Merge pull request #91 from selvanair/pkcs11-pin-v3

pkcs11 pin prompt
OpenVPN · Nov 30, 2016 · 8020ee1 · 8020ee1
2 parents 8f57172 + be417bb
commit 8020ee1
Show file tree

Hide file tree

Showing 27 changed files with 781 additions and 36 deletions.
diff --git a/main.c b/main.c
@@ -116,6 +116,8 @@ int WINAPI _tWinMain (HINSTANCE hThisInstance,
       { password, OnPassword },
       { proxy,    OnProxy },
       { stop,     OnStop },
+      { needok,   OnNeedOk },
+      { needstr,  OnNeedStr },
       { 0,        NULL }
   };
   InitManagement(handler);

diff --git a/manage.c b/manage.c
@@ -312,6 +312,16 @@ OnManagement(SOCKET sk, LPARAM lParam)
                     if (rtmsg_handler[ready])
                         rtmsg_handler[ready](c, pos + 5);
                 }
+                else if (strncmp(pos, "NEED-OK:", 8) == 0)
+                {
+                    if (rtmsg_handler[needok])
+                        rtmsg_handler[needok](c, pos + 8);
+                }
+                else if (strncmp(pos, "NEED-STR:", 9) == 0)
+                {
+                    if (rtmsg_handler[needstr])
+                        rtmsg_handler[needstr](c, pos + 9);
+                }
             }
             else if (c->manage.cmd_queue)
             {

diff --git a/misc.c b/misc.c
@@ -40,7 +40,7 @@
  * Helper function to do base64 conversion through CryptoAPI
  * Returns TRUE on success, FALSE on error. Caller must free *output.
  */
-static BOOL
+BOOL
 Base64Encode(const char *input, int input_len, char **output)
 {
     DWORD output_len;
@@ -61,6 +61,9 @@ Base64Encode(const char *input, int input_len, char **output)
         return FALSE;
     }
     *output = (char *)malloc(output_len);
+    if (*output == NULL)
+        return FALSE;
+
     if (!CryptBinaryToStringA((const BYTE *) input, (DWORD) input_len,
         CRYPT_STRING_BASE64, *output, &output_len))
     {
@@ -80,6 +83,46 @@ Base64Encode(const char *input, int input_len, char **output)
 
     return TRUE;
 }
+/*
+ * Decode a nul-terminated base64 encoded input and save the result in
+ * an allocated buffer *output. The caller must free *output after use.
+ * The decoded output is nul-terminated so that the caller may treat
+ * it as a string when appropriate.
+ *
+ * Return the length of the decoded result (excluding nul) or -1 on
+ * error.
+ */
+int
+Base64Decode(const char *input, char **output)
+{
+    DWORD len;
+
+    PrintDebug (L"decoding %S", input);
+    if (!CryptStringToBinaryA(input, 0, CRYPT_STRING_BASE64_ANY,
+                              NULL, &len, NULL, NULL) || len == 0)
+    {
+        *output = NULL;
+        return -1;
+    }
+
+    *output = malloc(len + 1);
+    if (*output == NULL)
+        return -1;
+
+    if (!CryptStringToBinaryA(input, 0,
+        CRYPT_STRING_BASE64, (BYTE *) *output, &len, NULL, NULL))
+    {
+        free(*output);
+        *output = NULL;
+        return -1;
+    }
+
+    /* NUL terminate output */
+    (*output)[len] = '\0';
+    PrintDebug (L"Decoded output %S", *output);
+
+    return len;
+}
 
 /*
  * Helper function to convert UCS-2 text from a dialog item to UTF-8.
@@ -384,3 +427,29 @@ CheckFileAccess (const TCHAR *path, int access)
 
     return ret;
 }
+
+/*
+ * Convert a NUL terminated utf8 string to widechar. The caller must free
+ * the returned pointer. Return NULL on error.
+ */
+WCHAR *
+Widen(const char *utf8)
+{
+    WCHAR *wstr = NULL;
+    if (!utf8)
+        return wstr;
+
+    int nch = MultiByteToWideChar(CP_UTF8, 0, utf8, -1, NULL, 0);
+    if (nch > 0)
+        wstr = malloc(sizeof(WCHAR) * nch);
+    if (wstr)
+        nch =  MultiByteToWideChar(CP_UTF8, 0, utf8, -1, wstr, nch);
+
+    if (nch == 0 && wstr)
+    {
+        free (wstr);
+        wstr = NULL;
+    }
+
+    return wstr;
+}
diff --git a/misc.h b/misc.h
@@ -36,4 +36,7 @@ BOOL IsUserAdmin(VOID);
 HANDLE InitSemaphore (void);
 BOOL CheckFileAccess (const TCHAR *path, int access);
 
+BOOL Base64Encode(const char *input, int input_len, char **output);
+int Base64Decode(const char *input, char **output);
+WCHAR *Widen(const char *utf8);
 #endif
diff --git a/openvpn-gui-res.h b/openvpn-gui-res.h
@@ -62,6 +62,11 @@
 #define ID_EDT_AUTH_CHALLENGE            185
 #define ID_CHK_SAVE_PASS                 186
 
+/* Challenege Response Dialog */
+#define ID_DLG_CHALLENGE_RESPONSE        190
+#define ID_TXT_DESCRIPTION               191
+#define ID_EDT_RESPONSE                  192
+
 /* Proxy Settings Dialog */
 #define ID_DLG_PROXY                     200
 #define ID_RB_PROXY_OPENVPN              210
@@ -296,7 +301,12 @@
 /* Save password related messages */
 #define IDS_NFO_DELETE_PASS             2001
 
+/* Token password dialog related */
+#define IDS_NFO_TOKEN_PASSWORD_CAPTION  2100
+#define IDS_NFO_TOKEN_PASSWORD_REQUEST  2101
+
 /* Timer IDs */
 #define IDT_STOP_TIMER                  2500  /* Timer used to trigger force termination */
 
+
 #endif