VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver/Ntdriver.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Driver/Ntdriver.c')
-rw-r--r--src/Driver/Ntdriver.c76
1 files changed, 76 insertions, 0 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index c778cfed..e70c0463 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -135,6 +135,7 @@ BOOL CacheBootPim = FALSE;
BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
BOOL BlockSystemTrimCommand = FALSE;
BOOL AllowWindowsDefrag = FALSE;
+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown
static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE;
@@ -148,6 +149,9 @@ static KeAreAllApcsDisabledFn KeAreAllApcsDisabledPtr = NULL;
static KeSetSystemGroupAffinityThreadFn KeSetSystemGroupAffinityThreadPtr = NULL;
static KeQueryActiveGroupCountFn KeQueryActiveGroupCountPtr = NULL;
static KeQueryActiveProcessorCountExFn KeQueryActiveProcessorCountExPtr = NULL;
+int EncryptionIoRequestCount = 0;
+int EncryptionItemCount = 0;
+int EncryptionFragmentSize = 0;
POOL_TYPE ExDefaultNonPagedPoolType = NonPagedPool;
ULONG ExDefaultMdlProtection = 0;
@@ -2883,6 +2887,18 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
}
break;
+ case VC_IOCTL_ENCRYPTION_QUEUE_PARAMS:
+ if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput))
+ {
+ EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer;
+ pParams->EncryptionFragmentSize = EncryptionFragmentSize;
+ pParams->EncryptionIoRequestCount = EncryptionIoRequestCount;
+ pParams->EncryptionItemCount = EncryptionItemCount;
+ Irp->IoStatus.Information = sizeof (EncryptionQueueParameters);
+ Irp->IoStatus.Status = STATUS_SUCCESS;
+ }
+ break;
+
default:
return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
}
@@ -3293,6 +3309,7 @@ LPWSTR TCTranslateCode (ULONG ulCode)
TC_CASE_RET_NAME (VC_IOCTL_GET_DRIVE_GEOMETRY_EX);
TC_CASE_RET_NAME (VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS);
TC_CASE_RET_NAME (VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED);
+ TC_CASE_RET_NAME (VC_IOCTL_ENCRYPTION_QUEUE_PARAMS);
TC_CASE_RET_NAME (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS);
@@ -4795,6 +4812,65 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
TCfree (data);
}
+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_IO_REQUEST_COUNT, &data)))
+ {
+ if (data->Type == REG_DWORD)
+ EncryptionIoRequestCount = *(uint32 *) data->Data;
+
+ TCfree (data);
+ }
+
+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_ITEM_COUNT, &data)))
+ {
+ if (data->Type == REG_DWORD)
+ EncryptionItemCount = *(uint32 *) data->Data;
+
+ TCfree (data);
+ }
+
+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_FRAGMENT_SIZE, &data)))
+ {
+ if (data->Type == REG_DWORD)
+ EncryptionFragmentSize = *(uint32 *) data->Data;
+
+ TCfree (data);
+ }
+
+ if (driverEntry)
+ {
+ if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)
+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;
+ else if (EncryptionIoRequestCount > TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT)
+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT;
+
+ if ((EncryptionItemCount == 0) || (EncryptionItemCount > (EncryptionIoRequestCount / 2)))
+ EncryptionItemCount = EncryptionIoRequestCount / 2;
+
+ /* EncryptionFragmentSize value in registry is expressed in KiB */
+ /* Maximum allowed value for EncryptionFragmentSize is 2048 KiB */
+ EncryptionFragmentSize *= 1024;
+ if (EncryptionFragmentSize == 0)
+ EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
+ else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))
+ EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
+
+
+ }
+
+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))
+ {
+ if (data->Type == REG_DWORD)
+ {
+ if (*((uint32 *) data->Data))
+ EraseKeysOnShutdown = TRUE;
+ else
+ EraseKeysOnShutdown = FALSE;
+ }
+
+ TCfree (data);
+ }
+
+
return status;
}