kblock.cpp

加密解密,安全工具！很有意思的代码

    alg_free_key( Alg, keyHandle );

    return ERROR_NO;
}



DWORD DataBlockVerifyPasswordAndGetKey_Hidden(
                                             DATA_BLOCK *DataBlock,
                                             ALG_SERV   Alg,
                                             DWORD      AlgKeyLength,
                                             char       *Password,
                                             BYTE       *Key,
                                             BYTE       *PoolBuffer,
                                             DWORD      *Offset,
                                             DWORD      *BusyMask,
                                             DWORD      *KeyBlockPositionMask
                                             )
{
    KEY_BLOCK *kbFound;
    int       i;
    DWORD     dwRes;

    dwRes = ERROR_INCORRECT_PASSWORD;

    for ( i = MAXIMUM_NUMBER_OF_KEYS - 1;  i>0;  i-- )
    {
        kbFound = &(DataBlock->keys[i]);
        if ( getAttribute(kbFound->keyAttribute) != KATTRIBUTE_KEY_EMPTY ) continue;

        dwRes = localDataBlockVerifyPasswordAndGetKey_Hidden( DataBlock, kbFound,
                                                              Alg, Alg.alg_id, AlgKeyLength, Password, Key,
                                                              PoolBuffer, Offset, BusyMask );

        if ( dwRes == ERROR_NO )
        {
            *KeyBlockPositionMask = 1 << i;
            return ERROR_NO;
        }
    }

    return dwRes;
}



/*******************************************************
 *
 * DataBlock_CheckFreeSpaceForNewPassword()
 * - check - can we add new password to container?
 *
 *******************************************************/


DWORD DataBlock_CheckFreeSpaceForNewPassword( DATA_BLOCK *DataBlock )
{
    KEY_BLOCK *kb, *kbFound;

    /* find empty KEY_BLOCK inside DataBlock */
    kb = DataBlock->keys;
    kbFound = NULL;

    for ( int i=0; i<MAXIMUM_NUMBER_OF_KEYS; i++, kb++ )
    {
        if ( getAttribute(kb->keyAttribute) == KATTRIBUTE_KEY_EMPTY )
        {
            kbFound = kb;
            break;
        }
    }

    if ( !kbFound ) return ERROR_NOT_ENOUGH_SPACE_FOR_KEY;

    return ERROR_NO;
}



/*******************************************************
 *
 * DataBlockAddPassword()
 * - add new password to container
 *
 *******************************************************/


DWORD DataBlockAddPassword( DATA_BLOCK **DataBlock,
                            DWORD      *DataSize,
                            ALG_SERV   Alg,
                            DWORD      AlgKeyLength,
                            char       *Password,
                            BYTE       *Key,
                            DWORD      KeyAttribute,
                            BYTE       *PoolBuffer
                          )
{
    BYTE      storageKey[ MAXIMUM_KEY_SIZE_BYTES ];
    DWORD     keyHandle;
    KEY_BLOCK *kb, *kbFound;
    BYTE iVector[ IVECTOR_LENGTH ];

    /* find empty KEY_BLOCK inside DataBlock */
    kb = (*DataBlock)->keys;
    kbFound = NULL;

    for ( int i=0; i<MAXIMUM_NUMBER_OF_KEYS; i++, kb++ )
    {
        if ( getAttribute(kb->keyAttribute) == KATTRIBUTE_KEY_EMPTY )
        {
            kbFound = kb;
            break;
        }
    }

    memset( PoolBuffer, 0, POOL_SIZE_BYTES );

    if ( !kbFound ) return ERROR_NOT_ENOUGH_SPACE_FOR_KEY;

    /* copy encryption key to the KEY_BLOCK memory */
    memcpy( kbFound->key, Key, MAXIMUM_KEY_SIZE_BYTES );

    /* calculate digest of the key and save it in KEY_BLOCK */
    if ( !CalculateDigest( kbFound->key, MAXIMUM_KEY_SIZE_BYTES, 
                           kbFound->digest ) )
    {
        ShredData( kbFound->key, MAXIMUM_KEY_SIZE_BYTES );
        return ERROR_INVALID_ALGORITHM;
    }

    memcpy( iVector, kbFound->digest, IVECTOR_LENGTH );

    /*	We begin to encrypt file-container's encryption key 
        and its digest using storageKey.
        First of all, calculate storageKey from the password
     */
    if ( !GetStorageKeyFromPassword( Password, storageKey ) )
    {
        ShredData( kbFound->key, MAXIMUM_KEY_SIZE_BYTES );
        ShredData( kbFound->digest, MAXIMUM_DIGEST_SIZE_BYTES );
        ShredData( iVector, IVECTOR_LENGTH);
        return ERROR_INVALID_ALGORITHM;
    }

    /*	Load storageKey into the Algorithm driver and again, 
        the Pool must be filled by zeros, because we are going 
        to encrypt random data (Key) */
    if ( alg_make_key( Alg, storageKey, AlgKeyLength, 
                       PoolBuffer, &keyHandle ) )
    {
        ShredData( storageKey, MAXIMUM_KEY_SIZE_BYTES );
        ShredData( kbFound->key, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);
        ShredData( iVector, IVECTOR_LENGTH);
        return ERROR_INVALID_ALGORITHM;
    }

    /* Now we don't need in storageKey, because it is copied to the
       Algorithm Driver */
    ShredData( storageKey, MAXIMUM_KEY_SIZE_BYTES );

    /* encrypt the key and its digest copied to the KEY_BLOCK */
    if ( alg_encrypt( Alg, keyHandle, iVector, 
                      kbFound->key, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES) )
    {
        alg_free_key( Alg, keyHandle );
        ShredData( kbFound->key, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);
        ShredData( iVector, IVECTOR_LENGTH);
        return ERROR_INVALID_ALGORITHM;
    }

    /* erase storageKey from the Algorithm driver memory */
    alg_free_key( Alg, keyHandle );

    ShredData( iVector, IVECTOR_LENGTH);

    setAttribute( &(kbFound->keyAttribute), KeyAttribute );

    /* Check if Alternative Key Block is initialized. If no, initialize it */
    createAlternativeKeyBlock(  *DataBlock, Alg, AlgKeyLength, Key, PoolBuffer );

    if ( !DataBlockUpdateDigest( *DataBlock ) )
    {
        setAttribute( &(kbFound->keyAttribute), KATTRIBUTE_KEY_EMPTY );
        return ERROR_INTERNAL_PROBLEM;
    }

    return ERROR_NO;
}




/*******************************************************
 *
 * DataBlockAddPassword_Hidden()
 * - add new password for hidden part of container
 *
 *******************************************************/


DWORD DataBlockAddPassword_Hidden(
                                 DATA_BLOCK **DataBlock,
                                 DWORD      *DataSize,
                                 ALG_SERV    Alg,
                                 DWORD      AlgKeyLength,
                                 char       *Password,
                                 BYTE       *Key,
                                 DWORD      KeyAttribute, // in the current release we don't use the parameter
                                 BYTE       *PoolBuffer,
                                 DWORD      Offset,
                                 DWORD      *BusyMask
                                 )
{
    createAlternativeKeyBlock( *DataBlock, Alg, AlgKeyLength, Key, PoolBuffer );

    return DataBlockWriteKey_Hidden( *DataBlock, Alg, AlgKeyLength,
                                     Password, Key, KeyAttribute, PoolBuffer, 
                                     Offset, BusyMask, HIDDEN_POSITION_ANY );
}








/*******************************************************
 *
 * DataBlockRemoveAdditionalPassword()
 * - removes additional password for container
 *
 *******************************************************/

DWORD DataBlockRemoveAdditionalPassword(
                                       DATA_BLOCK *DataBlock,
                                       ALG_SERV   Alg,
                                       DWORD      AlgKeyLength,
                                       char       *Password,
                                       BYTE       *Key,
                                       BYTE       *PoolBuffer
                                       )
{
    KEY_BLOCK *kb, *kbFound;
    BYTE  storageKey[ MAXIMUM_KEY_SIZE_BYTES ];
    BYTE  keyAndDigest[ MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES ];
    BYTE  calculatedDigest[ MAXIMUM_DIGEST_SIZE_BYTES ];
    DWORD keyHandle, i;
    BYTE  iVector[ IVECTOR_LENGTH ];

    kb = DataBlock->keys;
    kbFound = NULL;

    /*  we fill the PoolBuffer with zeros, because 
        the buffers in the DataBlock we are going to decrypt 
        contain random data */

    /*	in the first part of the procedure we use the PoolBuffer
        to initialize encryption algorithm module with zeroed pools.
        In the second part we will place a correct decrypted pool 
        data to the PoolBuffer */

    memset( PoolBuffer, 0, POOL_SIZE_BYTES );

    for ( i=0; i<MAXIMUM_NUMBER_OF_KEYS; i++, kb++ )
    {
        if ( getAttribute(kb->keyAttribute) == KATTRIBUTE_KEY_EMPTY ) continue;

        /* Calculate encryption key for decrypting KEY_BLOCK */
        if ( !GetStorageKeyFromPassword( Password, storageKey ) )
            return ERROR_INVALID_ALGORITHM;

        /* Decrypt KEY_BLOCK kb */
        /* First, load storageKey into the Algorithm driver */
        if ( alg_make_key( Alg, storageKey, AlgKeyLength, 
                           PoolBuffer, &keyHandle ) )
            return ERROR_INVALID_ALGORITHM;

        /* Now we don't need in storageKey, because it is copied to the
           Algorithm Driver */
        ShredData( storageKey, MAXIMUM_KEY_SIZE_BYTES );

        /* decrypt the key and its digest copied to the KEY_BLOCK */
        memcpy( keyAndDigest, kb->key, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES );

        /* initialize iVector with any value.
           After first decrypting we will define it exactly */
        memset( iVector, 0, IVECTOR_LENGTH );

        /* first decryption */
        if ( alg_decrypt( Alg, keyHandle, iVector, 
                          keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES) )
        {
            alg_free_key( Alg, keyHandle );
            ShredData( keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);
            return ERROR_INVALID_ALGORITHM;
        }

        /* define Initial Vector */
        memcpy( iVector, &(keyAndDigest[MAXIMUM_KEY_SIZE_BYTES]), IVECTOR_LENGTH );

        /* second decryption with exact Initial Vector */
        memcpy( keyAndDigest, kb->key, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES );

        if ( alg_decrypt( Alg, keyHandle, iVector, 
                          keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES) )
        {
            alg_free_key( Alg, keyHandle );
            ShredData( keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);
            ShredData( iVector, IVECTOR_LENGTH);
            return ERROR_INVALID_ALGORITHM;
        }

        /* erase storageKey from the Algorithm driver memory */
        alg_free_key( Alg, keyHandle );

        /* calculate digest of the key and compare it with digest */
        if ( !CalculateDigest( keyAndDigest, MAXIMUM_KEY_SIZE_BYTES, 
                               calculatedDigest ) )
        {
            ShredData( keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);
            ShredData( iVector, IVECTOR_LENGTH);
            return ERROR_INVALID_ALGORITHM;
        }

        if ( memcmp( calculatedDigest, 
                     &(keyAndDigest[MAXIMUM_KEY_SIZE_BYTES]), 
                     SHA256_DIGEST_SIZE) == 0 )
        {
            kbFound = kb;
            break;
        }
    }

    if ( !kbFound )
    {
        ShredData( iVector, IVECTOR_LENGTH);
        return ERROR_INCORRECT_PASSWORD;
    }

    ShredData( keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES);

    if ( i == 0 )
    {
        return ERROR_MASTER_PASSWORD_ENTERED;
    }

    memcpy( kbFound, keyAndDigest, MAXIMUM_KEY_SIZE_BYTES + MAXIMUM_DIGEST_SIZE_BYTES );

    kbFound->keyAttribute = KATTRIBUTE_KEY_EMPTY;

    memcpy( Key, keyAndDigest, MAXIMUM_KEY_SIZE_BYTES );

    if ( !DataBlockUpdateDigest( DataBlock ) )
    {
        return ERROR_INTERNAL_PROBLEM;
    }

    return ERROR_NO;
}