diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-29 22:14:43 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-09-29 22:14:43 +0200 |
| commit | 5192eac233d4ac1c972af724d01167d38c249410 (patch) | |
| tree | 3e1acdd61696e50b6e2a9b6817d105b54527d031 /src/Driver | |
| parent | 5234c479a47ba526f1bcc49c1b65b96811f04e19 (diff) | |
| download | VeraCrypt-5192eac233d4ac1c972af724d01167d38c249410.tar.gz VeraCrypt-5192eac233d4ac1c972af724d01167d38c249410.zip | |
Windows Driver: Use KeQueryInterruptTimePrecise on Windows 8.1 and newer as better seed for internal RNG compared to KeQueryInterruptTime
Diffstat (limited to 'src/Driver')
| -rw-r--r-- | src/Driver/Ntdriver.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index b19ffb77..988b7317 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -145,6 +145,7 @@ static BOOL RamEncryptionActivated = FALSE; static KeSaveExtendedProcessorStateFn KeSaveExtendedProcessorStatePtr = NULL; static KeRestoreExtendedProcessorStateFn KeRestoreExtendedProcessorStatePtr = NULL; static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL; +static KeQueryInterruptTimePreciseFn KeQueryInterruptTimePrecisePtr = NULL; static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL; static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL; static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL; @@ -238,8 +239,17 @@ void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed) iSeed = KeQueryPerformanceCounter (&iSeed2); WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx); - iSeed.QuadPart = KeQueryInterruptTime (); - WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + if (KeQueryInterruptTimePrecisePtr) + { + iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart); + WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx); + } + else + { + iSeed.QuadPart = KeQueryInterruptTime (); + WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx); + } /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */ if (0 == jent_entropy_init ()) @@ -339,6 +349,14 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName); } + // KeQueryInterruptTimePrecise is available starting from Windows 8.1 + if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 3)) + { + UNICODE_STRING funcName; + RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise"); + KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName); + } + // Load dump filter if the main driver is already loaded if (NT_SUCCESS (TCDeviceIoControl (NT_ROOT_PREFIX, TC_IOCTL_GET_DRIVER_VERSION, NULL, 0, &version, sizeof (version)))) return DumpFilterEntry ((PFILTER_EXTENSION) DriverObject, (PFILTER_INITIALIZATION_DATA) RegistryPath); |