+BOOL EraseKeysOnShutdown = TRUE; // by default, we erase encryption keys on system shutdown

+static KeQueryInterruptTimePreciseFn KeQueryInterruptTimePrecisePtr = NULL;

+int EncryptionIoRequestCount = 0;

+int EncryptionItemCount = 0;

+int EncryptionFragmentSize = 0;

+ if (KeQueryInterruptTimePrecisePtr)

+ {

+ iSeed.QuadPart = KeQueryInterruptTimePrecisePtr (&iSeed2.QuadPart);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ WHIRLPOOL_add ((unsigned char *) &(iSeed2.QuadPart), sizeof(iSeed2.QuadPart), &tctx);

+ }

+ else

+ {

+ iSeed.QuadPart = KeQueryInterruptTime ();

+ WHIRLPOOL_add ((unsigned char *) &(iSeed.QuadPart), sizeof(iSeed.QuadPart), &tctx);

+ }

+ // KeQueryInterruptTimePrecise is available starting from Windows 8.1

+ if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 3))

+ {

+ UNICODE_STRING funcName;

+ RtlInitUnicodeString(&funcName, L"KeQueryInterruptTimePrecise");

+ KeQueryInterruptTimePrecisePtr = (KeQueryInterruptTimePreciseFn) MmGetSystemRoutineAddress(&funcName);

+ }

+

+ // Add 1MB to the disk size to emulate the geometry of a real MBR disk

+ outputBuffer->DiskSize.QuadPart = Extension->DiskLength + BYTES_PER_MB;

+ outputBuffer->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->PartitionEntry->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ outputBuffer->PartitionEntry->StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ extents->Extents[0].StartingOffset.QuadPart = BYTES_PER_MB; // Set offset to 1MB to emulate the partition offset on a real MBR disk

+ capacity->DiskLength.QuadPart = Extension->DiskLength + BYTES_PER_MB; // Add 1MB to the disk size to emulate the geometry of a real MBR disk

+ capacity->NumberOfBlocks.QuadPart = capacity->DiskLength.QuadPart / capacity->BlockLength;

+

+ case VC_IOCTL_ENCRYPTION_QUEUE_PARAMS:

+ if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput))

+ {

+ EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer;

+ pParams->EncryptionFragmentSize = EncryptionFragmentSize;

+ pParams->EncryptionIoRequestCount = EncryptionIoRequestCount;

+ pParams->EncryptionItemCount = EncryptionItemCount;

+ Irp->IoStatus.Information = sizeof (EncryptionQueueParameters);

+ Irp->IoStatus.Status = STATUS_SUCCESS;

+ }

+ break;

+

+ if (bDevice && pThreadBlock->mount->bPartitionInInactiveSysEncScope

+ && (!Extension->cryptoInfo->hiddenVolume)

+ && (Extension->cryptoInfo->EncryptedAreaLength.Value != Extension->cryptoInfo->VolumeSize.Value)

+ )

+ {

+ // Support partial encryption only in the case of system encryption

+ Extension->Queue.EncryptedAreaStart = 0;

+ Extension->Queue.EncryptedAreaEnd = Extension->cryptoInfo->EncryptedAreaLength.Value - 1;

+ if (Extension->Queue.CryptoInfo->EncryptedAreaLength.Value == 0)

+ {

+ Extension->Queue.EncryptedAreaStart = -1;

+ Extension->Queue.EncryptedAreaEnd = -1;

+ }

+ Extension->Queue.bSupportPartialEncryption = TRUE;

+ }

+ TC_CASE_RET_NAME (VC_IOCTL_ENCRYPTION_QUEUE_PARAMS);

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_IO_REQUEST_COUNT, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionIoRequestCount = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_ITEM_COUNT, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionItemCount = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_FRAGMENT_SIZE, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ EncryptionFragmentSize = *(uint32 *) data->Data;

+

+ TCfree (data);

+ }

+

+ if (driverEntry)

+ {

+ if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)

+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;

+ else if (EncryptionIoRequestCount > TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT)

+ EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT;

+

+ if ((EncryptionItemCount == 0) || (EncryptionItemCount > (EncryptionIoRequestCount / 2)))

+ EncryptionItemCount = EncryptionIoRequestCount / 2;

+

+ /* EncryptionFragmentSize value in registry is expressed in KiB */

+ /* Maximum allowed value for EncryptionFragmentSize is 2048 KiB */

+ EncryptionFragmentSize *= 1024;

+ if (EncryptionFragmentSize == 0)

+ EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

+ else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))

+ EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;

+

+

+ }

+

+ if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ERASE_KEYS_SHUTDOWN, &data)))

+ {

+ if (data->Type == REG_DWORD)

+ {

+ if (*((uint32 *) data->Data))

+ EraseKeysOnShutdown = TRUE;

+ else

+ EraseKeysOnShutdown = FALSE;

+ }

+

+ TCfree (data);

+ }

+

+