Add EMV functionality (#1080)

* Add basic strcture needed for EMV implementation * Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL * Refactor IccExtractor Structure * Fix Makefile * fix include file * move global variables from h to c * revert to memcpy * fix icc data recovery functions * Add EMV functionalities on windows * Make EMVToken structures like SecurityToken * Define constants instead of hard coded values * Token structures created with inheritance * refactor TokenKeyfile to use inherit. + polymor. * add Token.h + Token.cpp in modules in VS2010 * Add a comment at each use of SecurityToken class or objects * SecurityTokenKeyfilesDialog preparation * Implemennt GetAvailableTokens in Token class on windows * merge * up (patching for Windows) * foreach Token.cpp corrected * Display EMV keyfiles on first window in graphic interface * Add token to Windows UI * EMVToken selection on OKButton on Linux * Keyfile.cpp optimization * Move getKeyfileData in the token class * EMV::Token GetAvailableKeyfiles() base * Move getKeyfileData in the token class on unix * Remove test comments * Warnings resolved * RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected * Adding new files * Remove old files and add the new version to the windows project * Change make_shared to shared_ptr constructor * IccExtractor integration working on linux * Throwing card not EMV execption * catch error when not EMV type in EMVToken::GetAvailableKeyfiles * Change types to compile on windows * list all keyfiles, security keyfiles and emv keyfiles in command line * Change type to be coherent and remove old todo comments * Remove todo comments * Change indentation and resolve a bug from previous commit * Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux * Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected * Remove SlotId from TokenInfo as it is already in Token * Correct errors on Linux * Disable delete option if one EMV Token is selected on Linux * Fix bug enabling delete button if nothing is selected * emv data used as reference then burnt * use of normal files in linux corrected * help updated * help updated for export functionnality * option EMV added to graphic interface but not yet working * Bug fix : Allow to use multiple EMV on windows * EMV Option added to UserPreferences * EMV Option working for Linux * EMV option added to Windows (not working yet) * [NOT TESTED] EMV option for Windows * Working EMV option on Windows * EMV Option for data extraction working for volume creation * EMV Option for data extraction working for Mount * EMV Option for data extraction working for mounting favorites volumes * EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume * Windows : re-checking EMV Option when getting data * Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more * Changing EMV errors - Only throwing ICCExtractionException from outside of the ICC module. - Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException - Deleting APDU exceptions. * First version of the documentation * Adding function pointers for winscard library (but it crashes VeraCrypt) * Debugging function pointers * The import of the library on windows work as expected now * Reverting EMVToken.cpp changes used to test to library import * Searching for the System32 path instead of hard codding it * Fixing the bug were VeraCrypt crashes if there is no readers when "add Token files" is clicked * Winscard library not initialized in object constructor anymore to delay it after EMVOption check * Remove winscard lib from windows dependencies * Properly displaying errors * Adding a dot in Language.xml * Catching TLVException * Removing unused code * Remove unusefull comments * Trying to fix 0x1f error * Update IccDataExtractor.cpp * Delete History.xml * Fix get data without get pan * Cleanup code * changes for linux compilation but linking not working * error handling for linux * erasing emv data * Burn PAN * Burn PAN from memory * Uncomment selfcheck before merging master * burn corrected * EMV errors handling for Linux * EMV working for Linux CLI * Doc : Winscard Linux package and VeraCrypt versions --------- Co-authored-by: doriandu45 <d45.poubelle@gmail.com> Co-authored-by: red4game <redemgaiming@gmail.com> Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr> Co-authored-by: vocthor <pieceo108@gmail.com> Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com> Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr> Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com> Co-authored-by: francoisLEROUX <francois3443@gmail.com>
author: mmauv <99472743+mmauv@users.noreply.github.com> 2023-06-28 22:51:43 +0200
committer: GitHub <noreply@github.com> 2023-06-28 22:51:43 +0200
commit: 502ab9112a7624dbd7c1c90c2e12ed45512b8b3c (patch)
tree: 951e70be174df6f1d214f37e5ca10c49519b7d73 /src/Common/IccDataExtractor.cpp
parent: f4e109afcfcdd7ad067158b66d08787f371a6bc4 (diff)
download: VeraCrypt-502ab9112a7624dbd7c1c90c2e12ed45512b8b3c.tar.gz
VeraCrypt-502ab9112a7624dbd7c1c90c2e12ed45512b8b3c.zip
1 files changed, 777 insertions, 0 deletions
diff --git a/src/Common/IccDataExtractor.cpp b/src/Common/IccDataExtractor.cpp
new file mode 100644
index 00000000..d98bc360
--- /dev/null
+++ b/src/Common/IccDataExtractor.cpp
@@ -0,0 +1,777 @@
+//
+// Created by bshp on 1/14/23.
+//
+
+#include "IccDataExtractor.h"
+
+#if !defined (TC_WINDOWS) || defined (TC_PROTOTYPE)
+#	include "Platform/SerializerFactory.h"
+#	include "Platform/StringConverter.h"
+#	include "Platform/SystemException.h"
+#else
+#	include "Dictionary.h"
+#	include "Language.h"
+#endif
+
+#include "Tcdefs.h"
+
+namespace VeraCrypt
+{
+
+
+	#ifdef TC_WINDOWS
+	bool VeraCrypt::IccDataExtractor::Initialized;
+	#endif
+	//using namespace std;
+	const BYTE IccDataExtractor::SELECT_MASTERCARD[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 0x04, 0x10, 0x10};
+	const BYTE IccDataExtractor::SELECT_VISA[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 0x03, 0x10, 0x10};
+	const BYTE IccDataExtractor::SELECT_AMEX[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 00, 0x25, 0x10};
+	const BYTE * IccDataExtractor::SELECT_TYPES[]={SELECT_MASTERCARD,  SELECT_VISA, SELECT_AMEX};
+
+	IccDataExtractor::IccDataExtractor(){}
+
+	IccDataExtractor::~IccDataExtractor(){
+		/* Disconnect card if connected */
+		if(hCard){
+			#ifdef TC_WINDOWS
+			WSCardDisconnect(hContext,hCard);
+			#else
+			SCardDisconnect(hContext,hCard);
+			#endif
+		}
+		/* Release memory that has been returned from the resource manager using the SCARD_AUTOALLOCATE length
+		* designator*/
+		if (mszReaders){
+			#ifdef TC_WINDOWS
+			WSCardFreeMemory(hContext, mszReaders);
+			#else
+			SCardFreeMemory(hContext, mszReaders);
+			#endif
+		}
+
+		/* Closing the established resource manager context freeing any resources allocated under that context
+		* including SCARDHANDLE objects and memory allocated using the SCARD_AUTOALLOCATE length designator*/
+		if(hContext){
+			#ifdef TC_WINDOWS
+			WSCardReleaseContext(hContext);
+			#else
+			SCardReleaseContext(hContext);
+			#endif
+		}
+
+		/* Freeing winscard library */
+		#ifdef TC_WINDOWS
+		FreeLibrary(WinscardLibraryHandle);
+		#endif
+	}
+
+	#ifdef TC_WINDOWS
+	void IccDataExtractor::InitLibrary(){
+
+		if(Initialized) return;
+
+		/* Getting the System32 directory */
+		char sysDir[MAX_PATH-20];
+		GetSystemDirectoryA(sysDir, MAX_PATH);
+		
+		/* Getting the winscard dll path directory */
+		char winscardPath[MAX_PATH];
+		sprintf_s(winscardPath, "%s\\Winscard.dll", sysDir);
+
+		/* Loading the winscard dll from System32 */
+		WinscardLibraryHandle = LoadLibraryA(winscardPath);
+		throw_sys_if(!WinscardLibraryHandle);
+
+		/* Fetching the functions pointers from the dll */
+		WSCardEstablishContext = (SCardEstablishContextPtr) GetProcAddress(WinscardLibraryHandle,"SCardEstablishContext");
+		if(!WSCardEstablishContext) throw WinscardLibraryNotInitialized();
+
+		WSCardReleaseContext= (SCardReleaseContextPtr) GetProcAddress(WinscardLibraryHandle,"SCardReleaseContext");
+		if(!WSCardReleaseContext) throw WinscardLibraryNotInitialized();
+
+		WSCardConnectA = (SCardConnectAPtr) GetProcAddress(WinscardLibraryHandle,"SCardConnectA");
+		if(!WSCardConnectA) throw WinscardLibraryNotInitialized();
+
+		WSCardDisconnect = (SCardDisconnectPtr) GetProcAddress(WinscardLibraryHandle,"SCardDisconnect");
+		if(!WSCardDisconnect) throw WinscardLibraryNotInitialized();
+
+		WSCardFreeMemory = ( SCardFreeMemoryPtr) GetProcAddress(WinscardLibraryHandle,"SCardFreeMemory");
+		if(!WSCardFreeMemory) throw WinscardLibraryNotInitialized();
+
+		WSCardListReadersA =  (SCardListReadersAPtr) GetProcAddress(WinscardLibraryHandle,"SCardListReadersA");
+		if(!WSCardListReadersA) throw WinscardLibraryNotInitialized();
+
+		WSCardTransmit = ( SCardTransmitPtr) GetProcAddress(WinscardLibraryHandle,"SCardTransmit");
+		if(!WSCardTransmit) throw WinscardLibraryNotInitialized();
+
+		Initialized = true;
+		
+	}
+	#endif
+
+	/* Establishing the resource manager context (the scope) within which database operations are performed.
+	* The module of the smart card subsystem that manages access to multiple readers and smart cards. The
+	* resource manager identifies and tracks resources, allocates readers and resources across multiple
+	* applications,and supports transaction primitives for accessing services available on a given card.*/
+	int IccDataExtractor::EstablishRSContext(){
+		
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
+		#else
+		LONG returnValue = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
+		#endif
+
+		/* Check if the establishment of the context was unsuccessful  */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		return EXIT_SUCCESS;
+	}
+
+	/* Detecting available readers and filling the reader table */
+	unsigned long IccDataExtractor::GetReaders(){
+
+		#ifdef TC_WINDOWS
+		if(!Initialized) 
+			throw WinscardLibraryNotInitialized();
+		#endif 
+
+		EstablishRSContext();
+
+		/* Length of the mszReaders buffer in characters. If the buffer length is specified as
+		* SCARD_AUTOALLOCATE, then mszReaders is converted to a pointer to a byte pointer, and
+		* receives the address of a block of memory containing the multi-string structure */
+		DWORD dwReaders = SCARD_AUTOALLOCATE;
+
+		/* Retrieving the available readers list and putting it in mszReaders*/ // Use LPSTR on linux
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardListReadersA(hContext, NULL, (LPSTR)&mszReaders, &dwReaders);
+		#else
+		LONG returnValue = SCardListReaders(hContext, NULL, (LPTSTR)&mszReaders, &dwReaders);
+		#endif
+
+		/* If the is no readers, return */
+		if(returnValue == SCARD_E_NO_READERS_AVAILABLE) return 0;
+
+		/* Check if the listing of the connected readers was unsuccessful  */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+ 
+		nbReaders = 0;
+		LPSTR ReaderPtr = mszReaders;
+		
+		/* Getting the total number of readers */
+		while (*ReaderPtr != '\0')
+		{
+			readers.push_back(ReaderPtr);
+			ReaderPtr += strlen((char*)ReaderPtr) + 1;
+			nbReaders++;
+		}
+
+		return nbReaders;
+	}
+
+	/* Connecting to the card in the given reader*/
+	int IccDataExtractor::ConnectCard(unsigned long int reader_nb){
+
+		/* Check if the given reader slot number is possible */
+		if (reader_nb < 0 || reader_nb >= nbReaders)
+			throw InvalidEMVPath();
+
+		dwActiveProtocol = SCARD_PROTOCOL_UNDEFINED;
+	
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardConnectA(hContext, readers[reader_nb], SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol);
+		#else
+		LONG returnValue = SCardConnect(hContext, readers[reader_nb], SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol);
+		#endif
+
+		/* Check is the card connection was unsuccessful */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		return EXIT_SUCCESS;
+	}
+
+	/* Disconnect the card currently connected*/
+	int IccDataExtractor::DisconnectCard(){
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardDisconnect(hCard, SCARD_UNPOWER_CARD);
+		#else
+		LONG returnValue = SCardDisconnect(hCard, SCARD_UNPOWER_CARD);
+		#endif
+
+		/* Check is the card deconnection was unsuccessful */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		return EXIT_SUCCESS;
+	}
+
+	/* Testing if the card contains the application of the given EMV type (0:Mastercard, 1:Visa, 2:Amex) */
+	bool IccDataExtractor::TestingCardType(const int SELECT_TYPE_NUMBER){
+
+		const BYTE * SELECTED_TYPE = SELECT_TYPES[SELECT_TYPE_NUMBER];
+
+		BYTE pbRecvBuffer[64];      /* Buffer to receive the card response */
+
+		DWORD dwSendLength = SELECT_TYPE_SIZE;     /* Set the size of the send buffer */
+		DWORD dwRecvLength = sizeof(pbRecvBuffer); /* Set the size of the reception buffer */
+
+		/* Set up the io request */
+		SCARD_IO_REQUEST ioRequest;
+		ioRequest.dwProtocol = dwActiveProtocol;
+		ioRequest.cbPciLength = sizeof(ioRequest);
+
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardTransmit(hCard, &ioRequest, SELECTED_TYPE, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);
+		#else
+		LONG returnValue = SCardTransmit(hCard, &ioRequest, SELECTED_TYPE, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);
+		#endif
+
+		/* Check if the transmission was unsuccessful  */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		/* It received a response. Check if it didn't get a recognisable response */
+		if (dwRecvLength < 2)
+			return false;
+
+		/* Check if the command successfully executed (the card is the type passed in the parameter) */
+		if (pbRecvBuffer[0] == 0x61)
+			return true;
+
+		return false;
+	}
+
+	/* Getting the ICC Public Key Certificates and the Issuer Public Key Certificates by parsing the application
+	* (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/
+	void IccDataExtractor::GetCerts(vector<byte> &CERTS){
+
+		CERTS.clear();
+
+		bool iccFound= false;
+		bool issuerFound= false;
+
+		shared_ptr<TLVNode> node;
+		shared_ptr<TLVNode> ICC_Public_Key_Certificate;
+		shared_ptr<TLVNode> Issuer_PK_Certificate;
+
+		BYTE pbRecvBuffer[64];      /* Buffer to receive the card response */
+		BYTE pbRecvBufferFat[256];  /* Bigger buffer to receive the card response */
+
+		DWORD dwSendLength; /* Size of the send buffer */
+		DWORD dwRecvLength; /* Size of the reception buffer */
+
+		/* Set up the io request */
+		SCARD_IO_REQUEST ioRequest;
+		ioRequest.dwProtocol = dwActiveProtocol;
+		ioRequest.cbPciLength = sizeof(ioRequest);
+
+		LONG returnValue;
+
+		/* Parsing root folders */
+		for (int sfi = 0; sfi < 32; sfi++)
+		{
+			/* Parsing sub folders */
+			for (int rec = 0; rec < 17; rec++)
+			{
+				BYTE SELECT_APDU_FILE[] = {00, 0xB2, static_cast<unsigned char>(rec), static_cast<unsigned char>((sfi << 3) | 4), 0x00};
+
+				dwSendLength = sizeof(SELECT_APDU_FILE);
+				dwRecvLength = sizeof(pbRecvBuffer);
+
+				/* Check if there is data in the folder */
+				#ifdef TC_WINDOWS
+				returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);
+				#else
+				returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);
+				#endif
+
+				/* Check if the transmission was unsuccessful  */
+				if (returnValue != SCARD_S_SUCCESS)
+					throw PCSCException(returnValue);
+
+				/* There is no data in the folder */
+				if (pbRecvBuffer[0] != 0x6C)
+					continue;
+
+				/* It set the proper expected length of the data in the APDU */
+				SELECT_APDU_FILE[4] = pbRecvBuffer[1];
+
+				dwRecvLength = sizeof(pbRecvBufferFat);
+
+				/* Get the data from the folder */
+				#ifdef TC_WINDOWS
+				returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength, NULL, pbRecvBufferFat, &dwRecvLength);
+				#else
+				returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength, NULL, pbRecvBufferFat, &dwRecvLength);
+				#endif
+
+				/* Check if the transmission was unsuccessful */
+				if (returnValue != SCARD_S_SUCCESS)
+					throw PCSCException(returnValue);
+
+				/* It received a response. Check if it didn't get a recognisable response */
+				if (dwRecvLength < 2)
+					continue;
+
+				/* Parsing the TLV */
+				try{
+					node = TLVParser::TLV_Parse(pbRecvBufferFat,sizeof(pbRecvBufferFat));
+				}catch(TLVException){
+					continue;
+				}
+
+				/* Finding the ICC_Public_Key_Certificate */
+				try{
+					ICC_Public_Key_Certificate = TLVParser::TLV_Find(node, 0x9F46);
+				}catch(TLVException){
+					continue;
+				}
+				if(ICC_Public_Key_Certificate) {
+					iccFound=true;
+					for (int i = 0; i < ICC_Public_Key_Certificate->Length;i++) {
+						CERTS.push_back(static_cast<byte>(ICC_Public_Key_Certificate->Value[i]));
+					}
+				}
+
+				/* Finding the Issuer_Public_Key_Certificate */
+				try{
+					Issuer_PK_Certificate = TLVParser::TLV_Find(node, 0x90);
+				}catch(TLVException){
+					continue;
+				}
+
+				if(Issuer_PK_Certificate) {
+					issuerFound=true;
+					for (int i = 0; i < Issuer_PK_Certificate->Length;i++) {
+						CERTS.push_back(static_cast<byte>(Issuer_PK_Certificate->Value[i]));
+					}
+				}
+
+				/* Limiting the search to at least one occurrence of both PKs to speed up the process.
+				* There might be more certificates tho */
+				if(iccFound && issuerFound){
+                    burn(pbRecvBuffer, sizeof(pbRecvBuffer));
+                    burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));
+                    return;
+                }
+			}
+		}
+        burn(pbRecvBuffer, sizeof(pbRecvBuffer));
+        burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));
+		throw EMVKeyfileDataNotFound();
+	}
+
+	/* Getting CPCL data from the card*/
+	void IccDataExtractor::GetCPCL(vector<byte> &v){
+
+		BYTE SELECT_APDU_CPCL[] = {0x80,0xCA, 0x9F, 0x7F, 0x00};
+
+		BYTE pbRecvBuffer[64];                              /* Buffer to receive the card response */
+		BYTE pbRecvBufferFat[256];                          /* Bigger buffer to receive the card response */
+
+		DWORD dwSendLength = sizeof (SELECT_APDU_CPCL);     /* Set the size of the send buffer */
+		DWORD dwRecvLength = sizeof(pbRecvBuffer);          /* Set the size of the reception buffer */
+
+		/* Set up the io request */
+		SCARD_IO_REQUEST ioRequest;
+		ioRequest.dwProtocol = dwActiveProtocol;
+		ioRequest.cbPciLength = sizeof(ioRequest);
+
+		/* Check if there is the TAG for CPCL Data in the card */
+		#ifdef TC_WINDOWS
+		LONG returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);
+		#else
+		LONG returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);
+		#endif
+
+		/* Check if the transmission was unsuccessful  */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		/* Not the correct APDU response code */
+		if (pbRecvBuffer[0] != 0x6C)
+			throw EMVKeyfileDataNotFound();
+
+		/* It set the proper expected length of the data in the APDU */
+		SELECT_APDU_CPCL[4] = pbRecvBuffer[1];
+
+		dwRecvLength = sizeof(pbRecvBufferFat);
+
+		/* Get the CPCL data */
+		#ifdef TC_WINDOWS
+		returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);
+		#else
+		returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);
+		#endif
+
+		/* Check if the transmission was unsuccessful  */
+		if (returnValue != SCARD_S_SUCCESS)
+			throw PCSCException(returnValue);
+
+		/* It received a response. Check if it didn't get a recognisable response */
+		if (dwRecvLength < 2)
+			throw EMVKeyfileDataNotFound();
+
+		/* We add CPCL data and crop the TAG and the data length at the start and the trailer at the end */
+		for (unsigned long i = 3; i < dwRecvLength-2; i++) {
+			v.push_back(static_cast<byte>(pbRecvBufferFat[i]));
+		}
+        burn(pbRecvBuffer, sizeof(pbRecvBuffer));
+        burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));
+
+	}
+
+	/* Getting an ICC Public Key Certificates and an Issuer Public Key Certificates for the first application with the cpcl
+	* data present on the card and finally merge it into one byte array */
+	void IccDataExtractor::GettingAllCerts(int readerNumber, vector<byte> &v){
+
+		#ifdef TC_WINDOWS
+		if(!Initialized) 
+			throw WinscardLibraryNotInitialized();
+		#endif 
+
+		bool isEMV= false;
+
+		ConnectCard(readerNumber);
+
+		/* Test all the type of applications and get the certificates from the first one found */
+		for(int i=0;i<sizeof(SELECT_TYPES)/sizeof(SELECT_TYPES[0]); i++){
+
+			/* The card does not contain this application (0:Mastercard, 1:Visa, 2:Amex) */
+			if(!TestingCardType(i)) continue;
+			isEMV= true;
+			GetCerts(v);
+			break;
+		}
+
+		/* Need to disconnect reconnect the card to access CPLC data (not located in any application) */
+		DisconnectCard();
+
+		/* Check if the card is not an EMV one */
+		if(!isEMV)
+			throw EMVUnknownCardType();
+
+		ConnectCard(readerNumber);
+
+		GetCPCL(v);
+
+		DisconnectCard();
+	}
+
+	/* Getting the PAN  by parsing the application
+	* (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/
+	void IccDataExtractor::GetPAN(vector<byte> &v) {
+
+		bool PANFound= false;
+		shared_ptr<TLVNode> node;
+		shared_ptr<TLVNode> PAN;
+
+		BYTE pbRecvBuffer[64];      /* Buffer to receive the card response */
+		BYTE pbRecvBufferFat[256];  /* Bigger buffer to receive the card response */
+
+		DWORD dwSendLength; /* Size of the send buffer */
+		DWORD dwRecvLength; /* Size of the reception buffer */
+
+		/* Set up the io request */
+		SCARD_IO_REQUEST ioRequest;
+		ioRequest.dwProtocol = dwActiveProtocol;
+		ioRequest.cbPciLength = sizeof(ioRequest);
+
+		LONG returnValue;
+
+		/* Parsing root folders */
+		for (int sfi = 0; sfi < 32; sfi++)
+		{
+			/* Parsing sub folders */
+			for (int rec = 0; rec < 17; rec++)
+			{
+				BYTE SELECT_APDU_FILE[] = {00, 0xB2, static_cast<unsigned char>(rec), static_cast<unsigned char>((sfi << 3) | 4), 0x00};
+
+				dwSendLength = sizeof(SELECT_APDU_FILE);
+				dwRecvLength = sizeof(pbRecvBuffer);
+
+				/* Check if there is data in the folder */
+				#ifdef TC_WINDOWS
+				returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);
+				#else
+				returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);
+				#endif
+
+				/* Check if the transmission was unsuccessful  */
+				if (returnValue != SCARD_S_SUCCESS)
+					throw PCSCException(returnValue);
+
+				/* There is no data in the folder */
+				if (pbRecvBuffer[0] != 0x6C)
+					continue;
+
+				/* It set the proper expected length of the data in the APDU */
+				SELECT_APDU_FILE[4] = pbRecvBuffer[1];
+
+				dwRecvLength = sizeof(pbRecvBufferFat);
+
+				/* Get the data from the folder */
+				#ifdef TC_WINDOWS
+				returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);
+				#else
+				returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);
+				#endif
+
+				/* Check if the transmission was unsuccessful */
+				if (returnValue != SCARD_S_SUCCESS)
+					throw PCSCException(returnValue);
+
+				/* It received a response. Check if it didn't get a recognisable response */
+				if (dwRecvLength < 2)
+					continue;
+
+				/* Parsing the TLV */
+				try{
+					node = TLVParser::TLV_Parse(pbRecvBufferFat,sizeof(pbRecvBufferFat));
+				}catch(TLVException){
+					continue;
+				}
+
+				/* Finding the PAN */
+				try{
+					PAN = TLVParser::TLV_Find(node, 0x5A);
+				}catch(TLVException){
+					continue;
+				}
+				if(PAN) {
+					PANFound=true;
+					if (PAN->Length >= 8){
+						for (int i = 6; i < 8;i++) {
+							v.push_back(static_cast<byte>(PAN->Value[i]));
+						}
+					}
+				}
+
+				if(PANFound){
+                    burn(pbRecvBuffer, sizeof(pbRecvBuffer));
+                    burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));
+                    return ;
+                }
+			}
+		}
+        burn(pbRecvBuffer, sizeof(pbRecvBuffer));
+        burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));
+		throw EMVPANNotFound();
+	}
+
+	/* Helper function to transform the PAN received (vector of byte) to a string */
+	template<typename TInputIter>
+	void IccDataExtractor::make_hex_string(TInputIter first, TInputIter last, string& returnValue, bool use_uppercase, bool insert_spaces) {
+		ostringstream ss;
+		ss << hex << std::setfill('0');
+		if (use_uppercase)
+			ss << uppercase;
+		while (first != last)
+		{
+			ss << setw(2) << static_cast<int>(*first++);
+			if (insert_spaces && first != last)
+				ss << " ";
+		}
+
+		returnValue = ss.str();
+	}
+
+	/* Wrapper function to get the PAN of the card*/
+	void IccDataExtractor::GettingPAN(int readerNumber, string& panString) {
+
+		#ifdef TC_WINDOWS
+		if(!Initialized) 
+			throw WinscardLibraryNotInitialized();
+		#endif 
+
+		vector<byte> PAN;
+
+		bool isEMV= false;
+
+		ConnectCard(readerNumber);
+
+		/* Test all the type of applications and get the PAN from the first one found */
+		for(int i=0;i<sizeof(SELECT_TYPES)/sizeof(SELECT_TYPES[0]); i++){
+
+			/* The card does not contain this application (0:Mastercard, 1:Visa, 2:Amex) */
+			if(!TestingCardType(i)) continue;
+			isEMV=true;
+			GetPAN(PAN);
+			break;
+		}
+
+		DisconnectCard();
+
+		/* Check if the card is not an EMV one */
+		if(!isEMV)
+			throw EMVUnknownCardType();
+
+		make_hex_string(PAN.begin(),PAN.end(),panString);
+
+		burn(&PAN.front(),PAN.size());
+	}
+
+	PCSCException::operator string() const{
+		if (ErrorCode == SCARD_S_SUCCESS)
+			return string();
+
+		static const struct{
+			LONG ErrorCode;
+			const char* ErrorString;
+		} ErrorStrings[] = {
+			#define SC_ERR(CODE) { CODE, #CODE },
+#ifdef TC_WINDOWS
+                SC_ERR(ERROR_BROKEN_PIPE)
+            SC_ERR(SCARD_E_NO_PIN_CACHE)
+            SC_ERR(SCARD_E_PIN_CACHE_EXPIRED)
+            SC_ERR(SCARD_E_READ_ONLY_CARD)
+            SC_ERR(SCARD_W_CACHE_ITEM_NOT_FOUND)
+            SC_ERR(SCARD_W_CACHE_ITEM_STALE)
+            SC_ERR(SCARD_W_CACHE_ITEM_TOO_BIG)
+#endif
+                SC_ERR(SCARD_E_BAD_SEEK)
+                SC_ERR(SCARD_E_CANCELLED)
+                SC_ERR(SCARD_E_CANT_DISPOSE)
+                SC_ERR(SCARD_E_CARD_UNSUPPORTED)
+                SC_ERR(SCARD_E_CERTIFICATE_UNAVAILABLE)
+                SC_ERR(SCARD_E_COMM_DATA_LOST)
+                SC_ERR(SCARD_E_COMM_DATA_LOST)
+                SC_ERR(SCARD_E_DIR_NOT_FOUND)
+                SC_ERR(SCARD_E_DUPLICATE_READER)
+                SC_ERR(SCARD_E_FILE_NOT_FOUND)
+                SC_ERR(SCARD_E_ICC_CREATEORDER)
+                SC_ERR(SCARD_E_ICC_INSTALLATION)
+                SC_ERR(SCARD_E_INSUFFICIENT_BUFFER)
+                SC_ERR(SCARD_E_INVALID_ATR)
+                SC_ERR(SCARD_E_INVALID_CHV)
+                SC_ERR(SCARD_E_INVALID_HANDLE)
+                SC_ERR(SCARD_E_INVALID_PARAMETER)
+                SC_ERR(SCARD_E_INVALID_TARGET)
+                SC_ERR(SCARD_E_INVALID_VALUE)
+                SC_ERR(SCARD_E_NO_ACCESS)
+                SC_ERR(SCARD_E_NO_DIR)
+                SC_ERR(SCARD_E_NO_FILE)
+                SC_ERR(SCARD_E_NO_KEY_CONTAINER)
+                SC_ERR(SCARD_E_NO_MEMORY)
+                SC_ERR(SCARD_E_NO_READERS_AVAILABLE)
+                SC_ERR(SCARD_E_NO_SERVICE)
+                SC_ERR(SCARD_E_NO_SMARTCARD)
+                SC_ERR(SCARD_E_NO_SUCH_CERTIFICATE)
+                SC_ERR(SCARD_E_NOT_READY)
+                SC_ERR(SCARD_E_NOT_TRANSACTED)
+                SC_ERR(SCARD_E_PCI_TOO_SMALL)
+                SC_ERR(SCARD_E_PROTO_MISMATCH)
+                SC_ERR(SCARD_E_READER_UNAVAILABLE)
+                SC_ERR(SCARD_E_READER_UNSUPPORTED)
+                SC_ERR(SCARD_E_SERVER_TOO_BUSY)
+                SC_ERR(SCARD_E_SERVICE_STOPPED)
+                SC_ERR(SCARD_E_SHARING_VIOLATION)
+                SC_ERR(SCARD_E_SYSTEM_CANCELLED)
+                SC_ERR(SCARD_E_TIMEOUT)
+                SC_ERR(SCARD_E_UNEXPECTED)
+                SC_ERR(SCARD_E_UNKNOWN_CARD)
+                SC_ERR(SCARD_E_UNKNOWN_READER)
+                SC_ERR(SCARD_E_UNKNOWN_RES_MNG)
+                SC_ERR(SCARD_E_UNSUPPORTED_FEATURE)
+                SC_ERR(SCARD_E_WRITE_TOO_MANY)
+                SC_ERR(SCARD_F_COMM_ERROR)
+                SC_ERR(SCARD_F_INTERNAL_ERROR)
+                SC_ERR(SCARD_F_UNKNOWN_ERROR)
+                SC_ERR(SCARD_W_CANCELLED_BY_USER)
+                SC_ERR(SCARD_W_CARD_NOT_AUTHENTICATED)
+                SC_ERR(SCARD_W_CHV_BLOCKED)
+                SC_ERR(SCARD_W_EOF)
+                SC_ERR(SCARD_W_REMOVED_CARD)
+                SC_ERR(SCARD_W_RESET_CARD)
+                SC_ERR(SCARD_W_SECURITY_VIOLATION)
+                SC_ERR(SCARD_W_UNPOWERED_CARD)
+                SC_ERR(SCARD_W_UNRESPONSIVE_CARD)
+                SC_ERR(SCARD_W_UNSUPPORTED_CARD)
+                SC_ERR(SCARD_W_WRONG_CHV)
+#undef SC_ERR
+		};
+
+		for (size_t i = 0; i < array_capacity(ErrorStrings); ++i)
+		{
+			if (ErrorStrings[i].ErrorCode == ErrorCode)
+				return ErrorStrings[i].ErrorString;
+		}
+
+		stringstream s;
+		s << "0x" << ErrorCode;
+		return s.str();
+	}
+
+	#ifdef TC_HEADER_Common_Exception
+	void PCSCException::Show(HWND parent) const
+	{
+		string errorString = string(*this);
+
+		if (!errorString.empty())
+		{
+			wstringstream subjectErrorCode;
+			if (SubjectErrorCodeValid)
+				subjectErrorCode << L": " << SubjectErrorCode;
+
+			if (!GetDictionaryValue(errorString.c_str()))
+			{
+				if (errorString.find("SCARD_E_") == 0 || errorString.find("SCARD_F_") == 0 || errorString.find("SCARD_W_") == 0)
+				{
+					errorString = errorString.substr(8);
+					for (size_t i = 0; i < errorString.size(); ++i)
+					{
+						if (errorString[i] == '_')
+							errorString[i] = ' ';
+					}
+				}
+				wchar_t err[8192];
+				StringCbPrintfW(err, sizeof(err), L"%s:\n\n%hs%s", GetString("PCSC_ERROR"), errorString.c_str(), subjectErrorCode.str().c_str());
+				ErrorDirect(err, parent);
+			}
+			else
+			{
+				wstring err = GetString(errorString.c_str());
+
+				if (SubjectErrorCodeValid)
+					err += L"\n\nError code" + subjectErrorCode.str();
+
+				ErrorDirect(err.c_str(), parent);
+			}
+		}
+	}
+	#endif // TC_HEADER_Common_Exception
+
+#ifdef TC_HEADER_Platform_Exception
+
+    void PCSCException::Deserialize(shared_ptr <Stream> stream)
+	{
+		Exception::Deserialize(stream);
+		Serializer sr(stream);
+		uint64 code;
+		sr.Deserialize("ErrorCode", code);
+		sr.Deserialize("SubjectErrorCodeValid", SubjectErrorCodeValid);
+		sr.Deserialize("SubjectErrorCode", SubjectErrorCode);
+		ErrorCode = (LONG)code;
+	}
+
+	void PCSCException::Serialize(shared_ptr <Stream> stream) const
+	{
+		Exception::Serialize(stream);
+		Serializer sr(stream);
+		sr.Serialize("ErrorCode", (uint64)ErrorCode);
+		sr.Serialize("SubjectErrorCodeValid", SubjectErrorCodeValid);
+		sr.Serialize("SubjectErrorCode", SubjectErrorCode);
+	}
+
+#	define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
+#	undef TC_EXCEPTION_NODECL
+#	define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
+
+	TC_SERIALIZER_FACTORY_ADD_EXCEPTION_SET(PCSCTokenException);
+
+#endif
+
+}
+\ No newline at end of file
author	mmauv <99472743+mmauv@users.noreply.github.com>	2023-06-28 22:51:43 +0200
committer	GitHub <noreply@github.com>	2023-06-28 22:51:43 +0200
commit	502ab9112a7624dbd7c1c90c2e12ed45512b8b3c (patch)
tree	951e70be174df6f1d214f37e5ca10c49519b7d73 /src/Common/IccDataExtractor.cpp
parent	f4e109afcfcdd7ad067158b66d08787f371a6bc4 (diff)
download	VeraCrypt-502ab9112a7624dbd7c1c90c2e12ed45512b8b3c.tar.gz VeraCrypt-502ab9112a7624dbd7c1c90c2e12ed45512b8b3c.zip