+</li><li><strong><a href="EMV%20Smart%20Cards.html">EMV Smart Cards</a></strong>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

+ <head>

+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />

+ <title>

+ VeraCrypt - Free Open source disk encryption with strong security for the

+ Paranoid

+ </title>

+ <meta

+ name="description"

+ content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."

+ />

+ <meta name="keywords" content="encryption, security" />

+ <link href="styles.css" rel="stylesheet" type="text/css" />

+ </head>

+ <body>

+ <div>

+ <a href="Documentation.html"

+ ><img src="VeraCrypt128x128.png" alt="VeraCrypt"

+ /></a>

+ </div>

+

+ <div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li>

+ <a

+ href="https://sourceforge.net/p/veracrypt/discussion/"

+ target="_blank"

+ >Forums</a

+ >

+ </li>

+ </ul>

+ </div>

+

+ <div>

+ <p>

+ <a href="Documentation.html">Documentation</a>

+ <img src="arrow_right.gif" alt=">>" style="margin-top: 5px" />

+ <a href="EMV%20Smart%20Cards.html">EMV Smart Cards</a>

+ </p>

+ </div>

+

+ <div class="wikidoc">

+ <h1>EMV Smart Cards</h1>

+ <div

+ style="

+ text-align: left;

+ margin-top: 19px;

+ margin-bottom: 19px;

+ padding-top: 0px;

+ padding-bottom: 0px;

+ "

+ >

+ <p>

+ Windows and Linux versions of VeraCrypt offer to use EMV compliant

+ smart cards as a feature. Indeed, the use of PKCS#11 compliant smart

+ cards is dedicated to users with more or less cybersecurity skills.

+ However, in some situations, having such a card strongly reduces the

+ plausible deniability of the user.

+ </p>

+ <p>

+ To overcome this problem, the idea is to allow the use of a type of

+ smart card owned by anyone: EMV compliant smart cards. According to

+ the standard of the same name, these cards spread all over the world

+ are used to carry out banking operations. Using internal data of the

+ user's EMV card as keyfiles will strengthen the security of his volume

+ while keeping his denial plausible.

+ </p>

+ <p>

+ For more technical information, please see the section

+ <em style="text-align: left">EMV Smart Cards</em> in the chapter

+ <a

+ href="Keyfiles%20in%20VeraCrypt.html"

+ style="text-align: left; color: #0080c0; text-decoration: none.html"

+ >

+ <em style="text-align: left">Keyfiles</em></a

+ >.

+ </p>

+ </div>

+ </div>

+ </body>

+</html>

+<h3 id="SmartCard" style="text-align:left; font-family:Arial,Helvetica,Verdana,sans-serif; font-weight:bold; margin-top:0px; font-size:13px; margin-bottom:4px">

+EMV Smart Cards</h3>

+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+Windows and Linux versions of VeraCrypt can use directly as keyfiles data extracted from EMV compliant smart cards, supporting Visa, Mastecard or Maestro applications. As with PKCS-11 compliant smart cards, to use such data as VeraCrypt keyfiles,

+click <em style="text-align:left">Add Token Files</em> (in the keyfile dialog window). The last four digits of the card's Primary Account Number will be displayed, allowing the selection of the card as a keyfile source.

+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+The data extracted and concatenated into a single keyfile are as follow : ICC Public Key Certificate, Issuer Public Key Certificate and Card Production Life

+Cycle (CPLC) data. They are respectively identified by the tags '9F46', '90' and '9F7F' in the card's data management system. These two certificates are specific to an application deployed on the EMV card and used for the Dynamic Data Authentication of the card

+during banking transactions. CPLC data are specific to the card and not to any of its applications. They contain information on the production process of the smart card. Therefore both certificates and data are unique and static on any EMV compliant smart card.</div>

+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+According to the ISO/IEC 7816 standard on which the EMV standard is based, communication with an EMV smart card is done through structured commands called APDUs, allowing to extract the data from the smart card. These data are encoded in the BER-TLV format,

+defined by the ASN.1 standard, and therefore need to be parsed before being concatenated into a keyfile. No PIN is required to access and retrieve data from the card. To cope with the diversity of smart cards readers on the market, librairies compliant with the Microsoft Personal

+Computer/Smart Card communication standard are used. The Winscard library is used. Natively available on Windows in System32, it then doesn't require any installation on this operating system. However, the libpcsclite1 package has to be installed on Linux.</div>

+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+Since the card is read-only, it is not possible to import or delete data. However, data used as keyfiles can be exported locally in any binary file. During the entire cryptographic process of mounting or creating a volume, the certificates and CPLC data are never stored anywhere

+other than in the user's machine RAM. Once the process is complete, these RAM memory areas are rigorously erased.</div>

+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

+It important to note that this feature is optional and disabled by default. It can be enabled in the <em style="text-align:left">Security Token Preferences</em> parameters by checking the box provided.</div>

+<p>&nbsp;</p>

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+ <head>

+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />

+ <title>

+ VeraCrypt - Free Open source disk encryption with strong security for the

+ Paranoid

+ </title>

+ <meta

+ name="description"

+ content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."

+ />

+ <meta name="keywords" content="encryption, security" />

+ <link href="styles.css" rel="stylesheet" type="text/css" />

+ </head>

+ <body>

+ <div>

+ <a href="Documentation.html"

+ ><img src="VeraCrypt128x128.png" alt="VeraCrypt"

+ /></a>

+ </div>

+ <div id="menu">

+ <ul>

+ <li><a href="Home.html">Home</a></li>

+ <li><a href="/code/">Source Code</a></li>

+ <li><a href="Downloads.html">Downloads</a></li>

+ <li><a class="active" href="Documentation.html">Documentation</a></li>

+ <li><a href="Donation.html">Donate</a></li>

+ <li>

+ <a

+ href="https://sourceforge.net/p/veracrypt/discussion/"

+ target="_blank"

+ >Forums</a

+ >

+ </li>

+ </ul>

+ </div>

+ <div>

+ <p>

+ <a href="Documentation.html">Documentation</a>

+ <img src="arrow_right.gif" alt=">>" style="margin-top: 5px" />

+ <a href="Technical%20Details.html">Technical Details</a>

+ <img src="arrow_right.gif" alt=">>" style="margin-top: 5px" />

+ <a href="Keyfiles.html">Keyfiles</a>

+ </p>

+ </div>

+ <div class="wikidoc">

+ <h1>Keyfiles</h1>

+ <div

+ style="

+ text-align: left;

+ margin-top: 19px;

+ margin-bottom: 19px;

+ padding-top: 0px;

+ padding-bottom: 0px;

+ "

+ >

+ <p>

+ VeraCrypt keyfile is a file whose content is combined with a password.

+ The user can use any kind of file as a VeraCrypt keyfile. The user can

+ also generate a keyfile using the built-in keyfile generator, which

+ utilizes the VeraCrypt RNG to generate a file with random content (for

+ more information, see the section

+ <a href="Random%20Number%20Generator.html">

+ <em>Random Number Generator</em></a

+ >).

+ </p>

+ <p>

+ The maximum size of a keyfile is not limited; however, only its first

+ 1,048,576 bytes (1 MiB) are processed (all remaining bytes are ignored

+ due to performance issues connected with processing extremely large

+ files). The user can supply one or more keyfiles (the number of

+ keyfiles is not limited).

+ </p>

+ <p>

+ Keyfiles can be stored on PKCS-11-compliant [23] security tokens and

+ smart cards protected by multiple PIN codes (which can be entered

+ either using a hardware PIN pad or via the VeraCrypt GUI).

+ </p>

+ <p>

+ EMV-compliant smart cards' data can be used as keyfile, see chapter

+ <a

+ href="EMV%20Smart%20Cards.html"

+ style="text-align: left; color: #0080c0; text-decoration: none.html"

+ >

+ <em style="text-align: left">EMV Smart Cards</em></a

+ >.

+ </p>

+ <p>

+ Keyfiles are processed and applied to a password using the following

+ method:

+ </p>

+ <ol>

+ <li>

+ Let <em>P</em> be a VeraCrypt volume password supplied by user (may

+ be empty)

+ </li>

+ <li>Let <em>KP</em> be the keyfile pool</li>

+ <li>

+ Let <em>kpl</em> be the size of the keyfile pool <em>KP</em>, in

+ bytes (64, i.e., 512 bits);

+ <p>

+ kpl must be a multiple of the output size of a hash function H

+ </p>

+ </li>

+ <li>

+ Let <em>pl</em> be the length of the password <em>P</em>, in bytes

+ (in the current version: 0 &le; <em>pl</em> &le; 64)

+ </li>

+ <li>

+ if <em>kpl &gt; pl</em>, append (<em>kpl &ndash; pl</em>) zero bytes

+ to the password <em>P</em> (thus <em>pl = kpl</em>)

+ </li>

+ <li>

+ Fill the keyfile pool <em>KP</em> with <em>kpl</em> zero bytes.

+ </li>

+ <li>

+ For each keyfile perform the following steps:

+ <ol type="a">

+ <li>

+ Set the position of the keyfile pool cursor to the beginning of

+ the pool

+ </li>

+ <li>Initialize the hash function <em>H</em></li>

+ <li>

+ Load all bytes of the keyfile one by one, and for each loaded

+ byte perform the following steps:

+ <ol type="i">

+ <li>

+ Hash the loaded byte using the hash function

+ <em>H</em> without initializing the hash, to obtain an

+ intermediate hash (state) <em>M.</em> Do not finalize the

+ hash (the state is retained for next round).

+ </li>

+ <li>

+ Divide the state <em>M</em> into individual bytes.<br />

+ For example, if the hash output size is 4 bytes, (<em>T</em

+ >₀ || <em>T</em>₁ || <em>T</em

+ >₂ || <em>T</em>₃) = <em>M</em>

+ </li>

+ <li>

+ Write these bytes (obtained in step 7.c.ii) individually to

+ the keyfile pool with the modulo 2⁸ addition

+ operation (not by replacing the old values in the pool) at

+ the position of the pool cursor. After a byte is written,

+ the pool cursor position is advanced by one byte. When the

+ cursor reaches the end of the pool, its position is set to

+ the beginning of the pool.

+ </li>

+ </ol>

+ </li>

+ </ol>

+ </li>

+ <li>

+ Apply the content of the keyfile pool to the password

+ <em>P</em> using the following method:

+ <ol type="a">

+ <li>

+ Divide the password <em>P</em> into individual bytes <em>B</em

+ >₀...<em>B</em>_pl-1.<br />

+ Note that if the password was shorter than the keyfile pool,

+ then the password was padded with zero bytes to the length of

+ the pool in Step 5 (hence, at this point the length of the

+ password is always greater than or equal to the length of the

+ keyfile pool).

+ </li>

+ <li>

+ Divide the keyfile pool <em>KP</em> into individual bytes

+ <em>G</em>₀...<em>G</em>_kpl-1

+ </li>

+ <li>For 0 &le; i &lt; kpl perform: Bi = Bi &oplus; Gi</li>

+ <li>

+ <em>P</em> = <em>B</em>₀ || <em>B</em>₁ ||

+ ... || <em>B</em>_pl-2 || <em>B</em>_pl-1

+ </li>

+ </ol>

+ </li>

+ <li>

+ The password <em>P</em> (after the keyfile pool content has been

+ applied to it) is now passed to the header key derivation function

+ PBKDF2 (PKCS #5 v2), which processes it (along with salt and other

+ data) using a cryptographically secure hash algorithm selected by

+ the user (e.g., SHA-512). See the section

+ <a href="Header%20Key%20Derivation.html">

+ <em>Header Key Derivation, Salt, and Iteration Count</em></a

+ >

+ for more information.

+ </li>

+ </ol>

+ <p>

+ The role of the hash function <em>H</em> is merely to perform

+ diffusion [2]. CRC-32 is used as the hash function <em>H</em>. Note

+ that the output of CRC-32 is subsequently processed using a

+ cryptographically secure hash algorithm: The keyfile pool content (in

+ addition to being hashed using CRC-32) is applied to the password,

+ which is then passed to the header key derivation function PBKDF2

+ (PKCS #5 v2), which processes it (along with salt and other data)

+ using a cryptographically secure hash algorithm selected by the user

+ (e.g., SHA-512). The resultant values are used to form the header key

+ and the secondary header key (XTS mode).

+ </p>

+ <p>&nbsp;</p>

+ <p>

+ <a

+ href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"

+ style="

+ text-align: left;

+ color: #0080c0;

+ text-decoration: none;

+ font-weight: bold.html;

+ "

+ >Next Section &gt;&gt;</a

+ >

+ </p>

+ </div>

+ </div>

+ <div class="ClearBoth"></div>

+ </body>

+</html>

+BOOL ActivateEMVOption = FALSE;

+ list <shared_ptr<TokenInfo>> tokens;

+ tokens = Token::GetAvailableTokens();

+ foreach (const shared_ptr<TokenInfo> token, tokens)

+ tokenLabel << L"[" << token->SlotId << L"] " << token->Label;

+ AddComboPair (GetDlgItem (hwndDlg, IDC_SELECTED_TOKEN), tokenLabel.str().c_str(), token->SlotId);

+static void SecurityTokenKeyfileDlgFillList (HWND hwndDlg, const vector <shared_ptr<TokenKeyfile>> &keyfiles)

+ foreach (const shared_ptr<TokenKeyfile> keyfile, keyfiles)

+ s << keyfile->Token->SlotId;

+ ListSubItemSet (tokenListControl, lvItem.iItem, 1, (wchar_t *) keyfile->Token->Label.c_str());

+ ListSubItemSet (tokenListControl, lvItem.iItem, 2, (wchar_t *) keyfile->Id.c_str());

+static list <shared_ptr<TokenKeyfile>> SecurityTokenKeyfileDlgGetSelected (HWND hwndDlg, const vector <shared_ptr<TokenKeyfile>> &keyfiles)

+ list <shared_ptr<TokenKeyfile>> selectedKeyfiles;

+ static list <TokenKeyfilePath> *selectedTokenKeyfiles;

+ static vector <shared_ptr<TokenKeyfile>> keyfiles;

+ selectedTokenKeyfiles = (list <TokenKeyfilePath> *) lParam;

+ keyfiles = Token::GetAvailableKeyfiles(ActivateEMVOption);

+ foreach (const shared_ptr<TokenKeyfile> &keyfile, SecurityTokenKeyfileDlgGetSelected (hwndDlg, keyfiles))

+ selectedTokenKeyfiles->push_back (TokenKeyfilePath (*keyfile));

+ BOOL deletable = selected;

+ foreach (const shared_ptr<TokenKeyfile> &keyfile, SecurityTokenKeyfileDlgGetSelected (hwndDlg, keyfiles))

+ {

+ if( ! keyfile->Token->isEditable()){

+ deletable = false;

+ }

+ }

+ EnableWindow (GetDlgItem (hwndDlg, IDC_DELETE), deletable);

+ keyfiles = Token::GetAvailableKeyfiles(ActivateEMVOption);

+ foreach (const shared_ptr<TokenKeyfile> &keyfile, SecurityTokenKeyfileDlgGetSelected (hwndDlg, keyfiles))

+ keyfile->GetKeyfileData (keyfileData);

+ foreach (const shared_ptr<TokenKeyfile> keyfile, SecurityTokenKeyfileDlgGetSelected (hwndDlg, keyfiles))

+ SecurityToken::DeleteKeyfile (dynamic_cast<SecurityTokenKeyfile&>(*keyfile.get()));

+ keyfiles = Token::GetAvailableKeyfiles(ActivateEMVOption);

+extern BOOL ActivateEMVOption;

+#include "EMVToken.h"

+

+#include "Platform/Finally.h"

+#include "Platform/ForEach.h"

+#include <vector>

+#include <iostream>

+

+

+

+#if !defined(TC_WINDOWS) || defined(TC_PROTOTYPE)

+#include "Platform/SerializerFactory.h"

+#include "Platform/StringConverter.h"

+#include "Platform/SystemException.h"

+#else

+#include "Dictionary.h"

+#include "Language.h"

+#endif

+

+

+using namespace std;

+

+namespace VeraCrypt

+{

+

+ IccDataExtractor EMVToken::extractor;

+

+ EMVTokenInfo::~EMVTokenInfo()

+ {

+ burn(&Label,Label.size());

+ }

+

+ EMVTokenKeyfile::EMVTokenKeyfile(const TokenKeyfilePath& path)

+ {

+ Id = EMV_CARDS_LABEL;

+ Token = shared_ptr<EMVTokenInfo>(new EMVTokenInfo());

+ wstring pathStr = path;

+ unsigned long slotId;

+

+ if (swscanf(pathStr.c_str(), TC_EMV_TOKEN_KEYFILE_URL_PREFIX TC_EMV_TOKEN_KEYFILE_URL_SLOT L"/%lu", &slotId) != 1)

+ throw InvalidEMVPath();

+

+ Token->SlotId = slotId;

+ }

+

+ EMVTokenKeyfile::operator TokenKeyfilePath () const

+ {

+ wstringstream path;

+ path << TC_EMV_TOKEN_KEYFILE_URL_PREFIX TC_EMV_TOKEN_KEYFILE_URL_SLOT L"/" << Token->SlotId;

+ return path.str();

+ }

+

+ void EMVTokenKeyfile::GetKeyfileData(vector <byte>& keyfileData) const

+ {

+ #ifdef TC_WINDOWS

+ EMVToken::extractor.InitLibrary();

+ #endif

+

+ EMVToken::extractor.GetReaders();

+ EMVToken::extractor.GettingAllCerts(Token->SlotId, keyfileData);

+ }

+

+ bool EMVToken::IsKeyfilePathValid(const wstring& emvTokenKeyfilePath)

+ {

+ return emvTokenKeyfilePath.find(TC_EMV_TOKEN_KEYFILE_URL_PREFIX) == 0;

+ }

+

+ vector<EMVTokenKeyfile> EMVToken::GetAvailableKeyfiles(unsigned long int* slotIdFilter, const wstring keyfileIdFilter) {

+ #ifdef TC_WINDOWS

+ EMVToken::extractor.InitLibrary();

+ #endif

+

+ vector <EMVTokenKeyfile> keyfiles;

+ unsigned long int nb = 0;

+

+ nb = EMVToken::extractor.GetReaders();

+

+

+ for(unsigned long int slotId = 0; slotId<nb; slotId++)

+ {

+ EMVTokenInfo token;

+

+ if (slotIdFilter && *slotIdFilter != slotId)

+ continue;

+

+ try{

+ token = GetTokenInfo(slotId);

+ } catch(EMVUnknownCardType) {

+ continue;

+ }catch(PCSCException){

+

+ continue;

+ }

+

+ EMVTokenKeyfile keyfile;

+ keyfile.Token->SlotId = slotId;

+ keyfile.Token = shared_ptr<TokenInfo>(new EMVTokenInfo(token));

+

+ keyfiles.push_back(keyfile);

+

+ if (!keyfileIdFilter.empty())

+ break;

+ }

+

+ return keyfiles;

+

+ }

+

+

+ EMVTokenInfo EMVToken::GetTokenInfo(unsigned long int slotId) {

+ EMVTokenInfo token;

+ token.SlotId = slotId;

+ //card numbers extraction

+ std::string pan;

+ EMVToken::extractor.GettingPAN(slotId, pan);

+ token.Label = L"EMV card **** ";

+ token.Label += wstring (pan.begin(), pan.end());

+ burn(&pan[0],pan.size());

+ return token;

+ }

+

+}

+#ifndef TC_HEADER_Common_EMVToken

+#define TC_HEADER_Common_EMVToken

+

+#define TC_EMV_TOKEN_KEYFILE_URL_PREFIX L"emv://"

+#define TC_EMV_TOKEN_KEYFILE_URL_SLOT L"slot"

+

+#define EMV_CARDS_LABEL L"EMV Certificates"

+

+#include "Platform/PlatformBase.h"

+#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)

+# include "Exception.h"

+#else

+# include "Platform/Exception.h"

+#endif

+

+#include "Token.h"

+#include "IccDataExtractor.h"

+

+namespace VeraCrypt {

+

+ struct EMVTokenInfo: TokenInfo

+ {

+ virtual ~EMVTokenInfo();

+ virtual BOOL isEditable() const {return false;}

+ };

+

+ struct EMVTokenKeyfile: TokenKeyfile

+ {

+ EMVTokenKeyfile(){Id = EMV_CARDS_LABEL; Token = shared_ptr<EMVTokenInfo>(new EMVTokenInfo());};

+ EMVTokenKeyfile(const TokenKeyfilePath& path);

+

+ virtual operator TokenKeyfilePath () const;

+ virtual void GetKeyfileData(vector <byte>& keyfileData) const;

+

+ };

+

+ class EMVToken {

+ private:

+ static IccDataExtractor extractor;

+ public:

+ static bool IsKeyfilePathValid(const wstring& emvTokenKeyfilePath);

+ static vector<EMVTokenKeyfile> GetAvailableKeyfiles(unsigned long int* slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring());

+ static EMVTokenInfo GetTokenInfo(unsigned long int slotId);

+

+ friend void EMVTokenKeyfile::GetKeyfileData(vector <byte>& keyfileData) const;

+

+ };

+}

+

+#endif

+//

+// Created by bshp on 1/14/23.

+//

+

+#include "IccDataExtractor.h"

+

+#if !defined (TC_WINDOWS) || defined (TC_PROTOTYPE)

+# include "Platform/SerializerFactory.h"

+# include "Platform/StringConverter.h"

+# include "Platform/SystemException.h"

+#else

+# include "Dictionary.h"

+# include "Language.h"

+#endif

+

+#include "Tcdefs.h"

+

+namespace VeraCrypt

+{

+

+

+ #ifdef TC_WINDOWS

+ bool VeraCrypt::IccDataExtractor::Initialized;

+ #endif

+ //using namespace std;

+ const BYTE IccDataExtractor::SELECT_MASTERCARD[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 0x04, 0x10, 0x10};

+ const BYTE IccDataExtractor::SELECT_VISA[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 0x03, 0x10, 0x10};

+ const BYTE IccDataExtractor::SELECT_AMEX[] = {00, 0xA4, 0x04, 00, 0x07, 0xA0, 00, 00, 00, 00, 0x25, 0x10};

+ const BYTE * IccDataExtractor::SELECT_TYPES[]={SELECT_MASTERCARD, SELECT_VISA, SELECT_AMEX};

+

+ IccDataExtractor::IccDataExtractor(){}

+

+ IccDataExtractor::~IccDataExtractor(){

+ /* Disconnect card if connected */

+ if(hCard){

+ #ifdef TC_WINDOWS

+ WSCardDisconnect(hContext,hCard);

+ #else

+ SCardDisconnect(hContext,hCard);

+ #endif

+ }

+ /* Release memory that has been returned from the resource manager using the SCARD_AUTOALLOCATE length

+ * designator*/

+ if (mszReaders){

+ #ifdef TC_WINDOWS

+ WSCardFreeMemory(hContext, mszReaders);

+ #else

+ SCardFreeMemory(hContext, mszReaders);

+ #endif

+ }

+

+ /* Closing the established resource manager context freeing any resources allocated under that context

+ * including SCARDHANDLE objects and memory allocated using the SCARD_AUTOALLOCATE length designator*/

+ if(hContext){

+ #ifdef TC_WINDOWS

+ WSCardReleaseContext(hContext);

+ #else

+ SCardReleaseContext(hContext);

+ #endif

+ }

+

+ /* Freeing winscard library */

+ #ifdef TC_WINDOWS

+ FreeLibrary(WinscardLibraryHandle);

+ #endif

+ }

+

+ #ifdef TC_WINDOWS

+ void IccDataExtractor::InitLibrary(){

+

+ if(Initialized) return;

+

+ /* Getting the System32 directory */

+ char sysDir[MAX_PATH-20];

+ GetSystemDirectoryA(sysDir, MAX_PATH);

+

+ /* Getting the winscard dll path directory */

+ char winscardPath[MAX_PATH];

+ sprintf_s(winscardPath, "%s\\Winscard.dll", sysDir);

+

+ /* Loading the winscard dll from System32 */

+ WinscardLibraryHandle = LoadLibraryA(winscardPath);

+ throw_sys_if(!WinscardLibraryHandle);

+

+ /* Fetching the functions pointers from the dll */

+ WSCardEstablishContext = (SCardEstablishContextPtr) GetProcAddress(WinscardLibraryHandle,"SCardEstablishContext");

+ if(!WSCardEstablishContext) throw WinscardLibraryNotInitialized();

+

+ WSCardReleaseContext= (SCardReleaseContextPtr) GetProcAddress(WinscardLibraryHandle,"SCardReleaseContext");

+ if(!WSCardReleaseContext) throw WinscardLibraryNotInitialized();

+

+ WSCardConnectA = (SCardConnectAPtr) GetProcAddress(WinscardLibraryHandle,"SCardConnectA");

+ if(!WSCardConnectA) throw WinscardLibraryNotInitialized();

+

+ WSCardDisconnect = (SCardDisconnectPtr) GetProcAddress(WinscardLibraryHandle,"SCardDisconnect");

+ if(!WSCardDisconnect) throw WinscardLibraryNotInitialized();

+

+ WSCardFreeMemory = ( SCardFreeMemoryPtr) GetProcAddress(WinscardLibraryHandle,"SCardFreeMemory");

+ if(!WSCardFreeMemory) throw WinscardLibraryNotInitialized();

+

+ WSCardListReadersA = (SCardListReadersAPtr) GetProcAddress(WinscardLibraryHandle,"SCardListReadersA");

+ if(!WSCardListReadersA) throw WinscardLibraryNotInitialized();

+

+ WSCardTransmit = ( SCardTransmitPtr) GetProcAddress(WinscardLibraryHandle,"SCardTransmit");

+ if(!WSCardTransmit) throw WinscardLibraryNotInitialized();

+

+ Initialized = true;

+

+ }

+ #endif

+

+ /* Establishing the resource manager context (the scope) within which database operations are performed.

+ * The module of the smart card subsystem that manages access to multiple readers and smart cards. The

+ * resource manager identifies and tracks resources, allocates readers and resources across multiple

+ * applications,and supports transaction primitives for accessing services available on a given card.*/

+ int IccDataExtractor::EstablishRSContext(){

+

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);

+ #else

+ LONG returnValue = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);

+ #endif

+

+ /* Check if the establishment of the context was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ return EXIT_SUCCESS;

+ }

+

+ /* Detecting available readers and filling the reader table */

+ unsigned long IccDataExtractor::GetReaders(){

+

+ #ifdef TC_WINDOWS

+ if(!Initialized)

+ throw WinscardLibraryNotInitialized();

+ #endif

+

+ EstablishRSContext();

+

+ /* Length of the mszReaders buffer in characters. If the buffer length is specified as

+ * SCARD_AUTOALLOCATE, then mszReaders is converted to a pointer to a byte pointer, and

+ * receives the address of a block of memory containing the multi-string structure */

+ DWORD dwReaders = SCARD_AUTOALLOCATE;

+

+ /* Retrieving the available readers list and putting it in mszReaders*/ // Use LPSTR on linux

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardListReadersA(hContext, NULL, (LPSTR)&mszReaders, &dwReaders);

+ #else

+ LONG returnValue = SCardListReaders(hContext, NULL, (LPTSTR)&mszReaders, &dwReaders);

+ #endif

+

+ /* If the is no readers, return */

+ if(returnValue == SCARD_E_NO_READERS_AVAILABLE) return 0;

+

+ /* Check if the listing of the connected readers was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ nbReaders = 0;

+ LPSTR ReaderPtr = mszReaders;

+

+ /* Getting the total number of readers */

+ while (*ReaderPtr != '\0')

+ {

+ readers.push_back(ReaderPtr);

+ ReaderPtr += strlen((char*)ReaderPtr) + 1;

+ nbReaders++;

+ }

+

+ return nbReaders;

+ }

+

+ /* Connecting to the card in the given reader*/

+ int IccDataExtractor::ConnectCard(unsigned long int reader_nb){

+

+ /* Check if the given reader slot number is possible */

+ if (reader_nb < 0 || reader_nb >= nbReaders)

+ throw InvalidEMVPath();

+

+ dwActiveProtocol = SCARD_PROTOCOL_UNDEFINED;

+

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardConnectA(hContext, readers[reader_nb], SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol);

+ #else

+ LONG returnValue = SCardConnect(hContext, readers[reader_nb], SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol);

+ #endif

+

+ /* Check is the card connection was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ return EXIT_SUCCESS;

+ }

+

+ /* Disconnect the card currently connected*/

+ int IccDataExtractor::DisconnectCard(){

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardDisconnect(hCard, SCARD_UNPOWER_CARD);

+ #else

+ LONG returnValue = SCardDisconnect(hCard, SCARD_UNPOWER_CARD);

+ #endif

+

+ /* Check is the card deconnection was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ return EXIT_SUCCESS;

+ }

+

+ /* Testing if the card contains the application of the given EMV type (0:Mastercard, 1:Visa, 2:Amex) */

+ bool IccDataExtractor::TestingCardType(const int SELECT_TYPE_NUMBER){

+

+ const BYTE * SELECTED_TYPE = SELECT_TYPES[SELECT_TYPE_NUMBER];

+

+ BYTE pbRecvBuffer[64]; /* Buffer to receive the card response */

+

+ DWORD dwSendLength = SELECT_TYPE_SIZE; /* Set the size of the send buffer */

+ DWORD dwRecvLength = sizeof(pbRecvBuffer); /* Set the size of the reception buffer */

+

+ /* Set up the io request */

+ SCARD_IO_REQUEST ioRequest;

+ ioRequest.dwProtocol = dwActiveProtocol;

+ ioRequest.cbPciLength = sizeof(ioRequest);

+

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardTransmit(hCard, &ioRequest, SELECTED_TYPE, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);

+ #else

+ LONG returnValue = SCardTransmit(hCard, &ioRequest, SELECTED_TYPE, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* It received a response. Check if it didn't get a recognisable response */

+ if (dwRecvLength < 2)

+ return false;

+

+ /* Check if the command successfully executed (the card is the type passed in the parameter) */

+ if (pbRecvBuffer[0] == 0x61)

+ return true;

+

+ return false;

+ }

+

+ /* Getting the ICC Public Key Certificates and the Issuer Public Key Certificates by parsing the application

+ * (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/

+ void IccDataExtractor::GetCerts(vector<byte> &CERTS){

+

+ CERTS.clear();

+

+ bool iccFound= false;

+ bool issuerFound= false;

+

+ shared_ptr<TLVNode> node;

+ shared_ptr<TLVNode> ICC_Public_Key_Certificate;

+ shared_ptr<TLVNode> Issuer_PK_Certificate;

+

+ BYTE pbRecvBuffer[64]; /* Buffer to receive the card response */

+ BYTE pbRecvBufferFat[256]; /* Bigger buffer to receive the card response */

+

+ DWORD dwSendLength; /* Size of the send buffer */

+ DWORD dwRecvLength; /* Size of the reception buffer */

+

+ /* Set up the io request */

+ SCARD_IO_REQUEST ioRequest;

+ ioRequest.dwProtocol = dwActiveProtocol;

+ ioRequest.cbPciLength = sizeof(ioRequest);

+

+ LONG returnValue;

+

+ /* Parsing root folders */

+ for (int sfi = 0; sfi < 32; sfi++)

+ {

+ /* Parsing sub folders */

+ for (int rec = 0; rec < 17; rec++)

+ {

+ BYTE SELECT_APDU_FILE[] = {00, 0xB2, static_cast<unsigned char>(rec), static_cast<unsigned char>((sfi << 3) | 4), 0x00};

+

+ dwSendLength = sizeof(SELECT_APDU_FILE);

+ dwRecvLength = sizeof(pbRecvBuffer);

+

+ /* Check if there is data in the folder */

+ #ifdef TC_WINDOWS

+ returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);

+ #else

+ returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* There is no data in the folder */

+ if (pbRecvBuffer[0] != 0x6C)

+ continue;

+

+ /* It set the proper expected length of the data in the APDU */

+ SELECT_APDU_FILE[4] = pbRecvBuffer[1];

+

+ dwRecvLength = sizeof(pbRecvBufferFat);

+

+ /* Get the data from the folder */

+ #ifdef TC_WINDOWS

+ returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength, NULL, pbRecvBufferFat, &dwRecvLength);

+ #else

+ returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength, NULL, pbRecvBufferFat, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* It received a response. Check if it didn't get a recognisable response */

+ if (dwRecvLength < 2)

+ continue;

+

+ /* Parsing the TLV */

+ try{

+ node = TLVParser::TLV_Parse(pbRecvBufferFat,sizeof(pbRecvBufferFat));

+ }catch(TLVException){

+ continue;

+ }

+

+ /* Finding the ICC_Public_Key_Certificate */

+ try{

+ ICC_Public_Key_Certificate = TLVParser::TLV_Find(node, 0x9F46);

+ }catch(TLVException){

+ continue;

+ }

+ if(ICC_Public_Key_Certificate) {

+ iccFound=true;

+ for (int i = 0; i < ICC_Public_Key_Certificate->Length;i++) {

+ CERTS.push_back(static_cast<byte>(ICC_Public_Key_Certificate->Value[i]));

+ }

+ }

+

+ /* Finding the Issuer_Public_Key_Certificate */

+ try{

+ Issuer_PK_Certificate = TLVParser::TLV_Find(node, 0x90);

+ }catch(TLVException){

+ continue;

+ }

+

+ if(Issuer_PK_Certificate) {

+ issuerFound=true;

+ for (int i = 0; i < Issuer_PK_Certificate->Length;i++) {

+ CERTS.push_back(static_cast<byte>(Issuer_PK_Certificate->Value[i]));

+ }

+ }

+

+ /* Limiting the search to at least one occurrence of both PKs to speed up the process.

+ * There might be more certificates tho */

+ if(iccFound && issuerFound){

+ burn(pbRecvBuffer, sizeof(pbRecvBuffer));

+ burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));

+ return;

+ }

+ }

+ }

+ burn(pbRecvBuffer, sizeof(pbRecvBuffer));

+ burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));

+ throw EMVKeyfileDataNotFound();

+ }

+

+ /* Getting CPCL data from the card*/

+ void IccDataExtractor::GetCPCL(vector<byte> &v){

+

+ BYTE SELECT_APDU_CPCL[] = {0x80,0xCA, 0x9F, 0x7F, 0x00};

+

+ BYTE pbRecvBuffer[64]; /* Buffer to receive the card response */

+ BYTE pbRecvBufferFat[256]; /* Bigger buffer to receive the card response */

+

+ DWORD dwSendLength = sizeof (SELECT_APDU_CPCL); /* Set the size of the send buffer */

+ DWORD dwRecvLength = sizeof(pbRecvBuffer); /* Set the size of the reception buffer */

+

+ /* Set up the io request */

+ SCARD_IO_REQUEST ioRequest;

+ ioRequest.dwProtocol = dwActiveProtocol;

+ ioRequest.cbPciLength = sizeof(ioRequest);

+

+ /* Check if there is the TAG for CPCL Data in the card */

+ #ifdef TC_WINDOWS

+ LONG returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);

+ #else

+ LONG returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength, NULL, pbRecvBuffer, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* Not the correct APDU response code */

+ if (pbRecvBuffer[0] != 0x6C)

+ throw EMVKeyfileDataNotFound();

+

+ /* It set the proper expected length of the data in the APDU */

+ SELECT_APDU_CPCL[4] = pbRecvBuffer[1];

+

+ dwRecvLength = sizeof(pbRecvBufferFat);

+

+ /* Get the CPCL data */

+ #ifdef TC_WINDOWS

+ returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);

+ #else

+ returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_CPCL, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* It received a response. Check if it didn't get a recognisable response */

+ if (dwRecvLength < 2)

+ throw EMVKeyfileDataNotFound();

+

+ /* We add CPCL data and crop the TAG and the data length at the start and the trailer at the end */

+ for (unsigned long i = 3; i < dwRecvLength-2; i++) {

+ v.push_back(static_cast<byte>(pbRecvBufferFat[i]));

+ }

+ burn(pbRecvBuffer, sizeof(pbRecvBuffer));

+ burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));

+

+ }

+

+ /* Getting an ICC Public Key Certificates and an Issuer Public Key Certificates for the first application with the cpcl

+ * data present on the card and finally merge it into one byte array */

+ void IccDataExtractor::GettingAllCerts(int readerNumber, vector<byte> &v){

+

+ #ifdef TC_WINDOWS

+ if(!Initialized)

+ throw WinscardLibraryNotInitialized();

+ #endif

+

+ bool isEMV= false;

+

+ ConnectCard(readerNumber);

+

+ /* Test all the type of applications and get the certificates from the first one found */

+ for(int i=0;i<sizeof(SELECT_TYPES)/sizeof(SELECT_TYPES[0]); i++){

+

+ /* The card does not contain this application (0:Mastercard, 1:Visa, 2:Amex) */

+ if(!TestingCardType(i)) continue;

+ isEMV= true;

+ GetCerts(v);

+ break;

+ }

+

+ /* Need to disconnect reconnect the card to access CPLC data (not located in any application) */

+ DisconnectCard();

+

+ /* Check if the card is not an EMV one */

+ if(!isEMV)

+ throw EMVUnknownCardType();

+

+ ConnectCard(readerNumber);

+

+ GetCPCL(v);

+

+ DisconnectCard();

+ }

+

+ /* Getting the PAN by parsing the application

+ * (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/

+ void IccDataExtractor::GetPAN(vector<byte> &v) {

+

+ bool PANFound= false;

+ shared_ptr<TLVNode> node;

+ shared_ptr<TLVNode> PAN;

+

+ BYTE pbRecvBuffer[64]; /* Buffer to receive the card response */

+ BYTE pbRecvBufferFat[256]; /* Bigger buffer to receive the card response */

+

+ DWORD dwSendLength; /* Size of the send buffer */

+ DWORD dwRecvLength; /* Size of the reception buffer */

+

+ /* Set up the io request */

+ SCARD_IO_REQUEST ioRequest;

+ ioRequest.dwProtocol = dwActiveProtocol;

+ ioRequest.cbPciLength = sizeof(ioRequest);

+

+ LONG returnValue;

+

+ /* Parsing root folders */

+ for (int sfi = 0; sfi < 32; sfi++)

+ {

+ /* Parsing sub folders */

+ for (int rec = 0; rec < 17; rec++)

+ {

+ BYTE SELECT_APDU_FILE[] = {00, 0xB2, static_cast<unsigned char>(rec), static_cast<unsigned char>((sfi << 3) | 4), 0x00};

+

+ dwSendLength = sizeof(SELECT_APDU_FILE);

+ dwRecvLength = sizeof(pbRecvBuffer);

+

+ /* Check if there is data in the folder */

+ #ifdef TC_WINDOWS

+ returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);

+ #else

+ returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBuffer, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* There is no data in the folder */

+ if (pbRecvBuffer[0] != 0x6C)

+ continue;

+

+ /* It set the proper expected length of the data in the APDU */

+ SELECT_APDU_FILE[4] = pbRecvBuffer[1];

+

+ dwRecvLength = sizeof(pbRecvBufferFat);

+

+ /* Get the data from the folder */

+ #ifdef TC_WINDOWS

+ returnValue = WSCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);

+ #else

+ returnValue = SCardTransmit(hCard, &ioRequest, SELECT_APDU_FILE, dwSendLength,NULL, pbRecvBufferFat, &dwRecvLength);

+ #endif

+

+ /* Check if the transmission was unsuccessful */

+ if (returnValue != SCARD_S_SUCCESS)

+ throw PCSCException(returnValue);

+

+ /* It received a response. Check if it didn't get a recognisable response */

+ if (dwRecvLength < 2)

+ continue;

+

+ /* Parsing the TLV */

+ try{

+ node = TLVParser::TLV_Parse(pbRecvBufferFat,sizeof(pbRecvBufferFat));

+ }catch(TLVException){

+ continue;

+ }

+

+ /* Finding the PAN */

+ try{

+ PAN = TLVParser::TLV_Find(node, 0x5A);

+ }catch(TLVException){

+ continue;

+ }

+ if(PAN) {

+ PANFound=true;

+ if (PAN->Length >= 8){

+ for (int i = 6; i < 8;i++) {

+ v.push_back(static_cast<byte>(PAN->Value[i]));

+ }

+ }

+ }

+

+ if(PANFound){

+ burn(pbRecvBuffer, sizeof(pbRecvBuffer));

+ burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));

+ return ;

+ }

+ }

+ }

+ burn(pbRecvBuffer, sizeof(pbRecvBuffer));

+ burn(pbRecvBufferFat, sizeof(pbRecvBufferFat));

+ throw EMVPANNotFound();

+ }

+

+ /* Helper function to transform the PAN received (vector of byte) to a string */

+ template<typename TInputIter>

+ void IccDataExtractor::make_hex_string(TInputIter first, TInputIter last, string& returnValue, bool use_uppercase, bool insert_spaces) {

+ ostringstream ss;

+ ss << hex << std::setfill('0');

+ if (use_uppercase)

+ ss << uppercase;

+ while (first != last)

+ {

+ ss << setw(2) << static_cast<int>(*first++);

+ if (insert_spaces && first != last)

+ ss << " ";

+ }

+

+ returnValue = ss.str();

+ }

+

+ /* Wrapper function to get the PAN of the card*/

+ void IccDataExtractor::GettingPAN(int readerNumber, string& panString) {

+

+ #ifdef TC_WINDOWS

+ if(!Initialized)

+ throw WinscardLibraryNotInitialized();

+ #endif

+

+ vector<byte> PAN;

+

+ bool isEMV= false;

+

+ ConnectCard(readerNumber);

+

+ /* Test all the type of applications and get the PAN from the first one found */

+ for(int i=0;i<sizeof(SELECT_TYPES)/sizeof(SELECT_TYPES[0]); i++){

+

+ /* The card does not contain this application (0:Mastercard, 1:Visa, 2:Amex) */

+ if(!TestingCardType(i)) continue;

+ isEMV=true;

+ GetPAN(PAN);

+ break;

+ }

+

+ DisconnectCard();

+

+ /* Check if the card is not an EMV one */

+ if(!isEMV)

+ throw EMVUnknownCardType();

+

+ make_hex_string(PAN.begin(),PAN.end(),panString);

+

+ burn(&PAN.front(),PAN.size());

+ }

+

+ PCSCException::operator string() const{

+ if (ErrorCode == SCARD_S_SUCCESS)

+ return string();

+

+ static const struct{

+ LONG ErrorCode;

+ const char* ErrorString;

+ } ErrorStrings[] = {

+ #define SC_ERR(CODE) { CODE, #CODE },

+#ifdef TC_WINDOWS

+ SC_ERR(ERROR_BROKEN_PIPE)

+ SC_ERR(SCARD_E_NO_PIN_CACHE)

+ SC_ERR(SCARD_E_PIN_CACHE_EXPIRED)

+ SC_ERR(SCARD_E_READ_ONLY_CARD)

+ SC_ERR(SCARD_W_CACHE_ITEM_NOT_FOUND)

+ SC_ERR(SCARD_W_CACHE_ITEM_STALE)

+ SC_ERR(SCARD_W_CACHE_ITEM_TOO_BIG)

+#endif

+ SC_ERR(SCARD_E_BAD_SEEK)

+ SC_ERR(SCARD_E_CANCELLED)

+ SC_ERR(SCARD_E_CANT_DISPOSE)

+ SC_ERR(SCARD_E_CARD_UNSUPPORTED)

+ SC_ERR(SCARD_E_CERTIFICATE_UNAVAILABLE)

+ SC_ERR(SCARD_E_COMM_DATA_LOST)

+ SC_ERR(SCARD_E_COMM_DATA_LOST)

+ SC_ERR(SCARD_E_DIR_NOT_FOUND)

+ SC_ERR(SCARD_E_DUPLICATE_READER)

+ SC_ERR(SCARD_E_FILE_NOT_FOUND)

+ SC_ERR(SCARD_E_ICC_CREATEORDER)

+ SC_ERR(SCARD_E_ICC_INSTALLATION)

+ SC_ERR(SCARD_E_INSUFFICIENT_BUFFER)

+ SC_ERR(SCARD_E_INVALID_ATR)

+ SC_ERR(SCARD_E_INVALID_CHV)

+ SC_ERR(SCARD_E_INVALID_HANDLE)

+ SC_ERR(SCARD_E_INVALID_PARAMETER)

+ SC_ERR(SCARD_E_INVALID_TARGET)

+ SC_ERR(SCARD_E_INVALID_VALUE)

+ SC_ERR(SCARD_E_NO_ACCESS)

+ SC_ERR(SCARD_E_NO_DIR)

+ SC_ERR(SCARD_E_NO_FILE)

+ SC_ERR(SCARD_E_NO_KEY_CONTAINER)

+ SC_ERR(SCARD_E_NO_MEMORY)

+ SC_ERR(SCARD_E_NO_READERS_AVAILABLE)

+ SC_ERR(SCARD_E_NO_SERVICE)

+ SC_ERR(SCARD_E_NO_SMARTCARD)

+ SC_ERR(SCARD_E_NO_SUCH_CERTIFICATE)

+ SC_ERR(SCARD_E_NOT_READY)

+ SC_ERR(SCARD_E_NOT_TRANSACTED)

+ SC_ERR(SCARD_E_PCI_TOO_SMALL)

+ SC_ERR(SCARD_E_PROTO_MISMATCH)

+ SC_ERR(SCARD_E_READER_UNAVAILABLE)

+ SC_ERR(SCARD_E_READER_UNSUPPORTED)

+ SC_ERR(SCARD_E_SERVER_TOO_BUSY)

+ SC_ERR(SCARD_E_SERVICE_STOPPED)

+ SC_ERR(SCARD_E_SHARING_VIOLATION)

+ SC_ERR(SCARD_E_SYSTEM_CANCELLED)

+ SC_ERR(SCARD_E_TIMEOUT)

+ SC_ERR(SCARD_E_UNEXPECTED)

+ SC_ERR(SCARD_E_UNKNOWN_CARD)

+ SC_ERR(SCARD_E_UNKNOWN_READER)

+ SC_ERR(SCARD_E_UNKNOWN_RES_MNG)

+ SC_ERR(SCARD_E_UNSUPPORTED_FEATURE)

+ SC_ERR(SCARD_E_WRITE_TOO_MANY)

+ SC_ERR(SCARD_F_COMM_ERROR)

+ SC_ERR(SCARD_F_INTERNAL_ERROR)

+ SC_ERR(SCARD_F_UNKNOWN_ERROR)

+ SC_ERR(SCARD_W_CANCELLED_BY_USER)

+ SC_ERR(SCARD_W_CARD_NOT_AUTHENTICATED)

+ SC_ERR(SCARD_W_CHV_BLOCKED)

+ SC_ERR(SCARD_W_EOF)

+ SC_ERR(SCARD_W_REMOVED_CARD)

+ SC_ERR(SCARD_W_RESET_CARD)

+ SC_ERR(SCARD_W_SECURITY_VIOLATION)

+ SC_ERR(SCARD_W_UNPOWERED_CARD)

+ SC_ERR(SCARD_W_UNRESPONSIVE_CARD)

+ SC_ERR(SCARD_W_UNSUPPORTED_CARD)

+ SC_ERR(SCARD_W_WRONG_CHV)

+#undef SC_ERR

+ };

+

+ for (size_t i = 0; i < array_capacity(ErrorStrings); ++i)

+ {

+ if (ErrorStrings[i].ErrorCode == ErrorCode)

+ return ErrorStrings[i].ErrorString;

+ }

+

+ stringstream s;

+ s << "0x" << ErrorCode;

+ return s.str();

+ }

+

+ #ifdef TC_HEADER_Common_Exception

+ void PCSCException::Show(HWND parent) const

+ {

+ string errorString = string(*this);

+

+ if (!errorString.empty())

+ {

+ wstringstream subjectErrorCode;

+ if (SubjectErrorCodeValid)

+ subjectErrorCode << L": " << SubjectErrorCode;

+

+ if (!GetDictionaryValue(errorString.c_str()))

+ {

+ if (errorString.find("SCARD_E_") == 0 || errorString.find("SCARD_F_") == 0 || errorString.find("SCARD_W_") == 0)

+ {

+ errorString = errorString.substr(8);

+ for (size_t i = 0; i < errorString.size(); ++i)

+ {

+ if (errorString[i] == '_')

+ errorString[i] = ' ';

+ }

+ }

+ wchar_t err[8192];

+ StringCbPrintfW(err, sizeof(err), L"%s:\n\n%hs%s", GetString("PCSC_ERROR"), errorString.c_str(), subjectErrorCode.str().c_str());

+ ErrorDirect(err, parent);

+ }

+ else

+ {

+ wstring err = GetString(errorString.c_str());

+

+ if (SubjectErrorCodeValid)

+ err += L"\n\nError code" + subjectErrorCode.str();

+

+ ErrorDirect(err.c_str(), parent);

+ }

+ }

+ }

+ #endif // TC_HEADER_Common_Exception

+

+#ifdef TC_HEADER_Platform_Exception

+

+ void PCSCException::Deserialize(shared_ptr <Stream> stream)

+ {

+ Exception::Deserialize(stream);

+ Serializer sr(stream);

+ uint64 code;

+ sr.Deserialize("ErrorCode", code);

+ sr.Deserialize("SubjectErrorCodeValid", SubjectErrorCodeValid);

+ sr.Deserialize("SubjectErrorCode", SubjectErrorCode);

+ ErrorCode = (LONG)code;

+ }

+

+ void PCSCException::Serialize(shared_ptr <Stream> stream) const

+ {

+ Exception::Serialize(stream);

+ Serializer sr(stream);

+ sr.Serialize("ErrorCode", (uint64)ErrorCode);

+ sr.Serialize("SubjectErrorCodeValid", SubjectErrorCodeValid);

+ sr.Serialize("SubjectErrorCode", SubjectErrorCode);

+ }

+

+# define TC_EXCEPTION(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)

+# undef TC_EXCEPTION_NODECL

+# define TC_EXCEPTION_NODECL(TYPE) TC_SERIALIZER_FACTORY_ADD(TYPE)

+

+ TC_SERIALIZER_FACTORY_ADD_EXCEPTION_SET(PCSCTokenException);

+

+#endif

+

+} \ No newline at end of file

+//

+// Created by bshp on 1/14/23.

+//

+

+#ifndef NEWEMV_ICCDATAEXTRACTOR_H

+#define NEWEMV_ICCDATAEXTRACTOR_H

+

+#include <iostream>

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+#include <sstream>

+#include <vector>

+#include <iomanip>

+#include <memory>

+#include "Platform/PlatformBase.h"

+#include "TLVParser.h"

+

+#ifdef __linux__

+#include <unistd.h>

+#endif

+

+#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)

+# include "Exception.h"

+#else

+# include "Platform/Exception.h"

+#endif

+

+#ifdef TC_WINDOWS

+#include <winscard.h>

+#include <windows.h>

+#endif

+#ifdef TC_UNIX

+#undef BOOL

+#include <PCSC/winscard.h>

+using VeraCrypt::byte;

+#define BOOL int

+//#include <unistd.h> //Works without on windows

+#endif

+

+#ifdef _WIN32

+#include <windows.h>

+#endif

+

+#ifdef _WIN64

+#define ssize_t __int64

+#else

+#define ssize_t long

+#endif

+

+#define SELECT_TYPE_SIZE 12 /* Size of the SELECT_TYPE APDU */

+

+/* Winscard function pointers definitions for windows import */

+#ifdef TC_WINDOWS

+typedef LONG (WINAPI *SCardEstablishContextPtr)(DWORD dwScope,LPCVOID pvReserved1, LPCVOID pvReserved2, LPSCARDCONTEXT phContext);

+typedef LONG (WINAPI *SCardReleaseContextPtr)(SCARDCONTEXT hContext);

+typedef LONG (WINAPI *SCardConnectAPtr)(SCARDCONTEXT hContext,LPCSTR szReader,DWORD dwShareMode,DWORD dwPreferredProtocols,LPSCARDHANDLE phCard, LPDWORD pdwActiveProtocol);

+typedef LONG (WINAPI *SCardDisconnectPtr)(SCARDHANDLE hCard, DWORD dwDisposition);

+typedef LONG (WINAPI *SCardTransmitPtr)(SCARDHANDLE hCard,LPCSCARD_IO_REQUEST pioSendPci,const BYTE* pbSendBuffer, DWORD cbSendLength,LPSCARD_IO_REQUEST pioRecvPci,BYTE* pbRecvBuffer, LPDWORD pcbRecvLength);

+typedef LONG (WINAPI *SCardListReadersAPtr)(SCARDCONTEXT hContext,LPCSTR mszGroups,LPSTR mszReaders, LPDWORD pcchReaders);

+typedef LONG (WINAPI *SCardFreeMemoryPtr)(SCARDCONTEXT hContext,LPCVOID pvMem);

+#endif

+

+namespace VeraCrypt

+{

+ class IccDataExtractor {

+ private:

+

+ /* Used for loading winscard on windows */

+ #ifdef TC_WINDOWS

+ /* Winscard Library Handle */

+ HMODULE WinscardLibraryHandle;

+

+ /* Winscard function pointers */

+ SCardEstablishContextPtr WSCardEstablishContext;

+ SCardReleaseContextPtr WSCardReleaseContext;

+ SCardConnectAPtr WSCardConnectA;

+ SCardDisconnectPtr WSCardDisconnect;

+ SCardFreeMemoryPtr WSCardFreeMemory;

+ SCardListReadersAPtr WSCardListReadersA;

+ SCardTransmitPtr WSCardTransmit;

+

+ /* Is the winscard library loaded */

+ static bool Initialized;

+ #endif

+

+ /* SELECT_TYPES FOR DIFFERENT AIDs*/

+ const static BYTE SELECT_MASTERCARD[SELECT_TYPE_SIZE];

+ const static BYTE SELECT_VISA[SELECT_TYPE_SIZE];

+ const static BYTE SELECT_AMEX[SELECT_TYPE_SIZE];

+ const static BYTE * SELECT_TYPES[3];

+

+

+ SCARDCONTEXT hContext; /* Handle that identifies the resource manager context.*/

+

+ SCARDHANDLE hCard; /* A handle that identifies the connection to the smart card in the designated reader*/

+

+ std::vector<char*> readers; /* Card reader list */

+

+ unsigned long int nbReaders; /* Number of connected (available) readers */

+

+ LPSTR mszReaders; /* Names of the reader groups defined to the system, as a multi-string. Use a NULL value to

+ * list all readers in the system */

+

+ DWORD dwActiveProtocol; /* A flag that indicates the established active protocol.

+ * SCARD_PROTOCOL_T0: An asynchronous, character-oriented half-duplex transmission protocol.

+ * SCARD_PROTOCOL_T1: An asynchronous, block-oriented half-duplex transmission protocol.*/

+

+

+ /* Establishing the resource manager context (the scope) within which database operations are performed.

+ * The module of the smart card subsystem that manages access to multiple readers and smart cards. The

+ * resource manager identifies and tracks resources, allocates readers and resources across multiple

+ * applications,and supports transaction primitives for accessing services available on a given card.*/

+ int EstablishRSContext();

+

+ /* Connecting to the card in the given reader*/

+ int ConnectCard(unsigned long int reader_nb);

+

+ /* Disconnect the card currently connected*/

+ int DisconnectCard();

+

+ /* Testing if the card contains the application of the given EMV type */

+ bool TestingCardType(const int SELECT_TYPE_NUMBER);

+

+ /* Getting the ICC Public Key Certificates and the Issuer Public Key Certificates by parsing the application

+ * (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/

+ void GetCerts(vector<byte> &CERTS);

+

+ /* Getting CPCL data from the card and put it into a reference*/

+ void GetCPCL(vector<byte> &v);

+

+ /* Getting the PAN by parsing the application

+ * (!NEED TO TEST CARD TYPE TO SELECT APPLICATION FIRST!)*/

+ void GetPAN(vector<byte> &v);

+

+ /* Helper function to make a string from plain arrays and various standard containers of bytes */

+ template<typename TInputIter>

+ void make_hex_string(TInputIter first, TInputIter last, std::string& panString, bool use_uppercase = true, bool insert_spaces = false);

+

+ public:

+ IccDataExtractor();

+

+ ~IccDataExtractor();

+

+ /* Used to initialize the winscard library on windows to make sure the dll is in System32 */

+ #ifdef TC_WINDOWS

+ void IccDataExtractor::InitLibrary();

+ #endif

+

+ /* Detecting available readers and filling the reader table. Returns

+ * the number of available readers */

+ unsigned long GetReaders();

+

+

+ /* Getting an ICC Public Key Certificates, an Issuer Public Key Certificates and the CPCL data

+ * from the card designated by the reader number. Appending them into a byte vector */

+ void GettingAllCerts(int readerNumber, vector<byte> &v);

+

+ /* Getting the PAN from the card designated by the reader number */

+ void GettingPAN(int readerNumber, string& panString);

+ };

+

+ struct PCSCException: public Exception

+ {

+ PCSCException(LONG errorCode = (LONG) -1): ErrorCode(errorCode), SubjectErrorCodeValid(false), SubjectErrorCode((uint64)-1){}

+ PCSCException(LONG errorCode, uint64 subjectErrorCode): ErrorCode(errorCode), SubjectErrorCodeValid(true), SubjectErrorCode(subjectErrorCode){}

+

+ #ifdef TC_HEADER_Platform_Exception

+ virtual ~PCSCException() throw () { }

+ TC_SERIALIZABLE_EXCEPTION(PCSCException);

+ #else

+

+ void Show(HWND parent) const;

+ #endif

+

+ operator string () const;

+ LONG GetErrorCode() const { return ErrorCode; }

+

+ protected:

+ LONG ErrorCode;

+ bool SubjectErrorCodeValid;

+ uint64 SubjectErrorCode;

+ };

+

+ #ifdef TC_HEADER_Platform_Exception

+

+ #define TC_EXCEPTION(NAME) TC_EXCEPTION_DECL(NAME,Exception)

+

+ #undef TC_EXCEPTION_SET

+ #define TC_EXCEPTION_SET \

+ TC_EXCEPTION_NODECL (PCSCException); \

+ TC_EXCEPTION (WinscardLibraryNotInitialized); \

+ TC_EXCEPTION (InvalidEMVPath); \

+ TC_EXCEPTION (EMVKeyfileDataNotFound); \

+ TC_EXCEPTION (EMVPANNotFound); \

+ TC_EXCEPTION (EMVUnknownCardType);

+ TC_EXCEPTION_SET;

+

+ #undef TC_EXCEPTION

+

+ #else // !TC_HEADER_Platform_Exception

+

+ struct WinscardLibraryNotInitialized: public Exception

+ {

+ void Show(HWND parent) const { Error("WINSCARD_MODULE_INIT_FAILED", parent); }

+ };

+

+ struct InvalidEMVPath: public Exception

+ {

+ void Show(HWND parent) const { Error("INVALID_EMV_PATH", parent); }

+ };

+

+ struct EMVKeyfileDataNotFound: public Exception

+ {

+ void Show(HWND parent) const { Error("EMV_KEYFILE_DATA_NOT_FOUND", parent); }

+ };

+

+ struct EMVPANNotFound: public Exception

+ {

+ void Show(HWND parent) const { Error("EMV_PAN_NOT_FOUND", parent); }

+ };

+

+ struct EMVUnknownCardType: public Exception

+ {

+ void Show(HWND parent) const { Error("EMV_UNKNOWN_CARD_TYPE", parent); }

+ };

+

+ #endif // !TC_HEADER_Platform_Exception

+}

+

+#endif //NEWEMV_ICCDATAEXTRACTOR_H

+#include "EMVToken.h"

+ if (Token::IsKeyfilePathValid (kf->FileName, ActivateEMVOption))

+ TokenKeyfilePath secPath (kf->FileName);

+ Token::getTokenKeyfile (secPath)->GetKeyfileData (keyfileData);

+ list <TokenKeyfilePath> selectedTokenKeyfiles;

+ foreach (const TokenKeyfilePath &keyPath, selectedTokenKeyfiles)

+ list <TokenKeyfilePath> selectedTokenKeyfiles;

+ foreach (const TokenKeyfilePath &keyPath, selectedTokenKeyfiles)

+ <entry lang="en" key="IDC_ACTIVATE_EMV_OPTION">Activate EMV Option</entry>

+ <entry lang="en" key="IDT_EMV_OPTIONS">EMV Options</entry>

+ <entry lang="en" key="WINSCARD_MODULE_INIT_FAILED">Error when loading the winscard library.\n\nPlease make sure the WinSCard.dll is present in your System32 folder.</entry>

+ <entry lang="en" key="INVALID_EMV_PATH">EMV path is invalid.</entry>

+ <entry lang="en" key="EMV_KEYFILE_DATA_NOT_FOUND">Unable to build a keyfile from the EMV card's data.\n\nOne of the following is missing:\n- ICC Public Key Certificate.\n- Issuer Public Key Certificate.\n- CPCL data.</entry>

+ <entry lang="en" key="EMV_PAN_NOT_FOUND">No Primary Account Number (PAN) found in the EMV card.</entry>

+ <entry lang="en" key="EMV_UNKNOWN_CARD_TYPE">The card in the reader is not a supported EMV card.</entry>

+ <entry lang="en" key="SCARD_W_REMOVED_CARD">No card in the reader.\n\nPlease make sure the card is correctly slotted.</entry>

+ SecurityTokenKeyfile::SecurityTokenKeyfile(): Handle(CK_INVALID_HANDLE) {

+ SecurityTokenInfo* token = new SecurityTokenInfo();

+ Token = shared_ptr<SecurityTokenInfo>(token);

+ Token->SlotId = CK_UNAVAILABLE_INFORMATION;

+ token->Flags = 0;

+ }

+

+ SecurityTokenKeyfile::SecurityTokenKeyfile(const TokenKeyfilePath& path)

+ Token = shared_ptr<SecurityTokenInfo>(new SecurityTokenInfo());

+ if (swscanf(pathStr.c_str(), TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"/%lu", &slotId) != 1)

+ Token->SlotId = slotId;

+ size_t keyIdPos = pathStr.find(L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/");

+ Id = pathStr.substr(keyIdPos + wstring(L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/").size());

+ vector <SecurityTokenKeyfile> keyfiles = SecurityToken::GetAvailableKeyfiles(&Token->SlotId, Id);

+ SecurityTokenKeyfile::operator TokenKeyfilePath () const

+ path << TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX TC_SECURITY_TOKEN_KEYFILE_URL_SLOT L"/" << Token->SlotId << L"/" TC_SECURITY_TOKEN_KEYFILE_URL_FILE L"/" << Id;

+ void SecurityToken::CheckLibraryStatus()

+ void SecurityToken::CloseLibrary()

+ Pkcs11Functions->C_Finalize(NULL_PTR);

+ FreeLibrary(Pkcs11LibraryHandle);

+ dlclose(Pkcs11LibraryHandle);

+ void SecurityToken::CloseAllSessions() throw ()

+ foreach(SessionMapPair p, Sessions)

+ CloseSession(p.first);

+ catch (...) {}

+ void SecurityToken::CloseSession(CK_SLOT_ID slotId)

+ if (Sessions.find(slotId) == Sessions.end())

+ throw ParameterIncorrect(SRC_POS);

+ Pkcs11Functions->C_CloseSession(Sessions[slotId].Handle);

+ Sessions.erase(Sessions.find(slotId));

+ void SecurityToken::CreateKeyfile(CK_SLOT_ID slotId, vector <byte>& keyfileData, const string& name)

+ throw ParameterIncorrect(SRC_POS);

+ LoginUserIfRequired(slotId);

+ foreach(const SecurityTokenKeyfile & keyfile, GetAvailableKeyfiles(&slotId))

+ { CKA_CLASS, &dataClass, sizeof(dataClass) },

+ { CKA_TOKEN, &trueVal, sizeof(trueVal) },

+ { CKA_PRIVATE, &trueVal, sizeof(trueVal) },

+ { CKA_LABEL, (CK_UTF8CHAR*)name.c_str(), (CK_ULONG)name.size() },

+ { CKA_VALUE, &keyfileData.front(), (CK_ULONG)keyfileData.size() }

+ CK_RV status = Pkcs11Functions->C_CreateObject(Sessions[slotId].Handle, keyfileTemplate, array_capacity(keyfileTemplate), &keyfileHandle);

+ throw Pkcs11Exception(status);

+ GetObjectAttribute(slotId, keyfileHandle, CKA_VALUE, objectData);

+ finally_do_arg(vector <byte> *, &objectData, { if (!finally_arg->empty()) burn(&finally_arg->front(), finally_arg->size()); });

+ Pkcs11Functions->C_DestroyObject(Sessions[slotId].Handle, keyfileHandle);

+ throw Pkcs11Exception(CKR_DEVICE_MEMORY);

+ void SecurityToken::DeleteKeyfile(const SecurityTokenKeyfile& keyfile)

+ LoginUserIfRequired(keyfile.Token->SlotId);

+ CK_RV status = Pkcs11Functions->C_DestroyObject(Sessions[keyfile.Token->SlotId].Handle, keyfile.Handle);

+ throw Pkcs11Exception(status);

+ vector <SecurityTokenKeyfile> SecurityToken::GetAvailableKeyfiles(CK_SLOT_ID* slotIdFilter, const wstring keyfileIdFilter)

+ foreach(const CK_SLOT_ID & slotId, GetTokenSlots())

+ LoginUserIfRequired(slotId);

+ token = GetTokenInfo(slotId);

+ catch (UserAbort&)

+ catch (Pkcs11Exception& e)

+ foreach(const CK_OBJECT_HANDLE & dataHandle, GetObjects(slotId, CKO_DATA))

+ keyfile.Token->SlotId = slotId;

+ keyfile.Token = shared_ptr<SecurityTokenInfo>(new SecurityTokenInfo(token));

+ GetObjectAttribute(slotId, dataHandle, CKA_PRIVATE, privateAttrib);

+ if (privateAttrib.size() == sizeof(CK_BBOOL) && *(CK_BBOOL*)&privateAttrib.front() != CK_TRUE)

+ GetObjectAttribute(slotId, dataHandle, CKA_LABEL, label);

+ label.push_back(0);

+ keyfile.IdUtf8 = (char*)&label.front();

+ keyfile.Id = Utf8StringToWide((const char*)&label.front());

+ keyfile.Id = StringConverter::ToWide((const char*)&label.front());

+ keyfiles.push_back(keyfile);

+ throw Pkcs11Exception(CKR_TOKEN_NOT_RECOGNIZED);

+ list <SecurityTokenInfo> SecurityToken::GetAvailableTokens()

+ foreach(const CK_SLOT_ID & slotId, GetTokenSlots())

+ tokens.push_back(GetTokenInfo(slotId));

+ catch (Pkcs11Exception& e)

+ throw Pkcs11Exception(CKR_TOKEN_NOT_RECOGNIZED);

+ SecurityTokenInfo SecurityToken::GetTokenInfo(CK_SLOT_ID slotId)

+ CK_RV status = Pkcs11Functions->C_GetTokenInfo(slotId, &info);

+ throw Pkcs11Exception(status);

+ char label[sizeof(info.label) + 1];

+ memset(label, 0, sizeof(label));

+ memcpy(label, info.label, sizeof(info.label));

+ size_t lastSpace = token.LabelUtf8.find_last_not_of(' ');

+ token.LabelUtf8 = token.LabelUtf8.substr(0, lastSpace + 1);

+ token.Label = Utf8StringToWide(token.LabelUtf8);

+ token.Label = StringConverter::ToWide(token.LabelUtf8);

+ void SecurityTokenKeyfile::GetKeyfileData(vector <byte>& keyfileData) const

+ SecurityToken::LoginUserIfRequired(Token->SlotId);

+ SecurityToken::GetObjectAttribute(Token->SlotId, Handle, CKA_VALUE, keyfileData);

+ vector <CK_OBJECT_HANDLE> SecurityToken::GetObjects(CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass)

+ if (Sessions.find(slotId) == Sessions.end())

+ throw ParameterIncorrect(SRC_POS);

+ findTemplate.ulValueLen = sizeof(objectClass);

+ CK_RV status = Pkcs11Functions->C_FindObjectsInit(Sessions[slotId].Handle, &findTemplate, 1);

+ throw Pkcs11Exception(status);

+ finally_do_arg(CK_SLOT_ID, slotId, { Pkcs11Functions->C_FindObjectsFinal(Sessions[finally_arg].Handle); });

+ CK_RV status = Pkcs11Functions->C_FindObjects(Sessions[slotId].Handle, &object, 1, &objectCount);

+ throw Pkcs11Exception(status);

+ objects.push_back(object);

+ void SecurityToken::GetObjectAttribute(CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte>& attributeValue)

+ if (Sessions.find(slotId) == Sessions.end())

+ throw ParameterIncorrect(SRC_POS);

+ CK_RV status = Pkcs11Functions->C_GetAttributeValue(Sessions[slotId].Handle, tokenObject, &attribute, 1);

+ throw Pkcs11Exception(status);

+ attributeValue = vector <byte>(attribute.ulValueLen);

+ status = Pkcs11Functions->C_GetAttributeValue(Sessions[slotId].Handle, tokenObject, &attribute, 1);

+ throw Pkcs11Exception(status);

+ list <CK_SLOT_ID> SecurityToken::GetTokenSlots()

+ CK_RV status = Pkcs11Functions->C_GetSlotList(TRUE, NULL_PTR, &slotCount);

+ throw Pkcs11Exception(status);

+ vector <CK_SLOT_ID> slotArray(slotCount);

+ status = Pkcs11Functions->C_GetSlotList(TRUE, &slotArray.front(), &slotCount);

+ throw Pkcs11Exception(status);

+ status = Pkcs11Functions->C_GetSlotInfo(slotArray[i], &slotInfo);

+ slots.push_back(slotArray[i]);

+ bool SecurityToken::IsKeyfilePathValid(const wstring& securityTokenKeyfilePath)

+ return securityTokenKeyfilePath.find(TC_SECURITY_TOKEN_KEYFILE_URL_PREFIX) == 0;

+ void SecurityToken::Login(CK_SLOT_ID slotId, const char* pin)

+ if (Sessions.find(slotId) == Sessions.end())

+ OpenSession(slotId);

+ size_t pinLen = pin ? strlen(pin) : 0;

+ CK_RV status = Pkcs11Functions->C_Login(Sessions[slotId].Handle, CKU_USER, (CK_CHAR_PTR)pin, (CK_ULONG)pinLen);

+ throw Pkcs11Exception(status);

+ void SecurityToken::LoginUserIfRequired(CK_SLOT_ID slotId)

+ if (Sessions.find(slotId) == Sessions.end())

+ OpenSession(slotId);

+ status = Pkcs11Functions->C_GetSessionInfo(Sessions[slotId].Handle, &sessionInfo);

+ CloseSession(slotId);

+ catch (...) {}

+ OpenSession(slotId);

+ SecurityTokenInfo tokenInfo = GetTokenInfo(slotId);

+ status = Pkcs11Functions->C_Login(Sessions[slotId].Handle, CKU_USER, NULL_PTR, 0);

+ throw Pkcs11Exception(status);

+ finally_do_arg(string*, &pin, { burn((void*)finally_arg->c_str(), finally_arg->size()); });

+ Login(slotId, pin.c_str());

+ catch (Pkcs11Exception& e)

+ PinCallback->notifyIncorrectPin();

+ (*WarningCallback) (Pkcs11Exception(CKR_PIN_INCORRECT));

+ void SecurityToken::InitLibrary(const wstring& pkcs11LibraryPath, unique_ptr <GetPinFunctor> pinCallback, unique_ptr <SendExceptionFunctor> warningCallback)

+ void SecurityToken::InitLibrary(const string& pkcs11LibraryPath, unique_ptr <GetPinFunctor> pinCallback, unique_ptr <SendExceptionFunctor> warningCallback)

+ Pkcs11LibraryHandle = LoadLibraryW(pkcs11LibraryPath.c_str());

+ throw_sys_if(!Pkcs11LibraryHandle);

+ Pkcs11LibraryHandle = dlopen(pkcs11LibraryPath.c_str(), RTLD_NOW | RTLD_LOCAL);

+ throw_sys_sub_if(!Pkcs11LibraryHandle, dlerror());

+ typedef CK_RV(*C_GetFunctionList_t) (CK_FUNCTION_LIST_PTR_PTR ppFunctionList);

+ C_GetFunctionList_t C_GetFunctionList = (C_GetFunctionList_t)GetProcAddress(Pkcs11LibraryHandle, "C_GetFunctionList");

+ C_GetFunctionList_t C_GetFunctionList = (C_GetFunctionList_t)dlsym(Pkcs11LibraryHandle, "C_GetFunctionList");

+ CK_RV status = C_GetFunctionList(&Pkcs11Functions);

+ throw Pkcs11Exception(status);

+ status = Pkcs11Functions->C_Initialize(NULL_PTR);

+ throw Pkcs11Exception(status);

+ void SecurityToken::OpenSession(CK_SLOT_ID slotId)

+ if (Sessions.find(slotId) != Sessions.end())

+ if (!(GetTokenInfo(slotId).Flags & CKF_WRITE_PROTECTED))

+ flags |= CKF_RW_SESSION;

+ CK_RV status = Pkcs11Functions->C_OpenSession(slotId, flags, NULL_PTR, NULL_PTR, &session);

+ throw Pkcs11Exception(status);

+ const char* ErrorString;

+ TC_TOKEN_ERR(CKR_CANCEL)

+ TC_TOKEN_ERR(CKR_HOST_MEMORY)

+ TC_TOKEN_ERR(CKR_SLOT_ID_INVALID)

+ TC_TOKEN_ERR(CKR_GENERAL_ERROR)

+ TC_TOKEN_ERR(CKR_FUNCTION_FAILED)

+ TC_TOKEN_ERR(CKR_ARGUMENTS_BAD)

+ TC_TOKEN_ERR(CKR_NO_EVENT)

+ TC_TOKEN_ERR(CKR_NEED_TO_CREATE_THREADS)

+ TC_TOKEN_ERR(CKR_CANT_LOCK)

+ TC_TOKEN_ERR(CKR_ATTRIBUTE_READ_ONLY)

+ TC_TOKEN_ERR(CKR_ATTRIBUTE_SENSITIVE)

+ TC_TOKEN_ERR(CKR_ATTRIBUTE_TYPE_INVALID)

+ TC_TOKEN_ERR(CKR_ATTRIBUTE_VALUE_INVALID)

+ TC_TOKEN_ERR(CKR_DATA_INVALID)

+ TC_TOKEN_ERR(CKR_DATA_LEN_RANGE)

+ TC_TOKEN_ERR(CKR_DEVICE_ERROR)

+ TC_TOKEN_ERR(CKR_DEVICE_MEMORY)

+ TC_TOKEN_ERR(CKR_DEVICE_REMOVED)

+ TC_TOKEN_ERR(CKR_ENCRYPTED_DATA_INVALID)

+ TC_TOKEN_ERR(CKR_ENCRYPTED_DATA_LEN_RANGE)

+ TC_TOKEN_ERR(CKR_FUNCTION_CANCELED)

+ TC_TOKEN_ERR(CKR_FUNCTION_NOT_PARALLEL)

+ TC_TOKEN_ERR(CKR_FUNCTION_NOT_SUPPORTED)

+ TC_TOKEN_ERR(CKR_KEY_HANDLE_INVALID)

+ TC_TOKEN_ERR(CKR_KEY_SIZE_RANGE)

+ TC_TOKEN_ERR(CKR_KEY_TYPE_INCONSISTENT)

+ TC_TOKEN_ERR(CKR_KEY_NOT_NEEDED)

+ TC_TOKEN_ERR(CKR_KEY_CHANGED)

+ TC_TOKEN_ERR(CKR_KEY_NEEDED)

+ TC_TOKEN_ERR(CKR_KEY_INDIGESTIBLE)

+ TC_TOKEN_ERR(CKR_KEY_FUNCTION_NOT_PERMITTED)

+ TC_TOKEN_ERR(CKR_KEY_NOT_WRAPPABLE)

+ TC_TOKEN_ERR(CKR_KEY_UNEXTRACTABLE)

+ TC_TOKEN_ERR(CKR_MECHANISM_INVALID)

+ TC_TOKEN_ERR(CKR_MECHANISM_PARAM_INVALID)

+ TC_TOKEN_ERR(CKR_OBJECT_HANDLE_INVALID)

+ TC_TOKEN_ERR(CKR_OPERATION_ACTIVE)

+ TC_TOKEN_ERR(CKR_OPERATION_NOT_INITIALIZED)

+ TC_TOKEN_ERR(CKR_PIN_INCORRECT)

+ TC_TOKEN_ERR(CKR_PIN_INVALID)

+ TC_TOKEN_ERR(CKR_PIN_LEN_RANGE)

+ TC_TOKEN_ERR(CKR_PIN_EXPIRED)

+ TC_TOKEN_ERR(CKR_PIN_LOCKED)

+ TC_TOKEN_ERR(CKR_SESSION_CLOSED)

+ TC_TOKEN_ERR(CKR_SESSION_COUNT)

+ TC_TOKEN_ERR(CKR_SESSION_HANDLE_INVALID)

+ TC_TOKEN_ERR(CKR_SESSION_PARALLEL_NOT_SUPPORTED)

+ TC_TOKEN_ERR(CKR_SESSION_READ_ONLY)

+ TC_TOKEN_ERR(CKR_SESSION_EXISTS)

+ TC_TOKEN_ERR(CKR_SESSION_READ_ONLY_EXISTS)

+ TC_TOKEN_ERR(CKR_SESSION_READ_WRITE_SO_EXISTS)

+ TC_TOKEN_ERR(CKR_SIGNATURE_INVALID)

+ TC_TOKEN_ERR(CKR_SIGNATURE_LEN_RANGE)

+ TC_TOKEN_ERR(CKR_TEMPLATE_INCOMPLETE)

+ TC_TOKEN_ERR(CKR_TEMPLATE_INCONSISTENT)

+ TC_TOKEN_ERR(CKR_TOKEN_NOT_PRESENT)

+ TC_TOKEN_ERR(CKR_TOKEN_NOT_RECOGNIZED)

+ TC_TOKEN_ERR(CKR_TOKEN_WRITE_PROTECTED)

+ TC_TOKEN_ERR(CKR_UNWRAPPING_KEY_HANDLE_INVALID)

+ TC_TOKEN_ERR(CKR_UNWRAPPING_KEY_SIZE_RANGE)

+ TC_TOKEN_ERR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT)

+ TC_TOKEN_ERR(CKR_USER_ALREADY_LOGGED_IN)

+ TC_TOKEN_ERR(CKR_USER_NOT_LOGGED_IN)

+ TC_TOKEN_ERR(CKR_USER_PIN_NOT_INITIALIZED)

+ TC_TOKEN_ERR(CKR_USER_TYPE_INVALID)

+ TC_TOKEN_ERR(CKR_USER_ANOTHER_ALREADY_LOGGED_IN)

+ TC_TOKEN_ERR(CKR_USER_TOO_MANY_TYPES)

+ TC_TOKEN_ERR(CKR_WRAPPED_KEY_INVALID)

+ TC_TOKEN_ERR(CKR_WRAPPED_KEY_LEN_RANGE)

+ TC_TOKEN_ERR(CKR_WRAPPING_KEY_HANDLE_INVALID)

+ TC_TOKEN_ERR(CKR_WRAPPING_KEY_SIZE_RANGE)

+ TC_TOKEN_ERR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT)

+ TC_TOKEN_ERR(CKR_RANDOM_SEED_NOT_SUPPORTED)

+ TC_TOKEN_ERR(CKR_RANDOM_NO_RNG)

+ TC_TOKEN_ERR(CKR_DOMAIN_PARAMS_INVALID)

+ TC_TOKEN_ERR(CKR_BUFFER_TOO_SMALL)

+ TC_TOKEN_ERR(CKR_SAVED_STATE_INVALID)

+ TC_TOKEN_ERR(CKR_INFORMATION_SENSITIVE)

+ TC_TOKEN_ERR(CKR_STATE_UNSAVEABLE)

+ TC_TOKEN_ERR(CKR_CRYPTOKI_NOT_INITIALIZED)

+ TC_TOKEN_ERR(CKR_CRYPTOKI_ALREADY_INITIALIZED)

+ TC_TOKEN_ERR(CKR_MUTEX_BAD)

+ TC_TOKEN_ERR(CKR_MUTEX_NOT_LOCKED)

+ TC_TOKEN_ERR(CKR_NEW_PIN_MODE)

+ TC_TOKEN_ERR(CKR_NEXT_OTP)

+ TC_TOKEN_ERR(CKR_FUNCTION_REJECTED)

+ for (size_t i = 0; i < array_capacity(ErrorStrings); ++i)

+ void Pkcs11Exception::Show(HWND parent) const

+ string errorString = string(*this);

+ if (!GetDictionaryValue(errorString.c_str()))

+ if (errorString.find("CKR_") == 0)

+ errorString = errorString.substr(4);

+ StringCbPrintfW(err, sizeof(err), L"%s:\n\n%hs%s", GetString("SECURITY_TOKEN_ERROR"), errorString.c_str(), subjectErrorCode.str().c_str());

+ ErrorDirect(err, parent);

+ wstring err = GetString(errorString.c_str());

+ ErrorDirect(err.c_str(), parent);

+ void* SecurityToken::Pkcs11LibraryHandle;

+ void Pkcs11Exception::Deserialize(shared_ptr <Stream> stream)

+ Exception::Deserialize(stream);

+ Serializer sr(stream);

+ sr.Deserialize("ErrorCode", code);

+ sr.Deserialize("SubjectErrorCodeValid", SubjectErrorCodeValid);

+ sr.Deserialize("SubjectErrorCode", SubjectErrorCode);

+ ErrorCode = (CK_RV)code;

+ void Pkcs11Exception::Serialize(shared_ptr <Stream> stream) const

+ Exception::Serialize(stream);

+ Serializer sr(stream);

+ sr.Serialize("ErrorCode", (uint64)ErrorCode);

+ sr.Serialize("SubjectErrorCodeValid", SubjectErrorCodeValid);

+ sr.Serialize("SubjectErrorCode", SubjectErrorCode);

+ TC_SERIALIZER_FACTORY_ADD_EXCEPTION_SET(SecurityTokenException);

+#include "Token.h"

+

+ struct SecurityTokenInfo: TokenInfo

+ virtual BOOL isEditable() const {return true;}

+

+ struct SecurityTokenKeyfile: TokenKeyfile

+ SecurityTokenKeyfile();

+ SecurityTokenKeyfile(const TokenKeyfilePath& path);

+

+ operator TokenKeyfilePath () const;

+ void GetKeyfileData(vector<byte>& keyfileData) const;

+ struct Pkcs11Exception: public Exception

+ Pkcs11Exception(CK_RV errorCode = (CK_RV)-1)

+ : ErrorCode(errorCode),

+ SubjectErrorCodeValid(false),

+ SubjectErrorCode((uint64)-1)

+ Pkcs11Exception(CK_RV errorCode, uint64 subjectErrorCode)

+ : ErrorCode(errorCode),

+ SubjectErrorCodeValid(true),

+ SubjectErrorCode(subjectErrorCode)

+ virtual ~Pkcs11Exception() throw () { }

+ TC_SERIALIZABLE_EXCEPTION(Pkcs11Exception);

+ void Show(HWND parent) const;

+ CK_RV GetErrorCode() const { return ErrorCode; }

+ struct SecurityTokenLibraryNotInitialized: public Exception

+ void Show(HWND parent) const { Error(SecurityTokenLibraryPath[0] == 0 ? "NO_PKCS11_MODULE_SPECIFIED" : "PKCS11_MODULE_INIT_FAILED", parent); }

+ struct InvalidSecurityTokenKeyfilePath: public Exception

+ void Show(HWND parent) const { Error("INVALID_TOKEN_KEYFILE_PATH", parent); }

+ struct SecurityTokenKeyfileAlreadyExists: public Exception

+ void Show(HWND parent) const { Error("TOKEN_KEYFILE_ALREADY_EXISTS", parent); }

+ struct SecurityTokenKeyfileNotFound: public Exception

+ void Show(HWND parent) const { Error("TOKEN_KEYFILE_NOT_FOUND", parent); }

+ Pkcs11Session(): Handle(CK_UNAVAILABLE_INFORMATION), UserLoggedIn(false) { }

+ virtual ~GetPinFunctor() { }

+ virtual void operator() (string& str) = 0;

+ virtual void notifyIncorrectPin() = 0;

+ virtual ~SendExceptionFunctor() { }

+ virtual void operator() (const Exception& e) = 0;

+ static void CloseAllSessions() throw ();

+ static void CloseLibrary();

+ static void CreateKeyfile(CK_SLOT_ID slotId, vector <byte>& keyfileData, const string& name);

+ static void DeleteKeyfile(const SecurityTokenKeyfile& keyfile);

+ static vector <SecurityTokenKeyfile> GetAvailableKeyfiles(CK_SLOT_ID* slotIdFilter = nullptr, const wstring keyfileIdFilter = wstring());

+ static list <SecurityTokenInfo> GetAvailableTokens();

+ static SecurityTokenInfo GetTokenInfo(CK_SLOT_ID slotId);

+ static void InitLibrary(const wstring& pkcs11LibraryPath, unique_ptr <GetPinFunctor> pinCallback, unique_ptr <SendExceptionFunctor> warningCallback);

+ static void InitLibrary(const string& pkcs11LibraryPath, unique_ptr <GetPinFunctor> pinCallback, unique_ptr <SendExceptionFunctor> warningCallback);

+ static bool IsInitialized() { return Initialized; }

+ static bool IsKeyfilePathValid(const wstring& securityTokenKeyfilePath);

+ static void CloseSession(CK_SLOT_ID slotId);

+ static vector <CK_OBJECT_HANDLE> GetObjects(CK_SLOT_ID slotId, CK_ATTRIBUTE_TYPE objectClass);

+ static void GetObjectAttribute(CK_SLOT_ID slotId, CK_OBJECT_HANDLE tokenObject, CK_ATTRIBUTE_TYPE attributeType, vector <byte>& attributeValue);

+ static list <CK_SLOT_ID> GetTokenSlots();

+ static void Login(CK_SLOT_ID slotId, const char* pin);

+ static void LoginUserIfRequired(CK_SLOT_ID slotId);

+ static void OpenSession(CK_SLOT_ID slotId);

+ static void CheckLibraryStatus();

+ static void* Pkcs11LibraryHandle;

+

+ friend void SecurityTokenKeyfile::GetKeyfileData(vector <byte>& keyfileData) const;

+#include "TLVParser.h"

+#include <string.h>

+

+using namespace std;

+

+/* TLV node structure creation */

+shared_ptr<TLVNode> TLVParser::TLV_CreateNode()

+{

+ shared_ptr<TLVNode> node= shared_ptr<TLVNode>(new TLVNode);

+ memset(node.get(),0,sizeof(*node));

+ return node;

+}

+

+/* Check if the bit is correct */

+uint16_t TLVParser::CheckBit(unsigned char value, int bit){

+ unsigned char bitvalue[8] = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80};

+

+ if((bit >= 1)&&(bit <= 8)){

+ if(value & bitvalue[bit-1]) {

+ return (1);

+ }

+ else {

+ return (0);

+ }

+ }

+ else{

+ throw TLVException("FILE:"+string(__FILE__)+"LINE: "+to_string(static_cast<long long>((__LINE__)))+" fonction parameter incorrect! bit=["+to_string(static_cast<long long>(bit)));

+ return(2);

+ }

+}

+

+/* Parsing one TLV node */

+shared_ptr<TLVNode> TLVParser::TLV_Parse_One(unsigned char* buf,int size){

+ int index = 0;

+ int i;

+ unsigned char tag1,tag2,tagsize;

+ unsigned char len,lensize;

+ unsigned char* value;

+ shared_ptr<TLVNode> node = TLV_CreateNode();

+

+ tag1 = tag2 = 0;

+ tagsize = 1;

+ tag1 = buf[index++];

+ if((tag1 & 0x1f) == 0x1f){

+ tagsize++;

+ tag2 = buf[index++];

+ //tag2 b8 must be 0!

+ }

+ if(tagsize == 1) {

+ node->Tag = tag1;

+ }

+ else {

+ node->Tag = (tag1 << 8) + tag2;

+ }

+ node->TagSize = tagsize;

+

+ //SubFlag

+ node->SubFlag = CheckBit(tag1,6);

+

+ //L zone

+ len = 0;

+ lensize = 1;

+ len = buf[index++];

+ if(CheckBit(len,8) == 0){

+ node->Length = len;

+ }

+ else{

+ lensize = len & 0x7f;

+ len = 0;

+ for(i=0;i<lensize;i++){

+ len += (uint16_t)buf[index++] << (i*8);

+ }

+ lensize++;

+ }

+ node->Length = len;

+ node->LengthSize = lensize;

+

+ //V zone

+ value = new unsigned char[len];

+ std::copy(buf+index,buf+index+len,value);

+ node->Value = value;

+ index += len;

+

+ if(index < size){

+ node->MoreFlag = 1;

+ }

+ else if(index == size){

+ node->MoreFlag = 0;

+ }

+ else{

+ throw TLVException("Parse Error! index="+to_string(static_cast<long long>(index))+"size="+to_string(static_cast<long long>(size)));

+ }

+

+ return node;

+}

+

+/* Parsing all sub-nodes (in width not in depth) of a given parent node */

+int TLVParser::TLV_Parse_SubNodes(shared_ptr<TLVNode> parent){

+ int sublen = 0;

+ int i;

+

+ //No sub-nodes

+ if(parent->SubFlag == 0)

+ return 0;

+

+ for(i=0;i<parent->SubCount;i++)

+ {

+ sublen += (parent->Sub[i]->TagSize + parent->Sub[i]->Length + parent->Sub[i]->LengthSize);

+ }

+

+ if(sublen < parent->Length)

+ {

+ shared_ptr<TLVNode> subnode = TLV_Parse_One(parent->Value+sublen,parent->Length-sublen);

+ parent->Sub[parent->SubCount++] = subnode;

+ return subnode->MoreFlag;

+ }

+ else

+ {

+ return 0;

+ }

+}

+

+/* Recursive function to parse all nodes starting from a root parent node */

+void TLVParser::TLV_Parse_Sub(shared_ptr<TLVNode> parent)

+{

+ int i;

+ if(parent->SubFlag != 0)

+ {

+ //Parse all sub nodes.

+ while(TLV_Parse_SubNodes(parent) != 0);

+

+ for(i=0;i<parent->SubCount;i++)

+ {

+ if(parent->Sub[i]->SubFlag != 0)

+ {

+ TLV_Parse_Sub(parent->Sub[i]);

+ }

+ }

+ }

+ return;

+}

+

+/* Parsing TLV from a buffer and constructing TLV structure */

+shared_ptr<TLVNode> TLVParser::TLV_Parse(unsigned char* buf,int size)

+{

+ shared_ptr<TLVNode> node = TLV_Parse_One(buf,size);

+ TLV_Parse_Sub(node);

+

+ return node;

+}

+

+/* Finding a TLV node with a particular tag */

+shared_ptr<TLVNode> TLVParser::TLV_Find(shared_ptr<TLVNode> node,uint16_t tag){

+ int i;

+ shared_ptr<TLVNode> tmpnode;

+ if(node->Tag == tag)

+ {

+ return node;

+ }

+ for(i=0;i<node->SubCount;i++)

+ {

+ tmpnode = NULL;

+ tmpnode = TLV_Find(node->Sub[i],tag);

+ if(tmpnode != NULL){

+ return tmpnode;

+ }

+ }

+ if(node->Next)

+ {

+ tmpnode = NULL;

+ tmpnode = TLV_Find(node->Next,tag);

+ if(tmpnode != NULL){

+ return tmpnode;

+ }

+ }

+

+ return nullptr;

+}

+

+//

+// Created by bshp on 1/20/23.

+//

+

+#ifndef ICC_EXTRACTOR_TLVPARSER_H

+#define ICC_EXTRACTOR_TLVPARSER_H

+#include <stdint.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <algorithm>

+#include <string>

+#include <memory>

+#include "iostream"

+#include "Tcdefs.h"

+using namespace std;

+struct TLVNode{

+ uint16_t Tag; /* T */

+ uint16_t Length; /* L */

+ unsigned char* Value; /* V */

+ unsigned char TagSize;

+ unsigned char LengthSize;

+ uint16_t MoreFlag; /* Used In Sub */

+ uint16_t SubFlag; /* Does it have sub-nodes? */

+ uint16_t SubCount;

+ shared_ptr<TLVNode> Sub[256];

+ shared_ptr<TLVNode> Next;

+

+ ~TLVNode() {

+ burn(Value, Length);

+ delete Value;

+ }

+};

+

+class TLVParser{

+private :

+

+ /* TLV node structure creation */

+ static shared_ptr<TLVNode> TLV_CreateNode();

+

+ /* Check if the bit is correct */

+ static uint16_t CheckBit(unsigned char value, int bit);

+

+ /* Parsing one TLV node */

+ static shared_ptr<TLVNode> TLV_Parse_One(unsigned char* buf,int size);

+

+ /* Parsing all TLV nodes */

+ static int TLV_Parse_SubNodes(shared_ptr<TLVNode> parent);

+

+ /* Parsing all sub-nodes (in width not in depth) of a given parent node */

+ static int TLV_Parse_All(shared_ptr<TLVNode> parent);

+

+ /* Recursive function to parse all nodes starting from a root parent node */

+ static void TLV_Parse_Sub(shared_ptr<TLVNode> parent);

+

+public:

+

+ /* Parsing TLV from a buffer and constructing TLV structure */

+ static shared_ptr<TLVNode> TLV_Parse(unsigned char* buf,int size);

+

+ /* Finding a TLV node with a particular tag */

+ static shared_ptr<TLVNode> TLV_Find(shared_ptr<TLVNode> node,uint16_t tag);

+};

+

+/* The definition of the exception class related to the TLV parsing */

+class TLVException

+{

+public:

+ TLVException(std::string errormessage): m_errormessage(errormessage){}

+

+ /* Get the error message */

+ inline std::string ErrorMessage() const

+ {

+ return m_errormessage;

+ }

+

+protected:

+ std::string m_errormessage;

+};

+

+#endif //ICC_EXTRACTOR_TLVPARSER_H

+#include "Token.h"

+#include "Platform/Finally.h"

+#include "Platform/ForEach.h"

+

+#if !defined(TC_WINDOWS) || defined(TC_PROTOTYPE)

+#include "Platform/SerializerFactory.h"

+#include "Platform/StringConverter.h"

+#include "Platform/SystemException.h"

+#else

+#include "Dictionary.h"

+#include "Language.h"

+#endif

+

+#include <vector>

+#include <algorithm>

+#include <memory>

+

+#include "SecurityToken.h"

+#include "EMVToken.h"

+#include "iostream"

+

+using namespace std;

+

+namespace VeraCrypt

+{

+ vector<shared_ptr<TokenKeyfile>> Token::GetAvailableKeyfiles(bool EMVOption) {

+ vector<shared_ptr<TokenKeyfile>> availableKeyfiles;

+ bool securityTokenLibraryInitialized = true;

+

+ try{

+ foreach (SecurityTokenKeyfile k, SecurityToken::GetAvailableKeyfiles()) {

+ availableKeyfiles.push_back(shared_ptr<TokenKeyfile>(new SecurityTokenKeyfile(k)));

+ }

+ } catch (SecurityTokenLibraryNotInitialized){

+ securityTokenLibraryInitialized = false;

+ }

+

+ if(EMVOption){

+ foreach (EMVTokenKeyfile k, EMVToken::GetAvailableKeyfiles()) {

+ availableKeyfiles.push_back(shared_ptr<TokenKeyfile>(new EMVTokenKeyfile(k)));

+ }

+ }

+

+ if(availableKeyfiles.size() == 0 && ! securityTokenLibraryInitialized){

+ throw SecurityTokenLibraryNotInitialized();

+ }

+

+ return availableKeyfiles;

+ }

+

+ bool Token::IsKeyfilePathValid(const wstring& tokenKeyfilePath, bool EMVOption)

+ {

+ if(EMVOption){

+ return SecurityToken::IsKeyfilePathValid(tokenKeyfilePath) || EMVToken::IsKeyfilePathValid(tokenKeyfilePath);

+ }

+ return SecurityToken::IsKeyfilePathValid(tokenKeyfilePath);

+ }

+

+ list <shared_ptr<TokenInfo>> Token::GetAvailableTokens()

+ {

+ list <shared_ptr<TokenInfo>> availableTokens;

+ foreach(SecurityTokenInfo securityToken, SecurityToken::GetAvailableTokens()){

+ availableTokens.push_back(shared_ptr<TokenInfo>(new SecurityTokenInfo(std::move(securityToken))));

+ }

+

+ return availableTokens ;

+ }

+

+ shared_ptr<TokenKeyfile> Token::getTokenKeyfile(const TokenKeyfilePath path){

+ shared_ptr<TokenKeyfile> tokenKeyfile;

+

+ if(SecurityToken::IsKeyfilePathValid(path)){

+ tokenKeyfile = shared_ptr<TokenKeyfile>(new SecurityTokenKeyfile(path));

+ } else {

+ if(EMVToken::IsKeyfilePathValid(path)){

+ tokenKeyfile = shared_ptr<TokenKeyfile>(new EMVTokenKeyfile(path));

+ }

+ }

+

+ return tokenKeyfile;

+ }

+} \ No newline at end of file

+#ifndef TC_HEADER_Common_Token

+#define TC_HEADER_Common_Token

+

+#include "Platform/PlatformBase.h"

+

+#if defined (TC_WINDOWS) && !defined (TC_PROTOTYPE)

+# include "Exception.h"

+#else

+

+# include "Platform/Exception.h"

+

+#endif

+

+#include <string>

+

+#define UNAVAILABLE_SLOT ~0UL

+

+namespace VeraCrypt {

+

+ struct TokenKeyfilePath {

+ TokenKeyfilePath(const wstring& path): Path(path) { }

+ operator wstring () const { return Path; }

+

+ wstring Path; //Complete path

+

+ };

+ struct TokenInfo {

+ TokenInfo() {}

+ virtual ~TokenInfo() {}

+

+ virtual BOOL isEditable() const=0;

+

+ unsigned long int SlotId;

+ wstring Label; //Card name

+ };

+

+ struct TokenKeyfile {

+ virtual operator TokenKeyfilePath () const = 0;

+ virtual void GetKeyfileData(vector <byte>& keyfileData) const = 0;

+

+ string IdUtf8; // Was used in SecurityToken to compare with the file name from a PKCS11 card, remove from token ?

+ shared_ptr<TokenInfo> Token;

+ wstring Id;

+ };

+

+ class Token {

+ public:

+ static vector<shared_ptr<TokenKeyfile>> GetAvailableKeyfiles(bool EMVOption);

+ static bool IsKeyfilePathValid(const wstring& tokenKeyfilePath, bool EMVOption);

+ static list <shared_ptr<TokenInfo>> GetAvailableTokens(); // List available token to write

+ static shared_ptr<TokenKeyfile> getTokenKeyfile(const TokenKeyfilePath path);

+ };

+

+};

+

+

+#endif //TC_HEADER_Common_Token

+ bool m_emvoption;

+ ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount, bool EMVOption) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount), m_emvoption(EMVOption) {}

+ virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_emvoption, m_newPkcs5Kdf, m_wipeCount); }

+ bool m_emvoption;

+ OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):

+ m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope), m_emvoption(EMVOption) {}

+ virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_truecryptMode,m_keyfiles, m_emvoption, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }

+ bool m_emvoption;

+ ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool EMVOption)

+ : m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles), m_emvoption(EMVOption) {}

+ virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles, m_emvoption); }

+ void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool EMVOption, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ shared_ptr <VolumePassword> password (Keyfile::ApplyListToPassword (newKeyfiles, newPassword, EMVOption));

+ void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool EMVOption, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const

+ shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, EMVOption);

+ ChangePassword (volume, newPassword, newPim, newKeyfiles, EMVOption, newPkcs5Kdf, wipeCount);

+ shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const

+ volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, EMVOption, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);

+ void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool EMVOption) const

+ shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password, EMVOption));

+ virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool EMVOption, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, bool EMVOption, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;

+ virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;

+ virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles, bool EMVOption) const;

+ bool EMVOption;

+ newOptions.Password = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVOption);

+ newOptions.ProtectionPassword = Keyfile::ApplyListToPassword (options.ProtectionKeyfiles, options.ProtectionPassword, options.EMVOption);

+ VolumePasswordCache::Store (*Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVOption));

+ options.EMVOption,

+ PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password, options->EMVOption);

+ bool EMVOption;

+ <AdditionalDependencies>..\Crypto\x64\Debug\crypto.lib;..\Common\x64\Debug\Zip.lib;..\Common\x64\Debug\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\Release\crypto.lib;..\Common\Release\Zip.lib;..\Common\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <ClCompile Include="..\Common\EMVToken.cpp" />

+ <ClCompile Include="..\Common\IccDataExtractor.cpp" />

+ <ClCompile Include="..\Common\TLVParser.cpp" />

+ <ClCompile Include="..\Common\Token.cpp" />

+ <ClInclude Include="..\Common\EMVToken.h" />

+ <ClInclude Include="..\Common\IccDataExtractor.h" />

+ <ClInclude Include="..\Common\TLVParser.h" />

+ <ClInclude Include="..\Common\Token.h" />

+ <ClCompile Include="..\Common\EMVToken.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\Token.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\IccDataExtractor.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\TLVParser.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClInclude Include="..\Common\EMVToken.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\Token.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\IccDataExtractor.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\TLVParser.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ ActivateEMVOption = ConfigReadInt ("ActivateEMVOption", 0);

+ <AdditionalDependencies>..\Crypto\x64\Debug\crypto.lib;..\Common\x64\Debug\Zip.lib;..\Common\x64\Debug\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\Release\crypto.lib;..\Common\Release\Zip.lib;..\Common\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <ClCompile Include="..\Common\EMVToken.cpp" />

+ <ClCompile Include="..\Common\IccDataExtractor.cpp" />

+ <ClCompile Include="..\Common\TLVParser.cpp" />

+ <ClCompile Include="..\Common\Token.cpp" />

+ <ClInclude Include="..\Common\EMVToken.h" />

+ <ClInclude Include="..\Common\IccDataExtractor.h" />

+ <ClInclude Include="..\Common\TLVParser.h" />

+ <ClInclude Include="..\Common\Token.h" />

+ <None Include="..\Common\Language.xml">

+ <SubType>Designer</SubType>

+ </None>

+ <ClCompile Include="..\Common\EMVToken.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\Token.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\IccDataExtractor.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\TLVParser.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClInclude Include="..\Common\EMVToken.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\Token.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\IccDataExtractor.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\TLVParser.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ ConfigReadCompareInt ("ActivateEMVOption", 0, &ActivateEMVOption, bOnlyCheckModified, pbSettingsModified);

+

+ wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0}; // TODO Use Token

+ parser.AddSwitch (L"", L"list-token-keyfiles", _("List token keyfiles"));

+ parser.AddSwitch (L"", L"list-securitytoken-keyfiles", _("List security token keyfiles"));

+ parser.AddSwitch (L"", L"list-emvtoken-keyfiles", _("List emv token keyfiles"));

+ ArgCommand = CommandId::ListTokenKeyfiles;

+ if (parser.Found (L"list-securitytoken-keyfiles"))

+ {

+ CheckCommandSingle();

+ ArgCommand = CommandId::ListSecurityTokenKeyfiles;

+ }

+ if (parser.Found (L"list-emvtoken-keyfiles"))

+ {

+ CheckCommandSingle();

+ ArgCommand = CommandId::ListEMVTokenKeyfiles;

+ }

+ ListTokenKeyfiles,

+ ListSecurityTokenKeyfiles,

+ ListEMVTokenKeyfiles,

+ newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(bUnsupportedKdf), NewPasswordPanel->GetHeaderWipeCount(), Gui->GetPreferences().ActivateEMVOption);

+

+

+ wxStaticBoxSizer* sbSizer38;

+ sbSizer38 = new wxStaticBoxSizer( new wxStaticBox( SecurityTokensPage, wxID_ANY, _("IDT_EMV_OPTIONS") ), wxVERTICAL );

+

+ ActivateEMVOptionCheckBox = new wxCheckBox( sbSizer38->GetStaticBox(), wxID_ANY, _("IDC_ACTIVATE_EMV_OPTION"), wxDefaultPosition, wxDefaultSize, 0 );

+ sbSizer38->Add( ActivateEMVOptionCheckBox, 0, wxALL, 5 );

+

+ bSizer128->Add( sbSizer38, 0, wxEXPAND|wxALL, 5 );

+

+ wxCheckBox* ActivateEMVOptionCheckBox;

+ foreach (const TokenKeyfilePath &path, dialog.GetSelectedSecurityTokenKeyfilePaths())

+ mountOptions.EMVOption = GetPreferences().ActivateEMVOption;

+ mountOptions.EMVOption = GetPreferences().ActivateEMVOption;

+ Options.EMVOption = Gui->GetPreferences().ActivateEMVOption;

+ TC_CHECK_BOX_VALIDATOR (ActivateEMVOption);

+ SecurityTokenKeyfileList = Token::GetAvailableKeyfiles(Gui->GetPreferences().ActivateEMVOption);

+ foreach (const shared_ptr<TokenKeyfile> key, SecurityTokenKeyfileList)

+ fields[ColumnSecurityTokenSlotId] = StringConverter::ToWide ((uint64) key->Token->SlotId);

+ fields[ColumnSecurityTokenLabel] = key->Token->Label;

+ fields[ColumnSecurityTokenKeyfileLabel] = key->Id;

+ Gui->AppendToListCtrl (SecurityTokenKeyfileListCtrl, fields, 0, key.get());

+ TokenKeyfile *keyfile = reinterpret_cast <TokenKeyfile *> (SecurityTokenKeyfileListCtrl->GetItemData (item));

+ keyfile->GetKeyfileData (keyfileData);

+ void SecurityTokenKeyfilesDialog::OnListItemSelected(wxListEvent &event) {

+ if (event.GetItem().GetData() != (wxUIntPtr) nullptr) {

+ BOOL deletable = true;

+ foreach(long

+ item, Gui->GetListCtrlSelectedItems(SecurityTokenKeyfileListCtrl))

+ {

+ TokenKeyfile *keyfile = reinterpret_cast <TokenKeyfile *> (SecurityTokenKeyfileListCtrl->GetItemData(

+ item));

+ if (!keyfile->Token->isEditable()) {

+ deletable = false;

+ }

+ }

+ if (deletable) {

+ DeleteButton->Enable();

+ }

+ ExportButton->Enable();

+ OKButton->Enable();

+ }

+ }

+ {

+ TokenKeyfile *key = reinterpret_cast <TokenKeyfile *> (SecurityTokenKeyfileListCtrl->GetItemData(item));

+ SelectedSecurityTokenKeyfilePaths.push_back(*key);

+ }

+#include "Common/Token.h"

+#include "Common/EMVToken.h"

+ list <TokenKeyfilePath> GetSelectedSecurityTokenKeyfilePaths() const { return SelectedSecurityTokenKeyfilePaths; }

+ vector <shared_ptr<TokenKeyfile>> SecurityTokenKeyfileList;

+ list <TokenKeyfilePath> SelectedSecurityTokenKeyfilePaths;

+ hiddenPassword = Keyfile::ApplyListToPassword (Keyfiles, Password, Gui->GetPreferences().ActivateEMVOption);

+ hiddenPassword = Keyfile::ApplyListToPassword (Keyfiles, Password, Gui->GetPreferences().ActivateEMVOption);

+ options->EMVOption = Gui->GetPreferences().ActivateEMVOption;

+

+ OuterPassword = Keyfile::ApplyListToPassword (Keyfiles, Password, Gui->GetPreferences().ActivateEMVOption);

+ foreach (const TokenKeyfilePath &path, dialog.GetSelectedSecurityTokenKeyfilePaths())

+#include "Common/IccDataExtractor.h"

+

+ VC_CONVERT_EXCEPTION (PCSCException);

+ VC_CONVERT_EXCEPTION (WinscardLibraryNotInitialized);

+ VC_CONVERT_EXCEPTION (InvalidEMVPath);

+ VC_CONVERT_EXCEPTION (EMVKeyfileDataNotFound);

+ VC_CONVERT_EXCEPTION (EMVPANNotFound);

+ VC_CONVERT_EXCEPTION (EMVUnknownCardType);

+

+ options->EMVOption,

+ options->EMVOption,

+ ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles, normalVolumeMountOptions.EMVOption);

+ ReEncryptHeaderThreadRoutine hiddenRoutine(newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles, hiddenVolumeMountOptions.EMVOption);

+ void GraphicUserInterface::ListTokenKeyfiles () const

+ void GraphicUserInterface::ListSecurityTokenKeyfiles () const

+ {

+ SecurityTokenKeyfilesDialog dialog (nullptr);

+ dialog.ShowModal();

+ }

+ void GraphicUserInterface::ListEMVTokenKeyfiles () const

+ {

+ SecurityTokenKeyfilesDialog dialog (nullptr);

+ dialog.ShowModal();

+ }

+ options.EMVOption,

+ ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVOption);

+ shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVOption);

+ ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVOption);

+ ReEncryptHeaderThreadRoutine backupRoutine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVOption);

+ virtual void ListTokenKeyfiles () const;

+ virtual void ListSecurityTokenKeyfiles () const;

+ virtual void ListEMVTokenKeyfiles () const;

+#include "Common/Token.h"

+#include "Common/EMVToken.h"

+ true,

+ true,

+ Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles, true);

+ Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles, true);

+ volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, true);

+ volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, true);

+ Core->ChangePassword (volume, newPassword, newPim, newKeyfiles, true,

+ options->EMVOption = true;

+ SecurityToken::DeleteKeyfile (TokenKeyfilePath (FilePath (keyfile)));

+ shared_ptr<TokenKeyfile> tokenKeyfile = Token::getTokenKeyfile(keyfilePath);

+ tokenKeyfile->GetKeyfileData (keyfileData);

+ list <shared_ptr<TokenInfo>> tokens = Token::GetAvailableTokens();

+ slotId = tokens.front()->SlotId;

+ foreach (const shared_ptr<TokenInfo> &token, tokens)

+ tokenLabel << L"[" << token->SlotId << L"] " << LangString["TOKEN_SLOT_ID"].c_str() << L" " << token->SlotId << L" " << token->Label;

+ slotId = (CK_SLOT_ID) AskSelection (tokens.back()->SlotId, tokens.front()->SlotId);

+ void TextUserInterface::ListTokenKeyfiles () const

+ foreach (const shared_ptr<TokenKeyfile> keyfile, Token::GetAvailableKeyfiles(true))

+ ShowString (wstring (TokenKeyfilePath (*keyfile)));

+ void TextUserInterface::ListSecurityTokenKeyfiles () const

+ {

+ foreach (const TokenKeyfile &keyfile, SecurityToken::GetAvailableKeyfiles())

+ {

+ ShowString (wstring (TokenKeyfilePath (keyfile)));

+ ShowString (L"\n");

+ }

+ }

+ void TextUserInterface::ListEMVTokenKeyfiles () const

+ {

+ foreach (const TokenKeyfile &keyfile, EMVToken::GetAvailableKeyfiles())

+ {

+ ShowString (wstring (TokenKeyfilePath (keyfile)));

+ ShowString (L"\n");

+ }

+ }

+ true,

+ Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles, true);

+ shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, true);

+ Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, true);

+ Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, true);

+ virtual void ListTokenKeyfiles () const;

+ virtual void ListSecurityTokenKeyfiles () const;

+ virtual void ListEMVTokenKeyfiles () const;

+#include "Common/IccDataExtractor.h"

+

+ // PCSC Exception

+ if (dynamic_cast <const PCSCException *> (&ex))

+ {

+ string errorString = string (dynamic_cast <const PCSCException &> (ex));

+

+ if (LangString.Exists (errorString))

+ return LangString[errorString];

+

+ if (errorString.find("SCARD_E_") == 0 || errorString.find("SCARD_F_") == 0 || errorString.find("SCARD_W_") == 0)

+ {

+ errorString = errorString.substr(8);

+ for (size_t i = 0; i < errorString.size(); ++i)

+ {

+ if (errorString[i] == '_')

+ errorString[i] = ' ';

+ }

+ }

+ return LangString["PCSC_ERROR"] + L":\n\n" + StringConverter::ToWide (errorString);

+ }

+

+

+ EX2MSG (WinscardLibraryNotInitialized, LangString["WINSCARD_MODULE_INIT_FAILED"]);

+ EX2MSG (InvalidEMVPath, LangString["INVALID_EMV_PATH"]);

+ EX2MSG (EMVKeyfileDataNotFound, LangString["EMV_KEYFILE_DATA_NOT_FOUND"]);

+ EX2MSG (EMVPANNotFound, LangString["EMV_PAN_NOT_FOUND"]);

+ EX2MSG (EMVUnknownCardType, LangString["EMV_UNKNOWN_CARD_TYPE"]);

+ " Export a keyfile from a token keyfile. See also command --list-token-keyfiles.\n"

+ " Display a list of all available token keyfiles. See also command\n"

+ "\n""--list-securitytoken-keyfiles\n"

+ " Display a list of all available security token keyfiles. See also command\n"

+ " --import-token-keyfiles.\n"

+ "\n"

+ "\n""--list-emvtoken-keyfiles\n"

+ " Display a list of all available emv token keyfiles. See also command\n"

+ "\n"

+ " token://slot/SLOT_NUMBER/file/FILENAME for a security token keyfile\n"

+ " and emv://slot/SLOT_NUMBER for an EMV token keyfile.\n"

+ " An empty keyfile (-k \"\") disables\n"

+ " --list-token-keyfiles, --list-securitytoken-keyfiles, --list-emvtoken-keyfiles,\n"

+ " --new-keyfiles, --protection-keyfiles.\n"

+ case CommandId::ListTokenKeyfiles:

+ ListTokenKeyfiles();

+ case CommandId::ListSecurityTokenKeyfiles:

+ ListSecurityTokenKeyfiles();

+ return true;

+

+ case CommandId::ListEMVTokenKeyfiles:

+ ListEMVTokenKeyfiles();

+ return true;

+

+

+ VC_CONVERT_EXCEPTION (PCSCException);

+ VC_CONVERT_EXCEPTION (WinscardLibraryNotInitialized);

+ VC_CONVERT_EXCEPTION (InvalidEMVPath);

+ VC_CONVERT_EXCEPTION (EMVKeyfileDataNotFound);

+ VC_CONVERT_EXCEPTION (EMVPANNotFound);

+ VC_CONVERT_EXCEPTION (EMVUnknownCardType);

+

+ virtual void ListTokenKeyfiles () const = 0;

+ virtual void ListEMVTokenKeyfiles () const = 0;

+ TC_CONFIG_SET (ActivateEMVOption);

+ TC_CONFIG_ADD (ActivateEMVOption);

+ ActivateEMVOption (false),

+ bool ActivateEMVOption;

+ # TODO: Prpoper implementation in the makefile

+ C_CXX_FLAGS += -I/usr/include/PCSC/ -lpcsclite

+ LFLAGS += -I/usr/include/PCSC/ -lpcsclite

+

+ ConfigReadCompareInt ("ActivateEMVOption", 0, &ActivateEMVOption, bOnlyCheckModified, pbSettingsModified);

+ ConfigWriteInt ("ActivateEMVOption", ActivateEMVOption);

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ wchar_t szTmp[SecurityToken::MaxPasswordLength + 1] = {0}; // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ SecurityToken::CloseAllSessions(); // TODO Use Token

+ CheckDlgButton (hwndDlg, IDC_ACTIVATE_EMV_OPTION, ActivateEMVOption ? BST_CHECKED : BST_UNCHECKED);

+ SecurityToken::CloseLibrary(); // TODO Use Token

+ ActivateEMVOption = (IsDlgButtonChecked (hwndDlg, IDC_ACTIVATE_EMV_OPTION) == BST_CHECKED);

+IDD_TOKEN_PREFERENCES DIALOGEX 0, 0, 316, 229

+ CONTROL "&Activate EMV Option",IDC_ACTIVATE_EMV_OPTION,"Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,16,185,284,9

+ DEFPUSHBUTTON "OK",IDOK,205,208,50,14

+ PUSHBUTTON "Cancel",IDCANCEL,259,208,50,14

+ GROUPBOX "EMV Options",IDT_EMV_OPTIONS,7,172,302,30

+ <AdditionalDependencies>..\Crypto\x64\Debug\crypto.lib;..\Common\x64\Debug\Zip.lib;..\Common\x64\Debug\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\Release\crypto.lib;..\Common\Release\Zip.lib;..\Common\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <AdditionalDependencies>..\Crypto\x64\Release\crypto.lib;..\Common\x64\Release\Zip.lib;..\Common\x64\Release\lzma.lib;mpr.lib;winscard.lib;%(AdditionalDependencies)</AdditionalDependencies>

+ <ClCompile Include="..\Common\EMVToken.cpp" />

+ <ClCompile Include="..\Common\IccDataExtractor.cpp" />

+ <ClCompile Include="..\Common\TLVParser.cpp" />

+ <ClCompile Include="..\Common\Token.cpp" />

+ <ClInclude Include="..\Common\EMVToken.h" />

+ <ClInclude Include="..\Common\IccDataExtractor.h" />

+ <ClInclude Include="..\Common\TLVParser.h" />

+ <ClInclude Include="..\Common\Token.h" />

+ <ClCompile Include="..\Common\EMVToken.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\Token.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\IccDataExtractor.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClCompile Include="..\Common\TLVParser.cpp">

+ <Filter>Source Files\Common</Filter>

+ </ClCompile>

+ <ClInclude Include="..\Common\EMVToken.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\Token.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\IccDataExtractor.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+ <ClInclude Include="..\Common\TLVParser.h">

+ <Filter>Header Files</Filter>

+ </ClInclude>

+#define IDC_ACTIVATE_EMV_OPTION 1179

+#define IDT_EMV_OPTIONS 1180

+#include "Common/EMVToken.h"

+ void Keyfile::Apply (const BufferPtr &pool, bool EMVOption) const

+ std::wcout << wstring (Path) << std::endl;

+ if (Token::IsKeyfilePathValid (Path, EMVOption)) {

+ // Apply keyfile generated by a security token

+ vector <byte> keyfileData;

+ Token::getTokenKeyfile(wstring(Path))->GetKeyfileData(keyfileData);

+ if (keyfileData.size() < MinProcessedLength)

+ throw InsufficientData(SRC_POS, Path);

+ for (size_t i = 0; i < keyfileData.size(); i++) {

+ uint32 crc = crc32.Process(keyfileData[i]);

+ pool[poolPos++] += (byte)(crc >> 24);

+ pool[poolPos++] += (byte)(crc >> 16);

+ pool[poolPos++] += (byte)(crc >> 8);

+ pool[poolPos++] += (byte) crc;

+ if (poolPos >= pool.Size())

+ poolPos = 0;

+ if (++totalLength >= MaxProcessedLength)

+ break;

+ }

+ burn(&keyfileData.front(), keyfileData.size());

+ goto done;

+ }

+ file.Open (Path, File::OpenRead, File::ShareRead);

+ while ((readLength = file.Read (keyfileBuf)) > 0) {

+ for (size_t i = 0; i < readLength; i++) {

+ uint32 crc = crc32.Process(keyfileBuf[i]);

+ pool[poolPos++] += (byte)(crc >> 24);

+ pool[poolPos++] += (byte)(crc >> 16);

+ pool[poolPos++] += (byte)(crc >> 8);

+ pool[poolPos++] += (byte) crc;

+ if (poolPos >= pool.Size())

+ poolPos = 0;

+ if (++totalLength >= MaxProcessedLength)

+ goto done;

+ }

+ }

+ done:

+ shared_ptr <VolumePassword> Keyfile::ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool EMVOption)

+ k.Apply (keyfilePool, EMVOption);

+ static shared_ptr <VolumePassword> ApplyListToPassword (shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> password, bool EMVOption = false);

+ void Apply (const BufferPtr &pool, bool EMVOption) const;

+ void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)

+ return Open (file, password, pim, kdf, truecryptMode, keyfiles, EMVOption, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);

+ void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)

+ shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (keyfiles, password, EMVOption);

+ EMVOption,

+ void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);

+ void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, bool EMVOption, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);

+OBJS += ../Common/Token.o

+OBJS += ../Common/TLVParser.o

+OBJS += ../Common/EMVToken.o

+OBJS += ../Common/IccDataExtractor.o