private static byte[] GetPolicyBuffer(long fileSize, DRPolicyData policy, byte[] iv, byte[] encryptionKey)
{
MemoryStream ms = new MemoryStream();
BinaryWriter bw = new BinaryWriter(ms);
bw.Write(AES_VERIFICATION_KEY);
bw.Write((uint)(policy.AESFlags));
bw.Write(iv.Length);
bw.Write(iv);
bw.Write(encryptionKey.Length);
if (encryptionKey.Length < 32)
{
//the struture always keep 32 bytes for encryption key.
Array.Resize(ref encryptionKey, 32);
}
bw.Write(encryptionKey);
bw.Write(policy.CreationTime);
bw.Write(policy.ExpireTime);
bw.Write((uint)policy.AccessFlags);
bw.Write(fileSize);
bw.Write(policy.LengthOfIncludeProcessNames);
//the first offset lenght = current position + 13*4
// sizeof(OffsetOfIncludeProcessNames) + sizeof(OffsetOfExcludeProcessNames) + sizeof(LengthOfExcludeProcessNames)
// + sizeof(OffsetOfIncludeUserNames) + sizeof(LengthOfIncludeUserNames) + sizeof(OffsetOfExcludeUserNames) + sizeof(LengthOfExcludeUserNames)
// + sizeof(OffsetOfAccountName) + sizeof(LengthOfAccountName) + sizeof(OffsetOfComputerIds) + sizeof(LengthOfComputerIds)
// + sizeof(LengthOfUserPassword) + sizeof(OffsetOfUserPassword)
policy.OffsetOfIncludeProcessNames = (uint)ms.Length + 13 * 4;
bw.Write(policy.OffsetOfIncludeProcessNames);
bw.Write(policy.LengthOfExcludeProcessNames);
policy.OffsetOfExcludeProcessNames = policy.OffsetOfIncludeProcessNames + policy.LengthOfIncludeProcessNames;
bw.Write(policy.OffsetOfExcludeProcessNames);
bw.Write(policy.LengthOfIncludeUserNames);
policy.OffsetOfIncludeUserNames = policy.OffsetOfExcludeProcessNames + policy.LengthOfExcludeProcessNames;
bw.Write(policy.OffsetOfIncludeUserNames);
bw.Write(policy.LengthOfExcludeUserNames);
policy.OffsetOfExcludeUserNames = policy.OffsetOfIncludeUserNames + policy.LengthOfIncludeUserNames;
bw.Write(policy.OffsetOfExcludeUserNames);
bw.Write(policy.LengthOfAccountName);
policy.OffsetOfAccountName = policy.OffsetOfExcludeUserNames + policy.LengthOfExcludeUserNames;
bw.Write(policy.OffsetOfAccountName);
bw.Write(policy.LengthOfComputerIds);
policy.OffsetOfComputerIds = policy.OffsetOfAccountName + policy.LengthOfAccountName;
bw.Write(policy.OffsetOfComputerIds);
bw.Write(policy.LengthOfUserPassword);
policy.OffsetOfUserPassword = policy.OffsetOfComputerIds + policy.LengthOfComputerIds;
bw.Write(policy.OffsetOfUserPassword);
byte[] strBuffer;
if (policy.LengthOfIncludeProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfExcludeProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfIncludeUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.IncludeUserNames);
bw.Write(strBuffer);
}
if (policy.LengthOfExcludeUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ExcludeUserNames);
bw.Write(strBuffer);
}
if (policy.LengthOfAccountName > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AccountName);
bw.Write(strBuffer);
}
if (policy.LengthOfComputerIds > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ComputerIds);
bw.Write(strBuffer);
}
if (policy.LengthOfUserPassword > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UserPassword);
bw.Write(strBuffer);
}
byte[] AESBuffer = ms.ToArray();
//encrypt the access policy except the sizeOfAESData;
FilterAPI.AESEncryptDecryptBuffer(AESBuffer, 0, null, null);
return(AESBuffer);
}
/// <summary>
/// Create an encrypted file with embedded digital right policy, distribute the encrypted file via internet,
/// only the authorized users and processes can access the encrypted file.
/// </summary>
/// <param name="fileName"></param>
/// <param name="passPhrase"></param>
/// <param name="policy"></param>
/// <param name="lastError"></param>
/// <returns></returns>
public static bool EncryptFileWithEmbeddedDRPolicy(string sourceFileName, string destFileName, byte[] encryptIV, byte[] encryptKey, DRPolicyData policy, out string lastError)
{
bool ret = false;
FileStream fs = null;
lastError = string.Empty;
try
{
if (!File.Exists(sourceFileName))
{
lastError = sourceFileName + " doesn't exist.";
return(false);
}
FileInfo fileInfo = new FileInfo(sourceFileName);
long fileSize = fileInfo.Length;
byte[] AESBuffer = GetPolicyBuffer(fileSize, policy, encryptIV, encryptKey);
//encrypt the file with encryption key and a iv key.
ret = FilterAPI.AESEncryptFileToFile(sourceFileName, destFileName, (uint)encryptKey.Length, encryptKey, (uint)encryptIV.Length, encryptIV, false);
if (!ret)
{
lastError = "Create encrypt file " + destFileName + " failed with error:" + FilterAPI.GetLastErrorMessage();
return(ret);
}
fs = new FileStream(destFileName, FileMode.Append, FileAccess.Write, FileShare.Read);
//append the DR policy to the encrypted file.
fs.Write(AESBuffer, 0, AESBuffer.Length);
//append the sizeof the DR policy
fs.Write(BitConverter.GetBytes(AESBuffer.Length + 4), 0, 4);
}
catch (Exception ex)
{
ret = false;
lastError = "Encrypt file " + sourceFileName + " failed with error:" + ex.Message;
}
finally
{
if (null != fs)
{
fs.Close();
}
}
return(ret);
}
private static byte[] ConvertDRPolicyDataToByteArray(DRPolicyData policy)
{
MemoryStream ms = new MemoryStream();
BinaryWriter bw = new BinaryWriter(ms);
bw.Write(AES_VERIFICATION_KEY);
bw.Write((uint)(policy.AESFlags));
bw.Write(policy.IVLength);
bw.Write(policy.IV);
bw.Write(policy.EncryptionKeyLength);
bw.Write(policy.EncryptionKey);
bw.Write(policy.CreationTime);
bw.Write(policy.ExpireTime);
bw.Write((uint)policy.AccessFlags);
bw.Write(policy.FileSize);
bw.Write(policy.LengthOfAuthorizedProcessNames);
bw.Write(policy.LengthOfUnauthorizedProcessNames);
bw.Write(policy.LengthOfAuthorizedUserNames);
bw.Write(policy.LengthOfUnauthorizedUserNames);
bw.Write(policy.LengthOfAccountName);
bw.Write(policy.LengthOfComputerIds);
bw.Write(policy.LengthOfUserPassword);
byte[] strBuffer;
if (policy.LengthOfAuthorizedProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AuthorizedProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfUnauthorizedProcessNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UnauthorizedProcessNames);
bw.Write(strBuffer);
}
if (policy.LengthOfAuthorizedUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AuthorizedUserNames);
bw.Write(strBuffer);
}
if (policy.LengthOfUnauthorizedUserNames > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UnauthorizedUserNames);
bw.Write(strBuffer);
}
if (policy.LengthOfAccountName > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.AccountName);
bw.Write(strBuffer);
}
if (policy.LengthOfComputerIds > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.ComputerIds);
bw.Write(strBuffer);
}
if (policy.LengthOfUserPassword > 0)
{
strBuffer = UnicodeEncoding.Unicode.GetBytes(policy.UserPassword);
bw.Write(strBuffer);
}
//append the sizeof the DR policy
int sizeofDRDataArray = (int)ms.Length + 4;// the size of sizeofDRDataArray takes 4 bytes memory as a int data
bw.Write(sizeofDRDataArray);
byte[] AESBuffer = ms.ToArray();
return(AESBuffer);
}
