Linux/MacOSX: Similar fix to Windows one. Write fake hidden volume header that is created from same data format as legitimate one in order to metigate attack that are able to detect the presence of TrueCrypt/VeraCrypt hidden volumes (reported by Ivanov Alexey Mikhailovich from Moscow, Russia)

2025-11-11 11:08:02 -06:00 · 2016-08-09 00:54:18 +02:00
parent 5b381ce7d7
commit f32f65d4f7
1 changed files with 57 additions and 6 deletions
--- a/src/Core/VolumeCreator.cpp
+++ b/src/Core/VolumeCreator.cpp
@@ -151,9 +151,37 @@ namespace VeraCrypt

 				if (Options->Type == VolumeType::Normal)
 				{
-					// Write random data to space reserved for hidden volume backup header
-					Core->RandomizeEncryptionAlgorithmKey (Options->EA);
-					Options->EA->Encrypt (backupHeader);
+					// Write fake random header to space reserved for hidden volume header
+					VolumeLayoutV2Hidden hiddenLayout;
+					shared_ptr <VolumeHeader> hiddenHeader (hiddenLayout.GetHeader());
+					SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize());
+
+					VolumeHeaderCreationOptions headerOptions;
+					headerOptions.EA = Options->EA;
+					headerOptions.Kdf = Options->VolumeHeaderKdf;
+					headerOptions.Type = VolumeType::Hidden;
+
+					headerOptions.SectorSize = Options->SectorSize;
+
+					headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - Options->Size;
+					headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (Options->Size);
+
+					// Master data key
+					SecureBuffer hiddenMasterKey(Options->EA->GetKeySize() * 2);
+					RandomNumberGenerator::GetData (hiddenMasterKey);
+					headerOptions.DataKey = hiddenMasterKey;
+
+					// PKCS5 salt
+					SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize());
+					RandomNumberGenerator::GetData (hiddenSalt);
+					headerOptions.Salt = hiddenSalt;
+
+					// Header key
+					SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
+					RandomNumberGenerator::GetData (hiddenHeaderKey);
+					headerOptions.HeaderKey = hiddenHeaderKey;
+
+					hiddenHeader->Create (backupHeader, headerOptions);

 					VolumeFile->Write (backupHeader);
 				}
@@ -295,9 +323,32 @@ namespace VeraCrypt

 			if (options->Type == VolumeType::Normal)
 			{
-				// Write random data to space reserved for hidden volume header
-				Core->RandomizeEncryptionAlgorithmKey (options->EA);
-				options->EA->Encrypt (headerBuffer);
+				// Write fake random header to space reserved for hidden volume header
+				VolumeLayoutV2Hidden hiddenLayout;
+				shared_ptr <VolumeHeader> hiddenHeader (hiddenLayout.GetHeader());
+				SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize());
+
+				headerOptions.Type = VolumeType::Hidden;
+
+				headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - options->Size;
+				headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (options->Size);
+
+				// Master data key
+				SecureBuffer hiddenMasterKey(options->EA->GetKeySize() * 2);
+				RandomNumberGenerator::GetData (hiddenMasterKey);
+				headerOptions.DataKey = hiddenMasterKey;
+
+				// PKCS5 salt
+				SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize());
+				RandomNumberGenerator::GetData (hiddenSalt);
+				headerOptions.Salt = hiddenSalt;
+
+				// Header key
+				SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
+				RandomNumberGenerator::GetData (hiddenHeaderKey);
+				headerOptions.HeaderKey = hiddenHeaderKey;
+
+				hiddenHeader->Create (headerBuffer, headerOptions);

 				VolumeFile->Write (headerBuffer);
 			}