Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-15 00:56:07 -05:00
Code Activity

Implement detection of volumes with vulnerable XTS master key.

Browse Source 
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
This commit is contained in:
Mounir IDRASSI
2024-08-02 00:20:53 +02:00
parent 6121ca0239
commit ed1263bf8c
24 changed files with 186 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Mount/Mount.c
+32
View File
@@ -1259,6 +1259,20 @@ static BOOL SysEncryptionOrDecryptionRequired (void)
);
}
// Returns TRUE if system encryption master key is vulnerable
static BOOL SysEncryptionMasterKeyVulnerable (void)
{
try
{
BootEncStatus = BootEncObj->GetStatus();
return (BootEncStatus.DriveMounted || BootEncStatus.DriveEncrypted) && BootEncStatus.MasterKeyVulnerable;
}
catch (Exception &)
{
return FALSE;
}
}
// Returns TRUE if the system partition/drive is completely encrypted
static BOOL SysDriveOrPartitionFullyEncrypted (BOOL bSilent)
{
@@ -7435,10 +7449,12 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (!Quit) // Do not care about system encryption or in-place encryption if we were launched from the system startup sequence (the wizard was added to it too).
{
BOOL bActionPerformed = FALSE;
if (SysEncryptionOrDecryptionRequired ())
{
if (!MutexExistsOnSystem (TC_MUTEX_NAME_SYSENC)) // If no instance of the wizard is currently taking care of system encryption
{
bActionPerformed = TRUE;
// We shouldn't block the mutex at this point
if (SystemEncryptionStatus == SYSENC_STATUS_PRETEST
@@ -7465,7 +7481,17 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
BOOL bDecrypt = FALSE;
if (AskNonSysInPlaceEncryptionResume(hwndDlg, &bDecrypt) == IDYES)
{
bActionPerformed = TRUE;
ResumeInterruptedNonSysInplaceEncProcess (bDecrypt);
}
}
if (!bActionPerformed)
{
// display warning if the master key is vulnerable
if (SysEncryptionMasterKeyVulnerable())
WarningTopMost ("ERR_SYSENC_XTS_MASTERKEY_VULNERABLE", hwndDlg);
}
}
@@ -11447,6 +11473,12 @@ int RestoreVolumeHeader (HWND hwndDlg, const wchar_t *lpszVolume)
handleError (hwndDlg, nStatus, SRC_POS);
}
// display a warning if the master key is vulnerable
if (restoredCryptoInfo->bVulnerableMasterKey)
{
Warning ("ERR_XTS_MASTERKEY_VULNERABLE", hwndDlg);
}
BOOL hiddenVol = restoredCryptoInfo->hiddenVolume;
if (legacyBackup)