| 719 | |
| 720 | |
| 721 | bool CryptConfig::encrypt_key(const wchar_t* password, const BYTE* masterkey, string& base64encryptedmasterkey, string& scryptSalt, wstring& error_mes) |
| 722 | { |
| 723 | bool bRet = true; |
| 724 | |
| 725 | shared_ptr<EVP_CIPHER_CTX> context = nullptr; |
| 726 | |
| 727 | unsigned char* encrypted_key = nullptr; |
| 728 | |
| 729 | LockZeroBuffer<unsigned char> pwkey(MASTER_KEY_LEN, false); |
| 730 | LockZeroBuffer<unsigned char> pwkeyHKDF(MASTER_KEY_LEN, false); |
| 731 | |
| 732 | if (!pwkey.IsLocked() || !pwkeyHKDF.IsLocked()) { |
| 733 | error_mes = LocUtils::GetStringFromResources(IDS_PWKEY_NOT_LOCKED); |
| 734 | return false; |
| 735 | } |
| 736 | |
| 737 | try { |
| 738 | |
| 739 | if (masterkey) { |
| 740 | if (m_pKeyBuf) { |
| 741 | error_mes = LocUtils::GetStringFromResources(IDS_MASTER_KEY_ALREADY_SET); |
| 742 | return false; |
| 743 | } |
| 744 | |
| 745 | m_pKeyBuf = new LockZeroBuffer<unsigned char>(DEFAULT_KEY_LEN, false); |
| 746 | |
| 747 | if (!m_pKeyBuf->IsLocked()) { |
| 748 | error_mes = LocUtils::GetStringFromResources(IDS_CANNOT_LOCK_KEY_BUFFER); |
| 749 | throw(-1); |
| 750 | } |
| 751 | |
| 752 | m_keybuf_manager.RegisterBuf(m_pKeyBuf); |
| 753 | |
| 754 | memcpy(m_pKeyBuf->m_buf, masterkey, DEFAULT_KEY_LEN); |
| 755 | } |
| 756 | |
| 757 | m_encrypted_key_salt.resize(SALT_LEN); |
| 758 | |
| 759 | if (!get_sys_random_bytes(&m_encrypted_key_salt[0], SALT_LEN)) { |
| 760 | error_mes = LocUtils::GetStringFromResources(IDS_FAILED_GET_RANDOM); |
| 761 | throw(-1); |
| 762 | } |
| 763 | |
| 764 | LockZeroBuffer<char> utf8pass(256, false); |
| 765 | if (!utf8pass.IsLocked()) { |
| 766 | error_mes = LocUtils::GetStringFromResources(IDS_UTF8PASS_NOT_LOCKED); |
| 767 | return false; |
| 768 | } |
| 769 | |
| 770 | if (!unicode_to_utf8(password, utf8pass.m_buf, utf8pass.m_len - 1)) { |
| 771 | error_mes = LocUtils::GetStringFromResources(IDS_CANNOT_CONVERT_PASS_UTF8); |
| 772 | throw(-1); |
| 773 | } |
| 774 | |
| 775 | |
| 776 | int result = EVP_PBE_scrypt(utf8pass.m_buf, strlen(utf8pass.m_buf), &m_encrypted_key_salt[0], |
| 777 | m_encrypted_key_salt.size(), m_N, m_R, m_P, scrypt_mem(), pwkey.m_buf, |
| 778 | GetMasterKeyLength()); |
no test coverage detected