VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-02 00:20:53 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-02 00:20:53 +0200
commited1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch)
tree14dfb134969574b7f0d869c455981418c652780e
parent6121ca02397e75fe51b2c76111ef836556fedb49 (diff)
downloadVeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz
VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
-rw-r--r--src/Common/Apidrvr.h3
-rw-r--r--src/Common/BootEncryption.cpp5
-rw-r--r--src/Common/Crypto.h2
-rw-r--r--src/Common/Dlgcode.c14
-rw-r--r--src/Common/Language.xml3
-rw-r--r--src/Common/Password.c4
-rw-r--r--src/Common/Tcdefs.h4
-rw-r--r--src/Common/Volumes.c8
-rw-r--r--src/Core/Core.h8
-rw-r--r--src/Core/CoreBase.cpp3
-rw-r--r--src/Core/CoreBase.h2
-rw-r--r--src/Driver/DriveFilter.c9
-rw-r--r--src/Driver/Ntvol.c4
-rw-r--r--src/ExpandVolume/ExpandVolume.c6
-rw-r--r--src/Main/Forms/ChangePasswordDialog.cpp5
-rw-r--r--src/Main/GraphicUserInterface.cpp22
-rw-r--r--src/Main/TextUserInterface.cpp27
-rw-r--r--src/Main/UserInterface.cpp17
-rw-r--r--src/Mount/Mount.c32
-rw-r--r--src/Volume/Volume.h1
-rw-r--r--src/Volume/VolumeHeader.cpp7
-rw-r--r--src/Volume/VolumeHeader.h2
-rw-r--r--src/Volume/VolumeInfo.cpp3
-rw-r--r--src/Volume/VolumeInfo.h2
24 files changed, 186 insertions, 7 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 4074503d..04d69c05 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -177,6 +177,7 @@ typedef struct
ULONG MaximumTransferLength;
ULONG MaximumPhysicalPages;
ULONG AlignmentMask;
+ BOOL VolumeMasterKeyVulnerable;
} MOUNT_STRUCT;
typedef struct
@@ -316,6 +317,8 @@ typedef struct
// is read-only (or mounted an outer/normal TrueCrypt volume as read only)
uint32 HiddenSysLeakProtectionCount;
+ BOOL MasterKeyVulnerable;
+
} BootEncryptionStatus;
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 2080a44b..2be81416 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1462,6 +1462,7 @@ namespace VeraCrypt
/* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */
BootEncryptionStatus status;
+ memset (&status, 0, sizeof(status));
CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status));
return status;
}
@@ -5401,6 +5402,10 @@ namespace VeraCrypt
int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL);
finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
+ // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
+ if (cryptoInfo->bVulnerableMasterKey)
+ status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE;
+
if (status != 0)
{
handleError (hwndDlg, status, SRC_POS);
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 178e08e1..89d22f0e 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -277,6 +277,8 @@ typedef struct CRYPTO_INFO_t
uint32 SectorSize;
+ BOOL bVulnerableMasterKey; // TRUE if XTS primary key is identical to secondary key (i.e. the volume is vulnerable to attack on XTS mode)
+
#endif // !TC_WINDOWS_BOOT
UINT64_STRUCT VolumeSize;
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 4ee08bb7..ce86c9da 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -5577,6 +5577,14 @@ void handleError (HWND hwndDlg, int code, const char* srcPos)
break;
#endif
+ case ERR_XTS_MASTERKEY_VULNERABLE:
+ MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND);
+ break;
+
+ case ERR_SYSENC_XTS_MASTERKEY_VULNERABLE:
+ MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND);
+ break;
+
default:
StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code);
MessageBoxW (hwndDlg, AppendSrcPos (szTmp, srcPos).c_str(), lpszTitle, ICON_HAND);
@@ -8953,6 +8961,12 @@ retry:
LastMountedVolumeDirty = mount.FilesystemDirty;
+ if (mount.VolumeMasterKeyVulnerable
+ && !Silent)
+ {
+ Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg);
+ }
+
if (mount.FilesystemDirty)
{
wchar_t msg[1024];
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index e3e96a1f..05f05749 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1638,6 +1638,9 @@
<entry lang="en" key="LINUX_LANGUAGE">Language</entry>
<entry lang="en" key="LINUX_SELECT_SYS_DEFAULT_LANG">Select system's default language</entry>
<entry lang="en" key="LINUX_RESTART_FOR_LANGUAGE_CHANGE">For the language change to come into effect, VeraCrypt needs to be restarted.</entry>
+ <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE">WARNING: The volume's master key is vulnerable to an attack that compromises data security.\n\nPlease create a new volume and transfer the data to it.</entry>
+ <entry lang="en" key="ERR_SYSENC_XTS_MASTERKEY_VULNERABLE">WARNING: The encrypted system's master key is vulnerable to an attack that compromises data security.\nPlease decrypt the system partition/drive and then re-encrypt it.</entry>
+ <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE_SHORT">WARNING: The volume's master key has a security vulnerability.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ae6b8035..f20dd257 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
+ // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
+ if (cryptoInfo->bVulnerableMasterKey)
+ nStatus = ERR_XTS_MASTERKEY_VULNERABLE;
+
if (nStatus == ERR_PASSWORD_WRONG)
{
continue; // Try next volume type
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 6f903e07..9f590885 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -494,7 +494,9 @@ enum
ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32,
ERR_USER_ABORT = 33,
ERR_RAND_INIT_FAILED = 34,
- ERR_CAPI_INIT_FAILED = 35
+ ERR_CAPI_INIT_FAILED = 35,
+ ERR_XTS_MASTERKEY_VULNERABLE = 36,
+ ERR_SYSENC_XTS_MASTERKEY_VULNERABLE = 37
};
#endif // #ifndef TCDEFS_H
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index df1cd1e3..7ee519f6 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -597,6 +597,14 @@ KeyReady: ;
goto err;
}
+ // check that first half of keyInfo.master_keydata is different from the second half. If they are the same return error
+ if (memcmp (keyInfo->master_keydata, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)) == 0)
+ {
+ cryptoInfo->bVulnerableMasterKey = TRUE;
+ if (retHeaderCryptoInfo)
+ retHeaderCryptoInfo->bVulnerableMasterKey = TRUE;
+ }
+
status = ERR_SUCCESS;
goto ret;
}
diff --git a/src/Core/Core.h b/src/Core/Core.h
index 65ea5bee..b9e53021 100644
--- a/src/Core/Core.h
+++ b/src/Core/Core.h
@@ -82,9 +82,13 @@ namespace VeraCrypt
shared_ptr <Pkcs5Kdf> m_newPkcs5Kdf;
int m_wipeCount;
bool m_emvSupportEnabled;
- ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled) {}
+ bool m_masterKeyVulnerable;
+ ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false) {}
virtual ~ChangePasswordThreadRoutine() { }
- virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); }
+ virtual void ExecutionCode(void) {
+ shared_ptr <Volume> openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount);
+ m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable();
+ }
};
class OpenVolumeThreadRoutine : public WaitThreadRoutine
diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp
index 356d4348..0c6d5c9e 100644
--- a/src/Core/CoreBase.cpp
+++ b/src/Core/CoreBase.cpp
@@ -77,10 +77,11 @@ namespace VeraCrypt
}
}
- void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+ shared_ptr <Volume> CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
{
shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled);
ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount);
+ return volume;
}
void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index 03aa922a..e646fce3 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -34,7 +34,7 @@ namespace VeraCrypt
virtual ~CoreBase ();
virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
- virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+ virtual shared_ptr <Volume> ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool emvSupportEnabled, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0;
virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const;
virtual void CreateKeyfile (const FilePath &keyfilePath) const;
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index a615797a..6fda3c37 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -522,10 +522,16 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pim, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
{
- // Header decrypted
+ // Header decrypted
status = STATUS_SUCCESS;
Dump ("Header decrypted\n");
+ if (Extension->HeaderCryptoInfo->bVulnerableMasterKey)
+ {
+ // The volume header master key is vulnerable
+ Dump ("The volume header master key is vulnerable\n");
+ }
+
// calculate Fingerprint
ComputeBootLoaderFingerprint (Extension->LowerDeviceObject, header);
@@ -2017,6 +2023,7 @@ void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
bootEncStatus->ConfiguredEncryptedAreaStart = Extension->ConfiguredEncryptedAreaStart;
bootEncStatus->ConfiguredEncryptedAreaEnd = Extension->ConfiguredEncryptedAreaEnd;
bootEncStatus->EncryptedAreaStart = Extension->Queue.EncryptedAreaStart;
+ bootEncStatus->MasterKeyVulnerable = Extension->HeaderCryptoInfo->bVulnerableMasterKey;
if (SetupInProgress)
{
diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c
index c26fcebf..68f63f16 100644
--- a/src/Driver/Ntvol.c
+++ b/src/Driver/Ntvol.c
@@ -89,6 +89,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE;
mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE;
+ mount->VolumeMasterKeyVulnerable = FALSE;
// If we are opening a device, query its size first
if (bRawDevice)
@@ -648,6 +649,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject,
Dump ("Volume header decrypted\n");
Dump ("Required program version = %x\n", (int) Extension->cryptoInfo->RequiredProgramVersion);
Dump ("Legacy volume = %d\n", (int) Extension->cryptoInfo->LegacyVolume);
+ Dump ("Master key vulnerable = %d\n", (int) Extension->cryptoInfo->bVulnerableMasterKey);
+
+ mount->VolumeMasterKeyVulnerable = Extension->cryptoInfo->bVulnerableMasterKey;
if (IsHiddenSystemRunning() && !Extension->cryptoInfo->hiddenVolume)
{
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index d9019ada..f79fd5b7 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -691,6 +691,12 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
+ // if the volume master key is vulnerable, print a warning to inform the user
+ if (cryptoInfo->bVulnerableMasterKey)
+ {
+ DebugAddProgressDlgStatus(hwndDlg, GetString ("ERR_XTS_MASTERKEY_VULNERABLE_SHORT"));
+ }
+
if (nStatus != 0)
{
cryptoInfo = NULL;
diff --git a/src/Main/Forms/ChangePasswordDialog.cpp b/src/Main/Forms/ChangePasswordDialog.cpp
index 397ee693..39da8e60 100644
--- a/src/Main/Forms/ChangePasswordDialog.cpp
+++ b/src/Main/Forms/ChangePasswordDialog.cpp
@@ -171,6 +171,7 @@ namespace VeraCrypt
RandomNumberGenerator::SetEnrichedByUserStatus (false);
Gui->UserEnrichRandomPool (this, NewPasswordPanel->GetPkcs5Kdf() ? NewPasswordPanel->GetPkcs5Kdf()->GetHash() : shared_ptr <Hash>());
+ bool masterKeyVulnerable = false;
{
#ifdef TC_UNIX
// Temporarily take ownership of a device if the user is not an administrator
@@ -193,6 +194,7 @@ namespace VeraCrypt
CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetKeyfiles(),
newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount(), Gui->GetPreferences().EMVSupportEnabled);
Gui->ExecuteWaitThreadRoutine (this, &routine);
+ masterKeyVulnerable = routine.m_masterKeyVulnerable;
}
switch (DialogMode)
@@ -214,6 +216,9 @@ namespace VeraCrypt
throw ParameterIncorrect (SRC_POS);
}
+ if (masterKeyVulnerable)
+ Gui->ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+
EndModal (wxID_OK);
}
catch (UnportablePassword &e)
diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp
index 9169a548..41bfa100 100644
--- a/src/Main/GraphicUserInterface.cpp
+++ b/src/Main/GraphicUserInterface.cpp
@@ -191,6 +191,7 @@ namespace VeraCrypt
hiddenVolumeMountOptions.Path = volumePath;
VolumeType::Enum volumeType = VolumeType::Normal;
+ bool masterKeyVulnerable = false;
// Open both types of volumes
while (true)
@@ -273,6 +274,13 @@ namespace VeraCrypt
}
}
+ // check if volume master key is vulnerable
+ if (volume->IsMasterKeyVulnerable())
+ {
+ masterKeyVulnerable = true;
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+ }
+
if (volumeType == VolumeType::Hidden)
hiddenVolume = volume;
else
@@ -366,6 +374,10 @@ namespace VeraCrypt
}
ShowWarning ("VOL_HEADER_BACKED_UP");
+
+ // display again warning that master key is vulnerable
+ if (masterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
void GraphicUserInterface::BeginInteractiveBusyState (wxWindow *window)
@@ -1440,6 +1452,7 @@ namespace VeraCrypt
/* force the display of the random enriching interface */
RandomNumberGenerator::SetEnrichedByUserStatus (false);
+ bool masterKeyVulnerable = false;
if (restoreInternalBackup)
{
// Restore header from the internal backup
@@ -1492,6 +1505,8 @@ namespace VeraCrypt
return;
}
+ masterKeyVulnerable = volume->IsMasterKeyVulnerable();
+
RandomNumberGenerator::Start();
UserEnrichRandomPool (nullptr);
@@ -1590,6 +1605,7 @@ namespace VeraCrypt
if (decryptRoutine.m_bResult)
{
+ masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable();
decryptedLayout = layout;
break;
}
@@ -1645,6 +1661,12 @@ namespace VeraCrypt
}
ShowInfo ("VOL_HEADER_RESTORED");
+
+ // display warning if the volume master key is vulnerable
+ if (masterKeyVulnerable)
+ {
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+ }
}
DevicePath GraphicUserInterface::SelectDevice (wxWindow *parent) const
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index 8494a45c..bc3f6f5a 100644
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -314,6 +314,7 @@ namespace VeraCrypt
hiddenVolumeMountOptions.EMVSupportEnabled = true;
VolumeType::Enum volumeType = VolumeType::Normal;
+ bool masterKeyVulnerable = false;
// Open both types of volumes
while (true)
@@ -387,6 +388,13 @@ namespace VeraCrypt
}
}
+ // check if volume master key is vulnerable
+ if (volume->IsMasterKeyVulnerable())
+ {
+ masterKeyVulnerable = true;
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+ }
+
if (volumeType == VolumeType::Hidden)
hiddenVolume = volume;
else
@@ -454,6 +462,10 @@ namespace VeraCrypt
ShowString (L"\n");
ShowInfo ("VOL_HEADER_BACKED_UP");
+
+ // display again warning that master key is vulnerable
+ if (masterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
@@ -532,6 +544,12 @@ namespace VeraCrypt
break;
}
+ // display warning if volume master key is vulnerable
+ if (volume->IsMasterKeyVulnerable())
+ {
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+ }
+
// New password
if (!newPassword.get() && !Preferences.NonInteractive)
newPassword = AskPassword (_("Enter new password"), true);
@@ -1539,6 +1557,7 @@ namespace VeraCrypt
/* force the display of the random enriching interface */
RandomNumberGenerator::SetEnrichedByUserStatus (false);
+ bool masterKeyVulnerable = false;
if (restoreInternalBackup)
{
// Restore header from the internal backup
@@ -1586,6 +1605,8 @@ namespace VeraCrypt
throw_err (LangString ["VOLUME_HAS_NO_BACKUP_HEADER"]);
}
+ masterKeyVulnerable = volume->IsMasterKeyVulnerable();
+
RandomNumberGenerator::Start();
UserEnrichRandomPool();
@@ -1673,6 +1694,7 @@ namespace VeraCrypt
if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
{
decryptedLayout = layout;
+ masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable();
break;
}
}
@@ -1723,6 +1745,11 @@ namespace VeraCrypt
ShowString (L"\n");
ShowInfo ("VOL_HEADER_RESTORED");
+ // display warning if the volume master key is vulnerable
+ if (masterKeyVulnerable)
+ {
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+ }
}
void TextUserInterface::SetTerminalEcho (bool enable)
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index 0f11ec0b..ad2f22b8 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -652,6 +652,7 @@ namespace VeraCrypt
bool protectedVolumeMounted = false;
bool legacyVolumeMounted = false;
+ bool vulnerableVolumeMounted = false;
foreach_ref (const HostDevice &device, devices)
{
@@ -694,6 +695,10 @@ namespace VeraCrypt
if (newMountedVolumes.back()->EncryptionAlgorithmMinBlockSize == 8)
legacyVolumeMounted = true;
+
+ if (newMountedVolumes.back()->MasterKeyVulnerable)
+ vulnerableVolumeMounted = true;
+
}
catch (DriverError&) { }
catch (MissingVolumeData&) { }
@@ -708,6 +713,9 @@ namespace VeraCrypt
}
else
{
+ if (vulnerableVolumeMounted)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+
if (someVolumesShared)
ShowWarning ("DEVICE_IN_USE_INFO");
@@ -741,10 +749,12 @@ namespace VeraCrypt
favorite.ToMountOptions (options);
+ bool mountPerformed = false;
if (Preferences.NonInteractive)
{
BusyScope busy (this);
newMountedVolumes.push_back (Core->MountVolume (options));
+ mountPerformed = true;
}
else
{
@@ -752,6 +762,7 @@ namespace VeraCrypt
{
BusyScope busy (this);
newMountedVolumes.push_back (Core->MountVolume (options));
+ mountPerformed = true;
}
catch (...)
{
@@ -769,6 +780,9 @@ namespace VeraCrypt
newMountedVolumes.push_back (volume);
}
}
+
+ if (mountPerformed && newMountedVolumes.back()->MasterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
if (!newMountedVolumes.empty() && GetPreferences().CloseSecurityTokenSessionsAfterMount)
@@ -805,6 +819,9 @@ namespace VeraCrypt
}
}
+ if (volume->MasterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+
if (volume->EncryptionAlgorithmMinBlockSize == 8)
ShowWarning ("WARN_64_BIT_BLOCK_CIPHER");
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index c3898b72..444e44d7 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -1259,6 +1259,20 @@ static BOOL SysEncryptionOrDecryptionRequired (void)
);
}
+// Returns TRUE if system encryption master key is vulnerable
+static BOOL SysEncryptionMasterKeyVulnerable (void)
+{
+ try
+ {
+ BootEncStatus = BootEncObj->GetStatus();
+ return (BootEncStatus.DriveMounted || BootEncStatus.DriveEncrypted) && BootEncStatus.MasterKeyVulnerable;
+ }
+ catch (Exception &)
+ {
+ return FALSE;
+ }
+}
+
// Returns TRUE if the system partition/drive is completely encrypted
static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent)
{
@@ -7435,10 +7449,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (!Quit) // Do not care about system encryption or in-place encryption if we were launched from the system startup sequence (the wizard was added to it too).
{
+ BOOL bActionPerformed = FALSE;
if (SysEncryptionOrDecryptionRequired ())
{
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
+ bActionPerformed = TRUE;
// We shouldn't block the mutex at this point
if (SystemEncryptionStatus == SYSENC_STATUS_PRETEST
@@ -7465,7 +7481,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
BOOL bDecrypt = FALSE;
if (AskNonSysInPlaceEncryptionResume(hwndDlg, &bDecrypt) == IDYES)
+ {
+ bActionPerformed = TRUE;
ResumeInterruptedNonSysInplaceEncProcess (bDecrypt);
+ }
+ }
+
+ if (!bActionPerformed)
+ {
+ // display warning if the master key is vulnerable
+ if (SysEncryptionMasterKeyVulnerable())
+ WarningTopMost ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE", hwndDlg);
}
}
@@ -11447,6 +11473,12 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
handleError (hwndDlg, nStatus, SRC_POS);
}
+ // display a warning if the master key is vulnerable
+ if (restoredCryptoInfo->bVulnerableMasterKey)
+ {
+ Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg);
+ }
+
BOOL hiddenVol = restoredCryptoInfo->hiddenVolume;
if (legacyBackup)
diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h
index c816da58..4b91e435 100644
--- a/src/Volume/Volume.h
+++ b/src/Volume/Volume.h
@@ -114,6 +114,7 @@ namespace VeraCrypt
void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; }
+ bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); }
protected:
void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength);
diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp
index 57b63394..2b8699a3 100644
--- a/src/Volume/VolumeHeader.cpp
+++ b/src/Volume/VolumeHeader.cpp
@@ -47,6 +47,7 @@ namespace VeraCrypt
EncryptedAreaLength = 0;
Flags = 0;
SectorSize = 0;
+ XtsKeyVulnerable = false;
}
void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options)
@@ -62,6 +63,9 @@ namespace VeraCrypt
DataAreaKey.Zero();
DataAreaKey.CopyFrom (options.DataKey);
+ // check if the XTS key is vulnerable by comparing the two parts of the key
+ XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0);
+
VolumeCreationTime = 0;
HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0);
VolumeDataSize = options.VolumeDataSize;
@@ -235,6 +239,9 @@ namespace VeraCrypt
ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
#endif
mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
+
+ // check if the XTS key is vulnerable by comparing the two parts of the key
+ XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0);
}
else
{
diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h
index 85908711..18a52950 100644
--- a/src/Volume/VolumeHeader.h
+++ b/src/Volume/VolumeHeader.h
@@ -76,6 +76,7 @@ namespace VeraCrypt
uint64 GetVolumeDataSize () const { return VolumeDataSize; }
VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; }
void SetSize (uint32 headerSize);
+ bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; }
protected:
bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode);
@@ -120,6 +121,7 @@ namespace VeraCrypt
uint32 SectorSize;
SecureBuffer DataAreaKey;
+ bool XtsKeyVulnerable;
private:
VolumeHeader (const VolumeHeader &);
diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp
index 699e203f..f3b044b7 100644
--- a/src/Volume/VolumeInfo.cpp
+++ b/src/Volume/VolumeInfo.cpp
@@ -55,6 +55,7 @@ namespace VeraCrypt
VirtualDevice = sr.DeserializeWString ("VirtualDevice");
sr.Deserialize ("VolumeCreationTime", VolumeCreationTime);
sr.Deserialize ("Pim", Pim);
+ sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable);
}
bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second)
@@ -95,6 +96,7 @@ namespace VeraCrypt
sr.Serialize ("VirtualDevice", wstring (VirtualDevice));
sr.Serialize ("VolumeCreationTime", VolumeCreationTime);
sr.Serialize ("Pim", Pim);
+ sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable);
}
void VolumeInfo::Set (const Volume &volume)
@@ -119,6 +121,7 @@ namespace VeraCrypt
TotalDataRead = volume.GetTotalDataRead();
TotalDataWritten = volume.GetTotalDataWritten();
Pim = volume.GetPim ();
+ MasterKeyVulnerable = volume.IsMasterKeyVulnerable();
}
TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo);
diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h
index 1adc87e3..ad6c2ca4 100644
--- a/src/Volume/VolumeInfo.h
+++ b/src/Volume/VolumeInfo.h
@@ -61,7 +61,7 @@ namespace VeraCrypt
DevicePath VirtualDevice;
VolumeTime VolumeCreationTime;
int Pim;
-
+ bool MasterKeyVulnerable;
private:
VolumeInfo (const VolumeInfo &);
VolumeInfo &operator= (const VolumeInfo &);