Add EMV functionality (#1080)

* Add basic strcture needed for EMV implementation * Add demo EMV functionality with C code pasted in a very dirty and unsafe way. NOT FINAL * Refactor IccExtractor Structure * Fix Makefile * fix include file * move global variables from h to c * revert to memcpy * fix icc data recovery functions * Add EMV functionalities on windows * Make EMVToken structures like SecurityToken * Define constants instead of hard coded values * Token structures created with inheritance * refactor TokenKeyfile to use inherit. + polymor. * add Token.h + Token.cpp in modules in VS2010 * Add a comment at each use of SecurityToken class or objects * SecurityTokenKeyfilesDialog preparation * Implemennt GetAvailableTokens in Token class on windows * merge * up (patching for Windows) * foreach Token.cpp corrected * Display EMV keyfiles on first window in graphic interface * Add token to Windows UI * EMVToken selection on OKButton on Linux * Keyfile.cpp optimization * Move getKeyfileData in the token class * EMV::Token GetAvailableKeyfiles() base * Move getKeyfileData in the token class on unix * Remove test comments * Warnings resolved * RemoveeSecurityTokenLibraryNotInitialized exception if at least one emv token is detected * Adding new files * Remove old files and add the new version to the windows project * Change make_shared to shared_ptr constructor * IccExtractor integration working on linux * Throwing card not EMV execption * catch error when not EMV type in EMVToken::GetAvailableKeyfiles * Change types to compile on windows * list all keyfiles, security keyfiles and emv keyfiles in command line * Change type to be coherent and remove old todo comments * Remove todo comments * Change indentation and resolve a bug from previous commit * Use polymorphism for GetKeyfileData and add export option for EMVTokens on Linux * Linux : Allow to export EMV Tokens in command lines, Windows : Disable the delete button when EMV Keyfiles are selected * Remove SlotId from TokenInfo as it is already in Token * Correct errors on Linux * Disable delete option if one EMV Token is selected on Linux * Fix bug enabling delete button if nothing is selected * emv data used as reference then burnt * use of normal files in linux corrected * help updated * help updated for export functionnality * option EMV added to graphic interface but not yet working * Bug fix : Allow to use multiple EMV on windows * EMV Option added to UserPreferences * EMV Option working for Linux * EMV option added to Windows (not working yet) * [NOT TESTED] EMV option for Windows * Working EMV option on Windows * EMV Option for data extraction working for volume creation * EMV Option for data extraction working for Mount * EMV Option for data extraction working for mounting favorites volumes * EMV Option for extraction working for Changing volume password, Set Derivation Key Algorithm and Add or remove keyfile from volume * Windows : re-checking EMV Option when getting data * Removing error catches in the IccDataExtractor classe (It only throws error now). Changing GetPan signature to resemble the other functions signatures more * Changing EMV errors - Only throwing ICCExtractionException from outside of the ICC module. - Catching all TLVExceptions and PCSCExceptions to throw the right ICCExtractionException - Deleting APDU exceptions. * First version of the documentation * Adding function pointers for winscard library (but it crashes VeraCrypt) * Debugging function pointers * The import of the library on windows work as expected now * Reverting EMVToken.cpp changes used to test to library import * Searching for the System32 path instead of hard codding it * Fixing the bug were VeraCrypt crashes if there is no readers when "add Token files" is clicked * Winscard library not initialized in object constructor anymore to delay it after EMVOption check * Remove winscard lib from windows dependencies * Properly displaying errors * Adding a dot in Language.xml * Catching TLVException * Removing unused code * Remove unusefull comments * Trying to fix 0x1f error * Update IccDataExtractor.cpp * Delete History.xml * Fix get data without get pan * Cleanup code * changes for linux compilation but linking not working * error handling for linux * erasing emv data * Burn PAN * Burn PAN from memory * Uncomment selfcheck before merging master * burn corrected * EMV errors handling for Linux * EMV working for Linux CLI * Doc : Winscard Linux package and VeraCrypt versions --------- Co-authored-by: doriandu45 <d45.poubelle@gmail.com> Co-authored-by: red4game <redemgaiming@gmail.com> Co-authored-by: Brice.Namy <brice.namy@insa-rennes.fr> Co-authored-by: vocthor <pieceo108@gmail.com> Co-authored-by: vocthor <67202139+vocthor@users.noreply.github.com> Co-authored-by: Andrei COCAN <andrei.cocan@insa-rennes.fr> Co-authored-by: AndreiCocan <95496161+AndreiCocan@users.noreply.github.com> Co-authored-by: francoisLEROUX <francois3443@gmail.com>
2025-11-12 03:18:26 -06:00 · 2023-06-28 22:51:43 +02:00
parent f4e109afcf
commit 502ab9112a
65 changed files with 2721 additions and 612 deletions
--- a/src/Main/TextUserInterface.cpp
+++ b/src/Main/TextUserInterface.cpp
@@ -21,7 +21,9 @@
 #endif

 #include <wx/platinfo.h>
+#include "Common/Token.h"
 #include "Common/SecurityToken.h"
+#include "Common/EMVToken.h"
 #include "Core/RandomNumberGenerator.h"
 #include "Application.h"
 #include "TextUserInterface.h"
@@ -312,6 +314,7 @@ namespace VeraCrypt
 						kdf,
 						false,
 						options->Keyfiles,
+                        true,
 						options->Protection,
 						options->ProtectionPassword,
 						options->ProtectionPim,
@@ -337,6 +340,7 @@ namespace VeraCrypt
 								kdf,
 								false,
 								options->Keyfiles,
+                                true,
 								options->Protection,
 								options->ProtectionPassword,
 								options->ProtectionPim,
@@ -407,14 +411,14 @@ namespace VeraCrypt

 		// Re-encrypt volume header
 		SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize());
-		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles);
+		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles, true);

 		backupFile.Write (newHeaderBuffer);

 		if (hiddenVolume)
 		{
 			// Re-encrypt hidden volume header
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles, true);
 		}
 		else
 		{
@@ -482,7 +486,7 @@ namespace VeraCrypt
 					try
 					{
 						keyfiles.reset (new KeyfileList);
-						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
+						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, true);
 					}
 					catch (PasswordException&)
 					{
@@ -492,7 +496,7 @@ namespace VeraCrypt
 				}

 				if (!volume.get())
-					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
+					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, true);
 			}
 			catch (PasswordException &e)
 			{
@@ -527,7 +531,7 @@ namespace VeraCrypt
 		RandomNumberGenerator::SetEnrichedByUserStatus (false);
 		UserEnrichRandomPool();

-		Core->ChangePassword (volume, newPassword, newPim, newKeyfiles,
+		Core->ChangePassword (volume, newPassword, newPim, newKeyfiles, true,
 			newHash ? Pkcs5Kdf::GetAlgorithm (*newHash, false) : shared_ptr <Pkcs5Kdf>());

 		ShowInfo ("PASSWORD_CHANGED");
@@ -911,6 +915,7 @@ namespace VeraCrypt
 		wxLongLong startTime = wxGetLocalTimeMillis();

 		VolumeCreator creator;
+            options->EMVOption = true;
 		creator.CreateVolume (options);

 		bool volumeCreated = false;
@@ -1024,7 +1029,7 @@ namespace VeraCrypt

 		foreach_ref (const Keyfile &keyfile, *keyfiles)
 		{
-			SecurityToken::DeleteKeyfile (SecurityTokenKeyfilePath (FilePath (keyfile)));
+            SecurityToken::DeleteKeyfile (TokenKeyfilePath (FilePath (keyfile)));
 		}
 	}

@@ -1055,10 +1060,10 @@ namespace VeraCrypt
 		if (keyfilePath.empty())
 			throw UserAbort (SRC_POS);

-		SecurityTokenKeyfile tokenKeyfile (keyfilePath);
+        shared_ptr<TokenKeyfile> tokenKeyfile = Token::getTokenKeyfile(keyfilePath);

 		vector <byte> keyfileData;
-		SecurityToken::GetKeyfileData (tokenKeyfile, keyfileData);
+		tokenKeyfile->GetKeyfileData (keyfileData);

 		BufferPtr keyfileDataBuf (&keyfileData.front(), keyfileData.size());
 		finally_do_arg (BufferPtr, keyfileDataBuf, { finally_arg.Erase(); });
@@ -1100,7 +1105,7 @@ namespace VeraCrypt

 	void TextUserInterface::ImportSecurityTokenKeyfiles () const
 	{
-		list <SecurityTokenInfo> tokens = SecurityToken::GetAvailableTokens();
+		list <shared_ptr<TokenInfo>> tokens = Token::GetAvailableTokens();

 		if (tokens.empty())
 			throw_err (LangString ["NO_TOKENS_FOUND"]);
@@ -1109,19 +1114,19 @@ namespace VeraCrypt

 		if (tokens.size() == 1)
 		{
-			slotId = tokens.front().SlotId;
+			slotId = tokens.front()->SlotId;
 		}
 		else
 		{
-			foreach (const SecurityTokenInfo &token, tokens)
+			foreach (const shared_ptr<TokenInfo> &token, tokens)
 			{
 				wstringstream tokenLabel;
-				tokenLabel << L"[" << token.SlotId << L"] " << LangString["TOKEN_SLOT_ID"].c_str() << L" " << token.SlotId << L"  " << token.Label;
+				tokenLabel << L"[" << token->SlotId << L"] " << LangString["TOKEN_SLOT_ID"].c_str() << L" " << token->SlotId << L"  " << token->Label;

 				ShowInfo (tokenLabel.str());
 			}

-			slotId = (CK_SLOT_ID) AskSelection (tokens.back().SlotId, tokens.front().SlotId);
+			slotId = (CK_SLOT_ID) AskSelection (tokens.back()->SlotId, tokens.front()->SlotId);
 		}

 		shared_ptr <KeyfileList> keyfiles;
@@ -1225,14 +1230,30 @@ namespace VeraCrypt
 		}
 	}

-	void TextUserInterface::ListSecurityTokenKeyfiles () const
+	void TextUserInterface::ListTokenKeyfiles () const
 	{
-		foreach (const SecurityTokenKeyfile &keyfile, SecurityToken::GetAvailableKeyfiles())
+		foreach (const shared_ptr<TokenKeyfile> keyfile, Token::GetAvailableKeyfiles(true))
 		{
-			ShowString (wstring (SecurityTokenKeyfilePath (keyfile)));
+			ShowString (wstring (TokenKeyfilePath (*keyfile)));
 			ShowString (L"\n");
 		}
 	}
+    void TextUserInterface::ListSecurityTokenKeyfiles () const
+    {
+        foreach (const TokenKeyfile &keyfile, SecurityToken::GetAvailableKeyfiles())
+        {
+            ShowString (wstring (TokenKeyfilePath (keyfile)));
+            ShowString (L"\n");
+        }
+    }
+    void TextUserInterface::ListEMVTokenKeyfiles () const
+    {
+        foreach (const TokenKeyfile &keyfile, EMVToken::GetAvailableKeyfiles())
+        {
+            ShowString (wstring (TokenKeyfilePath (keyfile)));
+            ShowString (L"\n");
+        }
+    }

 	VolumeInfoList TextUserInterface::MountAllDeviceHostedVolumes (MountOptions &options) const
 	{
@@ -1523,6 +1544,7 @@ namespace VeraCrypt
 						kdf,
 						false,
 						options.Keyfiles,
+                        true,
 						options.Protection,
 						options.ProtectionPassword,
 						options.ProtectionPim,
@@ -1550,7 +1572,7 @@ namespace VeraCrypt

 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim,  options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim,  options.Keyfiles, true);

 			// Write volume header
 			int headerOffset = volume->GetLayout()->GetHeaderOffset();
@@ -1627,7 +1649,7 @@ namespace VeraCrypt
 						backupFile.ReadAt (headerBuffer, layout->GetType() == VolumeType::Hidden ? layout->GetHeaderSize() : 0);

 						// Decrypt header
-						shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
+						shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, true);
 						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
 						{
 							decryptedLayout = layout;
@@ -1652,7 +1674,7 @@ namespace VeraCrypt

 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, true);

 			// Write volume header
 			int headerOffset = decryptedLayout->GetHeaderOffset();
@@ -1666,7 +1688,7 @@ namespace VeraCrypt
 			if (decryptedLayout->HasBackupHeader())
 			{
 				// Re-encrypt backup volume header
-				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
+				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, true);

 				// Write backup volume header
 				headerOffset = decryptedLayout->GetBackupHeaderOffset();