cli.c

完美的虚拟加密文件系统程序。可以加密硬盘、优盘等

		ret = FALSE;
		goto err;
	}

	// Volume
	f = fopen (volumePath, "rb");
	if (!f)
	{
		perror ("Cannot open volume");
		goto err;
	}

	if (fread (header, 1, HEADER_SIZE, f) != HEADER_SIZE)
	{
		perror ("Cannot read volume header");
		goto err;
	}
	
	if (fseek (f, -HIDDEN_VOL_HEADER_OFFSET, SEEK_END) == -1)
	{
		perror ("Cannot seek to hidden volume header location");
		goto err;
	}

	if (fread (header + HEADER_SIZE, 1, HEADER_SIZE, f) != HEADER_SIZE)
	{
		perror ("Cannot read hidden volume header");
		goto err;
	}

	// Backup file
	fb = fopen (backupFile, "wb");
	if (!fb)
	{
		perror ("Cannot open backup file");
		goto err;
	}

	if (fwrite (header, 1, HEADER_SIZE * 2, fb) != HEADER_SIZE * 2)
	{
		perror ("Cannot write backup file");
		goto err;
	}

	ret = TRUE;

err:
	if (f)
		fclose (f);
	if (f)
		fclose (fb);

	if (!UpdateTime && volumeStat.st_mtime != 0)
		RestoreFileTime (volumePath, volumeStat.st_mtime, volumeStat.st_atime);

	return ret;
}


static BOOL RestoreVolumeHeader (char *backupFile, char *volumePath)
{
	char path[MAX_PATH];
	char header[HEADER_SIZE];
	FILE *f = NULL, *fb = NULL;
	struct stat volumeStat;
	int ret = FALSE;
	BOOL hiddenVolume;

	DropEffectiveUserId ();

	// Backup file
	fb = fopen (backupFile, "rb");
	if (!fb)
	{
		perror ("Cannot open backup file");
		goto err;
	}

	// Volume path
	volumePath = AskVolumePath (volumePath, "Enter volume path");

	if (strcmp (backupFile, volumePath) == 0)
	{
		error ("Volume path identical to backup file\n");
		goto err;
	}

	// Volume type
	switch (VolumeType)
	{
	case VOLUME_TYPE_NORMAL:
		hiddenVolume = FALSE;
		break;

	case VOLUME_TYPE_HIDDEN:
		hiddenVolume = TRUE;
		Quick = TRUE;
		break;

	default:
		puts ("Restore headear of:\n 1) Normal/Outer Volume\n 2) Hidden Volume");
		hiddenVolume = AskSelection (1, 1, 2) == 2;
		break;
	}

	volumeStat.st_mtime = 0;
	if (IsFile (volumePath) && stat (volumePath, &volumeStat) != 0)
	{
		perror ("Cannot read volume's modification and access time");
		volumeStat.st_mtime = 0;
		goto err;
	}

	f = fopen (volumePath, "r+b");
	if (!f)
	{
		perror ("Cannot open volume");
		goto err;
	}

	if (hiddenVolume)
	{

		if (fseek (fb, HEADER_SIZE, SEEK_SET) == -1)
		{
			perror ("Cannot seek to hidden volume header location in backup file");
			goto err;
		}

		if (fseek (f, -HIDDEN_VOL_HEADER_OFFSET, SEEK_END) == -1)
		{
			perror ("Cannot seek to hidden volume header location");
			goto err;
		}
	}

	if (fread (header, 1, HEADER_SIZE, fb) != HEADER_SIZE)
	{
		perror ("Cannot read backup file");
		goto err;
	}

	if (fwrite (header, 1, HEADER_SIZE, f) != HEADER_SIZE)
	{
		perror ("Cannot write volume header");
		goto err;
	}

	ret = TRUE;

err:
	if (f)
		fclose (f);
	if (f)
		fclose (fb);

	if (!UpdateTime && volumeStat.st_mtime != 0)
		RestoreFileTime (volumePath, volumeStat.st_mtime, volumeStat.st_atime);

	return ret;
}


static BOOL CreateKeyfile (char *path)
{
	uint8_t keyFile[MAX_PASSWORD];
	FILE *f;

	DropEffectiveUserId ();

	RandBytesFillRequired (sizeof (keyFile));
	if (!RandgetBytes (keyFile, sizeof (keyFile), FALSE))
		return FALSE;

	f = fopen (path, "wb");
	if (!f)
	{
		perror ("Cannot open file");
		return FALSE;
	}

	if (fwrite (keyFile, 1, sizeof (keyFile), f) != sizeof (keyFile))
	{
		perror ("Cannot write file");
		fclose (f);
		return FALSE;
	}

	fclose (f);
	puts ("Keyfile created.");
	return TRUE;
}


static time_t WindowsFileTime2UnixTime (uint64_t wTime)
{
	return (time_t) (wTime / 1000LL / 1000 / 10 - 134774LL * 24 * 3600);
}


static BOOL DumpVolumeProperties (char *volumePath)
{
	uint64_t startSector, totalSectors;
	time_t modTime = 0, acTime;
	PCRYPTO_INFO ci = NULL;
	BOOL ret = FALSE;
	char eaName[256], timeBuf[256], timeBuf2[256];
	int keySize;
	time_t volCTime, headerMTime;

	volumePath = AskVolumePath (volumePath, "Enter volume path");

	if (!OpenVolume (volumePath, "Enter password for '%s': ", volumePath, FALSE,
		&ci, &startSector, &totalSectors, &modTime, &acTime))
		goto err;

	EAGetName (eaName, ci->ea);

	keySize = EAGetKeySize (ci->ea);	
	if (strcmp (eaName, "Triple DES") == 0)
		keySize -= 3; // Compensate for parity bytes

	volCTime = WindowsFileTime2UnixTime (ci->volume_creation_time);
	headerMTime = WindowsFileTime2UnixTime (ci->header_creation_time);

	printf ("%sVolume properties:\n"
		" Location: %s\n"
		" Size: %lld bytes\n"
		" Type: %s\n"
		" Encryption algorithm: %s\n"
		" Key size: %d bits\n"
		" Block size: %d bits\n"
		" Mode of operation: %s\n"
		" PKCS-5 PRF: %s\n"
		" PKCS-5 iteration count: %d\n"
		" Volume created: %s"
		" Header modified: %s"
		,
		CmdPasswordValid ? "" : "\n",
		volumePath,
		totalSectors * SECTOR_SIZE,
		ci->hiddenVolumeSize == 0 ? "Normal" : "Hidden",
		eaName,
		keySize * 8,
		CipherGetBlockSize (EAGetFirstCipher(ci->ea)) * 8,
		EAGetModeName (ci->ea, ci->mode, TRUE),
		get_pkcs5_prf_name (ci->pkcs5),
		ci->noIterations,
		ctime_r (&volCTime, timeBuf),
		ctime_r (&headerMTime, timeBuf2)
		);

	ret = TRUE;
err:
	if (ci != NULL)
		crypto_close (ci);

	if (!UpdateTime && modTime != 0)
		RestoreFileTime (volumePath, modTime, acTime);

	return ret;
}


static void DumpVersion (FILE *f)
{
	fprintf (f, 
"truecrypt %s\n\n"
"Copyright (C) 2004-2006 TrueCrypt Foundation. All Rights Reserved.\n\
Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.\n\
Copyright (C) 2004 TrueCrypt Team. All Rights Reserved.\n\
Copyright (C) 1999-2005 Dr. Brian Gladman. All Rights Reserved.\n\
Copyright (C) 1995-1997 Eric Young. All Rights Reserved.\n\
Copyright (C) 2001 Markus Friedl. All Rights Reserved.\n\n"
	, VERSION_STRING);
}


static void DumpUsage (FILE *f)
{
	fprintf (f,
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
"   or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
"   or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
"   or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
"   or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
"   or: truecrypt --keyfile-create FILE\n"
"   or: truecrypt -h | --help | --test | -V | --version\n"
"\nCommands:\n"
" VOLUME_PATH                         Map volume\n"
" VOLUME_PATH MOUNT_DIRECTORY         Map and mount volume\n"
"     --backup-headers FILE [VOLUME]  Backup headers of VOLUME to FILE\n"
" -c, --create [VOLUME_PATH]          Create a new volume\n"
" -C, --change [VOLUME_PATH]          Change password/keyfile(s)\n"
" -d, --dismount [MAPPED_VOLUME]      Dismount and unmap volume\n"
" -h, --help                          Display detailed help\n"
"     --keyfile-create FILE           Create a new keyfile\n"
" -l, --list [MAPPED_VOLUME]          List mapped volumes\n"
"     --properties [VOLUME_PATH]      Display properties of volume\n"
"     --restore-headers FILE [VOLUME] Restore header of VOLUME from FILE\n"
"     --test                          Test algorithms\n"
" -V, --version                       Display version information\n"
"\nOptions:\n"
"     --cluster SIZE                  Cluster size\n"
"     --display-keys                  Display encryption keys\n"
"     --display-password              Display password while typing\n"
"     --disable-progress              Disable progress display\n"
"     --encryption EA                 Encryption algorithm\n"
"     --filesystem TYPE               Filesystem type to mount\n"
"     --hash HASH                     Hash algorithm\n"
" -k, --keyfile FILE|DIR              Keyfile for volume\n"
"     --keyfile-add FILE|DIR          New keyfile for volume\n"
" -K, --keyfile-protected FILE|DIR    Keyfile for protected volume\n"
" -M, --mount-options OPTIONS         Mount options\n"
" -N, --device-number NUMBER          Map volume as device number\n"
" -p, --password PASSWORD             Password for volume\n"
"     --password-tries NUMBER         Password entry tries\n"
" -P, --protect-hidden                Protect hidden volume\n"
"     --quick                         Use quick format\n"
"     --update-time                   Do not preserve timestamps\n"
" -r, --read-only                     Map/Mount read-only\n"
"     --size SIZE                     Volume size\n"
"     --type TYPE                     Volume type\n"
" -u, --user-mount                    Set default user and group ID on mount\n"
" -v, --verbose                       Verbose output\n"
"\n MAPPED_VOLUME = DEVICE_NUMBER | DEVICE_NAME | MOUNT_POINT | VOLUME_PATH\n"
"For a detailed help use --help or see truecrypt(1) man page.\n"
);
}

static void DumpHelp ()
{
	fprintf (stdout,
"Manages encrypted TrueCrypt volumes, which can be mapped as virtual block\n"
"devices and used as any other standard block device. All data being read\n"
"from a mapped TrueCrypt volume is transparently decrypted and all data being\n"
"written to it is transparently encrypted.\n"
"\n"
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
"   or: truecrypt [OPTIONS] -c | --create | -C | --change [VOLUME_PATH]\n"
"   or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
"   or: truecrypt [OPTIONS] --backup-headers | --restore-header FILE [VOLUME]\n"
"   or: truecrypt [OPTIONS] --properties [VOLUME_PATH]\n"
"   or: truecrypt --keyfile-create FILE\n"
"   or: truecrypt -h | --help | --test | -V | --version\n"
"\n"
"Options:\n"
"\n"
"VOLUME_PATH [MOUNT_DIRECTORY]\n"
" Open a TrueCrypt volume specified by VOLUME_PATH and map it as a block device\n"
" /dev/mapper/truecryptN. N is the first available device number if not\n"
" otherwise specified with -N. To map a hidden volume, specify its password\n"
" and/or keyfiles (the outer volume cannot be mapped at the same time).\n"
" Filesystem of the mapped volume is mounted at MOUNT_DIRECTORY if specified.\n"
" See also options --display-password, --filesystem, -k, -M, -p, -P,\n"
" --password-tries, -r, -u, --update-time.\n"
"\n"
"--backup-headers BACKUP_FILE [VOLUME_PATH]\n"
" Backup headers of a volume specified by VOLUME_PATH to a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line. Both\n"
" normal/outer and hidden volume headers are stored in the backup file even\n"
" if there is no hidden volume within the volume (to preserve plausible\n"
" deniability). When restoring the volume header, it is possible to select\n"
" which header is to be restored. Note that this command drops effective user\n"
" ID. See also --restore-header.\n"
"\n"
"-c, --create [VOLUME_PATH]\n"
" Create a new volume. Most options are requested from user if not specified\n"
" on command line. Hidden volume can be created only in an existing file or\n"
" device. Size of the hidden volume should not exceed the free space of the\n"
" filesystem on the outer volume. Hidden volume protection (see option -P)\n"
" should be used to update the outer volume contents after the hidden volume\n"
" is created. Note that this command drops effective user ID.\n"
" See also options --cluster, --disable-progress, --display-keys,\n"
" --encryption, -k, --filesystem, --hash, -p, --quick, --size, --type. Note\n"
" that passing some of the options may affect plausible deniability. See option\n"
" -p for more information.\n"
"\n"
"-C, --change [VOLUME_PATH]\n"
" Change a password and/or keyfile(s) of a volume. Volume path and passwords are\n"
" requested from user if not specified on command line. PKCS-5 PRF HMAC hash\n"
" algorithm can be changed with option --hash. See also options -k,\n"
" --keyfile-add, -p, -v.\n"
"\n"
"-d, --dismount [MAPPED_VOLUME]\n"
" Dismount and unmap mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are dismounted and unmapped. See below for a description of\n"
" MAPPED_VOLUME.\n"
"\n"
"-h, --help\n"
" Display help information.\n"
"\n"
"-l, --list [MAPPED_VOLUME]\n"
" Display a list of mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are listed. By default, the list contains only volume path and mapped\n"
" device name pairs. A more detailed list can be enabled by verbose output\n"
" option (-v). See below for a description of MAPPED_VOLUME.\n"
"\n"
"--keyfile-create FILE\n"
" Create a new keyfile using the random number generator. FILE argument specifies\n"
" the output file. Note that this command drops effective user ID.\n"
"\n"
"--properties [VOLUME_PATH]\n"
" Display properties of a volume specified by VOLUME_PATH.\n"
"\n"
"--restore-header BACKUP_FILE [VOLUME_PATH]\n"
" Restore header of a volume specified by VOLUME_PATH from a file BACKUP_FILE.\n"
" Volume path is requested from user if not specified on command line.\n"
" Type of the restored volume header (normal/hidden) is requested from user if\n"
" not specified with --type. Note that this command drops effective user ID.\n"
" See also --backup-headers.\n"
"\n"
"--test\n"
" Test all internal algorithms used in the process of encryption and decryption.\n"
"\n"
"-V, --version\n"
" Display version information.\n"
"\n"
"MAPPED_VOLUME\n"
" Specifies a mapped or mounted volume. One of the following forms can be used:\n\n"
" 1) Path to the encrypted TrueCrypt volume.\n\n"
" 2) Mount directory of the volume's filesystem (if mounted).\n\n"
" 3) Device number of the mapped volume.\n\n"
" 4) Device name of the mapped volume.\n\n"
"\n"
"--cluster SIZE\n"
" Use specified cluster size when creating a new volume. SIZE defines the number\n"
" of sectors per cluster.\n"
"\n"
"--disable-progress\n"
" Disable display of progress information during creation of a new volume.\n"
"\n"
"--display-keys\n"
" Display encryption keys generated during creation of a new volume.\n"
"\n"
"--display-password\n"
" Display password characters while typing.\n"
"\n"
"--encryption EA\n"
" Use specified encryption algorithm when creating a new volume.\n"
"\n"
"--filesystem TYPE\n"
" Filesystem type to mount. The TYPE argument is passed to mount(8) command\n"
" with option -t. Default type is 'auto'. When creating a new volume, this\n"
" option specifies the filesystem to be created on the new volume.\n"
"\n"
"--hash HASH\n"
" Use specified hash algorithm when creating a new volume or changing password\n"
" and/or keyfiles.\n"
"\n"
"-k, --keyfile FILE | DIRECTORY\n"
" Use specified keyfile to open a volume to be mapped (or when changing password\n"
" and/or keyfiles). When a directory is specified, all files inside it will be\n"
" used (non-recursively). Additional keyfiles can be specified with multiple -k\n"
" options. See also option -K.\n"
"\n"
"-K, --keyfile-protected FILE | DIRECTORY\n"
" Use specified keyfile to open a hidden volume to be protected. See also\n"
" options -k and -P.\n"
"\n"
"--keyfile-add FILE | DIRECTORY\n"
" Add specified keyfile to a volume when changing its password and/or keyfiles.\n"
" This option must be also used to keep all previous keyfiles asigned to a\n"
" volume. See EXAMPLES for more information.\n"
"\n"
"-M, --mount-options OPTIONS\n"
" Filesystem mount options. The OPTIONS argument is passed to mount(8)\n"
" command with option -o.\n"
"\n"
"-N, --device-number N\n"
" Use device number N when mapping a volume as a block device\n"
" /dev/mapper/truecryptN. Default is the first available device.\n"
"\n"
"-p, --password PASSWORD\n"
" Use specified password to open a volume. Additional passwords can be\n"
" specified with multiple -p options. An empty password can also be specified\n"
" (\"\" in most shells). Note that passing a password on the command line is\n"
" potentially insecure as the password may be visible in the process list\n"
" (see ps(1)) and/or stored in a command history file. \n"
" \n"
"--password-tries NUMBER\n"
" Prompt NUMBER of times for a password until the correct password is entered.\n"
" Default is to prompt three times.\n"
"\n"
"-P, --protect-hidden\n"
" Write-protect a hidden volume when mapping an outer volume. Before mapping the\n"
" outer volume, the user will be prompted for a password to open the hidden\n"
" volume. The size and position of the hidden volume is then determined and the\n"
" outer volume is mapped with all sectors belonging to the hidden volume\n"
" protected against write operations. When a write to the protected area is\n"
" prevented, the whole volume is switched to read-only mode. Verbose list command\n"
" (-vl) can be used to query the state of the hidden volume protection. Warning\n"
" message is displayed when a volume switched to read-only is being dismounted.\n"
" See also option -r.\n"
"\n"
"--quick\n"
" Use quick format when creating a new volume. This option can be used only\n"
" when creating a device-hosted volume. Quick format is always used when\n"
" creating a hidden volume.\n"
"\n"
"-r, --read-only\n"
" Map and mount a volume as read-only. Write operations to the volume may not\n"
" fail immediately due to the write buffering performed by the system, but the\n"
" physical write will still be prevented.\n"
"\n"
"--size SIZE\n"
" Use specified size when creating a new volume. SIZE is defined as number of\n"
" bytes or, when a size suffix K/M/G is used, Kilobytes/Megabytes/Gigabytes.\n"
" Note that size must be a multiple of 512 bytes.\n"
"\n"
"--type TYPE\n"
" Use specified volume type when creating a new volume or restoring a volume\n"
" header. TYPE can be 'normal' or 'hidden'.\n"
"\n"
"-u, --user-mount\n"
" Set default user and group ID of the filesystem being mounted to the user and\n"
" group ID of the parent process. Some filesystems (like FAT) do not support\n"
" user permissions and, therefore, it is necessary to supply a default user and\n"
" group ID to the system when mounting such filesystems.\n"
"\n"
"--update-time\n"
" Do not preserve access and modification timestamps of volume containers and\n"
" access timestamps of keyfiles. By default, timestamps are restored after\n"
" a volume is unmapped or after a keyfile is closed.\n"
"\n"
"-v, --verbose\n"
" Enable verbose output. Multiple -v options can be specified to increase the\n"
" level of verbosity.\n"
"\n"
"Examples:\n"
"\n"
"truecrypt /root/volume.tc /mnt/tc\n"
" Map a volume /root/volume.tc and mount its filesystem at directory /mnt/tc.\n"
"\n"
"truecrypt -u /dev/hda2 /mnt/tc\n"
" Map a volume /dev/hda2 (first ATA disk, primary partition 2) and mount its\n"
" filesystem at /mnt/tc. Default user-id is set, which is useful when mounting\n"
" a filesystem like FAT under a non-admin user account.\n"
"\n"
"truecrypt -d\n"
" Dismount and unmap all mapped volumes.\n"
"  \n"
"truecrypt -d /root/volume.tc\n"
" Dismount and unmap a volume /root/volume.tc.\n"
"\n"
"truecrypt -d /mnt/tc\n"
" Dismount and unmap a volume mounted at /mnt/tc.\n"
"\n"
"truecrypt -vl\n"
" Display a detailed list of all mapped volumes.\n"
" \n"
"truecrypt -N 1 /dev/hdc1 && mkfs /dev/mapper/truecrypt1\n"
" Map a volume /dev/hdc1 and create a new filesystem on it.\n"
"\n"
"truecrypt -P /dev/hdc1 /mnt/tc\n"
" Map and mount outer volume /dev/hdc1 and protect hidden volume within it.\n"
"\n"
"truecrypt -p \"\" -p \"\" -k key1 -k key2 -K key_hidden -P volume.tc\n"
" Map outer volume ./volume.tc and protect hidden volume within it.\n"
" The outer volume is opened with keyfiles ./key1 and ./key2 and the\n"
" hidden volume with ./key_hidden. Passwords for both volumes are empty.\n"
"\n"
"truecrypt -c\n"
" Create a new volume."
"\n"
"truecrypt -k keyfile --size 10M --encryption AES --hash SHA-1 -c vol.tc\n"
" Create a new volume. Options which are not specified on command line are\n"
" requested from the user.\n"
"\n"