+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ extern unique_ptr <CoreBase> Core;

+ extern unique_ptr <CoreBase> CoreDirect;

+ bool m_emvSupportEnabled;

+ bool m_masterKeyVulnerable;

+ ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false) {}

+ virtual void ExecutionCode(void) {

+ shared_ptr <Volume> openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount);

+ m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable();

+ }

+ bool m_emvSupportEnabled;

+ OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):

+ m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_keyfiles(keyfiles),

+ m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope), m_emvSupportEnabled(emvSupportEnabled) {}

+ virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_keyfiles, m_emvSupportEnabled, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }

+ bool m_emvSupportEnabled;

+ ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled)

+ : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles), m_emvSupportEnabled(emvSupportEnabled) {}

+ virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles, m_emvSupportEnabled); }

+ DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)

+ : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}

+ virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }

+# and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#if defined(TC_LINUX ) || defined (TC_FREEBSD)

+ , UseDummySudoPassword (false)

+#endif

+ void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ newPkcs5Kdf = openVolume->GetPkcs5Kdf();

+ shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword, emvSupportEnabled));

+ shared_ptr <Volume> CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled);

+ ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount);

+ return volume;

+ uint8 *bootSector = bootSectorBuffer.Ptr();

+ shared_ptr<VolumeInfo> mountedVolume = GetMountedVolume (volumePath);

+ if (mountedVolume)

+ return true;

+ else

+ return false;

+ shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const

+ volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);

+ void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const

+ shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled));

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual shared_ptr <Volume> ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;

+ virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const;

+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}

+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}

+ bool UseDummySudoPassword;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ static void PutBoot (fatparams * ft, uint8 *boot, uint32 volumeId)

+ boot[cnt++] = 0xeb; /* boot jump */

+ boot[cnt++] = (ft->size_fat == 32)? 0x58: 0x3c;

+ static void PutFSInfo (uint8 *sector, fatparams *ft)

+ RandomNumberGenerator::GetDataFast (BufferPtr ((uint8 *) &volumeId, sizeof (volumeId)));

+ PutBoot (ft, (uint8 *) sector, volumeId);

+ PutFSInfo((uint8 *) sector, ft);

+ PutBoot (ft, (uint8 *) sector, volumeId);

+ PutFSInfo((uint8 *) sector, ft);

+ uint8 fat_sig[12];

+ fat_sig[0] = (uint8) ft->media;

+ fat_sig[0] = (uint8) ft->media;

+ fat_sig[0] = (uint8) ft->media;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ Kdf = Pkcs5Kdf::GetAlgorithm (nameValue);

+ ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ UseBackupHeaders (false)

+ bool EMVSupportEnabled;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+

+#ifndef ERESTART

+#define ERESTART EINTR

+#endif

+

+ // ensure that we have read at least 32 bytes from /dev/random before allowing it to fail gracefully

+ while (true)

+ {

+ int rndCount = read (random, buffer, buffer.Size());

+ throw_sys_sub_if ((rndCount == -1) && errno != EAGAIN && errno != ERESTART && errno != EINTR, L"/dev/random");

+ if (rndCount != -1) {

+ // We count returned bytes until 32-bytes threshold reached

+ if (DevRandomBytesCount < 32)

+ DevRandomBytesCount += rndCount;

+ break;

+ }

+ else if (DevRandomBytesCount >= 32) {

+ // allow /dev/random to fail gracefully since we have enough bytes

+ break;

+ }

+ else {

+ // wait 250ms before querying /dev/random again

+ ::usleep (250 * 1000);

+ }

+ }

+

+

+ /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */

+ if (JitterRngCtx)

+ {

+ ssize_t rndLen = jent_read_entropy (JitterRngCtx, (char*) buffer.Ptr(), buffer.Size());

+ if (rndLen > 0)

+ {

+ AddToPool (buffer);

+ }

+ }

+ uint8* pbBuffer = buffer.Get();

+

+ // Initialize JitterEntropy RNG for this call

+ if (0 == jent_entropy_init ())

+ {

+ JitterRngCtx = jent_entropy_collector_alloc (1, 0);

+ }

+

+ if (JitterRngCtx)

+ {

+ jent_entropy_collector_free (JitterRngCtx);

+ JitterRngCtx = NULL;

+ }

+ size_t digestSize = PoolHash->GetDigestSize();

+ size_t poolSize = Pool.Size();

+ // pool size must be multiple of digest size

+ // this is always the case with default pool size value (320 bytes)

+ if (poolSize % digestSize)

+ throw AssertionFailed (SRC_POS);

+

+ for (size_t poolPos = 0; poolPos < poolSize; poolPos += digestSize)

+ SecureBuffer digest (digestSize);

+ PoolHash->Init();

+ /* XOR the resultant message digest to the pool at the poolIndex position. */

+ /* this matches the documentation: https://veracrypt.fr/en/Random%20Number%20Generator.html */

+ for (size_t digestIndex = 0; digestIndex < digestSize; digestIndex++)

+ Pool [poolPos + digestIndex] ^= digest [digestIndex];

+ DevRandomBytesCount = 0;

+ #ifndef WOLFCRYPT_BACKEND

+ PoolHash.reset (new Blake2s());

+ #else

+ PoolHash.reset (new Sha256());

+ #endif

+ buffer[0] = (uint8) i;

+ #ifndef WOLFCRYPT_BACKEND

+ if (Crc32::ProcessBuffer (Pool) != 0x9c743238)

+ #else

+ if (Crc32::ProcessBuffer (Pool) != 0xac95ac1a)

+ #endif

+ throw TestFailed (SRC_POS);

+ #ifndef WOLFCRYPT_BACKEND

+ if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d)

+ #else

+ if (Crc32::ProcessBuffer (Pool) != 0xb79f3c12)

+ #endif

+ throw TestFailed (SRC_POS);

+ struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL;

+ int RandomNumberGenerator::DevRandomBytesCount = 0;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#include "Crypto/jitterentropy.h"

+ static struct rand_data *JitterRngCtx;

+ static int DevRandomBytesCount;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#include <stdio.h>

+ unique_ptr <T> CoreService::GetResponse ()

+ unique_ptr <Serializable> deserializedObject (Serializable::DeserializeNew (ServiceOutputStream));

+ return unique_ptr <T> (dynamic_cast <T *> (deserializedObject.release()));

+ uint8 b;

+ Core = move_ptr(CoreDirect);

+ unique_ptr <T> CoreService::SendRequest (CoreServiceRequest &request)

+ // Test if the user has an active "sudo" session.

+ bool authCheckDone = false;

+ if (!Core->GetUseDummySudoPassword ())

+ {

+ // sudo man page: "If the -l option was specified without a command, sudo, will exit

+ // with a value of 0 if the user is allowed to run sudo, and they authenticated successfully"

+ // We are using -n to avoid prompting the user for a password.

+ // We are redirecting stderr to stdout and discarding both to avoid any output.

+ // This approach also works on newer macOS versions (12.0 and later).

+ FILE* pipe = popen("sudo -n -l > /dev/null 2>&1", "r"); // redirect stderr to stdout and discard both.

+ if (pipe)

+ {

+ // We only care about the exit code

+ char buf[128];

+ while (!feof(pipe))

+ {

+ if (fgets(buf, sizeof(buf), pipe) == NULL)

+ break;

+ }

+ int status = pclose(pipe);

+ pipe = NULL;

+

+ authCheckDone = true;

+

+ // If exit code != 0, user does NOT have an active session => request password

+ if (status != 0)

+ {

+ (*AdminPasswordCallback)(request.AdminPassword);

+ }

+ }

+

+ if (authCheckDone)

+ {

+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.

+ request.FastElevation = false;

+ }

+ }

+

+ unique_ptr <T> response (GetResponse <T>());

+

+ if(!authCheckDone)

+ (*AdminPasswordCallback) (request.AdminPassword);

+ unique_ptr <Pipe> inPipe (new Pipe());

+ unique_ptr <Pipe> outPipe (new Pipe());

+ // 'request.FastElevation' is always false under Linux / FreeBSD when "sudo -n" works properly

+#if defined(TC_LINUX )

+ Thread::Sleep (1000); // wait 1 second for the forked sudo to start

+#endif

+ burn (&adminPassword.front(), adminPassword.size());

+ // 'request.FastElevation' is always false under Linux / FreeBSD

+ unique_ptr <Serializable> deserializedObject;

+ shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size())));

+ uint8 sync[] = { 0, 0x11, 0x22 };

+ AdminInputPipe = move_ptr(inPipe);

+ AdminOutputPipe = move_ptr(outPipe);

+ unique_ptr <Pipe> CoreService::AdminInputPipe;

+ unique_ptr <Pipe> CoreService::AdminOutputPipe;

+ unique_ptr <Pipe> CoreService::InputPipe;

+ unique_ptr <Pipe> CoreService::OutputPipe;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ template <class T> static unique_ptr <T> GetResponse ();

+ template <class T> static unique_ptr <T> SendRequest (CoreServiceRequest &request);

+ static unique_ptr <Pipe> AdminInputPipe;

+ static unique_ptr <Pipe> AdminOutputPipe;

+ static unique_ptr <Pipe> InputPipe;

+ static unique_ptr <Pipe> OutputPipe;

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled);

+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled);

+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled));

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#ifdef TC_LINUX

+ static string GetTmpUser ();

+ static bool SamePath (const string& path1, const string& path2);

+#endif

+

+ args.push_back ("-p");

+ args.push_back ("tabtitle=fsck");

+ else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0)

+ {

+ args.clear ();

+ args.push_back ("--title");

+ args.push_back ("fsck");

+ args.push_back ("--");

+ args.push_back ("sh");

+ args.push_back ("-c");

+ args.push_back (xargs);

+ try

+ {

+ Process::Execute ("gnome-terminal", args, 1000);

+ } catch (TimeOut&) { }

+ }

+ throw TerminalNotFound();

+ uint8 *b = bootSector.Ptr();

+ // Introduce a retry mechanism with a timeout for control file access

+ // This workaround is limited to FUSE-T mounted volume under macOS for

+ // which md.Device starts with "fuse-t:"

+#ifdef VC_MACOSX_FUSET

+ bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0;

+ int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds

+ while (!mountedVol && (controlFileRetries-- > 0))

+#endif

+ try

+ {

+ shared_ptr <File> controlFile (new File);

+ controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());

+ shared_ptr <Stream> controlFileStream (new FileStream (controlFile));

+ mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);

+ }

+ catch (const std::exception& e)

+ {

+#ifdef VC_MACOSX_FUSET

+ // if exception starts with "VeraCrypt::Serializer::ValidateName", then

+ // serialization is not ready yet and we need to wait before retrying

+ // this happens when FUSE-T is used under macOS and if it is the first time

+ // the volume is mounted

+ if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos)

+ {

+ Thread::Sleep(500); // Wait before retrying

+ }

+ else

+ {

+ break; // Control file not found or other error

+ }

+#endif

+ }

+

+ if (!mountedVol)

+ continue; // Skip to the next mounted filesystem

+ const char *tmpdir = getenv ("TMPDIR");

+ string envDir = tmpdir ? tmpdir : "/tmp";

+

+#ifdef TC_LINUX

+ /*

+ * If pam_tmpdir.so is in use, a different temporary directory is

+ * allocated for each user ID. We need to mount to the directory used

+ * by the non-root user.

+ */

+ if (getuid () == 0 && envDir.size () >= 2

+ && envDir.substr (envDir.size () - 2) == "/0") {

+ string tmpuser = GetTmpUser ();

+ if (SamePath (envDir, tmpuser + "/0")) {

+ /* Substitute the sudo'ing user for 0 */

+ char uid[40];

+ FILE *fp = fopen ("/proc/self/loginuid", "r");

+ if (fp != NULL) {

+ if (fgets (uid, sizeof (uid), fp) != nullptr) {

+ envDir = tmpuser + "/" + uid;

+ }

+ fclose (fp);

+ }

+ }

+ }

+#endif

+

+ return envDir;

+ }

+

+#ifdef TC_LINUX

+ static string GetTmpUser ()

+ {

+ string tmpuser = "/tmp/user";

+ FILE *fp = fopen ("/etc/security/tmpdir.conf", "r");

+ if (fp == NULL) {

+ return tmpuser;

+ }

+ while (true) {

+ /* Parses the same way as pam_tmpdir */

+ char line[1024];

+ if (fgets (line, sizeof (line), fp) == nullptr) {

+ break;

+ }

+ if (line[0] == '#') {

+ continue;

+ }

+ size_t len = strlen (line);

+ if (len > 0 && line[len-1] == '\n') {

+ line[len-1] = '\0';

+ }

+ char *eq = strchr (line, '=');

+ if (eq == nullptr) {

+ continue;

+ }

+ *eq = '\0';

+ const char *key = line;

+ const char *value = eq + 1;

+ if (strcmp (key, "tmpdir") == 0) {

+ tmpuser = value;

+ break;

+ }

+ }

+ fclose (fp);

+ return tmpuser;

+ static bool SamePath (const string& path1, const string& path2)

+ {

+ size_t i1 = 0;

+ size_t i2 = 0;

+ while (i1 < path1.size () && i2 < path2.size ()) {

+ if (path1[i1] != path2[i2]) {

+ return false;

+ }

+ /* Any two substrings consisting entirely of slashes compare equal */

+ if (path1[i1] == '/') {

+ while (i1 < path1.size () && path1[i1] == '/') {

+ ++i1;

+ }

+ while (i2 < path2.size () && path2[i2] == '/') {

+ ++i2;

+ }

+ }

+ else

+ {

+ ++i1;

+ ++i2;

+ }

+ }

+ return (i1 == path1.size () && i2 == path2.size ());

+ }

+#endif

+

+ options.EMVSupportEnabled,

+ options.Password.reset();

+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();

+ const size_t volSectorSize = volume->GetSectorSize();

+ if (devSectorSize != volSectorSize)

+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));

+ throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ foreach (const string &busType, StringConverter::Split ("ad da vtbd"))

+ std::string chosenFilesystem = "msdos";

+ std::string modifiedMountOptions = systemMountOptions;

+

+ if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) {

+ // No filesystem type specified through CLI, attempt to identify with blkid

+ // as mount is unable to probe filesystem type on BSD

+ // Make sure we don't override user defined mountprog

+ std::vector<char> buffer(128,0);

+ std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null";

+ std::string result;

+

+ FILE* pipe = popen(cmd.c_str(), "r");

+ if (pipe) {

+ while (!feof(pipe)) {

+ if (fgets(buffer.data(), 128, pipe) != nullptr)

+ result += buffer.data();

+ }

+ fflush(pipe);

+ pclose(pipe);

+ pipe = nullptr;

+ }

+

+ if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) {

+ chosenFilesystem = "ext2fs";

+ }

+ else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") {

+ chosenFilesystem = "exfat";

+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")

+ + "mountprog=/usr/local/sbin/mount.exfat";

+ }

+ else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") {

+ chosenFilesystem = "ntfs";

+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")

+ + "mountprog=/usr/local/bin/ntfs-3g";

+ }

+ else if (!filesystemType.empty()) {

+ // Filesystem is specified but is none of the above, then supply as is

+ chosenFilesystem = filesystemType;

+ }

+ } else

+ chosenFilesystem = filesystemType;

+

+ CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions);

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreFreeBSD>);

+ unique_ptr <CoreBase> CoreDirect (new CoreFreeBSD);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#ifdef WOLFCRYPT_BACKEND

+#include "Volume/EncryptionModeWolfCryptXTS.h"

+#endif

+ bool xts = (typeid (*volume->GetEncryptionMode()) ==

+ #ifdef WOLFCRYPT_BACKEND

+ typeid (EncryptionModeWolfCryptXTS));

+ #else

+ typeid (EncryptionModeXTS));

+ #endif

+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))

+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikSerpentCamellia));

+ || volume->IsEncryptionNotCompleted ()

+ dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreLinux>);

+ unique_ptr <CoreBase> CoreDirect (new CoreLinux);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ struct stat sb;

+

+ if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0)

+ args.push_back ("/Applications/Utilities/Disk Utility.app");

+ else

+ args.push_back ("/System/Applications/Utilities/Disk Utility.app");

+

+#ifndef VC_MACOSX_FUSET

+ fuseVersionStringLength = MAXHOSTNAMELEN;

+ if ((status = sysctlbyname ("vfs.generic.macfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0)

+ {

+ throw HigherFuseVersionRequired (SRC_POS);

+ }

+ if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb) && 0 != stat("/usr/local/lib/libfuse.dylib", &sb))

+#endif

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreMacOSX>);

+ unique_ptr <CoreBase> CoreDirect (new CoreMacOSX);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.cpp

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#include <fstream>

+#include <iostream>

+#include <stdio.h>

+#include <unistd.h>

+#include <sys/param.h>

+#include <sys/ucred.h>

+#include <sys/mount.h>

+#include <sys/wait.h>

+#include "CoreOpenBSD.h"

+#include "Core/Unix/CoreServiceProxy.h"

+

+namespace VeraCrypt

+{

+ CoreOpenBSD::CoreOpenBSD ()

+ {

+ }

+

+ CoreOpenBSD::~CoreOpenBSD ()

+ {

+ }

+

+ DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const

+ {

+ list <string> args;

+

+ if (readOnly)

+ {

+ throw;

+ }

+

+ // find an available vnd

+ int freeVnd = -1;

+ for (int vnd = 0; vnd <= 3; vnd++)

+ {

+ stringstream devPath;

+ devPath << "/dev/vnd" << vnd << "c";

+

+ if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice())

+ {

+ make_shared_auto (HostDevice, device);

+ device->Path = devPath.str();

+ try

+ {

+ GetDeviceSize (device->Path);

+ }

+ catch (...)

+ {

+ freeVnd = vnd;

+ break;

+ }

+ }

+ }

+

+ if (freeVnd == -1)

+ throw "couldn't find free vnd";

+

+ stringstream freePath;

+ freePath << "vnd" << freeVnd;

+ args.push_back (freePath.str());

+

+ args.push_back (filePath);

+

+ Process::Execute ("vnconfig", args);

+

+ return "/dev/" + freePath.str() + "c";

+ }

+

+ void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const

+ {

+ list <string> args;

+ args.push_back ("-u");

+ args.push_back (devicePath);

+

+ for (int t = 0; true; t++)

+ {

+ try

+ {

+ Process::Execute ("vnconfig", args);

+ break;

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (t > 5)

+ throw;

+ Thread::Sleep (200);

+ }

+ }

+ }

+

+ // not sure what this is used for

+ HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const

+ {

+ throw;

+ }

+

+ MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const

+ {

+

+ static Mutex mutex;

+ ScopeLock sl (mutex);

+

+ struct statfs *sysMountList;

+ int count = getmntinfo (&sysMountList, MNT_NOWAIT);

+ throw_sys_if (count == 0);

+

+ MountedFilesystemList mountedFilesystems;

+

+ for (int i = 0; i < count; i++)

+ {

+ make_shared_auto (MountedFilesystem, mf);

+

+ if (sysMountList[i].f_mntfromname[0])

+ mf->Device = DevicePath (sysMountList[i].f_mntfromname);

+ else

+ continue;

+

+ if (sysMountList[i].f_mntonname[0])

+ mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname);

+

+ mf->Type = sysMountList[i].f_fstypename;

+

+ if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint))

+ mountedFilesystems.push_back (mf);

+ }

+

+ return mountedFilesystems;

+ }

+

+ void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const

+ {

+ try

+ {

+ // Try to mount FAT by default as mount is unable to probe filesystem type on BSD

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (!filesystemType.empty())

+ throw;

+

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions);

+ }

+ }

+

+#ifdef TC_OPENBSD

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>);

+ unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD);

+#endif

+}

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Core_CoreOpenBSD

+#define TC_HEADER_Core_CoreOpenBSD

+

+#include "System.h"

+#include "Core/Unix/CoreUnix.h"

+

+namespace VeraCrypt

+{

+ class CoreOpenBSD : public CoreUnix

+ {

+ public:

+ CoreOpenBSD ();

+ virtual ~CoreOpenBSD ();

+

+ virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const;

+

+ protected:

+ virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const;

+ virtual void DetachLoopDevice (const DevicePath &devicePath) const;

+ virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const;

+ virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const;

+

+ private:

+ CoreOpenBSD (const CoreOpenBSD &);

+ CoreOpenBSD &operator= (const CoreOpenBSD &);

+ };

+}

+

+#endif // TC_HEADER_Core_CoreOpenBSD

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/System.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Platform_OpenBSD_System

+#define TC_HEADER_Platform_OpenBSD_System

+

+#endif // TC_HEADER_Platform_OpenBSD_System

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreSolaris>);

+ unique_ptr <CoreBase> CoreDirect (new CoreSolaris);

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#ifdef WOLFCRYPT_BACKEND

+#include "Volume/EncryptionModeWolfCryptXTS.h"

+#endif

+ // check that first half of MasterKey is different from its second half. If they are the same, through an exception

+ // cf CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf

+ if (memcmp (MasterKey.Ptr(), MasterKey.Ptr() + MasterKey.Size() / 2, MasterKey.Size() / 2) == 0)

+ throw AssertionFailed (SRC_POS);

+

+ PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password, options->EMVSupportEnabled);

+ #ifdef WOLFCRYPT_BACKEND

+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());

+ options->EA->SetKeyXTS (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));

+ #else

+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());

+ #endif

+ mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+#if defined (TC_LINUX)

+#include "Platform/Unix/Process.h"

+#include <errno.h>

+#endif

+

+#define VC_MIN_LARGE_BTRFS_VOLUME_SIZE 114294784ULL

+#define VC_MIN_SMALL_BTRFS_VOLUME_SIZE 16777216ULL

+ bool EMVSupportEnabled;

+ Btrfs,

+ APFS,

+

+ static const char* GetFsFormatter (VolumeCreationOptions::FilesystemType::Enum fsType)

+ {

+ switch (fsType)

+ {

+ #if defined (TC_LINUX)

+ case VolumeCreationOptions::FilesystemType::Ext2: return "mkfs.ext2";

+ case VolumeCreationOptions::FilesystemType::Ext3: return "mkfs.ext3";

+ case VolumeCreationOptions::FilesystemType::Ext4: return "mkfs.ext4";

+ case VolumeCreationOptions::FilesystemType::NTFS: return "mkfs.ntfs";

+ case VolumeCreationOptions::FilesystemType::exFAT: return "mkfs.exfat";

+ case VolumeCreationOptions::FilesystemType::Btrfs: return "mkfs.btrfs";

+ #elif defined (TC_MACOSX)

+ case VolumeCreationOptions::FilesystemType::MacOsExt: return "newfs_hfs";

+ case VolumeCreationOptions::FilesystemType::exFAT: return "newfs_exfat";

+ case VolumeCreationOptions::FilesystemType::APFS: return "newfs_apfs";

+ #elif defined (TC_FREEBSD) || defined (TC_SOLARIS)

+ case VolumeCreationOptions::FilesystemType::UFS: return "newfs" ;

+ #endif

+ default: return NULL;

+ }

+ }

+

+ static bool IsFsFormatterPresent (VolumeCreationOptions::FilesystemType::Enum fsType)

+ {

+ bool bRet = false;

+ const char* fsFormatter = GetFsFormatter (fsType);

+ if (fsFormatter)

+ {

+#if defined (TC_LINUX)

+ try

+ {

+ list <string> args;

+

+ args.push_back ("-V");

+ Process::Execute (fsFormatter, args);

+

+ bRet = true;

+ }

+ catch (ExecutedProcessFailed& epe)

+ {

+ // only permission error is accepted in case of failure of the command

+ if (epe.GetExitCode () == EPERM || epe.GetExitCode () == EACCES)

+ bRet = true;

+ }

+ catch (SystemException& se)

+ {

+ // if a permission error occured, then we consider that the command exists

+ if (se.GetErrorCode () == EPERM || se.GetErrorCode () == EACCES)

+ bRet = true;

+ }

+ catch (exception &e)

+ {

+ }

+#else

+ bRet = true;

+#endif

+ }

+

+ return bRet;

+ }