+#include <initguid.h>

+#include <Ntddstor.h>

+#include "cpu.h"

+#include "rdrand.h"

+#include "jitterentropy.h"

+BOOL AllowWindowsDefrag = FALSE;

+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown

+static BOOL RamEncryptionActivated = FALSE;

+static ExGetFirmwareEnvironmentVariableFn ExGetFirmwareEnvironmentVariablePtr = NULL;

+static KeQueryInterruptTimePreciseFn KeQueryInterruptTimePrecisePtr = NULL;

+static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;

+static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;

+static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;

+static KeQueryActiveProcessorCountExFn KeQueryActiveProcessorCountExPtr = NULL;

+int EncryptionIoRequestCount = 0;

+int EncryptionItemCount = 0;

+int EncryptionFragmentSize = 0;

+BOOL AlignValue (ULONG ulValue, ULONG ulAlignment, ULONG *pulResult)

+{

+ BOOL bRet = FALSE;

+ HRESULT hr;

+ if (ulAlignment == 0)

+ {

+ *pulResult = ulValue;

+ bRet = TRUE;

+ }

+ else

+ {

+ ulAlignment -= 1;

+ hr = ULongAdd (ulValue, ulAlignment, &ulValue);

+ if (S_OK == hr)

+ {

+ *pulResult = ulValue & (~ulAlignment);

+ bRet = TRUE;

+ }

+ }

+

+ return bRet;

+}

+

+BOOL IsUefiBoot ()

+{

+ BOOL bStatus = FALSE;

+ NTSTATUS ntStatus = STATUS_NOT_IMPLEMENTED;

+

+ Dump ("IsUefiBoot BEGIN\n");

+ ASSERT (KeGetCurrentIrql() == PASSIVE_LEVEL);

+

+ if (ExGetFirmwareEnvironmentVariablePtr)

+ {

+ ULONG valueLengh = 0;

+ UNICODE_STRING emptyName;

+ GUID guid;

+ RtlInitUnicodeString(&emptyName, L"");

+ memset (&guid, 0, sizeof(guid));

+ Dump ("IsUefiBoot calling ExGetFirmwareEnvironmentVariable\n");

+ ntStatus = ExGetFirmwareEnvironmentVariablePtr (&emptyName, &guid, NULL, &valueLengh, NULL);

+ Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable returned 0x%08x\n", ntStatus);

+ }

+ else

+ {

+ Dump ("IsUefiBoot ExGetFirmwareEnvironmentVariable not found on the system\n");

+ }

+

+ if (STATUS_NOT_IMPLEMENTED != ntStatus)

+ bStatus = TRUE;

+

+ Dump ("IsUefiBoot bStatus = %s END\n", bStatus? "TRUE" : "FALSE");

+ return bStatus;

+}

+

+void GetDriverRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed)

+{

+ LARGE_INTEGER iSeed, iSeed2;

+ byte digest[WHIRLPOOL_DIGESTSIZE];

+ WHIRLPOOL_CTX tctx;

+ size_t count;

+

+#ifndef _WIN64

+ KFLOATING_SAVE floatingPointState;

+ NTSTATUS saveStatus = STATUS_INVALID_PARAMETER;

+ if (HasISSE())

+ saveStatus = KeSaveFloatingPointState (&floatingPointState);

+#endif

+

+ while (cbRandSeed)

+ {

+ WHIRLPOOL_init (&tctx);

+ // we hash current content of digest buffer which is uninitialized the first time

+ WHIRLPOOL_add (digest, WHIRLPOOL_DIGESTSIZE, &tctx);

+

+ // we use various time information as source of entropy

+ KeQuerySystemTime( &iSeed );

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ iSeed = KeQueryPerformanceCounter (&iSeed2);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);

+ if (KeQueryInterruptTimePrecisePtr)

+ {

+ iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);

+ }

+ else

+ {

+ iSeed.QuadPart = KeQueryInterruptTime ();

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ }

+

+ /* use JitterEntropy library to get good quality random bytes based on CPU timing jitter */

+ if (0 == jent_entropy_init ())

+ {

+ struct rand_data *ec = jent_entropy_collector_alloc (1, 0);

+ if (ec)

+ {

+ ssize_t rndLen = jent_read_entropy (ec, (char*) digest, sizeof (digest));

+ if (rndLen > 0)

+ WHIRLPOOL_add (digest, (unsigned int) rndLen, &tctx);

+ jent_entropy_collector_free (ec);

+ }

+ }

+

+ // use RDSEED or RDRAND from CPU as source of entropy if enabled

+ if ( IsCpuRngEnabled() &&

+ ( (HasRDSEED() && RDSEED_getBytes (digest, sizeof (digest)))

+ || (HasRDRAND() && RDRAND_getBytes (digest, sizeof (digest)))

+ ))

+ {

+ WHIRLPOOL_add (digest, sizeof(digest), &tctx);

+ }

+ WHIRLPOOL_finalize (&tctx, digest);

+

+ count = VC_MIN (cbRandSeed, sizeof (digest));

+

+ // copy digest value to seed buffer

+ memcpy (pbRandSeed, digest, count);

+ cbRandSeed -= count;

+ pbRandSeed += count;

+ }

+

+#if !defined (_WIN64)

+ if (NT_SUCCESS (saveStatus))

+ KeRestoreFloatingPointState (&floatingPointState);

+#endif

+

+ FAST_ERASE64 (digest, sizeof (digest));

+ FAST_ERASE64 (&iSeed.QuadPart, 8);

+ FAST_ERASE64 (&iSeed2.QuadPart, 8);

+ burn (&tctx, sizeof(tctx));

+}

+

+ Dump ("DriverEntry " TC_APP_NAME " " VERSION_STRING VERSION_STRING_SUFFIX "\n");

+ // KeAreAllApcsDisabled is available starting from Windows Server 2003

+ if ((OsMajorVersion > 5) || (OsMajorVersion == 5 && OsMinorVersion >= 2))

+ {

+ UNICODE_STRING KeAreAllApcsDisabledFuncName;

+ RtlInitUnicodeString(&KeAreAllApcsDisabledFuncName, L"KeAreAllApcsDisabled");

+

+ KeAreAllApcsDisabledPtr = (KeAreAllApcsDisabledFn) MmGetSystemRoutineAddress(&KeAreAllApcsDisabledFuncName);

+ }

+

+ // KeQueryActiveGroupCount/KeQueryActiveProcessorCountEx/KeSetSystemGroupAffinityThread are available starting from Windows 7

+ UNICODE_STRING saveFuncName, restoreFuncName, groupCountFuncName, procCountFuncName, setAffinityFuncName;

+ RtlInitUnicodeString(&groupCountFuncName, L"KeQueryActiveGroupCount");

+ RtlInitUnicodeString(&procCountFuncName, L"KeQueryActiveProcessorCountEx");

+ RtlInitUnicodeString(&setAffinityFuncName, L"KeSetSystemGroupAffinityThread");

+ KeSetSystemGroupAffinityThreadPtr = (KeSetSystemGroupAffinityThreadFn) MmGetSystemRoutineAddress(&setAffinityFuncName);

+ KeQueryActiveGroupCountPtr = (KeQueryActiveGroupCountFn) MmGetSystemRoutineAddress(&groupCountFuncName);

+ KeQueryActiveProcessorCountExPtr = (KeQueryActiveProcessorCountExFn) MmGetSystemRoutineAddress(&procCountFuncName);

+ }

+

+ // ExGetFirmwareEnvironmentVariable is available starting from Windows 8

+ if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 2))

+ {

+ UNICODE_STRING funcName;

+ RtlInitUnicodeString(&funcName, L"ExGetFirmwareEnvironmentVariable");

+ ExGetFirmwareEnvironmentVariablePtr = (ExGetFirmwareEnvironmentVariableFn) MmGetSystemRoutineAddress(&funcName);

+ }

+

+ // KeQueryInterruptTimePrecise is available starting from Windows 8.1

+ if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 3))

+ {

+ UNICODE_STRING funcName;

+ RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise");

+ KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName);

+ LoadBootArguments(IsUefiBoot ());

+#ifdef _WIN64

+ if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))

+ {

+ // we enable RAM encryption only starting from Windows 7

+ if (RamEncryptionActivated)

+ {

+ if (t1ha_selfcheck__t1ha2() != 0)

+ TC_BUG_CHECK (STATUS_INVALID_PARAMETER);

+ if (!InitializeSecurityParameters(GetDriverRandomSeed))

+ TC_BUG_CHECK (STATUS_INVALID_PARAMETER);

+

+ EnableRamEncryption (TRUE);

+ }

+ }

+#endif

+

+#if defined (DEBUG) || defined (DEBUG_TRACE)

+#endif

+static wchar_t UpperCaseUnicodeChar (wchar_t c)

+{

+ if (c >= L'a' && c <= L'z')

+ return (c - L'a') + L'A';

+ return c;

+}

+

+static BOOL StringNoCaseCompare (const wchar_t* str1, const wchar_t* str2, size_t len)

+{

+ if (str1 && str2)

+ {

+ while (len)

+ {

+ if (UpperCaseUnicodeChar (*str1) != UpperCaseUnicodeChar (*str2))

+ return FALSE;

+ str1++;

+ str2++;

+ len--;

+ }

+ }

+

+ return TRUE;

+}

+

+static BOOL CheckStringLength (const wchar_t* str, size_t cchSize, size_t minLength, size_t maxLength, size_t* pcchLength)

+{

+ size_t actualLength;

+ for (actualLength = 0; actualLength < cchSize; actualLength++)

+ {

+ if (str[actualLength] == 0)

+ break;

+ }

+

+ if (pcchLength)

+ *pcchLength = actualLength;

+

+ if (actualLength == cchSize)

+ return FALSE;

+

+ if ((minLength != ((size_t) -1)) && (actualLength < minLength))

+ return FALSE;

+

+ if ((maxLength != ((size_t) -1)) && (actualLength > maxLength))

+ return FALSE;

+

+ return TRUE;

+}

+

+ // Add 1MB to the disk size to emulate the geometry of a real MBR disk

+ outputBuffer->DiskSize.QuadPart = Extension->DiskLength + BYTES_PER_MB;

+ }

+ }

+ outputBuffer->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->PartitionEntry->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->PartitionEntry->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ DWORD dwBuffersize = min (pVerifyInformation->Length, 16 * PAGE_SIZE);

+ PVOID buffer = TCalloc (dwBuffersize);

+ LARGE_INTEGER offset;

+ DWORD dwRemainingBytes = pVerifyInformation->Length, dwReadCount;

+ while (dwRemainingBytes)

+ {

+ dwReadCount = min (dwBuffersize, dwRemainingBytes);

+ Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, dwReadCount, &offset, NULL);

+ if (NT_SUCCESS (Irp->IoStatus.Status) && ioStatus.Information != dwReadCount)

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ break;

+ }

+ else if (!NT_SUCCESS (Irp->IoStatus.Status))

+ break;

+

+ dwRemainingBytes -= dwReadCount;

+ offset.QuadPart += (ULONGLONG) dwReadCount;

+ }

+

+ burn (buffer, dwBuffersize);

+ TCfree (buffer);

+ // Vista's, Windows 8.1 and later filesystem defragmenter fails if IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS does not succeed.

+ if (!(OsMajorVersion == 6 && OsMinorVersion == 0)

+ && !(IsOSAtLeast (WIN_8_1) && AllowWindowsDefrag && Extension->bRawDevice)

+ )

+

+ if (IsOSAtLeast (WIN_8_1))

+ {

+ // Windows 10 filesystem defragmenter works only if we report an extent with a real disk number

+ // So in the case of a VeraCrypt disk based volume, we use the disk number

+ // of the underlaying physical disk and we report a single extent

+ extents->NumberOfDiskExtents = 1;

+ extents->Extents[0].DiskNumber = Extension->DeviceNumber;

+ extents->Extents[0].StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ extents->Extents[0].ExtentLength.QuadPart = Extension->DiskLength;

+ }

+ else

+ {

+ // Vista: No extent data can be returned as this is not a physical drive.

+ memset (extents, 0, sizeof (*extents));

+ extents->NumberOfDiskExtents = 0;

+ }

+ capacity->DiskLength.QuadPart = Extension->DiskLength + BYTES_PER_MB; // Add 1MB to the disk size to emulate the geometry of a real MBR disk

+ capacity->NumberOfBlocks.QuadPart = capacity->DiskLength.QuadPart / capacity->BlockLength;

+ if (((ULONGLONG) inputLength) >= minSizeGeneric && ((ULONGLONG) inputLength) >= minSizedataSet && ((ULONGLONG) inputLength) >= minSizeParameter)

+ DWORD dwDataSetOffset;

+ if (AlignValue (inputLength, sizeof(DEVICE_DATA_SET_RANGE), &dwDataSetOffset))

+ Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE set. Setting data range to all volume.\n");

+

+ if (S_OK == ULongAdd(dwDataSetOffset, dwDataSetLength, &ulNewInputLength))

+ {

+ pNewSetAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) TCalloc (ulNewInputLength);

+ if (pNewSetAttrs)

+ {

+ PDEVICE_DATA_SET_RANGE pRange = (PDEVICE_DATA_SET_RANGE) (((unsigned char*) pNewSetAttrs) + dwDataSetOffset);

+ memcpy (pNewSetAttrs, pInputAttrs, inputLength);

+ pRange->StartingOffset = (ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset;

+ pRange->LengthInBytes = Extension->DiskLength;

+ pNewSetAttrs->Size = sizeof(DEVICE_MANAGE_DATA_SET_ATTRIBUTES);

+ pNewSetAttrs->Action = action;

+ pNewSetAttrs->Flags = pInputAttrs->Flags & (~DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE);

+ pNewSetAttrs->ParameterBlockOffset = pInputAttrs->ParameterBlockOffset;

+ pNewSetAttrs->ParameterBlockLength = pInputAttrs->ParameterBlockLength;

+ pNewSetAttrs->DataSetRangesOffset = dwDataSetOffset;

+ pNewSetAttrs->DataSetRangesLength = dwDataSetLength;

+ bForwardIoctl = TRUE;

+ }

+ else

+ {

+ Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - Failed to allocate memory.\n");

+ Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;

+ Irp->IoStatus.Information = 0;

+ }

+ }

+ else

+ {

+ Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE set but data range length computation overflowed.\n");

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ }

+ Dump ("ProcessVolumeDeviceControlIrp: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DEVICE_DSM_FLAG_ENTIRE_DATA_SET_RANGE set but data set offset computation overflowed.\n");

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Dump ("ProcessVolumeDeviceControlIrp (unknown code 0x%.8X)\n", irpSp->Parameters.DeviceIoControl.IoControlCode);

+ return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);

+ }

+

+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);

+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (OPEN_TEST_STRUCT))

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ break;

+ }

+

+ // check that opentest->wszFileName is a device path that starts with "\\Device\\Harddisk"

+ // 16 is the length of "\\Device\\Harddisk" which is the minimum

+ if ( !CheckStringLength (opentest->wszFileName, TC_MAX_PATH, 16, (size_t) -1, NULL)

+ || (!StringNoCaseCompare (opentest->wszFileName, L"\\Device\\Harddisk", 16))

+ )

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ break;

+ }

+

+

+ if (NT_SUCCESS (ntStatus) && (IoStatus.Information >= TC_VOLUME_HEADER_EFFECTIVE_SIZE))

+ size_t devicePathLen = 0;

+ WCHAR* wszPath = NULL;

+ // check that request->DevicePath has the expected format "\\Device\\HarddiskXXX\\Partition0"

+ // 28 is the length of "\\Device\\Harddisk0\\Partition0" which is the minimum

+ // 30 is the length of "\\Device\\Harddisk255\\Partition0" which is the maximum

+ wszPath = request->DevicePath;

+ if ( !CheckStringLength (wszPath, TC_MAX_PATH, 28, 30, &devicePathLen)

+ || (memcmp (wszPath, L"\\Device\\Harddisk", 16 * sizeof (WCHAR)))

+ || (memcmp (wszPath + (devicePathLen - 11), L"\\Partition0", 11 * sizeof (WCHAR)))

+ )

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ break;

+ }

+

+ byte *readBuffer = TCalloc (TC_MAX_VOLUME_SECTOR_SIZE);

+ if (!readBuffer)

+ Irp->IoStatus.Status = STATUS_INSUFFICIENT_RESOURCES;

+ Irp->IoStatus.Information = 0;

+ }

+ else

+ {

+ // Determine if the first sector contains a portion of the VeraCrypt Boot Loader

+ offset.QuadPart = 0; // MBR

+ ntStatus = ZwReadFile (NtFileHandle,

+ NULL,

+ NULL,

+ NULL,

+ &IoStatus,

+ readBuffer,

+ TC_MAX_VOLUME_SECTOR_SIZE,

+ &offset,

+ NULL);

+ if (NT_SUCCESS (ntStatus))

+ // check that we could read all needed data

+ if (IoStatus.Information >= TC_SECTOR_SIZE_BIOS)

+ size_t i;

+

+ // Check for dynamic drive

+ request->DriveIsDynamic = FALSE;

+

+ if (readBuffer[510] == 0x55 && readBuffer[511] == 0xaa)

+ int i;

+ for (i = 0; i < 4; ++i)

+ {

+ if (readBuffer[446 + i * 16 + 4] == PARTITION_LDM)

+ {

+ request->DriveIsDynamic = TRUE;

+ break;

+ }

+ }

+ request->BootLoaderVersion = 0;

+ request->Configuration = 0;

+ request->UserConfiguration = 0;

+ request->CustomUserMessage[0] = 0;

+ // Search for the string "VeraCrypt"

+ for (i = 0; i < TC_SECTOR_SIZE_BIOS - strlen (TC_APP_NAME); ++i)

+ if (memcmp (readBuffer + i, TC_APP_NAME, strlen (TC_APP_NAME)) == 0)

+ {

+ request->BootLoaderVersion = BE16 (*(uint16 *) (readBuffer + TC_BOOT_SECTOR_VERSION_OFFSET));

+ request->Configuration = readBuffer[TC_BOOT_SECTOR_CONFIG_OFFSET];

+

+ if (request->BootLoaderVersion != 0 && request->BootLoaderVersion <= VERSION_NUM)

+ {

+ request->UserConfiguration = readBuffer[TC_BOOT_SECTOR_USER_CONFIG_OFFSET];

+ memcpy (request->CustomUserMessage, readBuffer + TC_BOOT_SECTOR_USER_MESSAGE_OFFSET, TC_BOOT_SECTOR_USER_MESSAGE_MAX_LENGTH);

+ }

+ break;

+ }

+

+ Irp->IoStatus.Status = STATUS_SUCCESS;

+ Irp->IoStatus.Information = sizeof (*request);

+ else

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ }

+ }

+ else

+ {

+ Irp->IoStatus.Status = ntStatus;

+ Irp->IoStatus.Information = 0;

+ TCfree (readBuffer);

+ prop->mountDisabled = ListExtension->bMountManager? FALSE : TRUE;

+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);

+ if ((irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (MOUNT_STRUCT))

+ || mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD

+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);

+

+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ break;

+ }

+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);

+

+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))

+ {

+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;

+ Irp->IoStatus.Information = 0;

+ break;

+ }

+ case VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS:

+ EmergencyClearAllKeys (Irp, irpSp);

+ WipeCache();

+ break;

+

+ case VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED:

+ if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))

+ {

+ *(int *) Irp->AssociatedIrp.SystemBuffer = IsRamEncryptionEnabled() ? 1 : 0;

+ Irp->IoStatus.Information = sizeof (int);

+ Irp->IoStatus.Status = STATUS_SUCCESS;

+ }

+ break;

+

+ case VC_IOCTL_ENCRYPTION_QUEUE_PARAMS:

+ if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput))

+ {

+ EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer;

+ pParams->EncryptionFragmentSize = EncryptionFragmentSize;

+ pParams->EncryptionIoRequestCount = EncryptionIoRequestCount;

+ pParams->EncryptionItemCount = EncryptionItemCount;

+ Irp->IoStatus.Information = sizeof (EncryptionQueueParameters);

+ Irp->IoStatus.Status = STATUS_SUCCESS;

+ }

+ break;

+

+ if (bDevice && pThreadBlock->mount->bPartitionInInactiveSysEncScope

+ && (!Extension->cryptoInfo->hiddenVolume)

+ && (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)

+ )

+ {

+ // Support partial encryption only in the case of system encryption

+ Extension->Queue.EncryptedAreaStart = 0;

+ Extension->Queue.EncryptedAreaEnd = Extension->cryptoInfo->EncryptedAreaLength.Value - 1;

+ if (Extension->Queue.CryptoInfo->EncryptedAreaLength.Value == 0)

+ {

+ Extension->Queue.EncryptedAreaStart = -1;

+ Extension->Queue.EncryptedAreaEnd = -1;

+ }

+ Extension->Queue.bSupportPartialEncryption = TRUE;

+ }

+ TC_CASE_RET_NAME (VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS);

+ TC_CASE_RET_NAME (VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED);

+ TC_CASE_RET_NAME (VC_IOCTL_ENCRYPTION_QUEUE_PARAMS);

+ else if (ulCode == IOCTL_DISK_GROW_PARTITION)

+ return (LPWSTR) _T ("IOCTL_DISK_GROW_PARTITION");

+ VOID (*PsDereferenceImpersonationTokenD) (PACCESS_TOKEN ImpersonationToken);

+ UNICODE_STRING name;

+ RtlInitUnicodeString (&name, L"PsDereferenceImpersonationToken");

+ PsDereferenceImpersonationTokenD = MmGetSystemRoutineAddress (&name);

+ if (!PsDereferenceImpersonationTokenD)

+ TC_BUG_CHECK (STATUS_NOT_IMPLEMENTED);

+# define PsDereferencePrimaryToken

+# define PsDereferenceImpersonationToken PsDereferenceImpersonationTokenD

+ SeDeleteClientSecurity (&Extension->SecurityClientContext);

+# undef PsDereferencePrimaryToken

+# undef PsDereferenceImpersonationToken

+typedef struct

+{

+ PWSTR deviceName; ULONG IoControlCode; void *InputBuffer; ULONG InputBufferSize; void *OutputBuffer; ULONG OutputBufferSize;

+ NTSTATUS Status;

+ KEVENT WorkItemCompletedEvent;

+} TCDeviceIoControlWorkItemArgs;

+

+static VOID TCDeviceIoControlWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, TCDeviceIoControlWorkItemArgs *arg)

+{

+ arg->Status = TCDeviceIoControl (arg->deviceName, arg->IoControlCode, arg->InputBuffer, arg->InputBufferSize, arg->OutputBuffer, arg->OutputBufferSize);

+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);

+}

+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())

+ {

+ TCDeviceIoControlWorkItemArgs args;

+

+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);

+ if (!workItem)

+ return STATUS_INSUFFICIENT_RESOURCES;

+

+ args.deviceName = deviceName;

+ args.IoControlCode = IoControlCode;

+ args.InputBuffer = InputBuffer;

+ args.InputBufferSize = InputBufferSize;

+ args.OutputBuffer = OutputBuffer;

+ args.OutputBufferSize = OutputBufferSize;

+

+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);

+ IoQueueWorkItem (workItem, TCDeviceIoControlWorkItemRoutine, DelayedWorkQueue, &args);

+

+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);

+ IoFreeWorkItem (workItem);

+

+ return args.Status;

+ }

+

+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())

+ ULONG sectorSize;

+ status = GetDeviceSectorSize (driveDeviceObject, &sectorSize);

+ if (!NT_SUCCESS (status))

+ return status;

+

+ sectorBuffer = TCalloc (sectorSize);

+ for (offset.QuadPart = sysLength.QuadPart; ; offset.QuadPart += sectorSize)

+ status = TCReadDevice (driveDeviceObject, sectorBuffer, offset, sectorSize);

+ status = TCWriteDevice (driveDeviceObject, sectorBuffer, offset, sectorSize);

+typedef struct

+{

+ MOUNT_STRUCT* mount; PEXTENSION NewExtension;

+ NTSTATUS Status;

+ KEVENT WorkItemCompletedEvent;

+} UpdateFsVolumeInformationWorkItemArgs;

+

+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension);

+

+static VOID UpdateFsVolumeInformationWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UpdateFsVolumeInformationWorkItemArgs *arg)

+{

+ arg->Status = UpdateFsVolumeInformation (arg->mount, arg->NewExtension);

+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);

+}

+

+static NTSTATUS UpdateFsVolumeInformation (MOUNT_STRUCT* mount, PEXTENSION NewExtension)

+{

+ HANDLE volumeHandle;

+ PFILE_OBJECT volumeFileObject;

+ ULONG labelLen = (ULONG) wcslen (mount->wszLabel);

+ BOOL bIsNTFS = FALSE;

+ ULONG labelMaxLen, labelEffectiveLen;

+

+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())

+ {

+ UpdateFsVolumeInformationWorkItemArgs args;

+

+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);

+ if (!workItem)

+ return STATUS_INSUFFICIENT_RESOURCES;

+

+ args.mount = mount;

+ args.NewExtension = NewExtension;

+

+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);

+ IoQueueWorkItem (workItem, UpdateFsVolumeInformationWorkItemRoutine, DelayedWorkQueue, &args);

+

+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);

+ IoFreeWorkItem (workItem);

+

+ return args.Status;

+ }

+

+ __try

+ {

+ if (NT_SUCCESS (TCOpenFsVolume (NewExtension, &volumeHandle, &volumeFileObject)))

+ {

+ __try

+ {

+ ULONG fsStatus;

+

+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_IS_VOLUME_DIRTY, NULL, 0, &fsStatus, sizeof (fsStatus)))

+ && (fsStatus & VOLUME_IS_DIRTY))

+ {

+ mount->FilesystemDirty = TRUE;

+ }

+ }

+ __except (EXCEPTION_EXECUTE_HANDLER)

+ {

+ mount->FilesystemDirty = TRUE;

+ }

+

+ // detect if the filesystem is NTFS or FAT

+ __try

+ {

+ NTFS_VOLUME_DATA_BUFFER ntfsData;

+ if (NT_SUCCESS (TCFsctlCall (volumeFileObject, FSCTL_GET_NTFS_VOLUME_DATA, NULL, 0, &ntfsData, sizeof (ntfsData))))

+ {

+ bIsNTFS = TRUE;

+ }

+ }

+ __except (EXCEPTION_EXECUTE_HANDLER)

+ {

+ bIsNTFS = FALSE;

+ }

+

+ NewExtension->bIsNTFS = bIsNTFS;

+ mount->bIsNTFS = bIsNTFS;

+

+ if (labelLen > 0)

+ {

+ if (bIsNTFS)

+ labelMaxLen = 32; // NTFS maximum label length

+ else

+ labelMaxLen = 11; // FAT maximum label length

+

+ // calculate label effective length

+ labelEffectiveLen = labelLen > labelMaxLen? labelMaxLen : labelLen;

+

+ // correct the label in the device

+ memset (&NewExtension->wszLabel[labelEffectiveLen], 0, 33 - labelEffectiveLen);

+ memcpy (mount->wszLabel, NewExtension->wszLabel, 33);

+

+ // set the volume label

+ __try

+ {

+ IO_STATUS_BLOCK ioblock;

+ ULONG labelInfoSize = sizeof(FILE_FS_LABEL_INFORMATION) + (labelEffectiveLen * sizeof(WCHAR));

+ FILE_FS_LABEL_INFORMATION* labelInfo = (FILE_FS_LABEL_INFORMATION*) TCalloc (labelInfoSize);

+ if (labelInfo)

+ {

+ labelInfo->VolumeLabelLength = labelEffectiveLen * sizeof(WCHAR);

+ memcpy (labelInfo->VolumeLabel, mount->wszLabel, labelInfo->VolumeLabelLength);

+

+ if (STATUS_SUCCESS == ZwSetVolumeInformationFile (volumeHandle, &ioblock, labelInfo, labelInfoSize, FileFsLabelInformation))

+ {

+ mount->bDriverSetLabel = TRUE;

+ NewExtension->bDriverSetLabel = TRUE;

+ }

+

+ TCfree(labelInfo);

+ }

+ }

+ __except (EXCEPTION_EXECUTE_HANDLER)

+ {

+

+ }

+ }

+

+ TCCloseFsVolume (volumeHandle, volumeFileObject);

+ }

+ }

+ __except (EXCEPTION_EXECUTE_HANDLER)

+ {

+

+ }

+

+ return STATUS_SUCCESS;

+}

+

+ {

+ // We create symbolic link even if mount manager is notified of

+ // arriving volume as it apparently sometimes fails to create the link

+ CreateDriveLink (mount->nDosDriveNo);

+ }

+ if (mount->bMountManager)

+ NTSTATUS updateStatus = UpdateFsVolumeInformation (mount, NewExtension);

+ if (!NT_SUCCESS (updateStatus))

+ Dump ("MountDevice: UpdateFsVolumeInformation failed with status 0x%08x\n", updateStatus);

+typedef struct

+{

+ UNMOUNT_STRUCT *unmountRequest; PDEVICE_OBJECT deviceObject; BOOL ignoreOpenFiles;

+ NTSTATUS Status;

+ KEVENT WorkItemCompletedEvent;

+} UnmountDeviceWorkItemArgs;

+

+

+static VOID UnmountDeviceWorkItemRoutine (PDEVICE_OBJECT rootDeviceObject, UnmountDeviceWorkItemArgs *arg)

+{

+ arg->Status = UnmountDevice (arg->unmountRequest, arg->deviceObject, arg->ignoreOpenFiles);

+ KeSetEvent (&arg->WorkItemCompletedEvent, IO_NO_INCREMENT, FALSE);

+}

+

+ if ((KeGetCurrentIrql() >= APC_LEVEL) || VC_KeAreAllApcsDisabled())

+ {

+ UnmountDeviceWorkItemArgs args;

+

+ PIO_WORKITEM workItem = IoAllocateWorkItem (RootDeviceObject);

+ if (!workItem)

+ return STATUS_INSUFFICIENT_RESOURCES;

+

+ args.deviceObject = deviceObject;

+ args.unmountRequest = unmountRequest;

+ args.ignoreOpenFiles = ignoreOpenFiles;

+

+ KeInitializeEvent (&args.WorkItemCompletedEvent, SynchronizationEvent, FALSE);

+ IoQueueWorkItem (workItem, UnmountDeviceWorkItemRoutine, DelayedWorkQueue, &args);

+

+ KeWaitForSingleObject (&args.WorkItemCompletedEvent, Executive, KernelMode, FALSE, NULL);

+ IoFreeWorkItem (workItem);

+

+ return args.Status;

+ }

+

+size_t GetCpuCount (WORD* pGroupCount)

+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)

+ {

+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();

+ for (i = 0; i < groupCount; i++)

+ {

+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);

+ }

+ if (pGroupCount)

+ *pGroupCount = groupCount;

+ }

+ else

+ KAFFINITY activeCpuMap = KeQueryActiveProcessors();

+ size_t mapSize = sizeof (activeCpuMap) * 8;

+ while (mapSize--)

+ {

+ if (activeCpuMap & 1)

+ ++cpuCount;

+

+ activeCpuMap >>= 1;

+ }

+

+ if (pGroupCount)

+ *pGroupCount = 1;

+USHORT GetCpuGroup (size_t index)

+{

+ if (KeQueryActiveGroupCountPtr && KeQueryActiveProcessorCountExPtr)

+ {

+ USHORT i, groupCount = KeQueryActiveGroupCountPtr ();

+ size_t cpuCount = 0;

+ for (i = 0; i < groupCount; i++)

+ {

+ cpuCount += (size_t) KeQueryActiveProcessorCountExPtr (i);

+ if (cpuCount >= index)

+ {

+ return i;

+ }

+ }

+ }

+

+ return 0;

+}

+

+void SetThreadCpuGroupAffinity (USHORT index)

+{

+ if (KeSetSystemGroupAffinityThreadPtr)

+ {

+ GROUP_AFFINITY groupAffinity = {0};

+ groupAffinity.Mask = ~0ULL;

+ groupAffinity.Group = index;

+ KeSetSystemGroupAffinityThreadPtr (&groupAffinity, NULL);

+ }

+}

+ waitInterval.QuadPart = ((LONGLONG)retryDelay) * -10000;

+

+ /* clear VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION if it is set */

+ if (flags & VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION)

+ {

+ flags ^= VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION;

+ WriteRegistryConfigFlags (flags);

+ }

+

+ RamEncryptionActivated = (flags & VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION) ? TRUE : FALSE;

+ EnableCpuRng ((flags & VC_DRIVER_CONFIG_ENABLE_CPU_RNG) ? TRUE : FALSE);

+ AllowWindowsDefrag = (flags & VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG)? TRUE : FALSE;

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_IO_REQUEST_COUNT, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionIoRequestCount = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_ITEM_COUNT, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionItemCount = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_FRAGMENT_SIZE, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionFragmentSize = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry)

+ {

+ if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)

+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;

+ else if (EncryptionIoRequestCount > TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT)

+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT;

+

+ if ((EncryptionItemCount == 0) || (EncryptionItemCount > (EncryptionIoRequestCount / 2)))

+ EncryptionItemCount = EncryptionIoRequestCount / 2;

+

+ /* EncryptionFragmentSize value in registry is expressed in KiB */

+ /* Maximum allowed value for EncryptionFragmentSize is 2048 KiB */

+ EncryptionFragmentSize *= 1024;

+ if (EncryptionFragmentSize == 0)

+ EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

+ else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))

+ EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

+

+

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ {

+ if (*((uint32 *) data->Data))

+ EraseKeysOnShutdown = TRUE;

+ else

+ EraseKeysOnShutdown = FALSE;

+ }

+

+ TCfree (data);

+ }

+

+

+NTSTATUS NTAPI KeSaveExtendedProcessorStateVC (

+VOID NTAPI KeRestoreExtendedProcessorStateVC (

+}

+

+BOOLEAN VC_KeAreAllApcsDisabled (VOID)

+{

+ if (KeAreAllApcsDisabledPtr)

+ return (KeAreAllApcsDisabledPtr) ();

+ else

+ return FALSE;

+}