Windows driver: better randomness for wipe bytes by always using Whirlpool hash of current time and random bytes retrieved using CPU RDRAND/RDSEED if available.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-01-31 01:10:38 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2019-02-01 00:36:19 +0100
commit: 5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa (patch)
tree: f5e52ea212bb8e2a9cec5e0b8ea532e6b8cce494 /src
parent: 61c1baa4bf5a97675187a37cf203e1937a060daa (diff)
download: VeraCrypt-5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa.tar.gz
VeraCrypt-5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa.zip
3 files changed, 40 insertions, 19 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index c17410df..a02ca3e5 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -28,6 +28,7 @@
 #include "DriveFilter.h"
 #include "Boot/Windows/BootCommon.h"
 #include "cpu.h"
+#include "rdrand.h"
 
 static BOOL DeviceFilterActive = FALSE;
 
@@ -1521,30 +1522,38 @@ static VOID SetupThreadProc (PVOID threadArg)
 	// generate real random values for wipeRandChars and 
 	// wipeRandCharsUpdate instead of relying on uninitialized stack memory
 	LARGE_INTEGER iSeed;
+	byte digest[WHIRLPOOL_DIGESTSIZE];
+	WHIRLPOOL_CTX tctx;
+		
+#ifndef _WIN64
+	KFLOATING_SAVE floatingPointState;
+	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+	if (HasISSE())
+		saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+
 	KeQuerySystemTime( &iSeed );
-	if (KeGetCurrentIrql() < DISPATCH_LEVEL)
+	WHIRLPOOL_init (&tctx);
+	WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
+	// use RDSEED or RDRAND from CPU as source of entropy if present
+	if (	(HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+		||	(HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
+		)
 	{
-		ULONG ulRandom;
-		ulRandom = RtlRandomEx( &iSeed.LowPart );
-		memcpy (wipeRandChars, &ulRandom, TC_WIPE_RAND_CHAR_COUNT);
-		ulRandom = RtlRandomEx( &ulRandom );
-		memcpy (wipeRandCharsUpdate, &ulRandom, TC_WIPE_RAND_CHAR_COUNT);
-		burn (&ulRandom, sizeof(ulRandom));
+		WHIRLPOOL_add (digest, sizeof(digest), &tctx);
 	}
-	else
-	{
-		byte digest[SHA512_DIGESTSIZE];
-		sha512_ctx tctx;
-		sha512_begin (&tctx);
-		sha512_hash ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
-		sha512_end (digest, &tctx);
+	WHIRLPOOL_finalize (&tctx, digest);
+
+#if !defined (_WIN64)
+	if (NT_SUCCESS (saveStatus))
+		KeRestoreFloatingPointState (&floatingPointState);
+#endif
 
-		memcpy (wipeRandChars, digest, TC_WIPE_RAND_CHAR_COUNT);
-		memcpy (wipeRandCharsUpdate, &digest[SHA512_DIGESTSIZE - TC_WIPE_RAND_CHAR_COUNT], TC_WIPE_RAND_CHAR_COUNT);
+	memcpy (wipeRandChars, digest, TC_WIPE_RAND_CHAR_COUNT);
+	memcpy (wipeRandCharsUpdate, &digest[WHIRLPOOL_DIGESTSIZE - TC_WIPE_RAND_CHAR_COUNT], TC_WIPE_RAND_CHAR_COUNT);
 
-		burn (digest, SHA512_DIGESTSIZE);
-		burn (&tctx, sizeof (tctx));
-	}
+	burn (digest, WHIRLPOOL_DIGESTSIZE);
+	burn (&tctx, sizeof (tctx));
 	
 	burn (&iSeed, sizeof(iSeed));
 
diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj
index 381d2083..894873d5 100644
--- a/src/Driver/Driver.vcxproj
+++ b/src/Driver/Driver.vcxproj
@@ -193,6 +193,7 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\Crypto\Camellia.c" />
+    <ClCompile Include="..\Crypto\rdrand.c" />
     <ClCompile Include="..\Crypto\SerpentFast.c" />
     <ClCompile Include="..\Crypto\SerpentFast_simd.cpp" />
     <ClCompile Include="DriveFilter.c" />
@@ -225,6 +226,7 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
     <None Include="..\Crypto\Aes_x86.asm" />
     <None Include="..\Crypto\Camellia_aesni_x64.S" />
     <None Include="..\Crypto\Camellia_x64.S" />
+    <None Include="..\Crypto\rdrand_ml.asm" />
     <None Include="..\Crypto\sha256-x86-nayuki.S">
       <FileType>Document</FileType>
     </None>
@@ -266,6 +268,7 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
     <ClInclude Include="..\Common\Apidrvr.h" />
     <ClInclude Include="..\Common\Cache.h" />
     <ClInclude Include="..\Common\Common.h" />
+    <ClInclude Include="..\Crypto\rdrand.h" />
     <ClInclude Include="DriveFilter.h" />
     <ClInclude Include="DumpFilter.h" />
     <ClInclude Include="EncryptedIoQueue.h" />
diff --git a/src/Driver/Driver.vcxproj.filters b/src/Driver/Driver.vcxproj.filters
index 3622c7a8..74cd18e8 100644
--- a/src/Driver/Driver.vcxproj.filters
+++ b/src/Driver/Driver.vcxproj.filters
@@ -108,6 +108,9 @@
     <ClCompile Include="..\Crypto\SerpentFast_simd.cpp">
       <Filter>Source Files\Crypto</Filter>
     </ClCompile>
+    <ClCompile Include="..\Crypto\rdrand.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\Crypto\Aes_hw_cpu.asm">
@@ -179,6 +182,9 @@
     <None Include="..\Crypto\sha512_avx2_x64.asm">
       <Filter>Source Files\Crypto</Filter>
     </None>
+    <None Include="..\Crypto\rdrand_ml.asm">
+      <Filter>Source Files\Crypto</Filter>
+    </None>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\Common\Apidrvr.h">
@@ -229,6 +235,9 @@
     <ClInclude Include="..\Common\Xts.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\Crypto\rdrand.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="Driver.rc">
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-01-31 01:10:38 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2019-02-01 00:36:19 +0100
commit	5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa (patch)
tree	f5e52ea212bb8e2a9cec5e0b8ea532e6b8cce494 /src
parent	61c1baa4bf5a97675187a37cf203e1937a060daa (diff)
download	VeraCrypt-5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa.tar.gz VeraCrypt-5571a8ba6b258decb9c9a109d3a8562e3d2ea5fa.zip