VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core
diff options
context:
space:
mode:
Diffstat (limited to 'src/Core')
-rw-r--r--src/Core/Core.h38
-rw-r--r--src/Core/CoreBase.cpp38
-rw-r--r--src/Core/CoreBase.h15
-rw-r--r--src/Core/FatFormatter.cpp22
-rw-r--r--src/Core/MountOptions.cpp9
-rw-r--r--src/Core/MountOptions.h5
-rw-r--r--src/Core/RandomNumberGenerator.cpp98
-rw-r--r--src/Core/RandomNumberGenerator.h3
-rw-r--r--src/Core/Unix/CoreService.cpp95
-rw-r--r--src/Core/Unix/CoreService.h12
-rw-r--r--src/Core/Unix/CoreServiceProxy.h6
-rw-r--r--src/Core/Unix/CoreUnix.cpp186
-rw-r--r--src/Core/Unix/FreeBSD/CoreFreeBSD.cpp51
-rw-r--r--src/Core/Unix/Linux/CoreLinux.cpp24
-rw-r--r--src/Core/Unix/MacOSX/CoreMacOSX.cpp23
-rw-r--r--src/Core/Unix/OpenBSD/CoreOpenBSD.cpp164
-rw-r--r--src/Core/Unix/OpenBSD/CoreOpenBSD.h44
-rw-r--r--src/Core/Unix/OpenBSD/System.h19
-rw-r--r--src/Core/Unix/Solaris/CoreSolaris.cpp4
-rw-r--r--src/Core/VolumeCreator.cpp19
-rw-r--r--src/Core/VolumeCreator.h71
21 files changed, 791 insertions, 155 deletions
diff --git a/src/Core/Core.h b/src/Core/Core.h
index 97e35b25..b9e53021 100644
--- a/src/Core/Core.h
+++ b/src/Core/Core.h
@@ -17,8 +17,8 @@
namespace VeraCrypt
{
- extern auto_ptr <CoreBase> Core;
- extern auto_ptr <CoreBase> CoreDirect;
+ extern unique_ptr <CoreBase> Core;
+ extern unique_ptr <CoreBase> CoreDirect;
class WaitThreadRoutine
{
@@ -75,16 +75,20 @@ namespace VeraCrypt
shared_ptr <VolumePassword> m_password;
int m_pim;
shared_ptr <Pkcs5Kdf> m_kdf;
- bool m_truecryptMode;
shared_ptr <KeyfileList> m_keyfiles;
shared_ptr <VolumePassword> m_newPassword;
int m_newPim;
shared_ptr <KeyfileList> m_newKeyfiles;
shared_ptr <Pkcs5Kdf> m_newPkcs5Kdf;
int m_wipeCount;
- ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount) {}
+ bool m_emvSupportEnabled;
+ bool m_masterKeyVulnerable;
+ ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false) {}
virtual ~ChangePasswordThreadRoutine() { }
- virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); }
+ virtual void ExecutionCode(void) {
+ shared_ptr <Volume> openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount);
+ m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable();
+ }
};
class OpenVolumeThreadRoutine : public WaitThreadRoutine
@@ -95,7 +99,6 @@ namespace VeraCrypt
shared_ptr <VolumePassword> m_password;
int m_pim;
shared_ptr<Pkcs5Kdf> m_Kdf;
- bool m_truecryptMode;
shared_ptr <KeyfileList> m_keyfiles;
VolumeProtection::Enum m_protection;
shared_ptr <VolumePassword> m_protectionPassword;
@@ -107,15 +110,16 @@ namespace VeraCrypt
bool m_useBackupHeaders;
bool m_partitionInSystemEncryptionScope;
shared_ptr <Volume> m_pVolume;
+ bool m_emvSupportEnabled;
- OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):
- m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles),
+ OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):
+ m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_keyfiles(keyfiles),
m_protection(protection), m_protectionPassword(protectionPassword), m_protectionPim(protectionPim), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders),
- m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope) {}
+ m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope), m_emvSupportEnabled(emvSupportEnabled) {}
~OpenVolumeThreadRoutine() {}
- virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }
+ virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_keyfiles, m_emvSupportEnabled, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }
};
@@ -127,10 +131,11 @@ namespace VeraCrypt
shared_ptr <VolumePassword> m_password;
int m_pim;
shared_ptr <KeyfileList> m_keyfiles;
- ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles)
- : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles) {}
+ bool m_emvSupportEnabled;
+ ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled)
+ : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles), m_emvSupportEnabled(emvSupportEnabled) {}
virtual ~ReEncryptHeaderThreadRoutine() { }
- virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles); }
+ virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles, m_emvSupportEnabled); }
};
class DecryptThreadRoutine : public WaitThreadRoutine
@@ -141,15 +146,14 @@ namespace VeraCrypt
const VolumePassword &m_password;
int m_pim;
shared_ptr <Pkcs5Kdf> m_kdf;
- bool m_truecryptMode;
const Pkcs5KdfList &m_keyDerivationFunctions;
const EncryptionAlgorithmList &m_encryptionAlgorithms;
const EncryptionModeList &m_encryptionModes;
bool m_bResult;
- DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
- : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}
+ DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+ : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}
virtual ~DecryptThreadRoutine() { }
- virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }
+ virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }
};
class WaitThreadUI
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index c22a50c0..0c6d5c9e 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -20,6 +20,9 @@ namespace VeraCrypt
{
CoreBase::CoreBase ()
: DeviceChangeInProgress (false)
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ , UseDummySudoPassword (false)
+#endif
{
}
@@ -27,20 +30,14 @@ namespace VeraCrypt
{
}
- void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+ void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
{
if ((!newPassword || newPassword->Size() < 1) && (!newKeyfiles || newKeyfiles->empty()))
throw PasswordEmpty (SRC_POS);
if (!newPkcs5Kdf)
{
- if (openVolume->GetPkcs5Kdf()->GetTrueCryptMode ())
- {
- newPkcs5Kdf.reset (openVolume->GetPkcs5Kdf()->Clone());
- newPkcs5Kdf->SetTrueCryptMode (false);
- }
- else
- newPkcs5Kdf = openVolume->GetPkcs5Kdf();
+ newPkcs5Kdf = openVolume->GetPkcs5Kdf();
}
if ((openVolume->GetHeader()->GetFlags() & TC_HEADER_FLAG_ENCRYPTED_SYSTEM) != 0
@@ -55,7 +52,7 @@ namespace VeraCrypt
SecureBuffer newSalt (openVolume->GetSaltSize());
SecureBuffer newHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
- shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword));
+ shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword, emvSupportEnabled));
bool backupHeader = false;
while (true)
@@ -80,10 +77,11 @@ namespace VeraCrypt
}
}
- void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+ shared_ptr <Volume> CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
{
- shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
- ChangePassword (volume, newPassword, newPim, newKeyfiles, newPkcs5Kdf, wipeCount);
+ shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled);
+ ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount);
+ return volume;
}
void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const
@@ -147,7 +145,7 @@ namespace VeraCrypt
outerVolume->ReadSectors (bootSectorBuffer, 0);
int fatType;
- byte *bootSector = bootSectorBuffer.Ptr();
+ uint8 *bootSector = bootSectorBuffer.Ptr();
if (memcmp (bootSector + 54, "FAT12", 5) == 0)
fatType = 12;
@@ -251,13 +249,17 @@ namespace VeraCrypt
bool CoreBase::IsVolumeMounted (const VolumePath &volumePath) const
{
- return GetMountedVolume (volumePath);
+ shared_ptr<VolumeInfo> mountedVolume = GetMountedVolume (volumePath);
+ if (mountedVolume)
+ return true;
+ else
+ return false;
}
- shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
+ shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
{
make_shared_auto (Volume, volume);
- volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+ volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
return volume;
}
@@ -272,7 +274,7 @@ namespace VeraCrypt
encryptionAlgorithm->GetMode()->SetKey (modeKey);
}
- void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const
+ void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const
{
shared_ptr <Pkcs5Kdf> pkcs5Kdf = header->GetPkcs5Kdf();
@@ -281,7 +283,7 @@ namespace VeraCrypt
SecureBuffer newSalt (header->GetSaltSize());
SecureBuffer newHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
- shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password));
+ shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled));
RandomNumberGenerator::GetData (newSalt);
pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, pim, newSalt);
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index eb830ba3..e646fce3 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -33,8 +33,8 @@ namespace VeraCrypt
public:
virtual ~CoreBase ();
- virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+ virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+ virtual shared_ptr <Volume> ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0;
virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const;
virtual void CreateKeyfile (const FilePath &keyfilePath) const;
@@ -69,14 +69,18 @@ namespace VeraCrypt
virtual bool IsVolumeMounted (const VolumePath &volumePath) const;
virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0;
virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) = 0;
- virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
+ virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
virtual void RandomizeEncryptionAlgorithmKey (shared_ptr <EncryptionAlgorithm> encryptionAlgorithm) const;
- virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const;
+ virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const;
virtual void SetAdminPasswordCallback (shared_ptr <GetStringFunctor> functor) { }
virtual void SetApplicationExecutablePath (const FilePath &path) { ApplicationExecutablePath = path; }
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
+ virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
+#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -87,6 +91,9 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool UseDummySudoPassword;
+#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/FatFormatter.cpp b/src/Core/FatFormatter.cpp
index fa327837..c8115f9b 100644
--- a/src/Core/FatFormatter.cpp
+++ b/src/Core/FatFormatter.cpp
@@ -149,7 +149,7 @@ namespace VeraCrypt
}
}
- static void PutBoot (fatparams * ft, byte *boot, uint32 volumeId)
+ static void PutBoot (fatparams * ft, uint8 *boot, uint32 volumeId)
{
int cnt = 0;
@@ -244,7 +244,7 @@ namespace VeraCrypt
/* FAT32 FSInfo */
- static void PutFSInfo (byte *sector, fatparams *ft)
+ static void PutFSInfo (uint8 *sector, fatparams *ft)
{
memset (sector, 0, ft->sector_size);
sector[3] = 0x41; /* LeadSig */
@@ -294,16 +294,16 @@ namespace VeraCrypt
sector.Zero();
uint32 volumeId;
- RandomNumberGenerator::GetDataFast (BufferPtr ((byte *) &volumeId, sizeof (volumeId)));
+ RandomNumberGenerator::GetDataFast (BufferPtr ((uint8 *) &volumeId, sizeof (volumeId)));
- PutBoot (ft, (byte *) sector, volumeId);
+ PutBoot (ft, (uint8 *) sector, volumeId);
writeSector (sector); ++sectorNumber;
/* fat32 boot area */
if (ft->size_fat == 32)
{
/* fsinfo */
- PutFSInfo((byte *) sector, ft);
+ PutFSInfo((uint8 *) sector, ft);
writeSector (sector); ++sectorNumber;
/* reserved */
@@ -317,10 +317,10 @@ namespace VeraCrypt
/* bootsector backup */
sector.Zero();
- PutBoot (ft, (byte *) sector, volumeId);
+ PutBoot (ft, (uint8 *) sector, volumeId);
writeSector (sector); ++sectorNumber;
- PutFSInfo((byte *) sector, ft);
+ PutFSInfo((uint8 *) sector, ft);
writeSector (sector); ++sectorNumber;
}
@@ -340,10 +340,10 @@ namespace VeraCrypt
if (n == 0)
{
- byte fat_sig[12];
+ uint8 fat_sig[12];
if (ft->size_fat == 32)
{
- fat_sig[0] = (byte) ft->media;
+ fat_sig[0] = (uint8) ft->media;
fat_sig[1] = fat_sig[2] = 0xff;
fat_sig[3] = 0x0f;
fat_sig[4] = fat_sig[5] = fat_sig[6] = 0xff;
@@ -354,7 +354,7 @@ namespace VeraCrypt
}
else if (ft->size_fat == 16)
{
- fat_sig[0] = (byte) ft->media;
+ fat_sig[0] = (uint8) ft->media;
fat_sig[1] = 0xff;
fat_sig[2] = 0xff;
fat_sig[3] = 0xff;
@@ -362,7 +362,7 @@ namespace VeraCrypt
}
else if (ft->size_fat == 12)
{
- fat_sig[0] = (byte) ft->media;
+ fat_sig[0] = (uint8) ft->media;
fat_sig[1] = 0xff;
fat_sig[2] = 0xff;
fat_sig[3] = 0x00;
diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp
index 52e12396..2f28c089 100644
--- a/src/Core/MountOptions.cpp
+++ b/src/Core/MountOptions.cpp
@@ -52,7 +52,6 @@ namespace VeraCrypt
TC_CLONE (SharedAccessAllowed);
TC_CLONE (SlotNumber);
TC_CLONE (UseBackupHeaders);
- TC_CLONE (TrueCryptMode);
}
void MountOptions::Deserialize (shared_ptr <Stream> stream)
@@ -101,14 +100,12 @@ namespace VeraCrypt
sr.Deserialize ("SlotNumber", SlotNumber);
sr.Deserialize ("UseBackupHeaders", UseBackupHeaders);
- sr.Deserialize ("TrueCryptMode", TrueCryptMode);
-
try
{
if (!sr.DeserializeBool ("KdfNull"))
{
sr.Deserialize ("Kdf", nameValue);
- Kdf = Pkcs5Kdf::GetAlgorithm (nameValue, TrueCryptMode);
+ Kdf = Pkcs5Kdf::GetAlgorithm (nameValue);
}
}
catch(...) {}
@@ -118,7 +115,7 @@ namespace VeraCrypt
if (!sr.DeserializeBool ("ProtectionKdfNull"))
{
sr.Deserialize ("ProtectionKdf", nameValue);
- ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue, TrueCryptMode);
+ ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue);
}
}
catch(...) {}
@@ -167,8 +164,6 @@ namespace VeraCrypt
sr.Serialize ("SlotNumber", SlotNumber);
sr.Serialize ("UseBackupHeaders", UseBackupHeaders);
- sr.Serialize ("TrueCryptMode", TrueCryptMode);
-
sr.Serialize ("KdfNull", Kdf == nullptr);
if (Kdf)
sr.Serialize ("Kdf", Kdf->GetName());
diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h
index 83a8bffc..3dcfa599 100644
--- a/src/Core/MountOptions.h
+++ b/src/Core/MountOptions.h
@@ -37,8 +37,7 @@ namespace VeraCrypt
Removable (false),
SharedAccessAllowed (false),
SlotNumber (0),
- UseBackupHeaders (false),
- TrueCryptMode (false)
+ UseBackupHeaders (false)
{
}
@@ -72,7 +71,7 @@ namespace VeraCrypt
bool SharedAccessAllowed;
VolumeSlotNumber SlotNumber;
bool UseBackupHeaders;
- bool TrueCryptMode;
+ bool EMVSupportEnabled;
protected:
void CopyFrom (const MountOptions &other);
diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp
index fffd948a..b60b4eed 100644
--- a/src/Core/RandomNumberGenerator.cpp
+++ b/src/Core/RandomNumberGenerator.cpp
@@ -14,6 +14,11 @@
#include <sys/types.h>
#include <errno.h>
#include <fcntl.h>
+
+#ifndef ERESTART
+#define ERESTART EINTR
+#endif
+
#endif
#include "RandomNumberGenerator.h"
@@ -44,8 +49,38 @@ namespace VeraCrypt
throw_sys_sub_if (random == -1, L"/dev/random");
finally_do_arg (int, random, { close (finally_arg); });
- throw_sys_sub_if (read (random, buffer, buffer.Size()) == -1 && errno != EAGAIN, L"/dev/random");
+ // ensure that we have read at least 32 bytes from /dev/random before allowing it to fail gracefully
+ while (true)
+ {
+ int rndCount = read (random, buffer, buffer.Size());
+ throw_sys_sub_if ((rndCount == -1) && errno != EAGAIN && errno != ERESTART && errno != EINTR, L"/dev/random");
+ if (rndCount != -1) {
+ // We count returned bytes until 32-bytes threshold reached
+ if (DevRandomBytesCount < 32)
+ DevRandomBytesCount += rndCount;
+ break;
+ }
+ else if (DevRandomBytesCount >= 32) {
+ // allow /dev/random to fail gracefully since we have enough bytes
+ break;
+ }
+ else {
+ // wait 250ms before querying /dev/random again
+ ::usleep (250 * 1000);
+ }
+ }
+
AddToPool (buffer);
+
+ /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
+ if (JitterRngCtx)
+ {
+ ssize_t rndLen = jent_read_entropy (JitterRngCtx, (char*) buffer.Ptr(), buffer.Size());
+ if (rndLen > 0)
+ {
+ AddToPool (buffer);
+ }
+ }
}
#endif
}
@@ -79,7 +114,13 @@ namespace VeraCrypt
ScopeLock lock (AccessMutex);
size_t bufferLen = buffer.Size(), loopLen;
- byte* pbBuffer = buffer.Get();
+ uint8* pbBuffer = buffer.Get();
+
+ // Initialize JitterEntropy RNG for this call
+ if (0 == jent_entropy_init ())
+ {
+ JitterRngCtx = jent_entropy_collector_alloc (1, 0);
+ }
// Poll system for data
AddSystemDataToPool (fast);
@@ -127,6 +168,12 @@ namespace VeraCrypt
pbBuffer += loopLen;
}
+
+ if (JitterRngCtx)
+ {
+ jent_entropy_collector_free (JitterRngCtx);
+ JitterRngCtx = NULL;
+ }
}
shared_ptr <Hash> RandomNumberGenerator::GetHash ()
@@ -138,18 +185,26 @@ namespace VeraCrypt
void RandomNumberGenerator::HashMixPool ()
{
BytesAddedSincePoolHashMix = 0;
-
- for (size_t poolPos = 0; poolPos < Pool.Size(); )
+ size_t digestSize = PoolHash->GetDigestSize();
+ size_t poolSize = Pool.Size();
+ // pool size must be multiple of digest size
+ // this is always the case with default pool size value (320 bytes)
+ if (poolSize % digestSize)
+ throw AssertionFailed (SRC_POS);
+
+ for (size_t poolPos = 0; poolPos < poolSize; poolPos += digestSize)
{
// Compute the message digest of the entire pool using the selected hash function
- SecureBuffer digest (PoolHash->GetDigestSize());
+ SecureBuffer digest (digestSize);
+ PoolHash->Init();
PoolHash->ProcessData (Pool);
PoolHash->GetDigest (digest);
- // Add the message digest to the pool
- for (size_t digestPos = 0; digestPos < digest.Size() && poolPos < Pool.Size(); ++digestPos)
+ /* XOR the resultant message digest to the pool at the poolIndex position. */
+ /* this matches the documentation: https://veracrypt.fr/en/Random%20Number%20Generator.html */
+ for (size_t digestIndex = 0; digestIndex < digestSize; digestIndex++)
{
- Pool[poolPos++] += digest[digestPos];
+ Pool [poolPos + digestIndex] ^= digest [digestIndex];
}
}
}
@@ -196,30 +251,43 @@ namespace VeraCrypt
EnrichedByUser = false;
Running = false;
+ DevRandomBytesCount = 0;
}
void RandomNumberGenerator::Test ()
{
shared_ptr <Hash> origPoolHash = PoolHash;
- PoolHash.reset (new Ripemd160());
+ #ifndef WOLFCRYPT_BACKEND
+ PoolHash.reset (new Blake2s());
+ #else
+ PoolHash.reset (new Sha256());
+ #endif
Pool.Zero();
Buffer buffer (1);
for (size_t i = 0; i < PoolSize * 10; ++i)
{
- buffer[0] = (byte) i;
+ buffer[0] = (uint8) i;
AddToPool (buffer);
}
- if (Crc32::ProcessBuffer (Pool) != 0x2de46d17)
- throw TestFailed (SRC_POS);
+ #ifndef WOLFCRYPT_BACKEND
+ if (Crc32::ProcessBuffer (Pool) != 0x9c743238)
+ #else
+ if (Crc32::ProcessBuffer (Pool) != 0xac95ac1a)
+ #endif
+ throw TestFailed (SRC_POS);
buffer.Allocate (PoolSize);
buffer.CopyFrom (PeekPool());
AddToPool (buffer);
- if (Crc32::ProcessBuffer (Pool) != 0xcb88e019)
- throw TestFailed (SRC_POS);
+ #ifndef WOLFCRYPT_BACKEND
+ if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d)
+ #else
+ if (Crc32::ProcessBuffer (Pool) != 0xb79f3c12)
+ #endif
+ throw TestFailed (SRC_POS);
PoolHash = origPoolHash;
}
@@ -232,4 +300,6 @@ namespace VeraCrypt
size_t RandomNumberGenerator::ReadOffset;
bool RandomNumberGenerator::Running = false;
size_t RandomNumberGenerator::WriteOffset;
+ struct rand_data *RandomNumberGenerator::JitterRngCtx = NULL;
+ int RandomNumberGenerator::DevRandomBytesCount = 0;
}
diff --git a/src/Core/RandomNumberGenerator.h b/src/Core/RandomNumberGenerator.h
index 2d1d314a..333a8e36 100644
--- a/src/Core/RandomNumberGenerator.h
+++ b/src/Core/RandomNumberGenerator.h
@@ -16,6 +16,7 @@
#include "Platform/Platform.h"
#include "Volume/Hash.h"
#include "Common/Random.h"
+#include "Crypto/jitterentropy.h"
namespace VeraCrypt
{
@@ -53,6 +54,8 @@ namespace VeraCrypt
static size_t ReadOffset;
static bool Running;
static size_t WriteOffset;
+ static struct rand_data *JitterRngCtx;
+ static int DevRandomBytesCount;
};
}
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index 77d55b21..6d0f05e5 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -13,6 +13,7 @@
#include "CoreService.h"
#include <fcntl.h>
#include <sys/wait.h>
+#include <stdio.h>
#include "Platform/FileStream.h"
#include "Platform/MemoryStream.h"
#include "Platform/Serializable.h"
@@ -27,9 +28,9 @@
namespace VeraCrypt
{
template <class T>
- auto_ptr <T> CoreService::GetResponse ()
+ unique_ptr <T> CoreService::GetResponse ()
{
- auto_ptr <Serializable> deserializedObject (Serializable::DeserializeNew (ServiceOutputStream));
+ unique_ptr <Serializable> deserializedObject (Serializable::DeserializeNew (ServiceOutputStream));
Exception *deserializedException = dynamic_cast <Exception*> (deserializedObject.get());
if (deserializedException)
@@ -38,7 +39,7 @@ namespace VeraCrypt
if (dynamic_cast <T *> (deserializedObject.get()) == nullptr)
throw ParameterIncorrect (SRC_POS);
- return auto_ptr <T> (dynamic_cast <T *> (deserializedObject.release()));
+ return unique_ptr <T> (dynamic_cast <T *> (deserializedObject.release()));
}
void CoreService::ProcessElevatedRequests ()
@@ -56,7 +57,7 @@ namespace VeraCrypt
// Wait for sync code
while (true)
{
- byte b;
+ uint8 b;
throw_sys_if (read (STDIN_FILENO, &b, 1) != 1);
if (b != 0x00)
continue;
@@ -89,7 +90,7 @@ namespace VeraCrypt
{
try
{
- Core = CoreDirect;
+ Core = move_ptr(CoreDirect);
shared_ptr <Stream> inputStream (new FileStream (inputFD != -1 ? inputFD : InputPipe->GetReadFD()));
shared_ptr <Stream> outputStream (new FileStream (outputFD != -1 ? outputFD : OutputPipe->GetWriteFD()));
@@ -277,7 +278,7 @@ namespace VeraCrypt
}
template <class T>
- auto_ptr <T> CoreService::SendRequest (CoreServiceRequest &request)
+ unique_ptr <T> CoreService::SendRequest (CoreServiceRequest &request)
{
static Mutex mutex;
ScopeLock lock (mutex);
@@ -290,10 +291,56 @@ namespace VeraCrypt
while (!ElevatedServiceAvailable)
{
+ // Test if the user has an active "sudo" session.
+ // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.
+ // In case a "sudo" session is active, the result of the command contains the string 'load average'.
+ // Otherwise, the result contains "sudo: a password is required".
+ // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,
+ // therefore we keep the old behaviour of sending a 'dummy' password under OSX.
+ // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
+ //
+ // If for some reason we are getting empty output from pipe, we revert to old behavior
+ // We also use the old way if the user is forcing the use of dummy password for sudo
+
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ bool authCheckDone = false;
+ if (!Core->GetUseDummySudoPassword ())
+ {
+ std::vector<char> buffer(128, 0);
+ std::string result;
+
+ FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ if (pipe)
+ {
+ while (!feof(pipe))
+ {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+
+ fflush(pipe);
+ pclose(pipe);
+ pipe = NULL;
+
+ if (!result.empty() && strlen(result.c_str()) != 0)
+ {
+ authCheckDone = true;
+ if (result[0] == '0') // no line found with "load average" text, rerquest admin password
+ (*AdminPasswordCallback) (request.AdminPassword);
+ }
+ }
+
+ if (authCheckDone)
+ {
+ // Set to false to force the 'WarningEvent' to be raised in case of and elevation exception.
+ request.FastElevation = false;
+ }
+ }
+#endif
try
{
request.Serialize (ServiceInputStream);
- auto_ptr <T> response (GetResponse <T>());
+ unique_ptr <T> response (GetResponse <T>());
ElevatedServiceAvailable = true;
return response;
}
@@ -306,7 +353,10 @@ namespace VeraCrypt
}
request.FastElevation = false;
- (*AdminPasswordCallback) (request.AdminPassword);
+#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+ if(!authCheckDone)
+#endif
+ (*AdminPasswordCallback) (request.AdminPassword);
}
}
}
@@ -342,8 +392,8 @@ namespace VeraCrypt
void CoreService::StartElevated (const CoreServiceRequest &request)
{
- auto_ptr <Pipe> inPipe (new Pipe());
- auto_ptr <Pipe> outPipe (new Pipe());
+ unique_ptr <Pipe> inPipe (new Pipe());
+ unique_ptr <Pipe> outPipe (new Pipe());
Pipe errPipe;
int forkedPid = fork();
@@ -396,6 +446,7 @@ namespace VeraCrypt
vector <char> adminPassword (request.AdminPassword.size() + 1);
int timeout = 6000;
+ // 'request.FastElevation' is always false under Linux / FreeBSD when "sudo -n" works properly
if (request.FastElevation)
{
string dummyPassword = "dummy\n";
@@ -409,9 +460,12 @@ namespace VeraCrypt
adminPassword[request.AdminPassword.size()] = '\n';
}
+#if defined(TC_LINUX )
+ Thread::Sleep (1000); // wait 1 second for the forked sudo to start
+#endif
if (write (inPipe->GetWriteFD(), &adminPassword.front(), adminPassword.size())) { } // Errors ignored
- Memory::Erase (&adminPassword.front(), adminPassword.size());
+ burn (&adminPassword.front(), adminPassword.size());
throw_sys_if (fcntl (outPipe->GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
throw_sys_if (fcntl (errPipe.GetReadFD(), F_SETFL, O_NONBLOCK) == -1);
@@ -457,6 +511,7 @@ namespace VeraCrypt
outPipe->Close();
errPipe.Close();
+ // 'request.FastElevation' is always false under Linux / FreeBSD
if (request.FastElevation)
{
// Prevent defunct process
@@ -483,12 +538,12 @@ namespace VeraCrypt
if (!errOutput.empty())
{
- auto_ptr <Serializable> deserializedObject;
+ unique_ptr <Serializable> deserializedObject;
Exception *deserializedException = nullptr;
try
{
- shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((byte *) &errOutput[0], errOutput.size())));
+ shared_ptr <Stream> stream (new MemoryStream (ConstBufferPtr ((uint8 *) &errOutput[0], errOutput.size())));
deserializedObject.reset (Serializable::DeserializeNew (stream));
deserializedException = dynamic_cast <Exception*> (deserializedObject.get());
}
@@ -520,11 +575,11 @@ namespace VeraCrypt
ServiceOutputStream = shared_ptr <Stream> (new FileStream (outPipe->GetReadFD()));
// Send sync code
- byte sync[] = { 0, 0x11, 0x22 };
+ uint8 sync[] = { 0, 0x11, 0x22 };
ServiceInputStream->Write (ConstBufferPtr (sync, array_capacity (sync)));
- AdminInputPipe = inPipe;
- AdminOutputPipe = outPipe;
+ AdminInputPipe = move_ptr(inPipe);
+ AdminOutputPipe = move_ptr(outPipe);
}
void CoreService::Stop ()
@@ -535,11 +590,11 @@ namespace VeraCrypt
shared_ptr <GetStringFunctor> CoreService::AdminPasswordCallback;
- auto_ptr <Pipe> CoreService::AdminInputPipe;
- auto_ptr <Pipe> CoreService::AdminOutputPipe;
+ unique_ptr <Pipe> CoreService::AdminInputPipe;
+ unique_ptr <Pipe> CoreService::AdminOutputPipe;
- auto_ptr <Pipe> CoreService::InputPipe;
- auto_ptr <Pipe> CoreService::OutputPipe;
+ unique_ptr <Pipe> CoreService::InputPipe;
+ unique_ptr <Pipe> CoreService::OutputPipe;
shared_ptr <Stream> CoreService::ServiceInputStream;
shared_ptr <Stream> CoreService::ServiceOutputStream;
diff --git a/src/Core/Unix/CoreService.h b/src/Core/Unix/CoreService.h
index e25b856a..dfb8b350 100644
--- a/src/Core/Unix/CoreService.h
+++ b/src/Core/Unix/CoreService.h
@@ -39,17 +39,17 @@ namespace VeraCrypt
static void Stop ();
protected:
- template <class T> static auto_ptr <T> GetResponse ();
- template <class T> static auto_ptr <T> SendRequest (CoreServiceRequest &request);
+ template <class T> static unique_ptr <T> GetResponse ();
+ template <class T> static unique_ptr <T> SendRequest (CoreServiceRequest &request);
static void StartElevated (const CoreServiceRequest &request);
static shared_ptr <GetStringFunctor> AdminPasswordCallback;
- static auto_ptr <Pipe> AdminInputPipe;
- static auto_ptr <Pipe> AdminOutputPipe;
+ static unique_ptr <Pipe> AdminInputPipe;
+ static unique_ptr <Pipe> AdminOutputPipe;
- static auto_ptr <Pipe> InputPipe;
- static auto_ptr <Pipe> OutputPipe;
+ static unique_ptr <Pipe> InputPipe;
+ static unique_ptr <Pipe> OutputPipe;
static shared_ptr <Stream> ServiceInputStream;
static shared_ptr <Stream> ServiceOutputStream;
diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h
index f5bbae3d..d57d8163 100644
--- a/src/Core/Unix/CoreServiceProxy.h
+++ b/src/Core/Unix/CoreServiceProxy.h
@@ -98,11 +98,11 @@ namespace VeraCrypt
{
MountOptions newOptions = options;
- newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled);
if (newOptions.Keyfiles)
newOptions.Keyfiles->clear();
- newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword);
+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled);
if (newOptions.ProtectionKeyfiles)
newOptions.ProtectionKeyfiles->clear();
@@ -126,7 +126,7 @@ namespace VeraCrypt
if (options.CachePassword
&& ((options.Password && !options.Password->IsEmpty()) || (options.Keyfiles && !options.Keyfiles->empty())))
{
- VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password));
+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled));
}
}
diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp
index 0fc69eec..1868eb6d 100644
--- a/src/Core/Unix/CoreUnix.cpp
+++ b/src/Core/Unix/CoreUnix.cpp
@@ -24,6 +24,11 @@
namespace VeraCrypt
{
+#ifdef TC_LINUX
+ static string GetTmpUser ();
+ static bool SamePath (const string& path1, const string& path2);
+#endif
+
CoreUnix::CoreUnix ()
{
signal (SIGPIPE, SIG_IGN);
@@ -73,10 +78,8 @@ namespace VeraCrypt
if (stat("/usr/bin/konsole", &sb) == 0)
{
args.clear ();
- args.push_back ("--title");
- args.push_back ("fsck");
- args.push_back ("--caption");
- args.push_back ("fsck");
+ args.push_back ("-p");
+ args.push_back ("tabtitle=fsck");
args.push_back ("-e");
args.push_back ("sh");
args.push_back ("-c");
@@ -86,8 +89,22 @@ namespace VeraCrypt
Process::Execute ("konsole", args, 1000);
} catch (TimeOut&) { }
}
+ else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0)
+ {
+ args.clear ();
+ args.push_back ("--title");
+ args.push_back ("fsck");
+ args.push_back ("--");
+ args.push_back ("sh");
+ args.push_back ("-c");
+ args.push_back (xargs);
+ try
+ {
+ Process::Execute ("gnome-terminal", args, 1000);
+ } catch (TimeOut&) { }
+ }
else
- throw;
+ throw TerminalNotFound();
}
#endif
}
@@ -224,7 +241,7 @@ namespace VeraCrypt
device.SeekAt (0);
device.ReadCompleteBuffer (bootSector);
- byte *b = bootSector.Ptr();
+ uint8 *b = bootSector.Ptr();
return memcmp (b + 3, "NTFS", 4) != 0
&& memcmp (b + 54, "FAT", 3) != 0
@@ -286,17 +303,45 @@ namespace VeraCrypt
continue;
shared_ptr <VolumeInfo> mountedVol;
- try
+ // Introduce a retry mechanism with a timeout for control file access
+ // This workaround is limited to FUSE-T mounted volume under macOS for
+ // which md.Device starts with "fuse-t:"
+#ifdef VC_MACOSX_FUSET
+ bool isFuseT = wstring(mf.Device).find(L"fuse-t:") == 0;
+ int controlFileRetries = 10; // 10 retries with 500ms sleep each, total 5 seconds
+ while (!mountedVol && (controlFileRetries-- > 0))
+#endif
{
- shared_ptr <File> controlFile (new File);
- controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
+ try
+ {
+ shared_ptr <File> controlFile (new File);
+ controlFile->Open (string (mf.MountPoint) + FuseService::GetControlPath());
- shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
- mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+ shared_ptr <Stream> controlFileStream (new FileStream (controlFile));
+ mountedVol = Serializable::DeserializeNew <VolumeInfo> (controlFileStream);
+ }
+ catch (const std::exception& e)
+ {
+#ifdef VC_MACOSX_FUSET
+ // if exception starts with "VeraCrypt::Serializer::ValidateName", then
+ // serialization is not ready yet and we need to wait before retrying
+ // this happens when FUSE-T is used under macOS and if it is the first time
+ // the volume is mounted
+ if (isFuseT && string (e.what()).find ("VeraCrypt::Serializer::ValidateName") != string::npos)
+ {
+ Thread::Sleep(500); // Wait before retrying
+ }
+ else
+ {
+ break; // Control file not found or other error
+ }
+#endif
+ }
}
- catch (...)
+
+ if (!mountedVol)
{
- continue;
+ continue; // Skip to the next mounted filesystem
}
if (!volumePath.IsEmpty() && wstring (mountedVol->Path).compare (volumePath) != 0)
@@ -355,10 +400,99 @@ namespace VeraCrypt
string CoreUnix::GetTempDirectory () const
{
- char *envDir = getenv ("TMPDIR");
- return envDir ? envDir : "/tmp";
+ const char *tmpdir = getenv ("TMPDIR");
+ string envDir = tmpdir ? tmpdir : "/tmp";
+
+#ifdef TC_LINUX
+ /*
+ * If pam_tmpdir.so is in use, a different temporary directory is
+ * allocated for each user ID. We need to mount to the directory used
+ * by the non-root user.
+ */
+ if (getuid () == 0 && envDir.size () >= 2
+ && envDir.substr (envDir.size () - 2) == "/0") {
+ string tmpuser = GetTmpUser ();
+ if (SamePath (envDir, tmpuser + "/0")) {
+ /* Substitute the sudo'ing user for 0 */
+ char uid[40];
+ FILE *fp = fopen ("/proc/self/loginuid", "r");
+ if (fp != NULL) {
+ if (fgets (uid, sizeof (uid), fp) != nullptr) {
+ envDir = tmpuser + "/" + uid;
+ }
+ fclose (fp);
+ }
+ }
+ }
+#endif
+
+ return envDir;
+ }
+
+#ifdef TC_LINUX
+ static string GetTmpUser ()
+ {
+ string tmpuser = "/tmp/user";
+ FILE *fp = fopen ("/etc/security/tmpdir.conf", "r");
+ if (fp == NULL) {
+ return tmpuser;
+ }
+ while (true) {
+ /* Parses the same way as pam_tmpdir */
+ char line[1024];
+ if (fgets (line, sizeof (line), fp) == nullptr) {
+ break;
+ }
+ if (line[0] == '#') {
+ continue;
+ }
+ size_t len = strlen (line);
+ if (len > 0 && line[len-1] == '\n') {
+ line[len-1] = '\0';
+ }
+ char *eq = strchr (line, '=');
+ if (eq == nullptr) {
+ continue;
+ }
+ *eq = '\0';
+ const char *key = line;
+ const char *value = eq + 1;
+ if (strcmp (key, "tmpdir") == 0) {
+ tmpuser = value;
+ break;
+ }
+ }
+ fclose (fp);
+ return tmpuser;
}
+ static bool SamePath (const string& path1, const string& path2)
+ {
+ size_t i1 = 0;
+ size_t i2 = 0;
+ while (i1 < path1.size () && i2 < path2.size ()) {
+ if (path1[i1] != path2[i2]) {
+ return false;
+ }
+ /* Any two substrings consisting entirely of slashes compare equal */
+ if (path1[i1] == '/') {
+ while (i1 < path1.size () && path1[i1] == '/') {
+ ++i1;
+ }
+ while (i2 < path2.size () && path2[i2] == '/') {
+ ++i2;
+ }
+ }
+ else
+ {
+ ++i1;
+ ++i2;
+ }
+ }
+ return (i1 == path1.size () && i2 == path2.size ());
+ }
+#endif
+
bool CoreUnix::IsMountPointAvailable (const DirectoryPath &mountPoint) const
{
return GetMountedFilesystems (DevicePath(), mountPoint).size() == 0;
@@ -440,8 +574,8 @@ namespace VeraCrypt
options.Password,
options.Pim,
options.Kdf,
- options.TrueCryptMode,
options.Keyfiles,
+ options.EMVSupportEnabled,
options.Protection,
options.ProtectionPassword,
options.ProtectionPim,
@@ -465,6 +599,7 @@ namespace VeraCrypt
continue;
}
+ options.Password.reset();
throw;
}
@@ -473,19 +608,10 @@ namespace VeraCrypt
if (options.Path->IsDevice())
{
- if (volume->GetFile()->GetDeviceSectorSize() != volume->GetSectorSize())
- throw ParameterIncorrect (SRC_POS);
-
-#if defined (TC_LINUX)
- if (volume->GetSectorSize() != TC_SECTOR_SIZE_LEGACY)
- {
- if (options.Protection == VolumeProtection::HiddenVolumeReadOnly)
- throw UnsupportedSectorSizeHiddenVolumeProtection();
-
- if (options.NoKernelCrypto)
- throw UnsupportedSectorSizeNoKernelCrypto();
- }
-#endif
+ const uint32 devSectorSize = volume->GetFile()->GetDeviceSectorSize();
+ const size_t volSectorSize = volume->GetSectorSize();
+ if (devSectorSize != volSectorSize)
+ throw DeviceSectorSizeMismatch (SRC_POS, StringConverter::ToWide(devSectorSize) + L" != " + StringConverter::ToWide((uint32) volSectorSize));
}
// Find a free mount point for FUSE service
@@ -593,7 +719,7 @@ namespace VeraCrypt
{
try
{
- chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId());
+ throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint);
} catch (...) { }
}
}
diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
index ff3e04bc..05520274 100644
--- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
+++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp
@@ -83,7 +83,7 @@ namespace VeraCrypt
#ifdef TC_MACOSX
const string busType = "rdisk";
#else
- foreach (const string &busType, StringConverter::Split ("ad da"))
+ foreach (const string &busType, StringConverter::Split ("ad da vtbd"))
#endif
{
for (int devNumber = 0; devNumber < 64; devNumber++)
@@ -185,10 +185,51 @@ namespace VeraCrypt
void CoreFreeBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const
{
+ std::string chosenFilesystem = "msdos";
+ std::string modifiedMountOptions = systemMountOptions;
+
+ if (filesystemType.empty() && modifiedMountOptions.find("mountprog") == string::npos) {
+ // No filesystem type specified through CLI, attempt to identify with blkid
+ // as mount is unable to probe filesystem type on BSD
+ // Make sure we don't override user defined mountprog
+ std::vector<char> buffer(128,0);
+ std::string cmd = "blkid -o value -s TYPE " + static_cast<std::string>(devicePath) + " 2>/dev/null";
+ std::string result;
+
+ FILE* pipe = popen(cmd.c_str(), "r");
+ if (pipe) {
+ while (!feof(pipe)) {
+ if (fgets(buffer.data(), 128, pipe) != nullptr)
+ result += buffer.data();
+ }
+ fflush(pipe);
+ pclose(pipe);
+ pipe = nullptr;
+ }
+
+ if (result.find("ext") == 0 || StringConverter::ToLower(filesystemType).find("ext") == 0) {
+ chosenFilesystem = "ext2fs";
+ }
+ else if (result.find("exfat") == 0 || StringConverter::ToLower(filesystemType) == "exfat") {
+ chosenFilesystem = "exfat";
+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+ + "mountprog=/usr/local/sbin/mount.exfat";
+ }
+ else if (result.find("ntfs") == 0 || StringConverter::ToLower(filesystemType) == "ntfs") {
+ chosenFilesystem = "ntfs";
+ modifiedMountOptions += string(!systemMountOptions.empty() ? "," : "")
+ + "mountprog=/usr/local/bin/ntfs-3g";
+ }
+ else if (!filesystemType.empty()) {
+ // Filesystem is specified but is none of the above, then supply as is
+ chosenFilesystem = filesystemType;
+ }
+ } else
+ chosenFilesystem = filesystemType;
+
try
{
- // Try to mount FAT by default as mount is unable to probe filesystem type on BSD
- CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);
+ CoreUnix::MountFilesystem (devicePath, mountPoint, chosenFilesystem, readOnly, modifiedMountOptions);
}
catch (ExecutedProcessFailed&)
{
@@ -200,7 +241,7 @@ namespace VeraCrypt
}
#ifdef TC_FREEBSD
- auto_ptr <CoreBase> Core (new CoreServiceProxy <CoreFreeBSD>);
- auto_ptr <CoreBase> CoreDirect (new CoreFreeBSD);
+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreFreeBSD>);
+ unique_ptr <CoreBase> CoreDirect (new CoreFreeBSD);
#endif
}
diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp
index 0840d243..cd4be80f 100644
--- a/src/Core/Unix/Linux/CoreLinux.cpp
+++ b/src/Core/Unix/Linux/CoreLinux.cpp
@@ -22,6 +22,9 @@
#include "Platform/SystemInfo.h"
#include "Platform/TextReader.h"
#include "Volume/EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "Volume/EncryptionModeWolfCryptXTS.h"
+#endif
#include "Driver/Fuse/FuseService.h"
#include "Core/Unix/CoreServiceProxy.h"
@@ -302,13 +305,22 @@ namespace VeraCrypt
void CoreLinux::MountVolumeNative (shared_ptr <Volume> volume, MountOptions &options, const DirectoryPath &auxMountPoint) const
{
- bool xts = (typeid (*volume->GetEncryptionMode()) == typeid (EncryptionModeXTS));
- bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (GOST89))
- || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik));
+ bool xts = (typeid (*volume->GetEncryptionMode()) ==
+ #ifdef WOLFCRYPT_BACKEND
+ typeid (EncryptionModeWolfCryptXTS));
+ #else
+ typeid (EncryptionModeXTS));
+ #endif
+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))
+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik))
+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish))
+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES))
+ || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikSerpentCamellia));
if (options.NoKernelCrypto
|| !xts
|| algoNotSupported
+ || volume->IsEncryptionNotCompleted ()
|| volume->GetProtectionType() == VolumeProtection::HiddenVolumeReadOnly)
{
throw NotApplicable (SRC_POS);
@@ -374,7 +386,7 @@ namespace VeraCrypt
dmCreateArgs << nativeDevPath << " 0";
SecureBuffer dmCreateArgsBuf (dmCreateArgs.str().size());
- dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((byte *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
+ dmCreateArgsBuf.CopyFrom (ConstBufferPtr ((uint8 *) dmCreateArgs.str().c_str(), dmCreateArgs.str().size()));
// Keys
const SecureBuffer &cipherKey = cipher.GetKey();
@@ -484,6 +496,6 @@ namespace VeraCrypt
}
}
- auto_ptr <CoreBase> Core (new CoreServiceProxy <CoreLinux>);
- auto_ptr <CoreBase> CoreDirect (new CoreLinux);
+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreLinux>);
+ unique_ptr <CoreBase> CoreDirect (new CoreLinux);
}
diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
index 251e4c65..cfd34072 100644
--- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp
+++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp
@@ -107,12 +107,19 @@ namespace VeraCrypt
void CoreMacOSX::CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair) const
{
list <string> args;
- args.push_back ("/Applications/Utilities/Disk Utility.app");
+ struct stat sb;
+
+ if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0)
+ args.push_back ("/Applications/Utilities/Disk Utility.app");
+ else
+ args.push_back ("/System/Applications/Utilities/Disk Utility.app");
+
Process::Execute ("open", args);
}
void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const
{
+#ifndef VC_MACOSX_FUSET
// Check FUSE version
char fuseVersionString[MAXHOSTNAMELEN + 1] = { 0 };
size_t fuseVersionStringLength = MAXHOSTNAMELEN;
@@ -123,13 +130,17 @@ namespace VeraCrypt
fuseVersionStringLength = MAXHOSTNAMELEN;
if ((status = sysctlbyname ("vfs.generic.osxfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0)
{
- throw HigherFuseVersionRequired (SRC_POS);
+ fuseVersionStringLength = MAXHOSTNAMELEN;
+ if ((status = sysctlbyname ("vfs.generic.macfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0)
+ {
+ throw HigherFuseVersionRequired (SRC_POS);
+ }
}
}
// look for OSXFuse dynamic library
struct stat sb;
- if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb))
+ if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb) && 0 != stat("/usr/local/lib/libfuse.dylib", &sb))
{
throw HigherFuseVersionRequired (SRC_POS);
}
@@ -143,7 +154,7 @@ namespace VeraCrypt
if (fuseVersionMajor < 2 || (fuseVersionMajor == 2 && fuseVersionMinor < 5))
throw HigherFuseVersionRequired (SRC_POS);
-
+#endif
// Mount volume image
string volImage = string (auxMountPoint) + FuseService::GetVolumeImagePath();
@@ -229,6 +240,6 @@ namespace VeraCrypt
}
}
- auto_ptr <CoreBase> Core (new CoreServiceProxy <CoreMacOSX>);
- auto_ptr <CoreBase> CoreDirect (new CoreMacOSX);
+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreMacOSX>);
+ unique_ptr <CoreBase> CoreDirect (new CoreMacOSX);
}
diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp
new file mode 100644
index 00000000..3064103b
--- /dev/null
+++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp
@@ -0,0 +1,164 @@
+/* $OpenBSD$ */
+/*
+ Based on FreeBSD/CoreFreeBSD.cpp
+
+ Derived from source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
+ by the TrueCrypt License 3.0.
+
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages.
+*/
+
+#include <fstream>
+#include <iostream>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/ucred.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
+#include "CoreOpenBSD.h"
+#include "Core/Unix/CoreServiceProxy.h"
+
+namespace VeraCrypt
+{
+ CoreOpenBSD::CoreOpenBSD ()
+ {
+ }
+
+ CoreOpenBSD::~CoreOpenBSD ()
+ {
+ }
+
+ DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const
+ {
+ list <string> args;
+
+ if (readOnly)
+ {
+ throw;
+ }
+
+ // find an available vnd
+ int freeVnd = -1;
+ for (int vnd = 0; vnd <= 3; vnd++)
+ {
+ stringstream devPath;
+ devPath << "/dev/vnd" << vnd << "c";
+
+ if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice())
+ {
+ make_shared_auto (HostDevice, device);
+ device->Path = devPath.str();
+ try
+ {
+ GetDeviceSize (device->Path);
+ }
+ catch (...)
+ {
+ freeVnd = vnd;
+ break;
+ }
+ }
+ }
+
+ if (freeVnd == -1)
+ throw "couldn't find free vnd";
+
+ stringstream freePath;
+ freePath << "vnd" << freeVnd;
+ args.push_back (freePath.str());
+
+ args.push_back (filePath);
+
+ Process::Execute ("vnconfig", args);
+
+ return "/dev/" + freePath.str() + "c";
+ }
+
+ void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const
+ {
+ list <string> args;
+ args.push_back ("-u");
+ args.push_back (devicePath);
+
+ for (int t = 0; true; t++)
+ {
+ try
+ {
+ Process::Execute ("vnconfig", args);
+ break;
+ }
+ catch (ExecutedProcessFailed&)
+ {
+ if (t > 5)
+ throw;
+ Thread::Sleep (200);
+ }
+ }
+ }
+
+ // not sure what this is used for
+ HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const
+ {
+ throw;
+ }
+
+ MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const
+ {
+
+ static Mutex mutex;
+ ScopeLock sl (mutex);
+
+ struct statfs *sysMountList;
+ int count = getmntinfo (&sysMountList, MNT_NOWAIT);
+ throw_sys_if (count == 0);
+
+ MountedFilesystemList mountedFilesystems;
+
+ for (int i = 0; i < count; i++)
+ {
+ make_shared_auto (MountedFilesystem, mf);
+
+ if (sysMountList[i].f_mntfromname[0])
+ mf->Device = DevicePath (sysMountList[i].f_mntfromname);
+ else
+ continue;
+
+ if (sysMountList[i].f_mntonname[0])
+ mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname);
+
+ mf->Type = sysMountList[i].f_fstypename;
+
+ if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint))
+ mountedFilesystems.push_back (mf);
+ }
+
+ return mountedFilesystems;
+ }
+
+ void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const
+ {
+ try
+ {
+ // Try to mount FAT by default as mount is unable to probe filesystem type on BSD
+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);
+ }
+ catch (ExecutedProcessFailed&)
+ {
+ if (!filesystemType.empty())
+ throw;
+
+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions);
+ }
+ }
+
+#ifdef TC_OPENBSD
+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>);
+ unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD);
+#endif
+}
diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.h b/src/Core/Unix/OpenBSD/CoreOpenBSD.h
new file mode 100644
index 00000000..3f6c48b5
--- /dev/null
+++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.h
@@ -0,0 +1,44 @@
+/* $OpenBSD$ */
+/*
+ Based on FreeBSD/CoreFreeBSD.h
+
+ Derived from source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
+ by the TrueCrypt License 3.0.
+
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages.
+*/
+
+#ifndef TC_HEADER_Core_CoreOpenBSD
+#define TC_HEADER_Core_CoreOpenBSD
+
+#include "System.h"
+#include "Core/Unix/CoreUnix.h"
+
+namespace VeraCrypt
+{
+ class CoreOpenBSD : public CoreUnix
+ {
+ public:
+ CoreOpenBSD ();
+ virtual ~CoreOpenBSD ();
+
+ virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const;
+
+ protected:
+ virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const;
+ virtual void DetachLoopDevice (const DevicePath &devicePath) const;
+ virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const;
+ virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const;
+
+ private:
+ CoreOpenBSD (const CoreOpenBSD &);
+ CoreOpenBSD &operator= (const CoreOpenBSD &);
+ };
+}
+
+#endif // TC_HEADER_Core_CoreOpenBSD
diff --git a/src/Core/Unix/OpenBSD/System.h b/src/Core/Unix/OpenBSD/System.h
new file mode 100644
index 00000000..90b24b2a
--- /dev/null
+++ b/src/Core/Unix/OpenBSD/System.h
@@ -0,0 +1,19 @@
+/* $OpenBSD$ */
+/*
+ Based on FreeBSD/System.h
+
+ Derived from source code of TrueCrypt 7.1a, which is
+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
+ by the TrueCrypt License 3.0.
+
+ Modifications and additions to the original source code (contained in this file)
+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX
+ and are governed by the Apache License 2.0 the full text of which is
+ contained in the file License.txt included in VeraCrypt binary and source
+ code distribution packages.
+*/
+
+#ifndef TC_HEADER_Platform_OpenBSD_System
+#define TC_HEADER_Platform_OpenBSD_System
+
+#endif // TC_HEADER_Platform_OpenBSD_System
diff --git a/src/Core/Unix/Solaris/CoreSolaris.cpp b/src/Core/Unix/Solaris/CoreSolaris.cpp
index 5705e1c6..15a79c49 100644
--- a/src/Core/Unix/Solaris/CoreSolaris.cpp
+++ b/src/Core/Unix/Solaris/CoreSolaris.cpp
@@ -173,6 +173,6 @@ namespace VeraCrypt
}
}
- auto_ptr <CoreBase> Core (new CoreServiceProxy <CoreSolaris>);
- auto_ptr <CoreBase> CoreDirect (new CoreSolaris);
+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreSolaris>);
+ unique_ptr <CoreBase> CoreDirect (new CoreSolaris);
}
diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp
index 1cc45b27..fefbddde 100644
--- a/src/Core/VolumeCreator.cpp
+++ b/src/Core/VolumeCreator.cpp
@@ -12,6 +12,9 @@
#include "Volume/EncryptionTest.h"
#include "Volume/EncryptionModeXTS.h"
+#ifdef WOLFCRYPT_BACKEND
+#include "Volume/EncryptionModeWolfCryptXTS.h"
+#endif
#include "Core.h"
#ifdef TC_UNIX
@@ -298,6 +301,11 @@ namespace VeraCrypt
// Master data key
MasterKey.Allocate (options->EA->GetKeySize() * 2);
RandomNumberGenerator::GetData (MasterKey);
+ // check that first half of MasterKey is different from its second half. If they are the same, through an exception
+ // cf CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
+ if (memcmp (MasterKey.Ptr(), MasterKey.Ptr() + MasterKey.Size() / 2, MasterKey.Size() / 2) == 0)
+ throw AssertionFailed (SRC_POS);
+
headerOptions.DataKey = MasterKey;
// PKCS5 salt
@@ -307,7 +315,7 @@ namespace VeraCrypt
// Header key
HeaderKey.Allocate (VolumeHeader::GetLargestSerializedKeySize());
- PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password);
+ PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password, options->EMVSupportEnabled);
options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, options->Pim, salt);
headerOptions.HeaderKey = HeaderKey;
@@ -355,8 +363,13 @@ namespace VeraCrypt
// Data area keys
options->EA->SetKey (MasterKey.GetRange (0, options->EA->GetKeySize()));
- shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
- mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));
+ #ifdef WOLFCRYPT_BACKEND
+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());
+ options->EA->SetKeyXTS (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));
+ #else
+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());
+ #endif
+ mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));
options->EA->SetMode (mode);
Options = options;
diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h
index 4f56308f..781354b9 100644
--- a/src/Core/VolumeCreator.h
+++ b/src/Core/VolumeCreator.h
@@ -16,6 +16,13 @@
#include "Platform/Platform.h"
#include "Volume/Volume.h"
#include "RandomNumberGenerator.h"
+#if defined (TC_LINUX)
+#include "Platform/Unix/Process.h"
+#include <errno.h>
+#endif
+
+#define VC_MIN_LARGE_BTRFS_VOLUME_SIZE 114294784ULL
+#define VC_MIN_SMALL_BTRFS_VOLUME_SIZE 16777216ULL
namespace VeraCrypt
{
@@ -31,6 +38,7 @@ namespace VeraCrypt
shared_ptr <Pkcs5Kdf> VolumeHeaderKdf;
shared_ptr <EncryptionAlgorithm> EA;
bool Quick;
+ bool EMVSupportEnabled;
struct FilesystemType
{
@@ -44,7 +52,9 @@ namespace VeraCrypt
Ext2,
Ext3,
Ext4,
+ Btrfs,
MacOsExt,
+ APFS,
UFS
};
@@ -62,6 +72,67 @@ namespace VeraCrypt
return VolumeCreationOptions::FilesystemType::FAT;
#endif
}
+
+ static const char* GetFsFormatter (VolumeCreationOptions::FilesystemType::Enum fsType)
+ {
+ switch (fsType)
+ {
+ #if defined (TC_LINUX)
+ case VolumeCreationOptions::FilesystemType::Ext2: return "mkfs.ext2";
+ case VolumeCreationOptions::FilesystemType::Ext3: return "mkfs.ext3";
+ case VolumeCreationOptions::FilesystemType::Ext4: return "mkfs.ext4";
+ case VolumeCreationOptions::FilesystemType::NTFS: return "mkfs.ntfs";
+ case VolumeCreationOptions::FilesystemType::exFAT: return "mkfs.exfat";
+ case VolumeCreationOptions::FilesystemType::Btrfs: return "mkfs.btrfs";
+ #elif defined (TC_MACOSX)
+ case VolumeCreationOptions::FilesystemType::MacOsExt: return "newfs_hfs";
+ case VolumeCreationOptions::FilesystemType::exFAT: return "newfs_exfat";
+ case VolumeCreationOptions::FilesystemType::APFS: return "newfs_apfs";
+ #elif defined (TC_FREEBSD) || defined (TC_SOLARIS)
+ case VolumeCreationOptions::FilesystemType::UFS: return "newfs" ;
+ #endif
+ default: return NULL;
+ }
+ }
+
+ static bool IsFsFormatterPresent (VolumeCreationOptions::FilesystemType::Enum fsType)
+ {
+ bool bRet = false;
+ const char* fsFormatter = GetFsFormatter (fsType);
+ if (fsFormatter)
+ {
+#if defined (TC_LINUX)
+ try
+ {
+ list <string> args;
+
+ args.push_back ("-V");
+ Process::Execute (fsFormatter, args);
+
+ bRet = true;
+ }
+ catch (ExecutedProcessFailed& epe)
+ {
+ // only permission error is accepted in case of failure of the command
+ if (epe.GetExitCode () == EPERM || epe.GetExitCode () == EACCES)
+ bRet = true;
+ }
+ catch (SystemException& se)
+ {
+ // if a permission error occured, then we consider that the command exists
+ if (se.GetErrorCode () == EPERM || se.GetErrorCode () == EACCES)
+ bRet = true;
+ }
+ catch (exception &e)
+ {
+ }
+#else
+ bRet = true;
+#endif
+ }
+
+ return bRet;
+ }
};
FilesystemType::Enum Filesystem;