Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to add entropy from a hardware RNG to the Windows CryptoAPI?

I have a USB hardware random number generator (TrueRNG) which looks like a USB CDC serial port and can use it to add entropy to the pool in Linux using the rng-tools package's rngd.

Is there a way to feed this serial stream into the Windows entropy pool so that when applications use the CryptoAPI (CryptGenRandom function) they will get the random numbers from the TrueRNG?

I have looked through the CryptoAPI and can't seem to find anything that allows me to add entropy into the OS.

like image 929
euler357 Avatar asked Mar 03 '14 15:03

euler357


People also ask

Does Windows have a random number generator?

The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows.

What is RNGD?

rngd is a userspace daemon that uses multiple entropy sources to constantly refresh the system entropy pool. Even with non-blocking /dev/random, rngd allows the system to use multiple entropy sources instead of relying on just one.


1 Answers

Per the official documentation CryptGenRandom can use an optional input buffer with data to use as an auxiliary random seed, but the developer has to decide he wants to use it, it's not configurable by default for every call to CryptGenRandom.

However note that now, developers can/should also use BCryptGenRandom from CNG (Cryptography API: Next Generation) which is the replacement for CryptoAPI. But BCryptGenRandom does not support any input buffer as additional entropy, from Windows 8 and higher anyway...

I suppose this is a security design decision from Microsoft. They don't want to support an "untrusted" entropy source, as this is crucial to the system.

Here is an interesting document Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) Security Policy Document that lists how the Windows entropy pool is constructed (I've shortened many items so it's readable):

The Windows entropy pool is populated by periodically gathering random bits from the Trusted Platform Module (TPM) when present, as well as by periodically querying the values of the following OS variables:

  • The process ID of the currently running process
  • The thread ID of the currently running thread
  • A 32-bit tick count since the system boot
  • The current local date and time
  • The current system time of day information consisting of [...]
  • The current hardware-platform-dependent high-resolution performance-counter value
  • The information about the system's current usage of both physical and virtual memory [...]
  • The system device information consisting of [...]
  • The local disk information including [...]
  • A hash of the environment block for the current process
  • Some hardware CPU-specific cycle counters
  • The system file cache information consisting of [...]
  • The system processor power information consisting of [...]
  • The system page file information consisting of [...]
  • The system processor idle information consisting of Idle Time
  • The system processor performance information consisting of [...]
  • The system exception information consisting of [...]
  • The system look-aside information consisting of [...]
  • The system processor performance information consisting of [...]
  • The system interrupt information consisting of [...]
  • The system process information consisting of [...]

And it also lists 3 methods EntropyRegisterSource, EntropyUnregisterSource and EntropyProvideData supported by cng.sys.

I suppose using these could work, but they are not documented on MSDN (and it probably has changed since this document was written in 2013, but on my Windows 10 box, cng.sys has the 3 methods plus EntropyPoolTriggerReseedForIum and EntropyRegisterCallback...), which probably means they are not supported by Microsoft.

Plus you'll have to write a kernel driver (cng.sys is a kernel driver) which is consistent with the security implications: you'll need to be an administrator to install it.

like image 85
Simon Mourier Avatar answered Apr 05 '23 11:04

Simon Mourier