From f32f65d4f780f150f461ebd3cdc241f8711995eb Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 9 Aug 2016 00:54:18 +0200 Subject: Linux/MacOSX: Similar fix to Windows one. Write fake hidden volume header that is created from same data format as legitimate one in order to metigate attack that are able to detect the presence of TrueCrypt/VeraCrypt hidden volumes (reported by Ivanov Alexey Mikhailovich from Moscow, Russia) --- src/Core/VolumeCreator.cpp | 63 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 6 deletions(-) diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp index 94aba4bc..403e0c67 100644 --- a/src/Core/VolumeCreator.cpp +++ b/src/Core/VolumeCreator.cpp @@ -151,9 +151,37 @@ namespace VeraCrypt if (Options->Type == VolumeType::Normal) { - // Write random data to space reserved for hidden volume backup header - Core->RandomizeEncryptionAlgorithmKey (Options->EA); - Options->EA->Encrypt (backupHeader); + // Write fake random header to space reserved for hidden volume header + VolumeLayoutV2Hidden hiddenLayout; + shared_ptr hiddenHeader (hiddenLayout.GetHeader()); + SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize()); + + VolumeHeaderCreationOptions headerOptions; + headerOptions.EA = Options->EA; + headerOptions.Kdf = Options->VolumeHeaderKdf; + headerOptions.Type = VolumeType::Hidden; + + headerOptions.SectorSize = Options->SectorSize; + + headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - Options->Size; + headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (Options->Size); + + // Master data key + SecureBuffer hiddenMasterKey(Options->EA->GetKeySize() * 2); + RandomNumberGenerator::GetData (hiddenMasterKey); + headerOptions.DataKey = hiddenMasterKey; + + // PKCS5 salt + SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize()); + RandomNumberGenerator::GetData (hiddenSalt); + headerOptions.Salt = hiddenSalt; + + // Header key + SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize()); + RandomNumberGenerator::GetData (hiddenHeaderKey); + headerOptions.HeaderKey = hiddenHeaderKey; + + hiddenHeader->Create (backupHeader, headerOptions); VolumeFile->Write (backupHeader); } @@ -295,9 +323,32 @@ namespace VeraCrypt if (options->Type == VolumeType::Normal) { - // Write random data to space reserved for hidden volume header - Core->RandomizeEncryptionAlgorithmKey (options->EA); - options->EA->Encrypt (headerBuffer); + // Write fake random header to space reserved for hidden volume header + VolumeLayoutV2Hidden hiddenLayout; + shared_ptr hiddenHeader (hiddenLayout.GetHeader()); + SecureBuffer hiddenHeaderBuffer (hiddenLayout.GetHeaderSize()); + + headerOptions.Type = VolumeType::Hidden; + + headerOptions.VolumeDataStart = HostSize - hiddenLayout.GetHeaderSize() * 2 - options->Size; + headerOptions.VolumeDataSize = hiddenLayout.GetMaxDataSize (options->Size); + + // Master data key + SecureBuffer hiddenMasterKey(options->EA->GetKeySize() * 2); + RandomNumberGenerator::GetData (hiddenMasterKey); + headerOptions.DataKey = hiddenMasterKey; + + // PKCS5 salt + SecureBuffer hiddenSalt (VolumeHeader::GetSaltSize()); + RandomNumberGenerator::GetData (hiddenSalt); + headerOptions.Salt = hiddenSalt; + + // Header key + SecureBuffer hiddenHeaderKey (VolumeHeader::GetLargestSerializedKeySize()); + RandomNumberGenerator::GetData (hiddenHeaderKey); + headerOptions.HeaderKey = hiddenHeaderKey; + + hiddenHeader->Create (headerBuffer, headerOptions); VolumeFile->Write (headerBuffer); } -- cgit v1.2.3