Commit Graph

72 Commits

Author SHA1 Message Date
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 1871765a76 Windows: allow cancelling long mount operations
Add a root-driver abort IOCTL that bypasses the mount control mutex and sets cooperative KDF abort flags for the active mount.

Restrict abort requests to privileged callers or to the user that initiated the pending mount, and retry early wait-dialog cancel requests until the driver has registered the cancellable mount context.

Wire the wait dialog Cancel button to send the abort request through a fresh driver handle, and propagate ERR_USER_ABORT through header/cache processing.

Add a /cancelmount command-line switch that sends the same abort request without displaying UI, so users can cancel hidden-wait-dialog mount operations from another process.
2026-06-07 23:39:52 +09:00
Mounir IDRASSI c3ce2db9ac Document fixed Argon2id header key size
Argon2id includes the requested output length in its computation, so deriving 192 bytes and using a prefix is not equivalent to deriving only the selected cipher's key material length. This differs from PBKDF2, where the prefix property made this detail invisible.

VeraCrypt derives the maximum header key material currently needed by the supported cipher/cascade set, which is 192 bytes, and then uses the required prefix for the selected encryption algorithm. For AES-XTS this means the first 64 bytes of the 192-byte Argon2id output are used.

Make this design rule explicit in code and documentation by introducing ARGON2_HEADER_KEYDATA_SIZE instead of relying implicitly on GetMaxPkcs5OutSize. If a future cipher or cascade requires more than 192 bytes, that must be handled as an explicit format/design change.

Document the 192-byte Argon2id header KDF output requirement so third-party implementations derive the same header key material.

References: https://github.com/veracrypt/VeraCrypt/issues/1614
2026-05-21 18:10:06 +09:00
Mounir IDRASSI 49c68ea1ab Windows: handle Argon2 derivation failures 2026-04-20 19:49:45 +09:00
Mounir IDRASSI da2198831f Windows bootloader: Add EFI DCS guard for Argon2 support
We don't support yet Argon2 for EFI booloader build
2026-04-17 16:03:42 +09:00
Mounir IDRASSI 9dc24ba7d0 Windows: speedup PRF autodetection mode by implementing abort mechanism in PBKDF2/Argon2 primitives 2025-06-29 21:44:32 +09:00
Mounir IDRASSI 3c17b8ced2 Windows: Add support for Argon2id as an alternative to PBKDF2 key derivation 2025-06-25 15:44:31 +09:00
Mounir IDRASSI b673901503 Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp 2025-05-11 16:02:20 +09:00
Bernard Ladenthin 0478be3626 Add alignment constants for derived key and KEY_INFO buffers to ensure SIMD compatibility. (#1526) 2025-04-21 11:26:34 +02:00
Bernard Ladenthin 5eb358ca18 Refactor: Use symbolic constants for volume header magic numbers (#1525)
Replaced hardcoded 0x56455241 ('VERA') with TC_HEADER_MAGIC for better readability and maintainability.
Also replaced 0x5645524142455854 with TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC and added 'ULL' suffix for 64-bit safety.
2025-04-21 11:24:02 +02:00
Mounir IDRASSI 1b35abb191 Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers. 2025-01-14 12:26:28 +01:00
Mounir IDRASSI c86577fc0e Windows: remove 32-bit logic from the code since we support only 64-bit. remove 32-bit EFI bootloader files.
We also fix intermediary files folder for Portable and Setup projects
2024-11-16 01:05:15 +01:00
Mounir IDRASSI cb97351250 Windows: Remove support for 32-bit driver code. Set build target as Windows 10. Simplify code and fix all warnings in driver. 2024-11-13 02:08:51 +01:00
Mounir IDRASSI ed1263bf8c Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
2024-08-02 00:20:53 +02:00
Mounir IDRASSI 455a4f2176 Avoid conflict with C++17 features std::byte by using uint8 type instead of byte 2024-06-12 12:30:04 +02:00
lealem47 9247ce1bb9 wolfCrypt as crypto backend for VeraCrypt (#1227)
* wolfCrypt as crypto backend for VeraCrypt

* Refactor to use EncryptionModeWolfCryptXTS class
2023-11-13 00:51:31 +01:00
Mounir IDRASSI 16bb1de3a6 Security: ensure that XTS primary key is different from secondary key when creating volumes
This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
2023-08-05 10:55:46 +02:00
Mounir IDRASSI fa6359d424 Windows: Remove TrueCrypt support. Increment version to 1.26.4. 2023-07-22 10:25:22 +02:00
Mounir IDRASSI 533269ca9a Windows: Fix wrong parameter to CloseHandle function in case of failure of CreateEvent (Coverity) 2022-03-26 21:14:49 +01:00
Mounir IDRASSI 36795a688f Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89. 2022-03-08 00:29:26 +01:00
Mounir IDRASSI 4b98ff0e98 Windows: Better implementation of PRF autodetection optimization. 2021-08-07 20:47:07 +02:00
Mounir IDRASSI fdf7888ab3 Windows: Reduce time of mount with PRF auto-detection 2021-07-14 23:59:42 +02:00
Mounir IDRASSI 21674c6aec Windows: Fix various compiler warnings 2020-12-11 23:42:14 +01:00
Mounir IDRASSI 3c18d54d1e Windows driver: replace SHA512 by RIPEMD160 when calculating internal hash of master key to avoid calling KeSaveFloatingPointState/KeSaveExtendedProcessorState since SHA512 implementation uses SSE2/AVX and RIPEMD160 is pure C 2019-02-01 00:35:33 +01:00
Mounir IDRASSI ee0a2659da Windows driver: remove volumes master keys from CRYPTO_INFO since they are not needed after their key schedule is created 2019-01-21 00:45:31 +01:00
Mounir IDRASSI 27b3fee02d Windows: remove unused fields from CRYPTO_INFO structure 2019-01-21 00:45:23 +01:00
Mounir IDRASSI c29ee8331a Windows driver: correctly handle IOCTL_DISK_GET_DRIVE_GEOMETRY_EX to fix issues with some disks. Implement IOCTL_STORAGE_GET_MEDIA_TYPES_EX. 2017-07-27 00:30:51 +02:00
Mounir IDRASSI 0ebc26e125 Update IDRIX copyright year 2017-06-23 22:15:59 +02:00
Mounir IDRASSI 74b82118d5 Windows: use IOCTL_DISK_GET_DRIVE_GEOMETRY_EX instead of the deprecated IOCTL_DISK_GET_DRIVE_GEOMETRY in order to get accurate disk size value. 2017-05-17 00:46:41 +02:00
Mounir IDRASSI 041bc9dc0b Windows: Fix false-positive detection of Evil-Maid attack during creation process of hidden OS by excluding the configuration byte in the boot sector whose value changes depending on the content. 2016-10-17 18:40:24 +02:00
Mounir IDRASSI 34f3c055ed Windows: in function CreateVolumeHeaderInMemory, properly unlock and erase sensitive stack memory. 2016-10-17 18:40:22 +02:00
Mounir IDRASSI 8e2c5ca45e Securely erase and protect buffer holding decrypted volume header. 2016-10-17 18:40:21 +02:00
Mounir IDRASSI 335f17b72f Windows: in case of In-Place encryption, encrypt random data instead of existing data when filling unused space like the other cases. 2016-09-11 13:12:45 +02:00
Mounir IDRASSI 5d5a645083 Windows: fix error caused by requesting large number of random bytes when writing randomly generated data to unused/reserved header areas. 2016-08-15 14:19:11 +02:00
Mounir IDRASSI 24560eae1d Windows: fill unused/reserved header areas with the result of encryption of random data instead of the encryption of zeros for better entropy of resulting random data. 2016-08-15 01:09:20 +02:00
Alex 246233c402 Windows EFI Bootloader: modifications to prepare EFI system encryption support (common files with DcsBoot) 2016-08-15 01:09:12 +02:00
Mounir IDRASSI e90e24b30b Windows: Add support for Streebog (hash) and kuznyechik (encryption) 2016-08-15 01:09:11 +02:00
Mounir IDRASSI 5b381ce7d7 Windows: Fix vulnerability inherited from TrueCrypt that allows an attacker to detect with high probability if a hidden volume is present. Vulnerability reported by Ivanov Alexey Mikhailovich. 2016-08-15 01:09:05 +02:00
Mounir IDRASSI 3aaf5c7045 Windows: solve benchmark issue for Whirlpool which caused wrong numbers when a 1GB buffer is chosen. 2016-07-25 08:26:09 +02:00
Mounir IDRASSI 76d3bc631e Crypto: Add support for Japanese encryption standard Camellia, including for system encryption. 2016-06-02 00:12:00 +02:00
David Foerster 11716ed2da Remove trailing whitespace 2016-05-10 22:18:34 +02:00
David Foerster fc37cc4a02 Normalize all line terminators 2016-05-10 20:20:14 +02:00
Mounir IDRASSI 1396269d57 Windows: Add option to avoid PIM prompt in pre-boot authentication by storing PIM value unencrypted in MBR. 2016-04-20 00:48:20 +02:00
Mounir IDRASSI e51aafb499 Windows: fix keys parts not shown in system encryption wizard when the display keys checkbox is checked. This occurred when the "Display pool content" in the previous wizard page was unchecked before clicking Next. 2016-04-17 00:59:01 +02:00
Mounir IDRASSI ae7ec4802a Windows:Fix various issues and warnings reported by static code analysis tool Coverity. 2016-02-07 02:39:43 +01:00
Mounir IDRASSI bda7a1d0bd Copyright: update dates to include 2016. 2016-01-20 00:53:24 +01:00
Mounir IDRASSI 4181283f29 Cryptography: Set 16-byte alignment for KEY_INFO structure that is used as input for Whirlpool hash. This helps improve performance. 2016-01-03 00:14:59 +01:00
Mounir IDRASSI 8f6c08330a Windows: Implement PIM caching, both for system encryption and for normal volumes. Add options to activate it in the Preferences and System Settings. 2015-12-21 01:19:04 +01:00
Mounir IDRASSI 9666dda282 Windows: solve GUI issues caused by using ANSI string instead of UNICODE ones. Remove Unused functions. 2015-11-26 19:23:11 +01:00
Mounir IDRASSI 041024fbb9 Update license information to reflect the use of a dual license Apache 2.0 and TrueCrypt 3.0. 2015-08-06 00:04:25 +02:00