diff --git a/.gitignore b/.gitignore index e1f27fcd..48d91499 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,7 @@ src/Main/veracrypt *.osse41 *.ossse3 *.oshani +*.oaesni *.oarmv8crypto # VC macOS build artifacts diff --git a/Translations/Language.ar.xml b/Translations/Language.ar.xml index 43d56f30..0766acea 100644 --- a/Translations/Language.ar.xml +++ b/Translations/Language.ar.xml @@ -1644,6 +1644,7 @@ خطأ: نقطة تركيب الحجم محظورة لأنها تحل محل دليل نظام محمي.\n\nيرجى اختيار نقطة تركيب مختلفة. خطأ: نقطة تركيب الحجم غير مسموح بها لأنها تحل محل دليل مدرج ضمن متغير البيئة PATH.\n\nيرجى اختيار نقطة تركيب مختلفة. [وضع غير آمن] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.be.xml b/Translations/Language.be.xml index 03352808..50bc8e85 100644 --- a/Translations/Language.be.xml +++ b/Translations/Language.be.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.bg.xml b/Translations/Language.bg.xml index 68be0aa8..e08b7212 100644 --- a/Translations/Language.bg.xml +++ b/Translations/Language.bg.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.ca.xml b/Translations/Language.ca.xml index dd91a915..387f76b8 100644 --- a/Translations/Language.ca.xml +++ b/Translations/Language.ca.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.co.xml b/Translations/Language.co.xml index b2384e32..527d5407 100644 --- a/Translations/Language.co.xml +++ b/Translations/Language.co.xml @@ -1663,6 +1663,7 @@ Information about Corsican localization: SBAGLIU : U puntu du muntatura di u vulume hè bluccatu perchè ellu rimpiazzeghja un cartulare prutettu di u sistema.\n\nCi vole à sceglie un puntu du muntatura sfarente. SBAGLIU : U puntu du muntatura di u vulume ùn hè micca permessu perchè ellu rimpiazzeghja un cartulare chì face parte di a variabile d’ambiente PATH.\n\nCi vole à sceglie un puntu du muntatura sfarente. [MODU NONSICURU] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.cs.xml b/Translations/Language.cs.xml index ed785dec..a7e4d29f 100644 --- a/Translations/Language.cs.xml +++ b/Translations/Language.cs.xml @@ -1644,6 +1644,7 @@ CHYBA: Připojovací bod svazku je blokován, jelikož je nadřazen chráněnému systémovému adresáři.\n\nProsím, zvolte jiný přípojovací bod. CHYBA: Připojovací bod svazku není povolen, jelikož přepisuje adresář, jenž je součástí proměnného prostředí PATH.\n\nProsím, vyberte jiný připojovací bod. [NEZABEZPEČENÝ REŽIM] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.da.xml b/Translations/Language.da.xml index 1f21cd37..77b6949f 100644 --- a/Translations/Language.da.xml +++ b/Translations/Language.da.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.de.xml b/Translations/Language.de.xml index 400b958b..df7d93c0 100644 --- a/Translations/Language.de.xml +++ b/Translations/Language.de.xml @@ -1647,6 +1647,7 @@ FEHLER: Der Einhängepunkt ist blockiert, da er ein geschütztes Systemverzeichnis überschreibt.\n\nBitte wählen Sie einen anderen Einhängepunkt. FEHLER: Der Einhängepunkt ist unzulässig, da er ein Verzeichnis überschreibt, das zur PATH-Umgebungsvariable gehört.\n\nBitte wählen Sie einen anderen Einhängepunkt. [UNSICHERER MODUS] + SM4 ist ein Blockchiffre-Standard, der 2006 von der nationalen chinesischen Behörde für Kryptografie im Rahmen des Standards GB/T 32907-2016 veröffentlicht wurde. 128 Bit Schlüssellänge, 128 Bit Blockgröße.\nArbeitet im XTS-Modus. Findet breite Anwendung in chinesischen nationalen Standards und kommerziellen Anwendungen. diff --git a/Translations/Language.el.xml b/Translations/Language.el.xml index 4fdd72fa..1361b950 100644 --- a/Translations/Language.el.xml +++ b/Translations/Language.el.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.es.xml b/Translations/Language.es.xml index e46d87d9..9ce61a48 100644 --- a/Translations/Language.es.xml +++ b/Translations/Language.es.xml @@ -1644,6 +1644,7 @@ ERROR: El punto de montaje del volumen está bloqueado porque sobrescribe un directorio protegido del sistema.\n\nElija un punto de montaje diferente. ERROR: No se permite el punto de montaje del volumen porque sobrescribe un directorio que forma parte de la ruta PATH.\n\nElija un punto de montaje diferente. [MODO INSEGURO] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.et.xml b/Translations/Language.et.xml index 9f3c903b..76a26dcf 100644 --- a/Translations/Language.et.xml +++ b/Translations/Language.et.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.eu.xml b/Translations/Language.eu.xml index 6f36dfde..16f6a4f1 100644 --- a/Translations/Language.eu.xml +++ b/Translations/Language.eu.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.fa.xml b/Translations/Language.fa.xml index 31962e00..ec2bec76 100644 --- a/Translations/Language.fa.xml +++ b/Translations/Language.fa.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.fi.xml b/Translations/Language.fi.xml index a6667859..f8da9178 100644 --- a/Translations/Language.fi.xml +++ b/Translations/Language.fi.xml @@ -1644,6 +1644,7 @@ VIRHE: Taltion liitoskohta on estetty, koska se korvaa suojatun järjestelmäkansion.\n\nValitse toinen liitoskohta. VIRHE: Taltion liitoskohta ei ole sallittu, koska se korvaa PATH-ympäristömuuttujaan kuuluvan sijainnin.\n\nValitse toinen liitoskohta. [EPÄTURVALLINEN TILA] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.fr.xml b/Translations/Language.fr.xml index b23493d3..953e7aab 100644 --- a/Translations/Language.fr.xml +++ b/Translations/Language.fr.xml @@ -1644,6 +1644,7 @@ ERREUR : Le point de montage du volume est bloqué car il remplace un répertoire système protégé.\n\nVeuillez choisir un autre point de montage. ERREUR : Le point de montage du volume n'est pas autorisé car il remplace un répertoire faisant partie de la variable d'environnement PATH.\n\nVeuillez choisir un autre point de montage. [MODE NON SÉCURISÉ] + SM4 est un standard de chiffrement par blocs publié en 2006 par l’Administration nationale de la cryptographie de Chine, dans le cadre de la norme GB/T 32907-2016. Clé de 128 bits et bloc de 128 bits. Le mode opératoire est XTS. Il a été largement adopté dans les normes nationales chinoises et dans des applications commerciales. diff --git a/Translations/Language.he.xml b/Translations/Language.he.xml index 2cbdedea..cd70f6ad 100644 --- a/Translations/Language.he.xml +++ b/Translations/Language.he.xml @@ -1645,6 +1645,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.hu.xml b/Translations/Language.hu.xml index 01b53302..e8aff6a4 100644 --- a/Translations/Language.hu.xml +++ b/Translations/Language.hu.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.id.xml b/Translations/Language.id.xml index 12ee64e9..e6520fe2 100644 --- a/Translations/Language.id.xml +++ b/Translations/Language.id.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.it.xml b/Translations/Language.it.xml index 9ec5939d..9ec9b12e 100644 --- a/Translations/Language.it.xml +++ b/Translations/Language.it.xml @@ -1644,6 +1644,7 @@ ERRORE: Il punto di montaggio del volume è bloccato perché sovrascrive una directory di sistema protetta.\n\nScegli un punto di montaggio diverso. ERRORE: Il punto di montaggio del volume non è consentito perché sovrascrive una directory che fa parte della variabile d'ambiente PATH.\n\nScegli un punto di montaggio diverso. [MODALITÀ NON SICURA] + SM4 è uno standard di cifratura a blocchi pubblicato dall'Amministrazione Cinese per la Crittografia Nazionale nel 2006 come parte dello standard GB/T 32907-2016. Chiave a 128 bit, blocco a 128 bit. La modalità operativa è XTS. È ampiamente utilizzato negli standard nazionali cinesi e nelle applicazioni commerciali. diff --git a/Translations/Language.ja.xml b/Translations/Language.ja.xml index a17703ee..ffbf8489 100644 --- a/Translations/Language.ja.xml +++ b/Translations/Language.ja.xml @@ -1644,6 +1644,7 @@ エラー: ボリュームのマウントポイントは、保護されたシステムディレクトリと競合するためブロックされました。\n\n別のマウントポイントを選択してください。 エラー: ボリュームのマウントポイントは、PATH環境変数に含まれるディレクトリを上書きするため使用できません。\n\n別のマウントポイントを選択してください。 [非セキュアモード] + SM4(エスエムフォー)とは、2006年に中国国家暗号管理局によって発表されたブロック暗号規格であり、GB/T 32907-2016標準の一部を成しています。128ビットキー、128ビットブロックを使用します。動作モードはXTSです。SM4は中国の国家標準および商用アプリケーションに広く使用されています。 diff --git a/Translations/Language.ka.xml b/Translations/Language.ka.xml index a809aa46..d8383809 100644 --- a/Translations/Language.ka.xml +++ b/Translations/Language.ka.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.ko.xml b/Translations/Language.ko.xml index 3f9ab7b4..5f3b9785 100644 --- a/Translations/Language.ko.xml +++ b/Translations/Language.ko.xml @@ -1644,6 +1644,7 @@ 오류: 볼륨 마운트 위치가 보호된 시스템 디렉터리를 덮어쓰기 때문에 차단되었습니다.\n\n다른 마운트 위치를 선택하세요. 오류: 볼륨 마운트 위치가 PATH 환경 변수의 일부인 디렉터리를 덮어쓰기 때문에 허용되지 않습니다.\n\n다른 마운트 위치를 선택하세요. [비보안 모드] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.lv.xml b/Translations/Language.lv.xml index a5d66a26..638485ed 100644 --- a/Translations/Language.lv.xml +++ b/Translations/Language.lv.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.my.xml b/Translations/Language.my.xml index 600fd661..2b4bc8e2 100644 --- a/Translations/Language.my.xml +++ b/Translations/Language.my.xml @@ -1646,6 +1646,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.nb.xml b/Translations/Language.nb.xml index e9194245..b0563f5e 100644 --- a/Translations/Language.nb.xml +++ b/Translations/Language.nb.xml @@ -1644,6 +1644,7 @@ FEIL: Volumets monteringspunkt er blokkert fordi det overstyrer en beskyttet systemkatalog.\n\nVennligst velg et annet monteringspunkt. FEIL: Volumets monteringspunkt er ikke tillatt fordi det overstyrer en katalog som er en del av PATH-miljøvariabelen.\n\nVennligst velg et annet monteringspunkt. [USIKKER MODUS] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.nl.xml b/Translations/Language.nl.xml index 3b1d0046..16d1aaaf 100644 --- a/Translations/Language.nl.xml +++ b/Translations/Language.nl.xml @@ -1644,6 +1644,7 @@ FOUT: Het koppelpunt van het volume is geblokkeerd omdat het een beveiligde systeemmap overschrijft.\n\nKies een ander koppelpunt. FOUT: het koppelpunt voor het volume is niet toegestaan omdat het een map overschrijft die deel uitmaakt van de omgevingsvariabele PATH.\n\nKies een ander koppelpunt. [ONVEILIGE MODUS] + SM4 is een blokcijferstandaard die in 2006 werd gepubliceerd door de Chinese Nationale Cryptografieadministratie als onderdeel van de GB/T 32907-2016-standaard. 128-bit sleutel, 128-bit blok. Werkingswijze is XTS. Het wordt veel gebruikt in Chinese nationale standaarden en commerciële toepassingen. diff --git a/Translations/Language.nn.xml b/Translations/Language.nn.xml index 7a181a6f..6f14bb8f 100644 --- a/Translations/Language.nn.xml +++ b/Translations/Language.nn.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.pl.xml b/Translations/Language.pl.xml index 2c736d45..97c842e6 100644 --- a/Translations/Language.pl.xml +++ b/Translations/Language.pl.xml @@ -1644,6 +1644,7 @@ BŁĄD: Punkt podłączania wolumenu jest zablokowany, ponieważ nadpisuje chroniony katalog systemowy.\n\nWybierz inny punkt podłączania. BŁĄD: Punkt podłączania wolumenu nie jest dozwolony, ponieważ nadpisuje katalog, który jest częścią zmiennej środowiskowej PATH.\n\nWybierz inny punkt podłączania. [TRYB NIEBEZPIECZNY] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.pt-br.xml b/Translations/Language.pt-br.xml index de26baf6..86b52c40 100644 --- a/Translations/Language.pt-br.xml +++ b/Translations/Language.pt-br.xml @@ -1644,6 +1644,7 @@ ERRO: O ponto de montagem do volume está bloqueado porque substitui um diretório protegido do sistema.\n\nPor favor, escolha um ponto de montagem diferente. ERRO: O ponto de montagem do volume não é permitido porque substitui um diretório que faz parte da variável de ambiente PATH.\n\nPor favor, escolha um ponto de montagem diferente. [MODO INSEGURO] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.ro.xml b/Translations/Language.ro.xml index ecaea66a..970b4cd0 100644 --- a/Translations/Language.ro.xml +++ b/Translations/Language.ro.xml @@ -1644,6 +1644,7 @@ EROARE: Punctul de montare al volumului este blocat deoarece suprascrie un director de sistem protejat.\n\nVă rugăm să alegeți un alt punct de montare. EROARE: Punctul de montare al volumului nu este permis deoarece suprascrie un director care face parte din variabila de mediu PATH.\n\nVă rugăm să alegeți un alt punct de montare. [MOD INSECURIZAT] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.ru.xml b/Translations/Language.ru.xml index c33a6491..0cb869d0 100644 --- a/Translations/Language.ru.xml +++ b/Translations/Language.ru.xml @@ -1644,6 +1644,7 @@ ОШИБКА: Точка монтирования тома заблокирована, так как она переопределяет защищённую системную папку.\n\nВыберите другую точку монтирования. ОШИБКА: Точка монтирования тома не разрешена, так как она переопределяет папку, которая является частью переменной среды PATH.\n\nВыберите другую точку монтирования. [НЕБЕЗОПАСНЫЙ РЕЖИМ] + Стандарт блочного шифрования, опубликованный Китайским национальным управлением криптографии в 2006 г. в рамках стандарта GB/T 32907-2016. Ключ: 128 бит, блок: 128 бит. Режим работы: XTS. Широко используется в национальных стандартах Китая и в коммерческих приложениях. diff --git a/Translations/Language.sk.xml b/Translations/Language.sk.xml index 279407aa..696c39c3 100644 --- a/Translations/Language.sk.xml +++ b/Translations/Language.sk.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.sl.xml b/Translations/Language.sl.xml index 3a050611..00e5eefc 100644 --- a/Translations/Language.sl.xml +++ b/Translations/Language.sl.xml @@ -1644,6 +1644,7 @@ NAPAKA: Tocka priklopa nosilca je blokirana, ker prekriva zašciteno sistemsko mapo.\n\nIzberite drugo tocko priklopa. NAPAKA: Tocka priklopa nosilca ni dovoljena, ker prekriva mapo, ki je del okoljske spremenljivke PATH.\n\nIzberite drugo tocko priklopa. [NEVAREN NACIN] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.sv.xml b/Translations/Language.sv.xml index 6e256746..07ec26d8 100644 --- a/Translations/Language.sv.xml +++ b/Translations/Language.sv.xml @@ -1644,6 +1644,7 @@ FEL: Volymens monteringspunkt är blockerad eftersom den skriver över en skyddad systemkatalog.\n\nVar god välj en annan monteringspunkt. FEL: Volymens monteringspunkt är inte tillåten eftersom den skriver över en katalog som är en del av miljövariabeln PATH.\n\nVar god välj en annan monteringspunkt. [OSÄKERT] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.th.xml b/Translations/Language.th.xml index 775f116a..e2e8717b 100644 --- a/Translations/Language.th.xml +++ b/Translations/Language.th.xml @@ -1645,6 +1645,7 @@ ข้อผิดพลาด: จุดเชื่อมต่อโวลุ่มถูกบล็อกเนื่องจากไปทับซ้อนกับไดเรกทอรีระบบที่ได้รับการป้องกัน\n\nกรุณาเลือกจุดเชื่อมต่ออื่น ข้อผิดพลาด: จุดเชื่อมต่อโวลุ่มไม่ได้รับอนุญาตเนื่องจากไปทับซ้อนกับไดเรกทอรีที่เป็นส่วนหนึ่งของตัวแปร PATH\n\nกรุณาเลือกจุดเชื่อมต่ออื่น [โหมดไม่ปลอดภัย] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.tr.xml b/Translations/Language.tr.xml index 327d0c04..90a85293 100644 --- a/Translations/Language.tr.xml +++ b/Translations/Language.tr.xml @@ -1644,6 +1644,7 @@ HATA: Birim bağlama noktası, korunan bir sistem dizinini geçersiz kıldığı için engellendi.\n\nLütfen farklı bir bağlama noktası seçin. HATA: Birim bağlama noktası, PATH ortam değişkeninin bir parçası olan bir dizini geçersiz kıldığı için izin verilmiyor.\n\nLütfen farklı bir bağlama noktası seçin. [GÜVENSİZ MOD] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.uk.xml b/Translations/Language.uk.xml index 6c922405..e60b2ab0 100644 --- a/Translations/Language.uk.xml +++ b/Translations/Language.uk.xml @@ -1644,6 +1644,7 @@ ПОМИЛКА: Точка монтування тому заблокована, оскільки вона заміщує захищений системний каталог.\n\nБудь ласка, оберіть іншу точку монтування. ПОМИЛКА: Точка монтування тому не дозволена, оскільки вона заміщує каталог, який є частиною змінної середовища PATH.\n\nБудь ласка, оберіть іншу точку монтування. [НЕБЕЗПЕЧНИЙ РЕЖИМ] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.uz.xml b/Translations/Language.uz.xml index 655c3ea2..7582e9e3 100644 --- a/Translations/Language.uz.xml +++ b/Translations/Language.uz.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.vi.xml b/Translations/Language.vi.xml index f1fb20ee..d46ff5bb 100644 --- a/Translations/Language.vi.xml +++ b/Translations/Language.vi.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.zh-cn.xml b/Translations/Language.zh-cn.xml index 92f57ad5..d339c886 100644 --- a/Translations/Language.zh-cn.xml +++ b/Translations/Language.zh-cn.xml @@ -1645,6 +1645,7 @@ 错误:卷挂载点被阻止,因为它覆盖了受保护的系统目录。\n\n请选择其他挂载点。 错误:卷挂载点不允许使用,因为它覆盖了 PATH 环境变量中的目录。\n\n请选择其他挂载点。 [不安全模式] + SM4 是由中国国家密码管理局在 2006 年发布的分组密码标准,作为 GB/T 32907-2016 标准的一部分。128 位密钥,128 位块。操作方式 XTS。它在中国国家标准和商业应用中被广泛使用。 diff --git a/Translations/Language.zh-hk.xml b/Translations/Language.zh-hk.xml index d07e042e..da1c2147 100644 --- a/Translations/Language.zh-hk.xml +++ b/Translations/Language.zh-hk.xml @@ -1644,6 +1644,7 @@ 錯誤:磁碟區掛載點因其覆寫系統受保護的路徑而被阻止。\n\n請選擇另一個掛載點。 錯誤: 磁碟區掛載點因其覆寫的路徑屬於 PATH 環境變數的一部份而不被接納。\n\n請選擇另一個掛載點。 [不安全模式] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/Translations/Language.zh-tw.xml b/Translations/Language.zh-tw.xml index 6a9c2bd4..2043c555 100644 --- a/Translations/Language.zh-tw.xml +++ b/Translations/Language.zh-tw.xml @@ -1644,6 +1644,7 @@ ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/doc/chm/VeraCrypt User Guide.chm b/doc/chm/VeraCrypt User Guide.chm index 93afe424..0d708301 100644 Binary files a/doc/chm/VeraCrypt User Guide.chm and b/doc/chm/VeraCrypt User Guide.chm differ diff --git a/doc/chm/VeraCrypt User Guide.ru.chm b/doc/chm/VeraCrypt User Guide.ru.chm index 3ee15473..f44da48e 100644 Binary files a/doc/chm/VeraCrypt User Guide.ru.chm and b/doc/chm/VeraCrypt User Guide.ru.chm differ diff --git a/doc/chm/VeraCrypt User Guide.zh-cn.chm b/doc/chm/VeraCrypt User Guide.zh-cn.chm index 1fda7525..09dfc996 100644 Binary files a/doc/chm/VeraCrypt User Guide.zh-cn.chm and b/doc/chm/VeraCrypt User Guide.zh-cn.chm differ diff --git a/doc/chm/en/VeraCrypt.hhc b/doc/chm/en/VeraCrypt.hhc index 3c2223c7..6aa69798 100644 --- a/doc/chm/en/VeraCrypt.hhc +++ b/doc/chm/en/VeraCrypt.hhc @@ -172,6 +172,10 @@ +
  • + + +
  • diff --git a/doc/chm/en/VeraCrypt.hhp b/doc/chm/en/VeraCrypt.hhp index e6ff2430..e8e2adb6 100644 --- a/doc/chm/en/VeraCrypt.hhp +++ b/doc/chm/en/VeraCrypt.hhp @@ -155,6 +155,7 @@ Serpent.html SHA-256.html SHA-512.html Sharing over Network.html +SM4.html Source Code.html Standard Compliance.html Streebog.html diff --git a/doc/chm/ru/VeraCrypt.ru.hhc b/doc/chm/ru/VeraCrypt.ru.hhc index 01238ff9..5e1b9c2c 100644 --- a/doc/chm/ru/VeraCrypt.ru.hhc +++ b/doc/chm/ru/VeraCrypt.ru.hhc @@ -172,6 +172,10 @@ +
  • + + +
  • diff --git a/doc/chm/ru/VeraCrypt.ru.hhp b/doc/chm/ru/VeraCrypt.ru.hhp index d93ce68d..66d4f884 100644 --- a/doc/chm/ru/VeraCrypt.ru.hhp +++ b/doc/chm/ru/VeraCrypt.ru.hhp @@ -155,6 +155,7 @@ Serpent.html SHA-256.html SHA-512.html Sharing over Network.html +SM4.html Source Code.html Standard Compliance.html Streebog.html diff --git a/doc/chm/zh-cn/VeraCrypt.zh-cn.hhc b/doc/chm/zh-cn/VeraCrypt.zh-cn.hhc index 9a369514..3fbac102 100644 --- a/doc/chm/zh-cn/VeraCrypt.zh-cn.hhc +++ b/doc/chm/zh-cn/VeraCrypt.zh-cn.hhc @@ -172,6 +172,10 @@ +
  • + + +
  • diff --git a/doc/chm/zh-cn/VeraCrypt.zh-cn.hhp b/doc/chm/zh-cn/VeraCrypt.zh-cn.hhp index 8f37b71a..2be840db 100644 --- a/doc/chm/zh-cn/VeraCrypt.zh-cn.hhp +++ b/doc/chm/zh-cn/VeraCrypt.zh-cn.hhp @@ -156,6 +156,7 @@ Security Tokens & Smart Cards.html Serpent.html SHA-256.html SHA-512.html +SM4.html Sharing over Network.html Source Code.html Standard Compliance.html diff --git a/doc/html/en/Acknowledgements.html b/doc/html/en/Acknowledgements.html index 7083ed54..8fa6347b 100644 --- a/doc/html/en/Acknowledgements.html +++ b/doc/html/en/Acknowledgements.html @@ -47,7 +47,7 @@ Dobbertin, Antoon Bosselaers, Bart Preneel, Paulo S. L. M. Barreto.

    Andreas Becker for designing VeraCrypt logo and icons.

    Xavier de Carné de Carnavalet who proposed a speed optimization for PBKDF2 that reduced mount/boot time by half.

    -

    kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/) from which Kuznyechik cipher implementation was taken.

    +

    kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/) from which Kuznyechik and SM4 ciphers implementation was taken.


    Dieter Baron and Thomas Klausner who wrote the libzip library.


    diff --git a/doc/html/en/Command Line Usage.html b/doc/html/en/Command Line Usage.html index ff24b179..a96289b3 100644 --- a/doc/html/en/Command Line Usage.html +++ b/doc/html/en/Command Line Usage.html @@ -245,12 +245,16 @@ It must be followed by a parameter indicating the PRF hash algorithm to use when (Only with /create)
    It must be followed by a parameter indicating the encryption algorithm to use. The default is AES if this switch is not specified. The parameter can have the following values (case insensitive):

      -
    • AES
    • Serpent
    • Twofish
    • Camellia
    • Kuznyechik
    • AES(Twofish)
    • AES(Twofish(Serpent))
    • Serpent(AES)
    • Serpent(Twofish(AES))
    • Twofish(Serpent)
      • +
    • AES
    • Serpent
    • Twofish
    • Camellia
    • Kuznyechik
    • SM4
    • AES(Twofish)
    • AES(Twofish(Serpent))
    • Serpent(AES)
    • Serpent(Twofish(AES))
    • Twofish(Serpent)
    • Camellia(Kuznyechik)
    • Kuznyechik(Twofish)
    • Camellia(Serpent)
    • Kuznyechik(AES)
    • Kuznyechik(Serpent(Camellia))
      • +
    • Kuznyechik(SM4)
      • +
    • Serpent(SM4)
      • +
    • SM4(Twofish)
      • +
    • Twofish(Serpent(SM4))
    @@ -312,7 +316,7 @@ If it is followed by n or no: the password dia

    Syntax

    VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}] [/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]

    -

    "VeraCrypt Format.exe" [/n] [/create] [/size number[{K|M|G|T}]] [/p password]  [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}] +

    "VeraCrypt Format.exe" [/n] [/create] [/size number[{K|M|G|T}]] [/p password]  [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | SM4 | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia)) | Kuznyechik(SM4) | Serpent(SM4) | SM4(Twofish) | Twofish(Serpent(SM4))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}] [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]

    Note that the order in which options are specified does not matter.

    Examples

    diff --git a/doc/html/en/Documentation.html b/doc/html/en/Documentation.html index ae864742..bdee99cf 100644 --- a/doc/html/en/Documentation.html +++ b/doc/html/en/Documentation.html @@ -78,7 +78,7 @@
  • Hash Algorithms
      diff --git a/doc/html/en/Encryption Algorithms.html b/doc/html/en/Encryption Algorithms.html index b1033622..0fd464bc 100644 --- a/doc/html/en/Encryption Algorithms.html +++ b/doc/html/en/Encryption Algorithms.html @@ -49,7 +49,7 @@ Key Size
      Block Size (Bits) -Mode of Operation +Mode of Operation @@ -65,7 +65,7 @@ Block Size (Bits) -AES +AES J. Daemen, V. Rijmen @@ -73,7 +73,7 @@ J. Daemen, V. Rijmen 128 -XTS +XTS @@ -105,7 +105,7 @@ GOST R 34.12-2015

      -Serpent +Serpent R. Anderson, E. Biham, L. Knudsen @@ -115,9 +115,21 @@ R. Anderson, E. Biham, L. Knudsen XTS + + + SM4 + + Data Assurance & Communication Security Center, Chinese Academy of Sciences
      GB/T 32907-2016 + + 128 + + 128 + + XTS + -Twofish +Twofish B. Schneier, J. Kelsey, D. Whiting,
      D. Wagner, C. Hall, N. Ferguson @@ -130,7 +142,7 @@ XTS -AES-Twofish +AES-Twofish   @@ -142,7 +154,7 @@ XTS -AES-Twofish-Serpent +AES-Twofish-Serpent   @@ -154,7 +166,7 @@ XTS -Camellia-Kuznyechik +Camellia-Kuznyechik   @@ -166,7 +178,7 @@ XTS -Camellia-Serpent +Camellia-Serpent   @@ -178,7 +190,7 @@ XTS -Kuznyechik-AES +Kuznyechik-AES   @@ -190,7 +202,7 @@ XTS -Kuznyechik-Serpent-Camellia +Kuznyechik-Serpent-Camellia   @@ -202,7 +214,7 @@ XTS -Kuznyechik-Twofish +Kuznyechik-Twofish   @@ -214,7 +226,7 @@ XTS -Serpent-AES +Serpent-AES   @@ -226,7 +238,7 @@ XTS -Serpent-Twofish-AES +Serpent-Twofish-AES   @@ -238,7 +250,7 @@ XTS -Twofish-Serpent +Twofish-Serpent   @@ -248,6 +260,60 @@ XTS XTS + + + + Kuznyechik-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + Serpent-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + SM4-Twofish + +   + + 128; 256 + + 128 + + XTS + + + + + Twofish-Serpent-SM4 + +   + + 256; 256; 128 + + 128 + + XTS + + +   @@ -263,7 +329,7 @@ XTS
      -For information about XTS mode, please see the section +For information about XTS mode, please see the section Modes of Operation.
      diff --git a/doc/html/en/FAQ.html b/doc/html/en/FAQ.html index 6900ec80..fe49cb03 100644 --- a/doc/html/en/FAQ.html +++ b/doc/html/en/FAQ.html @@ -712,7 +712,7 @@ Windows built-in backup utility looks only for physical driver, that's why it do
      VeraCrypt uses block ciphers (AES, Serpent, Twofish) for its encryption. Quantum attacks against these block ciphers are just a faster brute-force since the best know attack against these algorithms is exhaustive search (related keys attacks are irrelevant to our case because all keys are random and independent from each other).
      -Since VeraCrypt always uses 256-bit random and independent keys, we are assured of a 128-bit security
      +Since VeraCrypt always uses 256-bit random and independent keys (except for SM4 cipher which uses 128-bit key by design), we are assured of a 128-bit security
      level against quantum algorithms which makes VeraCrypt encryption immune to such attacks.
      How to make a VeraCrypt volume available for Windows Search indexing?
      diff --git a/doc/html/en/SM4.html b/doc/html/en/SM4.html new file mode 100644 index 00000000..bb2ba11a --- /dev/null +++ b/doc/html/en/SM4.html @@ -0,0 +1,72 @@ + + + + +VeraCrypt - Free Open source disk encryption with strong security for the Paranoid + + + + + + +
      +VeraCrypt +
      + + + + + +
      +

      SM4

      + +
      + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. + It is the national encryption standard for securing wireless communications (e.g., Wi-Fi) and other secure communication systems within China. + SM4 operates on 128-bit data blocks and uses a 128-bit encryption key. +
      + +
      + The SM4 algorithm uses 32 rounds of encryption operations based on a combination of non-linear substitution, linear transformation, and key addition. + Its structure is similar in some respects to other modern block ciphers, utilizing an S-box for substitution and a linear transformation for diffusion. +
      + +
      + SM4 has been officially standardized by ISO/IEC as part of ISO/IEC 18033-3:2010 through Amendment 1, published in 2021. + It is widely deployed in government, banking, and commercial applications across China. + It is optimized for both software and hardware implementations, providing strong security with relatively high performance. +
      + +
      + VeraCrypt uses SM4 with 32 rounds and a 128-bit key operating in + XTS mode + (see the section + Modes of Operation). +
      + + +
      + +
      + + diff --git a/doc/html/en/Serpent.html b/doc/html/en/Serpent.html index dc23bce6..9dfd5f0d 100644 --- a/doc/html/en/Serpent.html +++ b/doc/html/en/Serpent.html @@ -49,6 +49,6 @@ In spite of these facts, Rijndael was considered an appropriate selection for th votes, Twofish got 31 votes, RC6 got 23 votes, and MARS got 13 votes [18, 19].*

      * These are positive votes. If negative votes are subtracted from the positive votes, the following results are obtained: Rijndael: 76 votes, Serpent: 52 votes, Twofish: 10 votes, RC6: -14 votes, MARS: -70 votes [19].

       

      -

      Next Section >>

      +

      Next Section >>

      diff --git a/doc/html/ru/Documentation.html b/doc/html/ru/Documentation.html index 1f1d3938..1b650a2e 100644 --- a/doc/html/ru/Documentation.html +++ b/doc/html/ru/Documentation.html @@ -78,7 +78,7 @@
    • Алгоритмы хеширования
        diff --git a/doc/html/ru/Encryption Algorithms.html b/doc/html/ru/Encryption Algorithms.html index e1045666..36231013 100644 --- a/doc/html/ru/Encryption Algorithms.html +++ b/doc/html/ru/Encryption Algorithms.html @@ -49,7 +49,7 @@ Размер блока (бит) -Режим работы +Режим работы @@ -65,7 +65,7 @@ -AES +AES J. Daemen, V. Rijmen @@ -73,7 +73,7 @@ J. Daemen, V. Rijmen 128 -XTS +XTS @@ -104,150 +104,215 @@ XTS  XTS - -Serpent - -R. Anderson, E. Biham, L. Knudsen - -256 - -128 - -XTS - - - -Twofish - -B. Schneier, J. Kelsey, D. Whiting,
        -D. Wagner, C. Hall, N. Ferguson - -256 - -128 - -XTS - - - -AES-Twofish - -  - -256; 256 - -128 - -XTS - - - -AES-Twofish-Serpent - -  - -256; 256; 256 - -128 - -XTS - - - -Camellia-Kuznyechik - -  - -256; 256 - -128 - -XTS - - - -Camellia-Serpent - -  - -256; 256 - -128 - -XTS - - - -Kuznyechik-AES - -  - -256; 256 - -128 - -XTS - - - -Kuznyechik-Serpent-Camellia - -  - -256; 256; 256 - -128 - -XTS - - - -Kuznyechik-Twofish - -  - -256; 256 - -128 - -XTS - - - -Serpent-AES - -  - -256; 256 - -128 - -XTS - - - -Serpent-Twofish-AES - -  - -256; 256; 256 - -128 - -XTS - - - -Twofish-Serpent - -  - -256; 256 - -128 - -XTS - + + Serpent + + R. Anderson, E. Biham, L. Knudsen + + 256 + + 128 + + XTS + + + + SM4 + + Центр обеспечения безопасности данных и коммуникаций, Китайская академия наук
        GB/T 32907-2016 + + 128 + + 128 + + XTS + + + + + Twofish + + B. Schneier, J. Kelsey, D. Whiting,
        + D. Wagner, C. Hall, N. Ferguson + + 256 + + 128 + + XTS + + + + AES-Twofish + +   + + 256; 256 + + 128 + + XTS + + + + AES-Twofish-Serpent + +   + + 256; 256; 256 + + 128 + + XTS + + + + Camellia-Kuznyechik + +   + + 256; 256 + + 128 + + XTS + + + + Camellia-Serpent + +   + + 256; 256 + + 128 + + XTS + + + + Kuznyechik-AES + +   + + 256; 256 + + 128 + + XTS + + + + Kuznyechik-Serpent-Camellia + +   + + 256; 256; 256 + + 128 + + XTS + + + + Kuznyechik-Twofish + +   + + 256; 256 + + 128 + + XTS + + + + Serpent-AES + +   + + 256; 256 + + 128 + + XTS + + + + Serpent-Twofish-AES + +   + + 256; 256; 256 + + 128 + + XTS + + + + Twofish-Serpent + +   + + 256; 256 + + 128 + + XTS + + + + + Kuznyechik-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + Serpent-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + SM4-Twofish + +   + + 128; 256 + + 128 + + XTS + + + + + Twofish-Serpent-SM4 + +   + + 256; 256; 128 + + 128 + + XTS +   @@ -263,7 +328,7 @@ XTS
        -Информацию о режиме XTS см. в разделе +Информацию о режиме XTS см. в разделе Режимы работы.
        diff --git a/doc/html/ru/SM4.html b/doc/html/ru/SM4.html new file mode 100644 index 00000000..23256e32 --- /dev/null +++ b/doc/html/ru/SM4.html @@ -0,0 +1,63 @@ + + + + +VeraCrypt - Бесплатное надёжное шифрование дисков с открытым исходным кодом + + + + + + +
        +VeraCrypt +
        + + + + + +
        +

        Алгоритм шифрования SM4

        + +
        +SM4 — это блочный шифр с блоками размером 128 бит, разработанный и опубликованный Национальным управлением по криптографии Китая в 2006 году как часть стандарта GB/T 32907-2016. Является национальным стандартом шифрования для защиты беспроводных коммуникаций (например, Wi-Fi) и других защищённых систем связи в Китае. Использует 128-битовый ключ. +
        + +
        +Алгоритм SM4 использует 32 раунда операций шифрования, основанных на сочетании нелинейной подстановки, линейного преобразования и добавления ключа. По своей структуре в некоторых аспектах схож с другими современными блочными шифрами, применяя S-блок для подстановки и линейное преобразование для диффузии. +
        + +
        +SM4 официально стандартизирован ISO/IEC (ISO/IEC 18033-3:2010) и широко используется в государственных, банковских и коммерческих приложениях по всему Китаю. Оптимизирован как для программных, так и для аппаратных реализаций, обеспечивая высокую производительность при сильной криптографической стойкости. +
        + +
        +В VeraCrypt используется шифр SM4 с 32 раундами и 128-битовым ключом, работающий в режиме XTS (см. раздел Режимы работы). +
        + + +
        +
        + + \ No newline at end of file diff --git a/doc/html/ru/Serpent.html b/doc/html/ru/Serpent.html index bc69d313..a8ee13ed 100644 --- a/doc/html/ru/Serpent.html +++ b/doc/html/ru/Serpent.html @@ -59,6 +59,6 @@

        * Это положительные голоса. Если вычесть отрицательные голоса, то получаются следующие результаты: Rijndael: 76 голосов, Serpent: 52 голоса, Twofish: 10 голосов, RC6: -14 голосов, MARS: -70 голосов [19].

         

        -

        Следующий раздел >>

        +

        Следующий раздел >>

        diff --git a/doc/html/zh-cn/Documentation.html b/doc/html/zh-cn/Documentation.html index 06bdf6c6..f1c0c6a3 100644 --- a/doc/html/zh-cn/Documentation.html +++ b/doc/html/zh-cn/Documentation.html @@ -78,7 +78,7 @@
      • 哈希算法
          diff --git a/doc/html/zh-cn/Encryption Algorithms.html b/doc/html/zh-cn/Encryption Algorithms.html index ce1d9718..2d1a0409 100644 --- a/doc/html/zh-cn/Encryption Algorithms.html +++ b/doc/html/zh-cn/Encryption Algorithms.html @@ -49,7 +49,7 @@ VeraCrypt卷可以使用以下算法进行加密: 块大小(比特) -操作模式 +操作模式 @@ -65,7 +65,7 @@ VeraCrypt卷可以使用以下算法进行加密: -AES +AES J. Daemen、V. Rijmen @@ -73,7 +73,7 @@ J. Daemen、V. Rijmen 128 -XTS +XTS @@ -104,150 +104,214 @@ GOST R 34.12-2015

           XTS - -Serpent - -R. Anderson, E. Biham, L. Knudsen - -256 - -128 - -XTS - - - -Twofish - -B. Schneier, J. Kelsey, D. Whiting,
          -D. Wagner, C. Hall, N. Ferguson - -256 - -128 - -XTS - - - -AES-Twofish - -  - -256; 256 - -128 - -XTS - - - -AES-Twofish-Serpent - -  - -256; 256; 256 - -128 - -XTS - - - -Camellia-Kuznyechik - -  - -256; 256 - -128 - -XTS - - - -Camellia-Serpent - -  - -256; 256 - -128 - -XTS - - - -Kuznyechik-AES - -  - -256; 256 - -128 - -XTS - - - -Kuznyechik-Serpent-Camellia - -  - -256; 256; 256 - -128 - -XTS - - - -Kuznyechik-Twofish - -  - -256; 256 - -128 - -XTS - - - -Serpent-AES - -  - -256; 256 - -128 - -XTS - - - -Serpent-Twofish-AES - -  - -256; 256; 256 - -128 - -XTS - - - -Twofish-Serpent - -  - -256; 256 - -128 - -XTS - + + Serpent + + R. Anderson, E. Biham, L. Knudsen + + 256 + + 128 + + XTS + + + + SM4 + + 数据保障与通信安全中心,中国科学院
          国家标准 GB/T 32907-2016 + + 128 + + 128 + + XTS + + + + Twofish + + B. Schneier, J. Kelsey, D. Whiting,
          + D. Wagner, C. Hall, N. Ferguson + + 256 + + 128 + + XTS + + + + AES-Twofish + +   + + 256; 256 + + 128 + + XTS + + + + AES-Twofish-Serpent + +   + + 256; 256; 256 + + 128 + + XTS + + + + Camellia-Kuznyechik + +   + + 256; 256 + + 128 + + XTS + + + + Camellia-Serpent + +   + + 256; 256 + + 128 + + XTS + + + + Kuznyechik-AES + +   + + 256; 256 + + 128 + + XTS + + + + Kuznyechik-Serpent-Camellia + +   + + 256; 256; 256 + + 128 + + XTS + + + + Kuznyechik-Twofish + +   + + 256; 256 + + 128 + + XTS + + + + Serpent-AES + +   + + 256; 256 + + 128 + + XTS + + + + Serpent-Twofish-AES + +   + + 256; 256; 256 + + 128 + + XTS + + + + Twofish-Serpent + +   + + 256; 256 + + 128 + + XTS + + + + + Kuznyechik-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + Serpent-SM4 + +   + + 256; 128 + + 128 + + XTS + + + + + SM4-Twofish + +   + + 128; 256 + + 128 + + XTS + + + + + Twofish-Serpent-SM4 + +   + + 256; 256; 128 + + 128 + + XTS +   @@ -263,7 +327,7 @@ XTS
          -有关 XTS 模式的信息,请参阅 “ +有关 XTS 模式的信息,请参阅 “ 操作模式” 部分。
          diff --git a/doc/html/zh-cn/SM4.html b/doc/html/zh-cn/SM4.html new file mode 100644 index 00000000..3b28eedb --- /dev/null +++ b/doc/html/zh-cn/SM4.html @@ -0,0 +1,64 @@ + + + + +VeraCrypt - 为偏执者提供强大安全保障的免费开源磁盘加密工具 + + + + + + +
          +VeraCrypt +
          + + + +
          +

          +文档 +>> +加密算法 +>> +SM4 +

          +
          + +
          +

          SM4

          + +
          +SM4是一种分组密码标准,由中国国家密码管理局于2006年发布,并作为GB/T 32907-2016标准的一部分。它是中国用于无线通信(如Wi-Fi)及其他安全通信系统的国家加密标准。SM4在128位数据块上运行,使用128位加密密钥。 +
          + +
          +SM4算法采用32轮加密操作,结合了非线性代换、线性变换和密钥加运算。其结构在某些方面与其他现代分组密码类似,采用S盒进行代换,并通过线性变换实现扩散。 +
          + +
          +SM4已被国际标准化组织/国际电工委员会(ISO/IEC)正式标准化,标准编号为ISO/IEC 18033-3:2010,并已广泛应用于中国的政府、银行和商业领域。该算法针对软硬件实现均进行了优化,在保证强大安全性的同时,具备较高的性能。 +
          + +
          +VeraCrypt使用具有32轮加密和128位密钥的SM4算法,并采用XTS模式(请参阅操作模式部分)。 +
          + + + +
          +
          + + diff --git a/doc/html/zh-cn/Serpent.html b/doc/html/zh-cn/Serpent.html index fe5c0646..ccf1f156 100644 --- a/doc/html/zh-cn/Serpent.html +++ b/doc/html/zh-cn/Serpent.html @@ -44,6 +44,6 @@ 尽管有这些情况,但由于Rijndael在安全性、性能、效率、可实现性和灵活性方面的综合表现,它被认为是AES的合适选择[4]。在最后一届AES候选算法会议上,Rijndael获得了86票,Serpent获得了59票,Twofish获得了31票,RC6获得了23票,MARS获得了13票[18, 19]。*

          * 这些是赞成票。如果从赞成票中减去反对票,得到以下结果:Rijndael:76票,Serpent:52票,Twofish:10票,RC6: - 14票,MARS: - 70票[19]。

           

          -

          下一部分 >>

          +

          下一部分 >>

          \ No newline at end of file diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc index 281d206a..a67e5802 100644 --- a/src/Build/Include/Makefile.inc +++ b/src/Build/Include/Makefile.inc @@ -14,7 +14,7 @@ $(NAME): $(NAME).a clean: @echo Cleaning $(NAME) - rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3) $(OBJARMV8CRYPTO) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSHANI:.oshani=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d) $(OBJARMV8CRYPTO:.oarmv8crypto=.d) *.gch + rm -f $(APPNAME) $(NAME).a $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJAESNI) $(OBJSSSE41) $(OBJSSSSE3) $(OBJARMV8CRYPTO) $(OBJS:.o=.d) $(OBJSEX:.oo=.d) $(OBJSNOOPT:.o0=.d) $(OBJSHANI:.oshani=.d) $(OBJAESNI:.oaesni=.d) $(OBJSSSE41:.osse41=.d) $(OBJSSSSE3:.ossse3=.d) $(OBJARMV8CRYPTO:.oarmv8crypto=.d) *.gch %.o: %.c @echo Compiling $(ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point. ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point. [INSECURE MODE] + SM4 is a block cipher standard published by the Chinese National Cryptography Administration in 2006 as part of the GB/T 32907-2016 standard. 128-bit key, 128-bit block. Mode of operation is XTS. It is widely used in Chinese national standards and commercial applications. diff --git a/src/Common/Tests.c b/src/Common/Tests.c index 89af24f1..89b9480c 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -391,7 +391,7 @@ KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = { { 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00, 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88, 0x7F, 0x67, 0x9D, 0x90, 0xBE, 0xBC, 0x24, 0x30, 0x5A, 0x46, 0x8D, 0x42, 0xB9, 0xD4, 0xED, 0xCD @@ -399,29 +399,101 @@ KUZNYECHIK_TEST kuznyechik_vectors[KUZNYECHIK_TEST_COUNT] = { { 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x00, 0x11, 0x22, 0x33, - 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, - 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x00, 0x11, 0x22, 0x33, + 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, + 0xB4, 0x29, 0x91, 0x2C, 0x6E, 0x00, 0x32, 0xF9, 0x28, 0x54, 0x52, 0xD7, 0x67, 0x18, 0xD0, 0x8B }, { 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, - 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, - 0xF0, 0xCA, 0x33, 0x54, 0x9D, 0x24, 0x7C, 0xEE, 0xF3, 0xF5, 0xA5, 0x31, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, + 0xF0, 0xCA, 0x33, 0x54, 0x9D, 0x24, 0x7C, 0xEE, 0xF3, 0xF5, 0xA5, 0x31, 0x3B, 0xD4, 0xB1, 0x57 }, { 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x22, 0x33, 0x44, 0x55, - 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, - 0xD0, 0xB0, 0x9C, 0xCD, 0xE8, 0x30, 0xB9, 0xEB, 0x3A, 0x02, 0xC4, 0xC5, + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x22, 0x33, 0x44, 0x55, + 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11, + 0xD0, 0xB0, 0x9C, 0xCD, 0xE8, 0x30, 0xB9, 0xEB, 0x3A, 0x02, 0xC4, 0xC5, 0xAA, 0x8A, 0xDA, 0x98 } }; +// SM4 ECB test vectors +#define SM4_TEST_COUNT 11 + +typedef struct { + unsigned char key[16]; + unsigned char plaintext[16]; + unsigned char ciphertext[16]; +} SM4_TEST; + +// Based on test vector fron cppcrypto (cppcrypto/testvectors/block_cipher/sm4.txt) +SM4_TEST sm4_vectors[SM4_TEST_COUNT] = { +{ + // KEY 0 + { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 }, + { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 }, + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 } +}, +{ + // KEY 1 + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 }, + { 0xf4,0x21,0x31,0xb0,0x02,0x42,0x5b,0x6f,0x5c,0xf5,0x2a,0x81,0x06,0x82,0xa0,0x9d }, + { 0xec,0x4b,0x7b,0x17,0x57,0xfe,0xe9,0xce,0x45,0x51,0x97,0xe5,0xbf,0x9c,0x3a,0x90 } +}, +{ + // After KEY 1, PT/CT pairs + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 }, + { 0x07,0xbc,0xae,0x6a,0x83,0x88,0xe1,0x46,0x51,0xfe,0xd8,0x4b,0x37,0x49,0xd3,0x86 }, + { 0x89,0xf2,0xc4,0x1e,0xd9,0x7d,0xbb,0x1b,0x74,0xa2,0xad,0x93,0xb9,0x03,0xbb,0xc9 } +}, +{ + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 }, + { 0xf4,0x76,0x26,0x15,0xb3,0x2c,0x00,0x0a,0x16,0x5e,0x1d,0x72,0x2d,0x70,0x80,0x52 }, + { 0xf4,0x5a,0x41,0x05,0x2f,0x9b,0xf3,0xd5,0xb6,0x5d,0xf8,0xcc,0x1c,0x75,0xb4,0xcf } +}, +{ + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 }, + { 0xba,0x3c,0x19,0xd8,0x92,0x63,0x56,0xed,0x14,0x91,0xc6,0xe4,0xe5,0x28,0x78,0x2f }, + { 0x3e,0x1f,0x30,0xd5,0x7d,0xf4,0xb6,0x06,0x94,0xf5,0x66,0xde,0x44,0x48,0x4f,0xaf } +}, +{ + // KEY 2 + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0x91,0x08,0x95,0x7f,0xf9,0x17,0xe3,0xd6,0x1c,0x4e,0xa3,0x3e,0x53,0xdb,0x6e,0xf3 }, + { 0x6a,0x52,0x9a,0xc0,0x93,0xa5,0xf3,0x04,0x5a,0xed,0x78,0x7f,0x70,0xcc,0xb7,0xf5 } +}, +{ + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0xcb,0xa0,0xf0,0x56,0x75,0x35,0xd6,0x61,0x48,0xb3,0x5a,0x92,0x58,0x72,0x9c,0x23 }, + { 0x63,0x46,0xf0,0xe4,0xc5,0x95,0x32,0xd4,0x18,0xce,0x31,0x5b,0x9f,0x22,0xa0,0xf4 } +}, +{ + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0xfa,0x59,0x80,0x11,0xf7,0xc2,0x10,0x07,0x99,0x45,0x1e,0x62,0xf3,0xb5,0xcf,0x09 }, + { 0x62,0x55,0x45,0x91,0x00,0x95,0x8f,0x4d,0x95,0x3a,0x9d,0x56,0x67,0x69,0x2d,0x6d } +}, +{ + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0xba,0x1f,0x85,0x55,0xb2,0xdd,0xab,0x0e,0x4e,0x4d,0x80,0x26,0xb0,0x5a,0xf3,0x89 }, + { 0x37,0x6f,0xeb,0x09,0x78,0xb5,0x2a,0xb9,0xc9,0x84,0xa1,0x4d,0x7e,0x66,0xf6,0x71 } +}, +{ + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0x50,0xc6,0x3c,0xe2,0x55,0x82,0x57,0x1a,0xa5,0xd8,0xee,0x22,0x08,0x9c,0x1b,0x59 }, + { 0x31,0xff,0xaf,0x2c,0xad,0x65,0x49,0xf3,0xd9,0xfc,0xd7,0xf0,0x2d,0xf5,0x81,0x24 } +}, +{ + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 }, + { 0x22,0x9a,0xd7,0xa8,0xa8,0x3c,0x5e,0x23,0x84,0xb4,0x08,0x2e,0x50,0xd0,0x6e,0xbf }, + { 0x76,0xf2,0x9e,0x93,0xdd,0xf5,0x79,0x32,0xa4,0x1e,0x83,0xbb,0x7b,0x61,0xa4,0x06 } +} +}; + #endif /* Test vectors from FIPS 198a, RFC 4231, RFC 2104, RFC 2202, and other sources. */ @@ -646,22 +718,12 @@ void CipherInit2(int cipher, void* key, void* ks) { case AES: - CipherInit(cipher,key,ks); - break; - case SERPENT: - CipherInit(cipher,key,ks); - break; - case TWOFISH: - CipherInit(cipher,key,ks); - break; - case CAMELLIA: - CipherInit(cipher,key,ks); - break; case KUZNYECHIK: - CipherInit(cipher, key, ks); + case SM4: + CipherInit(cipher,key,ks); break; default: /* Unknown/wrong ID */ @@ -879,7 +941,33 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; break; } - } + } + else if (wcscmp (name, L"SM4") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x561b1367) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x8f72e14d) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xf96df16f) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x8997e6eb) + return FALSE; + nTestsPerformed++; + break; + } + } else if (wcscmp (name, L"AES-Twofish") == 0) { switch (testCase) @@ -1114,6 +1202,84 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) break; } } + else if (wcscmp (name, L"Kuznyechik-SM4") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0xb126b7f8) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0xa117004a) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0xc561be46) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x47106ce3) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"Serpent-SM4") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x40a9eaa5) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0xce6873f1) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0x92cafcad) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0x7e1463ca) + return FALSE; + nTestsPerformed++; + break; + } + } + else if (wcscmp (name, L"SM4-Twofish") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0xd9a46a64) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x371fdc08) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0x231c5104) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xa920424b) + return FALSE; + nTestsPerformed++; + break; + } + } else if (wcscmp (name, L"Kuznyechik-Serpent-Camellia") == 0) { switch (testCase) @@ -1140,6 +1306,32 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) break; } } + else if (wcscmp (name, L"Twofish-Serpent-SM4") == 0) + { + switch (testCase) + { + case 0: + if (crc != 0x881b6e3d) + return FALSE; + nTestsPerformed++; + break; + case 1: + if (crc != 0x37ed1418) + return FALSE; + nTestsPerformed++; + break; + case 2: + if (crc != 0x8e563eef) + return FALSE; + nTestsPerformed++; + break; + case 3: + if (crc != 0xdcbc41ac) + return FALSE; + nTestsPerformed++; + break; + } + } #endif if (crc == 0x9f5edd58) return FALSE; @@ -1217,6 +1409,12 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) return FALSE; nTestsPerformed++; } + else if (wcscmp (name, L"SM4") == 0) + { + if (crc != 0x7b600d06) + return FALSE; + nTestsPerformed++; + } else if (wcscmp (name, L"AES-Twofish") == 0) { if (crc != 0x14ce7385) @@ -1271,12 +1469,36 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) return FALSE; nTestsPerformed++; } + else if (wcscmp (name, L"Kuznyechik-SM4") == 0) + { + if (crc != 0x8190551b) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"Serpent-SM4") == 0) + { + if (crc != 0x31408c47) + return FALSE; + nTestsPerformed++; + } + else if (wcscmp (name, L"SM4-Twofish") == 0) + { + if (crc != 0x1eaede31) + return FALSE; + nTestsPerformed++; + } else if (wcscmp (name, L"Kuznyechik-Serpent-Camellia") == 0) { if (crc != 0x755dad72) return FALSE; nTestsPerformed++; } + else if (wcscmp (name, L"Twofish-Serpent-SM4") == 0) + { + if (crc != 0x033093e5) + return FALSE; + nTestsPerformed++; + } #endif if (crc == 0x9f5edd58) return FALSE; @@ -1288,7 +1510,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) nTestsPerformed++; } - return (nTestsPerformed == 150); + return (nTestsPerformed == 200); } static BOOL DoAutoTestAlgorithms (void) @@ -1430,6 +1652,26 @@ static BOOL DoAutoTestAlgorithms (void) } if (i != KUZNYECHIK_TEST_COUNT) bFailed = TRUE; + + /* SM4 */ + + for (i = 0; i < SM4_TEST_COUNT; i++) + { + int cipher = SM4; + memcpy(key, sm4_vectors[i].key, 16); + memcpy(tmp, sm4_vectors[i].plaintext, 16); + CipherInit(cipher, key, ks_tmp); + + EncipherBlock(cipher, tmp, ks_tmp); + if (memcmp(sm4_vectors[i].ciphertext, tmp, 16) != 0) + break; + + DecipherBlock(cipher, tmp, ks_tmp); + if (memcmp(sm4_vectors[i].plaintext, tmp, 16) != 0) + break; + } + if (i != SM4_TEST_COUNT) + bFailed = TRUE; #endif /* PKCS #5 and HMACs */ diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index 77ec874a..fcde8103 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -312,9 +312,14 @@ namespace VeraCrypt typeid (EncryptionModeXTS)); #endif bool algoNotSupported = (typeid (*volume->GetEncryptionAlgorithm()) == typeid (Kuznyechik)) + || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (SM4)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (CamelliaKuznyechik)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikTwofish)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikAES)) + || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikSM4)) + || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (SerpentSM4)) + || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (SM4Twofish)) + || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (TwofishSerpentSM4)) || (typeid (*volume->GetEncryptionAlgorithm()) == typeid (KuznyechikSerpentCamellia)); if (options.NoKernelCrypto diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj index cad50c06..f0840c2c 100644 --- a/src/Crypto/Crypto.vcxproj +++ b/src/Crypto/Crypto.vcxproj @@ -260,6 +260,11 @@ true + + true + true + + @@ -287,6 +292,7 @@ + diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters index 099c3ce4..d979e7e0 100644 --- a/src/Crypto/Crypto.vcxproj.filters +++ b/src/Crypto/Crypto.vcxproj.filters @@ -99,6 +99,12 @@ Source Files + + Source Files + + + Source Files + @@ -176,6 +182,9 @@ Header Files + + Header Files + diff --git a/src/Crypto/Sources b/src/Crypto/Sources index bd990382..fef3f636 100644 --- a/src/Crypto/Sources +++ b/src/Crypto/Sources @@ -48,6 +48,8 @@ SOURCES = \ Streebog.c \ kuznyechik.c \ kuznyechik_simd.c \ + sm4.cpp \ + sm4-impl-aesni.cpp \ Whirlpool.c \ Camellia.c \ Camellia_$(TC_ARCH).S \ diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h index cb34ad1f..7ee269fb 100644 --- a/src/Crypto/cpu.h +++ b/src/Crypto/cpu.h @@ -103,7 +103,9 @@ extern void _m_empty(void); extern int _mm_extract_epi16(__m128i _A, int _Imm); extern __m128i _mm_load_si128(__m128i const*_P); extern __m128i _mm_xor_si128(__m128i _A, __m128i _B); +extern __m128i _mm_cvtsi32_si128(int a); extern __m128i _mm_cvtsi64_si128(__int64); +extern int _mm_cvtsi128_si32(__m128i a); extern __m128i _mm_unpacklo_epi64(__m128i _A, __m128i _B); extern void _mm_store_si128(__m128i *_P, __m128i _B); extern __m64 _m_pxor(__m64 _MM1, __m64 _MM2); @@ -130,6 +132,7 @@ extern __m128i _mm_unpacklo_epi32(__m128i _A, __m128i _B); extern __m128i _mm_unpackhi_epi32(__m128i _A, __m128i _B); extern __m128i _mm_unpackhi_epi64(__m128i _A, __m128i _B); extern __m128i _mm_srli_epi16(__m128i _A, int _Count); +extern __m128i _mm_srli_epi64(__m128i _A, int _Count); extern __m128i _mm_slli_epi16(__m128i _A, int _Count); extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8); extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0); @@ -139,6 +142,7 @@ extern __m128 _mm_castsi128_ps(__m128i); extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8); extern __m128i _mm_srli_si128(__m128i _A, int _Imm); extern __m128i _mm_slli_si128(__m128i _A, int _Imm); +extern __m128i _mm_setzero_si128(); #define _mm_xor_si64 _m_pxor #define _mm_empty _m_empty #define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \ diff --git a/src/Crypto/sm4-impl-aesni.cpp b/src/Crypto/sm4-impl-aesni.cpp new file mode 100644 index 00000000..94ebb18a --- /dev/null +++ b/src/Crypto/sm4-impl-aesni.cpp @@ -0,0 +1,693 @@ +/******************************************************************************* +* Copyright 2014 Intel Corporation +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*******************************************************************************/ + +// Modified by kerukuro for use in cppcrypto. +// Modified by Mounir IDRASSI for use in VeraCrypt. + +#include "sm4.h" +#include "Common/Endian.h" +#include "misc.h" +#include "cpu.h" + +#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE && CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE + +//#include +//#include + +#define Ipp32u uint32 +#define Ipp32s int32 +#define Ipp8u uint8 +#define ENDIANNESS32(x) ByteReverseWord32(x) + + + CRYPTOPP_ALIGN_DATA(16) Ipp32u SMS4_FK[4] = { + 0xA3B1BAC6,0x56AA3350,0x677D9197,0xB27022DC + }; + + /* CK[] constants */ + CRYPTOPP_ALIGN_DATA(16) Ipp32u SMS4_CK[32] = + { + 0x00070E15,0x1C232A31,0x383F464D,0x545B6269, + 0x70777E85,0x8C939AA1,0xA8AFB6BD,0xC4CBD2D9, + 0xE0E7EEF5,0xFC030A11,0x181F262D,0x343B4249, + 0x50575E65,0x6C737A81,0x888F969D,0xA4ABB2B9, + 0xC0C7CED5,0xDCE3EAF1,0xF8FF060D,0x141B2229, + 0x30373E45,0x4C535A61,0x686F767D,0x848B9299, + 0xA0A7AEB5,0xBCC3CAD1,0xD8DFE6ED,0xF4FB0209, + 0x10171E25,0x2C333A41,0x484F565D,0x646B7279 + }; + + CRYPTOPP_ALIGN_DATA(64) const Ipp8u SMS4_Sbox[16 * 16] = { + 0xD6,0x90,0xE9,0xFE,0xCC,0xE1,0x3D,0xB7,0x16,0xB6,0x14,0xC2,0x28,0xFB,0x2C,0x05, + 0x2B,0x67,0x9A,0x76,0x2A,0xBE,0x04,0xC3,0xAA,0x44,0x13,0x26,0x49,0x86,0x06,0x99, + 0x9C,0x42,0x50,0xF4,0x91,0xEF,0x98,0x7A,0x33,0x54,0x0B,0x43,0xED,0xCF,0xAC,0x62, + 0xE4,0xB3,0x1C,0xA9,0xC9,0x08,0xE8,0x95,0x80,0xDF,0x94,0xFA,0x75,0x8F,0x3F,0xA6, + 0x47,0x07,0xA7,0xFC,0xF3,0x73,0x17,0xBA,0x83,0x59,0x3C,0x19,0xE6,0x85,0x4F,0xA8, + 0x68,0x6B,0x81,0xB2,0x71,0x64,0xDA,0x8B,0xF8,0xEB,0x0F,0x4B,0x70,0x56,0x9D,0x35, + 0x1E,0x24,0x0E,0x5E,0x63,0x58,0xD1,0xA2,0x25,0x22,0x7C,0x3B,0x01,0x21,0x78,0x87, + 0xD4,0x00,0x46,0x57,0x9F,0xD3,0x27,0x52,0x4C,0x36,0x02,0xE7,0xA0,0xC4,0xC8,0x9E, + 0xEA,0xBF,0x8A,0xD2,0x40,0xC7,0x38,0xB5,0xA3,0xF7,0xF2,0xCE,0xF9,0x61,0x15,0xA1, + 0xE0,0xAE,0x5D,0xA4,0x9B,0x34,0x1A,0x55,0xAD,0x93,0x32,0x30,0xF5,0x8C,0xB1,0xE3, + 0x1D,0xF6,0xE2,0x2E,0x82,0x66,0xCA,0x60,0xC0,0x29,0x23,0xAB,0x0D,0x53,0x4E,0x6F, + 0xD5,0xDB,0x37,0x45,0xDE,0xFD,0x8E,0x2F,0x03,0xFF,0x6A,0x72,0x6D,0x6C,0x5B,0x51, + 0x8D,0x1B,0xAF,0x92,0xBB,0xDD,0xBC,0x7F,0x11,0xD9,0x5C,0x41,0x1F,0x10,0x5A,0xD8, + 0x0A,0xC1,0x31,0x88,0xA5,0xCD,0x7B,0xBD,0x2D,0x74,0xD0,0x12,0xB8,0xE5,0xB4,0xB0, + 0x89,0x69,0x97,0x4A,0x0C,0x96,0x77,0x7E,0x65,0xB9,0xF1,0x09,0xC5,0x6E,0xC6,0x84, + 0x18,0xF0,0x7D,0xEC,0x3A,0xDC,0x4D,0x20,0x79,0xEE,0x5F,0x3E,0xD7,0xCB,0x39,0x48 + }; + + CRYPTOPP_ALIGN_DATA(16) static Ipp8u inpMaskLO[] = { 0x65,0x41,0xfd,0xd9,0x0a,0x2e,0x92,0xb6,0x0f,0x2b,0x97,0xb3,0x60,0x44,0xf8,0xdc }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u inpMaskHI[] = { 0x00,0xc9,0x67,0xae,0x80,0x49,0xe7,0x2e,0x4a,0x83,0x2d,0xe4,0xca,0x03,0xad,0x64 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u outMaskLO[] = { 0xd3,0x59,0x38,0xb2,0xcc,0x46,0x27,0xad,0x36,0xbc,0xdd,0x57,0x29,0xa3,0xc2,0x48 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u outMaskHI[] = { 0x00,0x50,0x14,0x44,0x89,0xd9,0x9d,0xcd,0xde,0x8e,0xca,0x9a,0x57,0x07,0x43,0x13 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u encKey[] = { 0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63,0x63 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u maskSrows[] = { 0x00,0x0d,0x0a,0x07,0x04,0x01,0x0e,0x0b,0x08,0x05,0x02,0x0f,0x0c,0x09,0x06,0x03 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u lowBits4[] = { 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u swapBytes[] = { 3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12 }; + +#define M128(mem) (*((__m128i*)((Ipp8u*)(mem)))) +#define MBS_SMS4 (16) + + /* + // + // AES and SMS4 ciphers both based on composite field GF(2^8). + // This affine transformation transforms 16 bytes + // from SMS4 representation to AES representation or vise versa + // depending on passed masks. + // + */ + + static inline __m128i affine(__m128i x, __m128i maskLO, __m128i maskHI) + { + __m128i T1 = _mm_and_si128(_mm_srli_epi64(x, 4), M128(lowBits4)); + __m128i T0 = _mm_and_si128(x, M128(lowBits4)); + T0 = _mm_shuffle_epi8(maskLO, T0); + T1 = _mm_shuffle_epi8(maskHI, T1); + return _mm_xor_si128(T0, T1); + } + + /* + // + // GF(256) is isomorfic. + // Encoding/decoding data of SM4 and AES are elements of GF(256). + // The difference in representation only. + // (It happend due to using different generating polynomials in SM4 and AES representations). + // Doing data conversion from SM4 to AES domain + // lets use AES specific intrinsics to perform less expensive SMS4 S-box computation. + // + // Original SMS4 S-box algorithm is converted to the following: + // + // - transform data from SMS4 representation to AES representation + // - compute S-box value using _mm_aesenclast_si128 with special key + // - re-shuffle data after _mm_aesenclast_si128 that shuffle it inside + // - transform data back from AES representation to SMS4 representation + // + */ + + static inline __m128i sBox(__m128i block) + { + block = affine(block, M128(inpMaskLO), M128(inpMaskHI)); + block = _mm_aesenclast_si128(block, M128(encKey)); + block = _mm_shuffle_epi8(block, M128(maskSrows)); + block = affine(block, M128(outMaskLO), M128(outMaskHI)); + + return block; + } + + CRYPTOPP_ALIGN_DATA(16) static Ipp8u ROL8[] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u ROL16[] = { 2,3,0,1, 6,7,4,5, 10,11,8,9, 14,15,12,13 }; + CRYPTOPP_ALIGN_DATA(16) static Ipp8u ROL24[] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,15,12 }; + + static inline __m128i L(__m128i x) + { + __m128i rol2 = _mm_xor_si128(_mm_slli_epi32(x, 2), _mm_srli_epi32(x, 30)); + __m128i rol24 = _mm_shuffle_epi8(x, M128(ROL24)); + __m128i rol10 = _mm_shuffle_epi8(rol2, M128(ROL8)); + __m128i rol18 = _mm_shuffle_epi8(rol2, M128(ROL16)); + __m128i R = _mm_xor_si128(rol24, _mm_xor_si128(rol18, _mm_xor_si128(rol2, rol10))); + return R; + } + +#define TRANSPOSE_INP(K0,K1,K2,K3, T) \ + T = _mm_unpacklo_epi32(K0, K1); \ + K1 = _mm_unpackhi_epi32(K0, K1); \ + K0 = _mm_unpacklo_epi32(K2, K3); \ + K3 = _mm_unpackhi_epi32(K2, K3); \ + \ + K2 = _mm_unpacklo_epi64(K1, K3); \ + K3 = _mm_unpackhi_epi64(K1, K3); \ + K1 = _mm_unpackhi_epi64(T, K0); \ + K0 = _mm_unpacklo_epi64(T, K0) + +#define TRANSPOSE_OUT(K0,K1,K2,K3, T) \ + T = _mm_unpacklo_epi32(K1, K0); \ + K0 = _mm_unpackhi_epi32(K1, K0); \ + K1 = _mm_unpacklo_epi32(K3, K2); \ + K3 = _mm_unpackhi_epi32(K3, K2); \ + \ + K2 = _mm_unpackhi_epi64(K1, T); \ + T = _mm_unpacklo_epi64(K1, T); \ + K1 = _mm_unpacklo_epi64(K3, K0); \ + K0 = _mm_unpackhi_epi64(K3, K0); \ + K3 = T + +static inline __m128i Ltag(__m128i x) +{ + __m128i T = _mm_slli_epi32(x, 13); + T = _mm_xor_si128(T, _mm_srli_epi32 (x,19)); + T = _mm_xor_si128(T, _mm_slli_epi32 (x,23)); + T = _mm_xor_si128(T, _mm_srli_epi32 (x, 9)); + return T; +} + +static inline void cpSMS4_SetRoundKeys_aesni(Ipp32u* pRoundKey, const Ipp8u* pSecretKey) +{ + CRYPTOPP_ALIGN_DATA(16) __m128i TMP[5]; + /* + TMP[0] = T + TMP[1] = K0 + TMP[2] = K1 + TMP[3] = K2 + TMP[4] = K3 + */ + TMP[1] = _mm_cvtsi32_si128((Ipp32s)(ENDIANNESS32(((Ipp32u*)pSecretKey)[0]) ^ SMS4_FK[0])); + TMP[2] = _mm_cvtsi32_si128((Ipp32s)(ENDIANNESS32(((Ipp32u*)pSecretKey)[1]) ^ SMS4_FK[1])); + TMP[3] = _mm_cvtsi32_si128((Ipp32s)(ENDIANNESS32(((Ipp32u*)pSecretKey)[2]) ^ SMS4_FK[2])); + TMP[4] = _mm_cvtsi32_si128((Ipp32s)(ENDIANNESS32(((Ipp32u*)pSecretKey)[3]) ^ SMS4_FK[3])); + + const Ipp32u* pCK = SMS4_CK; + + int itr; + for (itr = 0; itr < 8; itr++) { + /* initial xors */ + TMP[0] = _mm_cvtsi32_si128((Ipp32s)pCK[0]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now Ltag */ + TMP[1] = _mm_xor_si128(_mm_xor_si128(TMP[1], TMP[0]), Ltag(TMP[0])); + pRoundKey[0] = (Ipp32u)_mm_cvtsi128_si32(TMP[1]); + + /* initial xors */ + TMP[0] = _mm_cvtsi32_si128((Ipp32s)pCK[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now Ltag */ + TMP[2] = _mm_xor_si128(_mm_xor_si128(TMP[2], TMP[0]), Ltag(TMP[0])); + pRoundKey[1] = (Ipp32u)_mm_cvtsi128_si32(TMP[2]); + + /* initial xors */ + TMP[0] = _mm_cvtsi32_si128((Ipp32s)pCK[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now Ltag */ + TMP[3] = _mm_xor_si128(_mm_xor_si128(TMP[3], TMP[0]), Ltag(TMP[0])); + pRoundKey[2] = (Ipp32u)_mm_cvtsi128_si32(TMP[3]); + + /* initial xors */ + TMP[0] = _mm_cvtsi32_si128((Ipp32s)pCK[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now Ltag */ + TMP[4] = _mm_xor_si128(_mm_xor_si128(TMP[4], TMP[0]), Ltag(TMP[0])); + pRoundKey[3] = (Ipp32u)_mm_cvtsi128_si32(TMP[4]); + + pCK += 4; + pRoundKey += 4; + } + + /* clear secret data */ + for (size_t i = 0; i < sizeof(TMP) / sizeof(TMP[0]); i++) { + TMP[i] = _mm_xor_si128(TMP[i], TMP[i]); + } +} + +static inline void cpSMS4_ECB_aesni_x1(Ipp8u* pOut, const Ipp8u* pInp, const Ipp32u* pRKey) +{ + CRYPTOPP_ALIGN_DATA(16) __m128i TMP[6]; + /* + TMP[0] = T + TMP[1] = K0 + TMP[2] = K1 + TMP[3] = K2 + TMP[4] = K3 + TMP[5] = key4 + */ + + TMP[1] = _mm_shuffle_epi8(_mm_cvtsi32_si128(((Ipp32s*)pInp)[0]), M128(swapBytes)); + TMP[2] = _mm_shuffle_epi8(_mm_cvtsi32_si128(((Ipp32s*)pInp)[1]), M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(_mm_cvtsi32_si128(((Ipp32s*)pInp)[2]), M128(swapBytes)); + TMP[4] = _mm_shuffle_epi8(_mm_cvtsi32_si128(((Ipp32s*)pInp)[3]), M128(swapBytes)); + + int itr; + for (itr = 0; itr < 8; itr++, pRKey += 4) { + TMP[5] = _mm_loadu_si128((__m128i*)pRKey); + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0x00); /* broadcast(key4 TMP[0]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[1] = _mm_xor_si128(_mm_xor_si128(TMP[1], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0x55); /* broadcast(key4 TMP[1]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[2] = _mm_xor_si128(_mm_xor_si128(TMP[2], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0xAA); /* broadcast(key4 TMP[2]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[3] = _mm_xor_si128(_mm_xor_si128(TMP[3], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0xFF); /* broadcast(key4 TMP[3]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[4] = _mm_xor_si128(_mm_xor_si128(TMP[4], TMP[0]), L(TMP[0])); + } + + ((Ipp32u*)(pOut))[0] = (Ipp32u)_mm_cvtsi128_si32(_mm_shuffle_epi8(TMP[4], M128(swapBytes))); + ((Ipp32u*)(pOut))[1] = (Ipp32u)_mm_cvtsi128_si32(_mm_shuffle_epi8(TMP[3], M128(swapBytes))); + ((Ipp32u*)(pOut))[2] = (Ipp32u)_mm_cvtsi128_si32(_mm_shuffle_epi8(TMP[2], M128(swapBytes))); + ((Ipp32u*)(pOut))[3] = (Ipp32u)_mm_cvtsi128_si32(_mm_shuffle_epi8(TMP[1], M128(swapBytes))); + + /* clear secret data */ + for (size_t i = 0; i < sizeof(TMP) / sizeof(TMP[0]); i++) { + TMP[i] = _mm_xor_si128(TMP[i], TMP[i]); + } +} + +/* +// (1-3)*MBS_SMS4 processing +*/ + +static inline int cpSMS4_ECB_aesni_tail(Ipp8u* pOut, const Ipp8u* pInp, int len, const Ipp32u* pRKey) +{ + CRYPTOPP_ALIGN_DATA(16) __m128i TMP[6]; + /* + TMP[0] = T + TMP[1] = K0 + TMP[2] = K1 + TMP[3] = K2 + TMP[4] = K3 + TMP[5] = key4 + */ + + TMP[2] = _mm_setzero_si128(); + TMP[3] = _mm_setzero_si128(); + TMP[4] = _mm_setzero_si128(); + + switch (len) { + case (3 * MBS_SMS4): + TMP[3] = _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)(pInp + 2 * MBS_SMS4)), M128(swapBytes)); + case (2 * MBS_SMS4): + TMP[2] = _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)(pInp + 1 * MBS_SMS4)), M128(swapBytes)); + case (1 * MBS_SMS4): + TMP[1] = _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)(pInp + 0 * MBS_SMS4)), M128(swapBytes)); + break; + default: return 0; + } + TRANSPOSE_INP(TMP[1], TMP[2], TMP[3], TMP[4], TMP[0]); + + { + int itr; + for (itr = 0; itr < 8; itr++, pRKey += 4) { + TMP[5] = _mm_loadu_si128((__m128i*)pRKey); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0x00); /* broadcast(key4 TMP[0]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[1] = _mm_xor_si128(_mm_xor_si128(TMP[1], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0x55); /* broadcast(key4 TMP[1]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[2] = _mm_xor_si128(_mm_xor_si128(TMP[2], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0xAA); /* broadcast(key4 TMP[2]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[3] = _mm_xor_si128(_mm_xor_si128(TMP[3], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(TMP[5], 0xFF); /* broadcast(key4 TMP[3]) */ + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[4] = _mm_xor_si128(_mm_xor_si128(TMP[4], TMP[0]), L(TMP[0])); + } + } + + TRANSPOSE_OUT(TMP[1], TMP[2], TMP[3], TMP[4], TMP[0]); + TMP[4] = _mm_shuffle_epi8(TMP[4], M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(TMP[3], M128(swapBytes)); + TMP[2] = _mm_shuffle_epi8(TMP[2], M128(swapBytes)); + TMP[1] = _mm_shuffle_epi8(TMP[1], M128(swapBytes)); + + switch (len) { + case (3 * MBS_SMS4): + _mm_storeu_si128((__m128i*)(pOut + 2 * MBS_SMS4), TMP[2]); + case (2 * MBS_SMS4): + _mm_storeu_si128((__m128i*)(pOut + 1 * MBS_SMS4), TMP[3]); + case (1 * MBS_SMS4): + _mm_storeu_si128((__m128i*)(pOut + 0 * MBS_SMS4), TMP[4]); + break; + } + + /* clear secret data */ + for (size_t i = 0; i < sizeof(TMP) / sizeof(TMP[0]); i++) { + TMP[i] = _mm_xor_si128(TMP[i], TMP[i]); + } + + return len; +} + +/* +// 4*MBS_SMS4 processing +*/ +static inline int cpSMS4_ECB_aesni_x4(Ipp8u* pOut, const Ipp8u* pInp, int len, const Ipp32u* pRKey) +{ + CRYPTOPP_ALIGN_DATA(16) __m128i TMP[5]; + /* + TMP[0] = T + TMP[1] = K0 + TMP[2] = K1 + TMP[3] = K2 + TMP[4] = K3 + */ + int processedLen = len & -(4 * MBS_SMS4); + int n; + for (n = 0; n < processedLen; n += (4 * MBS_SMS4), pInp += (4 * MBS_SMS4), pOut += (4 * MBS_SMS4)) { + int itr; + TMP[1] = _mm_loadu_si128((__m128i*)(pInp)); + TMP[2] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4)); + TMP[3] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 2)); + TMP[4] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 3)); + TMP[1] = _mm_shuffle_epi8(TMP[1], M128(swapBytes)); + TMP[2] = _mm_shuffle_epi8(TMP[2], M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(TMP[3], M128(swapBytes)); + TMP[4] = _mm_shuffle_epi8(TMP[4], M128(swapBytes)); + TRANSPOSE_INP(TMP[1], TMP[2], TMP[3], TMP[4], TMP[0]); + + for (itr = 0; itr < 8; itr++, pRKey += 4) { + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[0]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[1] = _mm_xor_si128(_mm_xor_si128(TMP[1], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[1]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[2] = _mm_xor_si128(_mm_xor_si128(TMP[2], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[2]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[3] = _mm_xor_si128(_mm_xor_si128(TMP[3], TMP[0]), L(TMP[0])); + + /* initial xors */ + TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[3]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[1]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + /* Sbox done, now L */ + TMP[4] = _mm_xor_si128(_mm_xor_si128(TMP[4], TMP[0]), L(TMP[0])); + } + + pRKey -= 32; + + TRANSPOSE_OUT(TMP[1], TMP[2], TMP[3], TMP[4], TMP[0]); + TMP[4] = _mm_shuffle_epi8(TMP[4], M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(TMP[3], M128(swapBytes)); + TMP[2] = _mm_shuffle_epi8(TMP[2], M128(swapBytes)); + TMP[1] = _mm_shuffle_epi8(TMP[1], M128(swapBytes)); + _mm_storeu_si128((__m128i*)(pOut), TMP[4]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4), TMP[3]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 2), TMP[2]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 3), TMP[1]); + } + + len -= processedLen; + if (len) + processedLen += cpSMS4_ECB_aesni_tail(pOut, pInp, len, pRKey); + + /* clear secret data */ + for (size_t i = 0; i < sizeof(TMP) / sizeof(TMP[0]); i++) { + TMP[i] = _mm_setzero_si128(); //_mm_xor_si128(TMP[i],TMP[i]); + } + + return processedLen; +} + +/* +// 8*MBS_SMS4 processing +*/ +static inline int cpSMS4_ECB_aesni_x8(Ipp8u* pOut, const Ipp8u* pInp, int len, const Ipp32u* pRKey) +{ + CRYPTOPP_ALIGN_DATA(16) __m128i TMP[10]; + /* + TMP[0] = T + TMP[1] = U + TMP[2] = K0 + TMP[3] = K1 + TMP[4] = K2 + TMP[5] = K3 + TMP[6] = P0 + TMP[7] = P1 + TMP[8] = P2 + TMP[9] = P3 + */ + + int processedLen = len & -(8 * MBS_SMS4); + int n; + for (n = 0; n < processedLen; n += (8 * MBS_SMS4), pInp += (8 * MBS_SMS4), pOut += (8 * MBS_SMS4)) { + int itr; + TMP[2] = _mm_loadu_si128((__m128i*)(pInp)); + TMP[3] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4)); + TMP[4] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 2)); + TMP[5] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 3)); + + TMP[6] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 4)); + TMP[7] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 5)); + TMP[8] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 6)); + TMP[9] = _mm_loadu_si128((__m128i*)(pInp + MBS_SMS4 * 7)); + + TMP[2] = _mm_shuffle_epi8(TMP[2], M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(TMP[3], M128(swapBytes)); + TMP[4] = _mm_shuffle_epi8(TMP[4], M128(swapBytes)); + TMP[5] = _mm_shuffle_epi8(TMP[5], M128(swapBytes)); + TRANSPOSE_INP(TMP[2], TMP[3], TMP[4], TMP[5], TMP[0]); + + TMP[6] = _mm_shuffle_epi8(TMP[6], M128(swapBytes)); + TMP[7] = _mm_shuffle_epi8(TMP[7], M128(swapBytes)); + TMP[8] = _mm_shuffle_epi8(TMP[8], M128(swapBytes)); + TMP[9] = _mm_shuffle_epi8(TMP[9], M128(swapBytes)); + TRANSPOSE_INP(TMP[6], TMP[7], TMP[8], TMP[9], TMP[0]); + + for (itr = 0; itr < 8; itr++, pRKey += 4) { + /* initial xors */ + TMP[1] = TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[0]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[5]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[7]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[8]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[9]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + TMP[1] = sBox(TMP[1]); + /* Sbox done, now L */ + TMP[2] = _mm_xor_si128(_mm_xor_si128(TMP[2], TMP[0]), L(TMP[0])); + TMP[6] = _mm_xor_si128(_mm_xor_si128(TMP[6], TMP[1]), L(TMP[1])); + + /* initial xors */ + TMP[1] = TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[1]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[5]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[8]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[9]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[6]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + TMP[1] = sBox(TMP[1]); + /* Sbox done, now L */ + TMP[3] = _mm_xor_si128(_mm_xor_si128(TMP[3], TMP[0]), L(TMP[0])); + TMP[7] = _mm_xor_si128(_mm_xor_si128(TMP[7], TMP[1]), L(TMP[1])); + + /* initial xors */ + TMP[1] = TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[2]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[5]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[9]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[6]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[7]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + TMP[1] = sBox(TMP[1]); + /* Sbox done, now L */ + TMP[4] = _mm_xor_si128(_mm_xor_si128(TMP[4], TMP[0]), L(TMP[0])); + TMP[8] = _mm_xor_si128(_mm_xor_si128(TMP[8], TMP[1]), L(TMP[1])); + + /* initial xors */ + TMP[1] = TMP[0] = _mm_shuffle_epi32(_mm_cvtsi32_si128((Ipp32s)pRKey[3]), 0); + TMP[0] = _mm_xor_si128(TMP[0], TMP[2]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[3]); + TMP[0] = _mm_xor_si128(TMP[0], TMP[4]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[6]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[7]); + TMP[1] = _mm_xor_si128(TMP[1], TMP[8]); + /* Sbox */ + TMP[0] = sBox(TMP[0]); + TMP[1] = sBox(TMP[1]); + /* Sbox done, now L */ + TMP[5] = _mm_xor_si128(_mm_xor_si128(TMP[5], TMP[0]), L(TMP[0])); + TMP[9] = _mm_xor_si128(_mm_xor_si128(TMP[9], TMP[1]), L(TMP[1])); + } + + pRKey -= 32; + + TRANSPOSE_OUT(TMP[2], TMP[3], TMP[4], TMP[5], TMP[0]); + TMP[5] = _mm_shuffle_epi8(TMP[5], M128(swapBytes)); + TMP[4] = _mm_shuffle_epi8(TMP[4], M128(swapBytes)); + TMP[3] = _mm_shuffle_epi8(TMP[3], M128(swapBytes)); + TMP[2] = _mm_shuffle_epi8(TMP[2], M128(swapBytes)); + _mm_storeu_si128((__m128i*)(pOut), TMP[5]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4), TMP[4]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 2), TMP[3]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 3), TMP[2]); + + TRANSPOSE_OUT(TMP[6], TMP[7], TMP[8], TMP[9], TMP[0]); + TMP[9] = _mm_shuffle_epi8(TMP[9], M128(swapBytes)); + TMP[8] = _mm_shuffle_epi8(TMP[8], M128(swapBytes)); + TMP[7] = _mm_shuffle_epi8(TMP[7], M128(swapBytes)); + TMP[6] = _mm_shuffle_epi8(TMP[6], M128(swapBytes)); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 4), TMP[9]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 5), TMP[8]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 6), TMP[7]); + _mm_storeu_si128((__m128i*)(pOut + MBS_SMS4 * 7), TMP[6]); + } + + + len -= processedLen; + if (len) + processedLen += cpSMS4_ECB_aesni_x4(pOut, pInp, len, pRKey); + + /* clear secret data */ + for (size_t i = 0; i < sizeof(TMP) / sizeof(TMP[0]); i++) { + TMP[i] = _mm_setzero_si128(); //_mm_xor_si128(TMP[i],TMP[i]); + } + + return processedLen; +} + +extern "C" void sm4_set_key_aesni(const uint8* key, sm4_kds* kds) +{ + uint32* rk = kds->m_rDeckeys; + cpSMS4_SetRoundKeys_aesni(kds->m_rEnckeys, key); + cpSMS4_SetRoundKeys_aesni(kds->m_rDeckeys, key); + for (int i = 0; i < 16; i++) { + uint32 temp = rk[i]; + rk[i] = rk[31 - i]; + rk[31 - i] = temp; + } +} + +extern "C" void sm4_encrypt_block_aesni(uint8* out, const uint8* in, sm4_kds* kds) +{ + cpSMS4_ECB_aesni_x1(out, in, kds->m_rEnckeys); +} + +extern "C" void sm4_decrypt_block_aesni(uint8* out, const uint8* in, sm4_kds* kds) +{ + cpSMS4_ECB_aesni_x1(out, in, kds->m_rDeckeys); +} + +extern "C" void sm4_encrypt_blocks_aesni(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + cpSMS4_ECB_aesni_x8(out, in, (int) blocks * 16, kds->m_rEnckeys); +} + +extern "C" void sm4_decrypt_blocks_aesni(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + cpSMS4_ECB_aesni_x8(out, in, (int) blocks * 16, kds->m_rDeckeys); +} + +#endif diff --git a/src/Crypto/sm4.cpp b/src/Crypto/sm4.cpp new file mode 100644 index 00000000..7a39a2a5 --- /dev/null +++ b/src/Crypto/sm4.cpp @@ -0,0 +1,288 @@ +/* +This code is written by kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/) +and released into public domain. +*/ + +// Modified by Mounir IDRASSI for use in VeraCrypt. + +#include "sm4.h" +#include +#include "Common/Endian.h" +#include "misc.h" +#include "cpu.h" + +//#define CPPCRYPTO_DEBUG + +typedef void (*sm4_encrypt_block_fn)(uint8* out, const uint8* in, sm4_kds* kds); +typedef void (*sm4_encrypt_blocks_fn)(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); +typedef void (*sm4_decrypt_block_fn)(uint8* out, const uint8* in, sm4_kds* kds); +typedef void (*sm4_decrypt_blocks_fn)(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); +typedef void (*sm4_set_key_fn)(const uint8* key, sm4_kds* kds); + +static sm4_encrypt_block_fn sm4_encrypt_block_std_ptr = NULL; +static sm4_encrypt_blocks_fn sm4_encrypt_blocks_std_ptr = NULL; +static sm4_decrypt_block_fn sm4_decrypt_block_std_ptr = NULL; +static sm4_decrypt_blocks_fn sm4_decrypt_blocks_std_ptr = NULL; +static sm4_set_key_fn sm4_set_key_std_ptr = NULL; + +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 + +static sm4_encrypt_block_fn sm4_encrypt_block_smid_ptr = NULL; +static sm4_encrypt_blocks_fn sm4_encrypt_blocks_smid_ptr = NULL; +static sm4_decrypt_block_fn sm4_decrypt_block_smid_ptr = NULL; +static sm4_decrypt_blocks_fn sm4_decrypt_blocks_smid_ptr = NULL; +static sm4_set_key_fn sm4_set_key_smid_ptr = NULL; + +extern "C" void sm4_encrypt_block_aesni(uint8* out, const uint8* in, sm4_kds* kds); +extern "C" void sm4_encrypt_blocks_aesni(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); +extern "C" void sm4_decrypt_block_aesni(uint8* out, const uint8* in, sm4_kds* kds); +extern "C" void sm4_decrypt_blocks_aesni(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); +extern "C" void sm4_set_key_aesni(const uint8* key, sm4_kds* kds); + +#endif + +static const unsigned char S[256] = { + 0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7, 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05, + 0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3, 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, + 0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a, 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62, + 0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95, 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6, + 0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba, 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8, + 0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b, 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35, + 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2, 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87, + 0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52, 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e, + 0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5, 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1, + 0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55, 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3, + 0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60, 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f, + 0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f, 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51, + 0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f, 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8, + 0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd, 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0, + 0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e, 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84, + 0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20, 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48 +}; + +VC_INLINE uint32 T(uint32 x) +{ + x = uint32(S[(unsigned char)(x)]) ^ (uint32(S[(unsigned char)(x >> 8)]) << 8) ^ (uint32(S[(unsigned char)(x >> 16)]) << 16) ^ (uint32(S[(unsigned char)(x >> 24)]) << 24); + return x ^ rotl32(x, 2) ^ rotl32(x, 10) ^ rotl32(x, 18) ^ rotl32(x, 24); +} + +VC_INLINE uint32 TK(uint32 x) +{ + x = uint32(S[(unsigned char)(x)]) ^ (uint32(S[(unsigned char)(x >> 8)]) << 8) ^ (uint32(S[(unsigned char)(x >> 16)]) << 16) ^ (uint32(S[(unsigned char)(x >> 24)]) << 24); + return x ^ rotl32(x, 13) ^ rotl32(x, 23); +} + +VC_INLINE uint32 F(uint32 x0, uint32 x1, uint32 x2, uint32 x3, uint32 rk) +{ + return x0 ^ T(x1 ^ x2 ^ x3 ^ rk); +} + + +void sm4_set_key_std_ex(const uint8* key, sm4_kds* kds, BOOL forDecrypt) +{ + +#if BYTE_ORDER == LITTLE_ENDIAN + uint32 k0 = ByteReverseWord32(*(uint32*)key) ^ 0xa3b1bac6; + uint32 k1 = ByteReverseWord32(*(((uint32*)key) + 1)) ^ 0x56aa3350; + uint32 k2 = ByteReverseWord32(*(((uint32*)key) + 2)) ^ 0x677d9197; + uint32 k3 = ByteReverseWord32(*(((uint32*)key) + 3)) ^ 0xb27022dc; +#else + uint32 k0 = *(((uint32*)key) + 0) ^ 0xa3b1bac6; + uint32 k1 = *(((uint32*)key) + 1) ^ 0x56aa3350; + uint32 k2 = *(((uint32*)key) + 2) ^ 0x677d9197; + uint32 k3 = *(((uint32*)key) + 3) ^ 0xb27022dc; +#endif + uint32* rk = forDecrypt ? kds->m_rDeckeys : kds->m_rEnckeys; + + rk[0] = k0 ^ TK(k1 ^ k2 ^ k3 ^ 0x00070e15); + rk[1] = k1 ^ TK(k2 ^ k3 ^ rk[0] ^ 0x1c232a31); + rk[2] = k2 ^ TK(k3 ^ rk[0] ^ rk[1] ^ 0x383f464d); + rk[3] = k3 ^ TK(rk[0] ^ rk[1] ^ rk[2] ^ 0x545b6269); + rk[4] = rk[0] ^ TK(rk[1] ^ rk[2] ^ rk[3] ^ 0x70777e85); + rk[5] = rk[1] ^ TK(rk[2] ^ rk[3] ^ rk[4] ^ 0x8c939aa1); + rk[6] = rk[2] ^ TK(rk[3] ^ rk[4] ^ rk[5] ^ 0xa8afb6bd); + rk[7] = rk[3] ^ TK(rk[4] ^ rk[5] ^ rk[6] ^ 0xc4cbd2d9); + + rk[8] = rk[4] ^ TK(rk[5] ^ rk[6] ^ rk[7] ^ 0xe0e7eef5); + rk[9] = rk[5] ^ TK(rk[6] ^ rk[7] ^ rk[8] ^ 0xfc030a11); + rk[10] = rk[6] ^ TK(rk[7] ^ rk[8] ^ rk[9] ^ 0x181f262d); + rk[11] = rk[7] ^ TK(rk[8] ^ rk[9] ^ rk[10] ^ 0x343b4249); + rk[12] = rk[8] ^ TK(rk[9] ^ rk[10] ^ rk[11] ^ 0x50575e65); + rk[13] = rk[9] ^ TK(rk[10] ^ rk[11] ^ rk[12] ^ 0x6c737a81); + rk[14] = rk[10] ^ TK(rk[11] ^ rk[12] ^ rk[13] ^ 0x888f969d); + rk[15] = rk[11] ^ TK(rk[12] ^ rk[13] ^ rk[14] ^ 0xa4abb2b9); + + rk[16] = rk[12] ^ TK(rk[13] ^ rk[14] ^ rk[15] ^ 0xc0c7ced5); + rk[17] = rk[13] ^ TK(rk[14] ^ rk[15] ^ rk[16] ^ 0xdce3eaf1); + rk[18] = rk[14] ^ TK(rk[15] ^ rk[16] ^ rk[17] ^ 0xf8ff060d); + rk[19] = rk[15] ^ TK(rk[16] ^ rk[17] ^ rk[18] ^ 0x141b2229); + rk[20] = rk[16] ^ TK(rk[17] ^ rk[18] ^ rk[19] ^ 0x30373e45); + rk[21] = rk[17] ^ TK(rk[18] ^ rk[19] ^ rk[20] ^ 0x4c535a61); + rk[22] = rk[18] ^ TK(rk[19] ^ rk[20] ^ rk[21] ^ 0x686f767d); + rk[23] = rk[19] ^ TK(rk[20] ^ rk[21] ^ rk[22] ^ 0x848b9299); + + rk[24] = rk[20] ^ TK(rk[21] ^ rk[22] ^ rk[23] ^ 0xa0a7aeb5); + rk[25] = rk[21] ^ TK(rk[22] ^ rk[23] ^ rk[24] ^ 0xbcc3cad1); + rk[26] = rk[22] ^ TK(rk[23] ^ rk[24] ^ rk[25] ^ 0xd8dfe6ed); + rk[27] = rk[23] ^ TK(rk[24] ^ rk[25] ^ rk[26] ^ 0xf4fb0209); + rk[28] = rk[24] ^ TK(rk[25] ^ rk[26] ^ rk[27] ^ 0x10171e25); + rk[29] = rk[25] ^ TK(rk[26] ^ rk[27] ^ rk[28] ^ 0x2c333a41); + rk[30] = rk[26] ^ TK(rk[27] ^ rk[28] ^ rk[29] ^ 0x484f565d); + rk[31] = rk[27] ^ TK(rk[28] ^ rk[29] ^ rk[30] ^ 0x646b7279); + + if (forDecrypt) + { + for (int i = 0; i < 16; i++) + { + uint32 temp = rk[i]; + rk[i] = rk[31 - i]; + rk[31 - i] = temp; + } + } +} + +void sm4_set_key_std(const uint8* key, sm4_kds* kds) +{ + sm4_set_key_std_ex(key, kds, FALSE); + sm4_set_key_std_ex(key, kds, TRUE); +} + +void sm4_process_block_std_ex(uint8* out, const uint8* in, sm4_kds* kds, BOOL forDecrypt) +{ +#if BYTE_ORDER == LITTLE_ENDIAN + uint32 x0 = ByteReverseWord32(*(uint32*)in); + uint32 x1 = ByteReverseWord32(*(((uint32*)in) + 1)); + uint32 x2 = ByteReverseWord32(*(((uint32*)in) + 2)); + uint32 x3 = ByteReverseWord32(*(((uint32*)in) + 3)); +#else + uint32 x0 = *(((uint32*)in) + 0); + uint32 x1 = *(((uint32*)in) + 1); + uint32 x2 = *(((uint32*)in) + 2); + uint32 x3 = *(((uint32*)in) + 3); +#endif + uint32* rk = forDecrypt ? kds->m_rDeckeys : kds->m_rEnckeys; + + x0 = F(x0, x1, x2, x3, rk[0]); + x1 = F(x1, x2, x3, x0, rk[1]); + x2 = F(x2, x3, x0, x1, rk[2]); + x3 = F(x3, x0, x1, x2, rk[3]); + x0 = F(x0, x1, x2, x3, rk[4]); + x1 = F(x1, x2, x3, x0, rk[5]); + x2 = F(x2, x3, x0, x1, rk[6]); + x3 = F(x3, x0, x1, x2, rk[7]); + x0 = F(x0, x1, x2, x3, rk[8]); + x1 = F(x1, x2, x3, x0, rk[9]); + x2 = F(x2, x3, x0, x1, rk[10]); + x3 = F(x3, x0, x1, x2, rk[11]); + x0 = F(x0, x1, x2, x3, rk[12]); + x1 = F(x1, x2, x3, x0, rk[13]); + x2 = F(x2, x3, x0, x1, rk[14]); + x3 = F(x3, x0, x1, x2, rk[15]); + x0 = F(x0, x1, x2, x3, rk[16]); + x1 = F(x1, x2, x3, x0, rk[17]); + x2 = F(x2, x3, x0, x1, rk[18]); + x3 = F(x3, x0, x1, x2, rk[19]); + x0 = F(x0, x1, x2, x3, rk[20]); + x1 = F(x1, x2, x3, x0, rk[21]); + x2 = F(x2, x3, x0, x1, rk[22]); + x3 = F(x3, x0, x1, x2, rk[23]); + x0 = F(x0, x1, x2, x3, rk[24]); + x1 = F(x1, x2, x3, x0, rk[25]); + x2 = F(x2, x3, x0, x1, rk[26]); + x3 = F(x3, x0, x1, x2, rk[27]); + x0 = F(x0, x1, x2, x3, rk[28]); + x1 = F(x1, x2, x3, x0, rk[29]); + x2 = F(x2, x3, x0, x1, rk[30]); + x3 = F(x3, x0, x1, x2, rk[31]); + +#if BYTE_ORDER == LITTLE_ENDIAN + *(uint32*)out = ByteReverseWord32(x3); + *(((uint32*)out) + 1) = ByteReverseWord32(x2); + *(((uint32*)out) + 2) = ByteReverseWord32(x1); + *(((uint32*)out) + 3) = ByteReverseWord32(x0); +#else + *(((uint32*)out) + 0) = x3; + *(((uint32*)out) + 1) = x2; + *(((uint32*)out) + 2) = x1; + *(((uint32*)out) + 3) = x0; +#endif +} + +void sm4_encrypt_block_std(uint8* out, const uint8* in, sm4_kds* kds) +{ + sm4_process_block_std_ex(out, in, kds, FALSE); +} + +void sm4_decrypt_block_std(uint8* out, const uint8* in, sm4_kds* kds) +{ + sm4_process_block_std_ex(out, in, kds, TRUE); +} + +void sm4_encrypt_blocks_std(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + size_t i; + for (i = 0; i < blocks; i++) + { + sm4_encrypt_block_std(out, in, kds); + in += 16; + out += 16; + } +} + +void sm4_decrypt_blocks_std(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + size_t i; + for (i = 0; i < blocks; i++) + { + sm4_decrypt_block_std(out, in, kds); + in += 16; + out += 16; + } +} + +extern "C" void sm4_set_key(const uint8* key, sm4_kds* kds) +{ + if (!sm4_set_key_std_ptr) + { +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 + if (HasSSE41() && HasAESNI()) + { + sm4_set_key_std_ptr = sm4_set_key_aesni; + sm4_encrypt_block_std_ptr = sm4_encrypt_block_aesni; + sm4_encrypt_blocks_std_ptr = sm4_encrypt_blocks_aesni; + sm4_decrypt_block_std_ptr = sm4_decrypt_block_aesni; + sm4_decrypt_blocks_std_ptr = sm4_decrypt_blocks_aesni; + } + else +#endif + { + sm4_set_key_std_ptr = sm4_set_key_std; + sm4_encrypt_block_std_ptr = sm4_encrypt_block_std; + sm4_encrypt_blocks_std_ptr = sm4_encrypt_blocks_std; + sm4_decrypt_block_std_ptr = sm4_decrypt_block_std; + sm4_decrypt_blocks_std_ptr = sm4_decrypt_blocks_std; + } + } + + sm4_set_key_std_ptr(key, kds); +} + +extern "C" void sm4_encrypt_block(uint8* out, const uint8* in, sm4_kds* kds) +{ + sm4_encrypt_block_std_ptr(out, in, kds); +} + +extern "C" void sm4_encrypt_blocks(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + sm4_encrypt_blocks_std_ptr(out, in, blocks, kds); +} + +extern "C" void sm4_decrypt_block(uint8* out, const uint8* in, sm4_kds* kds) +{ + sm4_decrypt_block_std_ptr(out, in, kds); +} + +extern "C" void sm4_decrypt_blocks(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds) +{ + sm4_decrypt_blocks_std_ptr(out, in, blocks, kds); +} diff --git a/src/Crypto/sm4.h b/src/Crypto/sm4.h new file mode 100644 index 00000000..2c0cd8d6 --- /dev/null +++ b/src/Crypto/sm4.h @@ -0,0 +1,28 @@ +#ifndef SM4_HEADER_H +#define SM4_HEADER_H + +#include "Common/Tcdefs.h" +#include "config.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct _sm4_kds +{ + CRYPTOPP_ALIGN_DATA(16) uint32 m_rEnckeys[32]; + CRYPTOPP_ALIGN_DATA(16) uint32 m_rDeckeys[32]; +} sm4_kds; + +#define SM4_KS (sizeof(sm4_kds)) + +void sm4_set_key(const uint8* key, sm4_kds* kds); +void sm4_encrypt_block(uint8* out, const uint8* in, sm4_kds* kds); +void sm4_encrypt_blocks(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); +void sm4_decrypt_block(uint8* out, const uint8* in, sm4_kds* kds); +void sm4_decrypt_blocks(uint8* out, const uint8* in, size_t blocks, sm4_kds* kds); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj index 17fbfa43..ce431bbb 100644 --- a/src/Driver/Driver.vcxproj +++ b/src/Driver/Driver.vcxproj @@ -277,6 +277,11 @@ copy $(OutDir)veracrypt.inf "$(SolutionDir)Debug\Setup Files\veracrypt.inf"true + + true + true + + @@ -314,6 +319,7 @@ copy $(OutDir)veracrypt.inf "$(SolutionDir)Debug\Setup Files\veracrypt.inf" + diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters index 3c427dad..0e4e3aa4 100644 --- a/src/Driver/Driver.vcxproj.filters +++ b/src/Driver/Driver.vcxproj.filters @@ -171,6 +171,12 @@ Crypto\Source Files + + Crypto\Source Files + + + Crypto\Source Files + @@ -281,6 +287,9 @@ Header Files + + Crypto\Header Files + diff --git a/src/ExpandVolume/ExpandVolume.rc b/src/ExpandVolume/ExpandVolume.rc index a84a838d..ec4bd984 100644 --- a/src/ExpandVolume/ExpandVolume.rc +++ b/src/ExpandVolume/ExpandVolume.rc @@ -192,8 +192,8 @@ IDR_MOUNT_RSRC_HEADER HEADER "resource.h" // VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,26,20,0 - PRODUCTVERSION 1,26,20,0 + FILEVERSION 1,26,21,0 + PRODUCTVERSION 1,26,21,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L @@ -210,11 +210,11 @@ BEGIN BEGIN VALUE "CompanyName", "IDRIX" VALUE "FileDescription", "VeraCrypt Expander" - VALUE "FileVersion", "1.26.20" + VALUE "FileVersion", "1.26.21" VALUE "LegalTrademarks", "VeraCrypt" VALUE "OriginalFilename", "VeraCryptExpander.exe" VALUE "ProductName", "VeraCrypt" - VALUE "ProductVersion", "1.26.20" + VALUE "ProductVersion", "1.26.21" END END BLOCK "VarFileInfo" diff --git a/src/Format/Format.rc b/src/Format/Format.rc index 057fd837..d1e65037 100644 --- a/src/Format/Format.rc +++ b/src/Format/Format.rc @@ -28,8 +28,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US // VS_VERSION_INFO VERSIONINFO - FILEVERSION 1,26,20,0 - PRODUCTVERSION 1,26,20,0 + FILEVERSION 1,26,21,0 + PRODUCTVERSION 1,26,21,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L @@ -46,11 +46,11 @@ BEGIN BEGIN VALUE "CompanyName", "IDRIX" VALUE "FileDescription", "VeraCrypt Format" - VALUE "FileVersion", "1.26.20" + VALUE "FileVersion", "1.26.21" VALUE "LegalTrademarks", "VeraCrypt" VALUE "OriginalFilename", "VeraCrypt Format.exe" VALUE "ProductName", "VeraCrypt" - VALUE "ProductVersion", "1.26.20" + VALUE "ProductVersion", "1.26.21" END END BLOCK "VarFileInfo" diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index d26564fc..93bd4b4b 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -1442,6 +1442,12 @@ void ComboSelChangeEA (HWND hwndDlg) SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("CAMELLIA_HELP")); } + else if (wcscmp (name, L"SM4") == 0) + { + StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name); + + SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SM4_HELP")); + } else if (EAGetCipherCount (nIndex) > 1) { // Cascade @@ -5654,6 +5660,8 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa Applink ("kuznyechik"); else if (wcscmp (name, L"Camellia") == 0) Applink ("camellia"); + else if (wcscmp (name, L"SM4") == 0) + Applink ("sm4"); else if (EAGetCipherCount (nIndex) > 1) Applink ("cascades"); diff --git a/src/Main/Forms/EncryptionOptionsWizardPage.cpp b/src/Main/Forms/EncryptionOptionsWizardPage.cpp index 594c0c0a..0df4c45f 100644 --- a/src/Main/Forms/EncryptionOptionsWizardPage.cpp +++ b/src/Main/Forms/EncryptionOptionsWizardPage.cpp @@ -100,6 +100,8 @@ namespace VeraCrypt EncryptionAlgorithmStaticText->SetLabel (LangString["CAMELLIA_HELP"]); else if (typeid (*ea) == typeid (Kuznyechik)) EncryptionAlgorithmStaticText->SetLabel (LangString["KUZNYECHIK_HELP"]); + else if (typeid (*ea) == typeid (SM4)) + EncryptionAlgorithmStaticText->SetLabel (LangString["SM4_HELP"]); else EncryptionAlgorithmStaticText->SetLabel (L""); } diff --git a/src/Main/GraphicUserInterface.cpp b/src/Main/GraphicUserInterface.cpp index 75b326e5..ab028e73 100644 --- a/src/Main/GraphicUserInterface.cpp +++ b/src/Main/GraphicUserInterface.cpp @@ -1291,6 +1291,10 @@ namespace VeraCrypt { url = L"Kuznyechik.html"; } + else if (linkId == L"sm4") + { + url = L"SM4.html"; + } else if (linkId == L"cascades") { url = L"Cascades.html"; diff --git a/src/Release/Setup Files/Product64.wxs b/src/Release/Setup Files/Product64.wxs index 14bb8119..fba469ed 100644 --- a/src/Release/Setup Files/Product64.wxs +++ b/src/Release/Setup Files/Product64.wxs @@ -806,6 +806,9 @@ + + + @@ -1461,6 +1464,9 @@ + + + @@ -2115,6 +2121,9 @@ + + + @@ -2807,6 +2816,7 @@ + @@ -3027,6 +3037,7 @@ + @@ -3247,6 +3258,7 @@ + diff --git a/src/SetupDLL/Setup.c b/src/SetupDLL/Setup.c index 75016b2e..de64efe5 100644 --- a/src/SetupDLL/Setup.c +++ b/src/SetupDLL/Setup.c @@ -733,6 +733,10 @@ void Applink_Dll (MSIHANDLE hInstaller, const char *dest) { StringCbCopyW (page, sizeof (page),L"Camellia.html"); } + else if (strcmp(dest, "sm4") == 0) + { + StringCbCopyW (page, sizeof (page),L"SM4.html"); + } else if (strcmp(dest, "cascades") == 0) { StringCbCopyW (page, sizeof (page),L"Cascades.html"); diff --git a/src/Volume/Cipher.cpp b/src/Volume/Cipher.cpp index 54bce73d..9af1ec56 100644 --- a/src/Volume/Cipher.cpp +++ b/src/Volume/Cipher.cpp @@ -17,6 +17,7 @@ #include "Crypto/Twofish.h" #include "Crypto/Camellia.h" #include "Crypto/kuznyechik.h" +#include "Crypto/sm4.h" #ifdef TC_AES_HW_CPU # include "Crypto/Aes_hw_cpu.h" @@ -99,6 +100,7 @@ namespace VeraCrypt l.push_back (shared_ptr (new CipherTwofish ())); l.push_back (shared_ptr (new CipherCamellia ())); l.push_back (shared_ptr (new CipherKuznyechik ())); + l.push_back (shared_ptr (new CipherSM4 ())); #endif return l; } @@ -518,6 +520,73 @@ namespace VeraCrypt return false; #endif } + + // SM4 + void CipherSM4::Decrypt (uint8 *data) const + { + sm4_decrypt_block (data, data, (sm4_kds *) ScheduledKey.Ptr()); + } + + void CipherSM4::Encrypt (uint8 *data) const + { + sm4_encrypt_block (data, data, (sm4_kds *) ScheduledKey.Ptr()); + } + + size_t CipherSM4::GetScheduledKeySize () const + { + return SM4_KS; + } + + void CipherSM4::SetCipherKey (const uint8 *key) + { + sm4_set_key (key, (sm4_kds *) ScheduledKey.Ptr()); + } + void CipherSM4::EncryptBlocks (uint8 *data, size_t blockCount) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + if ((blockCount >= 4) + && IsHwSupportAvailable()) + { + sm4_encrypt_blocks (data, data, blockCount, (sm4_kds *) ScheduledKey.Ptr()); + } + else + Cipher::EncryptBlocks (data, blockCount); + } + + void CipherSM4::DecryptBlocks (uint8 *data, size_t blockCount) const + { + if (!Initialized) + throw NotInitialized (SRC_POS); + + if ((blockCount >= 4) + && IsHwSupportAvailable()) + { + sm4_decrypt_blocks (data, data, blockCount, (sm4_kds *) ScheduledKey.Ptr()); + } + else + Cipher::DecryptBlocks (data, blockCount); + } + + bool CipherSM4::IsHwSupportAvailable () const + { +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 + static bool state = false; + static bool stateValid = false; + + if (!stateValid) + { + state = HasSSE41() && HasAESNI(); + stateValid = true; + } + return state; +#else + return false; +#endif + } + + #endif bool Cipher::HwSupportEnabled = true; } diff --git a/src/Volume/Cipher.h b/src/Volume/Cipher.h index 4c0d4893..d97ce679 100644 --- a/src/Volume/Cipher.h +++ b/src/Volume/Cipher.h @@ -148,6 +148,7 @@ namespace VeraCrypt TC_CIPHER (Twofish, 16, 32); TC_CIPHER (Camellia, 16, 32); TC_CIPHER (Kuznyechik, 16, 32); + TC_CIPHER (SM4, 16, 16); #undef TC_CIPHER_ADD_METHODS #define TC_CIPHER_ADD_METHODS diff --git a/src/Volume/EncryptionAlgorithm.cpp b/src/Volume/EncryptionAlgorithm.cpp index 5090a254..6c9c7703 100644 --- a/src/Volume/EncryptionAlgorithm.cpp +++ b/src/Volume/EncryptionAlgorithm.cpp @@ -70,6 +70,7 @@ namespace VeraCrypt l.push_back (shared_ptr (new Twofish ())); l.push_back (shared_ptr (new Camellia ())); l.push_back (shared_ptr (new Kuznyechik ())); + l.push_back (shared_ptr (new SM4 ())); l.push_back (shared_ptr (new AESTwofish ())); l.push_back (shared_ptr (new AESTwofishSerpent ())); l.push_back (shared_ptr (new CamelliaKuznyechik ())); @@ -80,6 +81,10 @@ namespace VeraCrypt l.push_back (shared_ptr (new SerpentAES ())); l.push_back (shared_ptr (new SerpentTwofishAES ())); l.push_back (shared_ptr (new TwofishSerpent ())); + l.push_back (shared_ptr (new KuznyechikSM4 ())); + l.push_back (shared_ptr (new SerpentSM4 ())); + l.push_back (shared_ptr (new SM4Twofish ())); + l.push_back (shared_ptr (new TwofishSerpentSM4 ())); #endif return l; } @@ -380,5 +385,50 @@ namespace VeraCrypt SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); } + + // SM4 + SM4::SM4 () + { + Ciphers.push_back (shared_ptr (new CipherSM4())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } + + // Kuznyechik-SM4 + KuznyechikSM4::KuznyechikSM4 () + { + Ciphers.push_back (shared_ptr (new CipherSM4 ())); + Ciphers.push_back (shared_ptr (new CipherKuznyechik ())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } + + // Serpent-SM4 + SerpentSM4::SerpentSM4 () + { + Ciphers.push_back (shared_ptr (new CipherSM4 ())); + Ciphers.push_back (shared_ptr (new CipherSerpent ())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } + + // SM4-Twofish + SM4Twofish::SM4Twofish () + { + Ciphers.push_back (shared_ptr (new CipherTwofish ())); + Ciphers.push_back (shared_ptr (new CipherSM4 ())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } + + // Twofish-Serpent-SM4 + TwofishSerpentSM4::TwofishSerpentSM4 () + { + Ciphers.push_back (shared_ptr (new CipherSM4 ())); + Ciphers.push_back (shared_ptr (new CipherSerpent ())); + Ciphers.push_back (shared_ptr (new CipherTwofish ())); + + SupportedModes.push_back (shared_ptr (new EncryptionModeXTS ())); + } #endif } diff --git a/src/Volume/EncryptionAlgorithm.h b/src/Volume/EncryptionAlgorithm.h index 7b6f83dc..216a9661 100644 --- a/src/Volume/EncryptionAlgorithm.h +++ b/src/Volume/EncryptionAlgorithm.h @@ -95,6 +95,12 @@ namespace VeraCrypt TC_ENCRYPTION_ALGORITHM (KuznyechikSerpentCamellia); TC_ENCRYPTION_ALGORITHM (CamelliaKuznyechik); TC_ENCRYPTION_ALGORITHM (CamelliaSerpent); + TC_ENCRYPTION_ALGORITHM (SM4); + TC_ENCRYPTION_ALGORITHM (KuznyechikSM4); + TC_ENCRYPTION_ALGORITHM (SerpentSM4); + TC_ENCRYPTION_ALGORITHM (SM4Twofish); + TC_ENCRYPTION_ALGORITHM (TwofishSerpentSM4); + #undef TC_ENCRYPTION_ALGORITHM } diff --git a/src/Volume/EncryptionTest.cpp b/src/Volume/EncryptionTest.cpp index dfa1e5ea..04cf9f88 100644 --- a/src/Volume/EncryptionTest.cpp +++ b/src/Volume/EncryptionTest.cpp @@ -51,6 +51,13 @@ namespace VeraCrypt uint8 Ciphertext[16]; }; + struct Cipher128TestVector + { + uint8 Key[16]; + uint8 Plaintext[16]; + uint8 Ciphertext[16]; + }; + static const CipherTestVector AESTestVectors[] = { { @@ -155,6 +162,91 @@ namespace VeraCrypt } } }; + + static const CipherTestVector SM4TestVectors[] = + { + { + // KEY 0 + { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 }, + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 } + }, + { + // KEY 1 + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xf4,0x21,0x31,0xb0,0x02,0x42,0x5b,0x6f,0x5c,0xf5,0x2a,0x81,0x06,0x82,0xa0,0x9d }, + { 0xec,0x4b,0x7b,0x17,0x57,0xfe,0xe9,0xce,0x45,0x51,0x97,0xe5,0xbf,0x9c,0x3a,0x90 } + }, + { + // After KEY 1, PT/CT pairs + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0x07,0xbc,0xae,0x6a,0x83,0x88,0xe1,0x46,0x51,0xfe,0xd8,0x4b,0x37,0x49,0xd3,0x86 }, + { 0x89,0xf2,0xc4,0x1e,0xd9,0x7d,0xbb,0x1b,0x74,0xa2,0xad,0x93,0xb9,0x03,0xbb,0xc9 } + }, + { + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xf4,0x76,0x26,0x15,0xb3,0x2c,0x00,0x0a,0x16,0x5e,0x1d,0x72,0x2d,0x70,0x80,0x52 }, + { 0xf4,0x5a,0x41,0x05,0x2f,0x9b,0xf3,0xd5,0xb6,0x5d,0xf8,0xcc,0x1c,0x75,0xb4,0xcf } + }, + { + { 0x68,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x46 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xba,0x3c,0x19,0xd8,0x92,0x63,0x56,0xed,0x14,0x91,0xc6,0xe4,0xe5,0x28,0x78,0x2f }, + { 0x3e,0x1f,0x30,0xd5,0x7d,0xf4,0xb6,0x06,0x94,0xf5,0x66,0xde,0x44,0x48,0x4f,0xaf } + }, + { + // KEY 2 + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0x91,0x08,0x95,0x7f,0xf9,0x17,0xe3,0xd6,0x1c,0x4e,0xa3,0x3e,0x53,0xdb,0x6e,0xf3 }, + { 0x6a,0x52,0x9a,0xc0,0x93,0xa5,0xf3,0x04,0x5a,0xed,0x78,0x7f,0x70,0xcc,0xb7,0xf5 } + }, + { + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xcb,0xa0,0xf0,0x56,0x75,0x35,0xd6,0x61,0x48,0xb3,0x5a,0x92,0x58,0x72,0x9c,0x23 }, + { 0x63,0x46,0xf0,0xe4,0xc5,0x95,0x32,0xd4,0x18,0xce,0x31,0x5b,0x9f,0x22,0xa0,0xf4 } + }, + { + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xfa,0x59,0x80,0x11,0xf7,0xc2,0x10,0x07,0x99,0x45,0x1e,0x62,0xf3,0xb5,0xcf,0x09 }, + { 0x62,0x55,0x45,0x91,0x00,0x95,0x8f,0x4d,0x95,0x3a,0x9d,0x56,0x67,0x69,0x2d,0x6d } + }, + { + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0xba,0x1f,0x85,0x55,0xb2,0xdd,0xab,0x0e,0x4e,0x4d,0x80,0x26,0xb0,0x5a,0xf3,0x89 }, + { 0x37,0x6f,0xeb,0x09,0x78,0xb5,0x2a,0xb9,0xc9,0x84,0xa1,0x4d,0x7e,0x66,0xf6,0x71 } + }, + { + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0x50,0xc6,0x3c,0xe2,0x55,0x82,0x57,0x1a,0xa5,0xd8,0xee,0x22,0x08,0x9c,0x1b,0x59 }, + { 0x31,0xff,0xaf,0x2c,0xad,0x65,0x49,0xf3,0xd9,0xfc,0xd7,0xf0,0x2d,0xf5,0x81,0x24 } + }, + { + { 0x78,0x1e,0xdf,0x34,0xd2,0x06,0x96,0x5e,0x86,0xb3,0xe9,0x4f,0x53,0x6e,0x42,0x47 + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 // dummy + }, + { 0x22,0x9a,0xd7,0xa8,0xa8,0x3c,0x5e,0x23,0x84,0xb4,0x08,0x2e,0x50,0xd0,0x6e,0xbf }, + { 0x76,0xf2,0x9e,0x93,0xdd,0xf5,0x79,0x32,0xa4,0x1e,0x83,0xbb,0x7b,0x61,0xa4,0x06 } + } + }; #endif static void TestCipher (Cipher &cipher, const CipherTestVector *testVector, size_t testVectorCount) @@ -207,6 +299,9 @@ namespace VeraCrypt CipherKuznyechik kuznyechik; TestCipher (kuznyechik, KuznyechikTestVectors, array_capacity (KuznyechikTestVectors)); + + CipherSM4 sm4; + TestCipher (sm4, SM4TestVectors, array_capacity (SM4TestVectors)); #endif } @@ -682,6 +777,32 @@ namespace VeraCrypt break; } } + else if (typeid (ea) == typeid (SM4)) + { + switch (testCase) + { + case 0: + if (crc != 0x561b1367) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0x8f72e14d) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0xf96df16f) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0x8997e6eb) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } else if (typeid (ea) == typeid (AESTwofish)) { switch (testCase) @@ -942,6 +1063,110 @@ namespace VeraCrypt break; } } + else if (typeid (ea) == typeid (KuznyechikSM4)) + { + switch (testCase) + { + case 0: + if (crc != 0xb126b7f8) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0xa117004a) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0xc561be46) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0x47106ce3) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } + else if (typeid (ea) == typeid (SerpentSM4)) + { + switch (testCase) + { + case 0: + if (crc != 0x40a9eaa5) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0xce6873f1) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0x92cafcad) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0x7e1463ca) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } + else if (typeid (ea) == typeid (SM4Twofish)) + { + switch (testCase) + { + case 0: + if (crc != 0xd9a46a64) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0x371fdc08) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0x231c5104) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0xa920424b) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } + else if (typeid (ea) == typeid (TwofishSerpentSM4)) + { + switch (testCase) + { + case 0: + if (crc != 0x881b6e3d) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 1: + if (crc != 0x37ed1418) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 2: + if (crc != 0x8e563eef) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + case 3: + if (crc != 0xdcbc41ac) + throw TestFailed (SRC_POS); + nTestsPerformed++; + break; + } + } #endif if (crc == 0x9f5edd58) throw TestFailed (SRC_POS); @@ -1028,6 +1253,12 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + else if (typeid (ea) == typeid (SM4)) + { + if (crc != 0x7b600d06) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } else if (typeid (ea) == typeid (AESTwofish)) { if (crc != 0x14ce7385) @@ -1088,6 +1319,30 @@ namespace VeraCrypt throw TestFailed (SRC_POS); nTestsPerformed++; } + else if (typeid (ea) == typeid (KuznyechikSM4)) + { + if (crc != 0x8190551b) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } + else if (typeid (ea) == typeid (SerpentSM4)) + { + if (crc != 0x31408c47) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } + else if (typeid (ea) == typeid (SM4Twofish)) + { + if (crc != 0x1eaede31) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } + else if (typeid (ea) == typeid (TwofishSerpentSM4)) + { + if (crc != 0x033093e5) + throw TestFailed (SRC_POS); + nTestsPerformed++; + } #endif if (crc == 0x9f5edd58) @@ -1101,7 +1356,7 @@ namespace VeraCrypt nTestsPerformed++; } #ifndef WOLFCRYPT_BACKEND - if (nTestsPerformed != 150) + if (nTestsPerformed != 200) #else if (nTestsPerformed != 10) #endif diff --git a/src/Volume/Volume.make b/src/Volume/Volume.make index a4f62562..e602b4ae 100644 --- a/src/Volume/Volume.make +++ b/src/Volume/Volume.make @@ -16,6 +16,7 @@ OBJSNOOPT := OBJSSSE41 := OBJSSSSE3 := OBJSHANI := +OBJAESNI := OBJS += Cipher.o OBJS += EncryptionAlgorithm.o OBJS += EncryptionMode.o @@ -97,8 +98,10 @@ else endif ifeq "$(GCC_GTEQ_500)" "1" OBJSHANI += ../Crypto/Sha2Intel.oshani + OBJAESNI += ../Crypto/sm4-impl-aesni.oaesni else OBJS += ../Crypto/Sha2Intel.o + OBJS += ../Crypto/sm4-impl-aesni.o endif else OBJS += ../Crypto/wolfCrypt.o @@ -118,6 +121,7 @@ OBJS += ../Crypto/Camellia.o OBJS += ../Crypto/Streebog.o OBJS += ../Crypto/kuznyechik.o OBJS += ../Crypto/kuznyechik_simd.o +OBJS += ../Crypto/sm4.o OBJS += ../Common/Pkcs5.o endif diff --git a/src/Volume/VolumeLayout.cpp b/src/Volume/VolumeLayout.cpp index 8077a1ab..d30f1263 100644 --- a/src/Volume/VolumeLayout.cpp +++ b/src/Volume/VolumeLayout.cpp @@ -109,6 +109,7 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new CamelliaKuznyechik ())); @@ -119,6 +120,10 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpent ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new KuznyechikSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4Twofish ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpentSM4 ())); SupportedEncryptionModes.push_back (shared_ptr (new EncryptionModeXTS ())); #else SupportedEncryptionModes.push_back (shared_ptr (new EncryptionModeWolfCryptXTS ())); @@ -158,6 +163,7 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new CamelliaKuznyechik ())); @@ -168,6 +174,10 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpent ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new KuznyechikSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4Twofish ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpentSM4 ())); SupportedEncryptionModes.push_back (shared_ptr (new EncryptionModeXTS ())); #else @@ -214,6 +224,7 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new Twofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Camellia ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new Kuznyechik ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4 ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofish ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new AESTwofishSerpent ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new CamelliaKuznyechik ())); @@ -224,6 +235,10 @@ namespace VeraCrypt SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentTwofishAES ())); SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpent ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new KuznyechikSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SerpentSM4 ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new SM4Twofish ())); + SupportedEncryptionAlgorithms.push_back (shared_ptr (new TwofishSerpentSM4 ())); SupportedEncryptionModes.push_back (shared_ptr (new EncryptionModeXTS ())); #else