Sector wise encryption/decryption

as each write comes into the driver you’d encrypt the data in a new
buffer, then send a write with the new buffer. As each read comes into
the driver you’d let it run then decrypt the data and complete it.

(can you tell me why you should put the encrypted data in a new buffer
raher than encrypting it in place?)

all reads and writes to the disk driver will be in increments of sector
size. You can use IOCTL_DISK_GET_GEOMETRY to find the sector size. The
file system retrieves data from the disk by calling the disk driver - if
you’re a filter in that stack then you’ll be part of that call.

you may want to consider doing sector-wise encryption at the volume
level rather than the partition level. It seems more likely that you
want to encrypt c: and not just one of the disks that makes up the
stripe-volume that c: points to. but i may be wrong.

read the DDK documentation on disk drivers. read some of the other
books out there on driver development. get a feeling for how filters
work, how the disk stack works, and how it interacts with other
components. This may allow you to ask more specific questions then “how
do i design a driver to encrypt the disk”.

good luck,
-p


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Wednesday, June 09, 2004 8:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sector wise encryption/decryption

Hi,
Earlier i posted a question regarding capturing data at the disk
partition upper filter driver level.
I need some help to begin with the sector-wise encryption and decryption
of that particular partition and it is not the boot partition.
I know my question sounds quite vague but i myself dnt have any idea as
to how to begin with.
I can do byte level enc-dec.
But how to move it to sector level,i just need some idea as to how to
begin with.
How will the FS retrieve data if the sector is encrypted and what
additional capabilities do i have to add to my filter.

Please do respond

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com</http:>

You wouldn’t be able to encrypt in place all the time because write
access to the buffer is not guaranteed when encrypting (i.e. when
writing data), whereas decryption does guarantee write access since the
user is reading. Decrypting in place should be fine.
Probing for write if it’s a user buffer before going ahead and using
pool for encrypting maybe more efficient.
Ravi

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 10:27 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

as each write comes into the driver you’d encrypt the data in a new
buffer, then send a write with the new buffer. As each read comes into
the driver you’d let it run then decrypt the data and complete it.

(can you tell me why you should put the encrypted data in a new buffer
raher than encrypting it in place?)

all reads and writes to the disk driver will be in increments of sector
size. You can use IOCTL_DISK_GET_GEOMETRY to find the sector size. The
file system retrieves data from the disk by calling the disk driver - if
you’re a filter in that stack then you’ll be part of that call.

you may want to consider doing sector-wise encryption at the volume
level rather than the partition level. It seems more likely that you
want to encrypt c: and not just one of the disks that makes up the
stripe-volume that c: points to. but i may be wrong.

read the DDK documentation on disk drivers. read some of the other
books out there on driver development. get a feeling for how filters
work, how the disk stack works, and how it interacts with other
components. This may allow you to ask more specific questions then “how
do i design a driver to encrypt the disk”.

good luck,
-p


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Wednesday, June 09, 2004 8:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sector wise encryption/decryption

Hi,
Earlier i posted a question regarding capturing data at the disk
partition upper filter driver level.
I need some help to begin with the sector-wise encryption and decryption
of that particular partition and it is not the boot partition.
I know my question sounds quite vague but i myself dnt have any idea as
to how to begin with.
I can do byte level enc-dec.
But how to move it to sector level,i just need some idea as to how to
begin with.
How will the FS retrieve data if the sector is encrypted and what
additional capabilities do i have to add to my filter.

Please do respond

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

So let’s say that I could determine whether I have the ability to write
to the buffer. Is encrypting in-place okay then?

Anyone else?

-p

(I’m not trying to be an ass, I’m feeling professorial today)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ravisankar
Pudipeddi
Sent: Thursday, June 10, 2004 10:52 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

You wouldn’t be able to encrypt in place all the time because write
access to the buffer is not guaranteed when encrypting (i.e. when
writing data), whereas decryption does guarantee write access since the
user is reading. Decrypting in place should be fine.
Probing for write if it’s a user buffer before going ahead and using
pool for encrypting maybe more efficient.
Ravi

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 10:27 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

as each write comes into the driver you’d encrypt the data in a new
buffer, then send a write with the new buffer. As each read comes into
the driver you’d let it run then decrypt the data and complete it.

(can you tell me why you should put the encrypted data in a new buffer
raher than encrypting it in place?)

all reads and writes to the disk driver will be in increments of sector
size. You can use IOCTL_DISK_GET_GEOMETRY to find the sector size. The
file system retrieves data from the disk by calling the disk driver - if
you’re a filter in that stack then you’ll be part of that call.

you may want to consider doing sector-wise encryption at the volume
level rather than the partition level. It seems more likely that you
want to encrypt c: and not just one of the disks that makes up the
stripe-volume that c: points to. but i may be wrong.

read the DDK documentation on disk drivers. read some of the other
books out there on driver development. get a feeling for how filters
work, how the disk stack works, and how it interacts with other
components. This may allow you to ask more specific questions then “how
do i design a driver to encrypt the disk”.

good luck,
-p


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Wednesday, June 09, 2004 8:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sector wise encryption/decryption

Hi,
Earlier i posted a question regarding capturing data at the disk
partition upper filter driver level.
I need some help to begin with the sector-wise encryption and decryption
of that particular partition and it is not the boot partition.
I know my question sounds quite vague but i myself dnt have any idea as
to how to begin with.
I can do byte level enc-dec.
But how to move it to sector level,i just need some idea as to how to
begin with.
How will the FS retrieve data if the sector is encrypted and what
additional capabilities do i have to add to my filter.

Please do respond

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

OK. Since the buffers can be shared with user mode changing them may
confuse the application that believes it knows what is in the buffers.
Memory mapped files are a specific case where trying to encrypt the write
buffer will cause problems. Try Notepad to have fun. If you can encrypt &
decrypt files for both winword and notepad, you have most of the code
working for a security product. In a more plain form the buffers that
contain the file data are in some cases actually passed to an application
with read and write access. Normally most people think of those buffers as
belonging to the memory manager and cache manager, but that is not always
true. With overlapped IO or even normal caching activity, the application
may continue to use the buffers before the data is actually committed to
storage.

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
So let’s say that I could determine whether I have the ability to write
to the buffer. Is encrypting in-place okay then?

Anyone else?

-p

(I’m not trying to be an ass, I’m feeling professorial today)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ravisankar
Pudipeddi
Sent: Thursday, June 10, 2004 10:52 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

You wouldn’t be able to encrypt in place all the time because write
access to the buffer is not guaranteed when encrypting (i.e. when
writing data), whereas decryption does guarantee write access since the
user is reading. Decrypting in place should be fine.
Probing for write if it’s a user buffer before going ahead and using
pool for encrypting maybe more efficient.
Ravi

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 10:27 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

as each write comes into the driver you’d encrypt the data in a new
buffer, then send a write with the new buffer. As each read comes into
the driver you’d let it run then decrypt the data and complete it.

(can you tell me why you should put the encrypted data in a new buffer
raher than encrypting it in place?)

all reads and writes to the disk driver will be in increments of sector
size. You can use IOCTL_DISK_GET_GEOMETRY to find the sector size. The
file system retrieves data from the disk by calling the disk driver - if
you’re a filter in that stack then you’ll be part of that call.

you may want to consider doing sector-wise encryption at the volume
level rather than the partition level. It seems more likely that you
want to encrypt c: and not just one of the disks that makes up the
stripe-volume that c: points to. but i may be wrong.

read the DDK documentation on disk drivers. read some of the other
books out there on driver development. get a feeling for how filters
work, how the disk stack works, and how it interacts with other
components. This may allow you to ask more specific questions then “how
do i design a driver to encrypt the disk”.

good luck,
-p

________________________________

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Wednesday, June 09, 2004 8:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sector wise encryption/decryption

Hi,
Earlier i posted a question regarding capturing data at the disk
partition upper filter driver level.
I need some help to begin with the sector-wise encryption and decryption
of that particular partition and it is not the boot partition.
I know my question sounds quite vague but i myself dnt have any idea as
to how to begin with.
I can do byte level enc-dec.
But how to move it to sector level,i just need some idea as to how to
begin with.
How will the FS retrieve data if the sector is encrypted and what
additional capabilities do i have to add to my filter.

Please do respond

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

Exactly.

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David J. Craig
Sent: Thursday, June 10, 2004 3:36 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Sector wise encryption/decryption

OK. Since the buffers can be shared with user mode changing them may
confuse the application that believes it knows what is in the buffers.
Memory mapped files are a specific case where trying to encrypt the
write buffer will cause problems. Try Notepad to have fun. If you can
encrypt & decrypt files for both winword and notepad, you have most of
the code working for a security product. In a more plain form the
buffers that contain the file data are in some cases actually passed to
an application with read and write access. Normally most people think
of those buffers as belonging to the memory manager and cache manager,
but that is not always true. With overlapped IO or even normal caching
activity, the application may continue to use the buffers before the
data is actually committed to storage.

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
So let’s say that I could determine whether I have the ability to write
to the buffer. Is encrypting in-place okay then?

Anyone else?

-p

(I’m not trying to be an ass, I’m feeling professorial today)

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ravisankar
Pudipeddi
Sent: Thursday, June 10, 2004 10:52 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

You wouldn’t be able to encrypt in place all the time because write
access to the buffer is not guaranteed when encrypting (i.e. when
writing data), whereas decryption does guarantee write access since the
user is reading. Decrypting in place should be fine.
Probing for write if it’s a user buffer before going ahead and using
pool for encrypting maybe more efficient.
Ravi

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Wieland
Sent: Thursday, June 10, 2004 10:27 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Sector wise encryption/decryption

as each write comes into the driver you’d encrypt the data in a new
buffer, then send a write with the new buffer. As each read comes into
the driver you’d let it run then decrypt the data and complete it.

(can you tell me why you should put the encrypted data in a new buffer
raher than encrypting it in place?)

all reads and writes to the disk driver will be in increments of sector
size. You can use IOCTL_DISK_GET_GEOMETRY to find the sector size. The
file system retrieves data from the disk by calling the disk driver - if
you’re a filter in that stack then you’ll be part of that call.

you may want to consider doing sector-wise encryption at the volume
level rather than the partition level. It seems more likely that you
want to encrypt c: and not just one of the disks that makes up the
stripe-volume that c: points to. but i may be wrong.

read the DDK documentation on disk drivers. read some of the other
books out there on driver development. get a feeling for how filters
work, how the disk stack works, and how it interacts with other
components. This may allow you to ask more specific questions then “how
do i design a driver to encrypt the disk”.

good luck,
-p

________________________________

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Wednesday, June 09, 2004 8:38 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sector wise encryption/decryption

Hi,
Earlier i posted a question regarding capturing data at the disk
partition upper filter driver level.
I need some help to begin with the sector-wise encryption and decryption
of that particular partition and it is not the boot partition.
I know my question sounds quite vague but i myself dnt have any idea as
to how to begin with.
I can do byte level enc-dec.
But how to move it to sector level,i just need some idea as to how to
begin with.
How will the FS retrieve data if the sector is encrypted and what
additional capabilities do i have to add to my filter.

Please do respond

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed
to ntdev as: xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

> you may want to consider doing sector-wise encryption at the volume

level rather than the partition level.

…and the have the great headache of allowing NTLDR to boot the OS off this
disk.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

  1. you are including ADVERTISEMENT POPUPS in your signature. Please stop
    that.
  2. You CANNOT provide per-process or per-user semantics for read/write
    operations below the filesystem in the storage stack. Until you wrap your
    head around that fact your entire design is bogus.

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vartika singh
Sent: Thursday, June 10, 2004 11:49 PM
To: Windows System Software Devs Interest List
Subject: Re: RE: [ntdev] Sector wise encryption/decryption

Hi all!

Good Morning!

Yup, thanx a lot for the tips.

I will certainly go thru the ddk documentation.

As for the encrypting the buffer in the place, i guess it’s smthing
like two or more applications maybe viewing the buffer at the same
time.Encrypting it for one application will give an incorrect view to the
others.

regards

V.S.

http: — Questions?
First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: xxxxx@hollistech.com To unsubscribe send a blank email to
xxxxx@lists.osr.com</http:>

Hi Mark

…1) you are including ADVERTISEMENT POPUPS in your signature. Please stop
that.

Im sorry about the ADVT POP-UPS.
I tried but i couldn’t disable that option from my earlier Rediff Accnt.
Thus, i have suscribed again from this accnt.
Im not using my office accnt 'cause i wnt be able to check the mail when im not in office.

…2) You CANNOT provide per-process or per-user semantics for read/write
operations below the filesystem in the storage stack. Until you wrap your
head around that fact your entire design is bogus.

As for the encryption,i will be encrypting the partition, regardless of the user and the process in a data-only partition.
This is the requirement.
Im writing another filter driver above file system,for handling that scenario, and again, that’s another requirement.

regards

V.S.


Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger

Hi Maxim,

> you may want to consider doing sector-wise encryption at the volume
> level rather than the partition level.

…and the have the great headache of allowing NTLDR to boot the OS off this
disk.

I didn’t get u clearly.Will u please explain the above point to me.

Regards

V.S.


Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger

Don’t forget to decrypt in the NTLDR reads paths too. Otherwise, NTLDR will be unable to boot the encrypted kernel.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: vartika Singh
To: Windows System Software Devs Interest List
Sent: Monday, June 14, 2004 8:43 AM
Subject: [ntdev] Sector wise encryption/decryption

Hi Mark

…1) you are including ADVERTISEMENT POPUPS in your signature. Please stop
that.

Im sorry about the ADVT POP-UPS.
I tried but i couldn’t disable that option from my earlier Rediff Accnt.
Thus, i have suscribed again from this accnt.
Im not using my office accnt 'cause i wnt be able to check the mail when im not in office.

…2) You CANNOT provide per-process or per-user semantics for read/write
operations below the filesystem in the storage stack. Until you wrap your
head around that fact your entire design is bogus.

As for the encryption,i will be encrypting the partition, regardless of the user and the process in a data-only partition.
This is the requirement.
Im writing another filter driver above file system,for handling that scenario, and again, that’s another requirement.

regards

V.S.


Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi,

Got it now.

Thanx a lot for the help.

Regards

V.S.


Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger