diff options
Diffstat (limited to 'src/Main/TextUserInterface.cpp')
-rw-r--r-- | src/Main/TextUserInterface.cpp | 145 |
1 files changed, 93 insertions, 52 deletions
diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp index ec3ed531..94919296 100644 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -21,7 +21,9 @@ #endif #include <wx/platinfo.h> +#include "Common/Token.h" #include "Common/SecurityToken.h" +#include "Common/EMVToken.h" #include "Core/RandomNumberGenerator.h" #include "Application.h" #include "TextUserInterface.h" @@ -275,7 +277,7 @@ namespace VeraCrypt shared_ptr <Pkcs5Kdf> kdf; if (CmdLine->ArgHash) { - kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash, false); + kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash); } shared_ptr <Volume> normalVolume; @@ -287,6 +289,9 @@ namespace VeraCrypt normalVolumeMountOptions.Path = volumePath; hiddenVolumeMountOptions.Path = volumePath; + normalVolumeMountOptions.EMVSupportEnabled = true; + hiddenVolumeMountOptions.EMVSupportEnabled = true; + VolumeType::Enum volumeType = VolumeType::Normal; // Open both types of volumes @@ -310,8 +315,8 @@ namespace VeraCrypt options->Password, options->Pim, kdf, - false, options->Keyfiles, + options->EMVSupportEnabled, options->Protection, options->ProtectionPassword, options->ProtectionPim, @@ -335,8 +340,8 @@ namespace VeraCrypt options->Password, options->Pim, kdf, - false, options->Keyfiles, + options->EMVSupportEnabled, options->Protection, options->ProtectionPassword, options->ProtectionPim, @@ -407,14 +412,14 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles, normalVolumeMountOptions.EMVSupportEnabled); backupFile.Write (newHeaderBuffer); if (hiddenVolume) { // Re-encrypt hidden volume header - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles, hiddenVolumeMountOptions.EMVSupportEnabled); } else { @@ -430,7 +435,7 @@ namespace VeraCrypt ShowInfo ("VOL_HEADER_BACKED_UP"); } - void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const + void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const { shared_ptr <Volume> volume; @@ -452,7 +457,7 @@ namespace VeraCrypt shared_ptr<Pkcs5Kdf> kdf; if (currentHash) { - kdf = Pkcs5Kdf::GetAlgorithm (*currentHash, truecryptMode); + kdf = Pkcs5Kdf::GetAlgorithm (*currentHash); } while (true) @@ -468,7 +473,7 @@ namespace VeraCrypt } // current PIM - if (!truecryptMode && !Preferences.NonInteractive && (pim < 0)) + if (!Preferences.NonInteractive && (pim < 0)) { pim = AskPim (_("Enter current PIM")); } @@ -482,7 +487,7 @@ namespace VeraCrypt try { keyfiles.reset (new KeyfileList); - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, keyfiles, true); } catch (PasswordException&) { @@ -492,7 +497,7 @@ namespace VeraCrypt } if (!volume.get()) - volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles); + volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, keyfiles, true); } catch (PasswordException &e) { @@ -527,8 +532,8 @@ namespace VeraCrypt RandomNumberGenerator::SetEnrichedByUserStatus (false); UserEnrichRandomPool(); - Core->ChangePassword (volume, newPassword, newPim, newKeyfiles, - newHash ? Pkcs5Kdf::GetAlgorithm (*newHash, false) : shared_ptr <Pkcs5Kdf>()); + Core->ChangePassword (volume, newPassword, newPim, newKeyfiles, true, + newHash ? Pkcs5Kdf::GetAlgorithm (*newHash) : shared_ptr <Pkcs5Kdf>()); ShowInfo ("PASSWORD_CHANGED"); } @@ -651,25 +656,35 @@ namespace VeraCrypt else { uint64 AvailableDiskSpace = 0; - wxLongLong diskSpace = 0; - wxString parentDir = wxFileName (wstring (options->Path)).GetPath(); - if (parentDir.IsEmpty()) + if (options->Path.IsDevice()) { - parentDir = wxT("."); + AvailableDiskSpace = maxVolumeSize; } - if (wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace)) + else { - AvailableDiskSpace = (uint64) diskSpace.GetValue (); - if (maxVolumeSize > AvailableDiskSpace) - maxVolumeSize = AvailableDiskSpace; + wxLongLong diskSpace = 0; + wxString parentDir = wxFileName (wstring (options->Path)).GetPath(); + if (parentDir.IsEmpty()) + { + parentDir = wxT("."); + } + if (options->Type == VolumeType::Normal && wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace)) + { + AvailableDiskSpace = (uint64) diskSpace.GetValue (); + if (maxVolumeSize > AvailableDiskSpace) + maxVolumeSize = AvailableDiskSpace; + } } if (options->Size == (uint64) (-1)) { - if (AvailableDiskSpace) + if (options->Type == VolumeType::Hidden) { + throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume.")); + } + else if (AvailableDiskSpace) { // caller requesting maximum size - // we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace + // we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes options->Size = maxVolumeSize; } else @@ -690,14 +705,17 @@ namespace VeraCrypt throw MissingArgument (SRC_POS); uint64 multiplier = 1024 * 1024; - wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT/max): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): ")); + wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): ")); if (sizeStr.CmpNoCase(wxT("max")) == 0) { multiplier = 1; - if (AvailableDiskSpace) + if (options->Type == VolumeType::Hidden) { + throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume.")); + } + else if (AvailableDiskSpace) { // caller requesting maximum size - // we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace + // we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes options->Size = maxVolumeSize; } else @@ -808,7 +826,7 @@ namespace VeraCrypt shared_ptr <Hash> selectedHash = hashes[AskSelection (hashes.size(), 1) - 1]; RandomNumberGenerator::SetHash (selectedHash); - options->VolumeHeaderKdf = Pkcs5Kdf::GetAlgorithm (*selectedHash, false); + options->VolumeHeaderKdf = Pkcs5Kdf::GetAlgorithm (*selectedHash); } @@ -911,6 +929,7 @@ namespace VeraCrypt wxLongLong startTime = wxGetLocalTimeMillis(); VolumeCreator creator; + options->EMVSupportEnabled = true; creator.CreateVolume (options); bool volumeCreated = false; @@ -952,6 +971,7 @@ namespace VeraCrypt mountOptions.Password = options->Password; mountOptions.Pim = options->Pim; mountOptions.Keyfiles = options->Keyfiles; + mountOptions.EMVSupportEnabled = true; shared_ptr <VolumeInfo> volume = Core->MountVolume (mountOptions); finally_do_arg (shared_ptr <VolumeInfo>, volume, { Core->DismountVolume (finally_arg, true); }); @@ -1024,7 +1044,7 @@ namespace VeraCrypt foreach_ref (const Keyfile &keyfile, *keyfiles) { - SecurityToken::DeleteKeyfile (SecurityTokenKeyfilePath (FilePath (keyfile))); + SecurityToken::DeleteKeyfile (TokenKeyfilePath (FilePath (keyfile))); } } @@ -1040,7 +1060,7 @@ namespace VeraCrypt void TextUserInterface::DoShowString (const wxString &str) const { - wcout << str.c_str(); + wcout << str.c_str() << flush; } void TextUserInterface::DoShowWarning (const wxString &message) const @@ -1048,17 +1068,17 @@ namespace VeraCrypt wcerr << L"Warning: " << static_cast<wstring> (message) << endl; } - void TextUserInterface::ExportSecurityTokenKeyfile () const + void TextUserInterface::ExportTokenKeyfile () const { - wstring keyfilePath = AskString (_("Enter security token keyfile path: ")); + wstring keyfilePath = AskString (_("Enter token keyfile path: ")); if (keyfilePath.empty()) throw UserAbort (SRC_POS); - SecurityTokenKeyfile tokenKeyfile (keyfilePath); + shared_ptr<TokenKeyfile> tokenKeyfile = Token::getTokenKeyfile(keyfilePath); vector <byte> keyfileData; - SecurityToken::GetKeyfileData (tokenKeyfile, keyfileData); + tokenKeyfile->GetKeyfileData (keyfileData); BufferPtr keyfileDataBuf (&keyfileData.front(), keyfileData.size()); finally_do_arg (BufferPtr, keyfileDataBuf, { finally_arg.Erase(); }); @@ -1098,9 +1118,9 @@ namespace VeraCrypt return shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler (this)); } - void TextUserInterface::ImportSecurityTokenKeyfiles () const + void TextUserInterface::ImportTokenKeyfiles () const { - list <SecurityTokenInfo> tokens = SecurityToken::GetAvailableTokens(); + list <shared_ptr<TokenInfo>> tokens = Token::GetAvailableTokens(); if (tokens.empty()) throw_err (LangString ["NO_TOKENS_FOUND"]); @@ -1109,19 +1129,19 @@ namespace VeraCrypt if (tokens.size() == 1) { - slotId = tokens.front().SlotId; + slotId = tokens.front()->SlotId; } else { - foreach (const SecurityTokenInfo &token, tokens) + foreach (const shared_ptr<TokenInfo> &token, tokens) { wstringstream tokenLabel; - tokenLabel << L"[" << token.SlotId << L"] " << LangString["TOKEN_SLOT_ID"].c_str() << L" " << token.SlotId << L" " << token.Label; + tokenLabel << L"[" << token->SlotId << L"] " << LangString["TOKEN_SLOT_ID"].c_str() << L" " << token->SlotId << L" " << token->Label; ShowInfo (tokenLabel.str()); } - slotId = (CK_SLOT_ID) AskSelection (tokens.back().SlotId, tokens.front().SlotId); + slotId = (CK_SLOT_ID) AskSelection (tokens.back()->SlotId, tokens.front()->SlotId); } shared_ptr <KeyfileList> keyfiles; @@ -1225,14 +1245,30 @@ namespace VeraCrypt } } - void TextUserInterface::ListSecurityTokenKeyfiles () const + void TextUserInterface::ListTokenKeyfiles () const { - foreach (const SecurityTokenKeyfile &keyfile, SecurityToken::GetAvailableKeyfiles()) + foreach (const shared_ptr<TokenKeyfile> keyfile, Token::GetAvailableKeyfiles(true)) { - ShowString (wstring (SecurityTokenKeyfilePath (keyfile))); + ShowString (wstring (TokenKeyfilePath (*keyfile))); ShowString (L"\n"); } } + void TextUserInterface::ListSecurityTokenKeyfiles () const + { + foreach (const TokenKeyfile &keyfile, SecurityToken::GetAvailableKeyfiles()) + { + ShowString (wstring (TokenKeyfilePath (keyfile))); + ShowString (L"\n"); + } + } + void TextUserInterface::ListEMVTokenKeyfiles () const + { + foreach (const TokenKeyfile &keyfile, EMVToken::GetAvailableKeyfiles()) + { + ShowString (wstring (TokenKeyfilePath (keyfile))); + ShowString (L"\n"); + } + } VolumeInfoList TextUserInterface::MountAllDeviceHostedVolumes (MountOptions &options) const { @@ -1241,12 +1277,14 @@ namespace VeraCrypt if (!options.Password) options.Password = AskPassword(); - if (!options.TrueCryptMode && (options.Pim < 0)) + if (options.Pim < 0) options.Pim = AskPim (_("Enter PIM")); if (!options.Keyfiles) options.Keyfiles = AskKeyfiles(); + options.EMVSupportEnabled = true; + VolumeInfoList mountedVolumes = UserInterface::MountAllDeviceHostedVolumes (options); if (!mountedVolumes.empty()) @@ -1285,6 +1323,8 @@ namespace VeraCrypt VolumePassword password; KeyfileList keyfiles; + options.EMVSupportEnabled = true; + if ((!options.Password || options.Password->IsEmpty()) && (!options.Keyfiles || options.Keyfiles->empty()) && !Core->IsPasswordCacheEmpty()) @@ -1307,7 +1347,7 @@ namespace VeraCrypt options.Password = AskPassword (StringFormatter (_("Enter password for {0}"), wstring (*options.Path))); } - if (!options.TrueCryptMode && (options.Pim < 0)) + if (options.Pim < 0) { options.Pim = AskPim (StringFormatter (_("Enter PIM for {0}"), wstring (*options.Path))); } @@ -1326,7 +1366,7 @@ namespace VeraCrypt { if (!options.ProtectionPassword) options.ProtectionPassword = AskPassword (_("Enter password for hidden volume")); - if (!options.TrueCryptMode && (options.ProtectionPim < 0)) + if (options.ProtectionPim < 0) options.ProtectionPim = AskPim (_("Enter PIM for hidden volume")); if (!options.ProtectionKeyfiles) options.ProtectionKeyfiles = AskKeyfiles (_("Enter keyfile for hidden volume")); @@ -1375,7 +1415,6 @@ namespace VeraCrypt { ShowInfo (e); options.Password.reset(); - options.Pim = -1; } } @@ -1475,7 +1514,7 @@ namespace VeraCrypt shared_ptr <Pkcs5Kdf> kdf; if (CmdLine->ArgHash) { - kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash, false); + kdf = Pkcs5Kdf::GetAlgorithm (*CmdLine->ArgHash); } ShowInfo (LangString["HEADER_RESTORE_EXTERNAL_INTERNAL"]); @@ -1505,6 +1544,7 @@ namespace VeraCrypt shared_ptr <Volume> volume; MountOptions options; options.Path = volumePath; + options.EMVSupportEnabled = true; while (!volume) { @@ -1521,8 +1561,8 @@ namespace VeraCrypt options.Password, options.Pim, kdf, - false, options.Keyfiles, + options.EMVSupportEnabled, options.Protection, options.ProtectionPassword, options.ProtectionPim, @@ -1550,7 +1590,7 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVSupportEnabled); // Write volume header int headerOffset = volume->GetLayout()->GetHeaderOffset(); @@ -1600,6 +1640,7 @@ namespace VeraCrypt // Open the volume header stored in the backup file MountOptions options; + options.EMVSupportEnabled = true; shared_ptr <VolumeLayout> decryptedLayout; @@ -1627,8 +1668,8 @@ namespace VeraCrypt backupFile.ReadAt (headerBuffer, layout->GetType() == VolumeType::Hidden ? layout->GetHeaderSize() : 0); // Decrypt header - shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password); - if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) + shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password, options.EMVSupportEnabled); + if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, layout->GetSupportedKeyDerivationFunctions(), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes())) { decryptedLayout = layout; break; @@ -1652,7 +1693,7 @@ namespace VeraCrypt // Re-encrypt volume header SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize()); - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVSupportEnabled); // Write volume header int headerOffset = decryptedLayout->GetHeaderOffset(); @@ -1666,7 +1707,7 @@ namespace VeraCrypt if (decryptedLayout->HasBackupHeader()) { // Re-encrypt backup volume header - Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles); + Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles, options.EMVSupportEnabled); // Write backup volume header headerOffset = decryptedLayout->GetBackupHeaderOffset(); |