VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Main/UserInterface.cpp
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-02 00:20:53 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2024-08-02 00:20:53 +0200
commited1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch)
tree14dfb134969574b7f0d869c455981418c652780e /src/Main/UserInterface.cpp
parent6121ca02397e75fe51b2c76111ef836556fedb49 (diff)
downloadVeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz
VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Diffstat (limited to 'src/Main/UserInterface.cpp')
-rw-r--r--src/Main/UserInterface.cpp17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index 0f11ec0b..ad2f22b8 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -652,6 +652,7 @@ namespace VeraCrypt
bool protectedVolumeMounted = false;
bool legacyVolumeMounted = false;
+ bool vulnerableVolumeMounted = false;
foreach_ref (const HostDevice &device, devices)
{
@@ -694,6 +695,10 @@ namespace VeraCrypt
if (newMountedVolumes.back()->EncryptionAlgorithmMinBlockSize == 8)
legacyVolumeMounted = true;
+
+ if (newMountedVolumes.back()->MasterKeyVulnerable)
+ vulnerableVolumeMounted = true;
+
}
catch (DriverError&) { }
catch (MissingVolumeData&) { }
@@ -708,6 +713,9 @@ namespace VeraCrypt
}
else
{
+ if (vulnerableVolumeMounted)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+
if (someVolumesShared)
ShowWarning ("DEVICE_IN_USE_INFO");
@@ -741,10 +749,12 @@ namespace VeraCrypt
favorite.ToMountOptions (options);
+ bool mountPerformed = false;
if (Preferences.NonInteractive)
{
BusyScope busy (this);
newMountedVolumes.push_back (Core->MountVolume (options));
+ mountPerformed = true;
}
else
{
@@ -752,6 +762,7 @@ namespace VeraCrypt
{
BusyScope busy (this);
newMountedVolumes.push_back (Core->MountVolume (options));
+ mountPerformed = true;
}
catch (...)
{
@@ -769,6 +780,9 @@ namespace VeraCrypt
newMountedVolumes.push_back (volume);
}
}
+
+ if (mountPerformed && newMountedVolumes.back()->MasterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
if (!newMountedVolumes.empty() && GetPreferences().CloseSecurityTokenSessionsAfterMount)
@@ -805,6 +819,9 @@ namespace VeraCrypt
}
}
+ if (volume->MasterKeyVulnerable)
+ ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+
if (volume->EncryptionAlgorithmMinBlockSize == 8)
ShowWarning ("WARN_64_BIT_BLOCK_CIPHER");