VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-05-29 01:30:53 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-05-29 01:33:18 +0200
commit99c4031d89ce4f72e3899b3cac660082a1820a48 (patch)
tree6fc381d9789326a6b132fd17e6cf9a6c3e1dc411 /src/Common
parenta0d8b8a3b78b1d0db50de2a7d841efaec2a55c36 (diff)
downloadVeraCrypt-99c4031d89ce4f72e3899b3cac660082a1820a48.tar.gz
VeraCrypt-99c4031d89ce4f72e3899b3cac660082a1820a48.zip
Windows: better implementation for support of smart card PIN in command line. Supported now also on Format.
Diffstat (limited to 'src/Common')
-rw-r--r--src/Common/Dlgcode.c29
-rw-r--r--src/Common/Dlgcode.h1
-rw-r--r--src/Common/Keyfiles.c7
-rw-r--r--src/Common/Keyfiles.h1
-rw-r--r--src/Common/SecurityToken.cpp27
-rw-r--r--src/Common/SecurityToken.h7
6 files changed, 34 insertions, 38 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 13a439e0..d70dfbcd 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -78,6 +78,7 @@ char *LastDialogId;
wchar_t szHelpFile[TC_MAX_PATH];
wchar_t szHelpFile2[TC_MAX_PATH];
wchar_t SecurityTokenLibraryPath[TC_MAX_PATH];
+char CmdTokenPin [TC_MAX_PATH] = {0};
HFONT hFixedDigitFont = NULL;
HFONT hBoldFont = NULL;
@@ -329,6 +330,8 @@ typedef struct
void cleanup ()
{
+ burn (&CmdTokenPin, sizeof (CmdTokenPin));
+
/* Cleanup the GDI fonts */
if (hFixedFont != NULL)
DeleteObject (hFixedFont);
@@ -2535,6 +2538,8 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
InitOSVersionInfo();
+ VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin));
+
InitializeCriticalSection (&csWNetCalls);
LoadSystemDll (L"ntmarta.dll", &hntmartadll, TRUE, SRC_POS);
@@ -10980,15 +10985,27 @@ BOOL InitSecurityTokenLibrary (HWND hwndDlg)
PinRequestHandler(HWND hwnd) : m_hwnd(hwnd) {}
virtual void operator() (string &str)
{
- HWND hParent = IsWindow (m_hwnd)? m_hwnd : GetActiveWindow();
- if (!hParent)
- hParent = GetForegroundWindow ();
- if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_TOKEN_PASSWORD), hParent, (DLGPROC) SecurityTokenPasswordDlgProc, (LPARAM) &str) == IDCANCEL)
- throw UserAbort (SRC_POS);
-
+ if (CmdTokenPin[0])
+ {
+ str = CmdTokenPin;
+ }
+ else
+ {
+ HWND hParent = IsWindow (m_hwnd)? m_hwnd : GetActiveWindow();
+ if (!hParent)
+ hParent = GetForegroundWindow ();
+ if (DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_TOKEN_PASSWORD), hParent, (DLGPROC) SecurityTokenPasswordDlgProc, (LPARAM) &str) == IDCANCEL)
+ throw UserAbort (SRC_POS);
+ }
if (hCursor != NULL)
SetCursor (hCursor);
}
+
+ virtual void notifyIncorrectPin ()
+ {
+ // clear wrong PIN
+ burn (&CmdTokenPin, sizeof (CmdTokenPin));
+ }
};
struct WarningHandler : public SendExceptionFunctor
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 9387336e..bc818e77 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -102,6 +102,7 @@ extern char *ConfigBuffer;
extern wchar_t szHelpFile[TC_MAX_PATH];
extern wchar_t szHelpFile2[TC_MAX_PATH];
extern wchar_t SecurityTokenLibraryPath[TC_MAX_PATH];
+extern char CmdTokenPin [TC_MAX_PATH];
extern HFONT hFixedDigitFont;
extern HFONT hBoldFont;
extern HFONT hTitleFont;
diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c
index 5ee5bccf..14d415f0 100644
--- a/src/Common/Keyfiles.c
+++ b/src/Common/Keyfiles.c
@@ -238,11 +238,6 @@ close:
BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile, const wchar_t* volumeFileName)
{
- return KeyFilesApplyWithPin (hwndDlg, password, nullptr, firstKeyFile, volumeFileName);
-}
-
-BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile *firstKeyFile, const wchar_t* volumeFileName)
-{
BOOL status = TRUE;
KeyFile kfSubStruct;
KeyFile *kf;
@@ -271,7 +266,7 @@ BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile
// Apply security token keyfile
vector <byte> keyfileData;
SecurityTokenKeyfilePath secPath (kf->FileName);
- SecurityToken::GetKeyfileData (SecurityTokenKeyfile (secPath, pin), pin, keyfileData);
+ SecurityToken::GetKeyfileData (SecurityTokenKeyfile (secPath), keyfileData);
if (keyfileData.empty())
{
diff --git a/src/Common/Keyfiles.h b/src/Common/Keyfiles.h
index c94f1378..a247cbc7 100644
--- a/src/Common/Keyfiles.h
+++ b/src/Common/Keyfiles.h
@@ -40,7 +40,6 @@ void KeyFileRemoveAll (KeyFile **firstKeyFile);
KeyFile *KeyFileClone (KeyFile *keyFile);
void KeyFileCloneAll (KeyFile *firstKeyFile, KeyFile **outputKeyFile);
BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFilem, const wchar_t* volumeFileName);
-BOOL KeyFilesApplyWithPin (HWND hwndDlg, Password *password, char* pin, KeyFile *firstKeyFilem, const wchar_t* volumeFileName);
BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *dialogParam);
diff --git a/src/Common/SecurityToken.cpp b/src/Common/SecurityToken.cpp
index 597c6a2f..05defe5b 100644
--- a/src/Common/SecurityToken.cpp
+++ b/src/Common/SecurityToken.cpp
@@ -36,7 +36,7 @@ using namespace std;
namespace VeraCrypt
{
- SecurityTokenKeyfile::SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin)
+ SecurityTokenKeyfile::SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path)
{
wstring pathStr = path;
unsigned long slotId;
@@ -52,7 +52,7 @@ namespace VeraCrypt
Id = pathStr.substr (keyIdPos + wstring (L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/").size());
- vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles (&SlotId, Id, pin);
+ vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles (&SlotId, Id);
if (keyfiles.empty())
throw SecurityTokenKeyfileNotFound();
@@ -180,7 +180,7 @@ namespace VeraCrypt
throw Pkcs11Exception (status);
}
- vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter, const wstring keyfileIdFilter, char* pin)
+ vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter, const wstring keyfileIdFilter)
{
bool unrecognizedTokenPresent = false;
vector <SecurityTokenKeyfile> keyfiles;
@@ -194,7 +194,7 @@ namespace VeraCrypt
try
{
- LoginUserIfRequired (slotId, pin);
+ LoginUserIfRequired (slotId);
token = GetTokenInfo (slotId);
}
catch (UserAbort &)
@@ -314,12 +314,7 @@ namespace VeraCrypt
void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData)
{
- GetKeyfileData (keyfile, nullptr, keyfileData);
- }
-
- void SecurityToken::GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData)
- {
- LoginUserIfRequired (keyfile.SlotId, pin);
+ LoginUserIfRequired (keyfile.SlotId);
GetObjectAttribute (keyfile.SlotId, keyfile.Handle, CKA_VALUE, keyfileData);
}
@@ -438,7 +433,7 @@ namespace VeraCrypt
Sessions[slotId].UserLoggedIn = true;
}
- void SecurityToken::LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin)
+ void SecurityToken::LoginUserIfRequired (CK_SLOT_ID slotId)
{
CheckLibraryStatus();
CK_RV status;
@@ -479,10 +474,6 @@ namespace VeraCrypt
if (status != CKR_OK)
throw Pkcs11Exception (status);
}
- else if (cmdPin && cmdPin [0])
- {
- Login (slotId, cmdPin);
- }
else
{
string pin = tokenInfo.LabelUtf8;
@@ -511,12 +502,6 @@ namespace VeraCrypt
}
else if (error == CKR_PIN_INCORRECT && !(tokenInfo.Flags & CKF_PROTECTED_AUTHENTICATION_PATH))
{
- if (cmdPin && cmdPin [0])
- {
- // clear wrong PIN
- size_t cmdPinLen = strlen (cmdPin);
- burn (cmdPin, cmdPinLen);
- }
PinCallback->notifyIncorrectPin ();
(*WarningCallback) (Pkcs11Exception (CKR_PIN_INCORRECT));
continue;
diff --git a/src/Common/SecurityToken.h b/src/Common/SecurityToken.h
index 89f60dfb..32abfcb5 100644
--- a/src/Common/SecurityToken.h
+++ b/src/Common/SecurityToken.h
@@ -74,7 +74,7 @@ namespace VeraCrypt
struct SecurityTokenKeyfile
{
SecurityTokenKeyfile () : Handle(CK_INVALID_HANDLE), SlotId(CK_UNAVAILABLE_INFORMATION) { Token.SlotId = CK_UNAVAILABLE_INFORMATION; Token.Flags = 0; }
- SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path, char* pin = nullptr);
+ SecurityTokenKeyfile (const SecurityTokenKeyfilePath &path);
operator SecurityTokenKeyfilePath () const;
@@ -186,9 +186,8 @@ namespace VeraCrypt
static void CloseLibrary ();
static void CreateKeyfile (CK_SLOT_ID slotId, vector <byte> &keyfileData, const string &name);
static void DeleteKeyfile (const SecurityTokenKeyfile &keyfile);
- static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring(), char* pin = nullptr);
+ static vector <SecurityTokenKeyfile> GetAvailableKeyfiles (CK_SLOT_ID *slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring());
static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, vector <byte> &keyfileData);
- static void GetKeyfileData (const SecurityTokenKeyfile &keyfile, char* pin, vector <byte> &keyfileData);
static list <SecurityTokenInfo> GetAvailableTokens ();
static SecurityTokenInfo GetTokenInfo (CK_SLOT_ID slotId);
#ifdef TC_WINDOWS
@@ -207,7 +206,7 @@ namespace VeraCrypt
static void GetObjectAttribute (CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte> &attributeValue);
static list <CK_SLOT_ID> GetTokenSlots ();
static void Login (CK_SLOT_ID slotId, const char* pin);
- static void LoginUserIfRequired (CK_SLOT_ID slotId, char* cmdPin = nullptr);
+ static void LoginUserIfRequired (CK_SLOT_ID slotId);
static void OpenSession (CK_SLOT_ID slotId);
static void CheckLibraryStatus ();