VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core
AgeCommit message (Collapse)AuthorFilesLines
2024-12-25Linux/macOS: Simplify sudo session detection logic and extend it to macOSMounir IDRASSI2-36/+23
This update simplifies the logic for detecting active sudo sessions by checking the exit code of the sudo -n -l command, which reliably returns 0 if a session is active. Additionally, this approach is now applicable to recent macOS versions, as they no longer have the sudo bug that previously prevented us from using this method.
2024-08-02Implement detection of volumes with vulnerable XTS master key.Mounir IDRASSI3-4/+9
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
2024-06-24Fix regression in core service deserialization (#1367)Jertzukka1-1/+0
Introducing data into the standard out in the core service will cause deserialization problems, as the pipes are used for interprocess communication.
2024-06-23MacOSX: set FUSE-T workaround max delay to 5 seconds. Make logic specific to ↵Mounir IDRASSI1-6/+12
FUSE-T volumes.
2024-06-22MacOSX: Add for using FUSE-T instead of MacFUSEMounir IDRASSI2-8/+32
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support. It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support. A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
2024-06-12Avoid conflict with C++17 features std::byte by using uint8 type instead of byteMounir IDRASSI6-19/+19
2024-06-03FreeBSD: Support automatic detection and mounting of ext2/3/4, exFAT, NTFS ↵Jertzukka1-3/+44
filesystems (#1350)
2024-06-03FreeBSD: Fix privilege escalation prompts not showing up (#1349)Jertzukka1-1/+1
The behaviour of `wc -l` is different on FreeBSD, in which the stdout result is padded by spaces in the beginning, which causes that the result[0] is not actually the value we care about. This patch adds a translate removing all whitespace from the output.
2023-12-11macOS: Use correct Disk Utility location when "check filesystem" is ran (#1273)Jertzukka1-1/+7
2023-11-13wolfCrypt as crypto backend for VeraCrypt (#1227)lealem473-8/+36
* wolfCrypt as crypto backend for VeraCrypt * Refactor to use EncryptionModeWolfCryptXTS class
2023-10-08Fix warnings and throwing an exception instead of ignoring the error (#1229)kovalev01-4/+1
* EMVCard.cpp: ArrayToHexWideString: prohibit conversion of a string constant ../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con st unsigned char*, size_t)': ../Common/EMVCard.cpp:28:43: warning: ISO C++ forbids converting a string constant to 'wchar_t*' [-Wwrite-strings] 28 | static wchar_t* hexChar = L"0123456789ABCDEF"; | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * EMVCard.cpp: ArrayToHexWideString: fix of the comparison of different types ../Common/EMVCard.cpp: In function 'std::wstring VeraCrypt::ArrayToHexWideString(con st unsigned char*, size_t)': ../Common/EMVCard.cpp:32:43: warning: comparison of integer expressions of different signedness: 'int' and 'size_t' {aka 'long unsigned int'} [-Wsign-compare] 32 | for (int i = 0; i < cbData; i++) | ~~^~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * SecurityTokenKeyfilesDialog.cpp: removed initialization of an unused variable Forms/SecurityTokenKeyfilesDialog.cpp:58:24: warning: unused variable 'i' [-Wunused- variable] 58 | size_t i = 0; | ^ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Core/Unix: throwing an exception instead of ignoring the error Fixes: 5a6b445f ("fix warnings and UB (#1164)") Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> --------- Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-09-08Linux/macOS: simplify logic of handling /dev/random reading failure ↵Mounir IDRASSI2-16/+11
(proposed by @Lavode in #1187) Fixes #1187
2023-08-05Security: ensure that XTS primary key is different from secondary key when ↵Mounir IDRASSI1-0/+5
creating volumes This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
2023-08-04fix warnings and UB (#1164)kovalev01-1/+4
* Crypto: fix warning mismatched bound ../Crypto/cpu.c:67:32: warning: argument 2 of type 'uint32[4]' {aka 'unsigned int[4]'} with mismatched bound [-Warray-parameter=] 67 | int CpuId(uint32 input, uint32 output[4]) | ~~~~~~~^~~~~~~~~ In file included from ../Crypto/cpu.c:3: ../Crypto/cpu.h:236:33: note: previously declared as 'uint32 *' {aka 'unsigned int *'} 236 | int CpuId(uint32 input, uint32 *output); Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Core/Unix: fix warning ignoring return value Unix/CoreUnix.cpp: In member function 'virtual std::shared_ptr<VeraCrypt:\ :VolumeInfo> VeraCrypt::CoreUnix::MountVolume(VeraCrypt::MountOptions&)': Unix/CoreUnix.cpp:682:55: warning: ignoring return value of 'int chown(const char*, __uid_t, __gid_t)' declared with attribute 'warn_unused_result' [-Wunused-result] 682 | chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()); | ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Main/Forms: fix warning cast to pointer from integer of different size Forms/MainFrame.cpp: In member function 'void VeraCrypt::MainFrame:\ :UpdateVolumeList()': Forms/MainFrame.cpp:1718:106: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1718 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex, fields, 0, (void *) volume->SlotNumber); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ Forms/MainFrame.cpp:1753:114: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1753 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex, fields, 0, (void *) slotNumber); | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Crypto: fix undefined behavior signed integer overflow In function 'twofish_set_key': cc1: warning: iteration 4 invokes undefined behavior [-Waggressive-loop-optimizations] ../Crypto/Twofish.c:626:23: note: within this loop 626 | for (i = 0; i != 40; i += 2) | ~~^~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> --------- Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-07-24Linux/macOS: Remove TrueCrypt supportMounir IDRASSI6-35/+18
2023-06-29EMV keyfile support: Overall code improvements and bug fixesMounir IDRASSI8-31/+31
2023-06-28Add EMV functionality (#1080)mmauv8-25/+31
* Add basic strcture needed for EMV implementation * Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL * Refactor IccExtractor Structure * Fix Makefile * fix include file * move global variables from h to c * revert to memcpy * fix icc data recovery functions * Add EMV functionalities on windows * Make EMVToken structures like SecurityToken * Define constants instead of hard coded values * Token structures created with inheritance * refactor TokenKeyfile to use inherit. + polymor. * add Token.h + Token.cpp in modules in VS2010 * Add a comment at each use of SecurityToken class or objects * SecurityTokenKeyfilesDialog preparation * Implemennt GetAvailableTokens in Token class on windows * merge * up (patching for Windows) * foreach Token.cpp corrected * Display EMV keyfiles on first window in graphic interface * Add token to Windows UI * EMVToken selection on OKButton on Linux * Keyfile.cpp optimization * Move getKeyfileData in the token class * EMV::Token GetAvailableKeyfiles() base * Move getKeyfileData in the token class on unix * Remove test comments * Warnings resolved * RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected * Adding new files * Remove old files and add the new version to the windows project * Change make_shared to shared_ptr constructor * IccExtractor integration working on linux * Throwing card not EMV execption * catch error when not EMV type in EMVToken::GetAvailableKeyfiles * Change types to compile on windows * list all keyfiles, security keyfiles and emv keyfiles in command line * Change type to be coherent and remove old todo comments * Remove todo comments * Change indentation and resolve a bug from previous commit * Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux * Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected * Remove SlotId from TokenInfo as it is already in Token * Correct errors on Linux * Disable delete option if one EMV Token is selected on Linux * Fix bug enabling delete button if nothing is selected * emv data used as reference then burnt * use of normal files in linux corrected * help updated * help updated for export functionnality * option EMV added to graphic interface but not yet working * Bug fix : Allow to use multiple EMV on windows * EMV Option added to UserPreferences * EMV Option working for Linux * EMV option added to Windows (not working yet) * [NOT TESTED] EMV option for Windows * Working EMV option on Windows * EMV Option for data extraction working for volume creation * EMV Option for data extraction working for Mount * EMV Option for data extraction working for mounting favorites volumes * EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume * Windows : re-checking EMV Option when getting data * Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more * Changing EMV errors - Only throwing ICCExtractionException from outside of the ICC module. - Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException - Deleting APDU exceptions. * First version of the documentation * Adding function pointers for winscard library (but it crashes VeraCrypt) * Debugging function pointers * The import of the library on windows work as expected now * Reverting EMVToken.cpp changes used to test to library import * Searching for the System32 path instead of hard codding it * Fixing the bug were VeraCrypt crashes if there is no readers when "add Token files" is clicked * Winscard library not initialized in object constructor anymore to delay it after EMVOption check * Remove winscard lib from windows dependencies * Properly displaying errors * Adding a dot in Language.xml * Catching TLVException * Removing unused code * Remove unusefull comments * Trying to fix 0x1f error * Update IccDataExtractor.cpp * Delete History.xml * Fix get data without get pan * Cleanup code * changes for linux compilation but linking not working * error handling for linux * erasing emv data * Burn PAN * Burn PAN from memory * Uncomment selfcheck before merging master * burn corrected * EMV errors handling for Linux * EMV working for Linux CLI * Doc : Winscard Linux package and VeraCrypt versions --------- Co-authored-by: doriandu45 <d45.poubelle@gmail.com> Co-authored-by: red4game <redemgaiming@gmail.com> Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr> Co-authored-by: vocthor <pieceo108@gmail.com> Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com> Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr> Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com> Co-authored-by: francoisLEROUX <francois3443@gmail.com>
2023-06-10Linux/FreeBSD: Fix privilege escalation prompts being ignored (#1100)Jertzukka1-3/+5
Currently if you fail the privilege escalation prompt, the second one and consecutively every second will be ignored. This is because if we do not --use-dummy-sudo-password and are on Linux/FreeBSD, we will be prompted for password twice for one evaluation in the while(!ElevatedServiceAvailable) loop. For the fix, we make sure that we run the prompt only once for each case.
2023-06-01Fix issues launching fsck via terminal on Linux (#1086)Jertzukka1-5/+17
Currently on a system without xterm or konsole (like fresh Ubuntu install) the fsck check will not launch. Added gnome-terminal as an alternative and fixed an issue where konsole will always error out as --title and --caption are no longer valid arguments. Previously the error message was simply "xterm not found", so new LangString LINUX_EX2MSG_TERMINALNOTFOUND was added to let the user knows which programs they need to get the feature working.
2023-05-27Linux/macOS: Make RNG implementation match documentation and the Windows ↵Mounir IDRASSI1-8/+15
implementation
2023-05-27Linux/macOS: explicitely initialize hash algo before hashing random poolMounir IDRASSI1-2/+3
The lack of explicit hash initialization was causing issue with Blake2s because it doesn't allow further processing once a digest value was returned. Other hash algorithms don't have this restriction. Not we explicitely initialize all hash algorithms which is the correct way to do things.
2023-05-19OpenBSD vnconfig no longer needs -c option (#1002)ZhanYF1-2/+0
Co-authored-by: Your Name <you@example.com>
2022-03-08Implement support of Blake2s-256 hash algorithm and remove deprecated ↵Mounir IDRASSI2-5/+4
algorithms RIPEMD-160 and GOST89.
2021-11-28Linux: try to fix some rare issues when invoking sudo using fork by waiting ↵Mounir IDRASSI1-0/+3
1 second for forked process to start
2021-09-04Minor cleanup of the repo (#822)a13460543-0/+0
* *: source files should not be executable * *: make sure files have final newline * *: remove BOM from text files * translations: unify headers * *: fix typos * *: trim excess whitespace
2021-07-14Make compatble with pam_tmpdir (#793)chasonr1-2/+96
If pam_tmpdir is in use, use the temporary directory for the sudoing user, rather than that for root.
2021-07-14Add support for OpenBSD (#779)kokokodak3-0/+229
* OpenBSD: add basic support modified: Build/Include/Makefile.inc modified: Driver/Fuse/FuseService.cpp modified: Main/FatalErrorHandler.cpp modified: Makefile modified: Platform/Unix/File.cpp modified: Platform/Unix/FilesystemPath.cpp modified: Platform/Unix/SystemInfo.cpp * OpenBSD: some necessary files were missing new file: Core/Unix/OpenBSD/CoreOpenBSD.cpp new file: Core/Unix/OpenBSD/CoreOpenBSD.h new file: Core/Unix/OpenBSD/System.h
2020-11-28Fixed macFUSE support for macOS 11 (Big Sur) (#699)Thierry Lelegard1-2/+6
2020-08-26Linux: Reduce minimal size requirement for BTRFS support to 16 MiB by using ↵Mounir IDRASSI1-1/+2
mixed mode for volumes whose size is less than 109 MiB
2020-08-08Linux/FreeBSD: Fix build error using older compilersMounir IDRASSI2-0/+6
2020-08-07Linux: Fix detection of available filesystem formattersMounir IDRASSI1-0/+12
2020-08-05Linux: Add support for Btrfs filesystem when creating volumesMounir IDRASSI1-0/+55
2020-06-28Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the ↵Mounir IDRASSI1-1/+1
compiler not optimizing calls to method Memory::Erase
2020-06-26Linux/MacOSX: use standard std::shared_ptr instead of our custom ↵Mounir IDRASSI2-4/+8
implementation which is kept for compatibility with older compilers. We also introduce compatibility code for old compilers that don't define std::unique_ptr
2020-06-21Linux/MacOSX: Read at least 32 bytes from /dev/random before allowing it to ↵Mounir IDRASSI2-3/+11
fail gracefully
2020-06-19Linux/MacOSX: Don't always ignore /dev/random failure by making sure that it ↵Mounir IDRASSI2-1/+21
has returned random bytes successfully at least once during the lifetime of RandomNumberGenerator
2020-06-11Switch from auto_ptr to unique_ptr (#638)Christopher Bergqvist7-31/+31
2019-12-16MacOSX: fix compilation error caused by missing StringConverter::ToWide ↵Mounir IDRASSI1-1/+1
method that takes a size_t argument (we cast to uint32)
2019-12-05Make sure password gets deleted in case of exception in ↵Hanno Böck1-0/+1
CoreUnix::MountVolume (#565)
2019-12-01UNIX: make sector size mismatch error more verbose (#552) (#561)alt3r 3go1-2/+4
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
2019-11-04Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a ↵Mounir IDRASSI3-23/+37
dummy password The new switch is --use-dummy-sudo-password
2019-11-03Linux/FreeBSD: Fix regression causing admin password to be requested too ↵Mounir IDRASSI1-32/+40
many times in some cases
2019-10-23Linux/MacOSX: Add missing JitterEntropy implementationMounir IDRASSI2-0/+25
2019-10-19MacOSX: Support APFS for creating volumes.Mounir IDRASSI1-0/+1
2019-10-17Linux: fix compilation error under CentOS 6Mounir IDRASSI1-0/+1
2019-10-08Linux/FreeBSD: Use of 'sudo -n uptime' command to check whether user has an ↵El Mostafa Idrassi1-0/+37
active 'sudo' session instead of the use of a 'dummy' password. (#513) Signed-off-by: El Mostafa IDRASSI <el-mostafa.idrassi@prestalab.net>
2018-08-10Linux: Remove limitation of hidden volume protection on disk with sector ↵Mounir IDRASSI1-11/+0
size larger than 512 bytes.
2018-06-11Linux/MacOSX/FreeBSD: Support mounting partially encrypted system ↵Mounir IDRASSI1-0/+1
partitions/drivers in ReadOnly mode in order to allow troubleshooting in some cases.
2018-03-27Crypto: Add support for 5 new cascades of cipher algorithms ↵Mounir IDRASSI1-1/+5
(Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish)
2017-06-23Update IDRIX copyright yearMounir IDRASSI39-39/+39