VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core
AgeCommit message (Collapse)AuthorFilesLines
2023-08-05Security: ensure that XTS primary key is different from secondary key when ↵Mounir IDRASSI1-0/+5
creating volumes This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
2023-08-04fix warnings and UB (#1164)kovalev01-1/+4
* Crypto: fix warning mismatched bound ../Crypto/cpu.c:67:32: warning: argument 2 of type 'uint32[4]' {aka 'unsigned int[4]'} with mismatched bound [-Warray-parameter=] 67 | int CpuId(uint32 input, uint32 output[4]) | ~~~~~~~^~~~~~~~~ In file included from ../Crypto/cpu.c:3: ../Crypto/cpu.h:236:33: note: previously declared as 'uint32 *' {aka 'unsigned int *'} 236 | int CpuId(uint32 input, uint32 *output); Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Core/Unix: fix warning ignoring return value Unix/CoreUnix.cpp: In member function 'virtual std::shared_ptr<VeraCrypt:\ :VolumeInfo> VeraCrypt::CoreUnix::MountVolume(VeraCrypt::MountOptions&)': Unix/CoreUnix.cpp:682:55: warning: ignoring return value of 'int chown(const char*, __uid_t, __gid_t)' declared with attribute 'warn_unused_result' [-Wunused-result] 682 | chown (mountPoint.c_str(), GetRealUserId(), GetRealGroupId()); | ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Main/Forms: fix warning cast to pointer from integer of different size Forms/MainFrame.cpp: In member function 'void VeraCrypt::MainFrame:\ :UpdateVolumeList()': Forms/MainFrame.cpp:1718:106: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1718 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex, fields, 0, (void *) volume->SlotNumber); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ Forms/MainFrame.cpp:1753:114: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] 1753 | Gui->InsertToListCtrl (SlotListCtrl, ++prevItemIndex, fields, 0, (void *) slotNumber); | ^~~~~~~~~~~~~~~~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> * Crypto: fix undefined behavior signed integer overflow In function 'twofish_set_key': cc1: warning: iteration 4 invokes undefined behavior [-Waggressive-loop-optimizations] ../Crypto/Twofish.c:626:23: note: within this loop 626 | for (i = 0; i != 40; i += 2) | ~~^~~~~ Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> --------- Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> Co-authored-by: Vasiliy Kovalev <kovalev@altlinux.org>
2023-07-24Linux/macOS: Remove TrueCrypt supportMounir IDRASSI6-35/+18
2023-06-29EMV keyfile support: Overall code improvements and bug fixesMounir IDRASSI8-31/+31
2023-06-28Add EMV functionality (#1080)mmauv8-25/+31
* Add basic strcture needed for EMV implementation * Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL * Refactor IccExtractor Structure * Fix Makefile * fix include file * move global variables from h to c * revert to memcpy * fix icc data recovery functions * Add EMV functionalities on windows * Make EMVToken structures like SecurityToken * Define constants instead of hard coded values * Token structures created with inheritance * refactor TokenKeyfile to use inherit. + polymor. * add Token.h + Token.cpp in modules in VS2010 * Add a comment at each use of SecurityToken class or objects * SecurityTokenKeyfilesDialog preparation * Implemennt GetAvailableTokens in Token class on windows * merge * up (patching for Windows) * foreach Token.cpp corrected * Display EMV keyfiles on first window in graphic interface * Add token to Windows UI * EMVToken selection on OKButton on Linux * Keyfile.cpp optimization * Move getKeyfileData in the token class * EMV::Token GetAvailableKeyfiles() base * Move getKeyfileData in the token class on unix * Remove test comments * Warnings resolved * RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected * Adding new files * Remove old files and add the new version to the windows project * Change make_shared to shared_ptr constructor * IccExtractor integration working on linux * Throwing card not EMV execption * catch error when not EMV type in EMVToken::GetAvailableKeyfiles * Change types to compile on windows * list all keyfiles, security keyfiles and emv keyfiles in command line * Change type to be coherent and remove old todo comments * Remove todo comments * Change indentation and resolve a bug from previous commit * Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux * Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected * Remove SlotId from TokenInfo as it is already in Token * Correct errors on Linux * Disable delete option if one EMV Token is selected on Linux * Fix bug enabling delete button if nothing is selected * emv data used as reference then burnt * use of normal files in linux corrected * help updated * help updated for export functionnality * option EMV added to graphic interface but not yet working * Bug fix : Allow to use multiple EMV on windows * EMV Option added to UserPreferences * EMV Option working for Linux * EMV option added to Windows (not working yet) * [NOT TESTED] EMV option for Windows * Working EMV option on Windows * EMV Option for data extraction working for volume creation * EMV Option for data extraction working for Mount * EMV Option for data extraction working for mounting favorites volumes * EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume * Windows : re-checking EMV Option when getting data * Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more * Changing EMV errors - Only throwing ICCExtractionException from outside of the ICC module. - Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException - Deleting APDU exceptions. * First version of the documentation * Adding function pointers for winscard library (but it crashes VeraCrypt) * Debugging function pointers * The import of the library on windows work as expected now * Reverting EMVToken.cpp changes used to test to library import * Searching for the System32 path instead of hard codding it * Fixing the bug were VeraCrypt crashes if there is no readers when "add Token files" is clicked * Winscard library not initialized in object constructor anymore to delay it after EMVOption check * Remove winscard lib from windows dependencies * Properly displaying errors * Adding a dot in Language.xml * Catching TLVException * Removing unused code * Remove unusefull comments * Trying to fix 0x1f error * Update IccDataExtractor.cpp * Delete History.xml * Fix get data without get pan * Cleanup code * changes for linux compilation but linking not working * error handling for linux * erasing emv data * Burn PAN * Burn PAN from memory * Uncomment selfcheck before merging master * burn corrected * EMV errors handling for Linux * EMV working for Linux CLI * Doc : Winscard Linux package and VeraCrypt versions --------- Co-authored-by: doriandu45 <d45.poubelle@gmail.com> Co-authored-by: red4game <redemgaiming@gmail.com> Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr> Co-authored-by: vocthor <pieceo108@gmail.com> Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com> Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr> Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com> Co-authored-by: francoisLEROUX <francois3443@gmail.com>
2023-06-10Linux/FreeBSD: Fix privilege escalation prompts being ignored (#1100)Jertzukka1-3/+5
Currently if you fail the privilege escalation prompt, the second one and consecutively every second will be ignored. This is because if we do not --use-dummy-sudo-password and are on Linux/FreeBSD, we will be prompted for password twice for one evaluation in the while(!ElevatedServiceAvailable) loop. For the fix, we make sure that we run the prompt only once for each case.
2023-06-01Fix issues launching fsck via terminal on Linux (#1086)Jertzukka1-5/+17
Currently on a system without xterm or konsole (like fresh Ubuntu install) the fsck check will not launch. Added gnome-terminal as an alternative and fixed an issue where konsole will always error out as --title and --caption are no longer valid arguments. Previously the error message was simply "xterm not found", so new LangString LINUX_EX2MSG_TERMINALNOTFOUND was added to let the user knows which programs they need to get the feature working.
2023-05-27Linux/macOS: Make RNG implementation match documentation and the Windows ↵Mounir IDRASSI1-8/+15
implementation
2023-05-27Linux/macOS: explicitely initialize hash algo before hashing random poolMounir IDRASSI1-2/+3
The lack of explicit hash initialization was causing issue with Blake2s because it doesn't allow further processing once a digest value was returned. Other hash algorithms don't have this restriction. Not we explicitely initialize all hash algorithms which is the correct way to do things.
2023-05-19OpenBSD vnconfig no longer needs -c option (#1002)ZhanYF1-2/+0
Co-authored-by: Your Name <you@example.com>
2022-03-08Implement support of Blake2s-256 hash algorithm and remove deprecated ↵Mounir IDRASSI2-5/+4
algorithms RIPEMD-160 and GOST89.
2021-11-28Linux: try to fix some rare issues when invoking sudo using fork by waiting ↵Mounir IDRASSI1-0/+3
1 second for forked process to start
2021-09-04Minor cleanup of the repo (#822)a13460543-0/+0
* *: source files should not be executable * *: make sure files have final newline * *: remove BOM from text files * translations: unify headers * *: fix typos * *: trim excess whitespace
2021-07-14Make compatble with pam_tmpdir (#793)chasonr1-2/+96
If pam_tmpdir is in use, use the temporary directory for the sudoing user, rather than that for root.
2021-07-14Add support for OpenBSD (#779)kokokodak3-0/+229
* OpenBSD: add basic support modified: Build/Include/Makefile.inc modified: Driver/Fuse/FuseService.cpp modified: Main/FatalErrorHandler.cpp modified: Makefile modified: Platform/Unix/File.cpp modified: Platform/Unix/FilesystemPath.cpp modified: Platform/Unix/SystemInfo.cpp * OpenBSD: some necessary files were missing new file: Core/Unix/OpenBSD/CoreOpenBSD.cpp new file: Core/Unix/OpenBSD/CoreOpenBSD.h new file: Core/Unix/OpenBSD/System.h
2020-11-28Fixed macFUSE support for macOS 11 (Big Sur) (#699)Thierry Lelegard1-2/+6
2020-08-26Linux: Reduce minimal size requirement for BTRFS support to 16 MiB by using ↵Mounir IDRASSI1-1/+2
mixed mode for volumes whose size is less than 109 MiB
2020-08-08Linux/FreeBSD: Fix build error using older compilersMounir IDRASSI2-0/+6
2020-08-07Linux: Fix detection of available filesystem formattersMounir IDRASSI1-0/+12
2020-08-05Linux: Add support for Btrfs filesystem when creating volumesMounir IDRASSI1-0/+55
2020-06-28Linux/MacOSX: Erase sensitive memory explicitly instead of relying on the ↵Mounir IDRASSI1-1/+1
compiler not optimizing calls to method Memory::Erase
2020-06-26Linux/MacOSX: use standard std::shared_ptr instead of our custom ↵Mounir IDRASSI2-4/+8
implementation which is kept for compatibility with older compilers. We also introduce compatibility code for old compilers that don't define std::unique_ptr
2020-06-21Linux/MacOSX: Read at least 32 bytes from /dev/random before allowing it to ↵Mounir IDRASSI2-3/+11
fail gracefully
2020-06-19Linux/MacOSX: Don't always ignore /dev/random failure by making sure that it ↵Mounir IDRASSI2-1/+21
has returned random bytes successfully at least once during the lifetime of RandomNumberGenerator
2020-06-11Switch from auto_ptr to unique_ptr (#638)Christopher Bergqvist7-31/+31
2019-12-16MacOSX: fix compilation error caused by missing StringConverter::ToWide ↵Mounir IDRASSI1-1/+1
method that takes a size_t argument (we cast to uint32)
2019-12-05Make sure password gets deleted in case of exception in ↵Hanno Böck1-0/+1
CoreUnix::MountVolume (#565)
2019-12-01UNIX: make sector size mismatch error more verbose (#552) (#561)alt3r 3go1-2/+4
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
2019-11-04Linux/FreeBSD: Add CLI switch to force use of old sudo behavior of sending a ↵Mounir IDRASSI3-23/+37
dummy password The new switch is --use-dummy-sudo-password
2019-11-03Linux/FreeBSD: Fix regression causing admin password to be requested too ↵Mounir IDRASSI1-32/+40
many times in some cases
2019-10-23Linux/MacOSX: Add missing JitterEntropy implementationMounir IDRASSI2-0/+25
2019-10-19MacOSX: Support APFS for creating volumes.Mounir IDRASSI1-0/+1
2019-10-17Linux: fix compilation error under CentOS 6Mounir IDRASSI1-0/+1
2019-10-08Linux/FreeBSD: Use of 'sudo -n uptime' command to check whether user has an ↵El Mostafa Idrassi1-0/+37
active 'sudo' session instead of the use of a 'dummy' password. (#513) Signed-off-by: El Mostafa IDRASSI <el-mostafa.idrassi@prestalab.net>
2018-08-10Linux: Remove limitation of hidden volume protection on disk with sector ↵Mounir IDRASSI1-11/+0
size larger than 512 bytes.
2018-06-11Linux/MacOSX/FreeBSD: Support mounting partially encrypted system ↵Mounir IDRASSI1-0/+1
partitions/drivers in ReadOnly mode in order to allow troubleshooting in some cases.
2018-03-27Crypto: Add support for 5 new cascades of cipher algorithms ↵Mounir IDRASSI1-1/+5
(Camellia-Kuznyechik, Camellia-Serpent, Kuznyechik-AES, Kuznyechik-Serpent-Camellia and Kuznyechik-Twofish)
2017-06-23Update IDRIX copyright yearMounir IDRASSI39-39/+39
2017-05-28Fix wrong FAT32 jump opcode in its headerMounir IDRASSI1-2/+2
2016-10-17MacOSX: remove unused variableMounir IDRASSI1-1/+0
2016-10-17MacOSX: remove MacFUSE dependency and link against OSXFuse library. Now, ↵Mounir IDRASSI1-22/+10
only standard OSXFuse install is needed without MacFUSE compatibility option.
2016-10-17Use properly aligned memory in code using Streebog hash implementation that ↵Mounir IDRASSI1-1/+1
uses SSE.
2016-08-17Linux: Disable Kernel crypto if volume encrypted using Kuznyechik or MagmaMounir IDRASSI1-0/+3
2016-08-15Linux/MacOSX: Similar fix to Windows one. Write fake hidden volume header ↵Mounir IDRASSI1-6/+57
that is created from same data format as legitimate one in order to metigate attack that are able to detect the presence of TrueCrypt/VeraCrypt hidden volumes (reported by Ivanov Alexey Mikhailovich from Moscow, Russia)
2016-05-10Remove trailing whitespaceDavid Foerster39-116/+116
2016-05-01Reset bogus executable permissionsDavid Foerster1-0/+0
2016-02-22Linux: fix compilation errorMounir IDRASSI1-1/+0
2016-02-22Linux: fix mount issue on Fedora 23 by forcing the creation of a default ↵Mounir IDRASSI1-0/+11
loop device.
2016-02-21MacOSX: Correctly detect newer versions of OSXFuseMounir IDRASSI1-10/+12
2016-01-27Windows/Linux: Implement exFAT support.Mounir IDRASSI1-0/+1