Windows driver: Set maximum values for encryption queue parameters. Add IOCTL code to read used values from user space maximum value for EncryptionFragmentSize is 2048 maximum value for EncryptionIoRequestCount is 8192 maximum value for EncryptionItemCount is (EncryptionIoRequestCount/2)

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2021-12-30 00:34:52 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2021-12-30 00:42:39 +0100
commit: f63c2ec13c5f74e5211409ae2c3367a2171adb83 (patch)
tree: d7d7899b5e078d1bc14c0c3e4ce0092d1a76e9d1 /src/Driver
parent: fac35ab08abc26d05e4b737d716f77ac794798d2 (diff)
download: VeraCrypt-f63c2ec13c5f74e5211409ae2c3367a2171adb83.tar.gz
VeraCrypt-f63c2ec13c5f74e5211409ae2c3367a2171adb83.zip
2 files changed, 18 insertions, 3 deletions
diff --git a/src/Driver/EncryptedIoQueue.h b/src/Driver/EncryptedIoQueue.h
index d9bef42b..c4b6f269 100644
--- a/src/Driver/EncryptedIoQueue.h
+++ b/src/Driver/EncryptedIoQueue.h
@@ -1,61 +1,62 @@
 /*
  Derived from source code of TrueCrypt 7.1a, which is
  Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
  by the TrueCrypt License 3.0.
 
  Modifications and additions to the original source code (contained in this file)
  and all other portions of this file are Copyright (c) 2013-2017 IDRIX
  and are governed by the Apache License 2.0 the full text of which is
  contained in the file License.txt included in VeraCrypt binary and source
  code distribution packages.
 */
 
 #ifndef TC_HEADER_DRIVER_ENCRYPTED_IO_QUEUE
 #define TC_HEADER_DRIVER_ENCRYPTED_IO_QUEUE
 
 #include "TCdefs.h"
 #include "Apidrvr.h"
 
 #if 0
 #	define TC_TRACE_IO_QUEUE
 #endif
 
 #define TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE (256 * 1024)
 
 #define TC_ENC_IO_QUEUE_PREALLOCATED_ITEM_COUNT 8
 #define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT 16
+#define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT 8192
 
 
 typedef struct EncryptedIoQueueBufferStruct
 {
 	struct EncryptedIoQueueBufferStruct *NextBuffer;
 
 	void *Address;
 	ULONG Size;
 	BOOL InUse;
 
 } EncryptedIoQueueBuffer;
 
 
 typedef struct
 {
 	PDEVICE_OBJECT DeviceObject;
 
 	KMUTEX BufferPoolMutex;
 	EncryptedIoQueueBuffer *FirstPoolBuffer;
 
 	CRYPTO_INFO *CryptoInfo;
 
 	// File-handle-based IO
 	HANDLE HostFileHandle;
 	int64 VirtualDeviceLength;
 	SECURITY_CLIENT_CONTEXT *SecurityClientContext;
 
 	// Filter device
 	BOOL IsFilterDevice;
 	PDEVICE_OBJECT LowerDeviceObject;
 	int64 EncryptedAreaStart;
 	volatile int64 EncryptedAreaEnd;
 	volatile BOOL EncryptedAreaEndUpdatePending;
 	BOOL RemapEncryptedArea;
 	int64 RemappedAreaOffset;
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 3c7b50dc..6f068a8f 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -2854,70 +2854,82 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 		Irp->IoStatus.Status = ReadRegistryConfigFlags (FALSE);
 		Irp->IoStatus.Information = 0;
 		break;
 
 	case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG:
 		if (	(ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
 			&&	(Irp->RequestorMode == KernelMode)
 			)
 		{
 			GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer;
 
 			request->BootDriveFilterExtension = GetBootDriveFilterExtension();
 			if (IsBootDriveMounted() && request->BootDriveFilterExtension)
 			{
 				request->HwEncryptionEnabled = IsHwEncryptionEnabled();
 				Irp->IoStatus.Status = STATUS_SUCCESS;
 				Irp->IoStatus.Information = sizeof (*request);
 			}
 			else
 			{
 				Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
 				Irp->IoStatus.Information = 0;
 			}
 		}
 		break;
 
 	case VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED:
 		if (ValidateIOBufferSize (Irp, sizeof (int), ValidateOutput))
 		{
 			*(int *) Irp->AssociatedIrp.SystemBuffer = IsRamEncryptionEnabled() ? 1 : 0;
 			Irp->IoStatus.Information = sizeof (int);
 			Irp->IoStatus.Status = STATUS_SUCCESS;
 		}
 		break;
 
+	case VC_IOCTL_ENCRYPTION_QUEUE_PARAMS:
+		if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput))
+		{
+			EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer;
+			pParams->EncryptionFragmentSize = EncryptionFragmentSize;
+			pParams->EncryptionIoRequestCount = EncryptionIoRequestCount;
+			pParams->EncryptionItemCount = EncryptionItemCount;
+			Irp->IoStatus.Information = sizeof (EncryptionQueueParameters);
+			Irp->IoStatus.Status = STATUS_SUCCESS;
+		}
+		break;
+
 	default:
 		return TCCompleteIrp (Irp, STATUS_INVALID_DEVICE_REQUEST, 0);
 	}
 
 
 #if defined(DEBUG) || defined(DEBUG_TRACE)
 	if (!NT_SUCCESS (Irp->IoStatus.Status))
 	{
 		switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
 		{
 		case TC_IOCTL_GET_MOUNTED_VOLUMES:
 		case TC_IOCTL_GET_PASSWORD_CACHE_STATUS:
 		case TC_IOCTL_GET_PORTABLE_MODE_STATUS:
 		case TC_IOCTL_SET_PORTABLE_MODE_STATUS:
 		case TC_IOCTL_OPEN_TEST:
 		case TC_IOCTL_GET_RESOLVED_SYMLINK:
 		case TC_IOCTL_GET_DRIVE_PARTITION_INFO:
 		case TC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES:
 		case TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS:
 		case TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING:
 			break;
 
 		default:
 			Dump ("IOCTL error 0x%08x\n", Irp->IoStatus.Status);
 		}
 	}
 #endif
 
 	return TCCompleteIrp (Irp, Irp->IoStatus.Status, Irp->IoStatus.Information);
 }
 
 
 NTSTATUS TCStartThread (PKSTART_ROUTINE threadProc, PVOID threadArg, PKTHREAD *kThread)
 {
 	return TCStartThreadInProcess (threadProc, threadArg, kThread, NULL);
@@ -3264,70 +3276,71 @@ LPWSTR TCTranslateCode (ULONG ulCode)
 		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_ALGORITHM_NAME);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_SETUP_RESULT);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_ENCRYPTION_STATUS);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_BOOT_LOADER_VERSION);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_RESULT);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DECOY_SYSTEM_WIPE_STATUS);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DEVICE_REFCOUNT);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_GEOMETRY);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVE_PARTITION_INFO);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_DRIVER_VERSION);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_MOUNTED_VOLUMES);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_PASSWORD_CACHE_STATUS);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_PORTABLE_MODE_STATUS);
 		TC_CASE_RET_NAME (TC_IOCTL_SET_PORTABLE_MODE_STATUS);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_RESOLVED_SYMLINK);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_VOLUME_PROPERTIES);
 		TC_CASE_RET_NAME (TC_IOCTL_GET_WARNING_FLAGS);
 		TC_CASE_RET_NAME (TC_IOCTL_DISK_IS_WRITABLE);
 		TC_CASE_RET_NAME (TC_IOCTL_IS_ANY_VOLUME_MOUNTED);
 		TC_CASE_RET_NAME (TC_IOCTL_IS_DRIVER_UNLOAD_DISABLED);
 		TC_CASE_RET_NAME (TC_IOCTL_IS_HIDDEN_SYSTEM_RUNNING);
 		TC_CASE_RET_NAME (TC_IOCTL_MOUNT_VOLUME);
 		TC_CASE_RET_NAME (TC_IOCTL_OPEN_TEST);
 		TC_CASE_RET_NAME (TC_IOCTL_PROBE_REAL_DRIVE_SIZE);
 		TC_CASE_RET_NAME (TC_IOCTL_REOPEN_BOOT_VOLUME_HEADER);
 		TC_CASE_RET_NAME (TC_IOCTL_REREAD_DRIVER_CONFIG);
 		TC_CASE_RET_NAME (TC_IOCTL_SET_SYSTEM_FAVORITE_VOLUME_DIRTY);
 		TC_CASE_RET_NAME (TC_IOCTL_START_DECOY_SYSTEM_WIPE);
 		TC_CASE_RET_NAME (TC_IOCTL_WIPE_PASSWORD_CACHE);
 		TC_CASE_RET_NAME (TC_IOCTL_WRITE_BOOT_DRIVE_SECTOR);
 		TC_CASE_RET_NAME (VC_IOCTL_GET_DRIVE_GEOMETRY_EX);
 		TC_CASE_RET_NAME (VC_IOCTL_EMERGENCY_CLEAR_ALL_KEYS);
 		TC_CASE_RET_NAME (VC_IOCTL_IS_RAM_ENCRYPTION_ENABLED);
+		TC_CASE_RET_NAME (VC_IOCTL_ENCRYPTION_QUEUE_PARAMS);
 
 		TC_CASE_RET_NAME (IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS);
 
 #undef TC_CASE_RET_NAME
 	}
 
 	if (ulCode ==			 IOCTL_DISK_GET_DRIVE_GEOMETRY)
 		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY");
 	else if (ulCode ==		 IOCTL_DISK_GET_DRIVE_GEOMETRY_EX)
 		return (LPWSTR) _T ("IOCTL_DISK_GET_DRIVE_GEOMETRY_EX");
 	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_DEVICE_NAME)
 		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_DEVICE_NAME");
 	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME)
 		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_SUGGESTED_LINK_NAME");
 	else if (ulCode ==		 IOCTL_MOUNTDEV_QUERY_UNIQUE_ID)
 		return (LPWSTR) _T ("IOCTL_MOUNTDEV_QUERY_UNIQUE_ID");
 	else if (ulCode ==		 IOCTL_VOLUME_ONLINE)
 		return (LPWSTR) _T ("IOCTL_VOLUME_ONLINE");
 	else if (ulCode ==		 IOCTL_MOUNTDEV_LINK_CREATED)
 		return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_CREATED");
 	else if (ulCode ==		 IOCTL_MOUNTDEV_LINK_DELETED)
 		return (LPWSTR) _T ("IOCTL_MOUNTDEV_LINK_DELETED");
 	else if (ulCode ==		 IOCTL_MOUNTMGR_QUERY_POINTS)
 		return (LPWSTR) _T ("IOCTL_MOUNTMGR_QUERY_POINTS");
 	else if (ulCode ==		 IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED)
 		return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_CREATED");
 	else if (ulCode ==		 IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED)
 		return (LPWSTR) _T ("IOCTL_MOUNTMGR_VOLUME_MOUNT_POINT_DELETED");
 	else if (ulCode ==		 IOCTL_DISK_GET_LENGTH_INFO)
 		return (LPWSTR) _T ("IOCTL_DISK_GET_LENGTH_INFO");
 	else if (ulCode ==		 IOCTL_STORAGE_GET_DEVICE_NUMBER)
 		return (LPWSTR) _T ("IOCTL_STORAGE_GET_DEVICE_NUMBER");
 	else if (ulCode ==		 IOCTL_DISK_GET_PARTITION_INFO)
 		return (LPWSTR) _T ("IOCTL_DISK_GET_PARTITION_INFO");
 	else if (ulCode ==		 IOCTL_DISK_GET_PARTITION_INFO_EX)
@@ -4794,77 +4807,78 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 	{
 		if (data->Type == REG_DWORD)
 			EncryptionThreadPoolFreeCpuCountLimit = *(uint32 *) data->Data;
 
 		TCfree (data);
 	}
 
 	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_IO_REQUEST_COUNT, &data)))
 	{
 		if (data->Type == REG_DWORD)
 			EncryptionIoRequestCount = *(uint32 *) data->Data;
 
 		TCfree (data);
 	}
 
 	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_ITEM_COUNT, &data)))
 	{
 		if (data->Type == REG_DWORD)
 			EncryptionItemCount = *(uint32 *) data->Data;
 
 		TCfree (data);
 	}
 
 	if (driverEntry && NT_SUCCESS (TCReadRegistryKey (&name, VC_ENCRYPTION_FRAGMENT_SIZE, &data)))
 	{
 		if (data->Type == REG_DWORD)
 			EncryptionFragmentSize = *(uint32 *) data->Data;
 
 		TCfree (data);
 	}
 
 	if (driverEntry)
 	{
 		if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)
 			EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;
+		else if (EncryptionIoRequestCount > TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT)
+			EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT;
 
-		if (EncryptionItemCount == 0)
+		if ((EncryptionItemCount == 0) || (EncryptionItemCount > (EncryptionIoRequestCount / 2)))
 			EncryptionItemCount = EncryptionIoRequestCount / 2;
-		else if (EncryptionItemCount >= EncryptionIoRequestCount)
-			EncryptionItemCount = EncryptionIoRequestCount - 1;
 
 		/* EncryptionFragmentSize value in registry is expressed in KiB */
+		/* Maximum allowed value for EncryptionFragmentSize is 2048 KiB */
 		EncryptionFragmentSize *= 1024;
 		if (EncryptionFragmentSize == 0)
 			EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
 		else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))
 			EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
 		
 		
 	}
 
 
 	return status;
 }
 
 
 NTSTATUS WriteRegistryConfigFlags (uint32 flags)
 {
 	UNICODE_STRING name;
 	RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt");
 
 	return TCWriteRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, REG_DWORD, &flags, sizeof (flags));
 }
 
 
 NTSTATUS GetDeviceSectorSize (PDEVICE_OBJECT deviceObject, ULONG *bytesPerSector)
 {
 	NTSTATUS status;
 	DISK_GEOMETRY geometry;
 
 	status = SendDeviceIoControlRequest (deviceObject, IOCTL_DISK_GET_DRIVE_GEOMETRY, NULL, 0, &geometry, sizeof (geometry));
 	if (!NT_SUCCESS (status))
 		return status;
 
 	*bytesPerSector = geometry.BytesPerSector;
 	
 	return STATUS_SUCCESS;
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2021-12-30 00:34:52 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2021-12-30 00:42:39 +0100
commit	f63c2ec13c5f74e5211409ae2c3367a2171adb83 (patch)
tree	d7d7899b5e078d1bc14c0c3e4ce0092d1a76e9d1 /src/Driver
parent	fac35ab08abc26d05e4b737d716f77ac794798d2 (diff)
download	VeraCrypt-f63c2ec13c5f74e5211409ae2c3367a2171adb83.tar.gz VeraCrypt-f63c2ec13c5f74e5211409ae2c3367a2171adb83.zip