diff options
Diffstat (limited to 'src/Common/SecurityToken.h')
-rw-r--r-- | src/Common/SecurityToken.h | 452 |
1 files changed, 226 insertions, 226 deletions
diff --git a/src/Common/SecurityToken.h b/src/Common/SecurityToken.h index 9c6c47cf..00d543a2 100644 --- a/src/Common/SecurityToken.h +++ b/src/Common/SecurityToken.h @@ -1,226 +1,226 @@ -/*
- Derived from source code of TrueCrypt 7.1a, which is
- Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
- by the TrueCrypt License 3.0.
-
- Modifications and additions to the original source code (contained in this file)
- and all other portions of this file are Copyright (c) 2013-2016 IDRIX
- and are governed by the Apache License 2.0 the full text of which is
- contained in the file License.txt included in VeraCrypt binary and source
- code distribution packages.
-*/
-
-#ifndef TC_HEADER_Common_SecurityToken
-#define TC_HEADER_Common_SecurityToken
-
-#include "Platform/PlatformBase.h"
-#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)
-# include "Exception.h"
-#else
-# include "Platform/Exception.h"
-#endif
-
-#ifndef NULL_PTR
-# define NULL_PTR 0
-#endif
-#define CK_PTR *
-#define CK_CALLBACK_FUNCTION(RET_TYPE, NAME) RET_TYPE (* NAME)
-
-#ifdef TC_WINDOWS
-
-# include <windows.h>
-
-# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllexport) NAME
-# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) NAME
-# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) (* NAME)
-
-# pragma pack(push, cryptoki, 1)
-# include <pkcs11.h>
-# pragma pack(pop, cryptoki)
-
-#else // !TC_WINDOWS
-
-# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME
-# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME
-# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE (* NAME)
-
-# include <pkcs11.h>
-
-#endif // !TC_WINDOWS
-
-
-#define TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX L"token://"
-#define TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"slot"
-#define TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"file"
-
-namespace VeraCrypt
-{
- struct SecurityTokenInfo
- {
- CK_SLOT_ID SlotId;
- CK_FLAGS Flags;
- wstring Label;
- string LabelUtf8;
- };
-
- struct SecurityTokenKeyfilePath
- {
- SecurityTokenKeyfilePath () { }
- SecurityTokenKeyfilePath (const wstring &path) : Path (path) { }
- operator wstring () const { return Path; }
- wstring Path;
- };
-
- struct SecurityTokenKeyfile
- {
- SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; }
- SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin = nullptr);
-
- operator SecurityTokenKeyfilePath () const;
-
- CK_OBJECT_HANDLE Handle;
- wstring Id;
- string IdUtf8;
- CK_SLOT_ID SlotId;
- SecurityTokenInfo Token;
- };
-
- struct Pkcs11Exception : public Exception
- {
- Pkcs11Exception (CK_RV errorCode = (CK_RV) -1)
- : ErrorCode (errorCode),
- SubjectErrorCodeValid (false),
- SubjectErrorCode( (uint64) -1)
- {
- }
-
- Pkcs11Exception (CK_RV errorCode, uint64 subjectErrorCode)
- : ErrorCode (errorCode),
- SubjectErrorCodeValid (true),
- SubjectErrorCode (subjectErrorCode)
- {
- }
-
-#ifdef TC_HEADER_Platform_Exception
- virtual ~Pkcs11Exception () throw () { }
- TC_SERIALIZABLE_EXCEPTION (Pkcs11Exception);
-#else
- void Show (HWND parent) const;
-#endif
- operator string () const;
- CK_RV GetErrorCode () const { return ErrorCode; }
-
- protected:
- CK_RV ErrorCode;
- bool SubjectErrorCodeValid;
- uint64 SubjectErrorCode;
- };
-
-
-#ifdef TC_HEADER_Platform_Exception
-
-#define TC_EXCEPTION(NAME) TC_EXCEPTION_DECL(NAME,Exception)
-
-#undef TC_EXCEPTION_SET
-#define TC_EXCEPTION_SET \
- TC_EXCEPTION_NODECL (Pkcs11Exception); \
- TC_EXCEPTION (InvalidSecurityTokenKeyfilePath); \
- TC_EXCEPTION (SecurityTokenLibraryNotInitialized); \
- TC_EXCEPTION (SecurityTokenKeyfileAlreadyExists); \
- TC_EXCEPTION (SecurityTokenKeyfileNotFound);
-
- TC_EXCEPTION_SET;
-
-#undef TC_EXCEPTION
-
-#else // !TC_HEADER_Platform_Exception
-
- struct SecurityTokenLibraryNotInitialized : public Exception
- {
- void Show (HWND parent) const { Error (SecurityTokenLibraryPath[0] == 0 ? "NO_PKCS11_MODULE_SPECIFIED" : "PKCS11_MODULE_INIT_FAILED", parent); }
- };
-
- struct InvalidSecurityTokenKeyfilePath : public Exception
- {
- void Show (HWND parent) const { Error ("INVALID_TOKEN_KEYFILE_PATH", parent); }
- };
-
- struct SecurityTokenKeyfileAlreadyExists : public Exception
- {
- void Show (HWND parent) const { Error ("TOKEN_KEYFILE_ALREADY_EXISTS", parent); }
- };
-
- struct SecurityTokenKeyfileNotFound : public Exception
- {
- void Show (HWND parent) const { Error ("TOKEN_KEYFILE_NOT_FOUND", parent); }
- };
-
-#endif // !TC_HEADER_Platform_Exception
-
-
- struct Pkcs11Session
- {
- Pkcs11Session () : Handle (CK_UNAVAILABLE_INFORMATION), UserLoggedIn (false) { }
-
- CK_SESSION_HANDLE Handle;
- bool UserLoggedIn;
- };
-
- struct GetPinFunctor
- {
- virtual ~GetPinFunctor () { }
- virtual void operator() (string &str) = 0;
- };
-
- struct SendExceptionFunctor
- {
- virtual ~SendExceptionFunctor () { }
- virtual void operator() (const Exception &e) = 0;
- };
-
- class SecurityToken
- {
- public:
- static void CloseAllSessions () throw ();
- static void CloseLibrary ();
- static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name);
- static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile);
- static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring(), char* pin = nullptr);
- static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData);
- static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData);
- static list <SecurityTokenInfo> GetAvailableTokens ();
- static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId);
-#ifdef TC_WINDOWS
- static void InitLibrary (const wstring &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback);
-#else
- static void InitLibrary (const string &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback);
-#endif
- static bool IsInitialized () { return Initialized; }
- static bool IsKeyfilePathValid (const wstring &securityTokenKeyfilePath);
-
- static const size_t MaxPasswordLength = 128;
-
- protected:
- static void CloseSession (CK_SLOT_ID slotId);
- static vector <CK_OBJECT_HANDLE> GetObjects (CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass);
- static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue);
- static list <CK_SLOT_ID> GetTokenSlots ();
- static void Login (CK_SLOT_ID slotId, const char* pin);
- static void LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin = nullptr);
- static void OpenSession (CK_SLOT_ID slotId);
- static void CheckLibraryStatus ();
-
- static bool Initialized;
- static auto_ptr <GetPinFunctor> PinCallback;
- static CK_FUNCTION_LIST_PTR Pkcs11Functions;
-#ifdef TC_WINDOWS
- static HMODULE Pkcs11LibraryHandle;
-#else
- static void *Pkcs11LibraryHandle;
-#endif
- static map <CK_SLOT_ID, Pkcs11Session> Sessions;
- static auto_ptr <SendExceptionFunctor> WarningCallback;
- };
-}
-
-#endif // TC_HEADER_Common_SecurityToken
+/* + Derived from source code of TrueCrypt 7.1a, which is + Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed + by the TrueCrypt License 3.0. + + Modifications and additions to the original source code (contained in this file) + and all other portions of this file are Copyright (c) 2013-2016 IDRIX + and are governed by the Apache License 2.0 the full text of which is + contained in the file License.txt included in VeraCrypt binary and source + code distribution packages. +*/ + +#ifndef TC_HEADER_Common_SecurityToken +#define TC_HEADER_Common_SecurityToken + +#include "Platform/PlatformBase.h" +#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE) +# include "Exception.h" +#else +# include "Platform/Exception.h" +#endif + +#ifndef NULL_PTR +# define NULL_PTR 0 +#endif +#define CK_PTR * +#define CK_CALLBACK_FUNCTION(RET_TYPE, NAME) RET_TYPE (* NAME) + +#ifdef TC_WINDOWS + +# include <windows.h> + +# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllexport) NAME +# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) NAME +# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE __declspec(dllimport) (* NAME) + +# pragma pack(push, cryptoki, 1) +# include <pkcs11.h> +# pragma pack(pop, cryptoki) + +#else // !TC_WINDOWS + +# define CK_DEFINE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME +# define CK_DECLARE_FUNCTION(RET_TYPE, NAME) RET_TYPE NAME +# define CK_DECLARE_FUNCTION_POINTER(RET_TYPE, NAME) RET_TYPE (* NAME) + +# include <pkcs11.h> + +#endif // !TC_WINDOWS + + +#define TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX L"token://" +#define TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"slot" +#define TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"file" + +namespace VeraCrypt +{ + struct SecurityTokenInfo + { + CK_SLOT_ID SlotId; + CK_FLAGS Flags; + wstring Label; + string LabelUtf8; + }; + + struct SecurityTokenKeyfilePath + { + SecurityTokenKeyfilePath () { } + SecurityTokenKeyfilePath (const wstring &path) : Path (path) { } + operator wstring () const { return Path; } + wstring Path; + }; + + struct SecurityTokenKeyfile + { + SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; } + SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin = nullptr); + + operator SecurityTokenKeyfilePath () const; + + CK_OBJECT_HANDLE Handle; + wstring Id; + string IdUtf8; + CK_SLOT_ID SlotId; + SecurityTokenInfo Token; + }; + + struct Pkcs11Exception : public Exception + { + Pkcs11Exception (CK_RV errorCode = (CK_RV) -1) + : ErrorCode (errorCode), + SubjectErrorCodeValid (false), + SubjectErrorCode( (uint64) -1) + { + } + + Pkcs11Exception (CK_RV errorCode, uint64 subjectErrorCode) + : ErrorCode (errorCode), + SubjectErrorCodeValid (true), + SubjectErrorCode (subjectErrorCode) + { + } + +#ifdef TC_HEADER_Platform_Exception + virtual ~Pkcs11Exception () throw () { } + TC_SERIALIZABLE_EXCEPTION (Pkcs11Exception); +#else + void Show (HWND parent) const; +#endif + operator string () const; + CK_RV GetErrorCode () const { return ErrorCode; } + + protected: + CK_RV ErrorCode; + bool SubjectErrorCodeValid; + uint64 SubjectErrorCode; + }; + + +#ifdef TC_HEADER_Platform_Exception + +#define TC_EXCEPTION(NAME) TC_EXCEPTION_DECL(NAME,Exception) + +#undef TC_EXCEPTION_SET +#define TC_EXCEPTION_SET \ + TC_EXCEPTION_NODECL (Pkcs11Exception); \ + TC_EXCEPTION (InvalidSecurityTokenKeyfilePath); \ + TC_EXCEPTION (SecurityTokenLibraryNotInitialized); \ + TC_EXCEPTION (SecurityTokenKeyfileAlreadyExists); \ + TC_EXCEPTION (SecurityTokenKeyfileNotFound); + + TC_EXCEPTION_SET; + +#undef TC_EXCEPTION + +#else // !TC_HEADER_Platform_Exception + + struct SecurityTokenLibraryNotInitialized : public Exception + { + void Show (HWND parent) const { Error (SecurityTokenLibraryPath[0] == 0 ? "NO_PKCS11_MODULE_SPECIFIED" : "PKCS11_MODULE_INIT_FAILED", parent); } + }; + + struct InvalidSecurityTokenKeyfilePath : public Exception + { + void Show (HWND parent) const { Error ("INVALID_TOKEN_KEYFILE_PATH", parent); } + }; + + struct SecurityTokenKeyfileAlreadyExists : public Exception + { + void Show (HWND parent) const { Error ("TOKEN_KEYFILE_ALREADY_EXISTS", parent); } + }; + + struct SecurityTokenKeyfileNotFound : public Exception + { + void Show (HWND parent) const { Error ("TOKEN_KEYFILE_NOT_FOUND", parent); } + }; + +#endif // !TC_HEADER_Platform_Exception + + + struct Pkcs11Session + { + Pkcs11Session () : Handle (CK_UNAVAILABLE_INFORMATION), UserLoggedIn (false) { } + + CK_SESSION_HANDLE Handle; + bool UserLoggedIn; + }; + + struct GetPinFunctor + { + virtual ~GetPinFunctor () { } + virtual void operator() (string &str) = 0; + }; + + struct SendExceptionFunctor + { + virtual ~SendExceptionFunctor () { } + virtual void operator() (const Exception &e) = 0; + }; + + class SecurityToken + { + public: + static void CloseAllSessions () throw (); + static void CloseLibrary (); + static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name); + static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile); + static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring(), char* pin = nullptr); + static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData); + static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData); + static list <SecurityTokenInfo> GetAvailableTokens (); + static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId); +#ifdef TC_WINDOWS + static void InitLibrary (const wstring &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback); +#else + static void InitLibrary (const string &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback); +#endif + static bool IsInitialized () { return Initialized; } + static bool IsKeyfilePathValid (const wstring &securityTokenKeyfilePath); + + static const size_t MaxPasswordLength = 128; + + protected: + static void CloseSession (CK_SLOT_ID slotId); + static vector <CK_OBJECT_HANDLE> GetObjects (CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass); + static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue); + static list <CK_SLOT_ID> GetTokenSlots (); + static void Login (CK_SLOT_ID slotId, const char* pin); + static void LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin = nullptr); + static void OpenSession (CK_SLOT_ID slotId); + static void CheckLibraryStatus (); + + static bool Initialized; + static auto_ptr <GetPinFunctor> PinCallback; + static CK_FUNCTION_LIST_PTR Pkcs11Functions; +#ifdef TC_WINDOWS + static HMODULE Pkcs11LibraryHandle; +#else + static void *Pkcs11LibraryHandle; +#endif + static map <CK_SLOT_ID, Pkcs11Session> Sessions; + static auto_ptr <SendExceptionFunctor> WarningCallback; + }; +} + +#endif // TC_HEADER_Common_SecurityToken |