diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-29 22:14:43 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-29 22:14:43 +0200 |
commit | 5192eac233d4ac1c972af724d01167d38c249410 (patch) | |
tree | 3e1acdd61696e50b6e2a9b6817d105b54527d031 | |
parent | 5234c479a47ba526f1bcc49c1b65b96811f04e19 (diff) | |
download | VeraCrypt-5192eac233d4ac1c972af724d01167d38c249410.tar.gz VeraCrypt-5192eac233d4ac1c972af724d01167d38c249410.zip |
Windows Driver: Use KeQueryInterruptTimePrecise on Windows 8.1 and newer as better seed for internal RNG compared to KeQueryInterruptTime
-rw-r--r-- | src/Common/Tcdefs.h | 4 | ||||
-rw-r--r-- | src/Driver/Ntdriver.c | 22 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 259a564b..3e2e860a 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -305,6 +305,10 @@ typedef NTSTATUS (NTAPI *ExGetFirmwareEnvironmentVariableFn) ( PULONG Attributes ); +typedef ULONG64 (NTAPI *KeQueryInterruptTimePreciseFn)( + PULONG64 QpcTimeStamp +); + typedef BOOLEAN (NTAPI *KeAreAllApcsDisabledFn) (); typedef void (NTAPI *KeSetSystemGroupAffinityThreadFn)( diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index b19ffb77..988b7317 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -145,6 +145,7 @@ static BOOL RamEncryptionActivated = FALSE; static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL; static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL; static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL; +static KeQueryInterruptTimePreciseFn KeQueryInterruptTimePrecisePtr = NULL; static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL; static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL; static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL; @@ -238,8 +239,17 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed) iSeed = KeQueryPerformanceCounter (&iSeed2); WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx); - iSeed.QuadPart = KeQueryInterruptTime (); - WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + if (KeQueryInterruptTimePrecisePtr) + { + iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart); + WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx); + } + else + { + iSeed.QuadPart = KeQueryInterruptTime (); + WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + } /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */ if (0 == jent_entropy_init ()) @@ -339,6 +349,14 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName); } + // KeQueryInterruptTimePrecise is available starting from Windows 8.1 + if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 3)) + { + UNICODE_STRING funcName; + RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise"); + KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName); + } + // Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath); |