about sector encryption

OSR_Community_User · November 2, 2003, 11:57am

Hi,everyone!I want to filter the main dispatch driver’s routines
(IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher data every time a set of
harddisk sectors is written/read.Exactly,I want to cipher/decipher data at
sector-lever.
The problems are:
1.Shoud i write a upper(lower?) filter driver on disk.sys?
2.How can i get the data whitch is to be written or has been read?
3.I am confused with logical disk and physical disk,on which implement my
ideas?

Maxim_S_Shatskih · November 2, 2003, 6:59pm

What you need is the FS filter, which will filter noncached IO paths.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “ziking_hu”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Sunday, November 02, 2003 7:55 PM
Subject: [ntdev] about sector encryption

> Hi,everyone!I want to filter the main dispatch driver’s routines
> (IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher data every time a set of
> harddisk sectors is written/read.Exactly,I want to cipher/decipher data at
> sector-lever.
> The problems are:
> 1.Shoud i write a upper(lower?) filter driver on disk.sys?
> 2.How can i get the data whitch is to be written or has been read?
> 3.I am confused with logical disk and physical disk,on which implement my
> ideas?
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · November 4, 2003, 12:50pm

I think if you want to implement sector level
encryption you’d better write a lower filter driver of
disk.sys. In you driver you can get all the SCSI
commands. Then parse the commands for read/write.

BTW, can a FS filter can implement sector level
encryption?

Michael

— “Maxim S. Shatskih”
wrote: > What you need is the FS filter, which
will
> filter noncached IO paths.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> ----- Original Message -----
> From: “ziking_hu”
> Newsgroups: ntdev
> To: “Windows System Software Devs Interest List”
>
> Sent: Sunday, November 02, 2003 7:55 PM
> Subject: [ntdev] about sector encryption
>
>
> > Hi,everyone!I want to filter the main dispatch
> driver’s routines
> > (IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher
> data every time a set of
> > harddisk sectors is written/read.Exactly,I want to
> cipher/decipher data at
> > sector-lever.
> > The problems are:
> > 1.Shoud i write a upper(lower?) filter driver on
> disk.sys?
> > 2.How can i get the data whitch is to be written
> or has been read?
> > 3.I am confused with logical disk and physical
> disk,on which implement my
> > ideas?
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as:
> xxxxx@storagecraft.com
> > To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.ca
> To unsubscribe send a blank email to
xxxxx@lists.osr.com

______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca

Nick_Ryan · November 4, 2003, 1:21pm

> I think if you want to implement sector level

encryption you’d better write a lower filter driver of
disk.sys. In you driver you can get all the SCSI
commands. Then parse the commands for read/write.

BTW, can a FS filter can implement sector level
encryption?

No. An FS filter cannot sneak in below the FSD and the storage stack.

Michael

— “Maxim S. Shatskih”
> wrote: > What you need is the FS filter, which
> will
>
>>filter noncached IO paths.
>>
>>Maxim Shatskih, Windows DDK MVP
>>StorageCraft Corporation
>>xxxxx@storagecraft.com
>>http://www.storagecraft.com
>>
>>
>>----- Original Message -----
>>From: “ziking_hu”
>>Newsgroups: ntdev
>>To: “Windows System Software Devs Interest List”
>>
>>Sent: Sunday, November 02, 2003 7:55 PM
>>Subject: [ntdev] about sector encryption
>>
>>
>>
>>>Hi,everyone!I want to filter the main dispatch
>>
>>driver’s routines
>>
>>>(IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher
>>
>>data every time a set of
>>
>>>harddisk sectors is written/read.Exactly,I want to
>>
>>cipher/decipher data at
>>
>>>sector-lever.
>>>The problems are:
>>>1.Shoud i write a upper(lower?) filter driver on
>>
>>disk.sys?
>>
>>>2.How can i get the data whitch is to be written
>>
>>or has been read?
>>
>>>3.I am confused with logical disk and physical
>>
>>disk,on which implement my
>>
>>>ideas?
>>>
>>>
>>>
>>>—
>>>Questions? First check the Kernel Driver FAQ at
>>
>>http://www.osronline.com/article.cfm?id=256
>>
>>>You are currently subscribed to ntdev as:
>>
>>xxxxx@storagecraft.com
>>
>>>To unsubscribe send a blank email to
>>
>>xxxxx@lists.osr.com
>>
>>
>>—
>>Questions? First check the Kernel Driver FAQ at
>>http://www.osronline.com/article.cfm?id=256
>>
>>You are currently subscribed to ntdev as:
>>xxxxx@yahoo.ca
>>To unsubscribe send a blank email to
>
> xxxxx@lists.osr.com
>
> ______________________________________________________________________
> Post your free ad now! http://personals.yahoo.ca
>
>

–
Nick Ryan (MVP for DDK)

OSR_Community_User · November 4, 2003, 2:04pm

Yes it can! If your FS filter is monitoring the MOUNT request, you can
attach a disk filter to the disk stack before the FSD passes down the
mount request. If the mount fails, detach the filter before returning
from the mount request. Our volume snapshot driver does exactly this.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nick Ryan
Sent: Tuesday, November 04, 2003 10:21 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: about sector encryption

I think if you want to implement sector level
encryption you’d better write a lower filter driver of
disk.sys. In you driver you can get all the SCSI
commands. Then parse the commands for read/write.

BTW, can a FS filter can implement sector level
encryption?

No. An FS filter cannot sneak in below the FSD and the storage stack.

Michael

— “Maxim S. Shatskih”
> wrote: > What you need is the FS filter, which
> will
>
>>filter noncached IO paths.
>>
>>Maxim Shatskih, Windows DDK MVP
>>StorageCraft Corporation
>>xxxxx@storagecraft.com
>>http://www.storagecraft.com
>>
>>
>>----- Original Message -----
>>From: “ziking_hu”
>>Newsgroups: ntdev
>>To: “Windows System Software Devs Interest List”
>>
>>Sent: Sunday, November 02, 2003 7:55 PM
>>Subject: [ntdev] about sector encryption
>>
>>
>>
>>>Hi,everyone!I want to filter the main dispatch
>>
>>driver’s routines
>>
>>>(IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher
>>
>>data every time a set of
>>
>>>harddisk sectors is written/read.Exactly,I want to
>>
>>cipher/decipher data at
>>
>>>sector-lever.
>>>The problems are:
>>>1.Shoud i write a upper(lower?) filter driver on
>>
>>disk.sys?
>>
>>>2.How can i get the data whitch is to be written
>>
>>or has been read?
>>
>>>3.I am confused with logical disk and physical
>>
>>disk,on which implement my
>>
>>>ideas?
>>>
>>>
>>>
>>>—
>>>Questions? First check the Kernel Driver FAQ at
>>
>>http://www.osronline.com/article.cfm?id=256
>>
>>>You are currently subscribed to ntdev as:
>>
>>xxxxx@storagecraft.com
>>
>>>To unsubscribe send a blank email to
>>
>>xxxxx@lists.osr.com
>>
>>
>>—
>>Questions? First check the Kernel Driver FAQ at
>>http://www.osronline.com/article.cfm?id=256
>>
>>You are currently subscribed to ntdev as:
>>xxxxx@yahoo.ca
>>To unsubscribe send a blank email to
>
> xxxxx@lists.osr.com
>
> ______________________________________________________________________

> Post your free ad now! http://personals.yahoo.ca
>
>

–
Nick Ryan (MVP for DDK)

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Maxim_S_Shatskih · November 5, 2003, 2:53pm

> No. An FS filter cannot sneak in below the FSD and the storage stack.

Did this. Hard thing to do reliably in all NT versions, mount paths are a bit
different from one another in this respect.

Nevertheless, I managed to do this and this works reliably in all NT versions
since NT4.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Maxim_S_Shatskih · November 5, 2003, 2:53pm

> I think if you want to implement sector level

encryption you’d better write a lower filter driver of
disk.sys. In you driver you can get all the SCSI
commands. Then parse the commands for read/write.

Also possible, and will encrypt all partitions on the disk, unless some other
measures are taken.

BTW, can a FS filter can implement sector level
encryption?

Yes, since everything is a file, both data and metadata. The free space will
not be encrypted though.
FS filter has the advantage of only encrypting selected directories, not the
whole volume.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Nick_Ryan · November 5, 2003, 4:28pm

True, but then it’s no longer just an FS filter, it’s an FS filter (on
top of the filesytem stack) + a storage filter (on top of the storage
stack) :). But whatever the semantics of it the technique is certainly cool.

Jamey Kirby wrote:

Yes it can! If your FS filter is monitoring the MOUNT request, you can
attach a disk filter to the disk stack before the FSD passes down the
mount request. If the mount fails, detach the filter before returning
from the mount request. Our volume snapshot driver does exactly this.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nick Ryan
Sent: Tuesday, November 04, 2003 10:21 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: about sector encryption

>I think if you want to implement sector level
>encryption you’d better write a lower filter driver of
>disk.sys. In you driver you can get all the SCSI
>commands. Then parse the commands for read/write.
>
>BTW, can a FS filter can implement sector level
>encryption?

No. An FS filter cannot sneak in below the FSD and the storage stack.

>Michael
>
> — “Maxim S. Shatskih”
>>wrote: > What you need is the FS filter, which
>>will
>>
>>
>>>filter noncached IO paths.
>>>
>>>Maxim Shatskih, Windows DDK MVP
>>>StorageCraft Corporation
>>>xxxxx@storagecraft.com
>>>http://www.storagecraft.com
>>>
>>>
>>>----- Original Message -----
>>>From: “ziking_hu”
>>>Newsgroups: ntdev
>>>To: “Windows System Software Devs Interest List”
>>>
>>>Sent: Sunday, November 02, 2003 7:55 PM
>>>Subject: [ntdev] about sector encryption
>>>
>>>
>>>
>>>
>>>>Hi,everyone!I want to filter the main dispatch
>>>
>>>driver’s routines
>>>
>>>
>>>>(IRP_MJ_READ and IRP_MJ_WRITE) to cipher/decipher
>>>
>>>data every time a set of
>>>
>>>
>>>>harddisk sectors is written/read.Exactly,I want to
>>>
>>>cipher/decipher data at
>>>
>>>
>>>>sector-lever.
>>>>The problems are:
>>>>1.Shoud i write a upper(lower?) filter driver on
>>>
>>>disk.sys?
>>>
>>>
>>>>2.How can i get the data whitch is to be written
>>>
>>>or has been read?
>>>
>>>
>>>>3.I am confused with logical disk and physical
>>>
>>>disk,on which implement my
>>>
>>>
>>>>ideas?
>>>>
>>>>
>>>>
>>>>—
>>>>Questions? First check the Kernel Driver FAQ at
>>>
>>>http://www.osronline.com/article.cfm?id=256
>>>
>>>
>>>>You are currently subscribed to ntdev as:
>>>
>>>xxxxx@storagecraft.com
>>>
>>>
>>>>To unsubscribe send a blank email to
>>>
>>>xxxxx@lists.osr.com
>>>
>>>
>>>—
>>>Questions? First check the Kernel Driver FAQ at
>>>http://www.osronline.com/article.cfm?id=256
>>>
>>>You are currently subscribed to ntdev as:
>>>xxxxx@yahoo.ca
>>>To unsubscribe send a blank email to
>>
>>xxxxx@lists.osr.com
>>
>> ______________________________________________________________________
>
>
>>Post your free ad now! http://personals.yahoo.ca
>>
>>
>
>

–
Nick Ryan (MVP for DDK)

Nick_Ryan · November 5, 2003, 9:53pm

Maxim S. Shatskih wrote:

>I think if you want to implement sector level
>encryption you’d better write a lower filter driver of
>disk.sys. In you driver you can get all the SCSI
>commands. Then parse the commands for read/write.

Also possible, and will encrypt all partitions on the disk, unless some other
measures are taken.

>BTW, can a FS filter can implement sector level
>encryption?

Yes, since everything is a file, both data and metadata. The free space will
not be encrypted though.
FS filter has the advantage of only encrypting selected directories, not the
whole volume.

Assuming the filesystem is going through Cc for all metadata that you
wish to encrypt… even so I can think of a dozensreasons why this might
blow up. Have you actually gotten this to work with FastFat/NTFS?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

–
Nick Ryan (MVP for DDK)