diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
| commit | ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch) | |
| tree | 14dfb134969574b7f0d869c455981418c652780e /src/Common | |
| parent | 6121ca02397e75fe51b2c76111ef836556fedb49 (diff) | |
| download | VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip | |
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Diffstat (limited to 'src/Common')
| -rw-r--r-- | src/Common/Apidrvr.h | 3 | ||||
| -rw-r--r-- | src/Common/BootEncryption.cpp | 5 | ||||
| -rw-r--r-- | src/Common/Crypto.h | 2 | ||||
| -rw-r--r-- | src/Common/Dlgcode.c | 14 | ||||
| -rw-r--r-- | src/Common/Language.xml | 3 | ||||
| -rw-r--r-- | src/Common/Password.c | 4 | ||||
| -rw-r--r-- | src/Common/Tcdefs.h | 4 | ||||
| -rw-r--r-- | src/Common/Volumes.c | 8 |
8 files changed, 42 insertions, 1 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 4074503d..04d69c05 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -177,6 +177,7 @@ typedef struct ULONG MaximumTransferLength; ULONG MaximumPhysicalPages; ULONG AlignmentMask; + BOOL VolumeMasterKeyVulnerable; } MOUNT_STRUCT; typedef struct @@ -316,6 +317,8 @@ typedef struct // is read-only (or mounted an outer/normal TrueCrypt volume as read only) uint32 HiddenSysLeakProtectionCount; + BOOL MasterKeyVulnerable; + } BootEncryptionStatus; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2080a44b..2be81416 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1462,6 +1462,7 @@ namespace VeraCrypt /* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */ BootEncryptionStatus status; + memset (&status, 0, sizeof(status)); CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status)); return status; } @@ -5401,6 +5402,10 @@ namespace VeraCrypt int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE; + if (status != 0) { handleError (hwndDlg, status, SRC_POS); diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 178e08e1..89d22f0e 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -277,6 +277,8 @@ typedef struct CRYPTO_INFO_t uint32 SectorSize; + BOOL bVulnerableMasterKey; // TRUE if XTS primary key is identical to secondary key (i.e. the volume is vulnerable to attack on XTS mode) + #endif // !TC_WINDOWS_BOOT UINT64_STRUCT VolumeSize; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 4ee08bb7..ce86c9da 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -5577,6 +5577,14 @@ void handleError (HWND hwndDlg, int code, const char* srcPos) break; #endif + case ERR_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + + case ERR_SYSENC_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + default: StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code); MessageBoxW (hwndDlg, AppendSrcPos (szTmp, srcPos).c_str(), lpszTitle, ICON_HAND); @@ -8953,6 +8961,12 @@ retry: LastMountedVolumeDirty = mount.FilesystemDirty; + if (mount.VolumeMasterKeyVulnerable + && !Silent) + { + Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg); + } + if (mount.FilesystemDirty) { wchar_t msg[1024]; diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e3e96a1f..05f05749 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1638,6 +1638,9 @@ <entry lang="en" key="LINUX_LANGUAGE">Language</entry> <entry lang="en" key="LINUX_SELECT_SYS_DEFAULT_LANG">Select system's default language</entry> <entry lang="en" key="LINUX_RESTART_FOR_LANGUAGE_CHANGE">For the language change to come into effect, VeraCrypt needs to be restarted.</entry> + <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE">WARNING: The volume's master key is vulnerable to an attack that compromises data security.\n\nPlease create a new volume and transfer the data to it.</entry> + <entry lang="en" key="ERR_SYSENC_XTS_MASTERKEY_VULNERABLE">WARNING: The encrypted system's master key is vulnerable to an attack that compromises data security.\nPlease decrypt the system partition/drive and then re-encrypt it.</entry> + <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE_SHORT">WARNING: The volume's master key has a security vulnerability.</entry> </localization> <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="VeraCrypt"> diff --git a/src/Common/Password.c b/src/Common/Password.c index ae6b8035..f20dd257 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + nStatus = ERR_XTS_MASTERKEY_VULNERABLE; + if (nStatus == ERR_PASSWORD_WRONG) { continue; // Try next volume type diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 6f903e07..9f590885 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -494,7 +494,9 @@ enum ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32, ERR_USER_ABORT = 33, ERR_RAND_INIT_FAILED = 34, - ERR_CAPI_INIT_FAILED = 35 + ERR_CAPI_INIT_FAILED = 35, + ERR_XTS_MASTERKEY_VULNERABLE = 36, + ERR_SYSENC_XTS_MASTERKEY_VULNERABLE = 37 }; #endif // #ifndef TCDEFS_H diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index df1cd1e3..7ee519f6 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -597,6 +597,14 @@ KeyReady: ; goto err; } + // check that first half of keyInfo.master_keydata is different from the second half. If they are the same return error + if (memcmp (keyInfo->master_keydata, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)) == 0) + { + cryptoInfo->bVulnerableMasterKey = TRUE; + if (retHeaderCryptoInfo) + retHeaderCryptoInfo->bVulnerableMasterKey = TRUE; + } + status = ERR_SUCCESS; goto ret; } |