Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-19 02:56:07 -05:00
Code Activity

Implement detection of volumes with vulnerable XTS master key.

Browse Source 
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
This commit is contained in:
Mounir IDRASSI
2024-08-02 00:20:53 +02:00
parent 6121ca0239
commit ed1263bf8c
24 changed files with 186 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Driver/DriveFilter.c
+8 -1
View File
@@ -522,10 +522,16 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password,
if (ReadVolumeHeader (!hiddenVolume, header, password, pkcs5_prf, pim, &Extension->Queue.CryptoInfo, Extension->HeaderCryptoInfo) == 0)
{
// Header decrypted
// Header decrypted
status = STATUS_SUCCESS;
Dump ("Header decrypted\n");
if (Extension->HeaderCryptoInfo->bVulnerableMasterKey)
{
// The volume header master key is vulnerable
Dump ("The volume header master key is vulnerable\n");
}
// calculate Fingerprint
ComputeBootLoaderFingerprint (Extension->LowerDeviceObject, header);
@@ -2017,6 +2023,7 @@ void GetBootEncryptionStatus (PIRP irp, PIO_STACK_LOCATION irpSp)
bootEncStatus->ConfiguredEncryptedAreaStart = Extension->ConfiguredEncryptedAreaStart;
bootEncStatus->ConfiguredEncryptedAreaEnd = Extension->ConfiguredEncryptedAreaEnd;
bootEncStatus->EncryptedAreaStart = Extension->Queue.EncryptedAreaStart;
bootEncStatus->MasterKeyVulnerable = Extension->HeaderCryptoInfo->bVulnerableMasterKey;
if (SetupInProgress)
{