Implement detection of volumes with vulnerable XTS master key.

If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-08-02 00:20:53 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-08-02 00:20:53 +0200
commit: ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch)
tree: 14dfb134969574b7f0d869c455981418c652780e /src/Common/Password.c
parent: 6121ca02397e75fe51b2c76111ef836556fedb49 (diff)
download: VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz
VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ae6b8035..f20dd257 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
 		if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
 			nStatus = 0;	// We can ignore this error here
 
+		// if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
+		if (cryptoInfo->bVulnerableMasterKey)
+			nStatus = ERR_XTS_MASTERKEY_VULNERABLE;
+
 		if (nStatus == ERR_PASSWORD_WRONG)
 		{
 			continue;		// Try next volume type
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-08-02 00:20:53 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-08-02 00:20:53 +0200
commit	ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch)
tree	14dfb134969574b7f0d869c455981418c652780e /src/Common/Password.c
parent	6121ca02397e75fe51b2c76111ef836556fedb49 (diff)
download	VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip