diff options
Diffstat (limited to 'src/Core')
-rw-r--r-- | src/Core/Core.h | 34 | ||||
-rw-r--r-- | src/Core/CoreBase.cpp | 29 | ||||
-rw-r--r-- | src/Core/CoreBase.h | 8 | ||||
-rw-r--r-- | src/Core/FatFormatter.cpp | 22 | ||||
-rw-r--r-- | src/Core/MountOptions.cpp | 9 | ||||
-rw-r--r-- | src/Core/MountOptions.h | 5 | ||||
-rw-r--r-- | src/Core/RandomNumberGenerator.cpp | 50 | ||||
-rw-r--r-- | src/Core/RandomNumberGenerator.h | 1 | ||||
-rw-r--r-- | src/Core/Unix/CoreService.cpp | 16 | ||||
-rw-r--r-- | src/Core/Unix/CoreServiceProxy.h | 6 | ||||
-rw-r--r-- | src/Core/Unix/CoreUnix.cpp | 48 | ||||
-rw-r--r-- | src/Core/Unix/FreeBSD/CoreFreeBSD.cpp | 47 | ||||
-rw-r--r-- | src/Core/Unix/Linux/CoreLinux.cpp | 14 | ||||
-rw-r--r-- | src/Core/Unix/MacOSX/CoreMacOSX.cpp | 11 | ||||
-rw-r--r-- | src/Core/VolumeCreator.cpp | 19 | ||||
-rw-r--r-- | src/Core/VolumeCreator.h | 1 |
16 files changed, 210 insertions, 110 deletions
diff --git a/src/Core/Core.h b/src/Core/Core.h index 3a2235a5..b9e53021 100644 --- a/src/Core/Core.h +++ b/src/Core/Core.h @@ -75,16 +75,20 @@ namespace VeraCrypt shared_ptr <VolumePassword> m_password; int m_pim; shared_ptr <Pkcs5Kdf> m_kdf; - bool m_truecryptMode; shared_ptr <KeyfileList> m_keyfiles; shared_ptr <VolumePassword> m_newPassword; int m_newPim; shared_ptr <KeyfileList> m_newKeyfiles; shared_ptr <Pkcs5Kdf> m_newPkcs5Kdf; int m_wipeCount; - ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount) {} + bool m_emvSupportEnabled; + bool m_masterKeyVulnerable; + ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false) {} virtual ~ChangePasswordThreadRoutine() { } - virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); } + virtual void ExecutionCode(void) { + shared_ptr <Volume> openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); + m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable(); + } }; class OpenVolumeThreadRoutine : public WaitThreadRoutine @@ -95,7 +99,6 @@ namespace VeraCrypt shared_ptr <VolumePassword> m_password; int m_pim; shared_ptr<Pkcs5Kdf> m_Kdf; - bool m_truecryptMode; shared_ptr <KeyfileList> m_keyfiles; VolumeProtection::Enum m_protection; shared_ptr <VolumePassword> m_protectionPassword; @@ -107,15 +110,16 @@ namespace VeraCrypt bool m_useBackupHeaders; bool m_partitionInSystemEncryptionScope; shared_ptr <Volume> m_pVolume; + bool m_emvSupportEnabled; - OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false): - m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), + OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false): + m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_keyfiles(keyfiles), m_protection(protection), m_protectionPassword(protectionPassword), m_protectionPim(protectionPim), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders), - m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope) {} + m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope), m_emvSupportEnabled(emvSupportEnabled) {} ~OpenVolumeThreadRoutine() {} - virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); } + virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_keyfiles, m_emvSupportEnabled, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); } }; @@ -127,10 +131,11 @@ namespace VeraCrypt shared_ptr <VolumePassword> m_password; int m_pim; shared_ptr <KeyfileList> m_keyfiles; - ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) - : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles) {} + bool m_emvSupportEnabled; + ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) + : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles), m_emvSupportEnabled(emvSupportEnabled) {} virtual ~ReEncryptHeaderThreadRoutine() { } - virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles); } + virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles, m_emvSupportEnabled); } }; class DecryptThreadRoutine : public WaitThreadRoutine @@ -141,15 +146,14 @@ namespace VeraCrypt const VolumePassword &m_password; int m_pim; shared_ptr <Pkcs5Kdf> m_kdf; - bool m_truecryptMode; const Pkcs5KdfList &m_keyDerivationFunctions; const EncryptionAlgorithmList &m_encryptionAlgorithms; const EncryptionModeList &m_encryptionModes; bool m_bResult; - DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) - : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){} + DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes) + : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){} virtual ~DecryptThreadRoutine() { } - virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); } + virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); } }; class WaitThreadUI diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index 29bfb74d..0c6d5c9e 100644 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -30,20 +30,14 @@ namespace VeraCrypt { } - void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const + void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const { if ((!newPassword || newPassword->Size() < 1) && (!newKeyfiles || newKeyfiles->empty())) throw PasswordEmpty (SRC_POS); if (!newPkcs5Kdf) { - if (openVolume->GetPkcs5Kdf()->GetTrueCryptMode ()) - { - newPkcs5Kdf.reset (openVolume->GetPkcs5Kdf()->Clone()); - newPkcs5Kdf->SetTrueCryptMode (false); - } - else - newPkcs5Kdf = openVolume->GetPkcs5Kdf(); + newPkcs5Kdf = openVolume->GetPkcs5Kdf(); } if ((openVolume->GetHeader()->GetFlags() & TC_HEADER_FLAG_ENCRYPTED_SYSTEM) != 0 @@ -58,7 +52,7 @@ namespace VeraCrypt SecureBuffer newSalt (openVolume->GetSaltSize()); SecureBuffer newHeaderKey (VolumeHeader::GetLargestSerializedKeySize()); - shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword)); + shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword, emvSupportEnabled)); bool backupHeader = false; while (true) @@ -83,10 +77,11 @@ namespace VeraCrypt } } - void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const + shared_ptr <Volume> CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const { - shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); - ChangePassword (volume, newPassword, newPim, newKeyfiles, newPkcs5Kdf, wipeCount); + shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled); + ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount); + return volume; } void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const @@ -150,7 +145,7 @@ namespace VeraCrypt outerVolume->ReadSectors (bootSectorBuffer, 0); int fatType; - byte *bootSector = bootSectorBuffer.Ptr(); + uint8 *bootSector = bootSectorBuffer.Ptr(); if (memcmp (bootSector + 54, "FAT12", 5) == 0) fatType = 12; @@ -261,10 +256,10 @@ namespace VeraCrypt return false; } - shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const + shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const { make_shared_auto (Volume, volume); - volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); + volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope); return volume; } @@ -279,7 +274,7 @@ namespace VeraCrypt encryptionAlgorithm->GetMode()->SetKey (modeKey); } - void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const + void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const { shared_ptr <Pkcs5Kdf> pkcs5Kdf = header->GetPkcs5Kdf(); @@ -288,7 +283,7 @@ namespace VeraCrypt SecureBuffer newSalt (header->GetSaltSize()); SecureBuffer newHeaderKey (VolumeHeader::GetLargestSerializedKeySize()); - shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password)); + shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled)); RandomNumberGenerator::GetData (newSalt); pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, pim, newSalt); diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index 8f41ddd8..e646fce3 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -33,8 +33,8 @@ namespace VeraCrypt public: virtual ~CoreBase (); - virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; - virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual shared_ptr <Volume> ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0; virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const; virtual void CreateKeyfile (const FilePath &keyfilePath) const; @@ -69,9 +69,9 @@ namespace VeraCrypt virtual bool IsVolumeMounted (const VolumePath &volumePath) const; virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0; virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) = 0; - virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; + virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const; virtual void RandomizeEncryptionAlgorithmKey (shared_ptr <EncryptionAlgorithm> encryptionAlgorithm) const; - virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const; + virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const; virtual void SetAdminPasswordCallback (shared_ptr <GetStringFunctor> functor) { } virtual void SetApplicationExecutablePath (const FilePath &path) { ApplicationExecutablePath = path; } virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0; diff --git a/src/Core/FatFormatter.cpp b/src/Core/FatFormatter.cpp index fa327837..c8115f9b 100644 --- a/src/Core/FatFormatter.cpp +++ b/src/Core/FatFormatter.cpp @@ -149,7 +149,7 @@ namespace VeraCrypt } } - static void PutBoot (fatparams * ft, byte *boot, uint32 volumeId) + static void PutBoot (fatparams * ft, uint8 *boot, uint32 volumeId) { int cnt = 0; @@ -244,7 +244,7 @@ namespace VeraCrypt /* FAT32 FSInfo */ - static void PutFSInfo (byte *sector, fatparams *ft) + static void PutFSInfo (uint8 *sector, fatparams *ft) { memset (sector, 0, ft->sector_size); sector[3] = 0x41; /* LeadSig */ @@ -294,16 +294,16 @@ namespace VeraCrypt sector.Zero(); uint32 volumeId; - RandomNumberGenerator::GetDataFast (BufferPtr ((byte *) &volumeId, sizeof (volumeId))); + RandomNumberGenerator::GetDataFast (BufferPtr ((uint8 *) &volumeId, sizeof (volumeId))); - PutBoot (ft, (byte *) sector, volumeId); + PutBoot (ft, (uint8 *) sector, volumeId); writeSector (sector); ++sectorNumber; /* fat32 boot area */ if (ft->size_fat == 32) { /* fsinfo */ - PutFSInfo((byte *) sector, ft); + PutFSInfo((uint8 *) sector, ft); writeSector (sector); ++sectorNumber; /* reserved */ @@ -317,10 +317,10 @@ namespace VeraCrypt /* bootsector backup */ sector.Zero(); - PutBoot (ft, (byte *) sector, volumeId); + PutBoot (ft, (uint8 *) sector, volumeId); writeSector (sector); ++sectorNumber; - PutFSInfo((byte *) sector, ft); + PutFSInfo((uint8 *) sector, ft); writeSector (sector); ++sectorNumber; } @@ -340,10 +340,10 @@ namespace VeraCrypt if (n == 0) { - byte fat_sig[12]; + uint8 fat_sig[12]; if (ft->size_fat == 32) { - fat_sig[0] = (byte) ft->media; + fat_sig[0] = (uint8) ft->media; fat_sig[1] = fat_sig[2] = 0xff; fat_sig[3] = 0x0f; fat_sig[4] = fat_sig[5] = fat_sig[6] = 0xff; @@ -354,7 +354,7 @@ namespace VeraCrypt } else if (ft->size_fat == 16) { - fat_sig[0] = (byte) ft->media; + fat_sig[0] = (uint8) ft->media; fat_sig[1] = 0xff; fat_sig[2] = 0xff; fat_sig[3] = 0xff; @@ -362,7 +362,7 @@ namespace VeraCrypt } else if (ft->size_fat == 12) { - fat_sig[0] = (byte) ft->media; + fat_sig[0] = (uint8) ft->media; fat_sig[1] = 0xff; fat_sig[2] = 0xff; fat_sig[3] = 0x00; diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp index 52e12396..2f28c089 100644 --- a/src/Core/MountOptions.cpp +++ b/src/Core/MountOptions.cpp @@ -52,7 +52,6 @@ namespace VeraCrypt TC_CLONE (SharedAccessAllowed); TC_CLONE (SlotNumber); TC_CLONE (UseBackupHeaders); - TC_CLONE (TrueCryptMode); } void MountOptions::Deserialize (shared_ptr <Stream> stream) @@ -101,14 +100,12 @@ namespace VeraCrypt sr.Deserialize ("SlotNumber", SlotNumber); sr.Deserialize ("UseBackupHeaders", UseBackupHeaders); - sr.Deserialize ("TrueCryptMode", TrueCryptMode); - try { if (!sr.DeserializeBool ("KdfNull")) { sr.Deserialize ("Kdf", nameValue); - Kdf = Pkcs5Kdf::GetAlgorithm (nameValue, TrueCryptMode); + Kdf = Pkcs5Kdf::GetAlgorithm (nameValue); } } catch(...) {} @@ -118,7 +115,7 @@ namespace VeraCrypt if (!sr.DeserializeBool ("ProtectionKdfNull")) { sr.Deserialize ("ProtectionKdf", nameValue); - ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue, TrueCryptMode); + ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue); } } catch(...) {} @@ -167,8 +164,6 @@ namespace VeraCrypt sr.Serialize ("SlotNumber", SlotNumber); sr.Serialize ("UseBackupHeaders", UseBackupHeaders); - sr.Serialize ("TrueCryptMode", TrueCryptMode); - sr.Serialize ("KdfNull", Kdf == nullptr); if (Kdf) sr.Serialize ("Kdf", Kdf->GetName()); diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h index 83a8bffc..3dcfa599 100644 --- a/src/Core/MountOptions.h +++ b/src/Core/MountOptions.h @@ -37,8 +37,7 @@ namespace VeraCrypt Removable (false), SharedAccessAllowed (false), SlotNumber (0), - UseBackupHeaders (false), - TrueCryptMode (false) + UseBackupHeaders (false) { } @@ -72,7 +71,7 @@ namespace VeraCrypt bool SharedAccessAllowed; VolumeSlotNumber SlotNumber; bool UseBackupHeaders; - bool TrueCryptMode; + bool EMVSupportEnabled; protected: void CopyFrom (const MountOptions &other); diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp index 4451348e..b60b4eed 100644 --- a/src/Core/RandomNumberGenerator.cpp +++ b/src/Core/RandomNumberGenerator.cpp @@ -54,22 +54,20 @@ namespace VeraCrypt { int rndCount = read (random, buffer, buffer.Size()); throw_sys_sub_if ((rndCount == -1) && errno != EAGAIN && errno != ERESTART && errno != EINTR, L"/dev/random"); - if (rndCount == -1 && (!DevRandomSucceeded || (DevRandomBytesCount < 32))) - { - // wait 250ms before querying /dev/random again - ::usleep (250 * 1000); + if (rndCount != -1) { + // We count returned bytes until 32-bytes threshold reached + if (DevRandomBytesCount < 32) + DevRandomBytesCount += rndCount; + break; } - else - { - if (rndCount != -1) - { - // We count returned bytes untill 32-bytes treshold reached - if (DevRandomBytesCount < 32) - DevRandomBytesCount += rndCount; - DevRandomSucceeded = true; - } + else if (DevRandomBytesCount >= 32) { + // allow /dev/random to fail gracefully since we have enough bytes break; } + else { + // wait 250ms before querying /dev/random again + ::usleep (250 * 1000); + } } AddToPool (buffer); @@ -116,7 +114,7 @@ namespace VeraCrypt ScopeLock lock (AccessMutex); size_t bufferLen = buffer.Size(), loopLen; - byte* pbBuffer = buffer.Get(); + uint8* pbBuffer = buffer.Get(); // Initialize JitterEntropy RNG for this call if (0 == jent_entropy_init ()) @@ -253,32 +251,43 @@ namespace VeraCrypt EnrichedByUser = false; Running = false; - DevRandomSucceeded = false; DevRandomBytesCount = 0; } void RandomNumberGenerator::Test () { shared_ptr <Hash> origPoolHash = PoolHash; - PoolHash.reset (new Blake2s()); + #ifndef WOLFCRYPT_BACKEND + PoolHash.reset (new Blake2s()); + #else + PoolHash.reset (new Sha256()); + #endif Pool.Zero(); Buffer buffer (1); for (size_t i = 0; i < PoolSize * 10; ++i) { - buffer[0] = (byte) i; + buffer[0] = (uint8) i; AddToPool (buffer); } + #ifndef WOLFCRYPT_BACKEND if (Crc32::ProcessBuffer (Pool) != 0x9c743238) - throw TestFailed (SRC_POS); + #else + if (Crc32::ProcessBuffer (Pool) != 0xac95ac1a) + #endif + throw TestFailed (SRC_POS); buffer.Allocate (PoolSize); buffer.CopyFrom (PeekPool()); AddToPool (buffer); - if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d) - throw TestFailed (SRC_POS); + #ifndef WOLFCRYPT_BACKEND + if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d) + #else + if (Crc32::ProcessBuffer (Pool) != 0xb79f3c12) + #endif + throw TestFailed (SRC_POS); PoolHash = origPoolHash; } @@ -292,6 +301,5 @@ namespace VeraCrypt bool RandomNumberGenerator::Running = false; size_t RandomNumberGenerator::WriteOffset; struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL; - bool RandomNumberGenerator::DevRandomSucceeded = false; int RandomNumberGenerator::DevRandomBytesCount = 0; } diff --git a/src/Core/RandomNumberGenerator.h b/src/Core/RandomNumberGenerator.h index 8f440630..333a8e36 100644 --- a/src/Core/RandomNumberGenerator.h +++ b/src/Core/RandomNumberGenerator.h @@ -55,7 +55,6 @@ namespace VeraCrypt static bool Running; static size_t WriteOffset; static struct rand_data *JitterRngCtx; - static bool DevRandomSucceeded; static int DevRandomBytesCount; }; } diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index f05d8569..6d0f05e5 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -57,7 +57,7 @@ namespace VeraCrypt // Wait for sync code while (true) { - byte b; + uint8 b; throw_sys_if (read (STDIN_FILENO, &b, 1) != 1); if (b != 0x00) continue; @@ -303,14 +303,13 @@ namespace VeraCrypt // We also use the old way if the user is forcing the use of dummy password for sudo #if defined(TC_LINUX ) || defined (TC_FREEBSD) - + bool authCheckDone = false; if (!Core->GetUseDummySudoPassword ()) { std::vector<char> buffer(128, 0); std::string result; - bool authCheckDone = false; - FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command if (pipe) { while (!feof(pipe)) @@ -354,7 +353,10 @@ namespace VeraCrypt } request.FastElevation = false; - (*AdminPasswordCallback) (request.AdminPassword); +#if defined(TC_LINUX ) || defined (TC_FREEBSD) + if(!authCheckDone) +#endif + (*AdminPasswordCallback) (request.AdminPassword); } } } @@ -541,7 +543,7 @@ namespace VeraCrypt try { - shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((byte *) &errOutput[0], errOutput.size()))); + shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size()))); deserializedObject.reset (Serializable::DeserializeNew (stream)); deserializedException = dynamic_cast <Exception*> (deserializedObject.get()); } @@ -573,7 +575,7 @@ namespace VeraCrypt ServiceOutputStream = shared_ptr <Stream> (new FileStream (outPipe->GetReadFD())); // Send sync code - byte sync[] = { 0, 0x11, 0x22 }; + uint8 sync[] = { 0, 0x11, 0x22 }; ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync))); AdminInputPipe = move_ptr(inPipe); diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h index f5bbae3d..d57d8163 100644 --- a/src/Core/Unix/CoreServiceProxy.h +++ b/src/Core/Unix/CoreServiceProxy.h @@ -98,11 +98,11 @@ namespace VeraCrypt { MountOptions newOptions = options; - newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); + newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled); if (newOptions.Keyfiles) newOptions.Keyfiles->clear(); - newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword); + newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled); if (newOptions.ProtectionKeyfiles) newOptions.ProtectionKeyfiles->clear(); @@ -126,7 +126,7 @@ namespace VeraCrypt if (options.CachePassword && ((options.Password && !options.Password->IsEmpty()) || (options.Keyfiles && !options.Keyfiles->empty()))) { - VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password)); + VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled)); } } diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 56382c18..1868eb6d 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -241,7 +241,7 @@ namespace VeraCrypt device.SeekAt (0); device.ReadCompleteBuffer (bootSector); - byte *b = bootSector.Ptr(); + uint8 *b = bootSector.Ptr(); return memcmp (b + 3, "NTFS", 4) != 0 && memcmp (b + 54, "FAT", 3) != 0 @@ -303,17 +303,45 @@ namespace VeraCrypt continue; shared_ptr <VolumeInfo> mountedVol; - try + // Introduce a retry mechanism with a timeout for control file access + // This workaround is limited to FUSE-T mounted volume under macOS for + // which md.Device starts with "fuse-t:" +#ifdef VC_MACOSX_FUSET + bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0; + int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds + while (!mountedVol && (controlFileRetries-- > 0)) +#endif { - shared_ptr <File> controlFile (new File); - controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath()); + try + { + shared_ptr <File> controlFile (new File); + controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath()); - shared_ptr <Stream> controlFileStream (new FileStream (controlFile)); - mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream); + shared_ptr <Stream> controlFileStream (new FileStream (controlFile)); + mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream); + } + catch (const std::exception& e) + { +#ifdef VC_MACOSX_FUSET + // if exception starts with "VeraCrypt::Serializer::ValidateName", then + // serialization is not ready yet and we need to wait before retrying + // this happens when FUSE-T is used under macOS and if it is the first time + // the volume is mounted + if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos) + { + Thread::Sleep(500); // Wait before retrying + } + else + { + break; // Control file not found or other error + } +#endif + } } - catch (...) + + if (!mountedVol) { - continue; + continue; // Skip to the next mounted filesystem } if (!volumePath.IsEmpty() && wstring (mountedVol->Path).compare (volumePath) != 0) @@ -546,8 +574,8 @@ namespace VeraCrypt options.Password, options.Pim, options.Kdf, - options.TrueCryptMode, options.Keyfiles, + options.EMVSupportEnabled, options.Protection, options.ProtectionPassword, options.ProtectionPim, @@ -691,7 +719,7 @@ namespace VeraCrypt { try { - chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()); + throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint); } catch (...) { } } } diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp index 01463c35..05520274 100644 --- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp +++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp @@ -83,7 +83,7 @@ namespace VeraCrypt #ifdef TC_MACOSX const string busType = "rdisk"; #else - foreach (const string &busType, StringConverter::Split ("ad da")) + foreach (const string &busType, StringConverter::Split ("ad da vtbd")) #endif { for (int devNumber = 0; devNumber < 64; devNumber++) @@ -185,10 +185,51 @@ namespace VeraCrypt void CoreFreeBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const { + std::string chosenFilesystem = "msdos"; + std::string modifiedMountOptions = systemMountOptions; + + if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) { + // No filesystem type specified through CLI, attempt to identify with blkid + // as mount is unable to probe filesystem type on BSD + // Make sure we don't override user defined mountprog + std::vector<char> buffer(128,0); + std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null"; + std::string result; + + FILE* pipe = popen(cmd.c_str(), "r"); + if (pipe) { + while (!feof(pipe)) { + if (fgets(buffer.data(), 128, pipe) != nullptr) + result += buffer.data(); + } + fflush(pipe); + pclose(pipe); + pipe = nullptr; + } + + if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) { + chosenFilesystem = "ext2fs"; + } + else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") { + chosenFilesystem = "exfat"; + modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "") + + "mountprog=/usr/local/sbin/mount.exfat"; + } + else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") { + chosenFilesystem = "ntfs"; + modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "") + + "mountprog=/usr/local/bin/ntfs-3g"; + } + else if (!filesystemType.empty()) { + // Filesystem is specified but is none of the above, then supply as is + chosenFilesystem = filesystemType; + } + } else + chosenFilesystem = filesystemType; + try { - // Try to mount FAT by default as mount is unable to probe filesystem type on BSD - CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions); + CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions); } catch (ExecutedProcessFailed&) { diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index e1da6dff..cd4be80f 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -22,6 +22,9 @@ #include "Platform/SystemInfo.h" #include "Platform/TextReader.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "Driver/Fuse/FuseService.h" #include "Core/Unix/CoreServiceProxy.h" @@ -302,8 +305,13 @@ namespace VeraCrypt void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const { - bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS)); - bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) + bool xts = (typeid (*volume->GetEncryptionMode()) == + #ifdef WOLFCRYPT_BACKEND + typeid (EncryptionModeWolfCryptXTS)); + #else + typeid (EncryptionModeXTS)); + #endif + bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES)) @@ -378,7 +386,7 @@ namespace VeraCrypt dmCreateArgs << nativeDevPath << " 0"; SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size()); - dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size())); + dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size())); // Keys const SecureBuffer &cipherKey = cipher.GetKey(); diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp index b596e6e8..cfd34072 100644 --- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp +++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp @@ -107,12 +107,19 @@ namespace VeraCrypt void CoreMacOSX::CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair) const { list <string> args; - args.push_back ("/Applications/Utilities/Disk Utility.app"); + struct stat sb; + + if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0) + args.push_back ("/Applications/Utilities/Disk Utility.app"); + else + args.push_back ("/System/Applications/Utilities/Disk Utility.app"); + Process::Execute ("open", args); } void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const { +#ifndef VC_MACOSX_FUSET // Check FUSE version char fuseVersionString[MAXHOSTNAMELEN + 1] = { 0 }; size_t fuseVersionStringLength = MAXHOSTNAMELEN; @@ -147,7 +154,7 @@ namespace VeraCrypt if (fuseVersionMajor < 2 || (fuseVersionMajor == 2 && fuseVersionMinor < 5)) throw HigherFuseVersionRequired (SRC_POS); - +#endif // Mount volume image string volImage = string (auxMountPoint) + FuseService::GetVolumeImagePath(); diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp index 1cc45b27..fefbddde 100644 --- a/src/Core/VolumeCreator.cpp +++ b/src/Core/VolumeCreator.cpp @@ -12,6 +12,9 @@ #include "Volume/EncryptionTest.h" #include "Volume/EncryptionModeXTS.h" +#ifdef WOLFCRYPT_BACKEND +#include "Volume/EncryptionModeWolfCryptXTS.h" +#endif #include "Core.h" #ifdef TC_UNIX @@ -298,6 +301,11 @@ namespace VeraCrypt // Master data key MasterKey.Allocate (options->EA->GetKeySize() * 2); RandomNumberGenerator::GetData (MasterKey); + // check that first half of MasterKey is different from its second half. If they are the same, through an exception + // cf CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf + if (memcmp (MasterKey.Ptr(), MasterKey.Ptr() + MasterKey.Size() / 2, MasterKey.Size() / 2) == 0) + throw AssertionFailed (SRC_POS); + headerOptions.DataKey = MasterKey; // PKCS5 salt @@ -307,7 +315,7 @@ namespace VeraCrypt // Header key HeaderKey.Allocate (VolumeHeader::GetLargestSerializedKeySize()); - PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password); + PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password, options->EMVSupportEnabled); options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, options->Pim, salt); headerOptions.HeaderKey = HeaderKey; @@ -355,8 +363,13 @@ namespace VeraCrypt // Data area keys options->EA->SetKey (MasterKey.GetRange (0, options->EA->GetKeySize())); - shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); - mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize())); + #ifdef WOLFCRYPT_BACKEND + shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ()); + options->EA->SetKeyXTS (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize())); + #else + shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ()); + #endif + mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize())); options->EA->SetMode (mode); Options = options; diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h index 3e051bc7..781354b9 100644 --- a/src/Core/VolumeCreator.h +++ b/src/Core/VolumeCreator.h @@ -38,6 +38,7 @@ namespace VeraCrypt shared_ptr <Pkcs5Kdf> VolumeHeaderKdf; shared_ptr <EncryptionAlgorithm> EA; bool Quick; + bool EMVSupportEnabled; struct FilesystemType { |