Windows/Linux/macOS: implement AES hardware support on ARM64 (ARMv8)

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2025-01-17 00:58:54 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2025-01-17 00:58:54 +0100
commit: 54bd81999007b467420acab780c704c91bc1b057 (patch)
tree: fb2e3dbc899e6acd89f82406d6712508c015e1c8 /src/Driver
parent: c79f8102e094f512ac5c706fa30a2741d697b003 (diff)
download: VeraCrypt-54bd81999007b467420acab780c704c91bc1b057.tar.gz
VeraCrypt-54bd81999007b467420acab780c704c91bc1b057.zip
3 files changed, 17 insertions, 1 deletions
diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj
index aa920225..628e24a4 100644
--- a/src/Driver/Driver.vcxproj
+++ b/src/Driver/Driver.vcxproj
@@ -211,40 +211,44 @@ copy $(OutDir)veracrypt.inf "$(SolutionDir)Debug\Setup Files\veracrypt.inf"</Com
     <FilesToPackage Include="$(TargetPath)" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="..\Common\Cache.c" />
     <ClCompile Include="..\Common\Crc.c" />
     <ClCompile Include="..\Common\Crypto.c" />
     <ClCompile Include="..\Common\EncryptionThreadPool.c" />
     <ClCompile Include="..\Common\Endian.c" />
     <ClCompile Include="..\Common\GfMul.c" />
     <ClCompile Include="..\Common\Pkcs5.c" />
     <ClCompile Include="..\Common\Tests.c" />
     <ClCompile Include="..\Common\Volumes.c" />
     <ClCompile Include="..\Common\Wipe.c" />
     <ClCompile Include="..\Common\Xts.c" />
     <ClCompile Include="..\Crypto\Aescrypt.c">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="..\Crypto\Aeskey.c" />
     <ClCompile Include="..\Crypto\Aestab.c" />
+    <ClCompile Include="..\Crypto\Aes_hw_armv8.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\Crypto\blake2s.c" />
     <ClCompile Include="..\Crypto\blake2s_SSE2.c">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="..\Crypto\blake2s_SSE41.c">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="..\Crypto\blake2s_SSSE3.c">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>
     </ClCompile>
     <ClCompile Include="..\Crypto\Camellia.c" />
     <ClCompile Include="..\Crypto\chacha-xmm.c" />
     <ClCompile Include="..\Crypto\chacha256.c" />
     <ClCompile Include="..\Crypto\chachaRng.c" />
     <ClCompile Include="..\Crypto\cpu.c" />
     <ClCompile Include="..\Crypto\jitterentropy-base.c" />
     <ClCompile Include="..\Crypto\kuznyechik.c" />
diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters
index 478432fa..6f43b0e8 100644
--- a/src/Driver/Driver.vcxproj.filters
+++ b/src/Driver/Driver.vcxproj.filters
@@ -148,40 +148,43 @@
       <Filter>Crypto\Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\DriveFilter.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\DumpFilter.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\EncryptedIoQueue.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\Ntdriver.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\Ntvol.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="..\Driver\VolumeFilter.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\Crypto\Aes_hw_armv8.c">
+      <Filter>Crypto\Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\Common\Tcdefs.h">
       <Filter>Common</Filter>
     </ClInclude>
     <ClInclude Include="..\Crypto\Aes.h">
       <Filter>Crypto\Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\Crypto\Aesopt.h">
       <Filter>Crypto\Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\Crypto\AesSmall.h">
       <Filter>Crypto\Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\Crypto\Aestab.h">
       <Filter>Crypto\Header Files</Filter>
     </ClInclude>
     <ClInclude Include="..\Crypto\Aes_hw_cpu.h">
       <Filter>Crypto\Header Files</Filter>
     </ClInclude>
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index ab208019..6d218517 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -215,102 +215,111 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
 		iSeed = KeQueryPerformanceCounter (&iSeed2);
 		WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
 		WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
 
 		iSeed.QuadPart = KeQueryInterruptTimePrecise ((PULONG64)  & iSeed2.QuadPart);
 		WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
 		WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
 
 		/* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
 		if (0 == jent_entropy_init ())
 		{
 			struct rand_data *ec = jent_entropy_collector_alloc (1, 0);
 			if (ec)
 			{
 				ssize_t rndLen = jent_read_entropy (ec, (char*) digest, sizeof (digest));
 				if (rndLen > 0)
 					WHIRLPOOL_add (digest, (unsigned int) rndLen, &tctx);
 				jent_entropy_collector_free (ec);
 			}
 		}
-
+#ifndef _M_ARM64
 		// use RDSEED or RDRAND from CPU as source of entropy if enabled
 		if (	IsCpuRngEnabled() && 
 			(	(HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
 			||	(HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
 			))
 		{
 			WHIRLPOOL_add (digest, sizeof(digest), &tctx);
 		}
+#endif
 		WHIRLPOOL_finalize (&tctx, digest);
 
 		count = VC_MIN (cbRandSeed, sizeof (digest));
 
 		// copy digest value to seed buffer
 		memcpy (pbRandSeed, digest, count);
 		cbRandSeed -= count;
 		pbRandSeed += count;
 	}
 
 	FAST_ERASE64 (digest, sizeof (digest));
 	FAST_ERASE64 (&iSeed.QuadPart, 8);
 	FAST_ERASE64 (&iSeed2.QuadPart, 8);
 	burn (&tctx, sizeof(tctx));
 }
 
 
 NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 {
 	PKEY_VALUE_PARTIAL_INFORMATION startKeyValue;
 	LONG version;
 	int i;
 
 	Dump("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n");
 
+#ifndef _M_ARM64
 	DetectX86Features();
+#else
+	DetectArmFeatures();
+#endif
 
 	PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
 
 	Dump("OsMajorVersion=%d OsMinorVersion=%d\n", OsMajorVersion, OsMinorVersion);
 
 	// Load dump filter if the main driver is already loaded
 	if (NT_SUCCESS(TCDeviceIoControl(NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof(version))))
 		return DumpFilterEntry((PFILTER_EXTENSION)DriverObject, (PFILTER_INITIALIZATION_DATA)RegistryPath);
 
 	TCDriverObject = DriverObject;
 	memset(VirtualVolumeDeviceObjects, 0, sizeof(VirtualVolumeDeviceObjects));
 
 	ReadRegistryConfigFlags(TRUE);
 	EncryptionThreadPoolStart(EncryptionThreadPoolFreeCpuCountLimit);
 	SelfTestsPassed = AutoTestAlgorithms();
 
 	// Enable device class filters and load boot arguments if the driver is set to start at system boot
 
 	if (NT_SUCCESS(TCReadRegistryKey(RegistryPath, L"Start", &startKeyValue)))
 	{
 		if (startKeyValue->Type == REG_DWORD && *((uint32*)startKeyValue->Data) == SERVICE_BOOT_START)
 		{
 			if (!SelfTestsPassed)
 			{
 				// in case of system encryption, if self-tests fail, disable all extended CPU
 				// features and try again in order to workaround faulty configurations
+#ifndef _M_ARM64
 				DisableCPUExtendedFeatures();
+#else
+				EnableHwEncryption(FALSE);
+#endif
 				SelfTestsPassed = AutoTestAlgorithms();
 
 				// BUG CHECK if the self-tests still fail
 				if (!SelfTestsPassed)
 					TC_BUG_CHECK(STATUS_INVALID_PARAMETER);
 			}
 
 			LoadBootArguments(IsUefiBoot());
 			VolumeClassFilterRegistered = IsVolumeClassFilterRegistered();
 
 			DriverObject->DriverExtension->AddDevice = DriverAddDevice;
 		}
 
 		TCfree(startKeyValue);
 	}
 
 
 	if (RamEncryptionActivated)
 	{
 		if (t1ha_selfcheck__t1ha2() != 0)
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2025-01-17 00:58:54 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2025-01-17 00:58:54 +0100
commit	54bd81999007b467420acab780c704c91bc1b057 (patch)
tree	fb2e3dbc899e6acd89f82406d6712508c015e1c8 /src/Driver
parent	c79f8102e094f512ac5c706fa30a2741d697b003 (diff)
download	VeraCrypt-54bd81999007b467420acab780c704c91bc1b057.tar.gz VeraCrypt-54bd81999007b467420acab780c704c91bc1b057.zip