Commit Graph

1544 Commits

Author SHA1 Message Date
Mounir IDRASSI
714a2ce0ae Bootloader: in function ReadVolumeHeader, arrays dk and masterKey have the same size and they are never needed at the same time. So, we can minimize stack memory usage by using only one array instead of two. At the end of the function, the array is erased securely. 2014-11-08 23:24:22 +01:00
Mounir IDRASSI
c1378f781a Bootloader: optimize code size in single cipher mode by manually inlining EAInit, EAGetFirst and EAGetKeySize, and by removing the loop in ReadVolumeHeader that tests for encryption algorithms. 2014-11-08 23:24:19 +01:00
Mounir IDRASSI
c61f8c70de Bootloader code optimization: remove code in HMAC implementation in case of boot compilation that is never called since passwords are always less than 64-byte length. We leave it in Windows compilation because it is used to check the implementation against test vectors. 2014-11-08 23:24:17 +01:00
Mounir IDRASSI
e1a0826ef5 Linux: remove workaround for wxFileType::GetOpenCommand bug in handling path with spaces because it was fixed in wxWidgets 3.0 and this workaround causes problems. 2014-11-08 23:24:14 +01:00
Mounir IDRASSI
9c1ddff7e3 Linux: Support NTFS formatting of volume. We use mkfs.ntfs so it needs to be installed on the system. 2014-11-08 23:24:11 +01:00
Mounir IDRASSI
ea03100d9e Linux/MacOSX : fix encryption/decryption issues with hard drives that have a sector size bigger than 512. Now, we use the sector size as the minimum unit for data fragment encryption/decryption. 2014-11-08 23:24:09 +01:00
Mounir IDRASSI
067394d110 MacOSX : Support hard drives with a large sector size ( > 512). 2014-11-08 23:24:06 +01:00
Mounir IDRASSI
f05f6a00a6 Integrate SHA-256 support into Linux/MacOSX code. Set PRF priority to SHA-512 -> Whirlpool -> SHA-256 -> RIPEMD-160 . 2014-11-08 23:24:03 +01:00
Mounir IDRASSI
905a3ff4a5 Small code size optimization for RIPEMD-160 when compiled for boot encryption. 2014-11-08 23:24:01 +01:00
Mounir IDRASSI
922a09b634 Use HashForSystemEncryption to check if the algorithm is supported for system partition encryption because we have now two supported algorithms. 2014-11-08 23:23:58 +01:00
Mounir IDRASSI
f043e6cbf0 Display only allowed hashes when encrypting the system partition (now, SHA-256 and RIPEMD-160). 2014-11-08 23:23:56 +01:00
Mounir IDRASSI
68f16dae24 Implement support for creating and booting encrypted partition using SHA-256. Support SHA-256 for normal volumes as well. 2014-11-08 23:23:53 +01:00
Mounir IDRASSI
f38cf0b694 Add support for SHA-256 in key derivation for bootloader encryption. Create separate bootloader images for SHA-256 and RIPEMD-160. Set SHA-256 as the default PRF for boot encryption and SHA-512 as default PRF for all other cases. Depricate RIPEMD-160. 2014-11-08 23:23:50 +01:00
Mounir IDRASSI
bd7d151abf Add SHA-256 source specific for upcoming bootloader build because of its small size. It was derived from the libtomcrypt public domain source. 2014-11-08 23:23:48 +01:00
Mounir IDRASSI
2fe23a3fa3 Correctly support reinstalling the same version. Overwrite the bootloader if the same version detected. 2014-11-08 23:23:45 +01:00
Mounir IDRASSI
effb5c7c1e Windows vulnerability fix : finally make bootloader decompressor more robust and secure by adding multiple checks and validation code. This solves the issue found by the Open Crypt Audit project. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K. 2014-11-08 23:23:42 +01:00
Mounir IDRASSI
50ca9fe46f Optimization to reduce code size of derive_u_ripemd160. Useful for boatloader. 2014-11-08 23:23:40 +01:00
Mounir IDRASSI
0178a6d33f Optimize code space and solve the Serpent issue (https://sourceforge.net/p/veracrypt/discussion/technical/thread/fb09633a/#6406) by removing key length parameter from serpent_set_key and twofish_set_key 2014-11-08 23:23:37 +01:00
Mounir IDRASSI
411e8599f3 Call RegCloseKey only if handle is valid. 2014-11-08 23:23:34 +01:00
Mounir IDRASSI
b80ee2b7b9 Windows : display the correct tray icon when explorer is restarted (i.e. after an explorer crash). 2014-11-08 23:23:31 +01:00
Mounir IDRASSI
8a028aca45 Use absolute path in ShellExecute call that was missed when the security fix for Microsoft Security Advisory 2269637 was implemented. 2014-11-08 23:23:28 +01:00
Mounir IDRASSI
fb12b635ed Update Readme.txt to include more accurate build instructions for Linux and MacOSX 2014-11-08 23:23:25 +01:00
Mounir IDRASSI
d761e95133 MacOSX : increment MacOSX installer version to 1.0e 2014-11-08 23:23:22 +01:00
Mounir IDRASSI
f7d783dda8 Adapt certain functions in the case of Windows bootloader in order to make its size as small as possible. 2014-11-08 23:23:19 +01:00
Mounir IDRASSI
ccbc2cff0b Increment version to 1.0e for the next release 2014-11-08 23:23:17 +01:00
Mounir IDRASSI
809394d383 Include language xml files in the setup 2014-11-08 23:23:13 +01:00
Mounir IDRASSI
7c501359b3 Windows vulnerability fix: correct some integer overflow issues using the IntSafe library. Detected by the Open Crypto Audit project 2014-11-08 23:23:10 +01:00
Mounir IDRASSI
f82e16f0a1 Windows vulnerability fix: correct checking device name to avoid possible bypass attack detected by the Open Crypto Audit project 2014-11-08 23:23:08 +01:00
Mounir IDRASSI
4fa4d6d227 Windows vulnerability fix: correct possible BSOD attack targeted towards GetWipePassCount() / WipeBuffer() found by the Open Crypto Audit Project. 2014-11-08 23:23:05 +01:00
Mounir IDRASSI
e0efb36f33 Revert previous modification on boad-loader decompressor because it increased its size and it became impossible to include it with the SERPENT version of bootloader. The decompressor and the compressed bootloader are copied twice (original and backup) in the 63 first sectors of the hard drive (32K), thus the size limitation.
This reverts commit 154235d589222e3c31cda05aa53e73ab69a89a6e.
2014-11-08 23:23:02 +01:00
Mounir IDRASSI
ef4355acf8 Windows vulnerability fix : make boot-loader decompressor more robust and secure by adding multiple checks and validation code. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K. 2014-11-08 23:22:59 +01:00
Mounir IDRASSI
5fcb262539 Windows vulnerability fix : clear sensitive data in Windows kernel driver by using burjn instead of memset 2014-11-08 23:22:57 +01:00
Mounir IDRASSI
d6aa653648 Windows vulnerability fix : avoid kernel pointer disclosure through a call to TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG but restricting this call to Kernel Mode. 2014-11-08 23:22:54 +01:00
Mounir IDRASSI
6de2c143b9 Windows : Specify "IDRIX" in signtool for the subject of the code signing certificate. 2014-11-08 23:22:51 +01:00
Mounir IDRASSI
9083f95db0 Remove driver version test that is non application to VeraCrypt and that was wrongly inherited from TrueCrypt. 2014-11-08 23:22:49 +01:00
Mounir IDRASSI
03cf7cc566 Correctly handle dialogs from previous versions that used 'TRUE' instead of 'VERA' as a value for GWLP_USERDATA. 2014-11-08 23:22:46 +01:00
Mounir IDRASSI
f158df394e Windows : correct bug in construction of Format.exe path that prevented the new volume wizard to launch. 2014-11-08 23:22:43 +01:00
Mounir IDRASSI
bb7ef68040 MacOSX : Update Main Makefile to used the new package name that include the version. 2014-11-08 23:22:41 +01:00
Mounir IDRASSI
37891c2bb0 MacOSX : Add detection of MacFUSE compatibility layer in installer. Change package name to include version in order to avoid specifying manually the title of the installer window. 2014-11-08 23:22:38 +01:00
Mounir IDRASSI
3e2cf28d92 MacOSX : Correct typos in Main Makefile 2014-11-08 23:22:35 +01:00
Mounir IDRASSI
92af806488 MacOSX : change OSXFuse error message to indicate the MacFUSE compatibility layer is needed. 2014-11-08 23:22:32 +01:00
Mounir IDRASSI
ce44ad4c57 MacOSX : modify Makefile to automatically build and sign the MacOSX installer for VeraCrypt. 2014-11-08 23:22:29 +01:00
Mounir IDRASSI
a857f6c087 MacOSX : add Packages project that creates the MacOSX installer for VeraCrypt 2014-11-08 23:22:27 +01:00
Mounir IDRASSI
0d6443e05a MacOSX : Since we link directly with OSXFuse, change error message to indicate that OSXFuse 2.3+ is needed. 2014-11-08 23:22:24 +01:00
Mounir IDRASSI
41a31ac76f MacOSX : Copy console version of VeraCrypt inside the bundle under the name veracrypt_console. 2014-11-08 23:22:21 +01:00
Mounir IDRASSI
4fefd61cee MacOSX : Update Fuse error message to display OSXFUSE requirement alongside MacFuse. 2014-11-08 23:22:19 +01:00
Mounir IDRASSI
8ee17fd727 MacOSX : Support detection of OSXFUSE and the presence of MacFUSE compatibility layer. 2014-11-08 23:22:16 +01:00
Mounir IDRASSI
7aceaf124e MacOSX : copy the help pdf into the VeraCrypt bundle during package creation 2014-11-08 23:22:13 +01:00
Mounir IDRASSI
f143182cbc MacOSX : correct the name of dmg file used by the rm command 2014-11-08 23:22:10 +01:00
Mounir IDRASSI
f94707e4ef MacOSX : correct compilation issue caused by system API deprication and use of new wxWidgets. 2014-11-08 23:22:08 +01:00