1 files changed, 49 insertions, 21 deletions
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp
index 3346ee3e..bc3f6f5a 100644
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -30,6 +30,27 @@
 
 namespace VeraCrypt
 {
+	class AdminPasswordTextRequestHandler : public GetStringFunctor
+	{
+		public:
+		AdminPasswordTextRequestHandler (TextUserInterface *userInterface) : UI (userInterface) { }
+		virtual void operator() (string &passwordStr)
+		{
+			UI->ShowString (_("Enter your user password or administrator password: "));
+
+			TextUserInterface::SetTerminalEcho (false);
+			finally_do ({ TextUserInterface::SetTerminalEcho (true); });
+
+			wstring wPassword (UI->ReadInputStreamLine());
+			finally_do_arg (wstring *, &wPassword, { StringConverter::Erase (*finally_arg); });
+
+			UI->ShowString (L"\n");
+
+			StringConverter::ToSingle (wPassword, passwordStr);
+		}
+		TextUserInterface *UI;
+	};
+
 	TextUserInterface::TextUserInterface ()
 	{
 #ifdef TC_UNIX
@@ -293,6 +314,7 @@ namespace VeraCrypt
 		hiddenVolumeMountOptions.EMVSupportEnabled = true;
 
 		VolumeType::Enum volumeType = VolumeType::Normal;
+		bool masterKeyVulnerable = false;
 
 		// Open both types of volumes
 		while (true)
@@ -366,6 +388,13 @@ namespace VeraCrypt
 				}
 			}
 
+			// check if volume master key is vulnerable
+			if (volume->IsMasterKeyVulnerable())
+			{
+				masterKeyVulnerable = true;
+				ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+			}
+
 			if (volumeType == VolumeType::Hidden)
 				hiddenVolume = volume;
 			else
@@ -433,6 +462,10 @@ namespace VeraCrypt
 
 		ShowString (L"\n");
 		ShowInfo ("VOL_HEADER_BACKED_UP");
+
+		// display again warning that master key is vulnerable
+		if (masterKeyVulnerable)
+			ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
 	}
 
 	void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
@@ -511,6 +544,12 @@ namespace VeraCrypt
 			break;
 		}
 
+		// display warning if volume master key is vulnerable
+		if (volume->IsMasterKeyVulnerable())
+		{
+			ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+		}
+
 		// New password
 		if (!newPassword.get() && !Preferences.NonInteractive)
 			newPassword = AskPassword (_("Enter new password"), true);
@@ -1095,27 +1134,7 @@ namespace VeraCrypt
 
 	shared_ptr <GetStringFunctor> TextUserInterface::GetAdminPasswordRequestHandler ()
 	{
-		struct AdminPasswordRequestHandler : public GetStringFunctor
-		{
-			AdminPasswordRequestHandler (TextUserInterface *userInterface) : UI (userInterface) { }
-			virtual void operator() (string &passwordStr)
-			{
-				UI->ShowString (_("Enter your user password or administrator password: "));
-
-				TextUserInterface::SetTerminalEcho (false);
-				finally_do ({ TextUserInterface::SetTerminalEcho (true); });
-
-				wstring wPassword (UI->ReadInputStreamLine());
-				finally_do_arg (wstring *, &wPassword, { StringConverter::Erase (*finally_arg); });
-
-				UI->ShowString (L"\n");
-
-				StringConverter::ToSingle (wPassword, passwordStr);
-			}
-			TextUserInterface *UI;
-		};
-
-		return shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler (this));
+		return shared_ptr <GetStringFunctor> (new AdminPasswordTextRequestHandler (this));
 	}
 
 	void TextUserInterface::ImportTokenKeyfiles () const
@@ -1538,6 +1557,7 @@ namespace VeraCrypt
 		/* force the display of the random enriching interface */
 		RandomNumberGenerator::SetEnrichedByUserStatus (false);
 
+		bool masterKeyVulnerable = false;
 		if (restoreInternalBackup)
 		{
 			// Restore header from the internal backup
@@ -1585,6 +1605,8 @@ namespace VeraCrypt
 				throw_err (LangString ["VOLUME_HAS_NO_BACKUP_HEADER"]);
 			}
 
+			masterKeyVulnerable = volume->IsMasterKeyVulnerable();
+
 			RandomNumberGenerator::Start();
 			UserEnrichRandomPool();
 
@@ -1672,6 +1694,7 @@ namespace VeraCrypt
 						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
 						{
 							decryptedLayout = layout;
+							masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable();
 							break;
 						}
 					}
@@ -1722,6 +1745,11 @@ namespace VeraCrypt
 
 		ShowString (L"\n");
 		ShowInfo ("VOL_HEADER_RESTORED");
+		// display warning if the volume master key is vulnerable
+		if (masterKeyVulnerable)
+		{
+			ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
+		}
 	}
 
 	void TextUserInterface::SetTerminalEcho (bool enable)