LibreCrypt: Open-Source disk encryption for Windows

Technical Details: Building the Software

LibreCrypt/LibreCrypt Explorer comes in a number of parts:

• LibreCrypt:
  1. A front-end GUI, written in Delphi
  2. A number of kernel drivers, written in C
• LibreCrypt Explorer:
  1. A front-end GUI, written in Delphi
  2. A number of DLLs, written in C, built for Win32 and Win64

• Test Apps

  1. Some command line apps mostly for testing of drivers

• A number of command line decryption utilities, also written in C.

• LibreCrypt

• LibreCrypt Explorer
• Building the Command Line Decryption Utilities
• Building the Command Line Test Apps
• Building the Kernel Drivers
• Signing the Binaries
• Additional Notes

This is a description for Delphi newbies of the basic steps involved in compiling the LibreCrypt GUI.

To build the GUI, the following software is required:

• Delphi (Embarcadero Delphi XE2 or later, is recommended. Earlier/later versions may possibly be used, but are untested)

• The SDeanUtilsXE package, included in the project source.

• (Optional) GNU gettext for Delphi (dxgettext), available (free) from: http://dybdahl.dk/dxgettext/ (This package adds support for language translations)

• The FastMM memory manager, from (http://sourceforge.net/projects/fastmm/](http://sourceforge.net/projects/fastmm/). This wipes memory after use. The binary release of this software was built with Embarcadero Delphi XE2.

• Open the SDeanUtilsXE package

• Build the package
• Install the package
• for each component, ensure that the correct path to the component is added to your Delphi environment ("Tools | Environment Options...", "Library" tab)
• Add the path to the modified Delphi files included in SDeanComponents to fix various bugs relating to Delphi's Windows Vista support to the top of Delphi's standard library paths. (This step probably won't be needed with later versions of Delphi, and shouldn't be carried out with older versions of Delphi, which will have different source)

• Open the LibreCrypt project, "LibreCrypt.dproj" under .\src\PC\gui\main

• If you have the dxgettext software installed (see above), ensure that the compiler directive "_DXGETTEXT" is set. Otherwise, make sure that this compiler directive is not set.

• Build the project.

• You should now find a file called "LibreCrypt.exe" in the directory '.\bin\PC'

  You have now successfully built the GUI frontend

  If required, the compiler definition "FREEOTFE_TIME_CDB_DUMP" may be set, in which case the time taken to dump a CDB ("Tools | Critical data block | Dump to human readable file...") will be shown after the dump completes.

  translation

It is not necessary to do a full install of dxgettext to build with i18n support. Instead you can just add the file gnugettext.pas to the project. In order to update any translations, however dxgettext must be installed.

After any changes to the strings in the GUI, the translation files (.po) should be updated, and compiled into .mo files. The process for updating translations is: * Extract the default.po file from the source or executable. * Remove any strings that need not be translated
* Update or create each locale .po file with the translations * Compile the .po files into .mo files.

Extracting the strings from the sources is preferred. Updating or creating the .po files is done by the translators. For the convenience of translators, the English .po file is distributed with the executable, although it is not used. The ignore.po file should also be regenerated if there are a lot of changes to the source - see the msgmkignore command

Extract the .po file from the source

• Install dxgettext if not already installed. There is no need to integrate with Delphi.
• Open a command prompt at the root LibreCrypt directory
• run the following command "c:\Program Files (x86)\dxgettext\dxgettext.exe" -r -b src/PC/gui/ --delphi -o bin/PC/locale/en/LC_MESSAGES This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\ Note that the relative paths use a forward slash as a path separater This command will give warnings for code like : _(self.Caption) - however these can be ignored as these strings will be found in the .dfm

Extract the .po file from the executable

• Install dxgettext if not already installed.
• Open a command prompt at the root LibreCrypt directory
• run the following command "c:\Program Files (x86)\dxgettext\dxgettext.exe" bin/PC/LibreCrypt.exe -o bin/PC/locale/en/LC_MESSAGES This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\ Note that the relative paths use a forward slash as a path separater

Remove ignoreable strings

• Open a command prompt at the root LibreCrypt directory
• run the following commands:
  • move bin\PC\locale\en\LCMESSAGES\default.po bin\PC\locale\en\LCMESSAGES\full.po
  • "c:\Program Files (x86)\dxgettext\msgremove.exe" bin/PC/locale/en/LC_MESSAGES/full.po -i src/PC/gui/translation/ignore.po -o bin/PC/locale/en/LC_MESSAGES/default.po

Compile the .po files into .mo files.

• Install dxgettext if not already installed.
• Open a command prompt at the root LibreCrypt directory
• run the following command, replacing 'de' with the language code, for each language "c:\Program Files (x86)\dxgettext\msgfmt.exe" src/PC/gui/translation/de/default.po -o bin/PC/locale/de/LC_MESSAGES/default.mo This assumes that dxgettext is installed at c:\Program Files (x86)\dxgettext\ Note that the relative paths use a forward slash as a path separater It is also possible to do this from Windows Explorer - see (translations)[translations.md]. There is a bat file under 'tools' - update_mo_files.bat - that compiles all the .mo files.

The kernel mode drivers implement the actual hash, encryption/decryption and main FreeOTFE drivers.

To build these drivers, the following software is required:

• Microsoft Visual Studio 2010 (older versions may well be used, changing "vcvarsall" to "vcvars32", and similar changes)
• If using an older version of MS Visual Studio, the MS Windows SDK (February 2003 version) is also needed
• The MS Windows DDK (WDK 7600.16385.1)

The binary release of this software was built with Microsoft Visual Studio 2010 Professional Edition.

At time of writing, the MS Windows SDK can be downloaded from the Microsoft WWW site. The MS Windows DDK (also called the 'WDK') is available as a download cd image, and can be ordered from the Microsoft WWW site as a free CD, for the cost of delivery.

If you are unable to source the exact versions listed above, earlier versions may well be substituted, although I cannot guarantee success. Later versions should operate correctly. This list describes the environment used to build the release version of LibreCrypt. The versions used are:

Visual Studio	2010 Professional
Windows Driver Development Kit (WinDDK)	7600.16385.1
lib tomcrypt	1.17
Gladman library	downloaded on 04/12/05
Twofish library	Version 1.00 April 1998
dxgettext	GNU gettext for Delphi, C++ Builder and Kylix 1.2 beta

The following list comprehensively describes the configuration used to build the binary release of LibreCrypt. Feel free to adjust according to taste - a number of the options listed are not necessary, and are only included for completeness...

1. Install Visual Studio 2010

2. Put a copy of "vcvarsall.bat" into one of the directories in your path

3. Configure the VS editor:

   • To use spaces, not tabs
   • To indent braces

4. Install the MS Windows SDK with the following options:

   • Install in C:\MSSDK
   • Install the "Core SDK"

   • Then install the debugging tools for windows

   • Do not register environment variables (we'll use "Setenv.bat" from the command line)

   • Install the MS Windows DDK with the following options:

   • Install in C:\WINDDK\3790

   • Include the "Illustrative Driver Samples"
   • Include the "Input Samples"
   • Include the "Storage Samples"
   • Include the "Virtual Device Driver Samples"
   • Include the "WDM Samples"
   • Build Environment\Windows Driver Development Kit AMD64 Additional Build Tools
   • Build Environment\Windows Server 2003 AMD64 Libraries
   • Build Environment\Windows XP Headers
   • Build Environment\Windows XP x86 Libraries
   • Build Environment\Windows XP IA86 Libraries
   • Needed if the build .BAT files (see later) use "chk WXP" - if that's skipped it'll default to WNET (windows .NET)
   • Build Environment\Windows 2000 Headers
   • Build Environment\Windows 2000 Build Environment
   + Needed if the build .BAT files (see later) use "chk <something>" - if that's skipped it'll default to WNET (windows .net)

1. Edit "setup_env_common.bat" (located under src\drivers\Common\bin), and ensure that the following variables are set appropriately: Variables in bold will probably need to be manually changed, depending on the user's setup

   
   
   
   

   Variable	Description	Default value
   FREEOTFECPU	The target platform to build the drivers for. Set to either x86 or amd64, only necesary if buildallamd and buildallx86 are not used	amd64
   FREEOTFE_DEBUG	Build type flag; set to 1 for debug build, or 0 for release	0
   FREEOTFE_TARGET	Target OS to build for; e.g. WXP/W2K/WNET; note that W2K builds will not operate correctly under Windows XP (e.g. when formatting a volume)	WXP
   PROJECT_DRIVE	The drive on which you have stored the LibreCrypt source	<The drive the config batch file is stored on>
   PROJECT_DIR	The full drive and path where the "drivers" directory is located	<see file>
   BINOUTPUT_DIR	The path where the built drivers will be copied to. This directory will automatically be created if it does not already exist.	/<"bin" directory at the same level as the main "src" directory>/
   VCVARSALL	The full path and filename to Visual Studio's VCVARSALL.BAT (or vcvar32.bat, if building with an old version)	"C:\PROGRA~2\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"
   MSSDK_DIR	The directory in which you installed the Microsoft SDK. Set to 0 if not needed (e.b. Visual Studio 8.0 and later)	C:\MSSDK
   MSDDK_DIR	The directory in which you installed the MS DDK	C:\Apps\WinDDK\7600.16385.1

2. Edit "setup_env_driver.bat" (in the same directory), and ensure that "SETENV.BAT" is called with the parameters appropriate to the type of build you wish to create, and that "FREEOTFE_OUTPUT_DIR" is set to the appropriate directory under the source directories where the build executable places the files it creates (this shouldn't be needed as it will happen automatically if the above are configured correctly)

Some of the FreeOTFE drivers (the hash/encryptions drivers in particular) are dependant on certain 3rd party software being installed. LibreCrypt's source code comes complete with 3rd party included in GitHUb under the"src\3rd_party" directory and should be preconfigured, ready for use.

Alternatively, you may wish to download this 3rd party source from the original authors in order to verify the integrity of this software. For this reason, details of where this software was obtained from are included in the above directory.

Please note that should choose the latter option, it is important that you review the individual driver notes (see separate driver directories; "_notes.txt" files) to ensure that this software is configured correctly. Additionally, you may well have to modify the "my_build_sys.bat" files, directing them to the location where you installed said 3rd party source code, as the build process requires that certain files are copied over into the LibreCrypt src directories. (Annoying, but this is a requirement of the MS "build.exe" command)

The LibTomCrypt source in particular had minor configuration changes to tomcrypt_cfg.h and tomcrypt_custom.h; please compare the original source (a copy of its release ZIP file is stored under src\3rd_party\libtomcrypt) with the modified version (uncompressed in a directory under this one)

Either:

1. Open ".\src\PC\drivers\FreeOTFE.sln" using Visual Studio
2. Rightclick on each project in turn, and select "Build"

or:

1.  Run: ...\src\PC\drivers\build_ALL.bat

or:

1. Edit the file `.\src\PC\drivers\Common\bin\setup_env_common.bat`, you will need to update these lines:

    * `set VCVARSALL="C:\PROGRA~2\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"`
        this should be set to point to 'vcvarsall.bat', in '8.3' filename form
    *   `set PROJECT_DRIVE=P:`
        The drive where the source code is, alternatively a 'subst' command can be used to point p: the project directory (e.g. the source should be under P:\src\)
    * `set PROJECT_BASE_DIR=%PROJECT_DRIVE%\`
        set this to the project directory
    * `set MSDDK_DIR=C:\Apps\WinDDK\7600.16385.1`
        The DDK dir
1. and either
    2. 

        3. Run: `.\src\PC\drivers\build_all_amd.bat` 
        3. open a new DOS command box and run `.\src\PC\drivers\build_all_x86.bat`
    or
    2. 

        3.  Enter each of the separate driver directories in turn and launch each project's "my\_build\_sys.bat" 


In either case, the binaries are built into the `.bin\PC\<platform>\` directory.

After reaching this stage, you should have successfully built your own version of the LibreCrypt drivers

Notes:

1. If FREEOTFE_TARGET is set to W2K, the resulting binary may not operate correctly under MS Windows XP as a number of functions what are only needed under Windows XP and later are #ifdef'd out. As a result, a "W2K" binary may not operate correctly under Windows XP (e.g. trying to format a volume may result in... Nothing happening). If you want a binary which will operate under both Windows 2000 and Windows XP, set this to WXP.
2. Windows XP migrated a couple of the previous Windows 2000 macros to be functions. In order to allow the above "WXP" builds to work under Windows 2000, "IFSRelated.h" includes a copy of these macros, and uses them regardless - see comments in code for an explanation.

This is a description for Delphi newbies of how to compile the LibreCrypt Explorer GUI.

To build the GUI, the following software is required:

• Delphi (Embarcadero Delphi XE2 or later, though previous versions can probably be used with minimal changes, though wouldn't look as nice under Windows Vista and above)
• The SDeanComponents package (v2.00.00 or later)
• (Optional) GNU gettext for Delphi (dxgettext), available (free) from: http://dybdahl.dk/dxgettext/ (This package adds support for language translations) (see below). It is not necessary to install this to simply rebuild if no strings have changed.

The binary release of this software was built with Embarcadero Delphi XE2.

1. With the package SDeanUtilsXE

   1. Build the package
   2. Install the package
   3. Ensure that the correct path to each component is added to your Delphi environment ("Tools | Environment Options...", "Library" tab)

   Note: Some components in this package are forms containing others in the same package. So, if you open a form in the package before installing it, you may see a message saying 'Field X does not have a corresponding component. Remove the declaration?'. If you do, click 'Cancel', clicking 'yes' will result in the component being deleted from the '.pas' file.

2. Open the LibreCrypt Explorer project ("LibreCryptExplorer.dproj" under .\src\PC\gui\explorer)
3. If you have the dxgettext software installed (see above), ensure that the compiler directive "_DXGETTEXT" is set. Otherwise, make sure that this compiler directive is not set. 4 Build the application. You should now find a file called "LibreCryptExplorer.exe" in the directory above the "src" directory

compiler directives

• FREEOTFE_MAIN defined for main GUI, not explorer
• FREEOTFE_EXPLORER defined for doxbox explorer, not main gui
• _DXGETTEXT see above

gettext

i18n is done using dxgettext, compatible with GNU gettext. Unfortunately the project was hosted on Berlios.de, which is now closed as a hosting site, and the project appears abondoned. An older version of the project was hosted on sourceforge. Fortunately a patch was submited to the sourceforge forum, containing the latest code. In order to build the source with i18n support, only a file gnugettext.pas is needed. For convenience this is part of the github project. To retrive this, download dxgettext.7z from TODO and extract the file from the .\dxgettext\dxgettext\sample\ directory. To run the other functions of dxgettext, viz extracting srings from the project and building .mo files:

• install dxgettext from sourceforge, choosing 'no' to 'integate with IDE'
• apply the patch from dxgettext.7z
• run the tools from the command line

To build the DLLs used by LibreCrypt Explorer:

1. Open "LibreCryptDLLs.sln" under .\src\PDA\ using Visual Studio 2010
2. Set the build configuration within Visual Studio to "Release" - "Win32" or "Release" - "Win64"
3. Right-click on each project in turn, and select "Rebuild". Note: Don't bother building the "GUI" project; at present, this can only be built for the Windows Mobile platform.

The binaries built are put into the directories .\bin\PC\DLLs\<config>\<platform>\.

Note: The development of the command line decryption utilities has ceased. This functionality has been superceded with the development of LibreCrypt Explorer and the test projects

To build the command line decryption utilities, the following software is required:

• A C compiler (Visual Studio 2010 was used to write and test this software) Please follow the following steps:

• Install and configure up the build environment, as described as per building the backend drivers, you may omit the SDK and DDK. * Modify the software as appropriate for your test * Please see the command line decryption utility documentation

• Launch the relevant "my_build_exe.bat" file

The executable should be built in the same directory.

Note: These are not included in the release and are for testing purposes Note: These are work in progress

To build the command line Test Apps, the following software is required:

• A C compiler (Visual Studio 2010 was used to write and test this software) Please follow the following steps:

• Install and configure up the build environment, as described as per building the backend drivers, you may omit the SDK and DDK. * Open the test project(s) under .\src\PDA\TEST_PROJS* * Please see the command line test app documentation or

• Launch the relevant "my_build_exe.bat" file

The executable should be built in the same directory. These executables are built using the same code as the DLLs but with different preprocessor directives, they are used for testing the drivers and DLLs.

All the projects have been built under a directory "P:\", but whereever possible relative paths have been used. In case of errors run the command subst p: <path to project directory> and retry

To sign the LibreCrypt binary files (.exe, .dll and .sys files), the procedure is pretty much as described at: Pantaray Research web site

At present, LibreCrypt is signed using a self-signed certificate; the full procedure used is as follows:

1. Install Visual Studio
2. From a command prompt, run "vcvarsall" (all commands detailed below should be executed from this command prompt)

3. Create a private certificate:

   makecert.exe -sv tdk.pvk -n "E=tdk@doxbox.eu,CN=Sarah Dean" tdk.cer
   

this should create two files: tdk.pvk and tdk.cer

1. Create a test software publisher certificate (SPC):

           cert2spc.exe tdk.cer tdk.spc
   

   to create tdk.spc. (This file would normally be supplied by a CA, if purchased)

2. Create a personal information file

   pvk2pfx -pvk tdk.pvk -spc tdk.spc -pfx tdk.pfx -f /pi <pvk password> /po <pfx password>
   

Where:

• <pvk password> is the password used when generating the .pvk file with makecert.txt

• <pfx password> is the password you wish to use for securing the new .pfx file

• Sign each of binary files:

     signtool.exe sign /f tdk.pfx /p <pfx password> /v /t http://timestamp.verisign.com/scripts/timstamp.dll <filename>
  

Where: <pfx password> is the password used when generating the .pfx file with pvk2pfx

The URL specified is a time stamping service (Verisign's in this case).

When building the C code, FreeOTFEPlatform.h automatically #defines one of the following:

• FreeOTFE_PC_DRIVER
• FreeOTFE_PC_DLL
• FreeOTFE_TEST_APP

depending on what is being built.

This header file should be #included at the start of every file which uses any of these defines. (Yes, this is obvious - but easily overlooked!)