archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/fs/efs/efs.c

917 lines
25 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. efs.c
  9. Abstract:
  11. This module contains the code that implements the EFS
  12. file system filter driver.
  14. Author:
  16. Robert Gu (robertg) 29-Oct-1996
  18. Environment:
  20. Kernel mode
  23. Revision History:
  26. --*/
  28. #include "efs.h"
  29. #include "efsrtl.h"
  32. #define BUFFER_SIZE 1024
  33. #define BUFFER_REG_VAL L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\NTFS\\EFS\\Parameters"
  34. #define MAX_ALLOC_BUFFER L"MaximumBlob"
  35. #define EFS_KERNEL_CACHE_PERIOD L"EFSKCACHEPERIOD"
  37. //
  38. // Global storage for this file system filter driver.
  39. //
  40. EFS_DATA EfsData;
  41. WORK_QUEUE_ITEM EfsShutdownCleanupWorkItem;
  43. //
  44. // $EFS stream name
  45. //
  46. WCHAR AttrName[5] = L"$EFS";
  48. #if DBG
  50. ULONG EFSDebug = 0;
  52. #endif
  54. ENCRYPTION_CALL_BACK EFSCallBackTable = {
  55. ENCRYPTION_CURRENT_INTERFACE_VERSION,
  56. ENCRYPTION_ALL_STREAMS,
  57. EfsOpenFile,
  58. NULL,
  59. EFSFilePostCreate,
  60. EfsFileControl,
  61. EfsFileControl,
  62. EFSFsControl,
  63. EfsRead,
  64. EfsWrite,
  65. EfsFreeContext
  66. };
  68. VOID
  69. EfspShutdownCleanup(
  70. IN PVOID Parameter
  71. );
  73. //
  74. // Assign text sections for each routine.
  75. //
  77. #ifdef ALLOC_PRAGMA
  78. #pragma alloc_text(PAGE, EfspShutdownCleanup)
  79. #pragma alloc_text(PAGE, EfsInitialization)
  80. #pragma alloc_text(PAGE, EfsGetSessionKey)
  81. #pragma alloc_text(PAGE, GetKeyBlobLength)
  82. #pragma alloc_text(PAGE, GetKeyBlobBuffer)
  83. #pragma alloc_text(PAGE, SetKeyTable)
  84. #pragma alloc_text(PAGE, EfsInitFips)
  85. #endif
  88. VOID
  89. EfspShutdownCleanup(
  90. IN PVOID Parameter
  91. )
  92. {
  93. PEPROCESS LsaProcess;
  95. PAGED_CODE();
  97. UNREFERENCED_PARAMETER(Parameter);
  99. if (EfsData.LsaProcess) {
  100. LsaProcess = EfsData.LsaProcess;
  101. EfsData.LsaProcess = NULL;
  102. ObDereferenceObject(LsaProcess);
  103. }
  104. }
  107. NTSTATUS
  108. EfsInitialization(
  109. void
  110. )
  112. /*++
  114. Routine Description:
  116. This is the initialization routine for the general purpose file system
  117. filter driver. This routine creates the device object that represents this
  118. driver in the system and registers it for watching all file systems that
  119. register or unregister themselves as active file systems.
  121. Arguments:
  123. DriverObject - Pointer to driver object created by the system.
  125. Return Value:
  127. The function value is the final status from the initialization operation.
  129. --*/
  131. {
  132. UNICODE_STRING nameString;
  133. PDEVICE_EXTENSION deviceExtension;
  134. PFILE_OBJECT fileObject;
  135. NTSTATUS status;
  136. HANDLE threadHdl;
  137. ULONG i;
  138. OBJECT_ATTRIBUTES objAttr;
  139. UNICODE_STRING efsInitEventName;
  140. UNICODE_STRING efsBufValue;
  141. ULONG resultLength;
  142. PKEY_VALUE_PARTIAL_INFORMATION pPartialValue = NULL;
  143. HANDLE efsKey;
  144. EFS_INIT_DATAEXG InitDataFromSrv;
  146. PAGED_CODE();
  148. //
  149. // Mark our global data record
  150. //
  152. EfsData.AllocMaxBuffer = FALSE;
  153. EfsData.FipsFileObject = NULL;
  154. EfsData.FipsFunctionTable.Fips3Des = NULL;
  155. EfsData.FipsFunctionTable.Fips3Des3Key = NULL;
  156. EfsData.EfsDriverCacheLength = DefaultTimeExpirePeriod;
  158. RtlInitUnicodeString( &efsBufValue, BUFFER_REG_VAL );
  160. InitializeObjectAttributes(
  161. &objAttr,
  162. &efsBufValue,
  163. OBJ_CASE_INSENSITIVE,
  164. NULL,
  165. NULL
  166. );
  168. status = ZwOpenKey(
  169. &efsKey,
  170. KEY_READ,
  171. &objAttr);
  173. if (NT_SUCCESS(status)) {
  175. pPartialValue = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(NonPagedPool, BUFFER_SIZE);
  176. if (pPartialValue) {
  177. RtlInitUnicodeString(&efsBufValue, MAX_ALLOC_BUFFER);
  179. status = ZwQueryValueKey(
  180. efsKey,
  181. &efsBufValue,
  182. KeyValuePartialInformation,
  183. (PVOID)pPartialValue,
  184. BUFFER_SIZE,
  185. &resultLength
  186. );
  188. if (NT_SUCCESS(status)) {
  189. ASSERT(pPartialValue->Type == REG_DWORD);
  190. if (*((PLONG)&(pPartialValue->Data))){
  191. EfsData.AllocMaxBuffer = TRUE;
  192. }
  193. }
  195. RtlInitUnicodeString(&efsBufValue, EFS_KERNEL_CACHE_PERIOD);
  197. status = ZwQueryValueKey(
  198. efsKey,
  199. &efsBufValue,
  200. KeyValuePartialInformation,
  201. (PVOID)pPartialValue,
  202. BUFFER_SIZE,
  203. &resultLength
  204. );
  206. if (NT_SUCCESS(status)) {
  207. ASSERT(pPartialValue->Type == REG_DWORD);
  208. if (((*((DWORD *)&(pPartialValue->Data))) >= MINCACHEPERIOD) &&
  209. ((*((DWORD *)&(pPartialValue->Data))) <= MAXCACHEPERIOD)){
  210. EfsData.EfsDriverCacheLength = *((DWORD *)&(pPartialValue->Data));
  211. EfsData.EfsDriverCacheLength *= 10000000;
  212. }
  213. }
  214. ExFreePool(pPartialValue);
  215. }
  216. ZwClose(efsKey);
  217. }
  219. EfsData.NodeTypeCode = EFS_NTC_DATA_HEADER;
  220. EfsData.NodeByteSize = sizeof( EFS_DATA );
  221. EfsData.EfsInitialized = FALSE;
  222. EfsData.InitEventHandle = NULL;
  223. EfsData.LsaProcess = NULL;
  225. //
  226. // Initialize global data structures.
  227. //
  229. ExInitializeWorkItem( &EfsShutdownCleanupWorkItem,
  230. &EfspShutdownCleanup,
  231. NULL );
  232. status = PoQueueShutdownWorkItem( &EfsShutdownCleanupWorkItem );
  233. if (!NT_SUCCESS(status)) {
  234. return status;
  235. }
  237. InitializeListHead( &(EfsData.EfsOpenCacheList) );
  238. InitializeListHead( &(EfsData.EfsKeyLookAsideList) );
  239. ExInitializeFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  240. ExInitializeFastMutex( &(EfsData.EfsOpenCacheMutex) );
  242. //
  243. // Initialize the event lookaside list
  244. //
  246. ExInitializeNPagedLookasideList(&(EfsData.EfsEventPool),
  247. NULL,
  248. NULL,
  249. 0,
  250. sizeof(KEVENT),
  251. 'levE',
  252. EFS_EVENTDEPTH
  253. );
  255. //
  256. // Try to allocate at least one event in the list. This one will be used for
  257. // sure later.
  258. //
  260. {
  261. PVOID pTryEvent;
  263. pTryEvent = ExAllocateFromNPagedLookasideList(&(EfsData.EfsEventPool));
  264. if ( NULL == pTryEvent ){
  265. //
  266. // Free previously allocated memory
  267. //
  269. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  270. return STATUS_NO_MEMORY;
  271. }
  272. ExFreeToNPagedLookasideList(&(EfsData.EfsEventPool), pTryEvent);
  273. }
  275. //
  276. // Initialize the context lookaside list
  277. //
  279. ExInitializeNPagedLookasideList(&(EfsData.EfsContextPool),
  280. NULL,
  281. NULL,
  282. 0,
  283. sizeof(EFS_CONTEXT),
  284. 'nocE',
  285. EFS_CONTEXTDEPTH
  286. );
  288. //
  289. // Initialize the cache lookaside list
  290. //
  292. ExInitializePagedLookasideList(&(EfsData.EfsOpenCachePool),
  293. NULL,
  294. NULL,
  295. 0,
  296. sizeof(OPEN_CACHE),
  297. 'hcoE',
  298. EFS_CACHEDEPTH
  299. );
  301. ExInitializePagedLookasideList(&(EfsData.EfsMemSourceItem),
  302. NULL,
  303. NULL,
  304. 0,
  305. sizeof(KEY_BLOB_RAMPOOL),
  306. 'msfE',
  307. EFS_ALGDEPTH
  308. );
  310. ExInitializeNPagedLookasideList(&(EfsData.EfsLookAside),
  311. NULL,
  312. NULL,
  313. 0,
  314. sizeof(NPAGED_LOOKASIDE_LIST),
  315. 'msfE',
  316. EFS_ALGDEPTH
  317. );
  319. status = NtOfsRegisterCallBacks( Encryption, &EFSCallBackTable );
  320. if (!NT_SUCCESS(status)) {
  322. //
  323. // Register callback failed
  324. //
  326. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  327. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  328. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  329. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  330. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  331. return status;
  332. }
  334. RtlInitUnicodeString(&(EfsData.EfsName), &AttrName[0]);
  336. //
  337. // Create an event
  338. //
  340. RtlInitUnicodeString( &efsInitEventName, L"\\EFSInitEvent" );
  342. InitializeObjectAttributes(
  343. &objAttr,
  344. &efsInitEventName,
  345. 0,
  346. NULL,
  347. NULL
  348. );
  350. //
  351. // Try to create an event. If the event was not created, the EFS
  352. // server is not loaded yet. We will create a thread waiting for
  353. // EFS server to be loaded. If the event was already created, we
  354. // will just go ahead and get the session key from the EFS server.
  355. //
  357. status = ZwCreateEvent(
  358. &(EfsData.InitEventHandle),
  359. EVENT_MODIFY_STATE,
  360. &objAttr,
  361. NotificationEvent,
  362. FALSE
  363. );
  365. if (!NT_SUCCESS(status)) {
  367. if ( STATUS_OBJECT_NAME_COLLISION == status ){
  369. //
  370. // EFS server has been loaded. This is the normal case.
  371. // Call server to get the session key.
  372. //
  374. status = GenerateSessionKey(
  375. &InitDataFromSrv
  376. );
  379. if (NT_SUCCESS( status )) {
  381. //
  382. // Set session key
  383. //
  385. RtlCopyMemory( &(EfsData.SessionKey[0]), InitDataFromSrv.Key, DES_KEYSIZE );
  386. deskey( (DESTable*)&(EfsData.SessionDesTable[0]),
  387. &(EfsData.SessionKey[0]));
  389. status = PsLookupProcessByProcessId(
  390. InitDataFromSrv.LsaProcessID,
  391. &(EfsData.LsaProcess)
  392. );
  393. RtlSecureZeroMemory(&InitDataFromSrv, sizeof(EFS_INIT_DATAEXG));
  395. if (NT_SUCCESS( status )) {
  396. EfsData.EfsInitialized = TRUE;
  397. if ( PsGetCurrentProcess() != EfsData.LsaProcess ){
  399. KAPC_STATE ApcState;
  401. KeStackAttachProcess (
  402. EfsData.LsaProcess,
  403. &ApcState
  404. );
  405. InitSecurityInterface();
  406. KeUnstackDetachProcess(&ApcState);
  407. } else {
  408. InitSecurityInterface();
  409. }
  410. EfsInitFips();
  411. } else {
  412. #if DBG
  414. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  416. DbgPrint("PsLookupProcessByProcessId failed, status = %x\n",status);
  418. }
  420. #endif
  421. //
  422. // Failed to get the process pointer
  423. //
  425. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  426. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  427. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  428. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  429. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  431. }
  433. } else {
  435. #if DBG
  437. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  439. DbgPrint("GenerateSessionKey failed, status = %x\n",status);
  441. }
  443. #endif
  444. //
  445. // Failed to get the session key
  446. //
  448. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  449. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  450. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  451. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  452. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  454. }
  457. } else {
  459. //
  460. // Unexpected error occured. EFS cannot be loaded
  461. //
  463. #if DBG
  465. if ( (EFSTRACEALL | EFSTRACELIGHT ) & EFSDebug ){
  466. DbgPrint("EFSFILTER: Efs init event creation failed.%x\n", status);
  467. }
  469. #endif
  470. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  471. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  472. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  473. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  474. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  476. }
  478. } else {
  480. //
  481. // The server is not ready yet.
  482. // Create a thread and wait for the server in that thread
  483. //
  485. status = PsCreateSystemThread(
  486. &threadHdl,
  487. GENERIC_ALL,
  488. NULL,
  489. NULL,
  490. NULL,
  491. EfsGetSessionKey,
  492. NULL
  493. );
  495. if ( NT_SUCCESS( status ) ){
  497. ZwClose( threadHdl );
  499. } else {
  501. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  502. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  503. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  504. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  505. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  507. }
  508. }
  510. return status;
  511. }
  513. VOID
  514. EfsUninitialization(
  515. VOID
  516. )
  517. {
  518. PLIST_ENTRY pLink;
  519. PKEY_BLOB_RAMPOOL pTmpItem;
  520. PNPAGED_LOOKASIDE_LIST MemSrcList;
  522. while (!IsListEmpty (&EfsData.EfsKeyLookAsideList)) {
  523. pLink = RemoveHeadList (&EfsData.EfsKeyLookAsideList);
  524. pTmpItem = CONTAINING_RECORD(pLink, KEY_BLOB_RAMPOOL, MemSourceChain);
  525. MemSrcList = pTmpItem->MemSourceList;
  527. ExDeleteNPagedLookasideList(MemSrcList);
  528. ExFreeToNPagedLookasideList(&(EfsData.EfsLookAside), MemSrcList );
  529. ExFreeToPagedLookasideList(&(EfsData.EfsMemSourceItem), pTmpItem );
  530. }
  531. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  532. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  533. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  534. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  535. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  536. if (EfsData.FipsFileObject) {
  537. ObDereferenceObject(EfsData.FipsFileObject);
  538. EfsData.FipsFileObject = NULL;
  539. }
  540. }
  542. VOID
  543. EfsGetSessionKey(
  544. IN PVOID StartContext
  545. )
  547. /*++
  549. Routine Description:
  551. This routine is invoked in DriverEntry. It runs in a seperate thread.
  553. The purpose of this routine is to wait for the EFS server. And Get the session key.
  555. Arguments:
  557. StartContext - Start context of the thread.
  559. Return Value:
  561. None.
  563. --*/
  565. {
  567. SECURITY_DESCRIPTOR efsInitEventSecurityDescriptor;
  568. NTSTATUS status;
  569. EFS_INIT_DATAEXG InitDataFromSrv;
  571. #if DBG
  573. if ( EFSTRACEALL & EFSDebug ){
  574. DbgPrint( "EFSFILTER: Thread started. %x\n", EfsData.NodeTypeCode );
  575. }
  577. #endif
  580. status = ZwWaitForSingleObject (
  581. EfsData.InitEventHandle,
  582. FALSE,
  583. (PLARGE_INTEGER)NULL
  584. );
  586. ZwClose( EfsData.InitEventHandle );
  588. //
  589. // Call server to get the session key
  590. //
  593. status = GenerateSessionKey(
  594. &InitDataFromSrv
  595. );
  598. if (!NT_SUCCESS( status )) {
  600. #if DBG
  602. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  604. DbgPrint("GenerateSessionKey failed, status = %x\n",status);
  606. }
  608. #endif
  610. return;
  611. }
  613. //
  614. // Set session key
  615. //
  617. RtlCopyMemory( &(EfsData.SessionKey[0]), InitDataFromSrv.Key, DES_KEYSIZE );
  618. deskey( (DESTable*)&(EfsData.SessionDesTable[0]),
  619. &(EfsData.SessionKey[0]));
  621. status = PsLookupProcessByProcessId(
  622. InitDataFromSrv.LsaProcessID,
  623. &(EfsData.LsaProcess)
  624. );
  626. RtlSecureZeroMemory(&InitDataFromSrv, sizeof(EFS_INIT_DATAEXG));
  628. if (NT_SUCCESS( status )) {
  630. EfsData.EfsInitialized = TRUE;
  631. if ( PsGetCurrentProcess() != EfsData.LsaProcess ){
  632. KAPC_STATE ApcState;
  634. //KeAttachProcess(EfsData.LsaProcess);
  635. KeStackAttachProcess (
  636. EfsData.LsaProcess,
  637. &ApcState
  638. );
  639. InitSecurityInterface();
  640. //KeDetachProcess();
  641. KeUnstackDetachProcess(&ApcState);
  642. } else {
  643. InitSecurityInterface();
  644. }
  646. EfsInitFips();
  648. } else {
  650. #if DBG
  652. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  654. DbgPrint("PsLookupProcessByProcessId failed, status = %x\n",status);
  656. }
  658. #endif
  660. }
  662. return;
  663. }
  665. ULONG GetKeyBlobLength(
  666. ULONG AlgID
  667. )
  668. {
  669. if (EfsData.AllocMaxBuffer) {
  670. return AES_KEY_BLOB_LENGTH_256;
  671. }
  672. switch (AlgID){
  673. case CALG_DESX:
  674. return DESX_KEY_BLOB_LENGTH;
  675. case CALG_3DES:
  676. return DES3_KEY_BLOB_LENGTH;
  677. case CALG_AES_256:
  678. return AES_KEY_BLOB_LENGTH_256;
  679. case CALG_DES:
  680. default:
  681. return DES_KEY_BLOB_LENGTH;
  682. }
  683. return 0;
  684. }
  686. PKEY_BLOB
  687. GetKeyBlobBuffer(
  688. ULONG AlgID
  689. )
  690. {
  692. PNPAGED_LOOKASIDE_LIST MemSrcList = NULL;
  693. PKEY_BLOB_RAMPOOL KeyBlobPoolListItem = NULL;
  694. PKEY_BLOB_RAMPOOL pTmpItem = NULL;
  695. ULONG KeyBlobLength;
  696. PLIST_ENTRY pLink = NULL;
  697. PKEY_BLOB NewKeyBlob;
  699. KeyBlobLength = GetKeyBlobLength(AlgID);
  701. if (!KeyBlobLength){
  702. ASSERT(KeyBlobLength);
  703. return NULL;
  704. }
  706. ExAcquireFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex));
  707. for (pLink = EfsData.EfsKeyLookAsideList.Flink; pLink != &(EfsData.EfsKeyLookAsideList); pLink = pLink->Flink) {
  708. pTmpItem = CONTAINING_RECORD(pLink, KEY_BLOB_RAMPOOL, MemSourceChain);
  709. if (pTmpItem->AlgorithmID == AlgID) {
  711. //
  712. // The lookaside list already exists
  713. //
  715. MemSrcList = pTmpItem->MemSourceList;
  716. break;
  717. }
  718. }
  719. ExReleaseFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  721. if ( MemSrcList == NULL ) {
  723. //
  724. // No lookaside for this type of key. Go and create one item.
  725. //
  727. MemSrcList = (PNPAGED_LOOKASIDE_LIST)ExAllocateFromNPagedLookasideList(&(EfsData.EfsLookAside));
  728. KeyBlobPoolListItem = (PKEY_BLOB_RAMPOOL) ExAllocateFromPagedLookasideList(&(EfsData.EfsMemSourceItem));
  729. if ( (NULL == MemSrcList) || (NULL == KeyBlobPoolListItem) ){
  730. if (MemSrcList) {
  731. ExFreeToNPagedLookasideList(&(EfsData.EfsLookAside), MemSrcList );
  732. }
  733. if (KeyBlobPoolListItem){
  734. ExFreeToPagedLookasideList(&(EfsData.EfsMemSourceItem), KeyBlobPoolListItem );
  735. }
  736. return NULL;
  737. }
  739. RtlZeroMemory( KeyBlobPoolListItem, sizeof( KEY_BLOB_RAMPOOL ) );
  740. KeyBlobPoolListItem->MemSourceList = MemSrcList;
  741. KeyBlobPoolListItem->AlgorithmID = AlgID;
  743. ExInitializeNPagedLookasideList(
  744. MemSrcList,
  745. NULL,
  746. NULL,
  747. 0,
  748. KeyBlobLength,
  749. 'msfE',
  750. EFS_KEYDEPTH
  751. );
  753. ExAcquireFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex));
  754. InsertHeadList( &(EfsData.EfsKeyLookAsideList), &(KeyBlobPoolListItem->MemSourceChain));
  755. ExReleaseFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  756. }
  758. //
  759. // Allocate the Key Blob
  760. //
  762. NewKeyBlob = (PKEY_BLOB)ExAllocateFromNPagedLookasideList(MemSrcList);
  764. if (NewKeyBlob){
  765. NewKeyBlob->AlgorithmID = AlgID;
  766. NewKeyBlob->KeyLength = KeyBlobLength;
  767. NewKeyBlob->MemSource = MemSrcList;
  768. }
  769. return NewKeyBlob;
  771. }
  773. BOOLEAN
  774. SetKeyTable(
  775. PKEY_BLOB KeyBlob,
  776. PEFS_KEY EfsKey
  777. )
  778. {
  780. char DesXTmpKey[DESX_KEYSIZE];
  782. switch ( EfsKey->Algorithm ){
  783. case CALG_3DES:
  784. if (EfsData.AllocMaxBuffer) {
  785. RtlZeroMemory( &(KeyBlob->Key[0]) + DES3_TABLESIZE, KeyBlob->KeyLength - DES3_KEY_BLOB_LENGTH);
  786. }
  787. if (EfsData.FipsFunctionTable.Fips3Des3Key) {
  788. EfsData.FipsFunctionTable.Fips3Des3Key(
  789. (DES3TABLE*) &(KeyBlob->Key[0]),
  790. ((char *)EfsKey) + sizeof ( EFS_KEY )
  791. );
  792. } else {
  793. return FALSE;
  794. }
  795. //tripledes3key(
  796. // (DES3TABLE*) &(KeyBlob->Key[0]),
  797. // ((char *)EfsKey) + sizeof ( EFS_KEY )
  798. // );
  799. break;
  800. case CALG_DESX:
  801. //
  802. // Flush the non used area.
  803. //
  805. if (EfsData.AllocMaxBuffer) {
  806. RtlZeroMemory( &(KeyBlob->Key[0]) + DESX_TABLESIZE, KeyBlob->KeyLength - DESX_KEY_BLOB_LENGTH);
  807. }
  808. desexpand128to192(
  809. ((char *)EfsKey) + sizeof ( EFS_KEY ),
  810. DesXTmpKey
  811. );
  813. desxkey(
  814. (DESXTable*) &(KeyBlob->Key[0]),
  815. DesXTmpKey
  816. );
  817. break;
  819. case CALG_AES_256:
  820. aeskey(
  821. (AESTable*) &(KeyBlob->Key[0]),
  822. ((char *)EfsKey) + sizeof ( EFS_KEY ),
  823. AES_ROUNDS_256
  824. );
  825. break;
  827. case CALG_DES:
  828. default:
  829. if (EfsData.AllocMaxBuffer) {
  830. RtlZeroMemory( &(KeyBlob->Key[0]) + DES_TABLESIZE, KeyBlob->KeyLength - DES_KEY_BLOB_LENGTH);
  831. }
  832. deskey(
  833. (DESTable*) &(KeyBlob->Key[0]),
  834. ((char *)EfsKey) + sizeof ( EFS_KEY )
  835. );
  836. break;
  837. }
  838. return TRUE;
  839. }
  842. BOOLEAN
  843. EfsInitFips(VOID)
  844. /*++
  846. Routine Description:
  848. Initialize the FIPS library table.
  850. Arguments:
  852. Return Value:
  854. TRUE/FALSE.
  856. --*/
  857. {
  858. UNICODE_STRING deviceName;
  859. NTSTATUS status;
  860. PDEVICE_OBJECT pDeviceObject;
  861. // PFILE_OBJECT pFileObject = NULL;
  862. PIRP pIrp;
  863. IO_STATUS_BLOCK IoStatusBlock;
  865. PAGED_CODE();
  867. RtlInitUnicodeString(&deviceName, FIPS_DEVICE_NAME);
  869. //
  870. // Get the file and device objects for FIPS.
  871. //
  873. status = IoGetDeviceObjectPointer( &deviceName,
  874. FILE_ALL_ACCESS,
  875. &EfsData.FipsFileObject,
  876. &pDeviceObject);
  878. if (status != STATUS_SUCCESS) {
  879. return FALSE;
  880. }
  882. //
  883. // Build the request to send to FIPS to get library table.
  884. //
  885. pIrp = IoBuildDeviceIoControlRequest( IOCTL_FIPS_GET_FUNCTION_TABLE,
  886. pDeviceObject,
  887. NULL,
  888. 0,
  889. &EfsData.FipsFunctionTable,
  890. sizeof(FIPS_FUNCTION_TABLE),
  891. FALSE,
  892. NULL,
  893. &IoStatusBlock
  894. );
  896. if (pIrp == NULL) {
  897. #if DBG
  898. DbgPrint("EfsInitFips: IoBuildDeviceIoControlRequest IOCTL_FIPS_GET_FUNCTION_TABLE failed.\n");
  899. #endif
  900. ObDereferenceObject(EfsData.FipsFileObject);
  901. EfsData.FipsFileObject = NULL;
  902. return FALSE;
  903. }
  905. status = IoCallDriver(pDeviceObject, pIrp);
  907. if (status != STATUS_SUCCESS) {
  908. ObDereferenceObject(EfsData.FipsFileObject);
  909. EfsData.FipsFileObject = NULL;
  910. #if DBG
  911. DbgPrint("EfsInitFips: IoCallDriver failed, status = %x\n",status);
  912. #endif
  913. return FALSE;
  914. }
  916. return TRUE;
  917. }