cli.c

基于WINDOWS DDK 编写的文件型文件系统

		}

		*startSector = (ftello (f) 
			+ SECTOR_SIZE * 2 
			- (*cryptoInfo)->hiddenVolumeSize 
			- HIDDEN_VOL_HEADER_OFFSET) / SECTOR_SIZE;

		*totalSectors = (*cryptoInfo)->hiddenVolumeSize / SECTOR_SIZE;
	}

	// Report errors
	if (r != 0 && r != ERR_PASSWORD_WRONG)
	{
		char msg[128];

		switch (r)
		{
		case ERR_NEW_VERSION_REQUIRED:
			strcpy (msg, "A newer version of TrueCrypt is required to open this volume"); 
			break;

		default:
			sprintf (msg, "Volume cannot be opened: Error %d", r);
			break;
		}

		if (IsTerminal)
			printf ("%s\n", msg);
		else
			error ("%s\n", msg);

		goto err;
	}

	fclose (f);

	if (!UpdateTime)
		RestoreFileTime (volumePath, volumeStat.st_mtime, volumeStat.st_atime);

	*modTime = volumeStat.st_mtime;
	*acTime = volumeStat.st_atime;
	return TRUE;

err:
	*cryptoInfo = NULL;

	if (f)
		fclose (f);

	if (volumeStat.st_ctime != 0 && !UpdateTime)
		RestoreFileTime (volumePath, volumeStat.st_mtime, volumeStat.st_atime);

	return FALSE;
}


static void GetPassword (char *prompt, char *volumePath, Password *password)
{
	struct termios noEcho;

	if (tcgetattr (0, &TerminalAttributes) == 0)
	{
		IsTerminal = TRUE;
		noEcho = TerminalAttributes;

		if (!DisplayPassword)
		{
			noEcho.c_lflag &= ~ECHO;
			if (tcsetattr (0, TCSANOW, &noEcho) != 0)
				error ("Failed to turn terminal echo off\n");
		}

		printf (prompt, volumePath);
	}

	if (fgets (password->Text, sizeof (password->Text), stdin))
	{
		char *newl = strchr (password->Text, '\n');
		if (newl) newl[0] = 0;

		password->Length = strlen (password->Text);
	}
	else
		password->Length = 0;

	if (IsTerminal && !DisplayPassword)
	{
		tcsetattr (0, TCSANOW, &TerminalAttributes);
		puts ("");
	}
}


static char *EscapeSpaces (char *string)
{
	static char escapedString[MAX_PATH * 2];
	char *e = escapedString;
	char c;

	if (strlen (string) > MAX_PATH)
		return NULL;

	while ((c = *string++))
	{
		if (c == ' ')
			*e++ = '\\';

		*e++ = c;
	}

	return escapedString;
}


static BOOL MountVolume (char *volumePath, char *mountPoint)
{
	char hostDevice[MAX_PATH];
	char mapDevice[MAX_PATH];
	int loopDevNo = -1;
	PCRYPTO_INFO ci = NULL;
	uint64_t startSector, totalSectors;
	uint64_t readOnlyStartSector = 0, readOnlySectors = 0;
	int pfd[2];
	int pid, res, devNo;
	time_t modTime, acTime;
	FILE *f, *w;
	int flags;
	int i;
	int tries = PasswordEntryTries;

	if (!AutoTestAlgorithms ())
	{
		error ("Self-tests of algorithms FAILED!\n");
		return FALSE;
	}

	if (IsVolumeMounted (volumePath))
	{
		error ("Volume already mounted\n");
		return FALSE;
	}

	do
	{
		Password *pw = &password;

		if (!CmdPasswordValid)
			GetPassword ("Enter password for '%s': ", volumePath, &password);
		else
			pw = &CmdPassword;

		if (FirstKeyFile && !KeyFilesApply (pw, FirstKeyFile, !UpdateTime))
		{
			error ("Error while processing keyfiles\n");
			goto err;
		}

		if (OpenVolume (volumePath, pw, &ci, &startSector, &totalSectors, &modTime, &acTime))
			break;
		else
			totalSectors = 0;

	} while (!CmdPasswordValid && IsTerminal && --tries > 0);

	if (totalSectors == 0)
		goto err;

	// Hidden volume protection
	if (ProtectHidden)
	{
		PCRYPTO_INFO ciH = NULL;
		uint64_t startSectorH, totalSectorsH;

		tries = PasswordEntryTries;
		do
		{
			Password *pw = &password;

			if (!CmdPassword2Valid)
				GetPassword ("Enter hidden volume password: ", "", &password);
			else
				pw = &CmdPassword2;

			if (FirstProtVolKeyFile && !KeyFilesApply (pw, FirstProtVolKeyFile, !UpdateTime))
			{
				error ("Error while processing keyfiles\n");
				goto err;
			}

			if (OpenVolume (volumePath, pw, &ciH, &startSectorH, &totalSectorsH, &modTime, &acTime))
			{
				readOnlyStartSector = startSectorH;
				readOnlySectors = startSectorH + totalSectorsH;
				break;
			}

		} while (!CmdPassword2Valid && IsTerminal && --tries > 0);
		
		if (ciH)
			crypto_close (ciH);

		if (readOnlySectors == 0)
			goto err;
	}

	// Headers decrypted

	// Loopback
	if (IsFile (volumePath))
	{
		int i;

		for (i = 0; i < MAX_MINOR; i++)
		{
			snprintf (hostDevice, sizeof (hostDevice), LOOP_DEV "%d", i);

			if (!IsBlockDevice (hostDevice))
			{
				snprintf (hostDevice, sizeof (hostDevice), LOOP_DEV "/%d", i);
				if (!IsBlockDevice (hostDevice))
					continue;
			}

			if (Execute (TRUE, "losetup", hostDevice, volumePath, NULL))
				break;
		}

		if (i >= MAX_MINOR)
		{
			error ("No free loopback device available for file-hosted volume\n");
			goto err;
		}

		loopDevNo = i;

		if (Verbose > 1)
			printf ("Attached %s to %s\n", volumePath, hostDevice);

	}
	else
		strncpy (hostDevice, volumePath, sizeof (hostDevice));

	// Load kernel module
	if (!LoadKernelModule ())
		goto err;

	if (!CheckKernelModuleVersion (TRUE))
		goto err;

	// dmsetup
	devNo = UseDeviceNumber == -1 ? GetFreeMapDevice () : UseDeviceNumber;
	if (devNo == -1)
	{
		error ("Maximum number of volumes mounted\n");
		goto err;
	}

	sprintf (mapDevice, "truecrypt%d", devNo);

	pipe (pfd);
	pid = fork ();

	if (pid == -1)
	{
		perror ("fork");
		goto err;
	}
	else if (pid == 0)
	{
		SecurityCleanup ();

		close (pfd[1]);
		dup2 (pfd[0], STDIN_FILENO);

		execlp ("dmsetup", "dmsetup", "create", mapDevice, NULL);

		perror ("execlp dmsetup");
		_exit (1);
	}

	close (pfd[0]);
	w = fdopen (pfd[1], "a");
	if (w == NULL)
	{
		perror ("fdopen");
		goto err;
	}

	fprintf (w, "0 %lld truecrypt %d %d ", totalSectors, ci->ea, ci->mode);

	for (i = DISK_IV_SIZE; i < EAGetKeySize (ci->ea) + DISK_IV_SIZE; i++)
		fprintf (w, "%02x", ci->master_key[i]);

	fprintf (w, " ");

	for (i = 0; i < (int)sizeof (ci->iv); i++)
		fprintf (w, "%02x", ci->iv[i]);

	flags = 0;

	if (ReadOnly)
		flags |= FLAG_READ_ONLY;
	else if (ProtectHidden)
		flags |= FLAG_HIDDEN_VOLUME_PROTECTION;

	fprintf (w, " %s %lld %lld %lld %lld %lld %d %s\n",
		hostDevice,
		startSector,
		readOnlyStartSector,
		readOnlySectors,
		(uint64_t) modTime,
		(uint64_t) acTime,
		flags,
		EscapeSpaces (volumePath));

	fclose (w);

	if (!WaitChild (FALSE, "dmsetup"))
	{
		Execute (TRUE, "dmsetup", "remove", mapDevice, NULL);
		goto err;
	}

	sprintf (mapDevice, TC_MAP_DEV "%d", devNo);

	if (Verbose >= 1)
		printf ("Mapped %s as %s\n", volumePath, mapDevice);

	// Mount
	if (mountPoint)
	{
		char fstype[64], opts[128];

		strcpy (fstype, "-t");
		if (Filesystem)
			strncat (fstype, Filesystem, sizeof (fstype) - 3);
		else
			strcat (fstype, "auto");

		strcpy (opts, ReadOnly ? "-oro" : "-orw");
		if (MountOpts)
		{
			strcat (opts, ",");
			strncat (opts, MountOpts, sizeof (opts) - 6);
		}

		if (!Execute (FALSE, "mount", fstype, opts, mapDevice, mountPoint, NULL))
		{
			error ("Mount failed\n");
			loopDevNo = -1;
			goto err;
		}

		if (Verbose >= 1)
			printf ("Mounted %s at %s\n", mapDevice, mountPoint);
	}

	crypto_close (ci);

	return TRUE;

err:
	if (ci)
		crypto_close (ci);

	if (loopDevNo != -1)
		DeleteLoopDevice (loopDevNo);

	UnloadKernelModule (TRUE);

	return FALSE;
}


static void DumpVersion (FILE *f)
{
	fprintf (f, 
"truecrypt %s\n\n"
"Copyright (C) 2004-2005 TrueCrypt Foundation. All Rights Reserved.\n\
Copyright (C) 1998-2000 Paul Le Roux. All Rights Reserved.\n\
Copyright (C) 2004 TrueCrypt Team. All Rights Reserved.\n\
Copyright (C) 1999-2005 Dr. Brian Gladman. All Rights Reserved.\n\
Copyright (C) 1995-1997 Eric Young. All Rights Reserved.\n\
Copyright (C) 2001 Markus Friedl. All Rights Reserved.\n\n"
	, VERSION_STRING);
}


static void DumpUsage (FILE *f)
{
	fprintf (f,
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
"   or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
"   or: truecrypt -h | --help | --test | -V | --version\n"
"\nCommands:\n"
" VOLUME_PATH                         Map volume\n"
" VOLUME_PATH MOUNT_DIRECTORY         Map and mount volume\n"
" -d, --dismount [MAPPED_VOLUME]      Dismount and unmap volume\n"
" -h, --help                          Display help\n"
" -l, --list [MAPPED_VOLUME]          List mapped volumes\n"
"     --test                          Test algorithms\n"
" -V, --version                       Display version information\n"
"\nOptions:\n"
"     --device-number NUMBER          Map volume as device number\n"
"     --display-password              Display password while typing\n"
"     --filesystem TYPE               Filesystem type to mount\n"
" -k, --keyfile FILE|DIR              Keyfile for volume\n"
" -K, --keyfile-protected FILE|DIR    Keyfile for protected volume\n"
" -p, --password PASSWORD             Password for volume\n"
"     --password-tries NUMBER         Password entry tries\n"
" -P, --protect-hidden                Protect hidden volume\n"
"     --update-time                   Do not preserve timestamps\n"
" -r, --read-only                     Map/Mount read-only\n"
"     --mount-options OPTIONS         Mount options\n"
" -v, --verbose                       Verbose output\n"
"\n MAPPED_VOLUME = DEVICE_NUMBER | DEVICE_NAME | MOUNT_POINT | VOLUME_PATH\n"
"For a detailed help use --help or see truecrypt(1) man page.\n"
);
}

static void DumpHelp ()
{
	fprintf (stdout,
"Manages encrypted TrueCrypt volumes, which can be mapped as virtual block\n"
"devices and used as any other standard block device. All data being read\n"
"from a mapped TrueCrypt volume is transparently decrypted and all data being\n"
"written to it is transparently encrypted.\n"
"\n"
"Usage: truecrypt [OPTIONS] VOLUME_PATH [MOUNT_DIRECTORY]\n"
"   or: truecrypt [OPTIONS] -d | --dismount | -l | --list [MAPPED_VOLUME]\n"
"   or: truecrypt -h | --help | --test | -V | --version\n"
"\n"
"Options:\n"
"\n"
"VOLUME_PATH [MOUNT_DIRECTORY]\n"
" Open a TrueCrypt volume specified by VOLUME_PATH and map it as a block device\n"
" /dev/mapper/truecryptN. N is the first available device number if not\n"
" otherwise specified with --device-number. The filesystem of the mapped volume\n"
" is mounted at MOUNT_DIRECTORY if specified.\n"
"\n"
"-d, --dismount [MAPPED_VOLUME]\n"
" Dismount and unmap mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are dismounted and unmapped. See below for a description of\n"
" MAPPED_VOLUME.\n"
"\n"
"-l, --list [MAPPED_VOLUME]\n"
" Display a list of mapped volumes. If MAPPED_VOLUME is not specified, all\n"
" volumes are listed. By default, the list contains only volume path and mapped\n"
" device name pairs. A more detailed list can be enabled by verbose output\n"
" option (-v). See below for a description of MAPPED_VOLUME.\n"
"\n"
"MAPPED_VOLUME\n"
" Specifies a mapped or mounted volume. One of the following forms can be used:\n\n"
" 1) Path to the encrypted TrueCrypt volume.\n\n"
" 2) Mount directory of the volume's filesystem (if mounted).\n\n"
" 3) Device number of the mapped volume.\n\n"
" 4) Device name of the mapped volume.\n\n"
"\n"
"--device-number N\n"
" Use device number N when mapping a volume as a block device\n"
" /dev/mapper/truecryptN. Default is the first available device.\n"
"\n"
"--display-password\n"
" Display password characters while typing.\n"
"\n"
"--filesystem TYPE\n"
" Filesystem type to mount. The TYPE argument is passed to mount(8) command\n"
" with option -t. Default type is 'auto'.\n"
"\n"
"-h, --help\n"
" Display help information.\n"
"\n"
"-k, --keyfile FILE | DIRECTORY\n"
" Use specified keyfile to open a volume to be mapped. When a directory is\n"
" specified, all files inside it will be used (non-recursively). Additional\n"
" keyfiles can be specified with multiple -k options. See also option -K.\n"
"\n"
"-K, --keyfile-protected FILE | DIRECTORY\n"
" Use specified keyfile to open a hidden volume to be protected. See also\n"
" options -k and -P.\n"
"\n"
"--mount-options OPTIONS\n"
" Filesystem mount options. The OPTIONS argument is passed to mount(8)\n"
" command with option -o.\n"
" \n"
"-p, --password PASSWORD\n"
" Use specified password to open a volume. Additional passwords can be\n"
" specified with multiple -p options. An empty password can also be specified\n"
" (\"\" in most shells). Note that passing a password on the command line is\n"
" potentially insecure as the password may be visible in the process list\n"
" (see ps(1)) and/or stored in a command history file. \n"
" \n"
"--password-tries NUMBER\n"
" Prompt NUMBER of times for a password until the correct password is entered.\n"
" Default is to prompt three times.\n"
"\n"
"-P, --protect-hidden\n"
" Write-protect a hidden volume when mapping an outer volume. Before mapping the\n"
" outer volume, the user will be prompted for a password to open the hidden\n"
" volume. The size and position of the hidden volume is then determined and the\n"
" outer volume is mounted with all sectors belonging to the hidden volume\n"
" protected against write operations. When a write to the protected area is\n"
" prevented, the whole volume is switched to read-only mode. Verbose list command\n"
" (-vl) can be used to query the state of the hidden volume protection. Warning\n"
" message is displayed when a volume switched to read-only is being dismounted.\n"
" See also option -r.\n"
" \n"
"-r, --read-only\n"
" Map and/or mount a volume as read-only. Write operations to the volume may not\n"
" fail immediately due to the write buffering performed by the system, but the\n"
" physical write will still be prevented.\n"
" \n"
"--test\n"
" Test all internal algorithms used in the process of encryption and decryption.\n"
"\n"
"--update-time\n"
" Do not preserve access and modification timestamps of volume containers and\n"
" access timestamps of keyfiles. By default, timestamps are restored after\n"
" a volume is unmapped or after a keyfile is closed.\n"
"\n"
"-v, --verbose\n"
" Enable verbose output. Multiple -v options can be specified to increase the\n"
" level of verbosity.\n"
"\n"
"-V, --version\n"
" Display version information.\n"
"\n"
"Examples:\n"
"\n"
"truecrypt /root/volume.tc /mnt/tc\n"
" Map a volume /root/volume.tc and mount its filesystem at /mnt/tc.\n"
"\n"
"truecrypt -d\n"
" Dismount and unmap all mapped volumes.\n"
"  \n"
"truecrypt -d /root/volume.tc\n"
" Dismount and unmap a volume /root/volume.tc.\n"
"\n"
"truecrypt -d /mnt/tc\n"
" Dismount and unmap a volume mounted at /mnt/tc.\n"
"\n"
"truecrypt -vl\n"
" Display a detailed list of all mapped volumes.\n"
" \n"
"truecrypt --device-number=1 /dev/hdc1 && mkfs /dev/mapper/truecrypt1\n"
" Map a volume /dev/hdc1 and create a new filesystem on it.\n"
"\n"
"truecrypt -P /dev/hdc1 /mnt/tc\n"
" Map and mount outer volume /dev/hdc1 and protect hidden volume within it.\n"
"\n"
"truecrypt -p \"\" -p \"\" -k key1 -k key2 -K key_hidden -P volume.tc\n"
" Map outer volume ./volume.tc and protect hidden volume within it.\n"