Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 19:08:26 -06:00
Code Activity

Windows: better implementation for support of smart card PIN in command line. Supported now also on Format.

Browse Source
This commit is contained in:
Mounir IDRASSI
2016-05-29 01:30:53 +02:00
parent a0d8b8a3b7
commit 99c4031d89
8 changed files with 54 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Common/Dlgcode.c
View File

@@ -78,6 +78,7 @@ char *LastDialogId;
wchar_t szHelpFile[TC_MAX_PATH]; wchar_t szHelpFile[TC_MAX_PATH];
wchar_t szHelpFile2[TC_MAX_PATH]; wchar_t szHelpFile2[TC_MAX_PATH];
wchar_t SecurityTokenLibraryPath[TC_MAX_PATH]; wchar_t SecurityTokenLibraryPath[TC_MAX_PATH];
char CmdTokenPin [TC_MAX_PATH] = {0};
HFONT hFixedDigitFont = NULL; HFONT hFixedDigitFont = NULL;
HFONT hBoldFont = NULL; HFONT hBoldFont = NULL;
@@ -329,6 +330,8 @@ typedef struct
void cleanup () void cleanup ()
{ {
burn (&CmdTokenPin, sizeof (CmdTokenPin));
/* Cleanup the GDI fonts */ /* Cleanup the GDI fonts */
if (hFixedFont != NULL) if (hFixedFont != NULL)
DeleteObject (hFixedFont); DeleteObject (hFixedFont);
@@ -2535,6 +2538,8 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
InitOSVersionInfo(); InitOSVersionInfo();
VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin));
InitializeCriticalSection (&csWNetCalls); InitializeCriticalSection (&csWNetCalls);
LoadSystemDll (L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS); LoadSystemDll (L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS);
@@ -10979,16 +10984,28 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg)
HWND m_hwnd; HWND m_hwnd;
PinRequestHandler(HWND hwnd) : m_hwnd(hwnd) {} PinRequestHandler(HWND hwnd) : m_hwnd(hwnd) {}
virtual void operator() (string &str) virtual void operator() (string &str)
{
if (CmdTokenPin[0])
{
str = CmdTokenPin;
}
else
{ {
HWND hParent = IsWindow (m_hwnd)? m_hwnd : GetActiveWindow(); HWND hParent = IsWindow (m_hwnd)? m_hwnd : GetActiveWindow();
if (!hParent) if (!hParent)
hParent = GetForegroundWindow (); hParent = GetForegroundWindow ();
if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_TOKEN_PASSWORD), hParent, (DLGPROC) SecurityTokenPasswordDlgProc, (LPARAM) &str) == IDCANCEL) if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_TOKEN_PASSWORD), hParent, (DLGPROC) SecurityTokenPasswordDlgProc, (LPARAM) &str) == IDCANCEL)
throw UserAbort (SRC_POS); throw UserAbort (SRC_POS);
}
if (hCursor != NULL) if (hCursor != NULL)
SetCursor (hCursor); SetCursor (hCursor);
} }
virtual void notifyIncorrectPin ()
{
// clear wrong PIN
burn (&CmdTokenPin, sizeof (CmdTokenPin));
}
}; };
struct WarningHandler : public SendExceptionFunctor struct WarningHandler : public SendExceptionFunctor

1
src/Common/Dlgcode.h
View File

@@ -102,6 +102,7 @@ extern char *ConfigBuffer;
extern wchar_t szHelpFile[TC_MAX_PATH]; extern wchar_t szHelpFile[TC_MAX_PATH];
extern wchar_t szHelpFile2[TC_MAX_PATH]; extern wchar_t szHelpFile2[TC_MAX_PATH];
extern wchar_t SecurityTokenLibraryPath[TC_MAX_PATH]; extern wchar_t SecurityTokenLibraryPath[TC_MAX_PATH];
extern char CmdTokenPin [TC_MAX_PATH];
extern HFONT hFixedDigitFont; extern HFONT hFixedDigitFont;
extern HFONT hBoldFont; extern HFONT hBoldFont;
extern HFONT hTitleFont; extern HFONT hTitleFont;

7
src/Common/Keyfiles.c
View File

@@ -237,11 +237,6 @@ close:
BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile, const wchar_t* volumeFileName) BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile, const wchar_t* volumeFileName)
{
return KeyFilesApplyWithPin (hwndDlg, password, nullptr, firstKeyFile, volumeFileName);
}
BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile *firstKeyFile, const wchar_t* volumeFileName)
{ {
BOOL status = TRUE; BOOL status = TRUE;
KeyFile kfSubStruct; KeyFile kfSubStruct;
@@ -271,7 +266,7 @@ BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile
// Apply security token keyfile // Apply security token keyfile
vector <byte> keyfileData; vector <byte> keyfileData;
SecurityTokenKeyfilePath secPath (kf->FileName); SecurityTokenKeyfilePath secPath (kf->FileName);
SecurityToken::GetKeyfileData (SecurityTokenKeyfile (secPath, pin), pin, keyfileData); SecurityToken::GetKeyfileData (SecurityTokenKeyfile (secPath), keyfileData);
if (keyfileData.empty()) if (keyfileData.empty())
{ {

1
src/Common/Keyfiles.h
View File

@@ -40,7 +40,6 @@ void KeyFileRemoveAll (KeyFile **firstKeyFile);
KeyFile *KeyFileClone (KeyFile *keyFile); KeyFile *KeyFileClone (KeyFile *keyFile);
void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile); void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile);
BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFilem, const wchar_t* volumeFileName); BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFilem, const wchar_t* volumeFileName);
BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile *firstKeyFilem, const wchar_t* volumeFileName);
BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam); BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *dialogParam); BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *dialogParam);

27
src/Common/SecurityToken.cpp
View File

@@ -36,7 +36,7 @@ using namespace std;
namespace VeraCrypt namespace VeraCrypt
{ {
SecurityTokenKeyfile::SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin) SecurityTokenKeyfile::SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path)
{ {
wstring pathStr = path; wstring pathStr = path;
unsigned long slotId; unsigned long slotId;
@@ -52,7 +52,7 @@ namespace VeraCrypt
Id = pathStr.substr (keyIdPos + wstring (L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/").size()); Id = pathStr.substr (keyIdPos + wstring (L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/").size());
vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles (&SlotId, Id, pin); vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles (&SlotId, Id);
if (keyfiles.empty()) if (keyfiles.empty())
throw SecurityTokenKeyfileNotFound(); throw SecurityTokenKeyfileNotFound();
@@ -180,7 +180,7 @@ namespace VeraCrypt
throw Pkcs11Exception (status); throw Pkcs11Exception (status);
} }
vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter, const wstring keyfileIdFilter, char* pin) vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter, const wstring keyfileIdFilter)
{ {
bool unrecognizedTokenPresent = false; bool unrecognizedTokenPresent = false;
vector <SecurityTokenKeyfile> keyfiles; vector <SecurityTokenKeyfile> keyfiles;
@@ -194,7 +194,7 @@ namespace VeraCrypt
try try
{ {
LoginUserIfRequired (slotId, pin); LoginUserIfRequired (slotId);
token = GetTokenInfo (slotId); token = GetTokenInfo (slotId);
} }
catch (UserAbort &) catch (UserAbort &)
@@ -314,12 +314,7 @@ namespace VeraCrypt
void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData) void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData)
{ {
GetKeyfileData (keyfile, nullptr, keyfileData); LoginUserIfRequired (keyfile.SlotId);
}
void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData)
{
LoginUserIfRequired (keyfile.SlotId, pin);
GetObjectAttribute (keyfile.SlotId, keyfile.Handle, CKA_VALUE, keyfileData); GetObjectAttribute (keyfile.SlotId, keyfile.Handle, CKA_VALUE, keyfileData);
} }
@@ -438,7 +433,7 @@ namespace VeraCrypt
Sessions[slotId].UserLoggedIn = true; Sessions[slotId].UserLoggedIn = true;
} }
void SecurityToken::LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin) void SecurityToken::LoginUserIfRequired (CK_SLOT_ID slotId)
{ {
CheckLibraryStatus(); CheckLibraryStatus();
CK_RV status; CK_RV status;
@@ -479,10 +474,6 @@ namespace VeraCrypt
if (status != CKR_OK) if (status != CKR_OK)
throw Pkcs11Exception (status); throw Pkcs11Exception (status);
} }
else if (cmdPin && cmdPin [0])
{
Login (slotId, cmdPin);
}
else else
{ {
string pin = tokenInfo.LabelUtf8; string pin = tokenInfo.LabelUtf8;
@@ -511,12 +502,6 @@ namespace VeraCrypt
} }
else if (error == CKR_PIN_INCORRECT && !(tokenInfo.Flags & CKF_PROTECTED_AUTHENTICATION_PATH)) else if (error == CKR_PIN_INCORRECT && !(tokenInfo.Flags & CKF_PROTECTED_AUTHENTICATION_PATH))
{ {
if (cmdPin && cmdPin [0])
{
// clear wrong PIN
size_t cmdPinLen = strlen (cmdPin);
burn (cmdPin, cmdPinLen);
}
PinCallback->notifyIncorrectPin (); PinCallback->notifyIncorrectPin ();
(*WarningCallback) (Pkcs11Exception (CKR_PIN_INCORRECT)); (*WarningCallback) (Pkcs11Exception (CKR_PIN_INCORRECT));
continue; continue;

7
src/Common/SecurityToken.h
View File

@@ -74,7 +74,7 @@ namespace VeraCrypt
struct SecurityTokenKeyfile struct SecurityTokenKeyfile
{ {
SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; } SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; }
SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin = nullptr); SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path);
operator SecurityTokenKeyfilePath () const; operator SecurityTokenKeyfilePath () const;
@@ -186,9 +186,8 @@ namespace VeraCrypt
static void CloseLibrary (); static void CloseLibrary ();
static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name); static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name);
static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile); static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile);
static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring(), char* pin = nullptr); static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring());
static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData); static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData);
static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData);
static list <SecurityTokenInfo> GetAvailableTokens (); static list <SecurityTokenInfo> GetAvailableTokens ();
static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId); static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId);
#ifdef TC_WINDOWS #ifdef TC_WINDOWS
@@ -207,7 +206,7 @@ namespace VeraCrypt
static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue); static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue);
static list <CK_SLOT_ID> GetTokenSlots (); static list <CK_SLOT_ID> GetTokenSlots ();
static void Login (CK_SLOT_ID slotId, const char* pin); static void Login (CK_SLOT_ID slotId, const char* pin);
static void LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin = nullptr); static void LoginUserIfRequired (CK_SLOT_ID slotId);
static void OpenSession (CK_SLOT_ID slotId); static void OpenSession (CK_SLOT_ID slotId);
static void CheckLibraryStatus (); static void CheckLibraryStatus ();

17
src/Format/Tcformat.c
View File

@@ -51,6 +51,7 @@
#include "Volumes.h" #include "Volumes.h"
#include "Wipe.h" #include "Wipe.h"
#include "Xml.h" #include "Xml.h"
#include "SecurityToken.h"
#include <Strsafe.h> #include <Strsafe.h>
@@ -8777,6 +8778,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
OptionNoIsoCheck, OptionNoIsoCheck,
OptionQuit, OptionQuit,
OptionTokenLib, OptionTokenLib,
OptionTokenPin,
CommandResumeSysEncLogOn, CommandResumeSysEncLogOn,
CommandResumeSysEnc, CommandResumeSysEnc,
CommandDecryptSysEnc, CommandDecryptSysEnc,
@@ -8806,6 +8808,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
{ OptionHistory, L"/history", L"/h", FALSE }, { OptionHistory, L"/history", L"/h", FALSE },
{ OptionNoIsoCheck, L"/noisocheck", L"/n", FALSE }, { OptionNoIsoCheck, L"/noisocheck", L"/n", FALSE },
{ OptionTokenLib, L"/tokenlib", NULL, FALSE }, { OptionTokenLib, L"/tokenlib", NULL, FALSE },
{ OptionTokenPin, L"/tokenpin", NULL, FALSE },
{ OptionQuit, L"/quit", L"/q", FALSE }, { OptionQuit, L"/quit", L"/q", FALSE },
{ OptionEncryption, L"/encryption", NULL , FALSE }, { OptionEncryption, L"/encryption", NULL , FALSE },
{ OptionFilesystem, L"/filesystem", NULL , FALSE }, { OptionFilesystem, L"/filesystem", NULL , FALSE },
@@ -9190,6 +9193,20 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
break; break;
case OptionTokenPin:
{
wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0};
if (GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)) == HAS_ARGUMENT)
{
if (0 == WideCharToMultiByte (CP_UTF8, 0, szTmp, -1, CmdTokenPin, TC_MAX_PATH, nullptr, nullptr))
AbortProcess ("COMMAND_LINE_ERROR");
}
else
AbortProcess ("COMMAND_LINE_ERROR");
}
break;
case OptionQuit: case OptionQuit:
{ {
// Used to indicate non-install elevation // Used to indicate non-install elevation

9
src/Mount/Mount.c
View File

@@ -129,7 +129,6 @@ int nSelectedDriveIndex = -1; /* Item number of selected drive */
int cmdUnmountDrive = -2; /* Volume drive letter to unmount (-1 = all) */ int cmdUnmountDrive = -2; /* Volume drive letter to unmount (-1 = all) */
Password VolumePassword; /* Password used for mounting volumes */ Password VolumePassword; /* Password used for mounting volumes */
Password CmdVolumePassword; /* Password passed from command line */ Password CmdVolumePassword; /* Password passed from command line */
char CmdTokenPin [SecurityToken::MaxPasswordLength + 1] = {0};
int VolumePkcs5 = 0; int VolumePkcs5 = 0;
int CmdVolumePkcs5 = 0; int CmdVolumePkcs5 = 0;
int VolumePim = -1; int VolumePim = -1;
@@ -238,7 +237,6 @@ static void localcleanup (void)
burn (&mountOptions, sizeof (mountOptions)); burn (&mountOptions, sizeof (mountOptions));
burn (&defaultMountOptions, sizeof (defaultMountOptions)); burn (&defaultMountOptions, sizeof (defaultMountOptions));
burn (szFileName, sizeof(szFileName)); burn (szFileName, sizeof(szFileName));
burn (&CmdTokenPin, sizeof (CmdTokenPin));
/* Cleanup common code resources */ /* Cleanup common code resources */
cleanup (); cleanup ();
@@ -6513,7 +6511,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
BOOL reportBadPasswd = CmdVolumePassword.Length > 0; BOOL reportBadPasswd = CmdVolumePassword.Length > 0;
if (FirstCmdKeyFile) if (FirstCmdKeyFile)
KeyFilesApplyWithPin (hwndDlg, &CmdVolumePassword, CmdTokenPin, FirstCmdKeyFile, szFileName); KeyFilesApply (hwndDlg, &CmdVolumePassword, FirstCmdKeyFile, szFileName);
mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A',
szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, CmdVolumePim, EffectiveVolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, szFileName, &CmdVolumePassword, EffectiveVolumePkcs5, CmdVolumePim, EffectiveVolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount,
@@ -6558,7 +6556,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
WaitCursor (); WaitCursor ();
if (KeyFilesEnable && FirstKeyFile) if (KeyFilesEnable && FirstKeyFile)
KeyFilesApplyWithPin (hwndDlg, &VolumePassword, CmdTokenPin, FirstKeyFile, szFileName); KeyFilesApply (hwndDlg, &VolumePassword, FirstKeyFile, szFileName);
mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, FALSE, TRUE); mounted = MountVolume (hwndDlg, szDriveLetter[0] - L'A', szFileName, &VolumePassword, VolumePkcs5, VolumePim, VolumeTrueCryptMode, bCacheInDriver, bIncludePimInCache, bForceMount, &mountOptions, FALSE, TRUE);
@@ -8695,7 +8693,7 @@ void ExtractCommandLine (HWND hwndDlg, wchar_t *lpszCommandLine)
wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0}; wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0};
if (GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)) == HAS_ARGUMENT) if (GetArgumentValue (lpszCommandLineArgs, &i, nNoCommandLineArgs, szTmp, ARRAYSIZE (szTmp)) == HAS_ARGUMENT)
{ {
if (0 == WideCharToMultiByte (CP_UTF8, 0, szTmp, -1, CmdTokenPin, array_capacity (CmdTokenPin), nullptr, nullptr)) if (0 == WideCharToMultiByte (CP_UTF8, 0, szTmp, -1, CmdTokenPin, TC_MAX_PATH, nullptr, nullptr))
AbortProcess ("COMMAND_LINE_ERROR"); AbortProcess ("COMMAND_LINE_ERROR");
} }
else else
@@ -8924,7 +8922,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
VirtualLock (&mountOptions, sizeof (mountOptions)); VirtualLock (&mountOptions, sizeof (mountOptions));
VirtualLock (&defaultMountOptions, sizeof (defaultMountOptions)); VirtualLock (&defaultMountOptions, sizeof (defaultMountOptions));
VirtualLock (&szFileName, sizeof(szFileName)); VirtualLock (&szFileName, sizeof(szFileName));
VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin));
DetectX86Features (); DetectX86Features ();