diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-26 00:33:18 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:24:19 +0100 |
commit | c1378f781aaaa4d9e57c0a383cded7173bde7663 (patch) | |
tree | 9d4e7e86c93a8e86a839bd95b233682cd56bdf64 /src | |
parent | c61f8c70de2179a27f7c40c80b65ce1ee5253286 (diff) | |
download | VeraCrypt-c1378f781aaaa4d9e57c0a383cded7173bde7663.tar.gz VeraCrypt-c1378f781aaaa4d9e57c0a383cded7173bde7663.zip |
Bootloader: optimize code size in single cipher mode by manually inlining EAInit, EAGetFirst and EAGetKeySize, and by removing the loop in ReadVolumeHeader that tests for encryption algorithms.
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/Crypto.c | 27 | ||||
-rw-r--r-- | src/Common/Crypto.h | 4 | ||||
-rw-r--r-- | src/Common/Volumes.c | 56 |
3 files changed, 61 insertions, 26 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index 9fc69022..e47f9565 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -965,20 +965,11 @@ void DecipherBlock(int cipher, void *data, void *ks) #endif
}
-int EAGetFirst ()
-{
- return 1;
-}
-
-int EAGetNext (int previousEA)
-{
- return 0;
-}
-int EAInit (int ea, unsigned char *key, unsigned __int8 *ks)
-{
#ifdef TC_WINDOWS_BOOT_AES
+int EAInit (unsigned char *key, unsigned __int8 *ks)
+{
aes_init();
if (aes_encrypt_key256 (key, (aes_encrypt_ctx *) ks) != EXIT_SUCCESS)
@@ -986,23 +977,11 @@ int EAInit (int ea, unsigned char *key, unsigned __int8 *ks) if (aes_decrypt_key256 (key, (aes_decrypt_ctx *) (ks + sizeof (aes_encrypt_ctx))) != EXIT_SUCCESS)
return ERR_CIPHER_INIT_FAILURE;
-#elif defined (TC_WINDOWS_BOOT_SERPENT)
- serpent_set_key (key, ks);
-#elif defined (TC_WINDOWS_BOOT_TWOFISH)
- twofish_set_key ((TwofishInstance *)ks, (const u4byte *)key);
-#endif
return ERR_SUCCESS;
}
-int EAGetKeySize (int ea)
-{
- return 32;
-}
+#endif
-int EAGetFirstCipher (int ea)
-{
- return 1;
-}
void EncryptBuffer (unsigned __int8 *buf, TC_LARGEST_COMPILER_UINT len, PCRYPTO_INFO cryptoInfo)
{
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index 7875e1a5..a6ed56d2 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -259,7 +259,11 @@ const char * CipherGetName (int cipher);
int CipherInit (int cipher, unsigned char *key, unsigned char *ks);
+#ifndef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
int EAInit (int ea, unsigned char *key, unsigned char *ks);
+#else
+int EAInit (unsigned char *key, unsigned char *ks);
+#endif
BOOL EAInitMode (PCRYPTO_INFO ci);
void EncipherBlock(int cipher, void *data, void *ks);
void DecipherBlock(int cipher, void *data, void *ks);
diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 2b7b01ab..ef00728b 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -558,7 +558,7 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO #endif
PCRYPTO_INFO cryptoInfo;
- int status;
+ int status = ERR_SUCCESS;
if (retHeaderCryptoInfo != NULL)
cryptoInfo = retHeaderCryptoInfo;
@@ -577,15 +577,40 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO // Mode of operation
cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID;
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ cryptoInfo->ea = 1;
+#else
// Test all available encryption algorithms
for (cryptoInfo->ea = EAGetFirst (); cryptoInfo->ea != 0; cryptoInfo->ea = EAGetNext (cryptoInfo->ea))
+#endif
{
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ #if defined (TC_WINDOWS_BOOT_SERPENT)
+ serpent_set_key (dk, cryptoInfo->ks);
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) dk);
+ #else
+ status = EAInit (dk, cryptoInfo->ks);
+ if (status == ERR_CIPHER_INIT_FAILURE)
+ goto err;
+ #endif
+#else
status = EAInit (cryptoInfo->ea, dk, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE)
goto err;
-
+#endif
// Secondary key schedule
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ #if defined (TC_WINDOWS_BOOT_SERPENT)
+ serpent_set_key (dk + 32, cryptoInfo->ks2);
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (dk + 32));
+ #else
+ EAInit (dk + 32, cryptoInfo->ks2);
+ #endif
+#else
EAInit (cryptoInfo->ea, dk + EAGetKeySize (cryptoInfo->ea), cryptoInfo->ks2);
+#endif
// Try to decrypt header
DecryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
@@ -596,7 +621,12 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO || GetHeaderField32 (header, TC_HEADER_OFFSET_KEY_AREA_CRC) != GetCrc32 (header + HEADER_MASTER_KEYDATA_OFFSET, MASTER_KEYDATA_SIZE))
{
EncryptBuffer (header + HEADER_ENCRYPTED_DATA_OFFSET, HEADER_ENCRYPTED_DATA_SIZE, cryptoInfo);
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ status = ERR_PASSWORD_WRONG;
+ goto err;
+#else
continue;
+#endif
}
// Header decrypted
@@ -629,12 +659,34 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO goto ret;
// Init the encryption algorithm with the decrypted master key
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ #if defined (TC_WINDOWS_BOOT_SERPENT)
+ serpent_set_key (masterKey, cryptoInfo->ks);
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ twofish_set_key ((TwofishInstance *) cryptoInfo->ks, (const u4byte *) masterKey);
+ #else
+ status = EAInit (masterKey, cryptoInfo->ks);
+ if (status == ERR_CIPHER_INIT_FAILURE)
+ goto err;
+ #endif
+#else
status = EAInit (cryptoInfo->ea, masterKey, cryptoInfo->ks);
if (status == ERR_CIPHER_INIT_FAILURE)
goto err;
+#endif
// The secondary master key (if cascade, multiple concatenated)
+#ifdef TC_WINDOWS_BOOT_SINGLE_CIPHER_MODE
+ #if defined (TC_WINDOWS_BOOT_SERPENT)
+ serpent_set_key (masterKey + 32, cryptoInfo->ks2);
+ #elif defined (TC_WINDOWS_BOOT_TWOFISH)
+ twofish_set_key ((TwofishInstance *)cryptoInfo->ks2, (const u4byte *) (masterKey + 32));
+ #else
+ EAInit (masterKey + 32, cryptoInfo->ks2);
+ #endif
+#else
EAInit (cryptoInfo->ea, masterKey + EAGetKeySize (cryptoInfo->ea), cryptoInfo->ks2);
+#endif
goto ret;
}
|