VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/ExpandVolume/ExpandVolume.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/ExpandVolume/ExpandVolume.c')
-rw-r--r--src/ExpandVolume/ExpandVolume.c118
1 files changed, 91 insertions, 27 deletions
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index ec78a36f..712d23a3 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -37,6 +37,7 @@
#include "InitDataArea.h"
#include "ExpandVolume.h"
#include "Resource.h"
+#include <strsafe.h>
#ifndef SRC_POS
#define SRC_POS (__FUNCTION__ ":" TC_TO_STRING(__LINE__))
@@ -104,7 +105,7 @@ int MountVolTemp (HWND hwndDlg, wchar_t *volumePath, int *driveNo, Password *pas
mountOptions.PartitionInInactiveSysEncScope = FALSE;
mountOptions.UseBackupHeader = FALSE;
- if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5, pim, FALSE, FALSE, FALSE, TRUE, &mountOptions, FALSE, FALSE) < 1)
+ if (MountVolume (hwndDlg, *driveNo, volumePath, password, pkcs5, pim, FALSE, FALSE, TRUE, &mountOptions, FALSE, FALSE) < 1)
{
*driveNo = -3;
return ERR_VOL_MOUNT_FAILED;
@@ -389,7 +390,7 @@ int ExtendFileSystem (HWND hwndDlg , wchar_t *lpszVolume, Password *pVolumePassw
// mount and resize file system
- DebugAddProgressDlgStatus (hwndDlg, L"Mounting volume ...\r\n");
+ DebugAddProgressDlgStatus (hwndDlg, GetString("EXPANDER_MOUNTING_VOLUME"));
nStatus=MountVolTemp(hwndDlg, lpszVolume, &driveNo, pVolumePassword, VolumePkcs5, VolumePim);
if (nStatus!=ERR_SUCCESS)
@@ -441,7 +442,13 @@ int ExtendFileSystem (HWND hwndDlg , wchar_t *lpszVolume, Password *pVolumePassw
goto error;
}
- DebugAddProgressDlgStatus (hwndDlg, L"Extending file system ...\r\n");
+ if ((BytesPerSector == 0) || (BytesPerSector > (DWORD)INT_MAX))
+ {
+ nStatus = ERR_SECTOR_SIZE_INCOMPATIBLE;
+ goto error;
+ }
+
+ DebugAddProgressDlgStatus (hwndDlg, GetString("EXPANDER_EXTENDING_FILESYSTEM"));
// extend volume
nStatus = FsctlExtendVolume(szVolumeGUID, newDataAreaSize/BytesPerSector );
@@ -452,7 +459,7 @@ error:
if (driveNo>=0)
{
- DebugAddProgressDlgStatus (hwndDlg, L"Unmounting volume ...\r\n");
+ DebugAddProgressDlgStatus (hwndDlg, GetString("EXPANDER_UNMOUNTING_VOLUME"));
UnmountVolume (hwndDlg, driveNo, TRUE);
}
@@ -501,6 +508,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO cryptoInfo = NULL, ci = NULL;
void *dev = INVALID_HANDLE_VALUE;
DWORD dwError;
+ DWORD bytesRead;
BOOL bDevice;
uint64 hostSize=0, newDataAreaSize, currentVolSize;
DWORD HostSectorSize;
@@ -512,6 +520,11 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
BOOL backupHeader;
byte *wipeBuffer = NULL;
uint32 workChunkSize = TC_VOLUME_HEADER_GROUP_SIZE;
+#ifdef _WIN64
+ CRYPTO_INFO tmpCI;
+ PCRYPTO_INFO cryptoInfoBackup = NULL;
+ BOOL bIsRamEncryptionEnabled = IsRamEncryptionEnabled();
+#endif
if (pVolumePassword->Length == 0) return -1;
@@ -521,7 +534,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (bDevice == FALSE)
{
- wcscpy (szCFDevice, szDiskFile);
+ StringCchCopyW (szCFDevice, ARRAYSIZE(szCFDevice), szDiskFile);
}
else
{
@@ -535,6 +548,27 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (dev == INVALID_HANDLE_VALUE)
goto error;
+ else if (!bDevice && bPreserveTimestamp)
+ {
+ // ensure that Last Access and Last Time timestamps are not modified
+ // in order to preserve plausible deniability of hidden volumes (last password change time is stored in the volume header).
+ ftLastAccessTime.dwHighDateTime = 0xFFFFFFFF;
+ ftLastAccessTime.dwLowDateTime = 0xFFFFFFFF;
+
+ SetFileTime (dev, NULL, &ftLastAccessTime, NULL);
+
+ /* Remember the container modification/creation date and time, (used to reset file date and time of
+ file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
+ of hidden volumes (last password change time is stored in the volume header). */
+
+ if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
+ {
+ bTimeStampValid = FALSE;
+ MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
+ }
+ else
+ bTimeStampValid = TRUE;
+ }
if (bDevice)
{
@@ -628,20 +662,6 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- if (!bDevice && bPreserveTimestamp)
- {
- /* Remember the container modification/creation date and time, (used to reset file date and time of
- file-hosted volumes after password change (or attempt to), in order to preserve plausible deniability
- of hidden volumes (last password change time is stored in the volume header). */
-
- if (GetFileTime ((HANDLE) dev, &ftCreationTime, &ftLastAccessTime, &ftLastWriteTime) == 0)
- {
- bTimeStampValid = FALSE;
- MessageBoxW (hwndDlg, GetString ("GETFILETIME_FAILED_PW"), lpszTitle, MB_OK | MB_ICONEXCLAMATION);
- }
- else
- bTimeStampValid = TRUE;
- }
// Seek the volume header
headerOffset.QuadPart = TC_VOLUME_HEADER_OFFSET;
@@ -653,8 +673,13 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
}
/* Read in volume header */
- nStatus = _lread ((HFILE) dev, buffer, sizeof (buffer));
- if (nStatus != sizeof (buffer))
+ if (!ReadEffectiveVolumeHeader (bDevice, dev, buffer, &bytesRead))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ if (bytesRead != sizeof (buffer))
{
// Windows may report EOF when reading sectors from the last cluster of a device formatted as NTFS
memset (buffer, 0, sizeof (buffer));
@@ -662,7 +687,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
/* Try to decrypt the header */
- nStatus = ReadVolumeHeader (FALSE, buffer, pVolumePassword, VolumePkcs5, VolumePim, FALSE, &cryptoInfo, NULL);
+ nStatus = ReadVolumeHeader (FALSE, buffer, pVolumePassword, VolumePkcs5, VolumePim, &cryptoInfo, NULL);
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
@@ -673,7 +698,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
}
#ifdef _WIN64
- if (IsRamEncryptionEnabled())
+ if (bIsRamEncryptionEnabled)
{
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
}
@@ -799,7 +824,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- DebugAddProgressDlgStatus(hwndDlg, L"Writing random data to new space ...\r\n");
+ DebugAddProgressDlgStatus(hwndDlg, GetString ("EXPANDER_WRITING_RANDOM_DATA"));
SetFormatSectorSize(HostSectorSize);
nStatus = FormatNoFs (hwndDlg, startSector, num_sectors, dev, cryptoInfo, FALSE);
@@ -840,9 +865,20 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
while ( !cryptoInfo->LegacyVolume )
{
if (backupHeader)
- DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted backup header ...\r\n");
+ DebugAddProgressDlgStatus(hwndDlg, GetString("EXPANDER_WRITING_ENCRYPTED_BACKUP"));
else
- DebugAddProgressDlgStatus(hwndDlg, L"Writing re-encrypted primary header ...\r\n");
+ DebugAddProgressDlgStatus(hwndDlg, GetString("EXPANDER_WRITING_ENCRYPTED_PRIMARY"));
+
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
// Prepare new volume header
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
@@ -863,6 +899,15 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
cryptoInfo->SectorSize,
FALSE ); // use slow poll
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
+
if (ci != NULL)
crypto_close (ci);
@@ -894,7 +939,26 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
PCRYPTO_INFO dummyInfo = NULL;
LARGE_INTEGER hiddenOffset;
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ VirtualLock (&tmpCI, sizeof (CRYPTO_INFO));
+ memcpy (&tmpCI, cryptoInfo, sizeof (CRYPTO_INFO));
+ VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
+ cryptoInfoBackup = cryptoInfo;
+ cryptoInfo = &tmpCI;
+ }
+#endif
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, newDataAreaSize, !backupHeader, backupHeader);
+#ifdef _WIN64
+ if (bIsRamEncryptionEnabled)
+ {
+ cryptoInfo = cryptoInfoBackup;
+ burn (&tmpCI, sizeof (CRYPTO_INFO));
+ VirtualUnlock (&tmpCI, sizeof (CRYPTO_INFO));
+ }
+#endif
if (nStatus != ERR_SUCCESS)
goto error;
@@ -974,7 +1038,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
goto error;
}
- DebugAddProgressDlgStatus(hwndDlg, L"Wiping old backup header ...\r\n");
+ DebugAddProgressDlgStatus(hwndDlg, GetString("EXPANDER_WIPING_OLD_HEADER"));
wipeBuffer = (byte *) TCalloc (workChunkSize);
if (!wipeBuffer)