Windows driver: better randomness for wipe bytes by always using Whirlpool hash of current time and random bytes retrieved using CPU RDRAND/RDSEED if available.

2025-11-11 19:08:26 -06:00 · 2019-01-31 01:10:38 +01:00
parent 61c1baa4bf
commit 5571a8ba6b
3 changed files with 40 additions and 19 deletions
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -28,6 +28,7 @@
 #include "DriveFilter.h"
 #include "Boot/Windows/BootCommon.h"
 #include "cpu.h"
+#include "rdrand.h"

 static BOOL DeviceFilterActive = FALSE;

@@ -1521,30 +1522,38 @@ static VOID SetupThreadProc (PVOID threadArg)
 	// generate real random values for wipeRandChars and 
 	// wipeRandCharsUpdate instead of relying on uninitialized stack memory
 	LARGE_INTEGER iSeed;
+	byte digest[WHIRLPOOL_DIGESTSIZE];
+	WHIRLPOOL_CTX tctx;
+		
+#ifndef _WIN64
+	KFLOATING_SAVE floatingPointState;
+	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+	if (HasISSE())
+		saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+
 	KeQuerySystemTime( &iSeed );
-	if (KeGetCurrentIrql() < DISPATCH_LEVEL)
+	WHIRLPOOL_init (&tctx);
+	WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
+	// use RDSEED or RDRAND from CPU as source of entropy if present
+	if (	(HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+		||	(HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
+		)
 	{
-		ULONG ulRandom;
-		ulRandom = RtlRandomEx( &iSeed.LowPart );
-		memcpy (wipeRandChars, &ulRandom, TC_WIPE_RAND_CHAR_COUNT);
-		ulRandom = RtlRandomEx( &ulRandom );
-		memcpy (wipeRandCharsUpdate, &ulRandom, TC_WIPE_RAND_CHAR_COUNT);
-		burn (&ulRandom, sizeof(ulRandom));
+		WHIRLPOOL_add (digest, sizeof(digest), &tctx);
 	}
-	else
-	{
-		byte digest[SHA512_DIGESTSIZE];
-		sha512_ctx tctx;
-		sha512_begin (&tctx);
-		sha512_hash ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
-		sha512_end (digest, &tctx);
+	WHIRLPOOL_finalize (&tctx, digest);

-		memcpy (wipeRandChars, digest, TC_WIPE_RAND_CHAR_COUNT);
-		memcpy (wipeRandCharsUpdate, &digest[SHA512_DIGESTSIZE - TC_WIPE_RAND_CHAR_COUNT], TC_WIPE_RAND_CHAR_COUNT);
+#if !defined (_WIN64)
+	if (NT_SUCCESS (saveStatus))
+		KeRestoreFloatingPointState (&floatingPointState);
+#endif

-		burn (digest, SHA512_DIGESTSIZE);
-		burn (&tctx, sizeof (tctx));
-	}
+	memcpy (wipeRandChars, digest, TC_WIPE_RAND_CHAR_COUNT);
+	memcpy (wipeRandCharsUpdate, &digest[WHIRLPOOL_DIGESTSIZE - TC_WIPE_RAND_CHAR_COUNT], TC_WIPE_RAND_CHAR_COUNT);
+
+	burn (digest, WHIRLPOOL_DIGESTSIZE);
+	burn (&tctx, sizeof (tctx));
 	
 	burn (&iSeed, sizeof(iSeed));