veracrypt support

[GoogleCodeExporter]

current maintainer of zuluCrypt[1] here.

it will be nice if cryptsetup will also support veracrypt[2] volumes since more 
and more people are starting to ask me to support them and cryptsetup is the 
best backend for me to get the support from.

this pull request[3] for tcplay maybe a good place to start in looking up 
differences between TrueCrypt volumes and veracrypt volumes.

thanks.

[1] https://code.google.com/p/zulucrypt/
[2] https://veracrypt.codeplex.com/
[3] https://github.com/bwalex/tc-play/pull/65

Original issue reported on code.google.com by mhogomch...@gmail.com on 23 Feb 2015 at 6:01

[GoogleCodeExporter]

Yes, I planned add Veracrypt myself, it should be pretty simple.
But it will probably slowdown the unlocking process.

Original comment by gmazyl...@gmail.com on 23 Feb 2015 at 6:38

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

Should be fixed in
https://code.google.com/p/cryptsetup/source/detail?r=1f2d8de95f7591b94b8e56d8dd4
555e3a64ea5ac#

Please give it a try.

Original comment by gmazyl...@gmail.com on 24 Feb 2015 at 9:35

• Changed state: Fixed

[GoogleCodeExporter]

I just tried and noticed two things.

1. veracrypt volumes are reported as truecrypt volumes.

2. its possible to open a hidden veracrypt volume but it requires the use of 
"CRYPT_TCRYPT_HIDDEN_HEADER" flag. It seems odd to use a truecrypt flag when 
managing a veracrypt volume.

Original comment by mhogomch...@gmail.com on 25 Feb 2015 at 7:50

[GoogleCodeExporter]

There are some test images which were created with VC 1.0f and it works.

Could you send me a small image which cannot be open without hidden header flag?

TCRYPT dump will print "VERACRYPT" instead of TCRYPT but otherwise VeraCrypt is 
just trivial extension of TrueCrypt, the format is exactly the same so I do not 
want to create any special handling here.

Original comment by gmazyl...@gmail.com on 25 Feb 2015 at 8:56

[GoogleCodeExporter]

i created a normal and hidden VeraCrypt volume and cryptsetup opened both 
volumes just fine so it works.

but ..

crypt_get_type() API reports "TCRYPT" for veraCrypt volumes and hence this API 
can not be used to tell if a volume is TrueCrypt volume or VeraCrypt volume.

The API does not have options that are specific to VeraCrypt volumes.

TrueCrypt has the following options: CRYPT_TCRYPT_HIDDEN_HEADER, 
CRYPT_TCRYPT_SYSTEM_HEADER, CRYPT_TCRYPT_BACKUP_HEADER, 
CRYPT_TCRYPT_LEGACY_MODES

VeraCrypt on the other hand has only one: CRYPT_TCRYPT_VERA_MODES.

So to unlock a hidden veracrypt volume,a Truecrypt option( 
CRYPT_TCRYPT_HIDDEN_HEADER ) has to be used and this is what i was commenting 
about when i said it seems odd to use TrueCrypt specific options when managing 
a VeraCrypt volume.

If these TCRYPT* options are meant to be used for both TrueCrypt and VeraCrypt 
volumes,then i this the API should mention this.

Original comment by mhogomch...@gmail.com on 25 Feb 2015 at 9:18

[GoogleCodeExporter]

I take VeraCrypt just ad extension (which it IMHO is - the on-disk format and 
header location is the same, just it changed "VERA" magic and iteration count + 
added sha256).

CRYPT_TCRYPT_VERA_MODES is equivalent to CRYPT_TCRYPT_LEGACY_MODES - it just 
add additional formats to scan. All other flags are exactly the same as in 
TCRYPT.

And you are right, I should mention this in API documentation.

Is it real problem that it reports TCRYPT format? I think from the user 
perspective it is just "Open TrueCrypt volume" + checkbox "Support VeraCrypt 
extensions" but still handle it as a real VeraCrypt.
(Maybe later if there is any major incompatible change we have to change it but 
I do not believe there will be such change soon.)

(VeraCrypt "marketing" is like it is new format but in reality it is the same 
TrueCrypt code just with slight modifications...)

Original comment by gmazyl...@gmail.com on 25 Feb 2015 at 9:38

[GoogleCodeExporter]

Sorry, typo: I mean ..still handle it as real Truecrypt (TCRYPT) type

Original comment by gmazyl...@gmail.com on 25 Feb 2015 at 9:42

[GoogleCodeExporter]

The GUI window for zuluCrypt where a user can choose to unlock veracrypt 
volumes among others is in the following link:

in my case,its perfectly fine to use "tcrypt" to mean both TrueCrypt volumes 
and VeraCrypt volume.

thanks for the feature.

http://tinypic.com/r/2rxv213/8

Original comment by mhogomch...@gmail.com on 25 Feb 2015 at 12:37

[GoogleCodeExporter]

just thought i should mention this in case its an oversight.

When attempting to unlock a VeraCrypt volumes,TrueCrypt cipher options that 
VeraCrypt is known to not use at all(like serpent-lrw-benbi) are also tried.

The time it takes to go through these ciphers is negligible(in my system) so 
its not an issue(to me) but it may be with somebody else.

log output that shows all cipher combination attempts when unlocking a 
VeraCrypt volume is below: 

[root@mtz tcrypt]# /usr/sbin/cryptsetup --debug --veracrypt tcryptOpen 
veraCrypt.img vera
# cryptsetup 1.7.0-git processing "/usr/sbin/cryptsetup --debug --veracrypt 
tcryptOpen veraCrypt.img vera"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device veraCrypt.img context.
# Trying to open and read device veraCrypt.img.
# Initialising device-mapper backend library.
# Interactive passphrase entry requested.
Enter passphrase: 
# Trying to load TCRYPT crypt type from device veraCrypt.img.
# Crypto backend (gcrypt 1.5.3, flawed whirlpool) initialized.
# Detected kernel Linux 3.15.9-pclos1 x86_64.
# Reading TCRYPT header of size 512 bytes from device veraCrypt.img.
# TCRYPT: trying KDF: pbkdf2-ripemd160-2000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT:  trying cipher serpent-xts-plain64
# TCRYPT:  trying cipher twofish-xts-plain64
# TCRYPT:  trying cipher twofish-aes-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT:  trying cipher aes-serpent-xts-plain64
# TCRYPT:  trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-xts-plain64
# TCRYPT:  trying cipher aes-lrw-benbi
# TCRYPT:  trying cipher serpent-lrw-benbi
# TCRYPT:  trying cipher twofish-lrw-benbi
# TCRYPT:  trying cipher twofish-aes-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT:  trying cipher aes-serpent-lrw-benbi
# TCRYPT:  trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-lrw-benbi
# TCRYPT:  trying cipher aes-cbc-tcw
# TCRYPT:  trying cipher serpent-cbc-tcw
# TCRYPT:  trying cipher twofish-cbc-tcw
# TCRYPT:  trying cipher twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher aes-serpent-cbci-tcrypt
# TCRYPT:  trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT:  trying cipher cast5-cbc-tcw
# TCRYPT:  trying cipher des3_ede-cbc-tcw
# TCRYPT:  trying cipher blowfish_le-cbc-tcrypt
# TCRYPT:  trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT:  trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-ripemd160-1000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT:  trying cipher serpent-xts-plain64
# TCRYPT:  trying cipher twofish-xts-plain64
# TCRYPT:  trying cipher twofish-aes-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT:  trying cipher aes-serpent-xts-plain64
# TCRYPT:  trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-xts-plain64
# TCRYPT:  trying cipher aes-lrw-benbi
# TCRYPT:  trying cipher serpent-lrw-benbi
# TCRYPT:  trying cipher twofish-lrw-benbi
# TCRYPT:  trying cipher twofish-aes-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT:  trying cipher aes-serpent-lrw-benbi
# TCRYPT:  trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-lrw-benbi
# TCRYPT:  trying cipher aes-cbc-tcw
# TCRYPT:  trying cipher serpent-cbc-tcw
# TCRYPT:  trying cipher twofish-cbc-tcw
# TCRYPT:  trying cipher twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher aes-serpent-cbci-tcrypt
# TCRYPT:  trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT:  trying cipher cast5-cbc-tcw
# TCRYPT:  trying cipher des3_ede-cbc-tcw
# TCRYPT:  trying cipher blowfish_le-cbc-tcrypt
# TCRYPT:  trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT:  trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-sha512-1000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT:  trying cipher serpent-xts-plain64
# TCRYPT:  trying cipher twofish-xts-plain64
# TCRYPT:  trying cipher twofish-aes-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT:  trying cipher aes-serpent-xts-plain64
# TCRYPT:  trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-xts-plain64
# TCRYPT:  trying cipher aes-lrw-benbi
# TCRYPT:  trying cipher serpent-lrw-benbi
# TCRYPT:  trying cipher twofish-lrw-benbi
# TCRYPT:  trying cipher twofish-aes-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT:  trying cipher aes-serpent-lrw-benbi
# TCRYPT:  trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-lrw-benbi
# TCRYPT:  trying cipher aes-cbc-tcw
# TCRYPT:  trying cipher serpent-cbc-tcw
# TCRYPT:  trying cipher twofish-cbc-tcw
# TCRYPT:  trying cipher twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher aes-serpent-cbci-tcrypt
# TCRYPT:  trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT:  trying cipher cast5-cbc-tcw
# TCRYPT:  trying cipher des3_ede-cbc-tcw
# TCRYPT:  trying cipher blowfish_le-cbc-tcrypt
# TCRYPT:  trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT:  trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-whirlpool-1000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT:  trying cipher serpent-xts-plain64
# TCRYPT:  trying cipher twofish-xts-plain64
# TCRYPT:  trying cipher twofish-aes-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT:  trying cipher aes-serpent-xts-plain64
# TCRYPT:  trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-xts-plain64
# TCRYPT:  trying cipher aes-lrw-benbi
# TCRYPT:  trying cipher serpent-lrw-benbi
# TCRYPT:  trying cipher twofish-lrw-benbi
# TCRYPT:  trying cipher twofish-aes-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT:  trying cipher aes-serpent-lrw-benbi
# TCRYPT:  trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-lrw-benbi
# TCRYPT:  trying cipher aes-cbc-tcw
# TCRYPT:  trying cipher serpent-cbc-tcw
# TCRYPT:  trying cipher twofish-cbc-tcw
# TCRYPT:  trying cipher twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher aes-serpent-cbci-tcrypt
# TCRYPT:  trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT:  trying cipher cast5-cbc-tcw
# TCRYPT:  trying cipher des3_ede-cbc-tcw
# TCRYPT:  trying cipher blowfish_le-cbc-tcrypt
# TCRYPT:  trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT:  trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-sha1-2000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT:  trying cipher serpent-xts-plain64
# TCRYPT:  trying cipher twofish-xts-plain64
# TCRYPT:  trying cipher twofish-aes-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-aes-xts-plain64
# TCRYPT:  trying cipher aes-serpent-xts-plain64
# TCRYPT:  trying cipher aes-twofish-serpent-xts-plain64
# TCRYPT:  trying cipher serpent-twofish-xts-plain64
# TCRYPT:  trying cipher aes-lrw-benbi
# TCRYPT:  trying cipher serpent-lrw-benbi
# TCRYPT:  trying cipher twofish-lrw-benbi
# TCRYPT:  trying cipher twofish-aes-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-aes-lrw-benbi
# TCRYPT:  trying cipher aes-serpent-lrw-benbi
# TCRYPT:  trying cipher aes-twofish-serpent-lrw-benbi
# TCRYPT:  trying cipher serpent-twofish-lrw-benbi
# TCRYPT:  trying cipher aes-cbc-tcw
# TCRYPT:  trying cipher serpent-cbc-tcw
# TCRYPT:  trying cipher twofish-cbc-tcw
# TCRYPT:  trying cipher twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-aes-cbci-tcrypt
# TCRYPT:  trying cipher aes-serpent-cbci-tcrypt
# TCRYPT:  trying cipher aes-twofish-serpent-cbci-tcrypt
# TCRYPT:  trying cipher serpent-twofish-cbci-tcrypt
# TCRYPT:  trying cipher cast5-cbc-tcw
# TCRYPT:  trying cipher des3_ede-cbc-tcw
# TCRYPT:  trying cipher blowfish_le-cbc-tcrypt
# TCRYPT:  trying cipher blowfish_le-aes-cbc-tcrypt
# TCRYPT:  trying cipher serpent-blowfish_le-aes-cbc-tcrypt
# TCRYPT: trying KDF: pbkdf2-sha512-500000.
# TCRYPT:  trying cipher aes-xts-plain64
# TCRYPT: Signature magic detected (Veracrypt).
# TCRYPT: Magic: VERA, Header version: 5, req. 267, sector 512, mk_offset 
131072, hidden_size 0, volume size 52166656
# TCRYPT: Header cipher aes-xts-plain64, key size 64
# Activating volume vera by volume key.
# dm version   OF   [16384]
# dm versions   OF   [16384]
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# dm status vera  OF   [16384]
# Allocating a free loop device.
# Trying to open and read device /dev/loop0.
# Calculated device size is 101888 sectors (RW), offset 256.
# Trying to activate TCRYPT device vera using cipher aes-xts-plain64.
# DM-UUID is CRYPT-TCRYPT-vera
# Udev cookie 0xd4d60f2 (semid 5734401) created
# Udev cookie 0xd4d60f2 (semid 5734401) incremented
# Udev cookie 0xd4d60f2 (semid 5734401) incremented
# Udev cookie 0xd4d60f2 (semid 5734401) assigned to dm_task with flags 0x0
# dm create vera CRYPT-TCRYPT-vera OF   [16384]
# vera: Stacking NODE_ADD (253,0) 0:6 0660
# dm reload vera  OF   [16384]
# dm resume vera  OF   [16384]
# vera: Stacking NODE_READ_AHEAD 1024 (flags=1)
# Udev cookie 0xd4d60f2 (semid 5734401) decremented
# Udev cookie 0xd4d60f2 (semid 5734401): Waiting for zero
# Udev cookie 0xd4d60f2 (semid 5734401) destroyed
# vera: read ahead is 1024
# vera: Setting read ahead to 1024
# Releasing crypt device veraCrypt.img context.
# Releasing device-mapper backend.
# Closed loop /dev/loop0 (veraCrypt.img).
# Unlocking memory.
Command successful.
[root@mtz tcrypt]#

Original comment by mhogomch...@gmail.com on 26 Feb 2015 at 8:55

[GoogleCodeExporter]

Well, it is not oversight, it was partially my laziness and partially lack of 
time :-)

As you already found, the time wasted is negligible (Veracrypt has extreme 
unlocking times, few seconds more should not be problem).

I will probably fix it later anyway, thanks.

Original comment by gmazyl...@gmail.com on 26 Feb 2015 at 9:51

[GoogleCodeExporter]

When trying to unlock a volume,old version of VeraCrypt use first RIPEMD160 but 
newer version use first SHA-512.

I think it will be better if cryptsetup first try SHA-512(it currently does) 
and then try RIPEMD160 second instead of fifth.

The ninth entry in the following thread mention the above: 
https://veracrypt.codeplex.com/discussions/549728

Original comment by mhogomch...@gmail.com on 27 Feb 2015 at 8:50

[GoogleCodeExporter]

ok, changed.

If you are testing this more deeply and you think reordering will help just let 
me know, I will change it. For now, I am not going to spend any more time on 
this, there can be more optimizations for sure but I do not think it is worth 
to spend more time with it now.

Thanks!

Original comment by gmazyl...@gmail.com on 27 Feb 2015 at 9:18