Windows: Add implementation of ChaCha20 based random generator. Use it for driver need of random bytes (currently only wipe bytes but more to come later).

src/Driver/DriveFilter.c

@@ -29,6 +29,7 @@
 #include "Boot/Windows/BootCommon.h"
 #include "cpu.h"
 #include "rdrand.h"
+#include "chachaRng.h"
 
 static BOOL DeviceFilterActive = FALSE;
 
@@ -1521,42 +1522,17 @@ static VOID SetupThreadProc (PVOID threadArg)
 
 	// generate real random values for wipeRandChars and 
 	// wipeRandCharsUpdate instead of relying on uninitialized stack memory
-	LARGE_INTEGER iSeed;
-	byte digest[WHIRLPOOL_DIGESTSIZE];
-	WHIRLPOOL_CTX tctx;
-		
-#ifndef _WIN64
-	KFLOATING_SAVE floatingPointState;
-	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
-	if (HasISSE())
-		saveStatus = KeSaveFloatingPointState (&floatingPointState);
-#endif
+	ChaCha20RngCtx rngCtx;
+	byte pbSeed[CHACHA20RNG_KEYSZ + CHACHA20RNG_IVSZ];
 
-	KeQuerySystemTime( &iSeed );
-	WHIRLPOOL_init (&tctx);
-	WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
-	// use RDSEED or RDRAND from CPU as source of entropy if enabled
-	if (	IsCpuRngEnabled() && 
-		(	(HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
-		||	(HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
-		))
-	{
-		WHIRLPOOL_add (digest, sizeof(digest), &tctx);
-	}
-	WHIRLPOOL_finalize (&tctx, digest);
+	GetDriverRandomSeed (pbSeed, sizeof (pbSeed));
+	ChaCha20RngInit (&rngCtx, pbSeed, GetDriverRandomSeed, 0);
 
-#if !defined (_WIN64)
-	if (NT_SUCCESS (saveStatus))
-		KeRestoreFloatingPointState (&floatingPointState);
-#endif
+	ChaCha20RngGetBytes (&rngCtx, wipeRandChars, TC_WIPE_RAND_CHAR_COUNT);
+	ChaCha20RngGetBytes (&rngCtx, wipeRandCharsUpdate, TC_WIPE_RAND_CHAR_COUNT);
 
-	memcpy (wipeRandChars, digest, TC_WIPE_RAND_CHAR_COUNT);
-	memcpy (wipeRandCharsUpdate, &digest[WHIRLPOOL_DIGESTSIZE - TC_WIPE_RAND_CHAR_COUNT], TC_WIPE_RAND_CHAR_COUNT);
-
-	burn (digest, WHIRLPOOL_DIGESTSIZE);
-	burn (&tctx, sizeof (tctx));
-	
-	burn (&iSeed, sizeof(iSeed));
+	burn (&rngCtx, sizeof (rngCtx));
+	FAST_ERASE64 (pbSeed, sizeof (pbSeed));
 
 	SetupResult = STATUS_UNSUCCESSFUL;
 

src/Driver/Driver.vcxproj

@@ -193,9 +193,13 @@ BuildDriver.cmd -rebuild -debug -x64 "$(SolutionDir)\Common" "$(SolutionDir)\Cry
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\Crypto\Camellia.c" />
+    <ClCompile Include="..\Crypto\chacha-xmm.c" />
+    <ClCompile Include="..\Crypto\chacha256.c" />
+    <ClCompile Include="..\Crypto\chachaRng.c" />
     <ClCompile Include="..\Crypto\rdrand.c" />
     <ClCompile Include="..\Crypto\SerpentFast.c" />
     <ClCompile Include="..\Crypto\SerpentFast_simd.cpp" />
+    <ClCompile Include="..\Crypto\Streebog.c" />
     <ClCompile Include="DriveFilter.c" />
     <ClCompile Include="DumpFilter.c" />
     <ClCompile Include="EncryptedIoQueue.c" />

src/Driver/Driver.vcxproj.filters

@@ -111,6 +111,18 @@
     <ClCompile Include="..\Crypto\rdrand.c">
       <Filter>Source Files\Crypto</Filter>
     </ClCompile>
+    <ClCompile Include="..\Crypto\chacha256.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\chachaRng.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\chacha-xmm.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
+    <ClCompile Include="..\Crypto\Streebog.c">
+      <Filter>Source Files\Crypto</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\Crypto\Aes_hw_cpu.asm">

src/Driver/Ntdriver.c

@@ -30,6 +30,8 @@
 #include "Cache.h"
 #include "Volumes.h"
 #include "VolumeFilter.h"
+#include "cpu.h"
+#include "rdrand.h"
 
 #include <tchar.h>
 #include <initguid.h>
@@ -143,6 +145,64 @@ ULONG ExDefaultMdlProtection = 0;
 
 PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
 
+void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)
+{
+	LARGE_INTEGER iSeed, iSeed2;
+	byte digest[WHIRLPOOL_DIGESTSIZE];
+	WHIRLPOOL_CTX tctx;
+	size_t count;
+
+#ifndef _WIN64
+	KFLOATING_SAVE floatingPointState;
+	NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;
+	if (HasISSE())
+		saveStatus = KeSaveFloatingPointState (&floatingPointState);
+#endif
+
+	while (cbRandSeed)
+	{	
+		WHIRLPOOL_init (&tctx);
+		// we hash current content of digest buffer which is initialized the first time
+		WHIRLPOOL_add (digest, WHIRLPOOL_DIGESTSIZE, &tctx);
+
+		// we use various time information as source of entropy
+		KeQuerySystemTime( &iSeed );
+		WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
+		iSeed = KeQueryPerformanceCounter (&iSeed2);
+		WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
+		WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);
+		iSeed.QuadPart = KeQueryInterruptTime ();
+		WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);
+
+		// use RDSEED or RDRAND from CPU as source of entropy if enabled
+		if (	IsCpuRngEnabled() && 
+			(	(HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))
+			||	(HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))
+			))
+		{
+			WHIRLPOOL_add (digest, sizeof(digest), &tctx);
+		}
+		WHIRLPOOL_finalize (&tctx, digest);
+
+		count = VC_MIN (cbRandSeed, sizeof (digest));
+
+		// copy digest value to seed buffer
+		memcpy (pbRandSeed, digest, count);
+		cbRandSeed -= count;
+		pbRandSeed += count;
+	}
+
+#if !defined (_WIN64)
+	if (NT_SUCCESS (saveStatus))
+		KeRestoreFloatingPointState (&floatingPointState);
+#endif
+
+	FAST_ERASE64 (digest, sizeof (digest));
+	FAST_ERASE64 (&iSeed.QuadPart, 8);
+	FAST_ERASE64 (&iSeed2.QuadPart, 8);
+	burn (&tctx, sizeof(tctx));
+}
+
 
 NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 {

src/Driver/Ntdriver.h

@@ -191,6 +191,7 @@ void GetElapsedTimeInit (LARGE_INTEGER *lastPerfCounter);
 int64 GetElapsedTime (LARGE_INTEGER *lastPerfCounter);
 BOOL IsOSAtLeast (OSVersionEnum reqMinOS);
 PDEVICE_OBJECT GetVirtualVolumeDeviceObject (int driveNumber);
+void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
 
 #define TC_BUG_CHECK(status) KeBugCheckEx (SECURITY_SYSTEM, __LINE__, (ULONG_PTR) status, 0, 'VC')