aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2018-02-23 09:37:31 +0100
committerSzczepan Zalega <szczepan@nitrokey.com>2018-02-23 15:42:39 +0100
commit4e6d39e9aae54658eb68a739d9eff55ab797c204 (patch)
tree4d36bd0a860a375349cdd28d78dd79b8081aa2ef
parent9b37634dd5c0783cc73e0317979968d0c454155e (diff)
downloadlibnitrokey-4e6d39e9aae54658eb68a739d9eff55ab797c204.tar.gz
libnitrokey-4e6d39e9aae54658eb68a739d9eff55ab797c204.tar.bz2
Divide unencrypted volume ro/rw commands for backward compatibility
Unencrypted volume ro/rw: rename user_admin_pin -> admin_pin to be consistent with latest API. Update description. Document PIN requirements in C++ API Extract pin type function Add C API for separate unencrypted volume read write handling Use correct commands to set ro/rw mode of unencrypted volume Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r--NK_C_API.cc22
-rw-r--r--NK_C_API.h43
-rw-r--r--NitrokeyManager.cc60
-rw-r--r--include/NitrokeyManager.h55
4 files changed, 149 insertions, 31 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc
index 8ce318f..f881caf 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -495,17 +495,31 @@ extern "C" {
});
}
- NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin) {
+ NK_C_API int NK_set_unencrypted_read_only(const char *user_pin) {
auto m = NitrokeyManager::instance();
return get_without_result([&]() {
- m->set_unencrypted_read_only(user_admin_pin);
+ m->set_unencrypted_read_only(user_pin);
});
}
- NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin) {
+ NK_C_API int NK_set_unencrypted_read_write(const char *user_pin) {
auto m = NitrokeyManager::instance();
return get_without_result([&]() {
- m->set_unencrypted_read_write(user_admin_pin);
+ m->set_unencrypted_read_write(user_pin);
+ });
+ }
+
+ NK_C_API int NK_set_unencrypted_read_only_admin(const char *admin_pin) {
+ auto m = NitrokeyManager::instance();
+ return get_without_result([&]() {
+ m->set_unencrypted_read_only_admin(admin_pin);
+ });
+ }
+
+ NK_C_API int NK_set_unencrypted_read_write_admin(const char *admin_pin) {
+ auto m = NitrokeyManager::instance();
+ return get_without_result([&]() {
+ m->set_unencrypted_read_write_admin(admin_pin);
});
}
diff --git a/NK_C_API.h b/NK_C_API.h
index 9ab29b5..73022b2 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -428,28 +428,55 @@ extern "C" {
* Make unencrypted volume read-only.
* Device hides unencrypted volume for a second therefore make sure
* buffers are flushed before running.
- * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+
+ * Does nothing if firmware version is not matched
+ * Firmware range: Storage v0.50, v0.48 and below
* Storage only
- * @param user_admin_pin 20 characters
+ * @param user_pin 20 characters User PIN
* @return command processing error code
*/
- NK_C_API int NK_set_unencrypted_read_only(const char* user_admin_pin);
+ NK_C_API int NK_set_unencrypted_read_only(const char *user_pin);
/**
* Make unencrypted volume read-write.
* Device hides unencrypted volume for a second therefore make sure
* buffers are flushed before running.
- * Accepts: User PIN for Storage v0.48 and below, Admin PIN for Storage v0.49+
+ * Does nothing if firmware version is not matched
+ * Firmware range: Storage v0.50, v0.48 and below
* Storage only
- * @param user_admin_pin 20 characters
+ * @param user_pin 20 characters User PIN
* @return command processing error code
*/
- NK_C_API int NK_set_unencrypted_read_write(const char* user_admin_pin);
+ NK_C_API int NK_set_unencrypted_read_write(const char *user_pin);
+
+ /**
+ * Make unencrypted volume read-only.
+ * Device hides unencrypted volume for a second therefore make sure
+ * buffers are flushed before running.
+ * Does nothing if firmware version is not matched
+ * Firmware range: Storage v0.49, v0.51+
+ * Storage only
+ * @param admin_pin 20 characters Admin PIN
+ * @return command processing error code
+ */
+ NK_C_API int NK_set_unencrypted_read_only_admin(const char* admin_pin);
+
+ /**
+ * Make unencrypted volume read-write.
+ * Device hides unencrypted volume for a second therefore make sure
+ * buffers are flushed before running.
+ * Does nothing if firmware version is not matched
+ * Firmware range: Storage v0.49, v0.51+
+ * Storage only
+ * @param admin_pin 20 characters Admin PIN
+ * @return command processing error code
+ */
+ NK_C_API int NK_set_unencrypted_read_write_admin(const char* admin_pin);
/**
* Make encrypted volume read-only.
* Device hides encrypted volume for a second therefore make sure
* buffers are flushed before running.
+ * Firmware range: v0.49 only, future (see firmware release notes)
* Storage only
* @param admin_pin 20 characters
* @return command processing error code
@@ -460,15 +487,13 @@ extern "C" {
* Make encrypted volume read-write.
* Device hides encrypted volume for a second therefore make sure
* buffers are flushed before running.
+ * Firmware range: v0.49 only, future (see firmware release notes)
* Storage only
* @param admin_pin 20 characters
* @return command processing error code
*/
NK_C_API int NK_set_encrypted_read_write(const char* admin_pin);
-
-
-
/**
* Exports device's firmware to unencrypted volume.
* Storage only
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index fff5d64..f912c7c 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -771,6 +771,8 @@ using nitrokey::misc::strcpyT;
case DeviceModel::STORAGE:{
auto status = stick20::GetDeviceStatus::CommandTransaction::run(device);
auto test_firmware = status.data().versionInfo.build_iteration != 0;
+ if (test_firmware)
+ LOG("Development firmware detected. Increasing minor version number.", nitrokey::log::Loglevel::WARNING);
return status.data().versionInfo.minor + (test_firmware? 1 : 0);
}
}
@@ -834,23 +836,55 @@ using nitrokey::misc::strcpyT;
stick20::SetupHiddenVolume::CommandTransaction::run(device, p);
}
- void NitrokeyManager::set_unencrypted_read_only(const char* user_admin_pin) {
- //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN
- if (get_minor_firmware_version()<=48)
- misc::execute_password_command<stick20::SendSetReadonlyToUncryptedVolume>(device, user_admin_pin);
- else
- misc::execute_password_command<stick20::SetUnencryptedVolumeReadOnlyAdmin>(device, user_admin_pin);
+ void NitrokeyManager::set_unencrypted_read_only_admin(const char* admin_pin) {
+ //from v0.49, v0.51+ it needs Admin PIN
+ if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+ LOG("set_unencrypted_read_only_admin is not supported for this version of Storage device. "
+ "Please update firmware to v0.51+", nitrokey::log::Loglevel::WARNING);
+ return;
+ }
+ misc::execute_password_command<stick20::SetUnencryptedVolumeReadOnlyAdmin>(device, admin_pin);
+ }
+
+ void NitrokeyManager::set_unencrypted_read_only(const char *user_pin) {
+ //until v0.48 (incl. v0.50) User PIN was sufficient
+ LOG("set_unencrypted_read_only is deprecated. Use set_unencrypted_read_only_admin instead.",
+ nitrokey::log::Loglevel::WARNING);
+ if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+ LOG("set_unencrypted_read_only is not supported for this version of Storage device. Doing nothing.",
+ nitrokey::log::Loglevel::WARNING);
+ return;
+ }
+ misc::execute_password_command<stick20::SendSetReadonlyToUncryptedVolume>(device, user_pin);
+ }
+
+ void NitrokeyManager::set_unencrypted_read_write_admin(const char* admin_pin) {
+ //from v0.49, v0.51+ it needs Admin PIN
+ if (set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+ LOG("set_unencrypted_read_write_admin is not supported for this version of Storage device. "
+ "Please update firmware to v0.51+.", nitrokey::log::Loglevel::WARNING);
+ return;
+ }
+ misc::execute_password_command<stick20::SetUnencryptedVolumeReadWriteAdmin>(device, admin_pin);
+ }
+
+ void NitrokeyManager::set_unencrypted_read_write(const char *user_pin) {
+ //until v0.48 (incl. v0.50) User PIN was sufficient
+ LOG("set_unencrypted_read_write is deprecated. Use set_unencrypted_read_write_admin instead.",
+ nitrokey::log::Loglevel::WARNING);
+ if (!set_unencrypted_volume_rorw_pin_type_user(get_minor_firmware_version())){
+ LOG("set_unencrypted_read_write is not supported for this version of Storage device. Doing nothing.",
+ nitrokey::log::Loglevel::WARNING);
+ return;
+ }
+ misc::execute_password_command<stick20::SendSetReadwriteToUncryptedVolume>(device, user_pin);
}
- void NitrokeyManager::set_unencrypted_read_write(const char* user_admin_pin) {
- //until 0.48 User PIN was sufficient, from 0.49 it needs Admin PIN
- if (get_minor_firmware_version()<=48)
- misc::execute_password_command<stick20::SendSetReadwriteToUncryptedVolume>(device, user_admin_pin);
- else
- misc::execute_password_command<stick20::SetUnencryptedVolumeReadWriteAdmin>(device, user_admin_pin);
+ bool NitrokeyManager::set_unencrypted_volume_rorw_pin_type_user(const int minor_firmware_version) const {
+ return minor_firmware_version <= 48 || minor_firmware_version == 50;
}
- void NitrokeyManager::export_firmware(const char* admin_pin) {
+ void NitrokeyManager::export_firmware(const char* admin_pin) {
misc::execute_password_command<stick20::ExportFirmware>(device, admin_pin);
}
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index 12aae0d..08da8ba 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -126,9 +126,37 @@ char * strndup(const char* str, size_t maxlen);
void unlock_hidden_volume(const char *hidden_volume_password);
void lock_hidden_volume();
- void set_unencrypted_read_only(const char *user_admin_pin);
-
- void set_unencrypted_read_write(const char *user_admin_pin);
+ /**
+ * Sets unencrypted volume read-only.
+ * Works until v0.48 (incl. v0.50), where User PIN was sufficient
+ * Does nothing otherwise.
+ * @param user_pin User PIN
+ */
+ void set_unencrypted_read_only(const char *user_pin);
+
+ /**
+ * Sets unencrypted volume read-only.
+ * Works from v0.49 (except v0.50) accepts Admin PIN
+ * Does nothing otherwise.
+ * @param admin_pin Admin PIN
+ */
+ void set_unencrypted_read_only_admin(const char *admin_pin);
+
+ /**
+ * Sets unencrypted volume read-write.
+ * Works until v0.48 (incl. v0.50), where User PIN was sufficient
+ * Does nothing otherwise.
+ * @param user_pin User PIN
+ */
+ void set_unencrypted_read_write(const char *user_pin);
+
+ /**
+ * Sets unencrypted volume read-write.
+ * Works from v0.49 (except v0.50) accepts Admin PIN
+ * Does nothing otherwise.
+ * @param admin_pin Admin PIN
+ */
+ void set_unencrypted_read_write_admin(const char *admin_pin);
void export_firmware(const char *admin_pin);
void enable_firmware_update(const char *firmware_pin);
@@ -203,13 +231,30 @@ char * strndup(const char* str, size_t maxlen);
void set_loglevel(int loglevel);
- void set_encrypted_volume_read_only(const char *admin_pin);
+ /**
+ * Sets encrypted volume read-only.
+ * Supported from future versions of Storage.
+ * @param admin_pin Admin PIN
+ */
+ void set_encrypted_volume_read_only(const char *admin_pin);
- void set_encrypted_volume_read_write(const char *admin_pin);
+ /**
+ * Sets encrypted volume read-write.
+ * Supported from future versions of Storage.
+ * @param admin_pin Admin PIN
+ */
+ void set_encrypted_volume_read_write(const char *admin_pin);
int get_major_firmware_version();
bool is_smartcard_in_use();
+
+ /**
+ * Function to determine unencrypted volume PIN type
+ * @param minor_firmware_version
+ * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise.
+ */
+ bool set_unencrypted_volume_rorw_pin_type_user(int minor_firmware_version) const;
};
}