QuadPart = startSector * FormatSectorSize;

memset (sector, 0, sizeof (sector));

if (IsRamEncryptionEnabled ())

{

VirtualLock (&tmpCI, sizeof (tmpCI));

VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));

cryptoInfo = &tmpCI;

}

// Remember the original secondary key (XTS mode) before generating a temporary one

memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));

goto fail;

}

if (IsRamEncryptionEnabled ())

VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));

while (num_sectors--)

{

VirtualUnlock (temporaryKey, sizeof (temporaryKey));

VirtualUnlock (originalK2, sizeof (originalK2));

TCfree (write_buf);

if (IsRamEncryptionEnabled ())

{

burn (&tmpCI, sizeof (CRYPTO_INFO));

VirtualUnlock (&tmpCI, sizeof (tmpCI));

}

return 0;

VirtualUnlock (temporaryKey, sizeof (temporaryKey));

VirtualUnlock (originalK2, sizeof (originalK2));

TCfree (write_buf);

if (IsRamEncryptionEnabled ())

{

burn (&tmpCI, sizeof (CRYPTO_INFO));

VirtualUnlock (&tmpCI, sizeof (tmpCI));

}

SetLastError (err);

return (retVal ? retVal : ERR_OS_ERROR);

/* Macro to add four bytes to the pool */

#define RandaddInt32(x) RandAddInt((unsigned __int32)x);

#define RandaddIntPtr(x) RandAddInt64((unsigned __int64)x);

void RandAddInt (unsigned __int32 x)

{

#define IDR_EFI_LEGACYSPEAKER 569

#define IDR_EFI_DCSBML 570

#define IDR_EFI_DCSRE 571

#define IDR_EFI_DCSINFO 578

#define IDC_HW_AES_LABEL_LINK 5000

#define IDC_HW_AES 5001

#define IDC_PARALLELIZATION_LABEL_LINK 5002

if (!EAInitMode (ci, key2))

return FALSE;

if (IsRamEncryptionEnabled ())

VcProtectKeys (ci, VcGetEncryptionID (ci));

// Each data unit will contain the same plaintext

for (i = 0; i < nbrUnits; i++)

#ifdef TC_WINDOWS_DRIVER

{

blake2s_state ctx;

blake2s_init (&ctx);

blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);

blake2s_update (&ctx, header, sizeof(header));

blake2s_final (&ctx, cryptoInfo->master_keydata_hash);

burn(&ctx, sizeof (ctx));

}

#else

memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);