Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

and all other portions of this file are Copyright (c) 2013-2016 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

#define TC_NONSYS_INPLACE_ENC_MIN_VOL_SIZE (TC_TOTAL_VOLUME_HEADERS_SIZE + TC_MIN_NTFS_FS_SIZE * 2)

// after shrinking has been performed. If there's any error, returns -1.

static __int64 NewFileSysSizeAfterShrink (HANDLE dev, const wchar_t *devicePath, int64 *totalClusterCount, DWORD *bytesPerCluster, BOOL silent)

{

NULL,

0,

(LPVOID) &ntfsVolData,

&nBytesReturned,

NULL))

{

handleWin32Error (MainDlg, SRC_POS);

return -1;

fileSysSize = ntfsVolData.NumberSectors.QuadPart * ntfsVolData.BytesPerSector;

if (desiredNbrSectors <= 0)

return -1;

if (totalClusterCount)

*totalClusterCount = ntfsVolData.TotalClusters.QuadPart;

if (bytesPerCluster)

if (!IsAdmin())

{

// status can be ignored). In case the IsAdmin() detection somehow fails, we allow the user to continue.

if (!silent)

NULL,

0,

(LPVOID) &ntfsVolData,

&nBytesReturned,

NULL))

{

NULL,

0,

(LPVOID) &ntfsVolData,

&nBytesReturned,

NULL))

{

/* Admin rights */

if (!IsAdmin())

{

// status can be ignored). In case the IsAdmin() detection somehow fails, we allow the user to continue.

if (!silent)

if (dev == INVALID_HANDLE_VALUE)

{

goto closing_seq;

}

}

{

// The volume is not mounted so we can't work with the filesystem.

Error ("ONLY_MOUNTED_VOL_SUPPORTED_FOR_NONSYS_INPLACE_ENC", hwndDlg);

goto closing_seq;

}

if (!DeviceIoControl (dev,

FSCTL_ALLOW_EXTENDED_DASD_IO,

NULL,

NULL,

0,

&dwResult,

{

handleWin32Error (MainDlg, SRC_POS);

ShowInPlaceEncErrMsgWAltSteps (hwndDlg, "INPLACE_ENC_CANT_ACCESS_OR_GET_INFO_ON_VOL_ALT", TRUE);

goto closing_seq;

}

if (sizeToShrinkTo == -1)

{

ShowInPlaceEncErrMsgWAltSteps (hwndDlg, "INPLACE_ENC_CANT_ACCESS_OR_GET_INFO_ON_VOL_ALT", TRUE);

goto closing_seq;

}

if (!DeviceIoControl (dev,

FSCTL_SHRINK_VOLUME,

(LPVOID) &shrinkVolInfo,

NULL,

0,

&dwResult,

{

handleWin32Error (hwndDlg, SRC_POS);

ShowInPlaceEncErrMsgWAltSteps (hwndDlg, "CANNOT_RESIZE_FILESYS", TRUE);

goto closing_seq;

}

if (!DeviceIoControl (dev, FSCTL_SHRINK_VOLUME, &shrinkVolInfo, sizeof (shrinkVolInfo), NULL, 0, &dwResult, NULL))

{

// If there are any occupied clusters beyond the new desired end of the volume, the call fails with

if (GetLastError () == ERROR_ACCESS_DENIED)

{

if (!clustersMovedBeforeVolumeEnd)

handleWin32Error (hwndDlg, SRC_POS);

ShowInPlaceEncErrMsgWAltSteps (hwndDlg, "CANNOT_RESIZE_FILESYS", TRUE);

goto closing_seq;

}

if (nStatus != ERR_SUCCESS)

{

goto closing_seq;

}

area is occuppied by data until the very end of the process). */

// Prepare the backup header

goto closing_seq;

}

// of this partition even if the system/app crashes.

and apps from interfering with the volume until it has been fully encrypted. */

nStatus = ConcealNTFS (dev);

// /* If a drive letter is assigned to the device, remove it (so that users do not try to open it, which

//would cause Windows to ask them if they want to format the volume and other dangerous things). */

//{

// char rootPath[] = { driveLetter + 'A', ':', '\\', 0 };

if (dev == INVALID_HANDLE_VALUE)

{

goto closing_seq;

}

}

DeviceIoControl (dev,

FSCTL_ALLOW_EXTENDED_DASD_IO,

NULL,

NULL,

0,

&dwResult,

if (remainingBytes - workChunkSize < TC_INITIAL_NTFS_CONCEAL_PORTION_SIZE)

{

// We reached the inital portion of the filesystem, which we had concealed (in order to prevent

for (i = 0; i < TC_INITIAL_NTFS_CONCEAL_PORTION_SIZE - (remainingBytes - workChunkSize); i++)

buf[i] ^= TC_NTFS_CONCEAL_CONSTANT;

}

EncryptDataUnits (wipeBuffer, &unitNo, workChunkSize / ENCRYPTION_DATA_UNIT_SIZE, masterCryptoInfo);

}

if (SetFilePointerEx (dev, offset, NULL, FILE_BEGIN) == 0

}

}

}

GetSizeString (zeroedSectorCount * sectorSize, sizeStr, sizeof(sizeStr));

GetString ("ZEROED_BAD_SECTOR_COUNT"),

zeroedSectorCount,

sizeStr);

if (dev == INVALID_HANDLE_VALUE)

{

goto closing_seq;

}

DeviceIoControl (dev,

FSCTL_ALLOW_EXTENDED_DASD_IO,

NULL,

NULL,

0,

&dwResult,

switch (AskMultiChoice ((void **) tmpStr, FALSE, hwndDlg))

{

case 1:

break;

case 2:

default:

goto closing_seq;

}

}

// Decrypt the ciphertext in RAM

DecryptDataUnits ((byte *) buf, &unitNo, workChunkSize / ENCRYPTION_DATA_UNIT_SIZE, masterCryptoInfo);

if (workChunkStartByteOffset - TC_VOLUME_DATA_OFFSET < TC_INITIAL_NTFS_CONCEAL_PORTION_SIZE)

{

// conceal this portion to prevent Windows and applications from interfering with the volume.

for (i = 0; i < min (TC_INITIAL_NTFS_CONCEAL_PORTION_SIZE, workChunkStartByteOffset - TC_VOLUME_DATA_OFFSET + workChunkSize); i++)

dev = CreateFile (devName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_WRITE_THROUGH, NULL);

if (dev != INVALID_HANDLE_VALUE)

{

&& !bSilent

&& AskWarnNoYes ("DEVICE_IN_USE_INPLACE_ENC", hwndDlg) == IDNO)

{

attempt = UNMOUNT_MAX_AUTO_RETRIES * 10;

&& attempt > 0)

{

Sleep (UNMOUNT_AUTO_RETRY_DELAY);

attempt = UNMOUNT_MAX_AUTO_RETRIES * 10;

&& attempt > 0)

{

Sleep (UNMOUNT_AUTO_RETRY_DELAY);

if (!bSilent)

ShowInPlaceEncErrMsgWAltSteps (hwndDlg, "INPLACE_ENC_CANT_LOCK_OR_DISMOUNT_FILESYS", TRUE);

}

}

// interfering with it until the volume has been fully encrypted). Note that this function will precisely

// undo any modifications it made to the filesystem automatically if an error occurs when writing (including

// physical drive defects).

DWORD dwError;

offset.QuadPart = 0;

if (SetFilePointerEx (dev, offset, NULL, FILE_BEGIN) == 0)

return ERR_OS_ERROR;

StringCbPrintfA (str, sizeof(str), "%d", (int) newWipeAlgorithm);

SaveBufferToFile (str, GetConfigPath (TC_APPD_FILENAME_NONSYS_INPLACE_ENC_WIPE), (DWORD) strlen(str), FALSE, FALSE);

else if (FileExists (GetConfigPath (TC_APPD_FILENAME_NONSYS_INPLACE_ENC_WIPE)))

{

_wremove (GetConfigPath (TC_APPD_FILENAME_NONSYS_INPLACE_ENC_WIPE));

}

}

StringCbPrintfA (str, sizeof(str), "%d", count);

return SaveBufferToFile (str, GetConfigPath (TC_APPD_FILENAME_NONSYS_INPLACE_ENC), (DWORD) strlen(str), FALSE, FALSE);

}

// Note that this operating fails if there are any write errors.

int ZeroUnreadableSectors (HANDLE dev, LARGE_INTEGER startOffset, int64 size, int sectorSize, uint64 *zeroedSectorCount)

{

startLcn.StartingLcn.QuadPart += min (bitmapSize * 8, bitmap->BitmapSize.QuadPart);

}

err:

SetLastError (ERROR_DISK_FULL);

return FALSE;