typedef struct

{

} BootLoaderFingerprintRequest;

typedef struct

{

wchar_t DevicePath[TC_MAX_PATH];

BOOL DriveIsDynamic;

uint16 BootLoaderVersion;

char CustomUserMessage[TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH + 1];

} GetSystemDriveConfigurationRequest;

typedef struct

{

WipeAlgorithmId WipeAlgorithm;

} WipeDecoySystemRequest;

typedef struct

typedef struct

{

LARGE_INTEGER Offset;

} WriteBootDriveSectorRequest;

typedef struct

msg [maxSize - 1] = 0;

std::string msgStr = maxSize > 0 ? msg : "";

BootEncryption bootEnc (NULL);

}

catch (SystemException &)

{

return true;

}

{

BOOL bRet = FALSE;

const char* g_szStr1 = "Invalid partition table";

const char* g_szStr2 = "Error loading operating system";

const char* g_szStr3 = "Missing operating system";

}

}

{

Elevate();

}

}

{

Elevate();

public:

static void AddReference () { }

static void CallDriver (DWORD ioctl, void *input, DWORD inputSize, void *output, DWORD outputSize) { throw ParameterIncorrect (SRC_POS); }

static void RegisterFilterDriver (bool registerDriver, BootEncryption::FilterType filterType) { throw ParameterIncorrect (SRC_POS); }

static void Release () { }

static void SetDriverServiceStartType (DWORD startType) { throw ParameterIncorrect (SRC_POS); }

static void BackupEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); }

static void RestoreEfiSystemLoader () { throw ParameterIncorrect (SRC_POS); }

static void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn) { throw ParameterIncorrect (SRC_POS); }

static void UpdateSetupConfigFile (bool bForInstall) { throw ParameterIncorrect (SRC_POS); }

static void GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded) { throw ParameterIncorrect (SRC_POS); }

};

FileOpen = false;

}

{

DWORD bytesRead;

dwSize = (DWORD) size64;

}

{

DWORD bytesWritten;

return version;

}

{

BootLoaderFingerprintRequest request;

CallDriver (VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT, NULL, 0, &request, sizeof (request));

}

{

Device device (GetSystemDriveConfiguration().DevicePath, true);

device.CheckOpened (SRC_POS);

device.SeekAt (0);

device.Read (mbrBuf, sizeof (mbrBuf));

continue;

}

return true;

}

}

{

uint32 sum = 0;

}

{

if (bufferSize < TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE)

throw ParameterIncorrect (SRC_POS);

// Boot sector

DWORD size;

if (!bootSecResourceImg || size != TC_SECTOR_SIZE_BIOS)

throw ParameterIncorrect (SRC_POS);

{

Device device (GetSystemDriveConfiguration().DevicePath);

device.CheckOpened (SRC_POS);

device.SeekAt (HiddenOSCandidatePartition.Info.StartingOffset.QuadPart + HiddenOSCandidatePartition.Info.PartitionLength.QuadPart - TC_VOLUME_HEADER_GROUP_SIZE + TC_VOLUME_HEADER_EFFECTIVE_SIZE);

device.Read (headerSector, sizeof (headerSector));

}

// Decompressor

if (!decompressor || size > TC_BOOT_LOADER_DECOMPRESSOR_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)

throw ParameterIncorrect (SRC_POS);

memcpy (buffer + TC_SECTOR_SIZE_BIOS, decompressor, size);

// Compressed boot loader

if (!bootLoader || size > TC_MAX_BOOT_LOADER_SECTOR_COUNT * TC_SECTOR_SIZE_BIOS)

throw ParameterIncorrect (SRC_POS);

}

// return false when the user cancel an elevation request

{

bool bCanceled = false, bExceptionOccured = false;

try

}

{

Device device (GetSystemDriveConfiguration().DevicePath);

device.CheckOpened (SRC_POS);

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

device.SeekAt (0);

device.Write (mbr, sizeof (mbr));

device.SeekAt (0);

device.Read (mbrVerificationBuf, sizeof (mbr));

throw ErrorException ("ERROR_MBR_PROTECTED", SRC_POS);

}

{

if (!IsAdmin() && IsUacSupported())

{

}

}

{

if (GetSystemDriveConfiguration().SystemPartition.IsGPT)

{

{

Device device (GetSystemDriveConfiguration().DevicePath);

device.CheckOpened (SRC_POS);

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

device.SeekAt (0);

device.Write (mbr, sizeof (mbr));

device.SeekAt (0);

device.Read (mbrVerificationBuf, sizeof (mbr));

unsigned int BootEncryption::GetHiddenOSCreationPhase ()

{

ReadBootSectorConfig (configFlags, sizeof(configFlags));

#if TC_BOOT_CFG_FLAG_AREA_SIZE != 1

# error TC_BOOT_CFG_FLAG_AREA_SIZE != 1; revise GetHiddenOSCreationPhase() and SetHiddenOSCreationPhase()

#endif

ReadBootSectorConfig (configFlags, sizeof(configFlags));

configFlags[0] |= newPhase;

Device device (GetSystemDriveConfiguration().DevicePath);

device.CheckOpened(SRC_POS);

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

# error PRAND_DISK_WIPE_PASSES > RNG_POOL_SIZE

#endif

if (!RandgetBytes (ParentWindow, randData, sizeof (randData), FALSE))

throw ParameterIncorrect (SRC_POS);

mbr[TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + i] = randData[wipePass];

}

mbr[TC_BOOT_SECTOR_CONFIG_OFFSET] |= randData[wipePass] & TC_BOOT_CFG_MASK_HIDDEN_OS_CREATION_PHASE;

if (wipePass == PRAND_DISK_WIPE_PASSES - 1)

if (loaderSize > 32768)

{

EfiBootInst.ReadFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", &bootLoaderBuf[0], (DWORD) loaderSize);

uint32 varSize = 56;

varSize += ((uint32) description.length()) * 2 + 2;

varSize += ((uint32) execPath.length()) * 2 + 2;

// Attributes (1b Active, 1000b - Hidden)

*(uint32 *)pVar = attr;

/* EFI_DEVICE_PATH_PROTOCOL (HARDDRIVE_DEVICE_PATH \ FILE_PATH \ END) */

// Type

// SubType

// HDD dev path length

*(uint16 *)pVar = 0x2A; // 42

pVar += 16;

// MbrType

// SigType

// Type and sub type 04 04 (file path)

*(uint16 *)pVar = 0x0404;

StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum);

// only set value if it doesn't already exist

DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, varSize);

if ((existingVarLen != varSize) || (0 != memcmp (existingVar, startVar, varSize)))

SetFirmwareEnvironmentVariable(varName, EfiVarGuid, startVar, varSize);

wchar_t varName[256];

StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, startOrder[0]);

DWORD existingVarLen = GetFirmwareEnvironmentVariableW (varName, EfiVarGuid, existingVar, 512);

if (existingVarLen > 0)

{

if (size1 == size2)

{

// same size, so now we compare content

DWORD remainingBytes = size1, dataToRead;

while (remainingBytes)

return bRet;

}

{

bool bRet = false;

if (existingSize == size)

{

DWORD remainingBytes = size, dataOffset = 0, dataToRead;

while (remainingBytes)

return bRet;

}

wstring path = EfiBootPartPath;

path += name;

f.Close();

}

wstring path = EfiBootPartPath;

path += name;

File f(path, true);

}

DWORD sizeDcsBoot;

#ifdef _WIN64

#else

#endif

if (!dcsBootImg)

throw ErrorException(L"Out of resource DcsBoot", SRC_POS);

DWORD sizeDcsInt;

#ifdef _WIN64

#else

#endif

if (!dcsIntImg)

throw ErrorException(L"Out of resource DcsInt", SRC_POS);

DWORD sizeDcsCfg;

#ifdef _WIN64

#else

#endif

if (!dcsCfgImg)

throw ErrorException(L"Out of resource DcsCfg", SRC_POS);

DWORD sizeLegacySpeaker;

#ifdef _WIN64

#else

#endif

if (!LegacySpeakerImg)

throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);

#ifdef VC_EFI_CUSTOM_MODE

DWORD sizeBootMenuLocker;

#ifdef _WIN64

#else

#endif

if (!BootMenuLockerImg)

throw ErrorException(L"Out of resource DcsBml", SRC_POS);

#endif

DWORD sizeDcsInfo;

#ifdef _WIN64

#else

#endif

if (!DcsInfoImg)

throw ErrorException(L"Out of resource DcsInfo", SRC_POS);

{

if (loaderSize > 32768)

{

EfiBootInst.ReadFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", &bootLoaderBuf[0], (DWORD) loaderSize);

// DcsBoot.efi is always smaller than 32KB

if (loaderSize > 32768)

{

EfiBootInst.ReadFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", &bootLoaderBuf[0], (DWORD) loaderSize);

{

// look for bootmgfw.efi identifiant string

EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);

EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);

EfiBootInst.GetFileSize(szStdEfiBootloader, loaderSize);

if (loaderSize > 32768)

{

EfiBootInst.ReadFile(szStdEfiBootloader, &bootLoaderBuf[0], (DWORD) loaderSize);

// check if standard bootloader under EFI\Boot is Microsoft one or if it is ours

// if both cases, replace it with our bootloader otherwise do nothing

EfiBootInst.GetFileSize(szStdEfiBootloader, loaderSize);

EfiBootInst.ReadFile(szStdEfiBootloader, &bootLoaderBuf[0], (DWORD) loaderSize);

// look for bootmgfw.efi or VeraCrypt identifiant strings

{

try

{

CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation);

// Write MBR

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

device.SeekAt (0);

device.Write (mbr, sizeof (mbr));

device.SeekAt (0);

device.Read (mbrVerificationBuf, sizeof (mbr));

if (config.SystemPartition.IsGPT)

return true;

bool bRet = false;

try

// create EFI disk structure

DWORD sizeDcsBoot;

#ifdef _WIN64

#else

#endif

if (!dcsBootImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsInt;

#ifdef _WIN64

#else

#endif

if (!dcsIntImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsCfg;

#ifdef _WIN64

#else

#endif

if (!dcsCfgImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeLegacySpeaker;

#ifdef _WIN64

#else

#endif

if (!LegacySpeakerImg)

throw ParameterIncorrect (SRC_POS);

#ifdef VC_EFI_CUSTOM_MODE

DWORD sizeBootMenuLocker;

#ifdef _WIN64

#else

#endif

if (!BootMenuLockerImg)

throw ParameterIncorrect (SRC_POS);

#endif

DWORD sizeDcsRescue;

#ifdef _WIN64

#else

#endif

if (!DcsRescueImg)

throw ParameterIncorrect (SRC_POS);

DWORD sizeDcsInfo;

#ifdef _WIN64

#else

#endif

if (!DcsInfoImg)

throw ParameterIncorrect (SRC_POS);

finally_do_arg (FILE*, ftmpFile, { fclose (finally_arg); });

unsigned long ulZipSize = (unsigned long) _filelength (_fileno (ftmpFile));

if (!RescueZipData)

throw bad_alloc();

{

Buffer imageBuf (RescueIsoImageSize);

memset (image, 0, RescueIsoImageSize);

// Primary volume descriptor

// Boot loader backup

CreateBootLoaderInMemory (image + TC_CD_BOOTSECTOR_OFFSET + TC_BOOT_LOADER_BACKUP_RESCUE_DISK_SECTOR_OFFSET, TC_BOOT_LOADER_AREA_SIZE, false);

if (!RescueIsoImage)

throw bad_alloc();

memcpy (RescueIsoImage, image, RescueIsoImageSize);

if (GetHeaderField32 (RescueVolumeHeader, TC_HEADER_OFFSET_MAGIC) != 0x56455241)

throw ParameterIncorrect (SRC_POS);

mputInt64 (fieldPos, volumeSize);

// CRC of the header fields

device.CheckOpened (SRC_POS);

device.SeekAt (TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET);

}

}

}

unsigned __int64 loaderSize = 0;

const wchar_t * szStdMsBootloader = L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi";

const wchar_t * szBackupMsBootloader = L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc";

const char* g_szMsBootString = "bootmgfw.pdb";

{

Device device (GetSystemDriveConfiguration().DevicePath, true);

device.CheckOpened (SRC_POS);

device.SeekAt (0);

device.Read (bootLoaderBuf, sizeof (bootLoaderBuf));

const char* g_szMsBootString = "bootmgfw.pdb";

unsigned __int64 loaderSize = 0;

EfiBootInst.GetFileSize(loaderPath.c_str(), loaderSize);

EfiBootInst.ReadFile(loaderPath.c_str(), &bootLoaderBuf[0], (DWORD) loaderSize);

}

else

{

File backupFile (GetSystemLoaderBackupPath(), true);

backupFile.CheckOpened(SRC_POS);

device.CheckOpened (SRC_POS);

// Preserve current partition table

device.SeekAt (0);

device.Read (mbr, sizeof (mbr));

memcpy (bootLoaderBuf + TC_MAX_MBR_BOOT_CODE_SIZE, mbr + TC_MAX_MBR_BOOT_CODE_SIZE, sizeof (mbr) - TC_MAX_MBR_BOOT_CODE_SIZE);

// Register class filter below all other filters in the stack

size_t strSize = filter.size() + 1;

DWORD size = (DWORD) (sizeof (regKeyBuf) - strSize);

// SetupInstallFromInfSection() does not support prepending of values so we have to modify the registry directly

// read initial value

DWORD strSize = (DWORD) filter.size() + 1, expectedSize;

Buffer expectedRegKeyBuf(65536), outputRegKeyBuf(65536);

DWORD initialSize = (DWORD) (expectedRegKeyBuf.Size() - strSize - 2);

if (RegQueryValueExA (regKey, filterReg.c_str(), NULL, NULL, pbExpectedRegKeyBuf, &initialSize) != ERROR_SUCCESS)

// remove value in case it was not done properly

Buffer regKeyBuf(65536);

DWORD initialSize = (DWORD) regKeyBuf.Size() - 2;

// Verify CRC of header salt

Device device(config.DevicePath, true);

device.CheckOpened(SRC_POS);

device.SeekAt(TC_BOOT_VOLUME_HEADER_SECTOR_OFFSET);

device.Read(header, sizeof(header));

throw ParameterIncorrect(SRC_POS);

}

}

}

device.SeekAt (headerOffset);

PCRYPTO_INFO cryptoInfo = NULL;

}

device.SeekAt (headerOffset);

headerUpdated = true;

}

try

{

// check if PIM is stored in MBR

if ( ReadBootSectorConfig (nullptr, 0, &userConfig)

&& (userConfig & TC_BOOT_USER_CFG_FLAG_DISABLE_PIM)

)

return configMap;

}

{

WriteBootDriveSectorRequest request;

request.Offset.QuadPart = offset;

bool IsOpened () const { return FileOpen;}

void CheckOpened (const char* srcPos) { if (!FileOpen) { SetLastError (LastError); throw SystemException (srcPos);} }

void Close ();

void SeekAt (int64 position);

void GetFileSize (unsigned __int64& size);

void GetFileSize (DWORD& dwSize);

public:

Buffer (size_t size) : DataSize (size)

{

if (!DataPtr)

throw bad_alloc();

}

~Buffer () { delete[] DataPtr; }

size_t Size () const { return DataSize; }

void Resize (size_t newSize)

{

if (newSize > DataSize)

{

if (!tmp)

throw bad_alloc();

memcpy (tmp, DataPtr, DataSize);

}

protected:

size_t DataSize;

};

struct PartitionEntryMBR

{

uint32 StartLBA;

uint32 SectorCountLBA;

struct MBR

{

PartitionEntryMBR Partitions[4];

uint16 Signature;

};

void DeleteStartExec(uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL);

void SetStartExec(wstring description, wstring execPath, bool setBootEntry = true, bool forceFirstBootEntry = true, bool setBootNext = true, uint16 statrtOrderNum = 0xDC5B, wchar_t* type = NULL, uint32 attr = 1);

void GetFileSize(const wchar_t* name, unsigned __int64& size);

void CopyFile(const wchar_t* name, const wchar_t* targetName);

bool FileExists(const wchar_t* name);

static bool CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2);

BOOL RenameFile(const wchar_t* name, const wchar_t* nameNew, BOOL bForce);

BOOL DelFile(const wchar_t* name);

DWORD GetDriverServiceStartType ();

unsigned int GetHiddenOSCreationPhase ();

uint16 GetInstalledBootLoaderVersion ();

Partition GetPartitionForHiddenOS ();

bool IsBootLoaderOnDrive (wchar_t *devicePath);

BootEncryptionStatus GetStatus ();

void PrepareHiddenOSCreation (int ea, int mode, int pkcs5);

void PrepareInstallation (bool systemPartitionOnly, Password &password, int ea, int mode, int pkcs5, int pim, const wstring &rescueIsoImagePath);

void ProbeRealSystemDriveSize ();

uint32 ReadDriverConfigurationFlags ();

uint32 ReadServiceConfigurationFlags ();

void RegisterBootDriver (bool hiddenSystem);

void StartDecryption (BOOL discardUnreadableEncryptedSectors);

void StartDecoyOSWipe (WipeAlgorithmId wipeAlgorithm);

void StartEncryption (WipeAlgorithmId wipeAlgorithm, bool zeroUnreadableSectors);

bool SystemDriveContainsExtendedPartition ();

bool SystemDriveContainsNonStandardPartitions ();

bool SystemPartitionCoversWholeDrive ();

bool VerifyRescueDisk ();

bool VerifyRescueDiskImage (const wchar_t* imageFile);

void WipeHiddenOSCreationConfig ();

void WriteLocalMachineRegistryDwordValue (wchar_t *keyPath, wchar_t *valueName, DWORD value);

void GetEfiBootDeviceNumber (PSTORAGE_DEVICE_NUMBER pSdn);

void BackupSystemLoader ();

protected:

static const uint32 RescueIsoImageSize = 1835008; // Size of ISO9660 image with bootable emulated 1.44MB floppy disk image

void CreateVolumeHeader (uint64 volumeSize, uint64 encryptedAreaStart, Password *password, int ea, int mode, int pkcs5, int pim);

wstring GetSystemLoaderBackupPath ();

DISK_GEOMETRY_EX GetDriveGeometry (int driveNumber);

PartitionList GetDrivePartitions (int driveNumber);

wstring GetRemarksOnHiddenOS ();

int SelectedEncryptionAlgorithmId;

int SelectedPrfAlgorithmId;

Partition HiddenOSCandidatePartition;

unsigned long RescueZipSize;

bool DriveConfigValid;

bool RealSystemDriveSizeValid;

bool RescueVolumeHeaderValid;

clear();

}

{

m_nc = 0;

m_ne = 0;

{

// case 2s

// 256 is encoded as 0x00

m_apdu.resize(5, 0);

setHeader(cla, ins, p1, p2);

m_apdu[4] = len;

else

{

// case 2e

// 65536 is encoded as 0x00 0x00

if (m_ne == 65536)

{

}

else

{

}

m_apdu.resize(7, 0);

setHeader(cla, ins, p1, p2);

// case 3s

m_apdu.resize(4 + 1 + dataLength, 0);

setHeader(cla, ins, p1, p2);

m_dataOffset = 5;

memcpy(m_apdu.data() + 5, data + dataOffset, dataLength);

}

m_apdu.resize(4 + 3 + dataLength, 0);

setHeader(cla, ins, p1, p2);

m_apdu[4] = 0;

m_dataOffset = 7;

memcpy(m_apdu.data() + 7, data + dataOffset, dataLength);

m_isExtendedAPDU = true;

// case 4s

m_apdu.resize(4 + 2 + dataLength, 0);

setHeader(cla, ins, p1, p2);

m_dataOffset = 5;

memcpy(m_apdu.data() + 5, data + dataOffset, dataLength);

}

else

{

m_apdu.resize(4 + 5 + dataLength, 0);

setHeader(cla, ins, p1, p2);

m_apdu[4] = 0;

m_dataOffset = 7;

memcpy(m_apdu.data() + 7, data + dataOffset, dataLength);

if (ne != 65536)

{

size_t leOfs = m_apdu.size() - 2;

} // else le == 65536: no need to fill in, encoded as 0

m_isExtendedAPDU = true;

}

m_parsedSuccessfully = true;

}

{

}

void CommandAPDU::clear()

m_dataOffset = 0;

}

{

init(cla, ins, p1, p2, data, dataOffset, dataLength, ne);

}

{

init(cla, ins, p1, p2, NULL, 0, 0, 0);

}

{

init(cla, ins, p1, p2, NULL, 0, 0, ne);

}

{

init(cla, ins, p1, p2, data.data(), 0, (uint32)data.size(), 0);

}

{

init(cla, ins, p1, p2, data, dataOffset, dataLength, 0);

}

{

init(cla, ins, p1, p2, data.data(), 0, (uint32)data.size(), ne);

}

{

m_apdu = apdu;

parse();

}

{

return m_apdu[0] & 0xff;

}

{

return m_apdu[1] & 0xff;

}

{

return m_apdu[2] & 0xff;

}

{

return m_apdu[3] & 0xff;

}

return m_nc;

}

{

if (m_nc > 0)

{

return m_ne;

}

{

return m_apdu;

}

{

protected:

uint32 m_nc;

uint32 m_ne;

uint32 m_dataOffset;

bool m_parsedSuccessfully;

void parse();

public:

CommandAPDU();

uint32 getNc();

uint32 getNe();

bool isValid();

void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

KFLOATING_SAVE floatingPointState;

#endif

case AES:

#if defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)

if (IsAesHwCpuSupported())

else

#endif

aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));

void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)

{

#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)

KFLOATING_SAVE floatingPointState;

#endif

{

while (blockCount > 0)

{

data += 32 * 16;

blockCount -= 32;

#ifdef TC_WINDOWS_BOOT

CRYPTO_INFO CryptoInfoBuffer;

#endif

{

#ifdef TC_WINDOWS_BOOT_AES

if (IsAesHwCpuSupported())

else

aes_encrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)

{

#ifdef TC_WINDOWS_BOOT_AES

if (IsAesHwCpuSupported())

else

#elif defined (TC_WINDOWS_BOOT_SERPENT) && !defined (WOLFCRYPT_BACKEND)

serpent_decrypt (data, data, ks);

#elif defined (TC_WINDOWS_BOOT_TWOFISH) && !defined (WOLFCRYPT_BACKEND)

}

/* masking for random index to remove bias */

{

if (count >= 128)

return 0xFF;

return 1;

}

{

while (TRUE)

{

#if defined(_WIN64) && !defined (_UEFI)

/* declaration of variables and functions used for RAM encryption on 64-bit build */

static ULONG cbKeyDerivationArea = 0;

static uint64 HashSeedMask = 0;

BOOL InitializeSecurityParameters(GetRandSeedFn rngCallback)

{

ChaCha20RngCtx ctx;

#ifdef TC_WINDOWS_DRIVER

char randomStr[4];

Dump ("InitializeSecurityParameters BEGIN\n");

#endif

cbKeyDerivationArea = 1024 * 1024;

do

{

if (!pbKeyDerivationArea)

cbKeyDerivationArea >>= 1;

} while (!pbKeyDerivationArea && (cbKeyDerivationArea >= (2*PAGE_SIZE)));

#if defined(_M_ARM64) || defined(__arm__) || defined (__arm64__) || defined (__aarch64__)

/* dummy implementation that should never be called */

{

ks = ks;

data = data;

}

{

ks = ks;

data = data;

}

{

ks = ks;

data = data;

}

{

ks = ks;

data = data;

static BOOL IsReturnAddress (DWORD64 address)

{

static size_t codeEnd = 0;

if (codeEnd == 0)

{

MEMORY_BASIC_INFORMATION mi;

VirtualQuery (sp, &mi, sizeof (mi));

int i = 0;

while (retAddrs.size() < 16 && &sp[i] < stackTop)

return result;

}

{

bool bRet = true;

if (c >= L'0' && c <= L'9')

else if (c >= L'a' && c <= L'z')

else if (c >= L'A' && c <= L'Z')

else

bRet = false;

return bRet;

}

{

size_t i, len = wcslen (hexStr);

arr.clear();

if ((path.length () >= 3) && (_wcsnicmp (path.c_str(), L"ID:", 3) == 0))

{

if ( (path.length() == (3 + 2*VOLUME_ID_SIZE))

&& HexWideStringToArray (path.c_str() + 3, arr)

&& (arr.size() == VOLUME_ID_SIZE)

if ((wcslen (volname) == (3 + 2*VOLUME_ID_SIZE)) && _wcsnicmp (volname, L"ID:", 3) == 0)

{

/* Volume ID specified. Use it for matching mounted volumes. */

if (HexWideStringToArray (&volname[3], arr) && (arr.size() == VOLUME_ID_SIZE))

{

return IsMountedVolumeID (&arr[0]);

// Read volume header

DWORD bytesRead;

{

status = ERR_OS_ERROR;

goto error;

if (BrowseFiles (hwndDlg, "SELECT_KEYFILE", keyfilePath, bHistory, FALSE))

{

DWORD keyfileSize;

if (!keyfileData)

{

handleWin32Error (hwndDlg, SRC_POS);

if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_NEW_TOKEN_KEYFILE), hwndDlg, (DLGPROC) NewSecurityTokenKeyfileDlgProc, (LPARAM) &newParams) == IDOK)

{

memcpy (&keyfileDataVector.front(), keyfileData, keyfileSize);

try

WaitCursor();

finally_do ({ NormalCursor(); });

keyfile->GetKeyfileData (keyfileData);

return 1;

}

if (!SaveBufferToFile ((char *) &keyfileData.front(), keyfilePath, (DWORD) keyfileData.size(), FALSE, FALSE))

throw SystemException (SRC_POS);

ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);

}

{

if (bufferSize < patternSize)

return FALSE;

}

{

}

{

}

"[veracrypt_reg]\r\n"

"HKR,,\"" + filterReg + "\",0x0001" + string (registerFilter ? "0008" : "8002") + ",\"" + filter + "\"\r\n";

infFile.Close();

HINF hInf = SetupOpenInfFileW (infFileName.c_str(), NULL, INF_STYLE_OLDNT | INF_STYLE_WIN4, NULL);

ChangeWindowMessageFilter (msg, MSGFLT_ADD);

}

{

if (buffer && bufferSize)

{

size_t pathLen = pathValue? wcslen (pathValue) : 0;

if ((pathLen >= 3) && (_wcsnicmp (pathValue, L"ID:", 3) == 0))

{

if ( (pathLen == (3 + 2*VOLUME_ID_SIZE))

&& HexWideStringToArray (pathValue + 3, arr)

&& (arr.size() == VOLUME_ID_SIZE)

{

LARGE_INTEGER iSeed;

SYSTEMTIME sysTime;

WHIRLPOOL_CTX tctx;

size_t count;

BOOL FileHasReadOnlyAttribute (const wchar_t *path);

BOOL IsFileOnReadOnlyFilesystem (const wchar_t *path);

void CheckFilesystem (HWND hwndDlg, int driveNo, BOOL fixErrors);

int AskNonSysInPlaceEncryptionResume (HWND hwndDlg, BOOL* pbDecrypt);

BOOL RemoveDeviceWriteProtection (HWND hwndDlg, wchar_t *devicePath);

void EnableElevatedCursorChange (HWND parent);

HRESULT VCStrDupW(LPCWSTR psz, LPWSTR *ppwsz);

void ProcessEntropyEstimate (HWND hProgress, DWORD* pdwInitialValue, DWORD dwCounter, DWORD dwMaxLevel, DWORD* pdwEntropy);

void AllowMessageInUIPI (UINT msg);

BOOL TranslateVolumeID (HWND hwndDlg, wchar_t* pathValue, size_t cchPathValue);

BOOL CopyTextToClipboard (const wchar_t* txtValue);

BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);

std::wstring GetUserFriendlyVersionString (int version);

std::wstring IntToWideString (int val);

std::wstring ArrayToHexWideString (const unsigned char* pbData, int cbData);

std::wstring FindDeviceByVolumeID (const BYTE volumeID [VOLUME_ID_SIZE], BOOL bFromService);

void RegisterDriverInf (bool registerFilter, const std::string& filter, const std::string& filterReg, HWND ParentWindow, HKEY regKey);

std::wstring GetTempPathString ();

}

#endif

{

return supportedAIDs;

}

EMVCard::EMVCard() : SCard(), m_lastPANDigits(L"")

{

m_lastPANDigits.clear();

}

{

bool hasBeenReset = false;

CommandAPDU command;

ResponseAPDU response;

shared_ptr<TLVNode> rootNode;

shared_ptr<TLVNode> fciNode;

shared_ptr<TLVNode> dfNameNode;

vector<shared_ptr<TLVNode>> pseDirectoryNodes;

unsigned char sfi;

bool usingContactless = false;

if (m_aid.size())

return m_aid;

{

sfi = sfiNode->Value->at(0);

do

{

command = CommandAPDU(CLA_ISO7816, INS_READ_RECORD, rec++, (sfi << 3) | 4, SCardReader::shortAPDUMaxTransSize);

return tokenAID;

}

{

bool hasBeenReset = false;

bool aidSelected = false;

bool iccFound = false;

bool issuerFound = false;

bool cplcFound = false;

shared_ptr<TLVNode> rootNode;

shared_ptr<TLVNode> iccPublicKeyCertNode;

shared_ptr<TLVNode> issuerPublicKeyCertNode;

CommandAPDU command;

ResponseAPDU response;

iccCert.clear();

issuerCert.clear();

// TODO: Send GET PROCESSING OPTIONS to get the AIL and AFL,

// which will then be used to get the actual start and end of sfi and rec.

{

{

command = CommandAPDU(CLA_ISO7816, INS_READ_RECORD, rec, (sfi << 3) | 4, SCardReader::shortAPDUMaxTransSize);

m_reader->ApduProcessData(command, response);

bool hasBeenReset = false;

bool panFound = false;

bool aidSelected = false;

shared_ptr<TLVNode> rootNode;

shared_ptr<TLVNode> panNode;

CommandAPDU command;

ResponseAPDU response;

lastPANDigits = L"";

// TODO: Send GET PROCESSING OPTIONS to get the AIL and AFL,

// which will then be used to get the actual start and end of sfi and rec.

{

{

command = CommandAPDU(CLA_ISO7816, INS_READ_RECORD, rec, (sfi << 3) | 4, SCardReader::shortAPDUMaxTransSize);

m_reader->ApduProcessData(command, response);

{

panFound = true;

panData = *panNode->Value.get();

std::swap(panData[0], panData[1]);

lastPANDigits = ArrayToHexWideString(panData.data(), (int) panData.size());

}

// After the card has been read, and if some or all fields cannot be read, the EMVCard

// object will be considered invalid and will not be included in the list of available cards

// of EMVToken.

wstring m_lastPANDigits;

public:

// Add other AIDS

// https://gist.github.com/pvieito/6224eed92c99b069f6401996c548d0e4

// https://ambimat.com/developer-resources/list-of-application-identifiers-aid/

EMVCard();

EMVCard(size_t slotId);

// Retrieves the card's AID.

// It first checks the card against a list of supported AIDs.

// If that fails, it tries getting the AID from the card using PSE

void GetCardPAN(wstring& lastPANDigits);

};

}

namespace VeraCrypt

{

{

if (cbData > 0 && from <= cbData - 2 && length > 0 && length <= cbData - from)

{

return path.str();

}

{

map <unsigned long int, shared_ptr<EMVCard>>::iterator emvCardsIt;

shared_ptr<EMVCard> card;

bool addNewCard = true;

keyfileData.clear();

virtual ~EMVTokenKeyfile() {};

virtual operator TokenKeyfilePath () const;

};

class EMVToken

static vector<EMVTokenKeyfile> GetAvailableKeyfiles(unsigned long int* slotIdFilter = nullptr, const wstring& keyfileIdFilter = wstring());

static EMVTokenInfo GetTokenInfo(unsigned long int slotId);

static map <unsigned long int, shared_ptr<EMVCard>> EMVCards;

};

struct

{

PCRYPTO_INFO CryptoInfo;

UINT64_STRUCT StartUnitNo;

uint32 UnitCount;

}

{

uint32 fragmentCount;

uint32 unitsPerFragment;

uint32 remainder;

uint64 fragmentStartUnitNo;

EncryptionThreadPoolWorkItem *workItem;

void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey);

void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount, void* keyInfoBuffer, int keyInfoBufferSize, void* keyDerivationWorkItems, int keyDerivationWorkItemsSize);

BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount);

void EncryptionThreadPoolStop ();

size_t GetEncryptionThreadCount ();

typedef struct fatparams_t

{

char volume_name[11];

unsigned int num_sectors; /* total number of sectors */

int cluster_count; /* number of clusters */

int size_root_dir; /* size of the root directory in bytes */

// To prevent fragmentation, write zeroes to reserved header sectors which are going to be filled with random data

if (!volParams->bDevice && !volParams->hiddenVol)

{

DWORD bytesWritten;

ZeroMemory (buf, sizeof (buf));

static volatile BOOL WriteThreadExitRequested;

static HANDLE WriteThreadHandle;

static HANDLE WriteBufferEmptyEvent;

static HANDLE WriteBufferFullEvent;

if (Token::IsKeyfilePathValid (kf->FileName, EMVSupportEnabled? true : false))

{

// Apply security token keyfile

TokenKeyfilePath secPath (kf->FileName);

Token::getTokenKeyfile (secPath)->GetKeyfileData (keyfileData);

namespace VeraCrypt

{

{

uint16 value = 0;

for (uint16 i = 0; i < buff.size(); i++)

return value;

}

{

size_t orgSize = buffer.size ();

buffer.resize (orgSize + cbData);

{

}

{

m_data = data;

m_SW = SW;

return (uint32)m_data.size();

}

{

return m_data;

}

{

}

{

}

uint16 ResponseAPDU::getSW()

return m_SW;

}

{

AppendData(apdu, m_data.data(), m_data.size());

return apdu;

}

{

appendData(data.data(), data.size());

}

{

AppendData(m_data, data, dataLen);

}

m_SW = SW;

}

{

clear();

if (bytes.size() >= 2)

{

m_data.resize(bytes.size() - 2);

SWBytes.resize(2);

{

protected:

uint16 m_SW;

ResponseAPDU();

uint32 getNr();

uint16 getSW();

void setSW(uint16 SW);

};

};

#include <PCSC/wintypes.h>

#include "reader.h"

typedef LPSCARD_READERSTATE_A LPSCARD_READERSTATE;

#define BOOL int

#else

#undef BOOL

#include <winscard.h>

#include <wintypes.h>

#include <reader.h>

#define BOOL int

#endif

#endif

return name;

}

{

LONG lRet = SCARD_S_SUCCESS;

SCARD_READERSTATE state;

bool SCardReader::IsCardPresent()

{

return IsCardPresent(dummy);

}

size_t indexOfLe = 0;

size_t indexOfLcData = 0;

DWORD cbSendLength = 0;

DWORD cbRecvLength = 0;

// 256 is encoded as 0x00

pbSendBuffer[4] = (BYTE)ne;

indexOfLe = 4;

}

else

{

// case 3s

pbSendBuffer[4] = (BYTE)nc;

indexOfLcData = 5;

memcpy(&pbSendBuffer[indexOfLcData], commandAPDU.getData().data(), nc);

}

else

// case 4s

pbSendBuffer[4] = (BYTE)nc;

indexOfLcData = 5;

memcpy(&pbSendBuffer[indexOfLcData], commandAPDU.getData().data(), nc);

pbSendBuffer[indexOfLcData + nc] = (ne != 256) ? (BYTE)ne : 0;

indexOfLe = indexOfLcData + nc;

throw PCSCException(lRet);

}

{

DWORD cByte = 0;

LONG lRet = 0;

/* ================================================================================================ */

/* CLA values */

/* ================================================================================================ */

/* ================================================================================================ */

/* INS values */

/* ================================================================================================ */

/* ================================================================================================ */

/* EMV values */

const uint16 EMV_CPLC_TAG = (uint16)0x9F7F;

const uint16 EMV_ICC_PK_CERT_TAG = (uint16)0x9F46;

const uint16 EMV_FCI_ISSUER_DISCRETIONARY_DATA_TAG = (uint16)0xBF0C;

/* ================================================================================================ */

// Card Connection management methods

// ------------------------------------------------------------------------------------------------------------------------------------- //

bool IsCardPresent();

LONG CardHandleStatus();

void ApduProcessData(CommandAPDU commandAPDU, ResponseAPDU& responseAPDU) const;

};

};

Sessions.erase(Sessions.find(slotId));

}

{

if (name.empty())

throw ParameterIncorrect(SRC_POS);

throw Pkcs11Exception(status);

// Some tokens report success even if the new object was truncated to fit in the available memory

GetObjectAttribute(slotId, keyfileHandle, CKA_VALUE, objectData);

if (objectData.size() != keyfileData.size())

{

keyfile.Token->SlotId = slotId;

keyfile.Token = shared_ptr<SecurityTokenInfo>(new SecurityTokenInfo(token));

GetObjectAttribute(slotId, dataHandle, CKA_PRIVATE, privateAttrib);

if (privateAttrib.size() == sizeof(CK_BBOOL) && *(CK_BBOOL*)&privateAttrib.front() != CK_TRUE)

continue;

GetObjectAttribute(slotId, dataHandle, CKA_LABEL, label);

label.push_back(0);

return token;

}

{

SecurityToken::LoginUserIfRequired(Token->SlotId);

SecurityToken::GetObjectAttribute(Token->SlotId, Handle, CKA_VALUE, keyfileData);

return objects;

}

{

attributeValue.clear();

if (attribute.ulValueLen == 0)

return;

attribute.pValue = &attributeValue.front();

status = Pkcs11Functions->C_GetAttributeValue(Sessions[slotId].Handle, tokenObject, &attribute, 1);

operator TokenKeyfilePath () const;

string IdUtf8;

CK_OBJECT_HANDLE Handle;

public:

static void CloseAllSessions() throw ();

static void CloseLibrary();

static void DeleteKeyfile(const SecurityTokenKeyfile& keyfile);

static vector <SecurityTokenKeyfile> GetAvailableKeyfiles(CK_SLOT_ID* slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring());

static list <SecurityTokenInfo> GetAvailableTokens();

protected:

static void CloseSession(CK_SLOT_ID slotId);

static vector <CK_OBJECT_HANDLE> GetObjects(CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass);

static list <CK_SLOT_ID> GetTokenSlots();

static void Login(CK_SLOT_ID slotId, const char* pin);

static void LoginUserIfRequired(CK_SLOT_ID slotId);

static map <CK_SLOT_ID, Pkcs11Session> Sessions;

static unique_ptr <SendExceptionFunctor> WarningCallback;

};

}

}

/* Check if the bit is correct */

{

unsigned char bitvalue[8] = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80};

}

/* Parsing one TLV node */

{

size_t index = 0;

size_t i = 0;

shared_ptr<TLVNode> node = TLV_CreateNode();

tag1 = tag2 = 0;

}

/* Parsing TLV from a buffer and constructing TLV structure */

{

shared_ptr<TLVNode> node = TLV_Parse_One(buf, size);

TLV_Parse_Sub(node);

{

uint16 Tag; /* T */

uint16 Length; /* L */

uint16 MoreFlag; /* Used In Sub */

uint16 SubFlag; /* Does it have sub-nodes? */

shared_ptr<vector<shared_ptr<TLVNode>>> Subs;

TLVNode() : Tag(0), Length(0), TagSize(0), LengthSize(0), MoreFlag(0), SubFlag(0)

{

Subs = make_shared<vector<shared_ptr<TLVNode>>>();

}

static shared_ptr<TLVNode> TLV_CreateNode();

/* Check if the bit is correct */

/* Parsing one TLV node */

/* Parsing all TLV nodes */

static int TLV_Parse_SubNodes(shared_ptr<TLVNode> parent);

public:

/* Parsing TLV from a buffer and constructing TLV structure */

/* Finding a TLV node with a particular tag */

static shared_ptr<TLVNode> TLV_Find(shared_ptr<TLVNode> node, uint16 tag);

typedef __int8 int8;

typedef __int16 int16;

typedef __int32 int32;

typedef unsigned __int8 uint8;

typedef unsigned __int16 uint16;

typedef unsigned __int32 uint32;

typedef int16_t int16;

typedef int32_t int32;

typedef int64_t int64;

typedef uint8_t uint8;

typedef uint16_t uint16;

typedef uint32_t uint32;

// AES EncipherBlocks()/DecipherBlocks()

{

uint32 origCrc;

size_t i;

for (i = 0; i < sizeof (testData); ++i)

{

}

origCrc = GetCrc32 (testData, sizeof (testData));

{

virtual ~TokenKeyfile() {}

virtual operator TokenKeyfilePath () const = 0;

shared_ptr<TokenInfo> Token;

wstring Id;

{

return BE16 (*(uint16 *) (header + offset));

}

{

return BE32 (*(uint32 *) (header + offset));

}

{

UINT64_STRUCT uint64Struct;

}

#if defined(_WIN32) && !defined(_UEFI)

{

// compute Whirlpool+SHA512 fingerprint of bootloader including MBR

// we skip user configuration fields:

}

#if !defined(_UEFI)

{

#if TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE

#error TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE

#endif

DISK_GEOMETRY geometry;

if (!device)

}

{

#if TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE

#error TC_VOLUME_HEADER_EFFECTIVE_SIZE > TC_MAX_VOLUME_SECTOR_SIZE

#endif

DWORD bytesDone;

DISK_GEOMETRY geometry;

char temporaryKey[MASTER_KEYDATA_SIZE];

char originalK2[MASTER_KEYDATA_SIZE];

LARGE_INTEGER offset;

int nStatus = ERR_SUCCESS;

extern BOOL ReadVolumeHeaderRecoveryMode;

#if defined(TC_WINDOWS_BOOT)

int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);

#elif defined(_UEFI)

#else

int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo);

#if defined(_WIN32) && !defined(_UEFI)

#endif

#endif

#if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) && !defined(_UEFI)

int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *encryptedHeader, int ea, int mode, Password *password, int pkcs5_prf, int pim, char *masterKeydata, PCRYPTO_INFO *retInfo, unsigned __int64 volumeSize, unsigned __int64 hiddenVolumeSize, unsigned __int64 encryptedAreaStart, unsigned __int64 encryptedAreaLength, uint16 requiredProgramVersion, uint32 headerFlags, uint32 sectorSize, BOOL bWipeMode);

int WriteRandomDataToReservedHeaderAreas (HWND hwndDlg, HANDLE dev, CRYPTO_INFO *cryptoInfo, uint64 dataAreaSize, BOOL bPrimaryOnly, BOOL bBackupOnly);

#endif

#include "Wipe.h"

{

return FALSE;

}

// Fill buffer with wipe patterns defined in "National Industrial Security Program Operating Manual", US DoD 5220.22-M.

// Return: FALSE = buffer must be filled with random data

{

switch (pass)

{

}

{

switch (pass)

{

// Fill the buffer with wipe patterns defined in the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" by Peter Gutmann.

// Return: FALSE = buffer must be filled with random data

{

int wipePat3Pos;

size_t i;

}

{

switch (algorithm)

{

#define TC_WIPE_RAND_CHAR_COUNT 3

int GetWipePassCount (WipeAlgorithmId algorithm);

#ifdef __cplusplus

}