From ed1263bf8c6c678420eb1b9ad3f37d3a6d33af7c Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Fri, 2 Aug 2024 00:20:53 +0200 Subject: Implement detection of volumes with vulnerable XTS master key. If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key. --- src/Common/Apidrvr.h | 3 +++ src/Common/BootEncryption.cpp | 5 +++++ src/Common/Crypto.h | 2 ++ src/Common/Dlgcode.c | 14 ++++++++++++++ src/Common/Language.xml | 3 +++ src/Common/Password.c | 4 ++++ src/Common/Tcdefs.h | 4 +++- src/Common/Volumes.c | 8 ++++++++ src/Core/Core.h | 8 ++++++-- src/Core/CoreBase.cpp | 3 ++- src/Core/CoreBase.h | 2 +- src/Driver/DriveFilter.c | 9 ++++++++- src/Driver/Ntvol.c | 4 ++++ src/ExpandVolume/ExpandVolume.c | 6 ++++++ src/Main/Forms/ChangePasswordDialog.cpp | 5 +++++ src/Main/GraphicUserInterface.cpp | 22 ++++++++++++++++++++++ src/Main/TextUserInterface.cpp | 27 +++++++++++++++++++++++++++ src/Main/UserInterface.cpp | 17 +++++++++++++++++ src/Mount/Mount.c | 32 ++++++++++++++++++++++++++++++++ src/Volume/Volume.h | 1 + src/Volume/VolumeHeader.cpp | 7 +++++++ src/Volume/VolumeHeader.h | 2 ++ src/Volume/VolumeInfo.cpp | 3 +++ src/Volume/VolumeInfo.h | 2 +- 24 files changed, 186 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 4074503d..04d69c05 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -177,6 +177,7 @@ typedef struct ULONG MaximumTransferLength; ULONG MaximumPhysicalPages; ULONG AlignmentMask; + BOOL VolumeMasterKeyVulnerable; } MOUNT_STRUCT; typedef struct @@ -316,6 +317,8 @@ typedef struct // is read-only (or mounted an outer/normal TrueCrypt volume as read only) uint32 HiddenSysLeakProtectionCount; + BOOL MasterKeyVulnerable; + } BootEncryptionStatus; diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2080a44b..2be81416 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -1462,6 +1462,7 @@ namespace VeraCrypt /* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */ BootEncryptionStatus status; + memset (&status, 0, sizeof(status)); CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status)); return status; } @@ -5401,6 +5402,10 @@ namespace VeraCrypt int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); }); + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE; + if (status != 0) { handleError (hwndDlg, status, SRC_POS); diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 178e08e1..89d22f0e 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -277,6 +277,8 @@ typedef struct CRYPTO_INFO_t uint32 SectorSize; + BOOL bVulnerableMasterKey; // TRUE if XTS primary key is identical to secondary key (i.e. the volume is vulnerable to attack on XTS mode) + #endif // !TC_WINDOWS_BOOT UINT64_STRUCT VolumeSize; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 4ee08bb7..ce86c9da 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -5577,6 +5577,14 @@ void handleError (HWND hwndDlg, int code, const char* srcPos) break; #endif + case ERR_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + + case ERR_SYSENC_XTS_MASTERKEY_VULNERABLE: + MessageBoxW (hwndDlg, AppendSrcPos (GetString ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE"), srcPos).c_str(), lpszTitle, ICON_HAND); + break; + default: StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("ERR_UNKNOWN"), code); MessageBoxW (hwndDlg, AppendSrcPos (szTmp, srcPos).c_str(), lpszTitle, ICON_HAND); @@ -8953,6 +8961,12 @@ retry: LastMountedVolumeDirty = mount.FilesystemDirty; + if (mount.VolumeMasterKeyVulnerable + && !Silent) + { + Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg); + } + if (mount.FilesystemDirty) { wchar_t msg[1024]; diff --git a/src/Common/Language.xml b/src/Common/Language.xml index e3e96a1f..05f05749 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -1638,6 +1638,9 @@ Language Select system's default language For the language change to come into effect, VeraCrypt needs to be restarted. + WARNING: The volume's master key is vulnerable to an attack that compromises data security.\n\nPlease create a new volume and transfer the data to it. + WARNING: The encrypted system's master key is vulnerable to an attack that compromises data security.\nPlease decrypt the system partition/drive and then re-encrypt it. + WARNING: The volume's master key has a security vulnerability. diff --git a/src/Common/Password.c b/src/Common/Password.c index ae6b8035..f20dd257 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -371,6 +371,10 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if (cryptoInfo->bVulnerableMasterKey) + nStatus = ERR_XTS_MASTERKEY_VULNERABLE; + if (nStatus == ERR_PASSWORD_WRONG) { continue; // Try next volume type diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 6f903e07..9f590885 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -494,7 +494,9 @@ enum ERR_NONSYS_INPLACE_ENC_INCOMPLETE = 32, ERR_USER_ABORT = 33, ERR_RAND_INIT_FAILED = 34, - ERR_CAPI_INIT_FAILED = 35 + ERR_CAPI_INIT_FAILED = 35, + ERR_XTS_MASTERKEY_VULNERABLE = 36, + ERR_SYSENC_XTS_MASTERKEY_VULNERABLE = 37 }; #endif // #ifndef TCDEFS_H diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index df1cd1e3..7ee519f6 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -597,6 +597,14 @@ KeyReady: ; goto err; } + // check that first half of keyInfo.master_keydata is different from the second half. If they are the same return error + if (memcmp (keyInfo->master_keydata, keyInfo->master_keydata + EAGetKeySize (cryptoInfo->ea), EAGetKeySize (cryptoInfo->ea)) == 0) + { + cryptoInfo->bVulnerableMasterKey = TRUE; + if (retHeaderCryptoInfo) + retHeaderCryptoInfo->bVulnerableMasterKey = TRUE; + } + status = ERR_SUCCESS; goto ret; } diff --git a/src/Core/Core.h b/src/Core/Core.h index 65ea5bee..b9e53021 100644 --- a/src/Core/Core.h +++ b/src/Core/Core.h @@ -82,9 +82,13 @@ namespace VeraCrypt shared_ptr m_newPkcs5Kdf; int m_wipeCount; bool m_emvSupportEnabled; - ChangePasswordThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled) {} + bool m_masterKeyVulnerable; + ChangePasswordThreadRoutine(shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newPkcs5Kdf, int wipeCount, bool emvSupportEnabled) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvSupportEnabled(emvSupportEnabled), m_masterKeyVulnerable(false) {} virtual ~ChangePasswordThreadRoutine() { } - virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); } + virtual void ExecutionCode(void) { + shared_ptr openVolume = Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvSupportEnabled, m_newPkcs5Kdf, m_wipeCount); + m_masterKeyVulnerable = openVolume->IsMasterKeyVulnerable(); + } }; class OpenVolumeThreadRoutine : public WaitThreadRoutine diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index 356d4348..0c6d5c9e 100644 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -77,10 +77,11 @@ namespace VeraCrypt } } - void CoreBase::ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, bool emvSupportEnabled, shared_ptr newPkcs5Kdf, int wipeCount) const + shared_ptr CoreBase::ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, bool emvSupportEnabled, shared_ptr newPkcs5Kdf, int wipeCount) const { shared_ptr volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, keyfiles, emvSupportEnabled); ChangePassword (volume, newPassword, newPim, newKeyfiles, emvSupportEnabled, newPkcs5Kdf, wipeCount); + return volume; } void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index 03aa922a..e646fce3 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -34,7 +34,7 @@ namespace VeraCrypt virtual ~CoreBase (); virtual void ChangePassword (shared_ptr openVolume, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, bool emvSupportEnabled, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; - virtual void ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, bool emvSupportEnabled, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; + virtual shared_ptr ChangePassword (shared_ptr volumePath, bool preserveTimestamps, shared_ptr password, int pim, shared_ptr kdf, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, bool emvSupportEnabled, shared_ptr newPkcs5Kdf = shared_ptr (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const; virtual void CheckFilesystem (shared_ptr mountedVolume, bool repair = false) const = 0; virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const; virtual void CreateKeyfile (const FilePath &keyfilePath) const; diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index a615797a..6fda3c37 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -522,10 +522,16 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pim, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0) { - // Header decrypted + // Header decrypted status = STATUS_SUCCESS; Dump ("Header decrypted\n"); + if (Extension->HeaderCryptoInfo->bVulnerableMasterKey) + { + // The volume header master key is vulnerable + Dump ("The volume header master key is vulnerable\n"); + } + // calculate Fingerprint ComputeBootLoaderFingerprint (Extension->LowerDeviceObject, header); @@ -2017,6 +2023,7 @@ void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp) bootEncStatus->ConfiguredEncryptedAreaStart = Extension->ConfiguredEncryptedAreaStart; bootEncStatus->ConfiguredEncryptedAreaEnd = Extension->ConfiguredEncryptedAreaEnd; bootEncStatus->EncryptedAreaStart = Extension->Queue.EncryptedAreaStart; + bootEncStatus->MasterKeyVulnerable = Extension->HeaderCryptoInfo->bVulnerableMasterKey; if (SetupInProgress) { diff --git a/src/Driver/Ntvol.c b/src/Driver/Ntvol.c index c26fcebf..68f63f16 100644 --- a/src/Driver/Ntvol.c +++ b/src/Driver/Ntvol.c @@ -89,6 +89,7 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, mount->VolumeMountedReadOnlyAfterDeviceWriteProtected = FALSE; mount->VolumeMountedReadOnlyAfterPartialSysEnc = FALSE; + mount->VolumeMasterKeyVulnerable = FALSE; // If we are opening a device, query its size first if (bRawDevice) @@ -648,6 +649,9 @@ NTSTATUS TCOpenVolume (PDEVICE_OBJECT DeviceObject, Dump ("Volume header decrypted\n"); Dump ("Required program version = %x\n", (int) Extension->cryptoInfo->RequiredProgramVersion); Dump ("Legacy volume = %d\n", (int) Extension->cryptoInfo->LegacyVolume); + Dump ("Master key vulnerable = %d\n", (int) Extension->cryptoInfo->bVulnerableMasterKey); + + mount->VolumeMasterKeyVulnerable = Extension->cryptoInfo->bVulnerableMasterKey; if (IsHiddenSystemRunning() && !Extension->cryptoInfo->hiddenVolume) { diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c index d9019ada..f79fd5b7 100644 --- a/src/ExpandVolume/ExpandVolume.c +++ b/src/ExpandVolume/ExpandVolume.c @@ -691,6 +691,12 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here + // if the volume master key is vulnerable, print a warning to inform the user + if (cryptoInfo->bVulnerableMasterKey) + { + DebugAddProgressDlgStatus(hwndDlg, GetString ("ERR_XTS_MASTERKEY_VULNERABLE_SHORT")); + } + if (nStatus != 0) { cryptoInfo = NULL; diff --git a/src/Main/Forms/ChangePasswordDialog.cpp b/src/Main/Forms/ChangePasswordDialog.cpp index 397ee693..39da8e60 100644 --- a/src/Main/Forms/ChangePasswordDialog.cpp +++ b/src/Main/Forms/ChangePasswordDialog.cpp @@ -171,6 +171,7 @@ namespace VeraCrypt RandomNumberGenerator::SetEnrichedByUserStatus (false); Gui->UserEnrichRandomPool (this, NewPasswordPanel->GetPkcs5Kdf() ? NewPasswordPanel->GetPkcs5Kdf()->GetHash() : shared_ptr ()); + bool masterKeyVulnerable = false; { #ifdef TC_UNIX // Temporarily take ownership of a device if the user is not an administrator @@ -193,6 +194,7 @@ namespace VeraCrypt CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetKeyfiles(), newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount(), Gui->GetPreferences().EMVSupportEnabled); Gui->ExecuteWaitThreadRoutine (this, &routine); + masterKeyVulnerable = routine.m_masterKeyVulnerable; } switch (DialogMode) @@ -214,6 +216,9 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); } + if (masterKeyVulnerable) + Gui->ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + EndModal (wxID_OK); } catch (UnportablePassword &e) diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp index 9169a548..41bfa100 100644 --- a/src/Main/GraphicUserInterface.cpp +++ b/src/Main/GraphicUserInterface.cpp @@ -191,6 +191,7 @@ namespace VeraCrypt hiddenVolumeMountOptions.Path = volumePath; VolumeType::Enum volumeType = VolumeType::Normal; + bool masterKeyVulnerable = false; // Open both types of volumes while (true) @@ -273,6 +274,13 @@ namespace VeraCrypt } } + // check if volume master key is vulnerable + if (volume->IsMasterKeyVulnerable()) + { + masterKeyVulnerable = true; + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } + if (volumeType == VolumeType::Hidden) hiddenVolume = volume; else @@ -366,6 +374,10 @@ namespace VeraCrypt } ShowWarning ("VOL_HEADER_BACKED_UP"); + + // display again warning that master key is vulnerable + if (masterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); } void GraphicUserInterface::BeginInteractiveBusyState (wxWindow *window) @@ -1440,6 +1452,7 @@ namespace VeraCrypt /* force the display of the random enriching interface */ RandomNumberGenerator::SetEnrichedByUserStatus (false); + bool masterKeyVulnerable = false; if (restoreInternalBackup) { // Restore header from the internal backup @@ -1492,6 +1505,8 @@ namespace VeraCrypt return; } + masterKeyVulnerable = volume->IsMasterKeyVulnerable(); + RandomNumberGenerator::Start(); UserEnrichRandomPool (nullptr); @@ -1590,6 +1605,7 @@ namespace VeraCrypt if (decryptRoutine.m_bResult) { + masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable(); decryptedLayout = layout; break; } @@ -1645,6 +1661,12 @@ namespace VeraCrypt } ShowInfo ("VOL_HEADER_RESTORED"); + + // display warning if the volume master key is vulnerable + if (masterKeyVulnerable) + { + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } } DevicePath GraphicUserInterface::SelectDevice (wxWindow *parent) const diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp index 8494a45c..bc3f6f5a 100644 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -314,6 +314,7 @@ namespace VeraCrypt hiddenVolumeMountOptions.EMVSupportEnabled = true; VolumeType::Enum volumeType = VolumeType::Normal; + bool masterKeyVulnerable = false; // Open both types of volumes while (true) @@ -387,6 +388,13 @@ namespace VeraCrypt } } + // check if volume master key is vulnerable + if (volume->IsMasterKeyVulnerable()) + { + masterKeyVulnerable = true; + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } + if (volumeType == VolumeType::Hidden) hiddenVolume = volume; else @@ -454,6 +462,10 @@ namespace VeraCrypt ShowString (L"\n"); ShowInfo ("VOL_HEADER_BACKED_UP"); + + // display again warning that master key is vulnerable + if (masterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); } void TextUserInterface::ChangePassword (shared_ptr volumePath, shared_ptr password, int pim, shared_ptr currentHash, shared_ptr keyfiles, shared_ptr newPassword, int newPim, shared_ptr newKeyfiles, shared_ptr newHash) const @@ -532,6 +544,12 @@ namespace VeraCrypt break; } + // display warning if volume master key is vulnerable + if (volume->IsMasterKeyVulnerable()) + { + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } + // New password if (!newPassword.get() && !Preferences.NonInteractive) newPassword = AskPassword (_("Enter new password"), true); @@ -1539,6 +1557,7 @@ namespace VeraCrypt /* force the display of the random enriching interface */ RandomNumberGenerator::SetEnrichedByUserStatus (false); + bool masterKeyVulnerable = false; if (restoreInternalBackup) { // Restore header from the internal backup @@ -1586,6 +1605,8 @@ namespace VeraCrypt throw_err (LangString ["VOLUME_HAS_NO_BACKUP_HEADER"]); } + masterKeyVulnerable = volume->IsMasterKeyVulnerable(); + RandomNumberGenerator::Start(); UserEnrichRandomPool(); @@ -1673,6 +1694,7 @@ namespace VeraCrypt if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; + masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable(); break; } } @@ -1723,6 +1745,11 @@ namespace VeraCrypt ShowString (L"\n"); ShowInfo ("VOL_HEADER_RESTORED"); + // display warning if the volume master key is vulnerable + if (masterKeyVulnerable) + { + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + } } void TextUserInterface::SetTerminalEcho (bool enable) diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index 0f11ec0b..ad2f22b8 100644 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -652,6 +652,7 @@ namespace VeraCrypt bool protectedVolumeMounted = false; bool legacyVolumeMounted = false; + bool vulnerableVolumeMounted = false; foreach_ref (const HostDevice &device, devices) { @@ -694,6 +695,10 @@ namespace VeraCrypt if (newMountedVolumes.back()->EncryptionAlgorithmMinBlockSize == 8) legacyVolumeMounted = true; + + if (newMountedVolumes.back()->MasterKeyVulnerable) + vulnerableVolumeMounted = true; + } catch (DriverError&) { } catch (MissingVolumeData&) { } @@ -708,6 +713,9 @@ namespace VeraCrypt } else { + if (vulnerableVolumeMounted) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + if (someVolumesShared) ShowWarning ("DEVICE_IN_USE_INFO"); @@ -741,10 +749,12 @@ namespace VeraCrypt favorite.ToMountOptions (options); + bool mountPerformed = false; if (Preferences.NonInteractive) { BusyScope busy (this); newMountedVolumes.push_back (Core->MountVolume (options)); + mountPerformed = true; } else { @@ -752,6 +762,7 @@ namespace VeraCrypt { BusyScope busy (this); newMountedVolumes.push_back (Core->MountVolume (options)); + mountPerformed = true; } catch (...) { @@ -769,6 +780,9 @@ namespace VeraCrypt newMountedVolumes.push_back (volume); } } + + if (mountPerformed && newMountedVolumes.back()->MasterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); } if (!newMountedVolumes.empty() && GetPreferences().CloseSecurityTokenSessionsAfterMount) @@ -805,6 +819,9 @@ namespace VeraCrypt } } + if (volume->MasterKeyVulnerable) + ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE"); + if (volume->EncryptionAlgorithmMinBlockSize == 8) ShowWarning ("WARN_64_BIT_BLOCK_CIPHER"); diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index c3898b72..444e44d7 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -1259,6 +1259,20 @@ static BOOL SysEncryptionOrDecryptionRequired (void) ); } +// Returns TRUE if system encryption master key is vulnerable +static BOOL SysEncryptionMasterKeyVulnerable (void) +{ + try + { + BootEncStatus = BootEncObj->GetStatus(); + return (BootEncStatus.DriveMounted || BootEncStatus.DriveEncrypted) && BootEncStatus.MasterKeyVulnerable; + } + catch (Exception &) + { + return FALSE; + } +} + // Returns TRUE if the system partition/drive is completely encrypted static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent) { @@ -7435,10 +7449,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa if (!Quit) // Do not care about system encryption or in-place encryption if we were launched from the system startup sequence (the wizard was added to it too). { + BOOL bActionPerformed = FALSE; if (SysEncryptionOrDecryptionRequired ()) { if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption { + bActionPerformed = TRUE; // We shouldn't block the mutex at this point if (SystemEncryptionStatus == SYSENC_STATUS_PRETEST @@ -7465,7 +7481,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa { BOOL bDecrypt = FALSE; if (AskNonSysInPlaceEncryptionResume(hwndDlg, &bDecrypt) == IDYES) + { + bActionPerformed = TRUE; ResumeInterruptedNonSysInplaceEncProcess (bDecrypt); + } + } + + if (!bActionPerformed) + { + // display warning if the master key is vulnerable + if (SysEncryptionMasterKeyVulnerable()) + WarningTopMost ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE", hwndDlg); } } @@ -11447,6 +11473,12 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume) handleError (hwndDlg, nStatus, SRC_POS); } + // display a warning if the master key is vulnerable + if (restoredCryptoInfo->bVulnerableMasterKey) + { + Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg); + } + BOOL hiddenVol = restoredCryptoInfo->hiddenVolume; if (legacyBackup) diff --git a/src/Volume/Volume.h b/src/Volume/Volume.h index c816da58..4b91e435 100644 --- a/src/Volume/Volume.h +++ b/src/Volume/Volume.h @@ -114,6 +114,7 @@ namespace VeraCrypt void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr newPkcs5Kdf); void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset); bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; } + bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); } protected: void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength); diff --git a/src/Volume/VolumeHeader.cpp b/src/Volume/VolumeHeader.cpp index 57b63394..2b8699a3 100644 --- a/src/Volume/VolumeHeader.cpp +++ b/src/Volume/VolumeHeader.cpp @@ -47,6 +47,7 @@ namespace VeraCrypt EncryptedAreaLength = 0; Flags = 0; SectorSize = 0; + XtsKeyVulnerable = false; } void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options) @@ -62,6 +63,9 @@ namespace VeraCrypt DataAreaKey.Zero(); DataAreaKey.CopyFrom (options.DataKey); + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0); + VolumeCreationTime = 0; HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0); VolumeDataSize = options.VolumeDataSize; @@ -235,6 +239,9 @@ namespace VeraCrypt ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); #endif mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize())); + + // check if the XTS key is vulnerable by comparing the two parts of the key + XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0); } else { diff --git a/src/Volume/VolumeHeader.h b/src/Volume/VolumeHeader.h index 85908711..18a52950 100644 --- a/src/Volume/VolumeHeader.h +++ b/src/Volume/VolumeHeader.h @@ -76,6 +76,7 @@ namespace VeraCrypt uint64 GetVolumeDataSize () const { return VolumeDataSize; } VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; } void SetSize (uint32 headerSize); + bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; } protected: bool Deserialize (const ConstBufferPtr &header, shared_ptr &ea, shared_ptr &mode); @@ -120,6 +121,7 @@ namespace VeraCrypt uint32 SectorSize; SecureBuffer DataAreaKey; + bool XtsKeyVulnerable; private: VolumeHeader (const VolumeHeader &); diff --git a/src/Volume/VolumeInfo.cpp b/src/Volume/VolumeInfo.cpp index 699e203f..f3b044b7 100644 --- a/src/Volume/VolumeInfo.cpp +++ b/src/Volume/VolumeInfo.cpp @@ -55,6 +55,7 @@ namespace VeraCrypt VirtualDevice = sr.DeserializeWString ("VirtualDevice"); sr.Deserialize ("VolumeCreationTime", VolumeCreationTime); sr.Deserialize ("Pim", Pim); + sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable); } bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr first, shared_ptr second) @@ -95,6 +96,7 @@ namespace VeraCrypt sr.Serialize ("VirtualDevice", wstring (VirtualDevice)); sr.Serialize ("VolumeCreationTime", VolumeCreationTime); sr.Serialize ("Pim", Pim); + sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable); } void VolumeInfo::Set (const Volume &volume) @@ -119,6 +121,7 @@ namespace VeraCrypt TotalDataRead = volume.GetTotalDataRead(); TotalDataWritten = volume.GetTotalDataWritten(); Pim = volume.GetPim (); + MasterKeyVulnerable = volume.IsMasterKeyVulnerable(); } TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo); diff --git a/src/Volume/VolumeInfo.h b/src/Volume/VolumeInfo.h index 1adc87e3..ad6c2ca4 100644 --- a/src/Volume/VolumeInfo.h +++ b/src/Volume/VolumeInfo.h @@ -61,7 +61,7 @@ namespace VeraCrypt DevicePath VirtualDevice; VolumeTime VolumeCreationTime; int Pim; - + bool MasterKeyVulnerable; private: VolumeInfo (const VolumeInfo &); VolumeInfo &operator= (const VolumeInfo &); -- cgit v1.2.3