9 | Please read the “license.doc” to get enough copyright information first. If you do not agree with this license term, please don’t use any software provided by ETEFS.COM.
10 |
11 | ## 1 Introduction
12 | ETEFS_Mini is a transparent file encryption SDK based on minifilter technology. It runs in ring 0 mode. ETEFS_Mini can encrypt those files containing sensitive data generated by the selected applications, such as Microsoft Word, Excel and Power Point. All files are stored in encrypted form on the disk. The encryption progress is executed at background on-the-fly, and does not change the normal operation behavior of the end user. It is easy to integrate ETEFS_Mini into your software product in a short development cycle. Besides of the core transparent file encryption functionality, ETEFS_Mini also provides some extension functionalities that are very useful in developing data security related software product, including a file access control module and an operation event monitor module. With the help of ETEFS_Mini, software developers can rapidly build various document security products from scratch, like DLP (Data Loss Prevent) system, document right management system and document operation auditing system, etc.
13 | ## 2 Product Benefits
14 |
15 | ### Easy to use
16 | The API set of ETEFS_Mini is comprised of several functions programming in “C” language exported by a DLL library. By using these functions, it’s very easy to build a basic transparent file encryption system. These API functions can also be called from other programming language, like “C#” and “VB”.
17 | ### Easy to extend
18 | To add file encryption support for a new application is also very easy. ETEFS_Mini provides two functions to support adding and deleting the file encryption policy. ETEFS_Mini can support most common applications by sending correct policy.
19 | ### Provides useful extension modules
20 | ETEFS_Mini includes a file access control module and an operation event monitor module. The file access control module is used to restrict the operation on the currently opened file issued by the user according to the access control policy. The operation event monitor is used to capture the user’s action on the encrypted file, such as “file opened” and “file closed” event, etc.
21 | ### Cut down the development cycle
22 | Developing a driver is difficult. Developing a file system driver is even more difficult. If you want to create an engine from scratch, this may take a long development cycle and cause the loss of the marketing.
23 | ## 3 System Architecture
24 | The following diagram shows the architecture of ETEFS_Mini:
25 |
26 | 
27 | ### Applications
28 | The applications diagram represents the selected executable to be encrypted, such as Microsoft Word, Excel and Power Point. The document files generated by these applications will be encrypted automatically.
29 |
30 | ### Control program
31 | The control program diagram represents the process sending the policy to the transparent file encryption system core and receiving the file operation event log. If this program exits, all policy set by it will not take effect.
32 |
33 | ### Policy configuration
34 | The policy configuration diagram represents the module that receives the policy from control program. It stores the policy data to a file mapping object. Other modules can get the corresponding policy by reading the file mapping object.
35 |
36 | ### Event report
37 | The event report module receives the operation log data from the capture module and pushes these log data to the control program. It uses the named pipe as the data transport mechanism.
38 |
39 | ### File event capture and access control
40 | The functionality of this module has been described in chapter 2.
41 |
42 | ### Transparent file encryption core
43 | This is the key component of ETEFS_Mini. It implements transparent file encryption by a file system minifilter driver. It decrypts data while an application loads data from disk and encrypts data while an application writes data to disk.
44 |
45 | ## 4 Product Features
46 | ### Suport for encryption with per process access restriction
47 | To create a minifilter encryption driver is not easy, to create a driver support encryption with process access restriction
48 | is more complicated. ETEFS_Mini does support this feature. ETEFS_Mini does not use file redirection or hidden files to suport
49 | this feature. All I/O requests operate on the same raw on-disk file. There are two cache views for the encrypted files,
50 | plain data cache for trusted process, encrypted data cache for untrusted process.
51 |
52 | ### Adding an extra file header per each encrypted file
53 | ETEFS_Mini supports adding a file header data stream at the front of the encrypted file. One part of this data area is reserved by ETEFS_Mini, another part can be used by user of ETEFS_Mini freely.
54 |
55 | ### Implementing in kernel mode
56 | The core module of ETEFS_Mini is implemented in kernel mode. The minfilter framework is highly recommended by Microsoft. It is very convenient to intercept the file I/O requests and insert encryption module on file system stack.
57 |
58 | ### Random file encryption key
59 | ETEFS_Mini supports the random file encryption key mechanism. After enable this feature, ETEFS_Mini will allocate a random file encryption key for each file. Using this method to encrypt file is much more safety than using fixed file encryption key.
60 |
61 | ### Custom data binding
62 | ETEFS_Mini adds an extended file header data to each encrypted file. A part of this header data is reservedly used by ETEFS_Mini itself to save some basic information about encryption. Another part of this header data is free for developer. Once this area of header data is set by the developer, it is firmly bind to the encrypted file forever by ETEFS_Mini. While editing the file, this custom data is still bonded with the encrypted file. The kind of data can be used to save the extended control information for the encrypted file.
63 |
64 | ### Manually encryption (on-the-fly decrypt only)
65 | By default, once an unencrypted file is opened by a user, it will be encrypted by ETEFS_Mini automatically. If the developer enables “manually encryption” policy, ETEFS_Mini will not encrypt the file automatically. Users must use the encryption tools, for example a shell menu item, provided by the developer to convert the file into encrypted state.
66 |
67 | ### Encryption on Save-as
68 | When a user saves a currently opened file to a new file, the newly created file will be encrypted by ETEFS_Mini if the currently opened file is encrypted. This mechanism is used to keep the file containing sensitive data is always in encrypted state.
69 |
70 | ### File operation event capture
71 | ETEFS_Mini supports capturing common file operation event, such as “open”, “close “and “print” etc.
72 |
73 |
74 |
75 |
--------------------------------------------------------------------------------
/src/UsingSDK/UsingSDKDlg.cpp:
--------------------------------------------------------------------------------
1 |
2 | #include "stdafx.h"
3 | #include "UsingSDK.h"
4 | #include "UsingSDKDlg.h"
5 |
6 | #ifdef _DEBUG
7 | #define new DEBUG_NEW
8 | #endif
9 |
10 | class CAboutDlg : public CDialog
11 | {
12 | public:
13 | CAboutDlg();
14 |
15 | enum { IDD = IDD_ABOUTBOX };
16 |
17 | protected:
18 | virtual void DoDataExchange(CDataExchange* pDX);
19 |
20 | protected:
21 | DECLARE_MESSAGE_MAP()
22 | };
23 |
24 | CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
25 | {
26 | }
27 |
28 | void CAboutDlg::DoDataExchange(CDataExchange* pDX)
29 | {
30 | CDialog::DoDataExchange(pDX);
31 | }
32 |
33 | BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
34 | END_MESSAGE_MAP()
35 |
36 |
37 | CUsingSDKDlg::CUsingSDKDlg(CWnd* pParent /*=NULL*/)
38 | : CDialog(CUsingSDKDlg::IDD, pParent)
39 | {
40 | m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
41 | }
42 |
43 | void CUsingSDKDlg::DoDataExchange(CDataExchange* pDX)
44 | {
45 | CDialog::DoDataExchange(pDX);
46 | DDX_Control(pDX, IDC_LIST1, m_ListCtrl);
47 | }
48 |
49 | BEGIN_MESSAGE_MAP(CUsingSDKDlg, CDialog)
50 | ON_WM_SYSCOMMAND()
51 | ON_WM_PAINT()
52 | ON_WM_QUERYDRAGICON()
53 | //}}AFX_MSG_MAP
54 | ON_BN_CLICKED(IDC_BUTTON_LOAD_POLICY, &CUsingSDKDlg::OnBnClickedButtonLoadPolicy)
55 | ON_BN_CLICKED(IDC_BUTTON_UNLOAD_POLICY, &CUsingSDKDlg::OnBnClickedButtonUnloadPolicy)
56 | END_MESSAGE_MAP()
57 |
58 |
59 |
60 | BOOL CUsingSDKDlg::OnInitDialog()
61 | {
62 | CDialog::OnInitDialog();
63 | m_bStarted = FALSE;
64 |
65 | ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
66 | ASSERT(IDM_ABOUTBOX < 0xF000);
67 |
68 | CMenu* pSysMenu = GetSystemMenu(FALSE);
69 | if (pSysMenu != NULL)
70 | {
71 | BOOL bNameValid;
72 | CString strAboutMenu;
73 | bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
74 | ASSERT(bNameValid);
75 | if (!strAboutMenu.IsEmpty())
76 | {
77 | pSysMenu->AppendMenu(MF_SEPARATOR);
78 | pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
79 | }
80 | }
81 |
82 | SetIcon(m_hIcon, TRUE);
83 | SetIcon(m_hIcon, FALSE);
84 |
85 |
86 | GetDlgItem(IDC_BUTTON_LOAD_POLICY)->EnableWindow(TRUE);
87 | GetDlgItem(IDC_BUTTON_UNLOAD_POLICY)->EnableWindow(FALSE);
88 |
89 |
90 | LONG lStyle,dwStyle;
91 | lStyle = GetWindowLong(m_ListCtrl.m_hWnd, GWL_STYLE);
92 | lStyle &= ~LVS_TYPEMASK;
93 | lStyle |= LVS_REPORT;
94 | SetWindowLong(m_ListCtrl.m_hWnd, GWL_STYLE, lStyle);
95 |
96 | dwStyle = m_ListCtrl.GetExtendedStyle();
97 | dwStyle |= LVS_EX_FULLROWSELECT;
98 | m_ListCtrl.SetExtendedStyle(dwStyle);
99 |
100 | m_ListCtrl.InsertColumn(0, _T("Event Name"), LVCFMT_LEFT, 100);
101 | m_ListCtrl.InsertColumn(1, _T("Data"), LVCFMT_LEFT, 280);
102 |
103 | BOOL bStarted = FALSE;
104 | if( GetStartFiltering(&bStarted) != ERR_SUCCESS )
105 | {
106 | AfxMessageBox(_T("Cann't open minifilter driver,please reinstall ETEFS_Mini."));
107 | return TRUE;
108 | }
109 |
110 | return TRUE;
111 | }
112 |
113 | void CUsingSDKDlg::OnSysCommand(UINT nID, LPARAM lParam)
114 | {
115 | if ((nID & 0xFFF0) == IDM_ABOUTBOX)
116 | {
117 | CAboutDlg dlgAbout;
118 | dlgAbout.DoModal();
119 | }
120 | else
121 | {
122 | CDialog::OnSysCommand(nID, lParam);
123 | }
124 | }
125 |
126 | void CUsingSDKDlg::OnPaint()
127 | {
128 | if (IsIconic())
129 | {
130 | CPaintDC dc(this);
131 |
132 | SendMessage(WM_ICONERASEBKGND, reinterpret_cast(dc.GetSafeHdc()), 0);
133 |
134 | int cxIcon = GetSystemMetrics(SM_CXICON);
135 | int cyIcon = GetSystemMetrics(SM_CYICON);
136 | CRect rect;
137 | GetClientRect(&rect);
138 | int x = (rect.Width() - cxIcon + 1) / 2;
139 | int y = (rect.Height() - cyIcon + 1) / 2;
140 |
141 | dc.DrawIcon(x, y, m_hIcon);
142 | }
143 | else
144 | {
145 | CDialog::OnPaint();
146 | }
147 | }
148 |
149 | HCURSOR CUsingSDKDlg::OnQueryDragIcon()
150 | {
151 | return static_cast(m_hIcon);
152 | }
153 |
154 |
155 | void CUsingSDKDlg::OnBnClickedButtonLoadPolicy()
156 | {
157 | {
158 | char szKey[] = "0123456789012345";
159 |
160 | SetStartFiltering(TRUE);
161 | SetDriverCryptConfig( CIPHER_ID_XTEA, szKey, 16 );
162 | SetRandomKeyMode(FALSE);
163 | SetCustomDataResident(1);
164 |
165 |
166 | LoadWordPolicy( );
167 | LoadExcelPolicy( );
168 | LoadNotepadPolicy();
169 | LoadPPTPolicy();
170 | }
171 |
172 |
173 | {
174 | CreateFileEventServer(&m_FileEventServer);
175 | m_FileEventServer->Startup( this);
176 | }
177 |
178 |
179 | {
180 | StartControlModule();
181 | SetEventReportValue(TRUE);
182 | SetPrivilegeControlValue(TRUE);
183 | }
184 |
185 |
186 | GetDlgItem(IDC_BUTTON_LOAD_POLICY)->EnableWindow( FALSE );
187 | GetDlgItem(IDC_BUTTON_UNLOAD_POLICY)->EnableWindow(TRUE);
188 |
189 | m_bStarted = TRUE;
190 |
191 | }
192 |
193 | void CUsingSDKDlg::OnBnClickedButtonUnloadPolicy()
194 | {
195 | SetEventReportValue(FALSE);
196 | SetPrivilegeControlValue(FALSE);
197 |
198 | StopControlModule();
199 |
200 | UnloadNotepadPolicy();
201 | UnloadWordpadPolicy();
202 | UnloadPPTPolicy();
203 |
204 | SetStartFiltering(FALSE);
205 |
206 | delete m_FileEventServer;
207 |
208 | GetDlgItem(IDC_BUTTON_LOAD_POLICY)->EnableWindow( TRUE );
209 | GetDlgItem(IDC_BUTTON_UNLOAD_POLICY)->EnableWindow(FALSE);
210 |
211 | m_bStarted = FALSE;
212 | }
213 |
214 | void CUsingSDKDlg::OnCancel()
215 | {
216 | if( m_bStarted )
217 | {
218 | AfxMessageBox(_T("Please unload polices."));
219 | return;
220 | }
221 |
222 | __super::OnCancel();
223 | }
224 |
225 |
226 | DWORD CUsingSDKDlg::OnFileEvent(PFILE_EVENT_PACKET pFileEventPacket)
227 | {
228 |
229 | int nItemCount = m_ListCtrl.GetItemCount();
230 | DWORD dwRet = FE_SUCCESS;
231 |
232 | switch(pFileEventPacket->dwEventID )
233 | {
234 | case EVENT_ID_FILE_QUERY_PRIVILEGE:
235 | {
236 | BOOL bUseCustomData = FALSE;
237 |
238 | pFileEventPacket->QueryPrivilege.Privilege.bDisableWrite = FALSE;
239 | pFileEventPacket->QueryPrivilege.Privilege.bDisableCopyToClipboard = FALSE;
240 | pFileEventPacket->QueryPrivilege.Privilege.bDisableDrag = FALSE;
241 | pFileEventPacket->QueryPrivilege.Privilege.bDisableOpen = FALSE;
242 | pFileEventPacket->QueryPrivilege.Privilege.bDisablePrint = FALSE;
243 | pFileEventPacket->QueryPrivilege.Privilege.bDisableSaveAs = FALSE;
244 |
245 | pFileEventPacket->dwStatusCode = FE_SUCCESS;
246 |
247 |
248 | m_ListCtrl.InsertItem(nItemCount, L"QUERY_PRIVILEGE");
249 | m_ListCtrl.SetItemText(nItemCount, 1, pFileEventPacket->QueryPrivilege.wszSrcFileName);
250 | }
251 | break;
252 |
253 | case EVENT_ID_FILE_OPEN_FROM_API:
254 | {
255 | m_ListCtrl.InsertItem(nItemCount, L"OPEN_FROM_API");
256 | m_ListCtrl.SetItemText(nItemCount, 1, pFileEventPacket->FileOpenFromApi.wszSrcFileName);
257 | }
258 | break;
259 |
260 |
261 | case EVENT_ID_FILE_PRINT:
262 | {
263 | m_ListCtrl.InsertItem(nItemCount, L"PRINT");
264 | m_ListCtrl.SetItemText(nItemCount, 1, pFileEventPacket->FilePrint.wszSrcFileName);
265 | }
266 | break;
267 |
268 | default:
269 | {
270 |
271 | }
272 | break;
273 |
274 | }
275 |
276 | return dwRet;
277 | }
278 |
279 |
--------------------------------------------------------------------------------
/src/UsingSDK/UsingSDK.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Debug
10 | x64
11 |
12 |
13 | Release
14 | Win32
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 | Template
22 | Win32
23 |
24 |
25 | Template
26 | x64
27 |
28 |
29 |
30 | {A8A79B39-F40F-4CAE-973C-75FF859451BE}
31 | UsingSDK
32 | MFCProj
33 |
34 |
35 |
36 | Application
37 | Static
38 | Unicode
39 | true
40 |
41 |
42 | Application
43 | Static
44 | Unicode
45 |
46 |
47 | Application
48 |
49 |
50 | Application
51 | Static
52 | Unicode
53 | true
54 |
55 |
56 | Application
57 | Static
58 | Unicode
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 | <_ProjectFileVersion>10.0.40219.1
81 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
82 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
83 | false
84 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
85 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
86 | false
87 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
88 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
89 | false
90 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
91 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
92 | false
93 | AllRules.ruleset
94 |
95 |
96 | AllRules.ruleset
97 |
98 |
99 | AllRules.ruleset
100 |
101 |
102 | AllRules.ruleset
103 |
104 |
105 | AllRules.ruleset
106 |
107 |
108 | AllRules.ruleset
109 |
110 |
111 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
112 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
113 | $(SolutionDir)..\bin\$(PlatformName)\$(Configuration)\
114 | $(SolutionDir)..\obj\$(ProjectName)\$(PlatformName)\$(Configuration)\
115 |
116 |
117 |
118 | _DEBUG;%(PreprocessorDefinitions)
119 | false
120 | true
121 |
122 |
123 | Disabled
124 | WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)
125 | true
126 | EnableFastChecks
127 | MultiThreadedDebug
128 | Use
129 | Level3
130 | ProgramDatabase
131 |
132 |
133 | _DEBUG;%(PreprocessorDefinitions)
134 | 0x0804
135 | $(IntDir);%(AdditionalIncludeDirectories)
136 |
137 |
138 | true
139 | $(TargetDir)\pdb\$(TargetName).pdb
140 | Windows
141 | MachineX86
142 | $(SolutionDir)\..\bin\$(Platform)\$(Configuration)\lib
143 | CommRtl.lib;ofetapi.lib;ofetctrl.lib;FileEvent.lib;%(AdditionalDependencies)
144 |
145 |
146 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
147 |
148 |
149 |
150 |
151 | _DEBUG;%(PreprocessorDefinitions)
152 | false
153 | X64
154 |
155 |
156 | Disabled
157 | WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)
158 | true
159 | EnableFastChecks
160 | MultiThreadedDebug
161 | Use
162 | Level3
163 | ProgramDatabase
164 |
165 |
166 | _DEBUG;%(PreprocessorDefinitions)
167 | 0x0804
168 | $(IntDir);%(AdditionalIncludeDirectories)
169 |
170 |
171 | true
172 | $(TargetDir)\pdb\$(TargetName).pdb
173 | Windows
174 | MachineX64
175 | CommRtl.lib;ofetapi.lib;ofetctrl.lib;FileEvent.lib;%(AdditionalDependencies)
176 | $(SolutionDir)\..\bin\$(Platform)\$(Configuration)\lib
177 |
178 |
179 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
180 |
181 |
182 |
183 |
184 | NDEBUG;%(PreprocessorDefinitions)
185 | false
186 | true
187 |
188 |
189 | MaxSpeed
190 | true
191 | WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)
192 | false
193 | MultiThreaded
194 | true
195 | Use
196 | Level3
197 | ProgramDatabase
198 |
199 |
200 | NDEBUG;%(PreprocessorDefinitions)
201 | 0x0804
202 | $(IntDir);%(AdditionalIncludeDirectories)
203 |
204 |
205 | CommRtl.lib;ofetapi.lib;ofetctrl.lib;FileEvent.lib;%(AdditionalDependencies)
206 | $(SolutionDir)\..\bin\$(Platform)\$(Configuration)\lib;%(AdditionalLibraryDirectories)
207 | true
208 | $(TargetDir)\pdb\$(TargetName).pdb
209 | Windows
210 | true
211 | true
212 | $(TargetDir)lib\$(TargetName).lib
213 | MachineX86
214 |
215 |
216 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
217 |
218 |
219 |
220 |
221 | NDEBUG;%(PreprocessorDefinitions)
222 | false
223 | X64
224 |
225 |
226 | MaxSpeed
227 | true
228 | WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)
229 | false
230 | MultiThreaded
231 | true
232 | Use
233 | Level3
234 | ProgramDatabase
235 |
236 |
237 | NDEBUG;%(PreprocessorDefinitions)
238 | 0x0804
239 | $(IntDir);%(AdditionalIncludeDirectories)
240 |
241 |
242 | CommRtl.lib;ofetapi.lib;ofetctrl.lib;FileEvent.lib;%(AdditionalDependencies)
243 | $(SolutionDir)\..\bin\$(Platform)\$(Configuration)\lib;%(AdditionalLibraryDirectories)
244 | true
245 | $(TargetDir)\pdb\$(TargetName).pdb
246 | Windows
247 | true
248 | true
249 | MachineX64
250 |
251 |
252 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
253 |
254 |
255 |
256 |
257 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
258 |
259 |
260 |
261 |
262 | $(IntermediateOutputPath)\$(MSBuildProjectName).log
263 |
264 |
265 |
266 |
267 | Create
268 | Create
269 | Create
270 | Create
271 |
272 |
273 |
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 |
282 |
283 |
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 | {6c77ca66-3d5e-465e-9417-758922e1ed4e}
293 | false
294 |
295 |
296 | {db79ee9b-bf1a-46af-b685-107665371521}
297 | false
298 |
299 |
300 | {acd76204-736d-4819-8480-4e89e7af5a4c}
301 | false
302 |
303 |
304 | {f48f9c31-6d3a-4090-a38c-1c2731695316}
305 | false
306 |
307 |
308 | {5d1ef382-27a8-4ecb-85f3-b6182e018a69}
309 | false
310 |
311 |
312 | {e3c48892-e7b5-4cb0-a14a-ad52e5de2cdb}
313 | false
314 |
315 |
316 | {5c3eecb7-303f-4e90-8ec2-ad351e1979b7}
317 | false
318 |
319 |
320 | {032080aa-b9ec-49f7-8862-c8e1c79f2cb8}
321 | false
322 |
323 |
324 |
325 |
326 |
327 |
328 |
329 |
330 |
331 |
332 |
--------------------------------------------------------------------------------