Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: remove 32-bit logic from the code since we support only 64-bit. remove 32-bit EFI bootloader files.

Browse Source 
We also fix intermediary files folder for Portable and Setup projects
This commit is contained in:
Mounir IDRASSI
2024-11-16 01:05:15 +01:00
parent 489d3e3873
commit c86577fc0e
41 changed files with 131 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
src/Common/BootEncryption.cpp
View File

@@ -3332,53 +3332,29 @@ namespace VeraCrypt
}
}
DWORD sizeDcsBoot;
#ifdef _WIN64
uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);
#else
uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot);
#endif
if (!dcsBootImg)
throw ErrorException(L"Out of resource DcsBoot", SRC_POS);
DWORD sizeDcsInt;
#ifdef _WIN64
uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);
#else
uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt);
#endif
if (!dcsIntImg)
throw ErrorException(L"Out of resource DcsInt", SRC_POS);
DWORD sizeDcsCfg;
#ifdef _WIN64
uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);
#else
uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg);
#endif
if (!dcsCfgImg)
throw ErrorException(L"Out of resource DcsCfg", SRC_POS);
DWORD sizeLegacySpeaker;
#ifdef _WIN64
uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);
#else
uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker);
#endif
if (!LegacySpeakerImg)
throw ErrorException(L"Out of resource LegacySpeaker", SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
DWORD sizeBootMenuLocker;
#ifdef _WIN64
uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
#else
uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker);
#endif
if (!BootMenuLockerImg)
throw ErrorException(L"Out of resource DcsBml", SRC_POS);
#endif
DWORD sizeDcsInfo;
#ifdef _WIN64
uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
#else
uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo);
#endif
if (!DcsInfoImg)
throw ErrorException(L"Out of resource DcsInfo", SRC_POS);
@@ -3390,8 +3366,8 @@ namespace VeraCrypt
bool bAlreadyExist;
const char* g_szMsBootString = "bootmgfw.pdb";
unsigned __int64 loaderSize = 0;
const wchar_t * szStdEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\bootx64.efi": L"\\EFI\\Boot\\bootia32.efi";
const wchar_t * szBackupEfiBootloader = Is64BitOs()? L"\\EFI\\Boot\\original_bootx64.vc_backup": L"\\EFI\\Boot\\original_bootia32.vc_backup";
const wchar_t * szStdEfiBootloader = L"\\EFI\\Boot\\bootx64.efi";
const wchar_t * szBackupEfiBootloader = L"\\EFI\\Boot\\original_bootx64.vc_backup";
if (preserveUserConfig)
{
@@ -3547,10 +3523,7 @@ namespace VeraCrypt
// move the original bootloader backup from old location (if it exists) to new location
// we don't force the move operation if the new location already exists
if (Is64BitOs())
EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE);
else
EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootia32_vc_backup.efi", L"\\EFI\\Boot\\original_bootia32.vc_backup", FALSE);
EfiBootInst.RenameFile (L"\\EFI\\Boot\\original_bootx64_vc_backup.efi", L"\\EFI\\Boot\\original_bootx64.vc_backup", FALSE);
// Clean beta9
EfiBootInst.DelFile(L"\\DcsBoot.efi");
@@ -3729,61 +3702,33 @@ namespace VeraCrypt
{
// create EFI disk structure
DWORD sizeDcsBoot;
#ifdef _WIN64
uint8 *dcsBootImg = MapResource(L"BIN", IDR_EFI_DCSBOOT, &sizeDcsBoot);
#else
uint8 *dcsBootImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBOOT : IDR_EFI_DCSBOOT32, &sizeDcsBoot);
#endif
if (!dcsBootImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsInt;
#ifdef _WIN64
uint8 *dcsIntImg = MapResource(L"BIN", IDR_EFI_DCSINT, &sizeDcsInt);
#else
uint8 *dcsIntImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINT: IDR_EFI_DCSINT32, &sizeDcsInt);
#endif
if (!dcsIntImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsCfg;
#ifdef _WIN64
uint8 *dcsCfgImg = MapResource(L"BIN", IDR_EFI_DCSCFG, &sizeDcsCfg);
#else
uint8 *dcsCfgImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSCFG: IDR_EFI_DCSCFG32, &sizeDcsCfg);
#endif
if (!dcsCfgImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeLegacySpeaker;
#ifdef _WIN64
uint8 *LegacySpeakerImg = MapResource(L"BIN", IDR_EFI_LEGACYSPEAKER, &sizeLegacySpeaker);
#else
uint8 *LegacySpeakerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_LEGACYSPEAKER: IDR_EFI_LEGACYSPEAKER32, &sizeLegacySpeaker);
#endif
if (!LegacySpeakerImg)
throw ParameterIncorrect (SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
DWORD sizeBootMenuLocker;
#ifdef _WIN64
uint8 *BootMenuLockerImg = MapResource(L"BIN", IDR_EFI_DCSBML, &sizeBootMenuLocker);
#else
uint8 *BootMenuLockerImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSBML: IDR_EFI_DCSBML32, &sizeBootMenuLocker);
#endif
if (!BootMenuLockerImg)
throw ParameterIncorrect (SRC_POS);
#endif
DWORD sizeDcsRescue;
#ifdef _WIN64
uint8 *DcsRescueImg = MapResource(L"BIN", IDR_EFI_DCSRE, &sizeDcsRescue);
#else
uint8 *DcsRescueImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSRE: IDR_EFI_DCSRE32, &sizeDcsRescue);
#endif
if (!DcsRescueImg)
throw ParameterIncorrect (SRC_POS);
DWORD sizeDcsInfo;
#ifdef _WIN64
uint8 *DcsInfoImg = MapResource(L"BIN", IDR_EFI_DCSINFO, &sizeDcsInfo);
#else
uint8 *DcsInfoImg = MapResource(L"BIN", Is64BitOs()? IDR_EFI_DCSINFO: IDR_EFI_DCSINFO32, &sizeDcsInfo);
#endif
if (!DcsInfoImg)
throw ParameterIncorrect (SRC_POS);
@@ -3809,7 +3754,7 @@ namespace VeraCrypt
finally_do_arg (zip_t**, &z, { if (*finally_arg) zip_discard (*finally_arg);});
if (!ZipAdd (z, Is64BitOs()? "EFI/Boot/bootx64.efi": "EFI/Boot/bootia32.efi", DcsRescueImg, sizeDcsRescue))
if (!ZipAdd (z, "EFI/Boot/bootx64.efi", DcsRescueImg, sizeDcsRescue))
throw ParameterIncorrect (SRC_POS);
#ifdef VC_EFI_CUSTOM_MODE
if (!ZipAdd (z, "EFI/VeraCrypt/DcsBml.dcs", BootMenuLockerImg, sizeBootMenuLocker))
@@ -3858,7 +3803,7 @@ namespace VeraCrypt
sysBakFile.GetFileSize(fileSize);
fileBuf.Resize ((DWORD) fileSize);
DWORD sizeLoader = sysBakFile.Read (fileBuf.Ptr (), fileSize);
bLoadAdded = ZipAdd (z, Is64BitOs()? "EFI/Boot/original_bootx64.vc_backup": "EFI/Boot/original_bootia32.vc_backup", fileBuf.Ptr (), sizeLoader);
bLoadAdded = ZipAdd (z, "EFI/Boot/original_bootx64.vc_backup", fileBuf.Ptr (), sizeLoader);
}
catch (Exception &e)
{
@@ -4085,19 +4030,6 @@ namespace VeraCrypt
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootx64.vc_backup"
};
const wchar_t* efi32Files[] = {
L"EFI/Boot/bootia32.efi",
#ifdef VC_EFI_CUSTOM_MODE
L"EFI/VeraCrypt/DcsBml.dcs",
#endif
L"EFI/VeraCrypt/DcsBoot.efi",
L"EFI/VeraCrypt/DcsCfg.dcs",
L"EFI/VeraCrypt/DcsInt.dcs",
L"EFI/VeraCrypt/LegacySpeaker.dcs",
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootia32.vc_backup"
};
zip_error_t zerr;
zip_source_t* zsrc = zip_source_buffer_create (RescueZipData, RescueZipSize, 0, &zerr);
@@ -4126,8 +4058,8 @@ namespace VeraCrypt
&& !wcsncmp (szNameBuffer, L"FAT", 3))
{
int i;
const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files;
int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files);
const wchar_t** efiFiles = efi64Files;
int efiFilesSize = ARRAYSIZE(efi64Files);
for (i = 0; i < efiFilesSize; i++)
{
bool bMatch = false;
@@ -4280,25 +4212,12 @@ namespace VeraCrypt
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootx64.vc_backup"
};
const wchar_t* efi32Files[] = {
L"EFI/Boot/bootia32.efi",
#ifdef VC_EFI_CUSTOM_MODE
L"EFI/VeraCrypt/DcsBml.dcs",
#endif
L"EFI/VeraCrypt/DcsBoot.efi",
L"EFI/VeraCrypt/DcsCfg.dcs",
L"EFI/VeraCrypt/DcsInt.dcs",
L"EFI/VeraCrypt/LegacySpeaker.dcs",
L"EFI/VeraCrypt/svh_bak",
L"EFI/Boot/original_bootia32.vc_backup"
};
int i;
zip_stat_t statMem, statFile;
zip_int64_t indexMem, indexFile;
const wchar_t** efiFiles = Is64BitOs()? efi64Files: efi32Files;
int efiFilesSize = Is64BitOs()? ARRAYSIZE(efi64Files): ARRAYSIZE(efi32Files);
const wchar_t** efiFiles = efi64Files;
int efiFilesSize = ARRAYSIZE(efi64Files);
for (i = 0; i < efiFilesSize; i++)
{
bool bMatch = false;
@@ -4573,10 +4492,7 @@ namespace VeraCrypt
EfiBootInst.DeleteStartExec();
EfiBootInst.DeleteStartExec(0xDC5B, L"Driver"); // remove DcsBml boot driver it was installed
if (Is64BitOs())
EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
else
EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootia32.vc_backup", L"\\EFI\\Boot\\bootia32.efi", TRUE);
EfiBootInst.RenameFile(L"\\EFI\\Boot\\original_bootx64.vc_backup", L"\\EFI\\Boot\\bootx64.efi", TRUE);
if (!EfiBootInst.RenameFile(L"\\EFI\\Microsoft\\Boot\\bootmgfw_ms.vc", L"\\EFI\\Microsoft\\Boot\\bootmgfw.efi", TRUE))
{

32
src/Common/Cache.c
View File

@@ -24,8 +24,6 @@ int CachedPim[CACHE_SIZE];
int cacheEmpty = 1;
static int nPasswordIdx = 0;
#ifdef _WIN64
uint64 VcGetPasswordEncryptionID (Password* pPassword)
{
return ((uint64) pPassword->Text) + ((uint64) pPassword);
@@ -41,8 +39,6 @@ void VcUnprotectPassword (Password* pPassword, uint64 encID)
VcProtectPassword (pPassword, encID);
}
#endif
int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned char *header, Password *password, int pkcs5_prf, int pim, PCRYPTO_INFO *retInfo)
{
int nReturnCode = ERR_PASSWORD_WRONG;
@@ -56,37 +52,29 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
/* Save mount passwords back into cache if asked to do so */
if (bCache && (nReturnCode == 0 || nReturnCode == ERR_CIPHER_INIT_WEAK_KEY))
{
#ifdef _WIN64
Password tmpPass;
#endif
for (i = 0; i < CACHE_SIZE; i++)
{
Password* pCurrentPassword = &CachedPasswords[i];
#ifdef _WIN64
if (IsRamEncryptionEnabled())
{
memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
pCurrentPassword = &tmpPass;
}
#endif
if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)
break;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled())
burn (&tmpPass, sizeof (Password));
#endif
if (i == CACHE_SIZE)
{
/* Store the password */
CachedPasswords[nPasswordIdx] = *password;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
#endif
/* Store also PIM if requested, otherwise set to default */
if (bCachePim && (pim > 0))
@@ -107,21 +95,18 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
}
else if (!cacheEmpty)
{
#ifdef _WIN64
Password tmpPass;
#endif
/* Attempt to recognize volume using cached passwords */
for (i = 0; i < CACHE_SIZE; i++)
{
Password* pCurrentPassword = &CachedPasswords[i];
#ifdef _WIN64
if (IsRamEncryptionEnabled())
{
memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
pCurrentPassword = &tmpPass;
}
#endif
if ((pCurrentPassword->Length > 0) && (pCurrentPassword->Length <= (unsigned int) ((bBoot? MAX_LEGACY_PASSWORD: MAX_PASSWORD))))
{
if (pim == -1)
@@ -134,10 +119,10 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
break;
}
}
#ifdef _WIN64
if (IsRamEncryptionEnabled())
burn (&tmpPass, sizeof (Password));
#endif
}
return nReturnCode;
@@ -146,21 +131,18 @@ int ReadVolumeHeaderWCache (BOOL bBoot, BOOL bCache, BOOL bCachePim, unsigned ch
void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
{
#ifdef _WIN64
Password tmpPass;
#endif
int i;
for (i = 0; i < CACHE_SIZE; i++)
{
Password* pCurrentPassword = &CachedPasswords[i];
#ifdef _WIN64
if (IsRamEncryptionEnabled())
{
memcpy (&tmpPass, pCurrentPassword, sizeof (Password));
VcUnprotectPassword (&tmpPass, VcGetPasswordEncryptionID (pCurrentPassword));
pCurrentPassword = &tmpPass;
}
#endif
if (memcmp (pCurrentPassword, password, sizeof (Password)) == 0)
break;
}
@@ -168,10 +150,9 @@ void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
if (i == CACHE_SIZE)
{
CachedPasswords[nPasswordIdx] = *password;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectPassword (&CachedPasswords[nPasswordIdx], VcGetPasswordEncryptionID (&CachedPasswords[nPasswordIdx]));
#endif
/* Store also PIM if requested, otherwise set to default */
if (bCachePim && (pim > 0))
CachedPim[nPasswordIdx] = pim;
@@ -184,10 +165,9 @@ void AddPasswordToCache (Password *password, int pim, BOOL bCachePim)
{
CachedPim[i] = pim > 0? pim : 0;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled())
burn (&tmpPass, sizeof (Password));
#endif
}
void AddLegacyPasswordToCache (PasswordLegacy *password, int pim)

7
src/Common/Cmdline.c
View File

@@ -51,12 +51,7 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
*tmp = 0;
StringCchCopyW (tmp, 8192, L"VeraCrypt " _T(VERSION_STRING) _T(VERSION_STRING_SUFFIX));
#ifdef _WIN64
StringCchCatW (tmp, 8192, L" (64-bit)");
#else
StringCchCatW (tmp, 8192, L" (32-bit)");
#endif
StringCchCopyW (tmp, 8192, L"VeraCrypt " _T(VERSION_STRING) _T(VERSION_STRING_SUFFIX) L" (64-bit)");
#if (defined(_DEBUG) || defined(DEBUG))
StringCchCatW (tmp, 8192, L" (debug)");
#endif

11
src/Common/Common.rc
View File

@@ -565,17 +565,6 @@ IDR_EFI_DCSBML BIN "..\\Boot\\EFI\\DcsBml.efi"
#endif
IDR_EFI_DCSRE BIN "..\\Boot\\EFI\\DcsRe.efi"
IDR_EFI_DCSINFO BIN "..\\Boot\\EFI\\DcsInfo.efi"
#ifndef WIN64
IDR_EFI_DCSBOOT32 BIN "..\\Boot\\EFI\\DcsBoot32.efi"
IDR_EFI_DCSINT32 BIN "..\\Boot\\EFI\\DcsInt32.efi"
IDR_EFI_DCSCFG32 BIN "..\\Boot\\EFI\\DcsCfg32.efi"
IDR_EFI_LEGACYSPEAKER32 BIN "..\\Boot\\EFI\\LegacySpeaker32.efi"
#ifdef VC_EFI_CUSTOM_MODE
IDR_EFI_DCSBML32 BIN "..\\Boot\\EFI\\DcsBml32.efi"
#endif
IDR_EFI_DCSRE32 BIN "..\\Boot\\EFI\\DcsRe32.efi"
IDR_EFI_DCSINFO32 BIN "..\\Boot\\EFI\\DcsInfo32.efi"
#endif
#endif
/////////////////////////////////////////////////////////////////////////////
//

51
src/Common/Crypto.c
View File

@@ -193,8 +193,7 @@ void EncipherBlock(int cipher, void *data, void *ks)
switch (cipher)
{
case AES:
// In 32-bit kernel mode, due to KeSaveFloatingPointState() overhead, AES instructions can be used only when processing the whole data unit.
#if (defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)) && !defined (TC_WINDOWS_BOOT)
#if !defined (TC_WINDOWS_BOOT)
if (IsAesHwCpuSupported())
aes_hw_cpu_encrypt (ks, data);
else
@@ -221,16 +220,10 @@ void EncipherBlock(int cipher, void *data, void *ks)
void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
{
uint8 *data = dataPtr;
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
#endif
if (cipher == AES
&& (blockCount & (32 - 1)) == 0
&& IsAesHwCpuSupported()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
while (blockCount > 0)
@@ -241,24 +234,15 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
blockCount -= 32;
}
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#ifndef WOLFCRYPT_BACKEND
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == SERPENT
&& (blockCount >= 4)
&& HasSSE2()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
serpent_encrypt_blocks (data, data, blockCount, ks);
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#endif
#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
@@ -272,15 +256,9 @@ void EncipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == KUZNYECHIK
&& HasSSE2()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& (blockCount >= 4) && NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
kuznyechik_encrypt_blocks (data, data, blockCount, ks);
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#endif
#endif
@@ -316,11 +294,9 @@ void DecipherBlock(int cipher, void *data, void *ks)
#ifndef TC_WINDOWS_BOOT
case AES:
#if defined (_WIN64) || !defined (TC_WINDOWS_DRIVER)
if (IsAesHwCpuSupported())
aes_hw_cpu_decrypt ((uint8 *) ks + sizeof (aes_encrypt_ctx), data);
else
#endif
aes_decrypt (data, data, (void *) ((char *) ks + sizeof(aes_encrypt_ctx)));
break;
@@ -336,16 +312,10 @@ void DecipherBlock(int cipher, void *data, void *ks)
void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
{
uint8 *data = dataPtr;
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KFLOATING_SAVE floatingPointState;
#endif
if (cipher == AES
&& (blockCount & (32 - 1)) == 0
&& IsAesHwCpuSupported()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
while (blockCount > 0)
@@ -356,24 +326,15 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
blockCount -= 32;
}
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#ifndef WOLFCRYPT_BACKEND
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == SERPENT
&& (blockCount >= 4)
&& HasSSE2()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
serpent_decrypt_blocks (data, data, blockCount, ks);
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#endif
#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)
@@ -387,15 +348,9 @@ void DecipherBlocks (int cipher, void *dataPtr, void *ks, size_t blockCount)
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined (_UEFI)
else if (cipher == KUZNYECHIK
&& HasSSE2()
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
&& (blockCount >= 4) && NT_SUCCESS (KeSaveFloatingPointState (&floatingPointState))
#endif
)
{
kuznyechik_decrypt_blocks (data, data, blockCount, ks);
#if defined (TC_WINDOWS_DRIVER) && !defined (_WIN64)
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#endif
#endif
@@ -1260,14 +1215,10 @@ BOOL IsCpuRngEnabled ()
BOOL IsRamEncryptionSupported ()
{
#ifdef _WIN64
if (t1ha_selfcheck__t1ha2() == 0)
return TRUE;
else
return FALSE;
#else
return FALSE;
#endif
}
void EnableRamEncryption (BOOL enable)

4
src/Common/Crypto.h
View File

@@ -208,9 +208,7 @@ typedef struct
# include "Camellia.h"
#if !defined (_UEFI)
# include "chachaRng.h"
# ifdef _WIN64
# include "t1ha.h"
# endif
#endif
#else
# include "CamelliaSmall.h"
@@ -386,7 +384,7 @@ void DecryptDataUnitsCurrentThread (unsigned __int8 *buf, const UINT64_STRUCT *s
void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
void DecryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo);
#if defined(_WIN64) && !defined (_UEFI)
#if !defined (TC_WINDOWS_BOOT) && !defined (_UEFI)
BOOL InitializeSecurityParameters(GetRandSeedFn rngCallback);
void ClearSecurityParameters();
#ifdef TC_WINDOWS_DRIVER

56
src/Common/Dlgcode.c
View File

@@ -2126,12 +2126,8 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam
// Version
SendMessage (GetDlgItem (hwndDlg, IDT_ABOUT_VERSION), WM_SETFONT, (WPARAM) hUserBoldFont, 0);
StringCbPrintfW (szTmp, sizeof(szTmp), L"VeraCrypt %s", _T(VERSION_STRING) _T(VERSION_STRING_SUFFIX));
#ifdef _WIN64
StringCbCatW (szTmp, sizeof(szTmp), L" (64-bit)");
#else
StringCbCatW (szTmp, sizeof(szTmp), L" (32-bit)");
#endif
StringCbPrintfW (szTmp, sizeof(szTmp), L"VeraCrypt %s", _T(VERSION_STRING) _T(VERSION_STRING_SUFFIX) L" (64-bit)");
#if (defined(_DEBUG) || defined(DEBUG))
StringCbCatW (szTmp, sizeof(szTmp), L" (debug)");
#endif
@@ -3602,6 +3598,12 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
AbortProcessDirect(L"VeraCrypt requires at least Windows 10 to run.");
}
if (!Is64BitOs())
{
// abort using a message that says that VeraCrypt can run only on 64-bit Windows
AbortProcessDirect(L"VeraCrypt requires a 64-bit version of Windows to run.");
}
SetDefaultDllDirectoriesFn = (SetDefaultDllDirectoriesPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDefaultDllDirectories");
if (!SetDefaultDllDirectoriesFn)
{
@@ -3787,14 +3789,14 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
InitHelpFileName ();
#ifndef SETUP
#ifdef _WIN64
EnableRamEncryption ((ReadDriverConfigurationFlags() & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE);
if (IsRamEncryptionEnabled())
{
if (!InitializeSecurityParameters(GetAppRandomSeed))
AbortProcess("OUTOFMEMORY");
}
#endif
if (!EncryptionThreadPoolStart (ReadEncryptionThreadPoolFreeCpuCountLimit()))
{
handleWin32Error (NULL, SRC_POS);
@@ -4864,7 +4866,7 @@ static int DriverLoad ()
else
*tmp = 0;
StringCbCatW (driverPath, sizeof(driverPath), !Is64BitOs () ? L"\\veracrypt.sys" : IsARM()? L"\\veracrypt-arm64.sys" : L"\\veracrypt-x64.sys");
StringCbCatW (driverPath, sizeof(driverPath), IsARM()? L"\\veracrypt-arm64.sys" : L"\\veracrypt-x64.sys");
file = FindFirstFile (driverPath, &find);
@@ -6322,19 +6324,11 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
{
if (thid == SHA256)
{
#ifdef _WIN64
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 26);
#else
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 24);
#endif
}
else
{
#ifdef _WIN64
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 21) / 5;
#else
benchmarkTable[benchmarkTotalItems].meanBytesPerSec = (benchmarkTable[benchmarkTotalItems].meanBytesPerSec * 18) / 5;
#endif
}
}
}
@@ -6357,10 +6351,8 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
if (EAInitMode (ci, ci->k2))
{
int i;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectKeys (ci, VcGetEncryptionID (ci));
#endif
for (i = 0; i < 10; i++)
{
@@ -6382,10 +6374,8 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
if (!EAInitMode (ci, ci->k2))
goto counter_error;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectKeys (ci, VcGetEncryptionID (ci));
#endif
if (QueryPerformanceCounter (&performanceCountStart) == 0)
goto counter_error;
@@ -10198,7 +10188,7 @@ std::wstring GetServiceConfigPath (const wchar_t *fileName, bool useLegacy)
{
wchar_t sysPath[TC_MAX_PATH];
if (Is64BitOs() && useLegacy)
if (useLegacy)
{
typedef UINT (WINAPI *GetSystemWow64Directory_t) (LPWSTR lpBuffer, UINT uSize);
@@ -11098,8 +11088,7 @@ std::wstring GetWindowsEdition ()
else if (wcsstr(productName, L"Basic") != 0)
osname += L"-basic";
if (Is64BitOs())
osname += IsARM() ? L"-arm64" : L"-x64";
osname += IsARM() ? L"-arm64" : L"-x64";
if (CurrentOSServicePack > 0)
{
@@ -14237,17 +14226,14 @@ void GetInstallationPath (HWND hwndDlg, wchar_t* szInstallPath, DWORD cchSize, B
SHGetSpecialFolderLocation (hwndDlg, CSIDL_PROGRAM_FILES, &itemList);
SHGetPathFromIDList (itemList, path);
if (Is64BitOs())
// Use a unified default installation path (registry redirection of %ProgramFiles% does not work if the installation path is user-selectable)
wstring s = path;
size_t p = s.find (L" (x86)");
if (p != wstring::npos)
{
// Use a unified default installation path (registry redirection of %ProgramFiles% does not work if the installation path is user-selectable)
wstring s = path;
size_t p = s.find (L" (x86)");
if (p != wstring::npos)
{
s = s.substr (0, p);
if (_waccess (s.c_str(), 0) != -1)
StringCbCopyW (path, sizeof (path), s.c_str());
}
s = s.substr (0, p);
if (_waccess (s.c_str(), 0) != -1)
StringCbCopyW (path, sizeof (path), s.c_str());
}
StringCbCatW (path, sizeof(path), L"\\VeraCrypt\\");
@@ -14820,7 +14806,7 @@ void SafeOpenURL (LPCWSTR szUrl)
}
}
#if !defined(SETUP) && defined(_WIN64)
#if !defined(SETUP)
#define RtlGenRandom SystemFunction036
extern "C" BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);

2
src/Common/Dlgcode.h
View File

@@ -594,7 +594,7 @@ BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter);
BOOL IsTestSigningModeEnabled ();
DWORD SendServiceNotification (DWORD dwNotificationCmd);
DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize);
#ifdef _WIN64
#if !defined(SETUP)
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
#endif
BOOL IsInternetConnected();

6
src/Common/EncryptionThreadPool.c
View File

@@ -143,7 +143,6 @@ static TC_MUTEX DequeueMutex;
static TC_EVENT WorkItemReadyEvent;
static TC_EVENT WorkItemCompletedEvent;
#if defined(_WIN64)
void EncryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)
{
if (IsRamEncryptionEnabled())
@@ -176,11 +175,6 @@ void DecryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT
DecryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, ci);
}
#else
#define EncryptDataUnitsCurrentThreadEx EncryptDataUnitsCurrentThread
#define DecryptDataUnitsCurrentThreadEx DecryptDataUnitsCurrentThread
#endif
static WorkItemState GetWorkItemState (EncryptionThreadPoolWorkItem *workItem)
{
return InterlockedExchangeAdd ((LONG *) &workItem->State, 0);

2
src/Common/Fat.c
View File

@@ -445,10 +445,8 @@ FormatFat (void* hwndDlgPtr, unsigned __int64 startSector, fatparams * ft, void
return ERR_MODE_INIT_FAILED;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
#endif
x = ft->num_sectors - ft->reserved - ft->size_root_dir / ft->sector_size - ft->fat_length * 2;
while (x--)

22
src/Common/Format.c
View File

@@ -100,10 +100,8 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
LARGE_INTEGER offset;
BOOL bFailedRequiredDASD = FALSE;
HWND hwndDlg = volParams->hwndDlg;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
PCRYPTO_INFO cryptoInfoBackup = NULL;
#endif
FormatSectorSize = volParams->sectorSize;
@@ -175,12 +173,10 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
return nStatus? nStatus : ERR_OUTOFMEMORY;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
}
#endif
begin_format:
@@ -640,7 +636,6 @@ begin_format:
goto error;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
@@ -649,7 +644,6 @@ begin_format:
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
nStatus = CreateVolumeHeaderInMemory (hwndDlg, FALSE,
header,
@@ -669,14 +663,12 @@ begin_format:
FormatSectorSize,
FALSE);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
if (!WriteEffectiveVolumeHeader (volParams->bDevice, dev, header))
{
@@ -689,7 +681,6 @@ begin_format:
{
BOOL bUpdateBackup = FALSE;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
@@ -698,18 +689,15 @@ begin_format:
cryptoInfoBackup = cryptoInfo;
cryptoInfo = &tmpCI;
}
#endif
nStatus = WriteRandomDataToReservedHeaderAreas (hwndDlg, dev, cryptoInfo, dataAreaSize, FALSE, FALSE);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
cryptoInfo = cryptoInfoBackup;
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
if (nStatus != ERR_SUCCESS)
goto error;
@@ -915,9 +903,7 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, unsigned __int64 num
LARGE_INTEGER startOffset;
LARGE_INTEGER newOffset;
#ifdef _WIN64
CRYPTO_INFO tmpCI;
#endif
// Seek to start sector
startOffset.QuadPart = startSector * FormatSectorSize;
@@ -936,7 +922,6 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, unsigned __int64 num
memset (sector, 0, sizeof (sector));
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
VirtualLock (&tmpCI, sizeof (tmpCI));
@@ -944,7 +929,6 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, unsigned __int64 num
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (cryptoInfo));
cryptoInfo = &tmpCI;
}
#endif
// Remember the original secondary key (XTS mode) before generating a temporary one
memcpy (originalK2, cryptoInfo->k2, sizeof (cryptoInfo->k2));
@@ -975,10 +959,8 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, unsigned __int64 num
goto fail;
}
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectKeys (cryptoInfo, VcGetEncryptionID (cryptoInfo));
#endif
while (num_sectors--)
{
@@ -1051,13 +1033,11 @@ int FormatNoFs (HWND hwndDlg, unsigned __int64 startSector, unsigned __int64 num
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
return 0;
@@ -1069,13 +1049,11 @@ fail:
VirtualUnlock (temporaryKey, sizeof (temporaryKey));
VirtualUnlock (originalK2, sizeof (originalK2));
TCfree (write_buf);
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
{
burn (&tmpCI, sizeof (CRYPTO_INFO));
VirtualUnlock (&tmpCI, sizeof (tmpCI));
}
#endif
SetLastError (err);
return (retVal ? retVal : ERR_OS_ERROR);

4
src/Common/Random.c
View File

@@ -43,11 +43,7 @@ static HANDLE PeriodicFastPollThreadHandle = NULL;
/* Macro to add four bytes to the pool */
#define RandaddInt32(x) RandAddInt((unsigned __int32)x);
#ifdef _WIN64
#define RandaddIntPtr(x) RandAddInt64((unsigned __int64)x);
#else
#define RandaddIntPtr(x) RandAddInt((unsigned __int32)x);
#endif
void RandAddInt (unsigned __int32 x)
{

7
src/Common/Resource.h
View File

@@ -73,14 +73,7 @@
#define IDR_EFI_LEGACYSPEAKER 569
#define IDR_EFI_DCSBML 570
#define IDR_EFI_DCSRE 571
#define IDR_EFI_DCSBOOT32 572
#define IDR_EFI_DCSINT32 573
#define IDR_EFI_DCSCFG32 574
#define IDR_EFI_LEGACYSPEAKER32 575
#define IDR_EFI_DCSBML32 576
#define IDR_EFI_DCSRE32 577
#define IDR_EFI_DCSINFO 578
#define IDR_EFI_DCSINFO32 579
#define IDC_HW_AES_LABEL_LINK 5000
#define IDC_HW_AES 5001
#define IDC_PARALLELIZATION_LABEL_LINK 5002

2
src/Common/Tests.c
View File

@@ -725,10 +725,8 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
if (!EAInitMode (ci, key2))
return FALSE;
#ifdef _WIN64
if (IsRamEncryptionEnabled ())
VcProtectKeys (ci, VcGetEncryptionID (ci));
#endif
// Each data unit will contain the same plaintext
for (i = 0; i < nbrUnits; i++)

10
src/Common/Volumes.c
View File

@@ -559,21 +559,11 @@ KeyReady: ;
#ifdef TC_WINDOWS_DRIVER
{
blake2s_state ctx;
#ifndef _WIN64
NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
KFLOATING_SAVE floatingPointState;
if (HasSSE2())
saveStatus = KeSaveFloatingPointState (&floatingPointState);
#endif
blake2s_init (&ctx);
blake2s_update (&ctx, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);
blake2s_update (&ctx, header, sizeof(header));
blake2s_final (&ctx, cryptoInfo->master_keydata_hash);
burn(&ctx, sizeof (ctx));
#ifndef _WIN64
if (NT_SUCCESS (saveStatus))
KeRestoreFloatingPointState (&floatingPointState);
#endif
}
#else
memcpy (cryptoInfo->master_keydata, keyInfo->master_keydata, MASTER_KEYDATA_SIZE);