This project has moved and is read-only. For the latest updates, please go here.
1
Vote

Container file initial allocation is 131072 bytes too short (does not account for backup header)

description

When creating an encrypted file container with the VeraCrypt Volume Creation Wizard, the container file is not pre-extended to the complete size it will need. It is created 131072 bytes shorter than the final size. When TrueCrypt 6 was introduced with the backup header, this bug was introduced (the file size initially allocated does not include the second copy of the file header, and the bug migrated from TrueCrypt 7.1a to VeraCrypt). This makes it possible for the disk blocks to be allocated to other files, and can cause the volume creation to fail after the long duration random fill of data during the volume creation. Even if no other user activity is done on the device, things like indexing can allocate blocks.

Background and details for the interested:

I like to force creation of contiguous container files by creating a contiguous file, then allocating all remain space to a "diskfiller" file (using fsutil volume diskfree x:, followed by fsutil file createnew x:\file <size from diskfree>. Then I create the file container and have it replace the file. However, during the time the file container is being created, there will be 131072 bytes free on the disk, and if something uses them, you won't find out until the volume creation is 99.999% complete when it fails to allocate the space for the backup header.

When the file is created, it should pre-allocate the complete size including the backup header, so the blocks are not available for allocation by something else.

Here is an demo.

fsutil is part of standard windows since XP but you must use an administrator command prompt with win 7 or above (perhaps vista ? I never used that). (you must run cmd as administrator)

Note: the nfi utility is available here: https://support.microsoft.com/en-us/kb/253066

C:\bin>dir k:\
Volume in drive K is TOSHIBA EXT
Volume Serial Number is 9843-4CB8

Directory of k:\

07/21/2014 08:59 PM 87,987 Declaration of Conformity.pdf
12/19/2015 10:38 PM 2,997,415,211,008 filler.dat
10/28/2015 02:07 AM <DIR> NTI
02/25/2015 11:59 PM 15,711,240 Setup.exe
12/05/2012 06:32 PM 155,100 Warranty.pdf
           4 File(s) 2,997,431,165,335 bytes
           1 Dir(s)  1,999,999,172,608 bytes free
C:\bin>fsutil file createnew k:\sys\abcdefgfiller12.dat 1999999172608
File k:\sys\abcdefgfiller12.dat is created

C:\bin>fsutil volume diskfree
Usage : fsutil volume diskfree <volume pathname>
Eg : fsutil volume diskfree C:

C:\bin>fsutil volume diskfree k:
Total # of free bytes : 0
Total # of bytes : 5000845586432
Total # of avail free bytes : 0

C:\bin>nfi k:\filler.dat
NTFS File Sector Information Utility.
Copyright (C) Microsoft Corporation 1999. All rights reserved.

\filler.dat
$STANDARD_INFORMATION (resident)
$FILE_NAME (resident)
$DATA (nonresident)
    logical sectors 6701568-5861028151 (0x664200-0x15d583137)
C:\bin>nfi k:\sys\abcdefgfiller12.dat
NTFS File Sector Information Utility.
Copyright (C) Microsoft Corporation 1999. All rights reserved.

\SYS\abcdefgfiller12.dat
$STANDARD_INFORMATION (resident)
$FILE_NAME (resident)
$FILE_NAME (resident)
$DATA (nonresident)
    logical sectors 5861028152-9767276535 (0x15d583138-0x2462ccff7)
C:\bin> rem at this point we have a k:\sys\abcdefgfiller12.dat that has size 1999999172608 bytes in one extent
C:\bin> rem now use the VeraCrypt Volume Creation Wizard to delete and replace the file (the format has started before the next line was entered)
C:\bin>fsutil volume diskfree k:
Total # of free bytes : 131072
Total # of bytes : 5000845586432
Total # of avail free bytes : 131072

C:\bin> rem wait 6 hours for volume to be filled with random data and formatted. Note that there are 131072 bytes of free space that will be required for the backup file header created immediately before volume container file creation is completed.

When the format is complete, the file will be extended with the additional 131072 bytes (if they are available, if they are not, the volume creation will fail).

The volume creation code should allocate the space to the heaer + data + backup header before starting the formatting, so once the formatting starts, you would never get a “There is not enough space on the disk” error.

comments