From ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Fri, 2 Aug 2024 00:20:53 +0200 Subject: Implement detection of volumes with vulnerable XTS master key. If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key. --- src/Volume/Volume.h | 1 + src/Volume/VolumeHeader.cpp | 7 +++++++ src/Volume/VolumeHeader.h | 2 ++ src/Volume/VolumeInfo.cpp | 3 +++ src/Volume/VolumeInfo.h | 2 +- 5 files changed, 14 insertions(+), 1 deletion(-) (limited to 'src/Volume') diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index c816da58..4b91e435 100644 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -114,6 +114,7 @@ namespace VeraCrypt void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; } + bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); } protected: void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index 57b63394..2b8699a3 100644 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -47,6 +47,7 @@ namespace VeraCrypt EncryptedAreaLength = 0; Flags = 0; SectorSize = 0; + XtsKeyVulnerable = false; } void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options) @@ -62,6 +63,9 @@ namespace VeraCrypt DataAreaKey.Zero(); DataAreaKey.CopyFrom (options.DataKey); + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0); + VolumeCreationTime = 0; HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0); VolumeDataSize = options.VolumeDataSize; @@ -235,6 +239,9 @@ namespace VeraCrypt ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); #endif mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0); } else { diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 85908711..18a52950 100644 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -76,6 +76,7 @@ namespace VeraCrypt uint64 GetVolumeDataSize () const { return VolumeDataSize; } VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; } void SetSize (uint32 headerSize); + bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; } protected: bool Deserialize (const ConstBufferPtr &header, shared_ptr &ea, shared_ptr &mode); @@ -120,6 +121,7 @@ namespace VeraCrypt uint32 SectorSize; SecureBuffer DataAreaKey; + bool XtsKeyVulnerable; private: VolumeHeader (const VolumeHeader &); diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp index 699e203f..f3b044b7 100644 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -55,6 +55,7 @@ namespace VeraCrypt VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("Pim", Pim); + sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr first, shared_ptr second) @@ -95,6 +96,7 @@ namespace VeraCrypt sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("Pim", Pim); + sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable); } void VolumeInfo::Set (const Volume &volume) @@ -119,6 +121,7 @@ namespace VeraCrypt TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); Pim = volume.GetPim (); + MasterKeyVulnerable = volume.IsMasterKeyVulnerable(); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 1adc87e3..ad6c2ca4 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -61,7 +61,7 @@ namespace VeraCrypt DevicePath VirtualDevice; VolumeTime VolumeCreationTime; int Pim; - + bool MasterKeyVulnerable; private: VolumeInfo (const VolumeInfo &); VolumeInfo &operator= (const VolumeInfo &); -- cgit v1.2.3