Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Implement detection of volumes with vulnerable XTS master key.

Browse Source 
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
This commit is contained in:
Mounir IDRASSI
2024-08-02 00:20:53 +02:00
parent 6121ca0239
commit ed1263bf8c
24 changed files with 186 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Common/BootEncryption.cpp
View File

@@ -1462,6 +1462,7 @@ namespace VeraCrypt
/* IMPORTANT: Do NOT add any potentially time-consuming operations to this function. */
BootEncryptionStatus status;
memset (&status, 0, sizeof(status));
CallDriver (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, NULL, 0, &status, sizeof (status));
return status;
}
@@ -5401,6 +5402,10 @@ namespace VeraCrypt
int status = ReadVolumeHeader (!encStatus.HiddenSystem, header, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL);
finally_do_arg (PCRYPTO_INFO, cryptoInfo, { if (finally_arg) crypto_close (finally_arg); });
// if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed
if (cryptoInfo->bVulnerableMasterKey)
status = ERR_SYSENC_XTS_MASTERKEY_VULNERABLE;
if (status != 0)
{
handleError (hwndDlg, status, SRC_POS);