+ bool m_emvSupportEnabled;

+ ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled) {}

+ virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); }

+ bool m_emvSupportEnabled;

+ OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):

+ m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_keyfiles(keyfiles),

+ m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope), m_emvSupportEnabled(emvSupportEnabled) {}

+ virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_keyfiles, m_emvSupportEnabled, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }

+ bool m_emvSupportEnabled;

+ ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled)

+ : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles), m_emvSupportEnabled(emvSupportEnabled) {}

+ virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles, m_emvSupportEnabled); }

+ DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)

+ : m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}

+ virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }

+ void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ newPkcs5Kdf = openVolume->GetPkcs5Kdf();

+ shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword, emvSupportEnabled));

+ void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled);

+ ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount);

+ shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const

+ volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);

+ void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const

+ shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password, emvSupportEnabled));

+ virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;

+ virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool emvSupportEnabled) const;

+ Kdf = Pkcs5Kdf::GetAlgorithm (nameValue);

+ ProtectionKdf = Pkcs5Kdf::GetAlgorithm (nameValue);

+ UseBackupHeaders (false)

+ bool EMVSupportEnabled;

+

+#ifndef ERESTART

+#define ERESTART EINTR

+#endif

+

+ if (rndCount != -1) {

+ // We count returned bytes until 32-bytes threshold reached

+ if (DevRandomBytesCount < 32)

+ DevRandomBytesCount += rndCount;

+ break;

+ else if (DevRandomBytesCount >= 32) {

+ // allow /dev/random to fail gracefully since we have enough bytes

+ else {

+ // wait 250ms before querying /dev/random again

+ ::usleep (250 * 1000);

+ }

+ size_t digestSize = PoolHash->GetDigestSize();

+ size_t poolSize = Pool.Size();

+ // pool size must be multiple of digest size

+ // this is always the case with default pool size value (320 bytes)

+ if (poolSize % digestSize)

+ throw AssertionFailed (SRC_POS);

+

+ for (size_t poolPos = 0; poolPos < poolSize; poolPos += digestSize)

+ SecureBuffer digest (digestSize);

+ PoolHash->Init();

+ /* XOR the resultant message digest to the pool at the poolIndex position. */

+ /* this matches the documentation: https://veracrypt.fr/en/Random%20Number%20Generator.html */

+ for (size_t digestIndex = 0; digestIndex < digestSize; digestIndex++)

+ Pool [poolPos + digestIndex] ^= digest [digestIndex];

+ #ifndef WOLFCRYPT_BACKEND

+ PoolHash.reset (new Blake2s());

+ #else

+ PoolHash.reset (new Sha256());

+ #endif

+ #ifndef WOLFCRYPT_BACKEND

+ if (Crc32::ProcessBuffer (Pool) != 0x9c743238)

+ #else

+ if (Crc32::ProcessBuffer (Pool) != 0xac95ac1a)

+ #endif

+ throw TestFailed (SRC_POS);

+ #ifndef WOLFCRYPT_BACKEND

+ if (Crc32::ProcessBuffer (Pool) != 0xd2d09c8d)

+ #else

+ if (Crc32::ProcessBuffer (Pool) != 0xb79f3c12)

+ #endif

+ throw TestFailed (SRC_POS);

+ bool authCheckDone = false;

+#if defined(TC_LINUX ) || defined (TC_FREEBSD)

+ if(!authCheckDone)

+#endif

+ (*AdminPasswordCallback) (request.AdminPassword);

+#if defined(TC_LINUX )

+ Thread::Sleep (1000); // wait 1 second for the forked sudo to start

+#endif

+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled);

+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVSupportEnabled);

+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled));

+#ifdef TC_LINUX

+ static string GetTmpUser ();

+ static bool SamePath (const string& path1, const string& path2);

+#endif

+

+ args.push_back ("-p");

+ args.push_back ("tabtitle=fsck");

+ else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0)

+ {

+ args.clear ();

+ args.push_back ("--title");

+ args.push_back ("fsck");

+ args.push_back ("--");

+ args.push_back ("sh");

+ args.push_back ("-c");

+ args.push_back (xargs);

+ try

+ {

+ Process::Execute ("gnome-terminal", args, 1000);

+ } catch (TimeOut&) { }

+ }

+ throw TerminalNotFound();

+ const char *tmpdir = getenv ("TMPDIR");

+ string envDir = tmpdir ? tmpdir : "/tmp";

+

+#ifdef TC_LINUX

+ /*

+ * If pam_tmpdir.so is in use, a different temporary directory is

+ * allocated for each user ID. We need to mount to the directory used

+ * by the non-root user.

+ */

+ if (getuid () == 0 && envDir.size () >= 2

+ && envDir.substr (envDir.size () - 2) == "/0") {

+ string tmpuser = GetTmpUser ();

+ if (SamePath (envDir, tmpuser + "/0")) {

+ /* Substitute the sudo'ing user for 0 */

+ char uid[40];

+ FILE *fp = fopen ("/proc/self/loginuid", "r");

+ if (fp != NULL) {

+ if (fgets (uid, sizeof (uid), fp) != nullptr) {

+ envDir = tmpuser + "/" + uid;

+ }

+ fclose (fp);

+ }

+ }

+ }

+#endif

+

+ return envDir;

+ }

+

+#ifdef TC_LINUX

+ static string GetTmpUser ()

+ {

+ string tmpuser = "/tmp/user";

+ FILE *fp = fopen ("/etc/security/tmpdir.conf", "r");

+ if (fp == NULL) {

+ return tmpuser;

+ }

+ while (true) {

+ /* Parses the same way as pam_tmpdir */

+ char line[1024];

+ if (fgets (line, sizeof (line), fp) == nullptr) {

+ break;

+ }

+ if (line[0] == '#') {

+ continue;

+ }

+ size_t len = strlen (line);

+ if (len > 0 && line[len-1] == '\n') {

+ line[len-1] = '\0';

+ }

+ char *eq = strchr (line, '=');

+ if (eq == nullptr) {

+ continue;

+ }

+ *eq = '\0';

+ const char *key = line;

+ const char *value = eq + 1;

+ if (strcmp (key, "tmpdir") == 0) {

+ tmpuser = value;

+ break;

+ }

+ }

+ fclose (fp);

+ return tmpuser;

+ static bool SamePath (const string& path1, const string& path2)

+ {

+ size_t i1 = 0;

+ size_t i2 = 0;

+ while (i1 < path1.size () && i2 < path2.size ()) {

+ if (path1[i1] != path2[i2]) {

+ return false;

+ }

+ /* Any two substrings consisting entirely of slashes compare equal */

+ if (path1[i1] == '/') {

+ while (i1 < path1.size () && path1[i1] == '/') {

+ ++i1;

+ }

+ while (i2 < path2.size () && path2[i2] == '/') {

+ ++i2;

+ }

+ }

+ else

+ {

+ ++i1;

+ ++i2;

+ }

+ }

+ return (i1 == path1.size () && i2 == path2.size ());

+ }

+#endif

+

+ options.EMVSupportEnabled,

+ throw_sys_sub_if (chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()) == -1, mountPoint);

+#ifdef WOLFCRYPT_BACKEND

+#include "Volume/EncryptionModeWolfCryptXTS.h"

+#endif

+ bool xts = (typeid (*volume->GetEncryptionMode()) ==

+ #ifdef WOLFCRYPT_BACKEND

+ typeid (EncryptionModeWolfCryptXTS));

+ #else

+ typeid (EncryptionModeXTS));

+ #endif

+ bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik))

+ struct stat sb;

+

+ if (stat("/Applications/Utilities/Disk Utility.app", &sb) == 0)

+ args.push_back ("/Applications/Utilities/Disk Utility.app");

+ else

+ args.push_back ("/System/Applications/Utilities/Disk Utility.app");

+

+ fuseVersionStringLength = MAXHOSTNAMELEN;

+ if ((status = sysctlbyname ("vfs.generic.macfuse.version.number", fuseVersionString, &fuseVersionStringLength, NULL, 0)) != 0)

+ {

+ throw HigherFuseVersionRequired (SRC_POS);

+ }

+ if (0 != stat("/usr/local/lib/libosxfuse_i64.2.dylib", &sb) && 0 != stat("/usr/local/lib/libfuse.dylib", &sb))

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.cpp

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#include <fstream>

+#include <iostream>

+#include <stdio.h>

+#include <unistd.h>

+#include <sys/param.h>

+#include <sys/ucred.h>

+#include <sys/mount.h>

+#include <sys/wait.h>

+#include "CoreOpenBSD.h"

+#include "Core/Unix/CoreServiceProxy.h"

+

+namespace VeraCrypt

+{

+ CoreOpenBSD::CoreOpenBSD ()

+ {

+ }

+

+ CoreOpenBSD::~CoreOpenBSD ()

+ {

+ }

+

+ DevicePath CoreOpenBSD::AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const

+ {

+ list <string> args;

+

+ if (readOnly)

+ {

+ throw;

+ }

+

+ // find an available vnd

+ int freeVnd = -1;

+ for (int vnd = 0; vnd <= 3; vnd++)

+ {

+ stringstream devPath;

+ devPath << "/dev/vnd" << vnd << "c";

+

+ if (FilesystemPath (devPath.str()).IsBlockDevice() || FilesystemPath (devPath.str()).IsCharacterDevice())

+ {

+ make_shared_auto (HostDevice, device);

+ device->Path = devPath.str();

+ try

+ {

+ GetDeviceSize (device->Path);

+ }

+ catch (...)

+ {

+ freeVnd = vnd;

+ break;

+ }

+ }

+ }

+

+ if (freeVnd == -1)

+ throw "couldn't find free vnd";

+

+ stringstream freePath;

+ freePath << "vnd" << freeVnd;

+ args.push_back (freePath.str());

+

+ args.push_back (filePath);

+

+ Process::Execute ("vnconfig", args);

+

+ return "/dev/" + freePath.str() + "c";

+ }

+

+ void CoreOpenBSD::DetachLoopDevice (const DevicePath &devicePath) const

+ {

+ list <string> args;

+ args.push_back ("-u");

+ args.push_back (devicePath);

+

+ for (int t = 0; true; t++)

+ {

+ try

+ {

+ Process::Execute ("vnconfig", args);

+ break;

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (t > 5)

+ throw;

+ Thread::Sleep (200);

+ }

+ }

+ }

+

+ // not sure what this is used for

+ HostDeviceList CoreOpenBSD::GetHostDevices (bool pathListOnly) const

+ {

+ throw;

+ }

+

+ MountedFilesystemList CoreOpenBSD::GetMountedFilesystems (const DevicePath &devicePath, const DirectoryPath &mountPoint) const

+ {

+

+ static Mutex mutex;

+ ScopeLock sl (mutex);

+

+ struct statfs *sysMountList;

+ int count = getmntinfo (&sysMountList, MNT_NOWAIT);

+ throw_sys_if (count == 0);

+

+ MountedFilesystemList mountedFilesystems;

+

+ for (int i = 0; i < count; i++)

+ {

+ make_shared_auto (MountedFilesystem, mf);

+

+ if (sysMountList[i].f_mntfromname[0])

+ mf->Device = DevicePath (sysMountList[i].f_mntfromname);

+ else

+ continue;

+

+ if (sysMountList[i].f_mntonname[0])

+ mf->MountPoint = DirectoryPath (sysMountList[i].f_mntonname);

+

+ mf->Type = sysMountList[i].f_fstypename;

+

+ if ((devicePath.IsEmpty() || devicePath == mf->Device) && (mountPoint.IsEmpty() || mountPoint == mf->MountPoint))

+ mountedFilesystems.push_back (mf);

+ }

+

+ return mountedFilesystems;

+ }

+

+ void CoreOpenBSD::MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const

+ {

+ try

+ {

+ // Try to mount FAT by default as mount is unable to probe filesystem type on BSD

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType.empty() ? "msdos" : filesystemType, readOnly, systemMountOptions);

+ }

+ catch (ExecutedProcessFailed&)

+ {

+ if (!filesystemType.empty())

+ throw;

+

+ CoreUnix::MountFilesystem (devicePath, mountPoint, filesystemType, readOnly, systemMountOptions);

+ }

+ }

+

+#ifdef TC_OPENBSD

+ unique_ptr <CoreBase> Core (new CoreServiceProxy <CoreOpenBSD>);

+ unique_ptr <CoreBase> CoreDirect (new CoreOpenBSD);

+#endif

+}

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/CoreFreeBSD.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Core_CoreOpenBSD

+#define TC_HEADER_Core_CoreOpenBSD

+

+#include "System.h"

+#include "Core/Unix/CoreUnix.h"

+

+namespace VeraCrypt

+{

+ class CoreOpenBSD : public CoreUnix

+ {

+ public:

+ CoreOpenBSD ();

+ virtual ~CoreOpenBSD ();

+

+ virtual HostDeviceList GetHostDevices (bool pathListOnly = false) const;

+

+ protected:

+ virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const;

+ virtual void DetachLoopDevice (const DevicePath &devicePath) const;

+ virtual MountedFilesystemList GetMountedFilesystems (const DevicePath &devicePath = DevicePath(), const DirectoryPath &mountPoint = DirectoryPath()) const;

+ virtual void MountFilesystem (const DevicePath &devicePath, const DirectoryPath &mountPoint, const string &filesystemType, bool readOnly, const string &systemMountOptions) const;

+

+ private:

+ CoreOpenBSD (const CoreOpenBSD &);

+ CoreOpenBSD &operator= (const CoreOpenBSD &);

+ };

+}

+

+#endif // TC_HEADER_Core_CoreOpenBSD

+/* $OpenBSD$ */

+/*

+ Based on FreeBSD/System.h

+

+ Derived from source code of TrueCrypt 7.1a, which is

+ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

+ by the TrueCrypt License 3.0.

+

+ Modifications and additions to the original source code (contained in this file)

+ and all other portions of this file are Copyright (c) 2013-2017 IDRIX

+ and are governed by the Apache License 2.0 the full text of which is

+ contained in the file License.txt included in VeraCrypt binary and source

+ code distribution packages.

+*/

+

+#ifndef TC_HEADER_Platform_OpenBSD_System

+#define TC_HEADER_Platform_OpenBSD_System

+

+#endif // TC_HEADER_Platform_OpenBSD_System

+#ifdef WOLFCRYPT_BACKEND

+#include "Volume/EncryptionModeWolfCryptXTS.h"

+#endif

+ // check that first half of MasterKey is different from its second half. If they are the same, through an exception

+ // cf CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf

+ if (memcmp (MasterKey.Ptr(), MasterKey.Ptr() + MasterKey.Size() / 2, MasterKey.Size() / 2) == 0)

+ throw AssertionFailed (SRC_POS);

+

+ PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password, options->EMVSupportEnabled);

+ #ifdef WOLFCRYPT_BACKEND

+ shared_ptr <EncryptionMode> mode (new EncryptionModeWolfCryptXTS ());

+ options->EA->SetKeyXTS (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));

+ #else

+ shared_ptr <EncryptionMode> mode (new EncryptionModeXTS ());

+ #endif

+ mode->SetKey (MasterKey.GetRange (options->EA->GetKeySize(), options->EA->GetKeySize()));

+#if defined (TC_LINUX)

+#include "Platform/Unix/Process.h"

+#include <errno.h>

+#endif

+

+#define VC_MIN_LARGE_BTRFS_VOLUME_SIZE 114294784ULL

+#define VC_MIN_SMALL_BTRFS_VOLUME_SIZE 16777216ULL

+ bool EMVSupportEnabled;

+ Btrfs,

+

+ static const char* GetFsFormatter (VolumeCreationOptions::FilesystemType::Enum fsType)

+ {

+ switch (fsType)

+ {

+ #if defined (TC_LINUX)

+ case VolumeCreationOptions::FilesystemType::Ext2: return "mkfs.ext2";

+ case VolumeCreationOptions::FilesystemType::Ext3: return "mkfs.ext3";

+ case VolumeCreationOptions::FilesystemType::Ext4: return "mkfs.ext4";

+ case VolumeCreationOptions::FilesystemType::NTFS: return "mkfs.ntfs";

+ case VolumeCreationOptions::FilesystemType::exFAT: return "mkfs.exfat";

+ case VolumeCreationOptions::FilesystemType::Btrfs: return "mkfs.btrfs";

+ #elif defined (TC_MACOSX)

+ case VolumeCreationOptions::FilesystemType::MacOsExt: return "newfs_hfs";

+ case VolumeCreationOptions::FilesystemType::exFAT: return "newfs_exfat";

+ case VolumeCreationOptions::FilesystemType::APFS: return "newfs_apfs";

+ #elif defined (TC_FREEBSD) || defined (TC_SOLARIS)

+ case VolumeCreationOptions::FilesystemType::UFS: return "newfs" ;

+ #endif

+ default: return NULL;

+ }

+ }

+

+ static bool IsFsFormatterPresent (VolumeCreationOptions::FilesystemType::Enum fsType)

+ {

+ bool bRet = false;

+ const char* fsFormatter = GetFsFormatter (fsType);

+ if (fsFormatter)

+ {

+#if defined (TC_LINUX)

+ try

+ {

+ list <string> args;

+

+ args.push_back ("-V");

+ Process::Execute (fsFormatter, args);

+

+ bRet = true;

+ }

+ catch (ExecutedProcessFailed& epe)

+ {

+ // only permission error is accepted in case of failure of the command

+ if (epe.GetExitCode () == EPERM || epe.GetExitCode () == EACCES)

+ bRet = true;

+ }

+ catch (SystemException& se)

+ {

+ // if a permission error occured, then we consider that the command exists

+ if (se.GetErrorCode () == EPERM || se.GetErrorCode () == EACCES)

+ bRet = true;

+ }

+ catch (exception &e)

+ {

+ }

+#else

+ bRet = true;

+#endif

+ }

+

+ return bRet;

+ }