VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Apidrvr.h3
-rw-r--r--src/Common/BootEncryption.cpp5
-rw-r--r--src/Common/Crypto.h2
-rw-r--r--src/Common/Dlgcode.c14
-rw-r--r--src/Common/Language.xml3
-rw-r--r--src/Common/Password.c4
-rw-r--r--src/Common/Tcdefs.h4
-rw-r--r--src/Common/Volumes.c8
8 files changed, 42 insertions, 1 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 4074503d..04d69c05 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -177,6 +177,7 @@ typedef struct
ULONG MaximumTransferLength;
ULONG MaximumPhysicalPages;
ULONG AlignmentMask;
+ BOOL VolumeMasterKeyVulnerable;
} MOUNT_STRUCT;
typedef struct
@@ -316,6 +317,8 @@ typedef struct
// is read-only (or mounted an outer/normal TrueCrypt volume as read only)
uint32 HiddenSysLeakProtectionCount;
+ BOOL MasterKeyVulnerable;
+
} BootEncryptionStatus;
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index 2080a44b..2be81416 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -1462,6 +1462,7 @@ namespace VeraCrypt
/* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */
BootEncryptionStatus status;
+ memset (&status, 0, sizeof(status));
CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status));
return status;
}
@@ -5401,6 +5402,10 @@ namespace VeraCrypt
int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL);
finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
+ // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
+ if (cryptoInfo->bVulnerableMasterKey)
+ status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE;
+
if (status != 0)
{
handleError (hwndDlg, status, SRC_POS);
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index 178e08e1..89d22f0e 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -277,6 +277,8 @@ typedef struct CRYPTO_INFO_t
uint32 SectorSize;
+ BOOL bVulnerableMasterKey; // TRUE if XTS primary key is identical to secondary key (i.e. the volume is vulnerable to attack on XTS mode)
+
#endif // !TC_WINDOWS_BOOT
UINT64_STRUCT VolumeSize;
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 4ee08bb7..ce86c9da 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -5577,6 +5577,14 @@ void handleError (HWND hwndDlg, int code, const char* srcPos)
break;
#endif
+ case ERR_XTS_MASTERKEY_VULNERABLE:
+ MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND);
+ break;
+
+ case ERR_SYSENC_XTS_MASTERKEY_VULNERABLE:
+ MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND);
+ break;
+
default:
StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code);
MessageBoxW (hwndDlg, AppendSrcPos (szTmp, srcPos).c_str(), lpszTitle, ICON_HAND);
@@ -8953,6 +8961,12 @@ retry:
LastMountedVolumeDirty = mount.FilesystemDirty;
+ if (mount.VolumeMasterKeyVulnerable
+ && !Silent)
+ {
+ Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg);
+ }
+
if (mount.FilesystemDirty)
{
wchar_t msg[1024];
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index e3e96a1f..05f05749 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1638,6 +1638,9 @@
<entry lang="en" key="LINUX_LANGUAGE">Language</entry>
<entry lang="en" key="LINUX_SELECT_SYS_DEFAULT_LANG">Select system's default language</entry>
<entry lang="en" key="LINUX_RESTART_FOR_LANGUAGE_CHANGE">For the language change to come into effect, VeraCrypt needs to be restarted.</entry>
+ <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE">WARNING: The volume's master key is vulnerable to an attack that compromises data security.\n\nPlease create a new volume and transfer the data to it.</entry>
+ <entry lang="en" key="ERR_SYSENC_XTS_MASTERKEY_VULNERABLE">WARNING: The encrypted system's master key is vulnerable to an attack that compromises data security.\nPlease decrypt the system partition/drive and then re-encrypt it.</entry>
+ <entry lang="en" key="ERR_XTS_MASTERKEY_VULNERABLE_SHORT">WARNING: The volume's master key has a security vulnerability.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
diff --git a/src/Common/Password.c b/src/Common/Password.c
index ae6b8035..f20dd257 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
if (nStatus == ERR_CIPHER_INIT_WEAK_KEY)
nStatus = 0; // We can ignore this error here
+ // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
+ if (cryptoInfo->bVulnerableMasterKey)
+ nStatus = ERR_XTS_MASTERKEY_VULNERABLE;
+
if (nStatus == ERR_PASSWORD_WRONG)
{
continue; // Try next volume type
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 6f903e07..9f590885 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -494,7 +494,9 @@ enum
ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32,
ERR_USER_ABORT = 33,
ERR_RAND_INIT_FAILED = 34,
- ERR_CAPI_INIT_FAILED = 35
+ ERR_CAPI_INIT_FAILED = 35,
+ ERR_XTS_MASTERKEY_VULNERABLE = 36,
+ ERR_SYSENC_XTS_MASTERKEY_VULNERABLE = 37
};
#endif // #ifndef TCDEFS_H
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index df1cd1e3..7ee519f6 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -597,6 +597,14 @@ KeyReady: ;
goto err;
}
+ // check that first half of keyInfo.master_keydata is different from the second half. If they are the same return error
+ if (memcmp (keyInfo->master_keydata, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)) == 0)
+ {
+ cryptoInfo->bVulnerableMasterKey = TRUE;
+ if (retHeaderCryptoInfo)
+ retHeaderCryptoInfo->bVulnerableMasterKey = TRUE;
+ }
+
status = ERR_SUCCESS;
goto ret;
}