1 // SoftEther VPN Source Code - Stable Edition Repository 2 // Mayaqua Kernel 3 // 4 // SoftEther VPN Server, Client and Bridge are free software under the Apache License, Version 2.0. 5 // 6 // Copyright (c) Daiyuu Nobori. 7 // Copyright (c) SoftEther VPN Project, University of Tsukuba, Japan. 8 // Copyright (c) SoftEther Corporation. 9 // Copyright (c) all contributors on SoftEther VPN project in GitHub. 10 // 11 // All Rights Reserved. 12 // 13 // http://www.softether.org/ 14 // 15 // This stable branch is officially managed by Daiyuu Nobori, the owner of SoftEther VPN Project. 16 // Pull requests should be sent to the Developer Edition Master Repository on https://github.com/SoftEtherVPN/SoftEtherVPN 17 // 18 // License: The Apache License, Version 2.0 19 // https://www.apache.org/licenses/LICENSE-2.0 20 // 21 // DISCLAIMER 22 // ========== 23 // 24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 25 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 26 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 27 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 28 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 29 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 // SOFTWARE. 31 // 32 // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, UNDER 33 // JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, MERGE, PUBLISH, 34 // DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS SOFTWARE, THAT ANY 35 // JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS SOFTWARE OR ITS CONTENTS, 36 // AGAINST US (SOFTETHER PROJECT, SOFTETHER CORPORATION, DAIYUU NOBORI OR OTHER 37 // SUPPLIERS), OR ANY JURIDICAL DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND 38 // OF USING, COPYING, MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, 39 // AND/OR SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND 40 // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO EXCLUSIVE 41 // JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, JAPAN. YOU MUST WAIVE 42 // ALL DEFENSES OF LACK OF PERSONAL JURISDICTION AND FORUM NON CONVENIENS. 43 // PROCESS MAY BE SERVED ON EITHER PARTY IN THE MANNER AUTHORIZED BY APPLICABLE 44 // LAW OR COURT RULE. 45 // 46 // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS YOU HAVE 47 // A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY CRIMINAL LAWS OR CIVIL 48 // RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS SOFTWARE IN OTHER COUNTRIES IS 49 // COMPLETELY AT YOUR OWN RISK. THE SOFTETHER VPN PROJECT HAS DEVELOPED AND 50 // DISTRIBUTED THIS SOFTWARE TO COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING 51 // CIVIL RIGHTS INCLUDING PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER 52 // COUNTRIES' LAWS OR CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. 53 // WE HAVE NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR 54 // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ COUNTRIES 55 // AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE WORLD, WITH 56 // DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY COUNTRIES' LAWS, REGULATIONS 57 // AND CIVIL RIGHTS TO MAKE THE SOFTWARE COMPLY WITH ALL COUNTRIES' LAWS BY THE 58 // PROJECT. EVEN IF YOU WILL BE SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A 59 // PUBLIC SERVANT IN YOUR COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE 60 // LIABLE TO RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL 61 // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT JUST A 62 // STATEMENT FOR WARNING AND DISCLAIMER. 63 // 64 // READ AND UNDERSTAND THE 'WARNING.TXT' FILE BEFORE USING THIS SOFTWARE. 65 // SOME SOFTWARE PROGRAMS FROM THIRD PARTIES ARE INCLUDED ON THIS SOFTWARE WITH 66 // LICENSE CONDITIONS WHICH ARE DESCRIBED ON THE 'THIRD_PARTY.TXT' FILE. 67 // 68 // 69 // SOURCE CODE CONTRIBUTION 70 // ------------------------ 71 // 72 // Your contribution to SoftEther VPN Project is much appreciated. 73 // Please send patches to us through GitHub. 74 // Read the SoftEther VPN Patch Acceptance Policy in advance: 75 // http://www.softether.org/5-download/src/9.patch 76 // 77 // 78 // DEAR SECURITY EXPERTS 79 // --------------------- 80 // 81 // If you find a bug or a security vulnerability please kindly inform us 82 // about the problem immediately so that we can fix the security problem 83 // to protect a lot of users around the world as soon as possible. 84 // 85 // Our e-mail address for security reports is: 86 // softether-vpn-security [at] softether.org 87 // 88 // Please note that the above e-mail address is not a technical support 89 // inquiry address. If you need technical assistance, please visit 90 // http://www.softether.org/ and ask your question on the users forum. 91 // 92 // Thank you for your cooperation. 93 // 94 // 95 // NO MEMORY OR RESOURCE LEAKS 96 // --------------------------- 97 // 98 // The memory-leaks and resource-leaks verification under the stress 99 // test has been passed before release this source code. 100 101 102 // Secure.h 103 // Header of Secure.c 104 105 #ifndef SECURE_H 106 #define SECURE_H 107 108 // Constant 109 #define MAX_SEC_DATA_SIZE 4096 110 111 // Type declaration related to PKCS#11 112 #ifndef SECURE_C 113 typedef struct CK_FUNCTION_LIST *CK_FUNCTION_LIST_PTR; 114 typedef struct SEC_DATA_WIN32 SEC_DATA_WIN32; 115 typedef struct CK_TOKEN_INFO CK_TOKEN_INFO; 116 typedef struct CK_DATE CK_DATE; 117 #endif // SECURE_C 118 119 // Secure device 120 struct SECURE_DEVICE 121 { 122 UINT Id; // Device ID 123 UINT Type; // Type 124 char *DeviceName; // Device name 125 char *Manufacturer; // Manufacturer 126 char *ModuleName; // Module name 127 }; 128 129 // Type of secure device 130 #define SECURE_IC_CARD 0 // IC card 131 #define SECURE_USB_TOKEN 1 // USB token 132 133 // Secure device information 134 struct SEC_INFO 135 { 136 wchar_t *Label; // Label 137 wchar_t *ManufacturerId; // Vendor ID 138 wchar_t *Model; // Model 139 wchar_t *SerialNumber; // Serial number 140 UINT MaxSession; // Maximum number of sessions 141 UINT MaxRWSession; // Maximum Number of R/W sessions 142 UINT MinPinLen; // Minimum length of the PIN string 143 UINT MaxPinLen; // Maximum length of the PIN string 144 UINT TotalPublicMemory; // Total memory capacity (Public) 145 UINT FreePublicMemory; // Free memory capacity (Public) 146 UINT TotalPrivateMemory; // Total memory capacity (Private) 147 UINT FreePrivateMemory; // Free memory capacity (Private) 148 char *HardwareVersion; // Hardware version 149 char *FirmwareVersion; // Firmware version 150 }; 151 152 // Secure device structure 153 struct SECURE 154 { 155 LOCK *lock; // Lock 156 SECURE_DEVICE *Dev; // Device Information 157 UINT Error; // The error that last occurred 158 struct CK_FUNCTION_LIST *Api; // API 159 bool Initialized; // Initialization flag 160 UINT NumSlot; // The number of slots 161 UINT *SlotIdList; // Slot ID list 162 bool SessionCreated; // Session creation flags 163 UINT SessionId; // Session ID 164 UINT SessionSlotNumber; // Slot ID of the session 165 bool LoginFlag; // Logged-in flag 166 SEC_INFO *Info; // Token information 167 LIST *EnumCache; // Enumeration cache 168 169 // Attribute value for the different behavior for each driver 170 bool IsEPass1000; // ePass 1000 171 bool IsReadOnly; // Read-only mode 172 173 #ifdef OS_WIN32 174 struct SEC_DATA_WIN32 *Data; // Data 175 #endif // OS_WIN32 176 }; 177 178 // Secure device object structure 179 struct SEC_OBJ 180 { 181 UINT Type; // Type of object 182 UINT Object; // Object handle 183 bool Private; // Private flag 184 char *Name; // Name 185 }; 186 187 #define SEC_ERROR_NOERROR 0 // No Error 188 #define SEC_ERROR_INVALID_SLOT_NUMBER 1 // Slot number is invalid 189 #define SEC_ERROR_OPEN_SESSION 2 // Session creation failure 190 #define SEC_ERROR_SESSION_EXISTS 3 // The session already exists 191 #define SEC_ERROR_NO_PIN_STR 4 // PIN string is not specified 192 #define SEC_ERROR_ALREADY_LOGIN 5 // Already logged in 193 #define SEC_ERROR_BAD_PIN_CODE 6 // PIN code is invalid 194 #define SEC_ERROR_NO_SESSION 7 // There is no session 195 #define SEC_ERROR_DATA_TOO_BIG 8 // Data is too large 196 #define SEC_ERROR_NOT_LOGIN 9 // Not logged in 197 #define SEC_ERROR_BAD_PARAMETER 10 // Invalid Parameters 198 #define SEC_ERROR_HARDWARE_ERROR 11 // Hardware error 199 #define SEC_ERROR_OBJ_NOT_FOUND 12 // Object is not found 200 #define SEC_ERROR_INVALID_CERT 13 // The certificate is invalid 201 202 203 #define SEC_DATA 0 // Data 204 #define SEC_X 1 // Certificate 205 #define SEC_K 2 // Secret key 206 #define SEC_P 3 // Public key 207 208 209 210 // Function prototype 211 void InitSecure(); 212 void FreeSecure(); 213 void InitSecureDeviceList(); 214 void FreeSecureDeviceList(); 215 bool IsDeviceSupported(SECURE_DEVICE *dev); 216 LIST *GetSupportedDeviceList(); 217 LIST *GetSecureDeviceList(); 218 bool CheckSecureDeviceId(UINT id); 219 SECURE_DEVICE *GetSecureDevice(UINT id); 220 SECURE *OpenSec(UINT id); 221 void CloseSec(SECURE *sec); 222 bool OpenSecSession(SECURE *sec, UINT slot_number); 223 void CloseSecSession(SECURE *sec); 224 bool LoginSec(SECURE *sec, char *pin); 225 void LogoutSec(SECURE *sec); 226 void PrintSecInfo(SECURE *sec); 227 LIST *EnumSecObject(SECURE *sec); 228 void FreeSecObject(SEC_OBJ *obj); 229 void FreeEnumSecObject(LIST *o); 230 SEC_OBJ *FindSecObject(SECURE *sec, char *name, UINT type); 231 bool CheckSecObject(SECURE *sec, char *name, UINT type); 232 bool DeleteSecObjectByName(SECURE *sec, char *name, UINT type); 233 SEC_OBJ *CloneSecObject(SEC_OBJ *obj); 234 LIST *CloneEnumSecObject(LIST *o); 235 void EraseEnumSecObjectCache(SECURE *sec); 236 void DeleteSecObjFromEnumCache(SECURE *sec, char *name, UINT type); 237 void AddSecObjToEnumCache(SECURE *sec, char *name, UINT type, bool private_obj, UINT object); 238 bool WriteSecData(SECURE *sec, bool private_obj, char *name, void *data, UINT size); 239 int ReadSecDataFromObject(SECURE *sec, SEC_OBJ *obj, void *data, UINT size); 240 int ReadSecData(SECURE *sec, char *name, void *data, UINT size); 241 bool DeleteSecObject(SECURE *sec, SEC_OBJ *obj); 242 bool DeleteSecData(SECURE *sec, char *name); 243 void UINT64ToCkDate(void *p_ck_date, UINT64 time64); 244 bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x); 245 bool DeleteSecCert(SECURE *sec, char *name); 246 X *ReadSecCertFromObject(SECURE *sec, SEC_OBJ *obj); 247 X *ReadSecCert(SECURE *sec, char *name); 248 bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k); 249 bool DeleteSecKey(SECURE *sec, char *name); 250 bool SignSecByObject(SECURE *sec, SEC_OBJ *obj, void *dst, void *src, UINT size); 251 bool SignSec(SECURE *sec, char *name, void *dst, void *src, UINT size); 252 bool ChangePin(SECURE *sec, char *old_pin, char *new_pin); 253 void TestSec(); 254 void TestSecMain(SECURE *sec); 255 bool IsJPKI(bool id); 256 257 bool LoadSecModule(SECURE *sec); 258 void FreeSecModule(SECURE *sec); 259 void GetSecInfo(SECURE *sec); 260 void FreeSecInfo(SECURE *sec); 261 SEC_INFO *TokenInfoToSecInfo(void *p_t); 262 void FreeSecInfoMemory(SEC_INFO *s); 263 264 #ifdef OS_WIN32 265 266 bool Win32IsDeviceSupported(SECURE_DEVICE *dev); 267 bool Win32LoadSecModule(SECURE *sec); 268 void Win32FreeSecModule(SECURE *sec); 269 270 #endif // OS_WIN32 271 272 273 #ifdef SECURE_C 274 // Internal data structure 275 // The list of supported secure devices 276 static LIST *SecureDeviceList = NULL; 277 278 // Supported hardware list 279 SECURE_DEVICE SupportedList[] = 280 { 281 {1, SECURE_IC_CARD, "Standard-9 IC Card", "Dai Nippon Printing", "DNPS9P11.DLL"}, 282 {2, SECURE_USB_TOKEN, "ePass 1000", "Feitian Technologies", "EP1PK111.DLL"}, 283 {3, SECURE_IC_CARD, "DNP Felica", "Dai Nippon Printing", "DNPFP11.DLL"}, 284 {4, SECURE_USB_TOKEN, "eToken", "Aladdin", "ETPKCS11.DLL"}, 285 {5, SECURE_IC_CARD, "Standard-9 IC Card", "Fujitsu", "F3EZSCL2.DLL"}, 286 {6, SECURE_IC_CARD, "ASECard", "Athena", "ASEPKCS.DLL"}, 287 {7, SECURE_IC_CARD, "Gemplus IC Card", "Gemplus", "PK2PRIV.DLL"}, 288 {8, SECURE_IC_CARD, "1-Wire & iButton", "DALLAS SEMICONDUCTOR", "DSPKCS.DLL"}, 289 {9, SECURE_IC_CARD, "JPKI IC Card", "Japanese Government", "JPKIPKCS11.DLL"}, 290 {10, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9.DLL"}, 291 {11, SECURE_IC_CARD, "LGWAN IC Card", "Japanese Government", "P11STD9A.DLL"}, 292 {12, SECURE_USB_TOKEN, "iKey 1000", "Rainbow Technologies", "K1PK112.DLL"}, 293 {13, SECURE_IC_CARD, "JPKI IC Card #2", "Japanese Government", "libmusclepkcs11.dll"}, 294 {14, SECURE_USB_TOKEN, "SafeSign", "A.E.T.", "aetpkss1.dll"}, 295 {15, SECURE_USB_TOKEN, "LOCK STAR-PKI", "Logicaltech Co.,LTD", "LTPKCS11.dll"}, 296 {16, SECURE_USB_TOKEN, "ePass 2000", "Feitian Technologies", "ep2pk11.dll"}, 297 {17, SECURE_IC_CARD, "myuToken", "iCanal Inc.", "icardmodpk.dll"}, 298 {18, SECURE_IC_CARD, "Gemalto .NET", "Gemalto", "gtop11dotnet.dll"}, 299 {19, SECURE_IC_CARD, "Gemalto .NET 64bit", "Gemalto", "gtop11dotnet64.dll"}, 300 {20, SECURE_USB_TOKEN, "ePass 2003", "Feitian Technologies", "eps2003csp11.dll"}, 301 {21, SECURE_USB_TOKEN, "ePass 1000ND/2000/3000", "Feitian Technologies", "ngp11v211.dll"}, 302 {22, SECURE_USB_TOKEN, "CryptoID", "Longmai Technology", "cryptoide_pkcs11.dll"}, 303 {23, SECURE_USB_TOKEN, "RuToken", "Aktiv Co.", "rtPKCS11.dll"}, 304 {24, SECURE_IC_CARD, "JPKI IC Card (64-bit)", "Japanese Government", "JPKIPKCS1164.DLL"}, 305 }; 306 307 #ifdef OS_WIN32 308 309 // Win32 internal data 310 typedef struct SEC_DATA_WIN32 311 { 312 HINSTANCE hInst; 313 } SEC_DATA_WIN32; 314 315 #endif // OS_WIN32 316 317 #endif // SECURE_C 318 319 #endif // SECURE_H 320