diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-02 00:20:53 +0200 |
| commit | ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c (patch) | |
| tree | 14dfb134969574b7f0d869c455981418c652780e /src/Main/UserInterface.cpp | |
| parent | 6121ca02397e75fe51b2c76111ef836556fedb49 (diff) | |
| download | VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.tar.gz VeraCrypt-ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c.zip | |
Implement detection of volumes with vulnerable XTS master key.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Diffstat (limited to 'src/Main/UserInterface.cpp')
| -rw-r--r-- | src/Main/UserInterface.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index 0f11ec0b..ad2f22b8 100644 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -652,6 +652,7 @@ namespace VeraCrypt bool protectedVolumeMounted = false; bool legacyVolumeMounted = false; + bool vulnerableVolumeMounted = false; foreach_ref (const HostDevice &device, devices) { @@ -694,6 +695,10 @@ namespace VeraCrypt if (newMountedVolumes.back()->EncryptionAlgorithmMinBlockSize == 8) legacyVolumeMounted = true; + + if (newMountedVolumes.back()->MasterKeyVulnerable) + vulnerableVolumeMounted = true; + } catch (DriverError&) { } catch (MissingVolumeData&) { } @@ -708,6 +713,9 @@ namespace VeraCrypt } else { + if (vulnerableVolumeMounted) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + if (someVolumesShared) ShowWarning ("DEVICE_IN_USE_INFO"); @@ -741,10 +749,12 @@ namespace VeraCrypt favorite.ToMountOptions (options); + bool mountPerformed = false; if (Preferences.NonInteractive) { BusyScope busy (this); newMountedVolumes.push_back (Core->MountVolume (options)); + mountPerformed = true; } else { @@ -752,6 +762,7 @@ namespace VeraCrypt { BusyScope busy (this); newMountedVolumes.push_back (Core->MountVolume (options)); + mountPerformed = true; } catch (...) { @@ -769,6 +780,9 @@ namespace VeraCrypt newMountedVolumes.push_back (volume); } } + + if (mountPerformed && newMountedVolumes.back()->MasterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); } if (!newMountedVolumes.empty() && GetPreferences().CloseSecurityTokenSessionsAfterMount) @@ -805,6 +819,9 @@ namespace VeraCrypt } } + if (volume->MasterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + if (volume->EncryptionAlgorithmMinBlockSize == 8) ShowWarning ("WARN_64_BIT_BLOCK_CIPHER"); |