Implement detection of volumes with vulnerable XTS master key.

If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.

src/Volume/Volume.h

@@ -114,6 +114,7 @@ namespace VeraCrypt
 		void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
 		void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
 		bool IsEncryptionNotCompleted () const { return EncryptionNotCompleted; }
+		bool IsMasterKeyVulnerable() const { return Header && Header->IsMasterKeyVulnerable(); }
 
 	protected:
 		void CheckProtectedRange (uint64 writeHostOffset, uint64 writeLength);

src/Volume/VolumeHeader.cpp

@@ -47,6 +47,7 @@ namespace VeraCrypt
 		EncryptedAreaLength = 0;
 		Flags = 0;
 		SectorSize = 0;
+		XtsKeyVulnerable = false;
 	}
 
 	void VolumeHeader::Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options)
@@ -62,6 +63,9 @@ namespace VeraCrypt
 		DataAreaKey.Zero();
 		DataAreaKey.CopyFrom (options.DataKey);
 
+		// check if the XTS key is vulnerable by comparing the two parts of the key
+		XtsKeyVulnerable = (memcmp (options.DataKey.Get() + options.EA->GetKeySize(), options.DataKey.Get(), options.EA->GetKeySize()) == 0);
+
 		VolumeCreationTime = 0;
 		HiddenVolumeDataSize = (options.Type == VolumeType::Hidden ? options.VolumeDataSize : 0);
 		VolumeDataSize = options.VolumeDataSize;
@@ -235,6 +239,9 @@ namespace VeraCrypt
 			ea->SetKeyXTS (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
             #endif
 			mode->SetKey (header.GetRange (offset + ea->GetKeySize(), ea->GetKeySize()));
+
+			// check if the XTS key is vulnerable by comparing the two parts of the key
+			XtsKeyVulnerable = (memcmp (DataAreaKey.Ptr() + ea->GetKeySize(), DataAreaKey.Ptr(), ea->GetKeySize()) == 0);
 		}
 		else
 		{

src/Volume/VolumeHeader.h

@@ -76,6 +76,7 @@ namespace VeraCrypt
 		uint64 GetVolumeDataSize () const { return VolumeDataSize; }
 		VolumeTime GetVolumeCreationTime () const { return VolumeCreationTime; }
 		void SetSize (uint32 headerSize);
+		bool IsMasterKeyVulnerable () const { return XtsKeyVulnerable; }
 
 	protected:
 		bool Deserialize (const ConstBufferPtr &header, shared_ptr <EncryptionAlgorithm> &ea, shared_ptr <EncryptionMode> &mode);
@@ -120,6 +121,7 @@ namespace VeraCrypt
 		uint32 SectorSize;
 
 		SecureBuffer DataAreaKey;
+		bool XtsKeyVulnerable;
 
 	private:
 		VolumeHeader (const VolumeHeader &);

src/Volume/VolumeInfo.cpp

@@ -55,6 +55,7 @@ namespace VeraCrypt
 		VirtualDevice = sr.DeserializeWString ("VirtualDevice");
 		sr.Deserialize ("VolumeCreationTime", VolumeCreationTime);
 		sr.Deserialize ("Pim", Pim);
+		sr.Deserialize ("MasterKeyVulnerable", MasterKeyVulnerable);
 	}
 
 	bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second)
@@ -95,6 +96,7 @@ namespace VeraCrypt
 		sr.Serialize ("VirtualDevice", wstring (VirtualDevice));
 		sr.Serialize ("VolumeCreationTime", VolumeCreationTime);
 		sr.Serialize ("Pim", Pim);
+		sr.Serialize ("MasterKeyVulnerable", MasterKeyVulnerable);
 	}
 
 	void VolumeInfo::Set (const Volume &volume)
@@ -119,6 +121,7 @@ namespace VeraCrypt
 		TotalDataRead = volume.GetTotalDataRead();
 		TotalDataWritten = volume.GetTotalDataWritten();
 		Pim = volume.GetPim ();
+		MasterKeyVulnerable = volume.IsMasterKeyVulnerable();
 	}
 
 	TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo);

src/Volume/VolumeInfo.h

@@ -61,7 +61,7 @@ namespace VeraCrypt
 		DevicePath VirtualDevice;
 		VolumeTime VolumeCreationTime;
 		int Pim;
-
+		bool MasterKeyVulnerable;
 	private:
 		VolumeInfo (const VolumeInfo &);
 		VolumeInfo &operator= (const VolumeInfo &);