-/*

- Derived from source code of TrueCrypt 7.1a, which is

- Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

- by the TrueCrypt License 3.0.

-

- Modifications and additions to the original source code (contained in this file)

- and all other portions of this file are Copyright (c) 2013-2016 IDRIX

- and are governed by the Apache License 2.0 the full text of which is

- contained in the file License.txt included in VeraCrypt binary and source

- code distribution packages.

-*/

-

-#ifndef TC_HEADER_Common_SecurityToken

-#define TC_HEADER_Common_SecurityToken

-

-#include "Platform/PlatformBase.h"

-#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)

-# include "Exception.h"

-#else

-# include "Platform/Exception.h"

-#endif

-

-#ifndef NULL_PTR

-# define NULL_PTR 0

-#endif

-#define CK_PTR *

-#define CK_CALLBACK_FUNCTION(RET_TYPE, NAME) RET_TYPE (* NAME)

-

-#ifdef TC_WINDOWS

-

-# include <windows.h>

-

-# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllexport) NAME

-# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) NAME

-# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) (* NAME)

-

-# pragma pack(push, cryptoki, 1)

-# include <pkcs11.h>

-# pragma pack(pop, cryptoki)

-

-#else // !TC_WINDOWS

-

-# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME

-# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME

-# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE (* NAME)

-

-# include <pkcs11.h>

-

-#endif // !TC_WINDOWS

-

-

-#define TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX L"token://"

-#define TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"slot"

-#define TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"file"

-

-namespace VeraCrypt

-{

- struct SecurityTokenInfo

- {

- CK_SLOT_ID SlotId;

- CK_FLAGS Flags;

- wstring Label;

- string LabelUtf8;

- };

-

- struct SecurityTokenKeyfilePath

- {

- SecurityTokenKeyfilePath () { }

- SecurityTokenKeyfilePath (const wstring &path) : Path (path) { }

- operator wstring () const { return Path; }

- wstring Path;

- };

-

- struct SecurityTokenKeyfile

- {

- SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; }

- SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin = nullptr);

-

- operator SecurityTokenKeyfilePath () const;

-

- CK_OBJECT_HANDLE Handle;

- wstring Id;

- string IdUtf8;

- CK_SLOT_ID SlotId;

- SecurityTokenInfo Token;

- };

-

- struct Pkcs11Exception : public Exception

- {

- Pkcs11Exception (CK_RV errorCode = (CK_RV) -1)

- : ErrorCode (errorCode),

- SubjectErrorCodeValid (false),

- SubjectErrorCode( (uint64) -1)

- {

- }

-

- Pkcs11Exception (CK_RV errorCode, uint64 subjectErrorCode)

- : ErrorCode (errorCode),

- SubjectErrorCodeValid (true),

- SubjectErrorCode (subjectErrorCode)

- {

- }

-

-#ifdef TC_HEADER_Platform_Exception

- virtual ~Pkcs11Exception () throw () { }

- TC_SERIALIZABLE_EXCEPTION (Pkcs11Exception);

-#else

- void Show (HWND parent) const;

-#endif

- operator string () const;

- CK_RV GetErrorCode () const { return ErrorCode; }

-

- protected:

- CK_RV ErrorCode;

- bool SubjectErrorCodeValid;

- uint64 SubjectErrorCode;

- };

-

-

-#ifdef TC_HEADER_Platform_Exception

-

-#define TC_EXCEPTION(NAME) TC_EXCEPTION_DECL(NAME,Exception)

-

-#undef TC_EXCEPTION_SET

-#define TC_EXCEPTION_SET \

- TC_EXCEPTION_NODECL (Pkcs11Exception); \

- TC_EXCEPTION (InvalidSecurityTokenKeyfilePath); \

- TC_EXCEPTION (SecurityTokenLibraryNotInitialized); \

- TC_EXCEPTION (SecurityTokenKeyfileAlreadyExists); \

- TC_EXCEPTION (SecurityTokenKeyfileNotFound);

-

- TC_EXCEPTION_SET;

-

-#undef TC_EXCEPTION

-

-#else // !TC_HEADER_Platform_Exception

-

- struct SecurityTokenLibraryNotInitialized : public Exception

- {

- void Show (HWND parent) const { Error (SecurityTokenLibraryPath[0] == 0 ? "NO_PKCS11_MODULE_SPECIFIED" : "PKCS11_MODULE_INIT_FAILED", parent); }

- };

-

- struct InvalidSecurityTokenKeyfilePath : public Exception

- {

- void Show (HWND parent) const { Error ("INVALID_TOKEN_KEYFILE_PATH", parent); }

- };

-

- struct SecurityTokenKeyfileAlreadyExists : public Exception

- {

- void Show (HWND parent) const { Error ("TOKEN_KEYFILE_ALREADY_EXISTS", parent); }

- };

-

- struct SecurityTokenKeyfileNotFound : public Exception

- {

- void Show (HWND parent) const { Error ("TOKEN_KEYFILE_NOT_FOUND", parent); }

- };

-

-#endif // !TC_HEADER_Platform_Exception

-

-

- struct Pkcs11Session

- {

- Pkcs11Session () : Handle (CK_UNAVAILABLE_INFORMATION), UserLoggedIn (false) { }

-

- CK_SESSION_HANDLE Handle;

- bool UserLoggedIn;

- };

-

- struct GetPinFunctor

- {

- virtual ~GetPinFunctor () { }

- virtual void operator() (string &str) = 0;

- };

-

- struct SendExceptionFunctor

- {

- virtual ~SendExceptionFunctor () { }

- virtual void operator() (const Exception &e) = 0;

- };

-

- class SecurityToken

- {

- public:

- static void CloseAllSessions () throw ();

- static void CloseLibrary ();

- static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name);

- static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile);

- static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring(), char* pin = nullptr);

- static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData);

- static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData);

- static list <SecurityTokenInfo> GetAvailableTokens ();

- static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId);

-#ifdef TC_WINDOWS

- static void InitLibrary (const wstring &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback);

-#else

- static void InitLibrary (const string &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback);

-#endif

- static bool IsInitialized () { return Initialized; }

- static bool IsKeyfilePathValid (const wstring &securityTokenKeyfilePath);

-

- static const size_t MaxPasswordLength = 128;

-

- protected:

- static void CloseSession (CK_SLOT_ID slotId);

- static vector <CK_OBJECT_HANDLE> GetObjects (CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass);

- static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue);

- static list <CK_SLOT_ID> GetTokenSlots ();

- static void Login (CK_SLOT_ID slotId, const char* pin);

- static void LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin = nullptr);

- static void OpenSession (CK_SLOT_ID slotId);

- static void CheckLibraryStatus ();

-

- static bool Initialized;

- static auto_ptr <GetPinFunctor> PinCallback;

- static CK_FUNCTION_LIST_PTR Pkcs11Functions;

-#ifdef TC_WINDOWS

- static HMODULE Pkcs11LibraryHandle;

-#else

- static void *Pkcs11LibraryHandle;

-#endif

- static map <CK_SLOT_ID, Pkcs11Session> Sessions;

- static auto_ptr <SendExceptionFunctor> WarningCallback;

- };

-}

-

-#endif // TC_HEADER_Common_SecurityToken