Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-09 22:36:59 -05:00
Code Activity

Implement detection of volumes with vulnerable XTS master key.

Browse Source 
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
This commit is contained in:
Mounir IDRASSI
2024-08-02 00:20:53 +02:00
parent 6121ca0239
commit ed1263bf8c
24 changed files with 186 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Main/TextUserInterface.cpp
+27
View File
@@ -314,6 +314,7 @@ namespace VeraCrypt
hiddenVolumeMountOptions.EMVSupportEnabled = true;
VolumeType::Enum volumeType = VolumeType::Normal;
bool masterKeyVulnerable = false;
// Open both types of volumes
while (true)
@@ -387,6 +388,13 @@ namespace VeraCrypt
}
}
// check if volume master key is vulnerable
if (volume->IsMasterKeyVulnerable())
{
masterKeyVulnerable = true;
ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
if (volumeType == VolumeType::Hidden)
hiddenVolume = volume;
else
@@ -454,6 +462,10 @@ namespace VeraCrypt
ShowString (L"\n");
ShowInfo ("VOL_HEADER_BACKED_UP");
// display again warning that master key is vulnerable
if (masterKeyVulnerable)
ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
@@ -532,6 +544,12 @@ namespace VeraCrypt
break;
}
// display warning if volume master key is vulnerable
if (volume->IsMasterKeyVulnerable())
{
ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
// New password
if (!newPassword.get() && !Preferences.NonInteractive)
newPassword = AskPassword (_("Enter new password"), true);
@@ -1539,6 +1557,7 @@ namespace VeraCrypt
/* force the display of the random enriching interface */
RandomNumberGenerator::SetEnrichedByUserStatus (false);
bool masterKeyVulnerable = false;
if (restoreInternalBackup)
{
// Restore header from the internal backup
@@ -1586,6 +1605,8 @@ namespace VeraCrypt
throw_err (LangString ["VOLUME_HAS_NO_BACKUP_HEADER"]);
}
masterKeyVulnerable = volume->IsMasterKeyVulnerable();
RandomNumberGenerator::Start();
UserEnrichRandomPool();
@@ -1673,6 +1694,7 @@ namespace VeraCrypt
if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
{
decryptedLayout = layout;
masterKeyVulnerable = layout->GetHeader()->IsMasterKeyVulnerable();
break;
}
}
@@ -1723,6 +1745,11 @@ namespace VeraCrypt
ShowString (L"\n");
ShowInfo ("VOL_HEADER_RESTORED");
// display warning if the volume master key is vulnerable
if (masterKeyVulnerable)
{
ShowWarning ("ERR_XTS_MASTERKEY_VULNERABLE");
}
}
void TextUserInterface::SetTerminalEcho (bool enable)