From ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Fri, 2 Aug 2024 00:20:53 +0200 Subject: Implement detection of volumes with vulnerable XTS master key. If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key. --- src/Common/Apidrvr.h | 3 +++ src/Common/BootEncryption.cpp | 5 +++++ src/Common/Crypto.h | 2 ++ src/Common/Dlgcode.c | 14 ++++++++++++++ src/Common/Language.xml | 3 +++ src/Common/Password.c | 4 ++++ src/Common/Tcdefs.h | 4 +++- src/Common/Volumes.c | 8 ++++++++ 8 files changed, 42 insertions(+), 1 deletion(-) (limited to 'src/Common') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 4074503d..04d69c05 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -177,6 +177,7 @@ typedef struct ULONG MaximumTransferLength; ULONG MaximumPhysicalPages; ULONG AlignmentMask; + BOOL VolumeMasterKeyVulnerable; } MOUNT_STRUCT; typedef struct @@ -316,6 +317,8 @@ typedef struct // is read-only (or mounted an outer/normal TrueCrypt volume as read only) uint32 HiddenSysLeakProtectionCount; + BOOL MasterKeyVulnerable; + } BootEncryptionStatus; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2080a44b..2be81416 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1462,6 +1462,7 @@ namespace VeraCrypt /* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */ BootEncryptionStatus status; + memset (&status, 0, sizeof(status)); CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status)); return status; } @@ -5401,6 +5402,10 @@ namespace VeraCrypt int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE; + if (status != 0) { handleError (hwndDlg, status, SRC_POS); diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 178e08e1..89d22f0e 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -277,6 +277,8 @@ typedef struct CRYPTO_INFO_t uint32 SectorSize; + BOOL bVulnerableMasterKey; // TRUE if XTS primary key is identical to secondary key (i.e. the volume is vulnerable to attack on XTS mode) + #endif // !TC_WINDOWS_BOOT UINT64_STRUCT VolumeSize; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 4ee08bb7..ce86c9da 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -5577,6 +5577,14 @@ void handleError (HWND hwndDlg, int code, const char* srcPos) break; #endif + case ERR_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + + case ERR_SYSENC_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + default: StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code); MessageBoxW (hwndDlg, AppendSrcPos (szTmp, srcPos).c_str(), lpszTitle, ICON_HAND); @@ -8953,6 +8961,12 @@ retry: LastMountedVolumeDirty = mount.FilesystemDirty; + if (mount.VolumeMasterKeyVulnerable + && !Silent) + { + Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg); + } + if (mount.FilesystemDirty) { wchar_t msg[1024]; diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e3e96a1f..05f05749 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1638,6 +1638,9 @@ Language Select system's default language For the language change to come into effect, VeraCrypt needs to be restarted. + WARNING: The volume's master key is vulnerable to an attack that compromises data security.\n\nPlease create a new volume and transfer the data to it. + WARNING: The encrypted system's master key is vulnerable to an attack that compromises data security.\nPlease decrypt the system partition/drive and then re-encrypt it. + WARNING: The volume's master key has a security vulnerability. diff --git a/src/Common/Password.c b/src/Common/Password.c index ae6b8035..f20dd257 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + nStatus = ERR_XTS_MASTERKEY_VULNERABLE; + if (nStatus == ERR_PASSWORD_WRONG) { continue; // Try next volume type diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 6f903e07..9f590885 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -494,7 +494,9 @@ enum ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32, ERR_USER_ABORT = 33, ERR_RAND_INIT_FAILED = 34, - ERR_CAPI_INIT_FAILED = 35 + ERR_CAPI_INIT_FAILED = 35, + ERR_XTS_MASTERKEY_VULNERABLE = 36, + ERR_SYSENC_XTS_MASTERKEY_VULNERABLE = 37 }; #endif // #ifndef TCDEFS_H diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index df1cd1e3..7ee519f6 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -597,6 +597,14 @@ KeyReady: ; goto err; } + // check that first half of keyInfo.master_keydata is different from the second half. If they are the same return error + if (memcmp (keyInfo->master_keydata, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)) == 0) + { + cryptoInfo->bVulnerableMasterKey = TRUE; + if (retHeaderCryptoInfo) + retHeaderCryptoInfo->bVulnerableMasterKey = TRUE; + } + status = ERR_SUCCESS; goto ret; } -- cgit v1.2.3