Linux/MacOSX: Similar fix to Windows one. Write fake hidden volume header that is created from same data format as legitimate one in order to metigate attack that are able to detect the presence of TrueCrypt/VeraCrypt hidden volumes (reported by Ivanov Alexey Mikhailovich from Moscow, Russia)

This commit is contained in:
Mounir IDRASSI 2016-08-09 00:54:18 +02:00
parent 5b381ce7d7
commit f32f65d4f7
No known key found for this signature in database
GPG Key ID: DD0C382D5FCFB8FC

View File

@ -151,9 +151,37 @@ namespace VeraCrypt
if (Options->Type == VolumeType::Normal)
{
// Write random data to space reserved for hidden volume backup header
Core->RandomizeEncryptionAlgorithmKey (Options->EA);
Options->EA->Encrypt (backupHeader);
// Write fake random header to space reserved for hidden volume header
VolumeLayoutV2Hidden hiddenLayout;
shared_ptr <VolumeHeader> hiddenHeader (hiddenLayout.GetHeader());
SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize());
VolumeHeaderCreationOptions headerOptions;
headerOptions.EA = Options->EA;
headerOptions.Kdf = Options->VolumeHeaderKdf;
headerOptions.Type = VolumeType::Hidden;
headerOptions.SectorSize = Options->SectorSize;
headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - Options->Size;
headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (Options->Size);
// Master data key
SecureBuffer hiddenMasterKey(Options->EA->GetKeySize() * 2);
RandomNumberGenerator::GetData (hiddenMasterKey);
headerOptions.DataKey = hiddenMasterKey;
// PKCS5 salt
SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize());
RandomNumberGenerator::GetData (hiddenSalt);
headerOptions.Salt = hiddenSalt;
// Header key
SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
RandomNumberGenerator::GetData (hiddenHeaderKey);
headerOptions.HeaderKey = hiddenHeaderKey;
hiddenHeader->Create (backupHeader, headerOptions);
VolumeFile->Write (backupHeader);
}
@ -295,9 +323,32 @@ namespace VeraCrypt
if (options->Type == VolumeType::Normal)
{
// Write random data to space reserved for hidden volume header
Core->RandomizeEncryptionAlgorithmKey (options->EA);
options->EA->Encrypt (headerBuffer);
// Write fake random header to space reserved for hidden volume header
VolumeLayoutV2Hidden hiddenLayout;
shared_ptr <VolumeHeader> hiddenHeader (hiddenLayout.GetHeader());
SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize());
headerOptions.Type = VolumeType::Hidden;
headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - options->Size;
headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (options->Size);
// Master data key
SecureBuffer hiddenMasterKey(options->EA->GetKeySize() * 2);
RandomNumberGenerator::GetData (hiddenMasterKey);
headerOptions.DataKey = hiddenMasterKey;
// PKCS5 salt
SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize());
RandomNumberGenerator::GetData (hiddenSalt);
headerOptions.Salt = hiddenSalt;
// Header key
SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize());
RandomNumberGenerator::GetData (hiddenHeaderKey);
headerOptions.HeaderKey = hiddenHeaderKey;
hiddenHeader->Create (headerBuffer, headerOptions);
VolumeFile->Write (headerBuffer);
}