Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

999 lines
26 KiB

  1. /*++
  2. Copyright (c) 1996 Microsoft Corporation
  3. Module Name:
  4. efs.c
  5. Abstract:
  6. This module contains the code that implements the EFS
  7. file system filter driver.
  8. Author:
  9. Robert Gu (robertg) 29-Oct-1996
  10. Environment:
  11. Kernel mode
  12. Revision History:
  13. --*/
  14. #include "efs.h"
  15. #include "efsrtl.h"
  16. #define BUFFER_SIZE 1024
  17. #define BUFFER_REG_VAL L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\NTFS\\EFS\\Parameters"
  18. #define MAX_ALLOC_BUFFER L"MaximumBlob"
  19. #define EFS_KERNEL_CACHE_PERIOD L"EFSKCACHEPERIOD"
  20. //
  21. // Global storage for this file system filter driver.
  22. //
  23. EFS_DATA EfsData;
  24. WORK_QUEUE_ITEM EfsShutdownCleanupWorkItem;
  25. //
  26. // $EFS stream name
  27. //
  28. WCHAR AttrName[5] = L"$EFS";
  29. #if DBG
  30. ULONG EFSDebug = 0;
  31. #endif
  32. ENCRYPTION_CALL_BACK EFSCallBackTable = {
  33. ENCRYPTION_CURRENT_INTERFACE_VERSION,
  34. ENCRYPTION_ALL_STREAMS,
  35. EfsOpenFile,
  36. NULL,
  37. EFSFilePostCreate,
  38. EfsFileControl,
  39. EfsFileControl,
  40. EFSFsControl,
  41. EfsRead,
  42. EfsWrite,
  43. EfsFreeContext
  44. };
  45. VOID
  46. EfspShutdownCleanup(
  47. IN PVOID Parameter
  48. );
  49. //
  50. // Assign text sections for each routine.
  51. //
  52. #ifdef ALLOC_PRAGMA
  53. #pragma alloc_text(PAGE, EfspShutdownCleanup)
  54. #pragma alloc_text(PAGE, EfsInitialization)
  55. #pragma alloc_text(PAGE, EfsGetSessionKey)
  56. #pragma alloc_text(PAGE, GetKeyBlobLength)
  57. #pragma alloc_text(PAGE, GetKeyBlobBuffer)
  58. #pragma alloc_text(PAGE, SetKeyTable)
  59. #pragma alloc_text(PAGE, EfsInitFips)
  60. #endif
  61. VOID
  62. EfspShutdownCleanup(
  63. IN PVOID Parameter
  64. )
  65. {
  66. PEPROCESS LsaProcess;
  67. PAGED_CODE();
  68. UNREFERENCED_PARAMETER(Parameter);
  69. if (EfsData.LsaProcess) {
  70. LsaProcess = EfsData.LsaProcess;
  71. EfsData.LsaProcess = NULL;
  72. ObDereferenceObject(LsaProcess);
  73. }
  74. }
  75. NTSTATUS
  76. EfsInitialization(
  77. void
  78. )
  79. /*++
  80. Routine Description:
  81. This is the initialization routine for the general purpose file system
  82. filter driver. This routine creates the device object that represents this
  83. driver in the system and registers it for watching all file systems that
  84. register or unregister themselves as active file systems.
  85. Arguments:
  86. DriverObject - Pointer to driver object created by the system.
  87. Return Value:
  88. The function value is the final status from the initialization operation.
  89. --*/
  90. {
  91. UNICODE_STRING nameString;
  92. PDEVICE_EXTENSION deviceExtension;
  93. PFILE_OBJECT fileObject;
  94. NTSTATUS status;
  95. HANDLE threadHdl;
  96. ULONG i;
  97. OBJECT_ATTRIBUTES objAttr;
  98. UNICODE_STRING efsInitEventName;
  99. UNICODE_STRING efsBufValue;
  100. ULONG resultLength;
  101. PKEY_VALUE_PARTIAL_INFORMATION pPartialValue = NULL;
  102. HANDLE efsKey;
  103. EFS_INIT_DATAEXG InitDataFromSrv;
  104. PAGED_CODE();
  105. //
  106. // Mark our global data record
  107. //
  108. EfsData.AllocMaxBuffer = FALSE;
  109. EfsData.FipsFileObject = NULL;
  110. EfsData.FipsFunctionTable.Fips3Des = NULL;
  111. EfsData.FipsFunctionTable.Fips3Des3Key = NULL;
  112. EfsData.EfsDriverCacheLength = DefaultTimeExpirePeriod;
  113. RtlInitUnicodeString( &efsBufValue, BUFFER_REG_VAL );
  114. InitializeObjectAttributes(
  115. &objAttr,
  116. &efsBufValue,
  117. OBJ_CASE_INSENSITIVE,
  118. NULL,
  119. NULL
  120. );
  121. status = ZwOpenKey(
  122. &efsKey,
  123. KEY_READ,
  124. &objAttr);
  125. if (NT_SUCCESS(status)) {
  126. pPartialValue = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePool(NonPagedPool, BUFFER_SIZE);
  127. if (pPartialValue) {
  128. RtlInitUnicodeString(&efsBufValue, MAX_ALLOC_BUFFER);
  129. status = ZwQueryValueKey(
  130. efsKey,
  131. &efsBufValue,
  132. KeyValuePartialInformation,
  133. (PVOID)pPartialValue,
  134. BUFFER_SIZE,
  135. &resultLength
  136. );
  137. if (NT_SUCCESS(status)) {
  138. ASSERT(pPartialValue->Type == REG_DWORD);
  139. if (*((PLONG)&(pPartialValue->Data))){
  140. EfsData.AllocMaxBuffer = TRUE;
  141. }
  142. }
  143. RtlInitUnicodeString(&efsBufValue, EFS_KERNEL_CACHE_PERIOD);
  144. status = ZwQueryValueKey(
  145. efsKey,
  146. &efsBufValue,
  147. KeyValuePartialInformation,
  148. (PVOID)pPartialValue,
  149. BUFFER_SIZE,
  150. &resultLength
  151. );
  152. if (NT_SUCCESS(status)) {
  153. ASSERT(pPartialValue->Type == REG_DWORD);
  154. if (((*((DWORD *)&(pPartialValue->Data))) >= MINCACHEPERIOD) &&
  155. ((*((DWORD *)&(pPartialValue->Data))) <= MAXCACHEPERIOD)){
  156. EfsData.EfsDriverCacheLength = *((DWORD *)&(pPartialValue->Data));
  157. EfsData.EfsDriverCacheLength *= 10000000;
  158. }
  159. }
  160. ExFreePool(pPartialValue);
  161. }
  162. ZwClose(efsKey);
  163. }
  164. EfsData.NodeTypeCode = EFS_NTC_DATA_HEADER;
  165. EfsData.NodeByteSize = sizeof( EFS_DATA );
  166. EfsData.EfsInitialized = FALSE;
  167. EfsData.InitEventHandle = NULL;
  168. EfsData.LsaProcess = NULL;
  169. //
  170. // Initialize global data structures.
  171. //
  172. ExInitializeWorkItem( &EfsShutdownCleanupWorkItem,
  173. &EfspShutdownCleanup,
  174. NULL );
  175. status = PoQueueShutdownWorkItem( &EfsShutdownCleanupWorkItem );
  176. if (!NT_SUCCESS(status)) {
  177. return status;
  178. }
  179. InitializeListHead( &(EfsData.EfsOpenCacheList) );
  180. InitializeListHead( &(EfsData.EfsKeyLookAsideList) );
  181. ExInitializeFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  182. ExInitializeFastMutex( &(EfsData.EfsOpenCacheMutex) );
  183. //
  184. // Initialize the event lookaside list
  185. //
  186. ExInitializeNPagedLookasideList(&(EfsData.EfsEventPool),
  187. NULL,
  188. NULL,
  189. 0,
  190. sizeof(KEVENT),
  191. 'levE',
  192. EFS_EVENTDEPTH
  193. );
  194. //
  195. // Try to allocate at least one event in the list. This one will be used for
  196. // sure later.
  197. //
  198. {
  199. PVOID pTryEvent;
  200. pTryEvent = ExAllocateFromNPagedLookasideList(&(EfsData.EfsEventPool));
  201. if ( NULL == pTryEvent ){
  202. //
  203. // Free previously allocated memory
  204. //
  205. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  206. return STATUS_NO_MEMORY;
  207. }
  208. ExFreeToNPagedLookasideList(&(EfsData.EfsEventPool), pTryEvent);
  209. }
  210. //
  211. // Initialize the context lookaside list
  212. //
  213. ExInitializeNPagedLookasideList(&(EfsData.EfsContextPool),
  214. NULL,
  215. NULL,
  216. 0,
  217. sizeof(EFS_CONTEXT),
  218. 'nocE',
  219. EFS_CONTEXTDEPTH
  220. );
  221. //
  222. // Initialize the cache lookaside list
  223. //
  224. ExInitializePagedLookasideList(&(EfsData.EfsOpenCachePool),
  225. NULL,
  226. NULL,
  227. 0,
  228. sizeof(OPEN_CACHE),
  229. 'hcoE',
  230. EFS_CACHEDEPTH
  231. );
  232. ExInitializePagedLookasideList(&(EfsData.EfsMemSourceItem),
  233. NULL,
  234. NULL,
  235. 0,
  236. sizeof(KEY_BLOB_RAMPOOL),
  237. 'msfE',
  238. EFS_ALGDEPTH
  239. );
  240. ExInitializeNPagedLookasideList(&(EfsData.EfsLookAside),
  241. NULL,
  242. NULL,
  243. 0,
  244. sizeof(NPAGED_LOOKASIDE_LIST),
  245. 'msfE',
  246. EFS_ALGDEPTH
  247. );
  248. status = NtOfsRegisterCallBacks( Encryption, &EFSCallBackTable );
  249. if (!NT_SUCCESS(status)) {
  250. //
  251. // Register callback failed
  252. //
  253. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  254. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  255. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  256. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  257. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  258. return status;
  259. }
  260. RtlInitUnicodeString(&(EfsData.EfsName), &AttrName[0]);
  261. //
  262. // Create an event
  263. //
  264. RtlInitUnicodeString( &efsInitEventName, L"\\EFSInitEvent" );
  265. InitializeObjectAttributes(
  266. &objAttr,
  267. &efsInitEventName,
  268. 0,
  269. NULL,
  270. NULL
  271. );
  272. //
  273. // Try to create an event. If the event was not created, the EFS
  274. // server is not loaded yet. We will create a thread waiting for
  275. // EFS server to be loaded. If the event was already created, we
  276. // will just go ahead and get the session key from the EFS server.
  277. //
  278. status = ZwCreateEvent(
  279. &(EfsData.InitEventHandle),
  280. EVENT_MODIFY_STATE,
  281. &objAttr,
  282. NotificationEvent,
  283. FALSE
  284. );
  285. if (!NT_SUCCESS(status)) {
  286. if ( STATUS_OBJECT_NAME_COLLISION == status ){
  287. //
  288. // EFS server has been loaded. This is the normal case.
  289. // Call server to get the session key.
  290. //
  291. status = GenerateSessionKey(
  292. &InitDataFromSrv
  293. );
  294. if (NT_SUCCESS( status )) {
  295. //
  296. // Set session key
  297. //
  298. RtlCopyMemory( &(EfsData.SessionKey[0]), InitDataFromSrv.Key, DES_KEYSIZE );
  299. deskey( (DESTable*)&(EfsData.SessionDesTable[0]),
  300. &(EfsData.SessionKey[0]));
  301. status = PsLookupProcessByProcessId(
  302. InitDataFromSrv.LsaProcessID,
  303. &(EfsData.LsaProcess)
  304. );
  305. if (NT_SUCCESS( status )) {
  306. EfsData.EfsInitialized = TRUE;
  307. if ( PsGetCurrentProcess() != EfsData.LsaProcess ){
  308. KAPC_STATE ApcState;
  309. KeStackAttachProcess (
  310. EfsData.LsaProcess,
  311. &ApcState
  312. );
  313. InitSecurityInterface();
  314. KeUnstackDetachProcess(&ApcState);
  315. } else {
  316. InitSecurityInterface();
  317. }
  318. EfsInitFips();
  319. } else {
  320. #if DBG
  321. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  322. DbgPrint("PsLookupProcessByProcessId failed, status = %x\n",status);
  323. }
  324. #endif
  325. //
  326. // Failed to get the process pointer
  327. //
  328. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  329. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  330. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  331. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  332. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  333. }
  334. } else {
  335. #if DBG
  336. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  337. DbgPrint("GenerateSessionKey failed, status = %x\n",status);
  338. }
  339. #endif
  340. //
  341. // Failed to get the session key
  342. //
  343. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  344. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  345. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  346. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  347. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  348. }
  349. } else {
  350. //
  351. // Unexpected error occured. EFS cannot be loaded
  352. //
  353. #if DBG
  354. if ( (EFSTRACEALL | EFSTRACELIGHT ) & EFSDebug ){
  355. DbgPrint("EFSFILTER: Efs init event creation failed.%x\n", status);
  356. }
  357. #endif
  358. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  359. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  360. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  361. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  362. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  363. }
  364. } else {
  365. //
  366. // The server is not ready yet.
  367. // Create a thread and wait for the server in that thread
  368. //
  369. status = PsCreateSystemThread(
  370. &threadHdl,
  371. GENERIC_ALL,
  372. NULL,
  373. NULL,
  374. NULL,
  375. EfsGetSessionKey,
  376. NULL
  377. );
  378. if ( NT_SUCCESS( status ) ){
  379. ZwClose( threadHdl );
  380. } else {
  381. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  382. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  383. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  384. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  385. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  386. }
  387. }
  388. return status;
  389. }
  390. VOID
  391. EfsUninitialization(
  392. VOID
  393. )
  394. {
  395. PLIST_ENTRY pLink;
  396. PKEY_BLOB_RAMPOOL pTmpItem;
  397. PNPAGED_LOOKASIDE_LIST MemSrcList;
  398. while (!IsListEmpty (&EfsData.EfsKeyLookAsideList)) {
  399. pLink = RemoveHeadList (&EfsData.EfsKeyLookAsideList);
  400. pTmpItem = CONTAINING_RECORD(pLink, KEY_BLOB_RAMPOOL, MemSourceChain);
  401. MemSrcList = pTmpItem->MemSourceList;
  402. ExDeleteNPagedLookasideList(MemSrcList);
  403. ExFreeToNPagedLookasideList(&(EfsData.EfsLookAside), MemSrcList );
  404. ExFreeToPagedLookasideList(&(EfsData.EfsMemSourceItem), pTmpItem );
  405. }
  406. ExDeleteNPagedLookasideList(&(EfsData.EfsEventPool));
  407. ExDeleteNPagedLookasideList(&(EfsData.EfsContextPool));
  408. ExDeletePagedLookasideList(&(EfsData.EfsOpenCachePool));
  409. ExDeletePagedLookasideList(&(EfsData.EfsMemSourceItem));
  410. ExDeleteNPagedLookasideList(&(EfsData.EfsLookAside));
  411. if (EfsData.FipsFileObject) {
  412. ObDereferenceObject(EfsData.FipsFileObject);
  413. EfsData.FipsFileObject = NULL;
  414. }
  415. }
  416. VOID
  417. EfsGetSessionKey(
  418. IN PVOID StartContext
  419. )
  420. /*++
  421. Routine Description:
  422. This routine is invoked in DriverEntry. It runs in a seperate thread.
  423. The purpose of this routine is to wait for the EFS server. And Get the session key.
  424. Arguments:
  425. StartContext - Start context of the thread.
  426. Return Value:
  427. None.
  428. --*/
  429. {
  430. SECURITY_DESCRIPTOR efsInitEventSecurityDescriptor;
  431. NTSTATUS status;
  432. EFS_INIT_DATAEXG InitDataFromSrv;
  433. #if DBG
  434. if ( EFSTRACEALL & EFSDebug ){
  435. DbgPrint( "EFSFILTER: Thread started. %x\n", EfsData.NodeTypeCode );
  436. }
  437. #endif
  438. #if 0
  439. //
  440. // Prepare to create an event for synchronizing with the Efs.
  441. // First, build the Security Descriptor for the Init Event Object
  442. //
  443. status = RtlCreateSecurityDescriptor(
  444. &efsInitEventSecurityDescriptor,
  445. SECURITY_DESCRIPTOR_REVISION
  446. );
  447. if (!NT_SUCCESS(status)) {
  448. #if DBG
  449. DbgPrint(("EFSFILTER: Creating Efs Init Event Desc failed 0x%lx\n",
  450. status));
  451. #endif
  452. return ;
  453. }
  454. //
  455. // Allocate a temporary buffer from the paged pool. It is a fatal
  456. // system error if the allocation fails since security cannot be
  457. // enabled.
  458. //
  459. aclSize = sizeof(ACL) +
  460. sizeof(ACCESS_ALLOWED_ACE) +
  461. RtlLengthSid(SeLocalSystemSid);
  462. efsInitEventSecurityDescriptor.Dacl =
  463. ExAllocatePoolWithTag(PagedPool, aclSize, 'cAeS');
  464. if (efsInitEventSecurityDescriptor.Dacl == NULL) {
  465. #if DBG
  466. DbgPrint(("EFSFILTER: Insufficient resources to initialize\n"));
  467. #endif
  468. return;
  469. }
  470. //
  471. // Now create the Discretionary ACL within the Security Descriptor
  472. //
  473. status = RtlCreateAcl(
  474. efsInitEventSecurityDescriptor.Dacl,
  475. aclSize,
  476. ACL_REVISION2
  477. );
  478. if (!NT_SUCCESS(status)) {
  479. #if DBG
  480. DbgPrint(("EFSFILTER: Creating Efs Init Event Dacl failed 0x%lx\n",
  481. status));
  482. #endif
  483. return;
  484. }
  485. //
  486. // Now add an ACE giving GENERIC_ALL access to the User ID
  487. //
  488. status = RtlAddAccessAllowedAce(
  489. efsInitEventSecurityDescriptor.Dacl,
  490. ACL_REVISION2,
  491. GENERIC_ALL,
  492. SeLocalSystemSid
  493. );
  494. if (!NT_SUCCESS(status)) {
  495. #if DBG
  496. DbgPrint(("EFSFILTER: Adding Efs Init Event ACE failed 0x%lx\n",
  497. status));
  498. #endif
  499. return;
  500. }
  501. #endif // #if 0
  502. status = ZwWaitForSingleObject (
  503. EfsData.InitEventHandle,
  504. FALSE,
  505. (PLARGE_INTEGER)NULL
  506. );
  507. ZwClose( EfsData.InitEventHandle );
  508. //
  509. // Call server to get the session key
  510. //
  511. status = GenerateSessionKey(
  512. &InitDataFromSrv
  513. );
  514. if (!NT_SUCCESS( status )) {
  515. #if DBG
  516. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  517. DbgPrint("GenerateSessionKey failed, status = %x\n",status);
  518. }
  519. #endif
  520. return;
  521. }
  522. //
  523. // Set session key
  524. //
  525. RtlCopyMemory( &(EfsData.SessionKey[0]), InitDataFromSrv.Key, DES_KEYSIZE );
  526. deskey( (DESTable*)&(EfsData.SessionDesTable[0]),
  527. &(EfsData.SessionKey[0]));
  528. status = PsLookupProcessByProcessId(
  529. InitDataFromSrv.LsaProcessID,
  530. &(EfsData.LsaProcess)
  531. );
  532. if (NT_SUCCESS( status )) {
  533. EfsData.EfsInitialized = TRUE;
  534. if ( PsGetCurrentProcess() != EfsData.LsaProcess ){
  535. KAPC_STATE ApcState;
  536. //KeAttachProcess(EfsData.LsaProcess);
  537. KeStackAttachProcess (
  538. EfsData.LsaProcess,
  539. &ApcState
  540. );
  541. InitSecurityInterface();
  542. //KeDetachProcess();
  543. KeUnstackDetachProcess(&ApcState);
  544. } else {
  545. InitSecurityInterface();
  546. }
  547. EfsInitFips();
  548. } else {
  549. #if DBG
  550. if ( (EFSTRACEALL | EFSTRACELIGHT) & EFSDebug ){
  551. DbgPrint("PsLookupProcessByProcessId failed, status = %x\n",status);
  552. }
  553. #endif
  554. }
  555. return;
  556. }
  557. ULONG GetKeyBlobLength(
  558. ULONG AlgID
  559. )
  560. {
  561. if (EfsData.AllocMaxBuffer) {
  562. return AES_KEY_BLOB_LENGTH_256;
  563. }
  564. switch (AlgID){
  565. case CALG_DESX:
  566. return DESX_KEY_BLOB_LENGTH;
  567. case CALG_3DES:
  568. return DES3_KEY_BLOB_LENGTH;
  569. case CALG_AES_256:
  570. return AES_KEY_BLOB_LENGTH_256;
  571. case CALG_DES:
  572. default:
  573. return DES_KEY_BLOB_LENGTH;
  574. }
  575. return 0;
  576. }
  577. PKEY_BLOB
  578. GetKeyBlobBuffer(
  579. ULONG AlgID
  580. )
  581. {
  582. PNPAGED_LOOKASIDE_LIST MemSrcList = NULL;
  583. PKEY_BLOB_RAMPOOL KeyBlobPoolListItem = NULL;
  584. PKEY_BLOB_RAMPOOL pTmpItem = NULL;
  585. ULONG KeyBlobLength;
  586. PLIST_ENTRY pLink = NULL;
  587. PKEY_BLOB NewKeyBlob;
  588. KeyBlobLength = GetKeyBlobLength(AlgID);
  589. if (!KeyBlobLength){
  590. ASSERT(KeyBlobLength);
  591. return NULL;
  592. }
  593. ExAcquireFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex));
  594. for (pLink = EfsData.EfsKeyLookAsideList.Flink; pLink != &(EfsData.EfsKeyLookAsideList); pLink = pLink->Flink) {
  595. pTmpItem = CONTAINING_RECORD(pLink, KEY_BLOB_RAMPOOL, MemSourceChain);
  596. if (pTmpItem->AlgorithmID == AlgID) {
  597. //
  598. // The lookaside list already exists
  599. //
  600. MemSrcList = pTmpItem->MemSourceList;
  601. break;
  602. }
  603. }
  604. ExReleaseFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  605. if ( MemSrcList == NULL ) {
  606. //
  607. // No lookaside for this type of key. Go and create one item.
  608. //
  609. MemSrcList = (PNPAGED_LOOKASIDE_LIST)ExAllocateFromNPagedLookasideList(&(EfsData.EfsLookAside));
  610. KeyBlobPoolListItem = (PKEY_BLOB_RAMPOOL) ExAllocateFromPagedLookasideList(&(EfsData.EfsMemSourceItem));
  611. if ( (NULL == MemSrcList) || (NULL == KeyBlobPoolListItem) ){
  612. if (MemSrcList) {
  613. ExFreeToNPagedLookasideList(&(EfsData.EfsLookAside), MemSrcList );
  614. }
  615. if (KeyBlobPoolListItem){
  616. ExFreeToPagedLookasideList(&(EfsData.EfsMemSourceItem), KeyBlobPoolListItem );
  617. }
  618. return NULL;
  619. }
  620. RtlZeroMemory( KeyBlobPoolListItem, sizeof( KEY_BLOB_RAMPOOL ) );
  621. KeyBlobPoolListItem->MemSourceList = MemSrcList;
  622. KeyBlobPoolListItem->AlgorithmID = AlgID;
  623. ExInitializeNPagedLookasideList(
  624. MemSrcList,
  625. NULL,
  626. NULL,
  627. 0,
  628. KeyBlobLength,
  629. 'msfE',
  630. EFS_KEYDEPTH
  631. );
  632. ExAcquireFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex));
  633. InsertHeadList( &(EfsData.EfsKeyLookAsideList), &(KeyBlobPoolListItem->MemSourceChain));
  634. ExReleaseFastMutex( &(EfsData.EfsKeyBlobMemSrcMutex) );
  635. }
  636. //
  637. // Allocate the Key Blob
  638. //
  639. NewKeyBlob = (PKEY_BLOB)ExAllocateFromNPagedLookasideList(MemSrcList);
  640. if (NewKeyBlob){
  641. NewKeyBlob->AlgorithmID = AlgID;
  642. NewKeyBlob->KeyLength = KeyBlobLength;
  643. NewKeyBlob->MemSource = MemSrcList;
  644. }
  645. return NewKeyBlob;
  646. }
  647. BOOLEAN
  648. SetKeyTable(
  649. PKEY_BLOB KeyBlob,
  650. PEFS_KEY EfsKey
  651. )
  652. {
  653. char DesXTmpKey[DESX_KEYSIZE];
  654. switch ( EfsKey->Algorithm ){
  655. case CALG_3DES:
  656. if (EfsData.AllocMaxBuffer) {
  657. RtlZeroMemory( &(KeyBlob->Key[0]) + DES3_TABLESIZE, KeyBlob->KeyLength - DES3_KEY_BLOB_LENGTH);
  658. }
  659. if (EfsData.FipsFunctionTable.Fips3Des3Key) {
  660. EfsData.FipsFunctionTable.Fips3Des3Key(
  661. (DES3TABLE*) &(KeyBlob->Key[0]),
  662. ((char *)EfsKey) + sizeof ( EFS_KEY )
  663. );
  664. } else {
  665. return FALSE;
  666. }
  667. //tripledes3key(
  668. // (DES3TABLE*) &(KeyBlob->Key[0]),
  669. // ((char *)EfsKey) + sizeof ( EFS_KEY )
  670. // );
  671. break;
  672. case CALG_DESX:
  673. //
  674. // Flush the non used area.
  675. //
  676. if (EfsData.AllocMaxBuffer) {
  677. RtlZeroMemory( &(KeyBlob->Key[0]) + DESX_TABLESIZE, KeyBlob->KeyLength - DESX_KEY_BLOB_LENGTH);
  678. }
  679. desexpand128to192(
  680. ((char *)EfsKey) + sizeof ( EFS_KEY ),
  681. DesXTmpKey
  682. );
  683. desxkey(
  684. (DESXTable*) &(KeyBlob->Key[0]),
  685. DesXTmpKey
  686. );
  687. break;
  688. case CALG_AES_256:
  689. aeskey(
  690. (AESTable*) &(KeyBlob->Key[0]),
  691. ((char *)EfsKey) + sizeof ( EFS_KEY ),
  692. AES_ROUNDS_256
  693. );
  694. break;
  695. case CALG_DES:
  696. default:
  697. if (EfsData.AllocMaxBuffer) {
  698. RtlZeroMemory( &(KeyBlob->Key[0]) + DES_TABLESIZE, KeyBlob->KeyLength - DES_KEY_BLOB_LENGTH);
  699. }
  700. deskey(
  701. (DESTable*) &(KeyBlob->Key[0]),
  702. ((char *)EfsKey) + sizeof ( EFS_KEY )
  703. );
  704. break;
  705. }
  706. return TRUE;
  707. }
  708. BOOLEAN
  709. EfsInitFips(VOID)
  710. /*++
  711. Routine Description:
  712. Initialize the FIPS library table.
  713. Arguments:
  714. Return Value:
  715. TRUE/FALSE.
  716. --*/
  717. {
  718. UNICODE_STRING deviceName;
  719. NTSTATUS status;
  720. PDEVICE_OBJECT pDeviceObject;
  721. // PFILE_OBJECT pFileObject = NULL;
  722. PIRP pIrp;
  723. IO_STATUS_BLOCK IoStatusBlock;
  724. PAGED_CODE();
  725. RtlInitUnicodeString(&deviceName, FIPS_DEVICE_NAME);
  726. //
  727. // Get the file and device objects for FIPS.
  728. //
  729. status = IoGetDeviceObjectPointer( &deviceName,
  730. FILE_ALL_ACCESS,
  731. &EfsData.FipsFileObject,
  732. &pDeviceObject);
  733. if (status != STATUS_SUCCESS) {
  734. return FALSE;
  735. }
  736. //
  737. // Build the request to send to FIPS to get library table.
  738. //
  739. pIrp = IoBuildDeviceIoControlRequest( IOCTL_FIPS_GET_FUNCTION_TABLE,
  740. pDeviceObject,
  741. NULL,
  742. 0,
  743. &EfsData.FipsFunctionTable,
  744. sizeof(FIPS_FUNCTION_TABLE),
  745. FALSE,
  746. NULL,
  747. &IoStatusBlock
  748. );
  749. if (pIrp == NULL) {
  750. #if DBG
  751. DbgPrint("EfsInitFips: IoBuildDeviceIoControlRequest IOCTL_FIPS_GET_FUNCTION_TABLE failed.\n");
  752. #endif
  753. ObDereferenceObject(EfsData.FipsFileObject);
  754. EfsData.FipsFileObject = NULL;
  755. return FALSE;
  756. }
  757. status = IoCallDriver(pDeviceObject, pIrp);
  758. if (status != STATUS_SUCCESS) {
  759. ObDereferenceObject(EfsData.FipsFileObject);
  760. EfsData.FipsFileObject = NULL;
  761. #if DBG
  762. DbgPrint("EfsInitFips: IoCallDriver failed, status = %x\n",status);
  763. #endif
  764. return FALSE;
  765. }
  766. return TRUE;
  767. }