nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-23 19:43:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows Driver: Use KeQueryInterruptTimePrecise on Windows 8.1 and newer as better seed for internal RNG compared to KeQueryInterruptTime

Browse Source
This commit is contained in:
Mounir IDRASSI 2023-09-29 22:14:43 +02:00
parent 5234c479a4
commit 5192eac233
No known key found for this signature in database
GPG Key ID: FC1B00364B3FE937
2 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Common/Tcdefs.h
View File

@ -305,6 +305,10 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) (
PULONG Attributes
);
typedef ULONG64 (NTAPI *KeQueryInterruptTimePreciseFn)(
PULONG64 QpcTimeStamp
);
typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) ();
typedef void (NTAPI *KeSetSystemGroupAffinityThreadFn)(

22
src/Driver/Ntdriver.c
View File

@ -145,6 +145,7 @@ static BOOL RamEncryptionActivated = FALSE;
static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL;
static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL;
static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;
static KeQueryInterruptTimePreciseFn KeQueryInterruptTimePrecisePtr = NULL;
static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;
static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;
@ -238,8 +239,17 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
iSeed = KeQueryPerformanceCounter (&iSeed2);
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
iSeed.QuadPart = KeQueryInterruptTime ();
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
if (KeQueryInterruptTimePrecisePtr)
{
iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart);
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
}
else
{
iSeed.QuadPart = KeQueryInterruptTime ();
WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
}
/* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */
if (0 == jent_entropy_init ())
@ -339,6 +349,14 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName);
}
// KeQueryInterruptTimePrecise is available starting from Windows 8.1
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 3))
{
UNICODE_STRING funcName;
RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise");
KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName);
}
// Load dump filter if the main driver is already loaded
if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version))))
return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath);