Headers again....

OSR_Community_User · September 20, 2005, 8:55am

My previous encryption driver worked without headers (and gave much
less PITA as you can imagine
Those who have added headers - am I missing something in the
following required for adding a 4K header to a file:

Changing allocation, valid data length and end of file during
queryinfo post op and setinfo preop
Changing the EoF and AllocSize during directory listing
I know this has been discussed - but not one post in the archives
for “adding header” search gives anything concrete on this subject.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 20, 2005, 9:08am

Dejan,

Glad to see your post, I am studying the similar things, adding tail to
file after encryption. Could you explain more detail with snippet for
changing the EoF and AllocSize?

Thanks

Bin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, September 20, 2005 8:56 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Headers again…

My previous encryption driver worked without headers (and gave much
less PITA as you can imagine
Those who have added headers - am I missing something in the
following required for adding a 4K header to a file:

Changing allocation, valid data length and end of file during
queryinfo post op and setinfo preop
Changing the EoF and AllocSize during directory listing
I know this has been discussed - but not one post in the archives
for “adding header” search gives anything concrete on this subject.

–

Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · September 20, 2005, 9:11am

Adding headers - changing the length of the data - runs into the
fundamental problem that length is reported by the file system to Cc/Mm
directly. Look in FastFat - the calls to CcSetFileSizes are those
calls.

The “problem” then is that this size is used to establish the size for
memory mapping as well. There is no easy way to “hide” the presence of
this header.

The best solution I’ve ever found is rather challenging to implement -
your “filter” is really a layered file system driver and takes over
control of the cache (and Mm) handling of the file itself. Of course,
once you do that, you can do anything you want with the size of the data
(and it is SO tempting to compress the data!)

In our DMK product, we use our own file format (it is log-structured,
actually) to manage the state and presentation of the data; this allows
us to compress, encrypt, store ACLs, support multiple streams, reparse
points, EAs, etc. regardless of the underlying file system (it really is
pretty cool to see streams supported on FAT). All through a layered
file system.

If you don’t add headers, actual encryption is manageable.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in Los
Angeles, CA October 24-27, 2005.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, September 20, 2005 8:56 AM
To: ntfsd redirect
Subject: [ntfsd] Headers again…

My previous encryption driver worked without headers (and gave much
less PITA as you can imagine
Those who have added headers - am I missing something in the
following required for adding a 4K header to a file:

Changing allocation, valid data length and end of file during
queryinfo post op and setinfo preop
Changing the EoF and AllocSize during directory listing
I know this has been discussed - but not one post in the archives
for “adding header” search gives anything concrete on this subject.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · September 20, 2005, 9:13am

Whether you add it as the header or the tail, it’s similar code - the part that
differs would be the write part.
Changing EoF/AS would be a simple +/- 4K (for my driver). (lpBuffer -> EndOfFile
. QuadPart -= 4096)

Bin Zeng wrote:

Dejan,

Glad to see your post, I am studying the similar things, adding tail to
file after encryption. Could you explain more detail with snippet for
changing the EoF and AllocSize?

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 20, 2005, 9:18am

Fair warning: I have previously been told that there is an outstanding
patent against the technique of adding *trailers* to encrypted files. I
have never confirmed the existence of that patent. This may or may not
be applicable to your product, depending upon the country in which you
are located and the countries into which you plan on selling your
product.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in Los
Angeles, CA October 24-27, 2005.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bin Zeng
Sent: Tuesday, September 20, 2005 9:08 AM
To: ntfsd redirect
Subject: RE: [ntfsd] Headers again…

Dejan,

Glad to see your post, I am studying the similar things, adding tail to
file after encryption. Could you explain more detail with snippet for
changing the EoF and AllocSize?

Thanks

Bin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, September 20, 2005 8:56 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Headers again…

My previous encryption driver worked without headers (and gave much
less PITA as you can imagine
Those who have added headers - am I missing something in the
following required for adding a 4K header to a file:

Changing allocation, valid data length and end of file during
queryinfo post op and setinfo preop
Changing the EoF and AllocSize during directory listing
I know this has been discussed - but not one post in the archives
for “adding header” search gives anything concrete on this subject.

–

Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · September 20, 2005, 9:19am

Changing EoF/AS in the IRP_MJ_SET_INFORMATION?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, September 20, 2005 9:13 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Headers again…

Whether you add it as the header or the tail, it’s similar code -
the part that
differs would be the write part.
Changing EoF/AS would be a simple +/- 4K (for my driver). (lpBuffer
-> EndOfFile
. QuadPart -= 4096)

Bin Zeng wrote:

Dejan,

Glad to see your post, I am studying the similar things, adding tail
to
file after encryption. Could you explain more detail with snippet for
changing the EoF and AllocSize?

–

Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · September 20, 2005, 9:33am

Encryption without headers was a breeze, aside from the possible deadlock with
purging the cache Vladimir mentioned recently.
Memory mapping is used by Notepad, therefore, the reporting I already is
sufficient.
Now, while I can’t trick the cache manager into thinking the file has a different
size - would I really need that? The application is reported “the right size” in all
the calls, it would not try to read the data over this - and if it tries, it would
get EOF status.
Modifying only the non-cached reads/writes to read/write +4K offset (the cached
ones would be read from the cache at the right position), the cache manager would
read in the cipher data (and not the header).
I know for a fact headers were implemented without overtaking CC control, but
that’s as far as I can go with that fact (lawyers will understand)

Regards, Dejan.

Tony Mason wrote:

Adding headers - changing the length of the data - runs into the
fundamental problem that length is reported by the file system to Cc/Mm
directly. Look in FastFat - the calls to CcSetFileSizes are those
calls.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 20, 2005, 9:57am

Yes, and in query information, too.

Bin Zeng wrote:

Changing EoF/AS in the IRP_MJ_SET_INFORMATION?

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, September 20, 2005 9:13 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Headers again…

Whether you add it as the header or the tail, it’s similar code -
the part that
differs would be the write part.
Changing EoF/AS would be a simple +/- 4K (for my driver). (lpBuffer
-> EndOfFile
. QuadPart -= 4096)

Bin Zeng wrote:

> Dejan,
>
> Glad to see your post, I am studying the similar things, adding tail
to
> file after encryption. Could you explain more detail with snippet for
> changing the EoF and AllocSize?

–

Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 20, 2005, 9:58am

Ahh yes - in Germany there is a patent against any type of FS security products
(which by its wording would also include NTFS).

Tony Mason wrote:

Fair warning: I have previously been told that there is an outstanding
patent against the technique of adding *trailers* to encrypted files. I
have never confirmed the existence of that patent. This may or may not
be applicable to your product, depending upon the country in which you
are located and the countries into which you plan on selling your
product.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 20, 2005, 10:28am

> Encryption without headers was a breeze, aside from the possible deadlock

with
purging the cache Vladimir mentioned recently.

We use tail (not header) in our encryption filter. The biggest reason to do
it
this way is copying encrypted files - the information about file’s
encryption
is always hold together with the file, even if the driver is actually not
loaded

L.

OSR_Community_User · September 20, 2005, 10:51am

Can I use the api function “CryptEncrypt” to encrypt the data in the
filter driver?

Bin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Tuesday, September 20, 2005 10:28 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Headers again…

Encryption without headers was a breeze, aside from the possible
deadlock
with
purging the cache Vladimir mentioned recently.

We use tail (not header) in our encryption filter. The biggest reason to
do
it
this way is copying encrypted files - the information about file’s
encryption
is always hold together with the file, even if the driver is actually
not
loaded

L.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Don_Burn_1 · September 20, 2005, 11:08am

This is a user space API, you do not use user space API’s in the kernel.
Bottom line, go take a class on kernel mode programming, practice, then take
the OSR class file systems. Right now, you will either produce nothing
workable, or worse produce something that someone sells that will corrupt
anything it touches.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Bin Zeng” wrote in message news:xxxxx@ntfsd…
Can I use the api function “CryptEncrypt” to encrypt the data in the
filter driver?

Bin

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Tuesday, September 20, 2005 10:28 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] Headers again…

> Encryption without headers was a breeze, aside from the possible
deadlock
> with
> purging the cache Vladimir mentioned recently.

We use tail (not header) in our encryption filter. The biggest reason to
do
it
this way is copying encrypted files - the information about file’s
encryption
is always hold together with the file, even if the driver is actually
not
loaded

L.

—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@evertrust.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · September 20, 2005, 7:41pm

So can you tell me am I missing something on the list in my first mail?

Ladislav Zezula wrote:

> Encryption without headers was a breeze, aside from the possible deadlock
> with
> purging the cache Vladimir mentioned recently.

We use tail (not header) in our encryption filter. The biggest reason to do
it this way is copying encrypted files - the information about file’s
encryption is always hold together with the file, even if the driver is actually
not loaded

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 21, 2005, 1:29am

> So can you tell me am I missing something on the list in my first mail?

No. If you will “correctly lie” about allocation size, end of file and
ValidDataLength in IRP_MJ_QUERY_INFORMATION
and you also will “correctly lie” about the file size in
QUERY_DIRECTORY, then it will be no problem with
changed size.

However, I don’t exactly know how to do this in cooperation with Cc/Mm
without building layered file system. The real (encrypted) file size will be
reported to Cc by the underlying file system, and I don’t know
how the Cc will accept less data than it expects.

The next problem is with performance during QUERY_DIRECTORY.
You must find a way how to get file size as quickly as possible,
because directories are often searched and is just not possible
to open all files being directory-queried.

L.

OSR_Community_User · September 21, 2005, 7:35am

> However, I don’t exactly know how to do this in cooperation with Cc/Mm

without building layered file system. The real (encrypted) file size will be
reported to Cc by the underlying file system, and I don’t know
how the Cc will accept less data than it expects.

It is not a problem for it to get bogus data for the last page (or zeroed
data), as it would not be read by anything other than Cc/Mm.

The next problem is with performance during QUERY_DIRECTORY.
You must find a way how to get file size as quickly as possible,
because directories are often searched and is just not possible
to open all files being directory-queried.

This is not a problem for our purpose.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · September 21, 2005, 7:53am

> It is not a problem for it to get bogus data for the last page (or zeroed

data), as it would not be read by anything other than Cc/Mm.

Yes, but your read function will return less bytes in
Irp->IoStatus.Information than Cc expects. But as I’ve said,
I don’t exactly know if it will be a problem.

If it will work, let me know

Have fun,

L.