Skip to main content

building TrueCrypt from source

As there are no existing TrueCrypt for GNU Linux/Sparc, we had to do this ourselves. However, the buildprocess is not pretty and for some reason one just *has* to build all that wxWidget stuff, although I don't intend to manage crypto devices with my mouse, sigh. Oh, and there were quite a few build errors but thanks to Kano we finally succeeded. Here it goes, the whole shebang for TrueCrypt-6.1a:

# apt-get install libfuse-dev pkg-config
# mkdir /usr/local/include/pkcs11-v2-20
# cd /usr/local/include/pkcs11-v2-20
# for i in pkcs11.h pkcs11f.h pkcs11t.h; do \
   wget ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/$i; done
# for i in `pwd`/*h; do (ln -s $i /usr/include); done 
# cd /usr/local/src
# wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-2.8.9.tar.bz2
# tar -xjf wxWidgets-2.8.9.tar.bz2
# cd ~/dev/truecrypt-6.1-source
# make NOGUI=1 WX_ROOT=/usr/local/src/wxWidgets-2.8.9 wxbuild
# make NOGUI=1 WXSTATIC=1
[....hours later on this box....]
# file Main/truecrypt 
Main/truecrypt: ELF 32-bit MSB executable, SPARC, version 1 (SYSV), dynamically
linked (uses shared libs), stripped
Note: it's really important to get v2.20 of the PKCS11 header files, the current version did not work. Also, Debian/Etch comes with libwxgtk2.[46]-dev - the build failed and I really had to get the 2.8 version. Update: Although the build worked, truecrypt doesn't. Rebuilding with DEBUG=1 DEBUGGER=1 NOSTRIP=1 made gdb(1) spit out all the gory details:
stanley# gdb /usr/local/sbin/truecrypt
GNU gdb 6.4.90-debian
This GDB was configured as "sparc-linux-gnu"...Using host libthread_db 
library "/lib/v9/libthread_db.so.1".

(gdb) run --create /dev/loop0 --encryption=AES --filesystem=fat \
               --hash=ripemd-160 --keyfiles=/root/stanley.key \
               --protect-hidden=no --volume-type=normal \
               --random-source=/dev/urandom
Starting program: /usr/local/sbin/truecrypt --create /dev/loop0 \
              --encryption=AES --filesystem=fat --hash=ripemd-160 \
              --keyfiles=/root/stanley.key --protect-hidden=no \
              --volume-type=normal --random-source=/dev/urandom
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 32604)]

Enter password: 
WARNING: Short passwords are easy to crack using brute force techniques!
We recommend choosing a password consisting of more than 20 characters.
Are you sure you want to use a short password? (y=Yes/n=No) [No]: y
Re-enter password: 

Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 32604)]
0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
99                              return x;
(gdb) bt
#0  0x001598c8 in TrueCrypt::Endian::Big (x=@0x3a9df4) \
                  at /root/truecrypt-6.1-source/Platform/Memory.h:99
#1  0x00168e08 in TrueCrypt::EncryptionTest::TestXtsAES () \
                  at EncryptionTest.cpp:429
#2  0x0016bd30 in TrueCrypt::EncryptionTest::TestAll () \
                  at EncryptionTest.cpp:24
#3  0x000c57e8 in TrueCrypt::VolumeCreator::CreateVolume \
                  (this=0xfff55078, options=@0xfff555e0) \
                  at VolumeCreator.cpp:179
#4  0x00058434 in TrueCrypt::TextUserInterface::CreateVolume \
                 (this=0x4c43f8, options=@0xfff55888, randomSourcePath=@0x5395ac) \
                 at TextUserInterface.cpp:769
#5  0x0007efa8 in TrueCrypt::UserInterface::ProcessCommandLine \
                 (this=0x4c43f8) \
                 at UserInterface.cpp:973
#6  0x00048ed4 in TrueCrypt::TextUserInterface::OnRun \
                 (this=0x4c43f8) \
                 at TextUserInterface.cpp:1141
#7  0x002bd634 in wxEntry (argc=@0x4a9510, argv=0x4b3948) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:460
#8  0x002bd774 in wxEntry (argc=@0xfff55c14, argv=0xfff55c94) \
                 at /usr/local/src/wxWidgets-2.8.9/src/common/init.cpp:472
#9  0x000ada54 in main (argc=10, argv=0xfff55c94) at Unix/Main.cpp:84
(gdb) bt all
No symbol "all" in current context.
Hm, but even running truecrypt --test was showing the same behaviour: TestXtsAES just fails to work. However, when trying to create the volume with another cipher, it still crashes at TestXtsAES, because VolumeCreator::CreateVolume always calls EncryptionTest::TestAll before actually creating the volume. Commenting out this call in VolumeCreator.cpp:179, recompiling and trying to create the volume with the Twofish cipher gives:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7980)]
0x001c508c in RMD160Transform (digest=0xffcfc730, data=0xffcfc6ef) \
                at ../Crypto/Rmd160.c:192
192                     X[i] = LE32 (data[i]);
Current language:  auto; currently c
Wow, now it fails at the hashing algorithm. When using SHA-512 instead of ripemd-160, it still crashes:
Program received signal SIGBUS, Bus error.
[Switching to Thread 16384 (LWP 7991)]
0x0019ea6c in TrueCrypt::VolumeHeader::SerializeEntry \
   (this=0x516df0, entry=@0xffde8840, header=@0xffde8960, offset=@0xffde8850) \
                at VolumeHeader.cpp:286
286                     *reinterpret_cast \
               (header.Get() + offset - sizeof (T)) = Endian::Big (entry);
...and that's it. Still SIGBUS for truecrypt, and -ENOSKILL for me, for not knowing C++ at all. Looks like truecrypt just wasn't meant to be run on big endian platforms. Damn.