BOOL RecoveryMode;

int pkcs5_prf;

int ProtectedHidVolPkcs5Prf;

} MOUNT_STRUCT;

typedef struct

// Initial rescue disk assumes encryption of the drive has been completed (EncryptedAreaLength == volumeSize)

memcpy (RescueVolumeHeader, VolumeHeader, sizeof (RescueVolumeHeader));

DecryptBuffer (RescueVolumeHeader + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);

PCRYPTO_INFO cryptoInfo = NULL;

finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });

if (status != 0)

int cacheEmpty = 1;

static int nPasswordIdx = 0;

{

int nReturnCode = ERR_PASSWORD_WRONG;

int i;

/* Attempt to recognize volume using mount password */

if (password->Length > 0)

{

/* Save mount passwords back into cache if asked to do so */

if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))

{

if (CachedPasswords[i].Length > 0)

{

if (nReturnCode != ERR_PASSWORD_WRONG)

break;

extern int cacheEmpty;

void AddPasswordToCache (Password *password);

void WipeCache (void);

unsigned __int8 k2[MASTER_KEYDATA_SIZE]; /* For XTS, this contains the secondary key (if cascade, multiple concatenated). For LRW (deprecated/legacy), it contains the tweak key. For CBC (deprecated/legacy), it contains the IV seed. */

unsigned __int8 salt[PKCS5_SALT_SIZE];

int noIterations;

uint64 volume_creation_time; // Legacy

uint64 header_creation_time; // Legacy

// A non-error

break;

default:

StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code);

MessageBoxW (hwndDlg, szTmp, lpszTitle, ICON_HAND);

case SHA512:

/* PKCS-5 test with HMAC-SHA-512 used as the PRF */

break;

case SHA256:

/* PKCS-5 test with HMAC-SHA-256 used as the PRF */

break;

case RIPEMD160:

/* PKCS-5 test with HMAC-RIPEMD-160 used as the PRF */

break;

case WHIRLPOOL:

/* PKCS-5 test with HMAC-Whirlpool used as the PRF */

break;

}

}

char *volumePath,

Password *password,

int pkcs5,

BOOL cachePassword,

BOOL sharedAccess,

const MountOptions* const mountOptions,

mount.bMountManager = TRUE;

mount.pkcs5_prf = pkcs5;

// Windows 2000 mount manager causes problems with remounted volumes

if (CurrentOSMajor == 5 && CurrentOSMinor == 0)

&mount.nPartitionInInactiveSysEncScopeDriveNo,

sizeof(mount.nPartitionInInactiveSysEncScopeDriveNo)) != 1)

{

return -1;

}

burn (&mount.VolumePassword, sizeof (mount.VolumePassword));

burn (&mount.ProtectedHidVolPassword, sizeof (mount.ProtectedHidVolPassword));

burn (&mount.pkcs5_prf, sizeof (mount.pkcs5_prf));

burn (&mount.ProtectedHidVolPkcs5Prf, sizeof (mount.ProtectedHidVolPkcs5Prf));

if (bResult == FALSE)

#ifndef SETUP

{

int status = ERR_PARAMETER_INCORRECT;

int volumeType;

}

// Decrypt volume header

if (status == ERR_PASSWORD_WRONG)

continue; // Try next volume type

BOOL IsDeviceMounted (char *deviceName);

int DriverUnmountVolume (HWND hwndDlg, int nDosDriveNo, BOOL forced);

void BroadcastDeviceChange (WPARAM message, int nDosDriveNo, DWORD driveMap);

BOOL UnmountVolume (HWND hwndDlg , int nDosDriveNo, BOOL forceUnmount);

BOOL IsPasswordCacheEmpty (void);

BOOL IsMountedVolume (const char *volname);

void AccommodateTextField (HWND hwndDlg, UINT ctrlId, BOOL bFirstUpdate, HFONT hFont);

BOOL GetDriveLabel (int driveNo, wchar_t *label, int labelSize);

BOOL DoDriverInstall (HWND hwndDlg);

void CloseVolume (OpenVolumeContext *context);

int ReEncryptVolumeHeader (HWND hwndDlg, char *buffer, BOOL bBoot, CRYPTO_INFO *cryptoInfo, Password *password, BOOL wipeMode);

BOOL IsPagingFileActive (BOOL checkNonWindowsPartitionsOnly);

mountOptions.PartitionInInactiveSysEncScope = FALSE;

mountOptions.UseBackupHeader = FALSE;

{

MessageBoxW (volParams->hwndDlg, GetString ("CANT_MOUNT_VOLUME"), lpszTitle, ICON_HAND);

MessageBoxW (volParams->hwndDlg, GetString ("FORMAT_NTFS_STOP"), lpszTitle, ICON_HAND);

<control lang="en" key="IDC_SHOW_PASSWORD_CHPWD_ORI">Display password</control>

<control lang="en" key="IDC_TRAVEL_OPEN_EXPLORER">Open &amp;Explorer window for mounted volume</control>

<control lang="en" key="IDC_TRAV_CACHE_PASSWORDS">&amp;Cache password in driver memory</control>

<control lang="en" key="IDC_UNMOUNTALL">Di&amp;smount All</control>

<control lang="en" key="IDC_VOLUME_PROPERTIES">&amp;Volume Properties...</control>

<control lang="en" key="IDC_VOLUME_TOOLS">Volume &amp;Tools...</control>

<string lang="en" key="EXTRA_BOOT_PARTITION_REMOVAL_INSTRUCTIONS">\nThe extra boot partition can be removed before installing Windows. To do so, follow these steps:\n\n1) Boot your Windows installation disc.\n\n2) In the Windows installer screen, click 'Install now' > 'Custom (advanced)'.\n\n3) Click 'Drive Options'.\n\n4) Select the main system partition and delete it by clicking 'Delete' and 'OK'.\n\n5) Select the 'System Reserved' partition, click 'Extend', and increase its size so that the operating system can be installed to it.\n\n6) Click 'Apply' and 'OK'.\n\n7) Install Windows on the 'System Reserved' partition.\n\n\nShould an attacker ask why you removed the extra boot partition, you can answer that you wanted to prevent any possible data leaks to the unencrypted boot partition.\n\nNote: You can print this text by clicking the 'Print' button below. If you save a copy of this text or print it (strongly recommended, unless your printer stores copies of documents it prints on its internal drive), you should destroy any copies of it after removing the extra boot partition (otherwise, if such a copy was found, it might indicate that there is a hidden operating system on this computer).</string>

<string lang="en" key="GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION">Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions).</string>

<string lang="en" key="ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">This algorithm is currently not supported for system encryption.</string>

<string lang="en" key="KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">Keyfiles are currently not supported for system encryption.</string>

<string lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</string>

<string lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</string>

<string lang="en" key="ASK_REMOVE_DEVICE_WRITE_PROTECTION">Do you want VeraCrypt to attempt to disable write protection of the partition/drive?</string>

<string lang="en" key="CONFIRM_SETTING_DEGRADES_PERFORMANCE">WARNING: This setting may degrade performance.\n\nAre you sure you want to use this setting?</string>

<string lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN_TITLE">Warning: VeraCrypt volume auto-dismounted</string>

<string lang="en" key="KEYFILE">Keyfile</string>

<string lang="en" key="VKEY_08">Backspace</string>

<string lang="en" key="VKEY_09">Tab</string>

return TRUE;

}

{

int nDosLinkCreated = 1, nStatus = ERR_OS_ERROR;

char szDiskFile[TC_MAX_PATH], szCFDevice[TC_MAX_PATH];

if (oldPassword->Length == 0 || newPassword->Length == 0) return -1;

{

nStatus = ERR_PARAMETER_INCORRECT;

handleError (hwndDlg, nStatus);

/* Try to decrypt the header */

if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)

nStatus = 0; // We can ignore this error here

(volumeType == TC_VOLUME_TYPE_HIDDEN) ? cryptoInfo->hiddenVolumeSize : 0,

cryptoInfo->EncryptedAreaStart.Value,

cryptoInfo->EncryptedAreaLength.Value,

cryptoInfo->HeaderFlags,

cryptoInfo->SectorSize,

wipePass < wipePassCount - 1);

void VerifyPasswordAndUpdate ( HWND hwndDlg , HWND hButton , HWND hPassword , HWND hVerify , unsigned char *szPassword , char *szVerify, BOOL keyFilesEnabled );

BOOL CheckPasswordLength (HWND hwndDlg, HWND hwndItem);

BOOL CheckPasswordCharEncoding (HWND hPassword, Password *ptrPw);

#endif // defined(_WIN32) && !defined(TC_WINDOWS_DRIVER)

{

switch (pkcs5_prf_id)

{

case RIPEMD160:

case SHA512:

case WHIRLPOOL:

case SHA256:

return bBoot? 200000 : 500000;

void hmac_whirlpool (char *k, int lk, char *d, int ld, char *out, int t);

void derive_u_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *u, int b);

void derive_key_whirlpool (char *pwd, int pwd_len, char *salt, int salt_len, int iterations, char *dk, int dklen);

char *get_pkcs5_prf_name (int pkcs5_prf_id);

#if defined(__cplusplus)

ERR_PARAMETER_INCORRECT = 30,

ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG = 31,

ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32,

};

#endif // #ifndef TCDEFS_H

BOOL ReadVolumeHeaderRecoveryMode = FALSE;

{

char header[TC_VOLUME_HEADER_EFFECTIVE_SIZE];

KEY_INFO keyInfo;

LONG outstandingWorkItemCount = 0;

int i;

if (retHeaderCryptoInfo != NULL)

{

cryptoInfo = retHeaderCryptoInfo;

if (selected_pkcs5_prf != 0 && enqPkcs5Prf != selected_pkcs5_prf)

continue;

if ((selected_pkcs5_prf == 0) && (encryptionThreadCount > 1))

{

// Enqueue key derivation on thread pool

EncryptionThreadPoolBeginKeyDerivation (&keyDerivationCompletedEvent, &noOutstandingWorkItemEvent,

&item->KeyReady, &outstandingWorkItemCount, enqPkcs5Prf, keyInfo.userKey,

++queuedWorkItems;

break;

if (!item->Free && InterlockedExchangeAdd (&item->KeyReady, 0) == TRUE)

{

pkcs5_prf = item->Pkcs5Prf;

memcpy (dk, item->DerivedKey, sizeof (dk));

item->Free = TRUE;

else

{

pkcs5_prf = enqPkcs5Prf;

switch (pkcs5_prf)

{

DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);

continue;

// Header version

// Required program version

cryptoInfo->RequiredProgramVersion = GetHeaderField16 (header, TC_HEADER_OFFSET_REQUIRED_VERSION);

// Check CRC of the key set

if (!ReadVolumeHeaderRecoveryMode

// Now we have the correct password, cipher, hash algorithm, and volume type

// Check the version required to handle this volume

{

status = ERR_NEW_VERSION_REQUIRED;

goto err;

{

cryptoInfo->pkcs5 = pkcs5_prf;

cryptoInfo->noIterations = keyInfo.noIterations;

goto ret;

}

memcpy (cryptoInfo->salt, keyInfo.salt, PKCS5_SALT_SIZE);

cryptoInfo->pkcs5 = pkcs5_prf;

cryptoInfo->noIterations = keyInfo.noIterations;

// Init the cipher with the decrypted master key

status = EAInit (cryptoInfo->ea, keyInfo.master_keydata + primaryKeyOffset, cryptoInfo->ks);

// User key

memcpy (keyInfo.userKey, password->Text, nUserKeyLen);

keyInfo.keyLength = nUserKeyLen;

// User selected encryption algorithm

cryptoInfo->ea = ea;

// User selected PRF

cryptoInfo->pkcs5 = pkcs5_prf;

// Mode of operation

cryptoInfo->mode = mode;

#ifdef TC_WINDOWS_BOOT

int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);

#else

#endif

#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT)