0

Is there a way I can use the OpenSSL library in windows kernel mode? I want to make a windows filter driver that intercepts the read and write operations and encrypts and decrypts the buffers. I already made a driver that can replace the buffers with some arbitrary content but now I need to encrypt the original content. I tried to include the OpenSSL dll-s in the project and i can compile and install the driver but when I try to start it I get this error System error 2 has occurred. The system cannot find the file specified.

This is the code that does the encryption. I know its not safe to use a static key but its just for testing.

void encrypt_aes_ctr(unsigned char* key, unsigned char* iv, unsigned char* data, unsigned char* out_data,int in_len,int*out_len)
{
   int  len;
   EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();;
   EVP_EncryptInit_ex(ctx, EVP_aes_256_ctr(), NULL, key, iv);
   EVP_EncryptUpdate(ctx, out_data, out_len, data, in_len);
   EVP_EncryptFinal_ex(ctx, out_data + *out_len, &len);
   *out_len += len;
}

And this is the call I make in the SwapPreWriteBuffers function

unsigned char key[32] = { 1,2,3,4,5,6,7,8,9,10,11,12,1,2,3,4,5,6,7,8,9,10,11,12,1,2,3,4,5,6,7,8 };
unsigned char iv[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,1,2,3,4 };
int len;
encrypt_aes_ctr(key, iv, origBuf, newBuf, writeLen, &len);
Ciprian Florin
  • 65
  • 7
  • Please post the complete error message that you get. – kiner_shah Jan 13 '22 at 09:56
  • That is the complete error message. The command I use to start the driver is net start – Ciprian Florin Jan 13 '22 at 10:08
  • So the error message doesn't specify which file is not found? By any chance is that file your driver itself? – kiner_shah Jan 13 '22 at 10:09
  • No, it doesn`t specify the file. I am sure the file is not the driver itself because if I start the driver with the same code but with the encrypt_aes_ctr function call deleted I get no error. I think the missing file is the openssl library – Ciprian Florin Jan 13 '22 at 10:13
  • I found online that net start command is used to start a service. I found this post which seems similar. See https://stackoverflow.com/a/19845423/4688321. – kiner_shah Jan 13 '22 at 10:17
  • Thanks, I found that too, but I dont think thats why I m having the problem. I don`t set any registry paths. – Ciprian Florin Jan 13 '22 at 10:40

1 Answers1

1

You should use CNG API which is Microsoft Standard API For Crypto.

for example for Encrypt

Here is Code Example that use BCrypt in Kernel (Random)

Baget
  • 3,318
  • 1
  • 24
  • 44
  • This was very usefull, thank you. Now I have to find a way to make user mode - kernel mode communication. I have found functions that do that on microsoft docs, such as FltCreateCommunicationPort, but i don`t know how to use them. Is there a sample code for that? – Ciprian Florin Jan 25 '22 at 10:02
  • Kernel Mode to User mode is usually done by IO Operation (Read\Write\IOCTL) – Baget Jan 26 '22 at 14:09