diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-05 10:55:46 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-08-05 10:55:46 +0200 |
| commit | 16bb1de3a6addec1c07b9ffc3fcd616744a3f15c (patch) | |
| tree | 88b097e6b92adab798638d337d3f9cc77ac221b7 /src/Core | |
| parent | e8f83544ead2011112788d48bff610574f5d6395 (diff) | |
| download | VeraCrypt-16bb1de3a6addec1c07b9ffc3fcd616744a3f15c.tar.gz VeraCrypt-16bb1de3a6addec1c07b9ffc3fcd616744a3f15c.zip | |
Security: ensure that XTS primary key is different from secondary key when creating volumes
This is unlikely to happen thanks to random generator properties but we much add this check to prevent an attack described in page 3 of https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf
Diffstat (limited to 'src/Core')
| -rw-r--r-- | src/Core/VolumeCreator.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp index d5caa846..5f19a66d 100644 --- a/src/Core/VolumeCreator.cpp +++ b/src/Core/VolumeCreator.cpp @@ -298,6 +298,11 @@ namespace VeraCrypt // Master data key MasterKey.Allocate (options->EA->GetKeySize() * 2); RandomNumberGenerator::GetData (MasterKey); + // check that first half of MasterKey is different from its second half. If they are the same, through an exception + // cf CCSS,NSA comment at page 3: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/initial-comments/sp800-38e-initial-public-comments-2021.pdf + if (memcmp (MasterKey.Ptr(), MasterKey.Ptr() + MasterKey.Size() / 2, MasterKey.Size() / 2) == 0) + throw AssertionFailed (SRC_POS); + headerOptions.DataKey = MasterKey; // PKCS5 salt |