From 6ca598f8418a1ab12ff7353c534d610b4dbac943 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 29 Jul 2015 00:09:14 +0200 Subject: Windows: Implement Evil-Maid-Attack detection mechanism. Write the correct bootloader when changing the system encryption password: this enables to recover if an attack is detected. --- src/Common/Apidrvr.h | 6 +++++ src/Common/BootEncryption.cpp | 59 ++++++++++++++++++++++++++++++++++++++++--- src/Common/BootEncryption.h | 4 +++ src/Common/Language.xml | 1 + src/Common/Volumes.c | 37 +++++++++++++++++++++++++++ src/Common/Volumes.h | 3 +++ 6 files changed, 107 insertions(+), 3 deletions(-) (limited to 'src/Common') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index ee40aa8a..16b1641f 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -62,6 +62,7 @@ #define TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY TC_IOCTL (36) #define TC_IOCTL_REREAD_DRIVER_CONFIG TC_IOCTL (37) #define TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG TC_IOCTL (38) +#define VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT TC_IOCTL (39) // Legacy IOCTLs used before version 5.0 #define TC_IOCTL_LEGACY_GET_DRIVER_VERSION 466968 @@ -254,6 +255,11 @@ typedef struct char BootPrfAlgorithmName[256]; } GetBootEncryptionAlgorithmNameRequest; +typedef struct +{ + byte Fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; +} BootLoaderFingerprintRequest; + typedef struct { wchar_t DevicePath[TC_MAX_PATH]; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index a83db22d..d9570062 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -826,6 +826,12 @@ namespace VeraCrypt return version; } + void BootEncryption::GetInstalledBootLoaderFingerprint (byte fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]) + { + BootLoaderFingerprintRequest request; + CallDriver (VC_IOCTL_GET_BOOT_LOADER_FINGERPRINT, NULL, 0, &request, sizeof (request)); + memcpy (fingerprint, request.Fingerprint, sizeof (request.Fingerprint)); + } // Note that this does not require admin rights (it just requires the driver to be running) bool BootEncryption::IsBootLoaderOnDrive (char *devicePath) @@ -1492,12 +1498,18 @@ namespace VeraCrypt void BootEncryption::InstallBootLoader (bool preserveUserConfig, bool hiddenOSCreation) { - byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE]; + Device device (GetSystemDriveConfiguration().DevicePath); + device.CheckOpened (SRC_POS); + + InstallBootLoader (device, preserveUserConfig, hiddenOSCreation); + } + + void BootEncryption::InstallBootLoader (Device& device, bool preserveUserConfig, bool hiddenOSCreation) + { + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0}; CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, hiddenOSCreation); // Write MBR - Device device (GetSystemDriveConfiguration().DevicePath); - device.CheckOpened (SRC_POS); byte mbr[TC_SECTOR_SIZE_BIOS]; device.SeekAt (0); @@ -1530,6 +1542,38 @@ namespace VeraCrypt device.Write (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, sizeof (bootLoaderBuf) - TC_SECTOR_SIZE_BIOS); } +#ifndef SETUP + bool BootEncryption::CheckBootloaderFingerprint (bool bSilent) + { + byte bootLoaderBuf[TC_BOOT_LOADER_AREA_SIZE - TC_BOOT_ENCRYPTION_VOLUME_HEADER_SIZE] = {0}; + byte fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; + byte expectedFingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]; + bool bRet = false; + + try + { + // read bootloader fingerprint + GetInstalledBootLoaderFingerprint (fingerprint); + + // compute expected fingerprint + CreateBootLoaderInMemory (bootLoaderBuf, sizeof (bootLoaderBuf), false, false); + ::ComputeBootloaderFingerprint (bootLoaderBuf, sizeof (bootLoaderBuf), expectedFingerprint); + + // compare values + if (0 == memcmp (fingerprint, expectedFingerprint, sizeof (expectedFingerprint))) + { + bRet = true; + } + } + catch (Exception& e) + { + if (!bSilent) + e.Show (ParentWindow); + } + + return bRet; + } +#endif string BootEncryption::GetSystemLoaderBackupPath () { @@ -2415,6 +2459,15 @@ namespace VeraCrypt reopenRequest.pim = pim; finally_do_arg (ReopenBootVolumeHeaderRequest*, &reopenRequest, { burn (finally_arg, sizeof (*finally_arg)); }); + try + { + // force update of bootloader if fingerprint doesn't match + if (!CheckBootloaderFingerprint (true)) + InstallBootLoader (device, true); + } + catch (...) + {} + CallDriver (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER, &reopenRequest, sizeof (reopenRequest)); } diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index 6ac42cd3..c93058ad 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -140,6 +140,7 @@ namespace VeraCrypt DumpFilter }; + void SetParentWindow (HWND parent) { ParentWindow = parent; } void AbortDecoyOSWipe (); void AbortSetup (); void AbortSetupWait (); @@ -157,6 +158,7 @@ namespace VeraCrypt DWORD GetDriverServiceStartType (); unsigned int GetHiddenOSCreationPhase (); uint16 GetInstalledBootLoaderVersion (); + void GetInstalledBootLoaderFingerprint (byte fingerprint[WHIRLPOOL_DIGESTSIZE + SHA512_DIGESTSIZE]); Partition GetPartitionForHiddenOS (); bool IsBootLoaderOnDrive (char *devicePath); BootEncryptionStatus GetStatus (); @@ -164,7 +166,9 @@ namespace VeraCrypt void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties); SystemDriveConfiguration GetSystemDriveConfiguration (); void Install (bool hiddenSystem); + void InstallBootLoader (Device& device, bool preserveUserConfig = false, bool hiddenOSCreation = false); void InstallBootLoader (bool preserveUserConfig = false, bool hiddenOSCreation = false); + bool CheckBootloaderFingerprint (bool bSilent = false); void InvalidateCachedSysDriveProperties (); bool IsCDDrivePresent (); bool IsHiddenSystemRunning (); diff --git a/src/Common/Language.xml b/src/Common/Language.xml index a02da93c..b84b54cd 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1059,6 +1059,7 @@ Failed to restore the original system loader.\n\nPlease use your VeraCrypt Rescue Disk ('Repair Options' > 'Restore original system loader') or Windows installation medium to replace the VeraCrypt Boot Loader with the Windows system loader. The original system loader will not be stored on the Rescue Disk (probable cause: missing backup file). Failed to write the MBR sector.\n\nYour BIOS may be configured to protect the MBR sector. Check your BIOS settings (press F2, Delete, or Esc, after powering on your computer) for MBR/antivirus protection. + WARNING: The verification of VeraCrypt bootloader fingerprint failed!\nYour disk may have been tampered with by an attacker ("Evil Maid" attack).\n\nThis warning can also be triggered if you restored VeraCrypt boot loader using an Rescue Disk generated using a different VeraCrypt version.\n\nYou are advised to change your password immediately which will also restore the correct VeraCrypt bootloader. It is recommended to reinstall VeraCrypt and to take measures to avoid access to this machine by untrusted entities. The required version of the VeraCrypt Boot Loader is currently not installed. This may prevent some of the settings from being saved. Note: In some situations, you may wish to prevent a person (adversary) that is watching you start the computer from knowing that you use VeraCrypt. The above options allow you to do that by customizing the VeraCrypt boot loader screen. If you enable the first option, no texts will be displayed by the boot loader (not even when you enter the wrong password). The computer will appear to be "frozen" while you can type your password. In addition, a custom message can be displayed to mislead the adversary. For example, fake error messages such as "Missing operating system" (which is normally displayed by the Windows boot loader if it finds no Windows boot partition). It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader. WARNING: Please keep in mind that if you enable this option, the VeraCrypt boot loader will not display any texts (not even when you enter the wrong password). The computer will appear to be "frozen" (unresponsive) while you can type your password (the cursor will NOT move and no asterisk will be displayed when you press a key).\n\nAre you sure you want to enable this option? diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index d557d171..545f6c62 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -35,6 +35,7 @@ #ifdef _WIN32 #include +#include "../Boot/Windows/BootCommon.h" #endif /* Volume header v5 structure (used since TrueCrypt 7.0): */ @@ -578,6 +579,42 @@ ret: return status; } +#ifdef _WIN32 +void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint) +{ + // compute Whirlpool+SHA512 fingerprint of bootloader including MBR + // we skip user configuration fields: + // TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET = 402 + // => TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE = 4 + // TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = 406 + // => TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH = 24 + // TC_BOOT_SECTOR_USER_CONFIG_OFFSET = 438 + // + // we have: TC_BOOT_SECTOR_USER_MESSAGE_OFFSET = TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET + TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_SIZE + + WHIRLPOOL_CTX whirlpool; + sha512_ctx sha2; + + WHIRLPOOL_init (&whirlpool); + sha512_begin (&sha2); + + WHIRLPOOL_add (bootLoaderBuf, TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET * 8, &whirlpool); + sha512_hash (bootLoaderBuf, TC_BOOT_SECTOR_OUTER_VOLUME_BAK_HEADER_CRC_OFFSET, &sha2); + + WHIRLPOOL_add (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)) * 8, &whirlpool); + sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH, (TC_BOOT_SECTOR_USER_CONFIG_OFFSET - (TC_BOOT_SECTOR_USER_MESSAGE_OFFSET + TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH)), &sha2); + + WHIRLPOOL_add (bootLoaderBuf + TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1, (TC_MAX_MBR_BOOT_CODE_SIZE - (TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1)) * 8, &whirlpool); + sha512_hash (bootLoaderBuf + TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1, (TC_MAX_MBR_BOOT_CODE_SIZE - (TC_BOOT_SECTOR_USER_CONFIG_OFFSET + 1)), &sha2); + + WHIRLPOOL_add (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS) * 8, &whirlpool); + sha512_hash (bootLoaderBuf + TC_SECTOR_SIZE_BIOS, (bootLoaderSize - TC_SECTOR_SIZE_BIOS), &sha2); + + WHIRLPOOL_finalize (&whirlpool, fingerprint); + sha512_end (&fingerprint [WHIRLPOOL_DIGESTSIZE], &sha2); +} +#endif + #else // TC_WINDOWS_BOOT int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo) diff --git a/src/Common/Volumes.h b/src/Common/Volumes.h index 76a14966..016d989f 100644 --- a/src/Common/Volumes.h +++ b/src/Common/Volumes.h @@ -130,6 +130,9 @@ UINT64_STRUCT GetHeaderField64 (byte *header, int offset); int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pim, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); #else int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int pkcs5_prf, int pim, BOOL truecryptMode, PCRYPTO_INFO *retInfo, CRYPTO_INFO *retHeaderCryptoInfo); +#ifdef _WIN32 +void ComputeBootloaderFingerprint (byte *bootLoaderBuf, unsigned int bootLoaderSize, byte* fingerprint); +#endif #endif #if !defined (DEVICE_DRIVER) && !defined (TC_WINDOWS_BOOT) -- cgit v1.2.3