1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#include "Platform/Serializer.h"
#include "Common/SecurityToken.h"
#include "Common/EMVToken.h"
#include "Crc32.h"
#include "Keyfile.h"
#include "VolumeException.h"
namespace VeraCrypt
{
void Keyfile::Apply (const BufferPtr &pool, bool emvSupportEnabled) const
{
if (Path.IsDirectory())
throw ParameterIncorrect (SRC_POS);
File file;
Crc32 crc32;
size_t poolPos = 0;
uint64 totalLength = 0;
uint64 readLength;
SecureBuffer keyfileBuf (File::GetOptimalReadSize());
if (Token::IsKeyfilePathValid (Path, emvSupportEnabled))
{
// Apply keyfile generated by a security token
vector <byte> keyfileData;
Token::getTokenKeyfile(wstring(Path))->GetKeyfileData(keyfileData);
if (keyfileData.size() < MinProcessedLength)
throw InsufficientData(SRC_POS, Path);
for (size_t i = 0; i < keyfileData.size(); i++)
{
uint32 crc = crc32.Process(keyfileData[i]);
pool[poolPos++] += (byte)(crc >> 24);
pool[poolPos++] += (byte)(crc >> 16);
pool[poolPos++] += (byte)(crc >> 8);
pool[poolPos++] += (byte) crc;
if (poolPos >= pool.Size())
poolPos = 0;
if (++totalLength >= MaxProcessedLength)
break;
}
burn(&keyfileData.front(), keyfileData.size());
goto done;
}
file.Open (Path, File::OpenRead, File::ShareRead);
while ((readLength = file.Read (keyfileBuf)) > 0)
{
for (size_t i = 0; i < readLength; i++)
{
uint32 crc = crc32.Process(keyfileBuf[i]);
pool[poolPos++] += (byte)(crc >> 24);
pool[poolPos++] += (byte)(crc >> 16);
pool[poolPos++] += (byte)(crc >> 8);
pool[poolPos++] += (byte) crc;
if (poolPos >= pool.Size())
poolPos = 0;
if (++totalLength >= MaxProcessedLength)
goto done;
}
}
done:
if (totalLength < MinProcessedLength)
throw InsufficientData (SRC_POS, Path);
}
shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool emvSupportEnabled)
{
if (!password)
password.reset (new VolumePassword);
if (!keyfiles || keyfiles->size() < 1)
return password;
KeyfileList keyfilesExp;
HiddenFileWasPresentInKeyfilePath = false;
// Enumerate directories
foreach (shared_ptr <Keyfile> keyfile, *keyfiles)
{
if (FilesystemPath (*keyfile).IsDirectory())
{
size_t keyfileCount = 0;
foreach_ref (const FilePath &path, Directory::GetFilePaths (*keyfile))
{
#ifdef TC_UNIX
// Skip hidden files
if (wstring (path.ToBaseName()).find (L'.') == 0)
{
HiddenFileWasPresentInKeyfilePath = true;
continue;
}
#endif
keyfilesExp.push_back (make_shared <Keyfile> (path));
++keyfileCount;
}
if (keyfileCount == 0)
throw KeyfilePathEmpty (SRC_POS, FilesystemPath (*keyfile));
}
else
{
keyfilesExp.push_back (keyfile);
}
}
make_shared_auto (VolumePassword, newPassword);
if (keyfilesExp.size() < 1)
{
newPassword->Set (*password);
}
else
{
SecureBuffer keyfilePool (password->Size() <= VolumePassword::MaxLegacySize? VolumePassword::MaxLegacySize: VolumePassword::MaxSize);
// Pad password with zeros if shorter than max length
keyfilePool.Zero();
keyfilePool.CopyFrom (ConstBufferPtr (password->DataPtr(), password->Size()));
// Apply all keyfiles
foreach_ref (const Keyfile &k, keyfilesExp)
{
k.Apply (keyfilePool, emvSupportEnabled);
}
newPassword->Set (keyfilePool);
}
return newPassword;
}
shared_ptr <KeyfileList> Keyfile::DeserializeList (shared_ptr <Stream> stream, const string &name)
{
shared_ptr <KeyfileList> keyfiles;
Serializer sr (stream);
if (!sr.DeserializeBool (name + "Null"))
{
keyfiles.reset (new KeyfileList);
foreach (const wstring &k, sr.DeserializeWStringList (name))
keyfiles->push_back (make_shared <Keyfile> (k));
}
return keyfiles;
}
void Keyfile::SerializeList (shared_ptr <Stream> stream, const string &name, shared_ptr <KeyfileList> keyfiles)
{
Serializer sr (stream);
sr.Serialize (name + "Null", keyfiles == nullptr);
if (keyfiles)
{
list <wstring> sl;
foreach_ref (const Keyfile &k, *keyfiles)
sl.push_back (FilesystemPath (k));
sr.Serialize (name, sl);
}
}
bool Keyfile::HiddenFileWasPresentInKeyfilePath = false;
}
|