/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#include "EncryptionThreadPool.h"
#include "Pkcs5.h"
#ifdef DEVICE_DRIVER
#include "Driver/Ntdriver.h"
#endif
//Increasing the maximum number of threads
#define TC_ENC_THREAD_POOL_MAX_THREAD_COUNT 256 //64
#define TC_ENC_THREAD_POOL_QUEUE_SIZE (TC_ENC_THREAD_POOL_MAX_THREAD_COUNT * 2)
#define TC_ENC_THREAD_POOL_LEGACY_MAX_THREAD_COUNT 64
#define TC_ENC_THREAD_POOL_LEGACY_QUEUE_SIZE (TC_ENC_THREAD_POOL_LEGACY_MAX_THREAD_COUNT * 2)
static volatile size_t ThreadPoolCount = TC_ENC_THREAD_POOL_LEGACY_MAX_THREAD_COUNT;
static volatile int ThreadQueueSize = TC_ENC_THREAD_POOL_LEGACY_QUEUE_SIZE;
#ifdef DEVICE_DRIVER
#define TC_THREAD_HANDLE PKTHREAD
#define TC_THREAD_PROC VOID
#define TC_SET_EVENT(EVENT) KeSetEvent (&EVENT, IO_DISK_INCREMENT, FALSE)
#define TC_CLEAR_EVENT(EVENT) KeClearEvent (&EVENT)
#define TC_MUTEX FAST_MUTEX
#define TC_ACQUIRE_MUTEX(MUTEX) ExAcquireFastMutex (MUTEX)
#define TC_RELEASE_MUTEX(MUTEX) ExReleaseFastMutex (MUTEX)
#else // !DEVICE_DRIVER
#define TC_THREAD_HANDLE HANDLE
#define TC_THREAD_PROC unsigned __stdcall
#define TC_SET_EVENT(EVENT) SetEvent (EVENT)
#define TC_CLEAR_EVENT(EVENT) ResetEvent (EVENT)
#define TC_MUTEX HANDLE
#define TC_ACQUIRE_MUTEX(MUTEX) WaitForSingleObject (*(MUTEX), INFINITE)
#define TC_RELEASE_MUTEX(MUTEX) ReleaseMutex (*(MUTEX))
typedef BOOL (WINAPI *SetThreadGroupAffinityFn)(
HANDLE hThread,
const GROUP_AFFINITY *GroupAffinity,
PGROUP_AFFINITY PreviousGroupAffinity
);
typedef WORD (WINAPI* GetActiveProcessorGroupCountFn)();
typedef DWORD (WINAPI *GetActiveProcessorCountFn)(
WORD GroupNumber
);
#endif // !DEVICE_DRIVER
typedef enum
{
WorkItemFree,
WorkItemReady,
WorkItemBusy
} WorkItemState;
typedef struct EncryptionThreadPoolWorkItemStruct
{
WorkItemState State;
EncryptionThreadPoolWorkType Type;
TC_EVENT ItemCompletedEvent;
struct EncryptionThreadPoolWorkItemStruct *FirstFragment;
LONG OutstandingFragmentCount;
union
{
struct
{
PCRYPTO_INFO CryptoInfo;
byte *Data;
UINT64_STRUCT StartUnitNo;
uint32 UnitCount;
} Encryption;
struct
{
TC_EVENT *CompletionEvent;
LONG *CompletionFlag;
char *DerivedKey;
int IterationCount;
TC_EVENT *NoOutstandingWorkItemEvent;
LONG *OutstandingWorkItemCount;
char *Password;
int PasswordLength;
int Pkcs5Prf;
char *Salt;
} KeyDerivation;
struct
{
TC_EVENT *KeyDerivationCompletedEvent;
TC_EVENT *NoOutstandingWorkItemEvent;
LONG *outstandingWorkItemCount;
void* keyInfoBuffer;
int keyInfoBufferSize;
void* keyDerivationWorkItems;
int keyDerivationWorkItemsSize;
} ReadVolumeHeaderFinalization;
};
} EncryptionThreadPoolWorkItem;
static volatile BOOL ThreadPoolRunning = FALSE;
static volatile BOOL StopPending = FALSE;
static uint32 ThreadCount;
static TC_THREAD_HANDLE ThreadHandles[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
static WORD ThreadProcessorGroups[TC_ENC_THREAD_POOL_MAX_THREAD_COUNT];
static EncryptionThreadPoolWorkItem WorkItemQueue[TC_ENC_THREAD_POOL_QUEUE_SIZE];
static volatile int EnqueuePosition;
static volatile int DequeuePosition;
static TC_MUTEX EnqueueMutex;
static TC_MUTEX DequeueMutex;
static TC_EVENT WorkItemReadyEvent;
static TC_EVENT WorkItemCompletedEvent;
#if defined(_WIN64)
void EncryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)
{
if (IsRamEncryptionEnabled())
{
CRYPTO_INFO tmpCI;
memcpy (&tmpCI, ci, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (ci));
EncryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, &tmpCI);
burn (&tmpCI, sizeof(CRYPTO_INFO));
}
else
EncryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, ci);
}
void DecryptDataUnitsCurrentThreadEx (unsigned __int8 *buf, const UINT64_STRUCT *structUnitNo, TC_LARGEST_COMPILER_UINT nbrUnits, PCRYPTO_INFO ci)
{
if (IsRamEncryptionEnabled())
{
CRYPTO_INFO tmpCI;
memcpy (&tmpCI, ci, sizeof (CRYPTO_INFO));
VcUnprotectKeys (&tmpCI, VcGetEncryptionID (ci));
DecryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, &tmpCI);
burn (&tmpCI, sizeof(CRYPTO_INFO));
}
else
DecryptDataUnitsCurrentThread (buf, structUnitNo, nbrUnits, ci);
}
#else
#define EncryptDataUnitsCurrentThreadEx EncryptDataUnitsCurrentThread
#define DecryptDataUnitsCurrentThreadEx DecryptDataUnitsCurrentThread
#endif
static WorkItemState GetWorkItemState (EncryptionThreadPoolWorkItem *workItem)
{
return InterlockedExchangeAdd ((LONG *) &workItem->State, 0);
}
static void SetWorkItemState (EncryptionThreadPoolWorkItem *workItem, WorkItemState newState)
{
InterlockedExchange ((LONG *) &workItem->State, (LONG) newState);
}
static TC_THREAD_PROC EncryptionThreadProc (void *threadArg)
{
EncryptionThreadPoolWorkItem *workItem;
if (threadArg)
{
#ifdef DEVICE_DRIVER
SetThreadCpuGroupAffinity ((USHORT) *(WORD*)(threadArg));
#else
SetThreadGroupAffinityFn SetThreadGroupAffinityPtr = (SetThreadGroupAffinityFn) GetProcAddress (GetModuleHandle (L"kernel32.dll"), "SetThreadGroupAffinity");
if (SetThreadGroupAffinityPtr && threadArg)
{
GROUP_AFFINITY groupAffinity = {0};
groupAffinity.Mask = ~0ULL;
groupAffinity.Group = *(WORD*)(threadArg);
SetThreadGroupAffinityPtr(GetCurrentThread(), &groupAffinity, NULL);
}
#endif
}
while (!StopPending)
{
TC_ACQUIRE_MUTEX (&DequeueMutex);
workItem = &WorkItemQueue[DequeuePosition++];
if (DequeuePosition >= ThreadQueueSize)
DequeuePosition = 0;
while (!StopPending && GetWorkItemState (workItem) != WorkItemReady)
{
TC_WAIT_EVENT (WorkItemReadyEvent);
}
SetWorkItemState (workItem, WorkItemBusy);
TC_RELEASE_MUTEX (&DequeueMutex);
if (StopPending)
break;
switch (workItem->Type)
{
case DecryptDataUnitsWork:
DecryptDataUnitsCurrentThreadEx (workItem->Encryption.Data, &workItem->Encryption.StartUnitNo, workItem->Encryption.UnitCount, workItem->Encryption.CryptoInfo);
break;
case EncryptDataUnitsWork:
EncryptDataUnitsCurrentThreadEx (workItem->Encryption.Data, &workItem->Encryption.StartUnitNo, workItem->Encryption.UnitCount, workItem->Encryption.CryptoInfo);
break;
case DeriveKeyWork:
switch (workItem->KeyDerivation.Pkcs5Prf)
{
case BLAKE2S:
derive_key_blake2s (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
case SHA512:
derive_key_sha512 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
case WHIRLPOOL:
derive_key_whirlpool (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
case SHA256:
derive_key_sha256 (workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
case STREEBOG:
derive_key_streebog(workItem->KeyDerivation.Password, workItem->KeyDerivation.PasswordLength, workItem->KeyDerivation.Salt, PKCS5_SALT_SIZE,
workItem->KeyDerivation.IterationCount, workItem->KeyDerivation.DerivedKey, GetMaxPkcs5OutSize());
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
InterlockedExchange (workItem->KeyDerivation.CompletionFlag, TRUE);
TC_SET_EVENT (*workItem->KeyDerivation.CompletionEvent);
if (InterlockedDecrement (workItem->KeyDerivation.OutstandingWorkItemCount) == 0)
TC_SET_EVENT (*workItem->KeyDerivation.NoOutstandingWorkItemEvent);
SetWorkItemState (workItem, WorkItemFree);
TC_SET_EVENT (WorkItemCompletedEvent);
continue;
case ReadVolumeHeaderFinalizationWork:
TC_WAIT_EVENT (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent));
if (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems)
{
burn (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
#if !defined(DEVICE_DRIVER)
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems, workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize);
#endif
TCfree (workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems);
}
if (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer)
{
burn (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
#if !defined(DEVICE_DRIVER)
VirtualUnlock (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer, workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize);
#endif
TCfree (workItem->ReadVolumeHeaderFinalization.keyInfoBuffer);
}
#if !defined(DEVICE_DRIVER)
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent));
CloseHandle (*(workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent));
#endif
TCfree (workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent);
TCfree (workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent);
TCfree (workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount);
SetWorkItemState (workItem, WorkItemFree);
TC_SET_EVENT (WorkItemCompletedEvent);
continue;
default:
TC_THROW_FATAL_EXCEPTION;
}
if (workItem != workItem->FirstFragment)
{
SetWorkItemState (workItem, WorkItemFree);
TC_SET_EVENT (WorkItemCompletedEvent);
}
if (InterlockedDecrement (&workItem->FirstFragment->OutstandingFragmentCount) == 0)
TC_SET_EVENT (workItem->FirstFragment->ItemCompletedEvent);
}
#ifdef DEVICE_DRIVER
PsTerminateSystemThread (STATUS_SUCCESS);
#else
_endthreadex (0);
return 0;
#endif
}
#ifndef DEVICE_DRIVER
size_t GetCpuCount (WORD* pGroupCount)
{
size_t cpuCount = 0;
SYSTEM_INFO sysInfo;
GetActiveProcessorGroupCountFn GetActiveProcessorGroupCountPtr = (GetActiveProcessorGroupCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorGroupCount");
GetActiveProcessorCountFn GetActiveProcessorCountPtr = (GetActiveProcessorCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorCount");
if (GetActiveProcessorGroupCountPtr && GetActiveProcessorCountPtr)
{
WORD j, groupCount = GetActiveProcessorGroupCountPtr();
size_t totalProcessors = 0;
for (j = 0; j < groupCount; ++j)
{
totalProcessors += (size_t) GetActiveProcessorCountPtr(j);
}
cpuCount = totalProcessors;
if (pGroupCount)
*pGroupCount = groupCount;
}
else
{
GetSystemInfo(&sysInfo);
cpuCount = (size_t) sysInfo.dwNumberOfProcessors;
if (pGroupCount)
*pGroupCount = 1;
}
return cpuCount;
}
#endif
BOOL EncryptionThreadPoolStart (size_t encryptionFreeCpuCount)
{
size_t cpuCount = 0, i = 0;
WORD groupCount = 1;
cpuCount = GetCpuCount(&groupCount);
if (ThreadPoolRunning)
return TRUE;
if (groupCount > 1)
{
ThreadPoolCount = TC_ENC_THREAD_POOL_MAX_THREAD_COUNT;
ThreadQueueSize = TC_ENC_THREAD_POOL_QUEUE_SIZE;
}
if (cpuCount > encryptionFreeCpuCount)
cpuCount -= encryptionFreeCpuCount;
if (cpuCount < 2)
return TRUE;
if (cpuCount > ThreadPoolCount)
cpuCount = ThreadPoolCount;
StopPending = FALSE;
DequeuePosition = 0;
EnqueuePosition = 0;
#ifdef DEVICE_DRIVER
KeInitializeEvent (&WorkItemReadyEvent, SynchronizationEvent, FALSE);
KeInitializeEvent (&WorkItemCompletedEvent, SynchronizationEvent, FALSE);
#else
WorkItemReadyEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
if (!WorkItemReadyEvent)
return FALSE;
WorkItemCompletedEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
if (!WorkItemCompletedEvent)
return FALSE;
#endif
#ifdef DEVICE_DRIVER
ExInitializeFastMutex (&DequeueMutex);
ExInitializeFastMutex (&EnqueueMutex);
#else
DequeueMutex = CreateMutex (NULL, FALSE, NULL);
if (!DequeueMutex)
return FALSE;
EnqueueMutex = CreateMutex (NULL, FALSE, NULL);
if (!EnqueueMutex)
return FALSE;
#endif
memset (WorkItemQueue, 0, sizeof (WorkItemQueue));
for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i)
{
WorkItemQueue[i].State = WorkItemFree;
#ifdef DEVICE_DRIVER
KeInitializeEvent (&WorkItemQueue[i].ItemCompletedEvent, SynchronizationEvent, FALSE);
#else
WorkItemQueue[i].ItemCompletedEvent = CreateEvent (NULL, FALSE, FALSE, NULL);
if (!WorkItemQueue[i].ItemCompletedEvent)
{
EncryptionThreadPoolStop();
return FALSE;
}
#endif
}
for (ThreadCount = 0; ThreadCount < cpuCount; ++ThreadCount)
{
WORD* pThreadArg = NULL;
if (groupCount > 1)
{
#ifdef DEVICE_DRIVER
ThreadProcessorGroups[ThreadCount] = GetCpuGroup ((size_t) ThreadCount);
#else
GetActiveProcessorCountFn GetActiveProcessorCountPtr = (GetActiveProcessorCountFn) GetProcAddress (GetModuleHandle (L"Kernel32.dll"), "GetActiveProcessorCount");
// Determine which processor group to bind the thread to.
if (GetActiveProcessorCountPtr)
{
WORD j;
uint32 totalProcessors = 0U;
for (j = 0U; j < groupCount; j++)
{
totalProcessors += (uint32) GetActiveProcessorCountPtr(j);
if (totalProcessors >= ThreadCount)
{
ThreadProcessorGroups[ThreadCount] = j;
break;
}
}
}
else
ThreadProcessorGroups[ThreadCount] = 0;
#endif
pThreadArg = &ThreadProcessorGroups[ThreadCount];
}
#ifdef DEVICE_DRIVER
if (!NT_SUCCESS(TCStartThread(EncryptionThreadProc, (void*) pThreadArg, &ThreadHandles[ThreadCount])))
#else
if (!(ThreadHandles[ThreadCount] = (HANDLE)_beginthreadex(NULL, 0, EncryptionThreadProc, (void*) pThreadArg, 0, NULL)))
#endif
{
EncryptionThreadPoolStop();
return FALSE;
}
}
ThreadPoolRunning = TRUE;
return TRUE;
}
void EncryptionThreadPoolStop ()
{
size_t i;
if (!ThreadPoolRunning)
return;
StopPending = TRUE;
TC_SET_EVENT (WorkItemReadyEvent);
for (i = 0; i < ThreadCount; ++i)
{
#ifdef DEVICE_DRIVER
TCStopThread (ThreadHandles[i], &WorkItemReadyEvent);
#else
TC_WAIT_EVENT (ThreadHandles[i]);
#endif
}
ThreadCount = 0;
#ifndef DEVICE_DRIVER
CloseHandle (DequeueMutex);
CloseHandle (EnqueueMutex);
CloseHandle (WorkItemReadyEvent);
CloseHandle (WorkItemCompletedEvent);
for (i = 0; i < sizeof (WorkItemQueue) / sizeof (WorkItemQueue[0]); ++i)
{
if (WorkItemQueue[i].ItemCompletedEvent)
CloseHandle (WorkItemQueue[i].ItemCompletedEvent);
}
#endif
ThreadPoolRunning = FALSE;
}
void EncryptionThreadPoolBeginKeyDerivation (TC_EVENT *completionEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG *completionFlag, LONG *outstandingWorkItemCount, int pkcs5Prf, char *password, int passwordLength, char *salt, int iterationCount, char *derivedKey)
{
EncryptionThreadPoolWorkItem *workItem;
if (!ThreadPoolRunning)
TC_THROW_FATAL_EXCEPTION;
TC_ACQUIRE_MUTEX (&EnqueueMutex);
workItem = &WorkItemQueue[EnqueuePosition++];
if (EnqueuePosition >= ThreadQueueSize)
EnqueuePosition = 0;
while (GetWorkItemState (workItem) != WorkItemFree)
{
TC_WAIT_EVENT (WorkItemCompletedEvent);
}
workItem->Type = DeriveKeyWork;
workItem->KeyDerivation.CompletionEvent = completionEvent;
workItem->KeyDerivation.CompletionFlag = completionFlag;
workItem->KeyDerivation.DerivedKey = derivedKey;
workItem->KeyDerivation.IterationCount = iterationCount;
workItem->KeyDerivation.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
workItem->KeyDerivation.OutstandingWorkItemCount = outstandingWorkItemCount;
workItem->KeyDerivation.Password = password;
workItem->KeyDerivation.PasswordLength = passwordLength;
workItem->KeyDerivation.Pkcs5Prf = pkcs5Prf;
workItem->KeyDerivation.Salt = salt;
InterlockedIncrement (outstandingWorkItemCount);
TC_CLEAR_EVENT (*noOutstandingWorkItemEvent);
SetWorkItemState (workItem, WorkItemReady);
TC_SET_EVENT (WorkItemReadyEvent);
TC_RELEASE_MUTEX (&EnqueueMutex);
}
void EncryptionThreadPoolBeginReadVolumeHeaderFinalization (TC_EVENT *keyDerivationCompletedEvent, TC_EVENT *noOutstandingWorkItemEvent, LONG* outstandingWorkItemCount,
void* keyInfoBuffer, int keyInfoBufferSize,
void* keyDerivationWorkItems, int keyDerivationWorkItemsSize)
{
EncryptionThreadPoolWorkItem *workItem;
if (!ThreadPoolRunning)
TC_THROW_FATAL_EXCEPTION;
TC_ACQUIRE_MUTEX (&EnqueueMutex);
workItem = &WorkItemQueue[EnqueuePosition++];
if (EnqueuePosition >= ThreadQueueSize)
EnqueuePosition = 0;
while (GetWorkItemState (workItem) != WorkItemFree)
{
TC_WAIT_EVENT (WorkItemCompletedEvent);
}
workItem->Type = ReadVolumeHeaderFinalizationWork;
workItem->ReadVolumeHeaderFinalization.NoOutstandingWorkItemEvent = noOutstandingWorkItemEvent;
workItem->ReadVolumeHeaderFinalization.KeyDerivationCompletedEvent = keyDerivationCompletedEvent;
workItem->ReadVolumeHeaderFinalization.keyInfoBuffer = keyInfoBuffer;
workItem->ReadVolumeHeaderFinalization.keyInfoBufferSize = keyInfoBufferSize;
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItems = keyDerivationWorkItems;
workItem->ReadVolumeHeaderFinalization.keyDerivationWorkItemsSize = keyDerivationWorkItemsSize;
workItem->ReadVolumeHeaderFinalization.outstandingWorkItemCount = outstandingWorkItemCount;
SetWorkItemState (workItem, WorkItemReady);
TC_SET_EVENT (WorkItemReadyEvent);
TC_RELEASE_MUTEX (&EnqueueMutex);
}
void EncryptionThreadPoolDoWork (EncryptionThreadPoolWorkType type, byte *data, const UINT64_STRUCT *startUnitNo, uint32 unitCount, PCRYPTO_INFO cryptoInfo)
{
uint32 fragmentCount;
uint32 unitsPerFragment;
uint32 remainder;
byte *fragmentData;
uint64 fragmentStartUnitNo;
EncryptionThreadPoolWorkItem *workItem;
EncryptionThreadPoolWorkItem *firstFragmentWorkItem;
if (unitCount == 0)
return;
if (!ThreadPoolRunning || unitCount == 1)
{
switch (type)
{
case DecryptDataUnitsWork:
DecryptDataUnitsCurrentThreadEx (data, startUnitNo, unitCount, cryptoInfo);
break;
case EncryptDataUnitsWork:
EncryptDataUnitsCurrentThreadEx (data, startUnitNo, unitCount, cryptoInfo);
break;
default:
TC_THROW_FATAL_EXCEPTION;
}
return;
}
if (unitCount <= ThreadCount)
{
fragmentCount = unitCount;
unitsPerFragment = 1;
remainder = 0;
}
else
{
/* Note that it is not efficient to divide the data into fragments smaller than a few hundred bytes.
The reason is that the overhead associated with thread handling would in most cases make a multi-threaded
process actually slower than a single-threaded process. */
fragmentCount = ThreadCount;
unitsPerFragment = unitCount / ThreadCount;
remainder = unitCount % ThreadCount;
if (remainder > 0)
++unitsPerFragment;
}
fragmentData = data;
fragmentStartUnitNo = startUnitNo->Value;
TC_ACQUIRE_MUTEX (&EnqueueMutex);
firstFragmentWorkItem = &WorkItemQueue[EnqueuePosition];
while (GetWorkItemState (firstFragmentWorkItem) != WorkItemFree)
{
TC_WAIT_EVENT (WorkItemCompletedEvent);
}
firstFragmentWorkItem->OutstandingFragmentCount = fragmentCount;
while (fragmentCount-- > 0)
{
workItem = &WorkItemQueue[EnqueuePosition++];
if (EnqueuePosition >= ThreadQueueSize)
EnqueuePosition = 0;
while (GetWorkItemState (workItem) != WorkItemFree)
{
TC_WAIT_EVENT (WorkItemCompletedEvent);
}
workItem->Type = type;
workItem->FirstFragment = firstFragmentWorkItem;
workItem->Encryption.CryptoInfo = cryptoInfo;
workItem->Encryption.Data = fragmentData;
workItem->Encryption.UnitCount = unitsPerFragment;
workItem->Encryption.StartUnitNo.Value = fragmentStartUnitNo;
fragmentData += ((uint64)unitsPerFragment) * ENCRYPTION_DATA_UNIT_SIZE;
fragmentStartUnitNo += unitsPerFragment;
if (remainder > 0 && --remainder == 0)
--unitsPerFragment;
SetWorkItemState (workItem, WorkItemReady);
TC_SET_EVENT (WorkItemReadyEvent);
}
TC_RELEASE_MUTEX (&EnqueueMutex);
TC_WAIT_EVENT (firstFragmentWorkItem->ItemCompletedEvent);
SetWorkItemState (firstFragmentWorkItem, WorkItemFree);
TC_SET_EVENT (WorkItemCompletedEvent);
}
size_t GetEncryptionThreadCount ()
{
return ThreadPoolRunning ? ThreadCount : 0;
}
size_t GetMaxEncryptionThreadCount ()
{
return ThreadPoolCount;
}
BOOL IsEncryptionThreadPoolRunning ()
{
return ThreadPoolRunning;
}
'n527' href='#n527'>527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#include "Platform/Finally.h"
#include "Platform/ForEach.h"
#if !defined (TC_WINDOWS) || defined (TC_PROTOTYPE)
# include "Platform/SerializerFactory.h"
# include "Platform/StringConverter.h"
# include "Platform/SystemException.h"
#else
# include "Dictionary.h"
# include "Language.h"
#endif
#ifdef TC_UNIX
# include <dlfcn.h>
#endif
#include "SecurityToken.h"
#ifndef burn
# define burn Memory::Erase
#endif
using namespace std;
namespace VeraCrypt
{
SecurityTokenKeyfile::SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path)
{
wstring pathStr = path;
unsigned long slotId;
if (swscanf (pathStr.c_str(), TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"/%lu", &slotId) != 1)
throw InvalidSecurityTokenKeyfilePath();
SlotId = slotId;
size_t keyIdPos = pathStr.find (L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/");
if (keyIdPos == wstring::npos)
throw InvalidSecurityTokenKeyfilePath();
Id = pathStr.substr (keyIdPos + wstring (L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/").size());
vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles (&SlotId, Id);
if (keyfiles.empty())
throw SecurityTokenKeyfileNotFound();
*this = keyfiles.front();
}
SecurityTokenKeyfile::operator SecurityTokenKeyfilePath () const
{
wstringstream path;
path << TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"/" << SlotId << L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/" << Id;
return path.str();
}
void SecurityToken::CheckLibraryStatus ()
{
if (!Initialized)
throw SecurityTokenLibraryNotInitialized();
}
void SecurityToken::CloseLibrary ()
{
if (Initialized)
{
CloseAllSessions();
Pkcs11Functions->C_Finalize (NULL_PTR);
#ifdef TC_WINDOWS
FreeLibrary (Pkcs11LibraryHandle);
#else
dlclose (Pkcs11LibraryHandle);
#endif
Initialized = false;
}
}
void SecurityToken::CloseAllSessions () throw ()
{
if (!Initialized)
return;
typedef pair <CK_SLOT_ID, Pkcs11Session> SessionMapPair;
foreach (SessionMapPair p, Sessions)
{
try
{
CloseSession (p.first);
}
catch (...) { }
}
}
void SecurityToken::CloseSession (CK_SLOT_ID slotId)
{
if (Sessions.find (slotId) == Sessions.end())
throw ParameterIncorrect (SRC_POS);
Pkcs11Functions->C_CloseSession (Sessions[slotId].Handle);
Sessions.erase (Sessions.find (slotId));
}
void SecurityToken::CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name)
{
if (name.empty())
throw ParameterIncorrect (SRC_POS);
LoginUserIfRequired (slotId);
foreach (const SecurityTokenKeyfile &keyfile, GetAvailableKeyfiles (&slotId))
{
if (keyfile.IdUtf8 == name)
throw SecurityTokenKeyfileAlreadyExists();
}
CK_OBJECT_CLASS dataClass = CKO_DATA;
CK_BBOOL trueVal = CK_TRUE;
CK_ATTRIBUTE keyfileTemplate[] =
{
{ CKA_CLASS, &dataClass, sizeof (dataClass) },
{ CKA_TOKEN, &trueVal, sizeof (trueVal) },
{ CKA_PRIVATE, &trueVal, sizeof (trueVal) },
{ CKA_LABEL, (CK_UTF8CHAR *) name.c_str(), (CK_ULONG) name.size() },
{ CKA_VALUE, &keyfileData.front(), (CK_ULONG) keyfileData.size() }
};
CK_OBJECT_HANDLE keyfileHandle;
CK_RV status = Pkcs11Functions->C_CreateObject (Sessions[slotId].Handle, keyfileTemplate, array_capacity (keyfileTemplate), &keyfileHandle);
switch (status)
{
case CKR_DATA_LEN_RANGE:
status = CKR_DEVICE_MEMORY;
break;
case CKR_SESSION_READ_ONLY:
status = CKR_TOKEN_WRITE_PROTECTED;
break;
}
if (status != CKR_OK)
throw Pkcs11Exception (status);
// Some tokens report success even if the new object was truncated to fit in the available memory
vector <byte> objectData;
GetObjectAttribute (slotId, keyfileHandle, CKA_VALUE, objectData);
finally_do_arg (vector <byte> *, &objectData, { if (!finally_arg->empty()) burn (&finally_arg->front(), finally_arg->size()); });
if (objectData.size() != keyfileData.size())
{
Pkcs11Functions->C_DestroyObject (Sessions[slotId].Handle, keyfileHandle);
throw Pkcs11Exception (CKR_DEVICE_MEMORY);
}
}
void SecurityToken::DeleteKeyfile (const SecurityTokenKeyfile &keyfile)
{
LoginUserIfRequired (keyfile.SlotId);
CK_RV status = Pkcs11Functions->C_DestroyObject (Sessions[keyfile.SlotId].Handle, keyfile.Handle);
if (status != CKR_OK)
throw Pkcs11Exception (status);
}
vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter, const wstring keyfileIdFilter)
{
bool unrecognizedTokenPresent = false;
vector <SecurityTokenKeyfile> keyfiles;
foreach (const CK_SLOT_ID &slotId, GetTokenSlots())
{
SecurityTokenInfo token;
if (slotIdFilter && *slotIdFilter != slotId)
continue;
try
{
LoginUserIfRequired (slotId);
token = GetTokenInfo (slotId);
}
catch (UserAbort &)
{
continue;
}
catch (Pkcs11Exception &e)
{
if (e.GetErrorCode() == CKR_TOKEN_NOT_RECOGNIZED)
{
unrecognizedTokenPresent = true;
continue;
}
throw;
}
foreach (const CK_OBJECT_HANDLE &dataHandle, GetObjects (slotId, CKO_DATA))
{
SecurityTokenKeyfile keyfile;
keyfile.Handle = dataHandle;
keyfile.SlotId = slotId;
keyfile.Token = token;
vector <byte> privateAttrib;
GetObjectAttribute (slotId, dataHandle, CKA_PRIVATE, privateAttrib);
if (privateAttrib.size() == sizeof (CK_BBOOL) && *(CK_BBOOL *) &privateAttrib.front() != CK_TRUE)
continue;
vector <byte> label;
GetObjectAttribute (slotId, dataHandle, CKA_LABEL, label);
label.push_back (0);
keyfile.IdUtf8 = (char *) &label.front();
#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)
keyfile.Id = Utf8StringToWide ((const char *) &label.front());
#else
keyfile.Id = StringConverter::ToWide ((const char *) &label.front());
#endif
if (keyfile.Id.empty() || (!keyfileIdFilter.empty() && keyfileIdFilter != keyfile.Id))
continue;
keyfiles.push_back (keyfile);
if (!keyfileIdFilter.empty())
break;
}
}
if (keyfiles.empty() && unrecognizedTokenPresent)
throw Pkcs11Exception (CKR_TOKEN_NOT_RECOGNIZED);
return keyfiles;
}
list <SecurityTokenInfo> SecurityToken::GetAvailableTokens ()
{
bool unrecognizedTokenPresent = false;
list <SecurityTokenInfo> tokens;
foreach (const CK_SLOT_ID &slotId, GetTokenSlots())
{
try
{
tokens.push_back (GetTokenInfo (slotId));
}
catch (Pkcs11Exception &e)
{
if (e.GetErrorCode() == CKR_TOKEN_NOT_RECOGNIZED)
{
unrecognizedTokenPresent = true;
continue;
}
throw;
}
}
if (tokens.empty() && unrecognizedTokenPresent)
throw Pkcs11Exception (CKR_TOKEN_NOT_RECOGNIZED);
return tokens;
}
SecurityTokenInfo SecurityToken::GetTokenInfo (CK_SLOT_ID slotId)
{
CK_TOKEN_INFO info;
CK_RV status = Pkcs11Functions->C_GetTokenInfo (slotId, &info);
if (status != CKR_OK)
throw Pkcs11Exception (status);
SecurityTokenInfo token;
token.SlotId = slotId;
token.Flags = info.flags;
char label[sizeof (info.label) + 1];
memset (label, 0, sizeof (label));
memcpy (label, info.label, sizeof (info.label));
token.LabelUtf8 = label;
size_t lastSpace = token.LabelUtf8.find_last_not_of (' ');
if (lastSpace == string::npos)
token.LabelUtf8.clear();
else
token.LabelUtf8 = token.LabelUtf8.substr (0, lastSpace + 1);
#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)
token.Label = Utf8StringToWide (token.LabelUtf8);
#else
token.Label = StringConverter::ToWide (token.LabelUtf8);
#endif
return token;
}
void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData)
{
LoginUserIfRequired (keyfile.SlotId);
GetObjectAttribute (keyfile.SlotId, keyfile.Handle, CKA_VALUE, keyfileData);
}
vector <CK_OBJECT_HANDLE> SecurityToken::GetObjects (CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass)
{
if (Sessions.find (slotId) == Sessions.end())
throw ParameterIncorrect (SRC_POS);
CK_ATTRIBUTE findTemplate;
findTemplate.type = CKA_CLASS;
findTemplate.pValue = &objectClass;
findTemplate.ulValueLen = sizeof (objectClass);
CK_RV status = Pkcs11Functions->C_FindObjectsInit (Sessions[slotId].Handle, &findTemplate, 1);
if (status != CKR_OK)
throw Pkcs11Exception (status);
finally_do_arg (CK_SLOT_ID, slotId, { Pkcs11Functions->C_FindObjectsFinal (Sessions[finally_arg].Handle); });
CK_ULONG objectCount;
vector <CK_OBJECT_HANDLE> objects;
while (true)
{
CK_OBJECT_HANDLE object;
CK_RV status = Pkcs11Functions->C_FindObjects (Sessions[slotId].Handle, &object, 1, &objectCount);
if (status != CKR_OK)
throw Pkcs11Exception (status);
if (objectCount != 1)
break;
objects.push_back (object);
}
return objects;
}
void SecurityToken::GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue)
{
attributeValue.clear();
if (Sessions.find (slotId) == Sessions.end())
throw ParameterIncorrect (SRC_POS);
CK_ATTRIBUTE attribute;
attribute.type = attributeType;
attribute.pValue = NULL_PTR;
CK_RV status = Pkcs11Functions->C_GetAttributeValue (Sessions[slotId].Handle, tokenObject, &attribute, 1);
if (status != CKR_OK)
throw Pkcs11Exception (status);
if (attribute.ulValueLen == 0)
return;
attributeValue = vector <byte> (attribute.ulValueLen);
attribute.pValue = &attributeValue.front();
status = Pkcs11Functions->C_GetAttributeValue (Sessions[slotId].Handle, tokenObject, &attribute, 1);
if (status != CKR_OK)
throw Pkcs11Exception (status);
}
list <CK_SLOT_ID> SecurityToken::GetTokenSlots ()
{
CheckLibraryStatus();
list <CK_SLOT_ID> slots;
CK_ULONG slotCount;
CK_RV status = Pkcs11Functions->C_GetSlotList (TRUE, NULL_PTR, &slotCount);
if (status != CKR_OK)
throw Pkcs11Exception (status);
if (slotCount > 0)
{
vector <CK_SLOT_ID> slotArray (slotCount);
status = Pkcs11Functions->C_GetSlotList (TRUE, &slotArray.front(), &slotCount);
if (status != CKR_OK)
throw Pkcs11Exception (status);
for (size_t i = 0; i < slotCount; i++)
{
CK_SLOT_INFO slotInfo;
status = Pkcs11Functions->C_GetSlotInfo (slotArray[i], &slotInfo);
if (status != CKR_OK || !(slotInfo.flags & CKF_TOKEN_PRESENT))
continue;
slots.push_back (slotArray[i]);
}
}
return slots;
}
bool SecurityToken::IsKeyfilePathValid (const wstring &securityTokenKeyfilePath)
{
return securityTokenKeyfilePath.find (TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX) == 0;
}
void SecurityToken::Login (CK_SLOT_ID slotId, const char* pin)
{
if (Sessions.find (slotId) == Sessions.end())
OpenSession (slotId);
else if (Sessions[slotId].UserLoggedIn)
return;
size_t pinLen = pin? strlen (pin) : 0;
CK_RV status = Pkcs11Functions->C_Login (Sessions[slotId].Handle, CKU_USER, (CK_CHAR_PTR) pin, (CK_ULONG) pinLen);
if (status != CKR_OK)
throw Pkcs11Exception (status);
Sessions[slotId].UserLoggedIn = true;
}
void SecurityToken::LoginUserIfRequired (CK_SLOT_ID slotId)
{
CheckLibraryStatus();
CK_RV status;
if (Sessions.find (slotId) == Sessions.end())
{
OpenSession (slotId);
}
else
{
CK_SESSION_INFO sessionInfo;
status = Pkcs11Functions->C_GetSessionInfo (Sessions[slotId].Handle, &sessionInfo);
if (status == CKR_OK)
{
Sessions[slotId].UserLoggedIn = (sessionInfo.state == CKS_RO_USER_FUNCTIONS || sessionInfo.state == CKS_RW_USER_FUNCTIONS);
}
else
{
try
{
CloseSession (slotId);
}
catch (...) { }
OpenSession (slotId);
}
}
SecurityTokenInfo tokenInfo = GetTokenInfo (slotId);
while (!Sessions[slotId].UserLoggedIn && (tokenInfo.Flags & CKF_LOGIN_REQUIRED))
{
try
{
if (tokenInfo.Flags & CKF_PROTECTED_AUTHENTICATION_PATH)
{
status = Pkcs11Functions->C_Login (Sessions[slotId].Handle, CKU_USER, NULL_PTR, 0);
if (status != CKR_OK)
throw Pkcs11Exception (status);
}
else
{
string pin = tokenInfo.LabelUtf8;
if (tokenInfo.Label.empty())
{
stringstream s;
s << "#" << slotId;
pin = s.str();
}
finally_do_arg (string*, &pin, { burn ((void *) finally_arg->c_str(), finally_arg->size()); });
(*PinCallback) (pin);
Login (slotId, pin.c_str());
}
Sessions[slotId].UserLoggedIn = true;
}
catch (Pkcs11Exception &e)
{
CK_RV error = e.GetErrorCode();
if (error == CKR_USER_ALREADY_LOGGED_IN)
{
break;
}
else if (error == CKR_PIN_INCORRECT && !(tokenInfo.Flags & CKF_PROTECTED_AUTHENTICATION_PATH))
{
PinCallback->notifyIncorrectPin ();
(*WarningCallback) (Pkcs11Exception (CKR_PIN_INCORRECT));
continue;
}
throw;
}
}
}
#ifdef TC_WINDOWS
void SecurityToken::InitLibrary (const wstring &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback)
#else
void SecurityToken::InitLibrary (const string &pkcs11LibraryPath, auto_ptr <GetPinFunctor> pinCallback, auto_ptr <SendExceptionFunctor> warningCallback)
#endif
{
if (Initialized)
CloseLibrary();
#ifdef TC_WINDOWS
Pkcs11LibraryHandle = LoadLibraryW (pkcs11LibraryPath.c_str());
throw_sys_if (!Pkcs11LibraryHandle);
#else
Pkcs11LibraryHandle = dlopen (pkcs11LibraryPath.c_str(), RTLD_NOW | RTLD_LOCAL);
throw_sys_sub_if (!Pkcs11LibraryHandle, dlerror());
#endif
typedef CK_RV (*C_GetFunctionList_t) (CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
#ifdef TC_WINDOWS
C_GetFunctionList_t C_GetFunctionList = (C_GetFunctionList_t) GetProcAddress (Pkcs11LibraryHandle, "C_GetFunctionList");
#else
C_GetFunctionList_t C_GetFunctionList = (C_GetFunctionList_t) dlsym (Pkcs11LibraryHandle, "C_GetFunctionList");
#endif
if (!C_GetFunctionList)
throw SecurityTokenLibraryNotInitialized();
CK_RV status = C_GetFunctionList (&Pkcs11Functions);
if (status != CKR_OK)
throw Pkcs11Exception (status);
status = Pkcs11Functions->C_Initialize (NULL_PTR);
if (status != CKR_OK)
throw Pkcs11Exception (status);
PinCallback = pinCallback;
WarningCallback = warningCallback;
Initialized = true;
}
void SecurityToken::OpenSession (CK_SLOT_ID slotId)
{
if (Sessions.find (slotId) != Sessions.end())
return;
CK_SESSION_HANDLE session;
CK_FLAGS flags = CKF_SERIAL_SESSION;
if (!(GetTokenInfo (slotId).Flags & CKF_WRITE_PROTECTED))
flags |= CKF_RW_SESSION;
CK_RV status = Pkcs11Functions->C_OpenSession (slotId, flags, NULL_PTR, NULL_PTR, &session);
if (status != CKR_OK)
throw Pkcs11Exception (status);
Sessions[slotId].Handle = session;
}
Pkcs11Exception::operator string () const
{
if (ErrorCode == CKR_OK)
return string();
static const struct
{
CK_RV ErrorCode;
const char *ErrorString;
} ErrorStrings[] =
{
# define TC_TOKEN_ERR(CODE) { CODE, #CODE },
TC_TOKEN_ERR (CKR_CANCEL)
TC_TOKEN_ERR (CKR_HOST_MEMORY)
TC_TOKEN_ERR (CKR_SLOT_ID_INVALID)
TC_TOKEN_ERR (CKR_GENERAL_ERROR)
TC_TOKEN_ERR (CKR_FUNCTION_FAILED)
TC_TOKEN_ERR (CKR_ARGUMENTS_BAD)
TC_TOKEN_ERR (CKR_NO_EVENT)
TC_TOKEN_ERR (CKR_NEED_TO_CREATE_THREADS)
TC_TOKEN_ERR (CKR_CANT_LOCK)
TC_TOKEN_ERR (CKR_ATTRIBUTE_READ_ONLY)
TC_TOKEN_ERR (CKR_ATTRIBUTE_SENSITIVE)
TC_TOKEN_ERR (CKR_ATTRIBUTE_TYPE_INVALID)
TC_TOKEN_ERR (CKR_ATTRIBUTE_VALUE_INVALID)
TC_TOKEN_ERR (CKR_DATA_INVALID)
TC_TOKEN_ERR (CKR_DATA_LEN_RANGE)
TC_TOKEN_ERR (CKR_DEVICE_ERROR)
TC_TOKEN_ERR (CKR_DEVICE_MEMORY)
TC_TOKEN_ERR (CKR_DEVICE_REMOVED)
TC_TOKEN_ERR (CKR_ENCRYPTED_DATA_INVALID)
TC_TOKEN_ERR (CKR_ENCRYPTED_DATA_LEN_RANGE)
TC_TOKEN_ERR (CKR_FUNCTION_CANCELED)
TC_TOKEN_ERR (CKR_FUNCTION_NOT_PARALLEL)
TC_TOKEN_ERR (CKR_FUNCTION_NOT_SUPPORTED)
TC_TOKEN_ERR (CKR_KEY_HANDLE_INVALID)
TC_TOKEN_ERR (CKR_KEY_SIZE_RANGE)
TC_TOKEN_ERR (CKR_KEY_TYPE_INCONSISTENT)
TC_TOKEN_ERR (CKR_KEY_NOT_NEEDED)
TC_TOKEN_ERR (CKR_KEY_CHANGED)
TC_TOKEN_ERR (CKR_KEY_NEEDED)
TC_TOKEN_ERR (CKR_KEY_INDIGESTIBLE)
TC_TOKEN_ERR (CKR_KEY_FUNCTION_NOT_PERMITTED)
TC_TOKEN_ERR (CKR_KEY_NOT_WRAPPABLE)
TC_TOKEN_ERR (CKR_KEY_UNEXTRACTABLE)
TC_TOKEN_ERR (CKR_MECHANISM_INVALID)
TC_TOKEN_ERR (CKR_MECHANISM_PARAM_INVALID)
TC_TOKEN_ERR (CKR_OBJECT_HANDLE_INVALID)
TC_TOKEN_ERR (CKR_OPERATION_ACTIVE)
TC_TOKEN_ERR (CKR_OPERATION_NOT_INITIALIZED)
TC_TOKEN_ERR (CKR_PIN_INCORRECT)
TC_TOKEN_ERR (CKR_PIN_INVALID)
TC_TOKEN_ERR (CKR_PIN_LEN_RANGE)
TC_TOKEN_ERR (CKR_PIN_EXPIRED)
TC_TOKEN_ERR (CKR_PIN_LOCKED)
TC_TOKEN_ERR (CKR_SESSION_CLOSED)
TC_TOKEN_ERR (CKR_SESSION_COUNT)
TC_TOKEN_ERR (CKR_SESSION_HANDLE_INVALID)
TC_TOKEN_ERR (CKR_SESSION_PARALLEL_NOT_SUPPORTED)
TC_TOKEN_ERR (CKR_SESSION_READ_ONLY)
TC_TOKEN_ERR (CKR_SESSION_EXISTS)
TC_TOKEN_ERR (CKR_SESSION_READ_ONLY_EXISTS)
TC_TOKEN_ERR (CKR_SESSION_READ_WRITE_SO_EXISTS)
TC_TOKEN_ERR (CKR_SIGNATURE_INVALID)
TC_TOKEN_ERR (CKR_SIGNATURE_LEN_RANGE)
TC_TOKEN_ERR (CKR_TEMPLATE_INCOMPLETE)
TC_TOKEN_ERR (CKR_TEMPLATE_INCONSISTENT)
TC_TOKEN_ERR (CKR_TOKEN_NOT_PRESENT)
TC_TOKEN_ERR (CKR_TOKEN_NOT_RECOGNIZED)
TC_TOKEN_ERR (CKR_TOKEN_WRITE_PROTECTED)
TC_TOKEN_ERR (CKR_UNWRAPPING_KEY_HANDLE_INVALID)
TC_TOKEN_ERR (CKR_UNWRAPPING_KEY_SIZE_RANGE)
TC_TOKEN_ERR (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT)
TC_TOKEN_ERR (CKR_USER_ALREADY_LOGGED_IN)
TC_TOKEN_ERR (CKR_USER_NOT_LOGGED_IN)
TC_TOKEN_ERR (CKR_USER_PIN_NOT_INITIALIZED)
TC_TOKEN_ERR (CKR_USER_TYPE_INVALID)
TC_TOKEN_ERR (CKR_USER_ANOTHER_ALREADY_LOGGED_IN)
TC_TOKEN_ERR (CKR_USER_TOO_MANY_TYPES)
TC_TOKEN_ERR (CKR_WRAPPED_KEY_INVALID)
TC_TOKEN_ERR (CKR_WRAPPED_KEY_LEN_RANGE)
TC_TOKEN_ERR (CKR_WRAPPING_KEY_HANDLE_INVALID)
TC_TOKEN_ERR (CKR_WRAPPING_KEY_SIZE_RANGE)
TC_TOKEN_ERR (CKR_WRAPPING_KEY_TYPE_INCONSISTENT)
TC_TOKEN_ERR (CKR_RANDOM_SEED_NOT_SUPPORTED)
TC_TOKEN_ERR (CKR_RANDOM_NO_RNG)
TC_TOKEN_ERR (CKR_DOMAIN_PARAMS_INVALID)
TC_TOKEN_ERR (CKR_BUFFER_TOO_SMALL)
TC_TOKEN_ERR (CKR_SAVED_STATE_INVALID)
TC_TOKEN_ERR (CKR_INFORMATION_SENSITIVE)
TC_TOKEN_ERR (CKR_STATE_UNSAVEABLE)
TC_TOKEN_ERR (CKR_CRYPTOKI_NOT_INITIALIZED)
TC_TOKEN_ERR (CKR_CRYPTOKI_ALREADY_INITIALIZED)
TC_TOKEN_ERR (CKR_MUTEX_BAD)
TC_TOKEN_ERR (CKR_MUTEX_NOT_LOCKED)
TC_TOKEN_ERR (CKR_NEW_PIN_MODE)
TC_TOKEN_ERR (CKR_NEXT_OTP)
TC_TOKEN_ERR (CKR_FUNCTION_REJECTED)
#undef TC_TOKEN_ERR
};
for (size_t i = 0; i < array_capacity (ErrorStrings); ++i)
{
if (ErrorStrings[i].ErrorCode == ErrorCode)
return ErrorStrings[i].ErrorString;
}
stringstream s;
s << "0x" << hex << ErrorCode;
return s.str();
}
#ifdef TC_HEADER_Common_Exception
void Pkcs11Exception::Show (HWND parent) const
{
string errorString = string (*this);
if (!errorString.empty())
{
wstringstream subjectErrorCode;
if (SubjectErrorCodeValid)
subjectErrorCode << L": " << SubjectErrorCode;
if (!GetDictionaryValue (errorString.c_str()))
{
if (errorString.find ("CKR_") == 0)
{
errorString = errorString.substr (4);
for (size_t i = 0; i < errorString.size(); ++i)
{
if (errorString[i] == '_')
errorString[i] = ' ';
}
}
wchar_t err[8192];
StringCbPrintfW (err, sizeof(err),L"%s:\n\n%hs%s", GetString ("SECURITY_TOKEN_ERROR"), errorString.c_str(), subjectErrorCode.str().c_str());
ErrorDirect (err, parent);
}
else
{
wstring err = GetString (errorString.c_str());
if (SubjectErrorCodeValid)
err += L"\n\nError code" + subjectErrorCode.str();
ErrorDirect (err.c_str(), parent);
}
}
}
#endif // TC_HEADER_Common_Exception
auto_ptr <GetPinFunctor> SecurityToken::PinCallback;
auto_ptr <SendExceptionFunctor> SecurityToken::WarningCallback;
bool SecurityToken::Initialized;
CK_FUNCTION_LIST_PTR SecurityToken::Pkcs11Functions;
map <CK_SLOT_ID, Pkcs11Session> SecurityToken::Sessions;
#ifdef TC_WINDOWS
HMODULE SecurityToken::Pkcs11LibraryHandle;
#else
void *SecurityToken::Pkcs11LibraryHandle;
#endif
#ifdef TC_HEADER_Platform_Exception
void Pkcs11Exception::Deserialize (shared_ptr <Stream> stream)
{
Exception::Deserialize (stream);
Serializer sr (stream);
uint64 code;
sr.Deserialize ("ErrorCode", code);
sr.Deserialize ("SubjectErrorCodeValid", SubjectErrorCodeValid);
sr.Deserialize ("SubjectErrorCode", SubjectErrorCode);
ErrorCode = (CK_RV) code;
}
void Pkcs11Exception::Serialize (shared_ptr <Stream> stream) const
{
Exception::Serialize (stream);
Serializer sr (stream);
sr.Serialize ("ErrorCode", (uint64) ErrorCode);
sr.Serialize ("SubjectErrorCodeValid", SubjectErrorCodeValid);
sr.Serialize ("SubjectErrorCode", SubjectErrorCode);
}
# define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
# undef TC_EXCEPTION_NODECL
# define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)
TC_SERIALIZER_FACTORY_ADD_EXCEPTION_SET (SecurityTokenException);
#endif
}
|