diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
| commit | ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch) | |
| tree | 14dfb134969574b7f0d869c455981418c652780e /src/Main/TextUserInterface.cpp | |
| parent | 6121ca02397e75fe51b2c76111ef836556fedb49 (diff) | |
| download | VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip | |
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Diffstat (limited to 'src/Main/TextUserInterface.cpp')
| -rw-r--r-- | src/Main/TextUserInterface.cpp | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp index 8494a45c..bc3f6f5a 100644 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -314,6 +314,7 @@ namespace VeraCrypt hiddenVolumeMountOptions.EMVSupportEnabled = true; VolumeType::Enum volumeType = VolumeType::Normal; + bool masterKeyVulnerable = false; // Open both types of volumes while (true) @@ -387,6 +388,13 @@ namespace VeraCrypt } } + // check if volume master key is vulnerable + if (volume->IsMasterKeyVulnerable()) + { + masterKeyVulnerable = true; + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } + if (volumeType == VolumeType::Hidden) hiddenVolume = volume; else @@ -454,6 +462,10 @@ namespace VeraCrypt ShowString (L"\n"); ShowInfo ("VOL_HEADER_BACKED_UP"); + + // display again warning that master key is vulnerable + if (masterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); } void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const @@ -532,6 +544,12 @@ namespace VeraCrypt break; } + // display warning if volume master key is vulnerable + if (volume->IsMasterKeyVulnerable()) + { + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } + // New password if (!newPassword.get() && !Preferences.NonInteractive) newPassword = AskPassword (_("Enter new password"), true); @@ -1539,6 +1557,7 @@ namespace VeraCrypt /* force the display of the random enriching interface */ RandomNumberGenerator::SetEnrichedByUserStatus (false); + bool masterKeyVulnerable = false; if (restoreInternalBackup) { // Restore header from the internal backup @@ -1586,6 +1605,8 @@ namespace VeraCrypt throw_err (LangString ["VOLUME_HAS_NO_BACKUP_HEADER"]); } + masterKeyVulnerable = volume->IsMasterKeyVulnerable(); + RandomNumberGenerator::Start(); UserEnrichRandomPool(); @@ -1673,6 +1694,7 @@ namespace VeraCrypt if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; + masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable(); break; } } @@ -1723,6 +1745,11 @@ namespace VeraCrypt ShowString (L"\n"); ShowInfo ("VOL_HEADER_RESTORED"); + // display warning if the volume master key is vulnerable + if (masterKeyVulnerable) + { + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } } void TextUserInterface::SetTerminalEcho (bool enable) |