A blog covering reverse engineering, security, and portable software development

Yesterday the TrueCrypt foundation released TrueCrypt 5.0a. Many bugs have been fixed – you find a list of the changes here.

In case you had trouble with the pre-boot authentication you might want to upgrade to the new version.

13 comments

When importing Visual Studio 2005 project files (or whole solutions) into the new Visual Studio 2008 code named ‘Orcas’, you might find it interesting to know that under some circumstances important project settings are not set to their original value.

I found this problem when importing the VS 2005 solution of TrueCrypt into VS 2008. Importing the solution does not show any error and compiling the imported project works fine.

However, when testing the performance with the TrueCrypt built-in benchmark, I was a bit shocked:

The speed of the VS 2008 compiled code was up to 76% slower than the same code compiled with VS 2005. My first tought was that this might be Microsoft’s solution for converting C/C++ developers to use the .NET platform ;-). But my second thought was that this could have only been caused by bad compiler optimization settings.

Thanks god, my second guess was right:

When looking at the C/C++ project configuration settings under Studio 2008, I realized that the code optimization was set to ‘user defined’ (for the ‘Release’ configuration). The same setting is set to “Maximize speed /O2″ under Studio 2005.

When inspecing the .vcproj files of both Studio versions, you will see that there are no big differences.

These are the values for the ‘Optimization’ attribute of a .vcproj file:

• 0 – Disable optimization (/Od)
• 1 – Minimize size (/O1)
• 2 – Maximize speed (/O2)
• 3 – Full optimization (/Ox)
• 4 – User defined

These settings are the same for the 2005 and 2008 version. However, the behavior is different if this attribute is not specified inside the project file (which is the case for all TrueCrypt project files and the ‘Release’ configuration).

Visual Studio 2005 will set the default value for a missing setting to ‘Maximize speed (/O2)’, where Visual Studio 2008 will set the default value to ‘User defined’.

My personal opinion is that the default behavior of VS 2008 is correct. Generally fixing such wrong behaviors is good. However, in a perfect world the ‘old project file import handler’ should have inserted an XML element with Studio 2005’s default setting (Maximize speed). This would probably have been the best user experience.

1 comment

 

Two days ago the long-awaited new version of TrueCrypt has been released. The new version supports pre-boot-authentication and is available for Windows, Linux and Mac OS X.

The developers claim that read/write speed was improved by up to 100% compared to the previous version 4.3. In this blog I will describe how to get an additional performance improvement by replacing TrueCrypt’s AES implementation (which is C code) by a highly optimized assembler version.

TrueCrypt uses the AES implementation from Brian Gladman. On his home page you can download the full source code. The archive contains a C implementation and assembler implementations for the Intel x86 and AMD x86-64 architecture. To compile the assembler sources you will need the YASM assembler which can freely downloaded here.

The good news is that the AES-ECB encrypt and decrypt functions have the same interface as the C version which is used in TrueCrypt. So you don’t need to adapt the interface to get it working :-).

Lets get hands on! You will need the following compilers and development kits in order to compile TrueCrypt for Windows:

• Microsoft Visual Studio 2005 with SP1
• Microsoft Visual C++ 1.52
• Windows Driver Development Kit (DDK) Vista Build 6000

After installing the compilers and the Vista DDK, you will need to set two environment variables:

1. ‘MSVC16_ROOT’ should point to the installation directory of MS Visual C++ 1.52
2. ‘WINDDK_6000_ROOT’ should point to the installation directory of the Vista DDK

Download the Windows version (with CR/LF line endings) of the TrueCrypt source code here.

Unzip the ‘TrueCrypt 5.0 Source.zip’, open the ‘TrueCrypt.sln’ solution file in Visual Studio 2005, select ‘All’ as the active solution configuration and build the project.

As said before, to compile the AES assembler implementation you will need the YASM assembler. Unzip Brian Gladmans AES implemenatation and assemble ‘aes_x86_v1.asm’:

yasm-0.6.2-win32.exe -f win32 aes_x86_v1.asm

There is also a 64 bit implementation ‘aes_amd64.asm’ provided in the package. I did not build an optimized TrueCrypt 64 bit Windows driver yet. I also did not try to compile the Linux or Mac OS X versions. The steps are very similar and YASM is available for other platforms and does support other object formats. You simply need to specify a different object format by a yasm command line switch (e.g. -f win64 to build a 64 bit COFF object from the ‘aes_amd64.asm’ listing).

Rename the ‘aes_v86_v1.obj’ to ‘aescrypt.obj’. Copy this file into your TrueCrypt source code directory under ‘TrueCrypt/Crypto/Release’. Please note that you will need to overwrite the existing ‘aescrypt.obj’ which was built before from C code.

If you now build the solution in Visual Studio, it will link the new AES object file into the ‘TrueCrypt.exe’. Please note that the new object file which is under ‘TrueCrypt/Crypto/Release’ will only be used when creating TC volumes, for benchmarking the performance and for testing the code against the testvectors. If you run the freshly build ‘TrueCrypt.exe’ and do the benchmark you will see a performance increase of around +15% to +40%, depending on your hardware.

However, we want this performance in the TrueCrypt driver – therefore we will need to compile the ‘aes_v86_v1.asm’ for the TrueCrypt driver.

This task is a bit more complicated: You will need to modify the assembler source code to change the calling convention and name mangling to __stdcall. Open the ‘aes_v86_v1.asm’ and search for:

; AES Encryption Subroutine
do_name _aes_encrypt

Change the function name in the above code into _aes_encrypt@12:

; AES Encryption Subroutine
do_name _aes_encrypt@12

At the end of this subroutine you will see the following code:

add esp,stk_spc
do_exit

Replace the ‘do_exit’ with ‘ret 0ch’:

add esp,stk_spc
ret 0ch

You need to do both changes for the ‘aes_decrypt’ subroutine, too.

After doing this, you can rebuild the ‘aes_v86_v1.obj’ with yasm:

yasm-0.6.2-win32.exe -f win32 aes_x86_v1.asm

Unfortunately, YASM doesn’t provide a switch which will add a linker comment to the COFF object, telling the linker that this file uses SAFESEH (safe structured exception handling). The ‘truecrypt.sys’ driver is linked with SAFESEH, so the linking step with the newly created COFF object will fail.

Rename the new ‘aes_x86_v1.obj’ to ‘aescrypt.obj’. Copy this file into your TrueCrypt source code directory under ‘TrueCrypt/Crypto/obj_driver_release’. Again, you will overwrite the existing ‘aescrypt.obj’ C version with the assembler version.

I couldn’t find a specification which explains how the information that an object uses SAFESEH is reflected in the COFF object. So, my solution to get the stuff linking was to disassemble the new ‘aescrypt.obj’ using IDA Pro in order to convert the YASM code into MASM syntax. Then I used ML.EXE (MASM), which is included in Visual Studio 2005, to assemble the listing generated by IDA Pro. MASM supports a /SAFESEH switch, which will add this information to the COFF object:

ml.exe -c -safeseh aes_x86_v1.asm

Rename the ‘aes_x86_v1.obj’ to ‘aescrypt.obj’ and copy it into the ‘TrueCrypt/Crypto/obj_driver_release’ directory.

You can now build the solution once more and it should link the optimized AES implementation and create a new ‘truecrypt.sys’ driver. You will need to overwrite the ‘Truecrypt.exe’ and ‘truecrypt.sys’ driver in the TrueCrypt’s program files folder with the latest version. You will also need to replace the driver in the ‘Windows/system32/drivers’ directory.

That’s it! Simply reboot your machine and enjoy the improved AES performance in TrueCrypt.

You can download an archive which contains the modified object files here.

Enjoy!

53 comments