VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Password.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-08 00:49:00 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-08-15 01:09:05 +0200
commit5b381ce7d7ec45e02765b4a180f9aa1ee8aeee40 (patch)
tree49f9cc8a5cc65386b021566e9b7d7ec631923b79 /src/Common/Password.c
parent3fb2eedab8ef586cd2686efba0b668a5070fd0af (diff)
downloadVeraCrypt-5b381ce7d7ec45e02765b4a180f9aa1ee8aeee40.tar.gz
VeraCrypt-5b381ce7d7ec45e02765b4a180f9aa1ee8aeee40.zip
Windows: Fix vulnerability inherited from TrueCrypt that allows an attacker to detect with high probability if a hidden volume is present. Vulnerability reported by Ivanov Alexey Mikhailovich.
Diffstat (limited to 'src/Common/Password.c')
-rw-r--r--src/Common/Password.c42
1 files changed, 42 insertions, 0 deletions
diff --git a/src/Common/Password.c b/src/Common/Password.c
index 2c9e77c3..1c9083a3 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -437,9 +437,51 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
&& (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_NONSYS_INPLACE_ENC) != 0
&& (cryptoInfo->HeaderFlags & ~TC_HEADER_FLAG_NONSYS_INPLACE_ENC) == 0)
{
+ PCRYPTO_INFO dummyInfo = NULL;
+ LARGE_INTEGER hiddenOffset;
+
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, cryptoInfo->VolumeSize.Value, !backupHeader, backupHeader);
if (nStatus != ERR_SUCCESS)
goto error;
+
+ // write fake hidden volume header to protect against attacks that use statistical entropy
+ // analysis to detect presence of hidden volumes
+ hiddenOffset.QuadPart = backupHeader ? cryptoInfo->VolumeSize.Value + TC_VOLUME_HEADER_GROUP_SIZE + TC_HIDDEN_VOLUME_HEADER_OFFSET: TC_HIDDEN_VOLUME_HEADER_OFFSET;
+
+ nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
+ buffer,
+ cryptoInfo->ea,
+ cryptoInfo->mode,
+ NULL,
+ 0,
+ 0,
+ NULL,
+ &dummyInfo,
+ cryptoInfo->VolumeSize.Value,
+ cryptoInfo->VolumeSize.Value,
+ cryptoInfo->EncryptedAreaStart.Value,
+ cryptoInfo->EncryptedAreaLength.Value,
+ truecryptMode? 0 : cryptoInfo->RequiredProgramVersion,
+ cryptoInfo->HeaderFlags,
+ cryptoInfo->SectorSize,
+ wipePass < wipePassCount - 1);
+
+ if (nStatus != ERR_SUCCESS)
+ goto error;
+
+ crypto_close (dummyInfo);
+
+ if (!SetFilePointerEx ((HANDLE) dev, hiddenOffset, NULL, FILE_BEGIN))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
+
+ if (!WriteEffectiveVolumeHeader (bDevice, dev, buffer))
+ {
+ nStatus = ERR_OS_ERROR;
+ goto error;
+ }
}
FlushFileBuffers (dev);