diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2016-07-27 18:29:54 +0200 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2016-08-01 13:54:57 +0200 |
commit | 20f5f690b15d1d245555f8c3aab4a502781cdeb4 (patch) | |
tree | b7082cabd556713b601bbf74823a6288abf3ff43 | |
parent | 5f3e5514f0fad2b59f24b687fc8501a26eaf0ab5 (diff) | |
download | libnitrokey-20f5f690b15d1d245555f8c3aab4a502781cdeb4.tar.gz libnitrokey-20f5f690b15d1d245555f8c3aab4a502781cdeb4.tar.bz2 |
Authorizing getting OTP codes - initial version
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r-- | NK_C_API.cc | 17 | ||||
-rw-r--r-- | NK_C_API.h | 2 | ||||
-rw-r--r-- | NitrokeyManager.cc | 33 | ||||
-rw-r--r-- | include/NitrokeyManager.h | 6 |
4 files changed, 43 insertions, 15 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc index d93fafc..ff7ecae 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -154,10 +154,15 @@ extern const char * NK_status() { return ""; } -extern uint32_t NK_get_hotp_code(uint8_t slot_number){ + +extern uint32_t NK_get_hotp_code(uint8_t slot_number) { + return NK_get_hotp_code_PIN(slot_number, ""); +} + +extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password){ auto m = NitrokeyManager::instance(); try { - return m->get_HOTP_code(slot_number); + return m->get_HOTP_code(slot_number, user_temporary_password); } catch (CommandFailedException & commandFailedException){ NK_last_command_status = commandFailedException.last_command_status; @@ -167,9 +172,14 @@ extern uint32_t NK_get_hotp_code(uint8_t slot_number){ extern uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval){ + return NK_get_totp_code_PIN(slot_number, challenge, last_totp_time, last_interval, ""); +} + +extern uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, + uint8_t last_interval, const char* user_temporary_password){ auto m = NitrokeyManager::instance(); try { - return m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval); + return m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password); } catch (CommandFailedException & commandFailedException){ NK_last_command_status = commandFailedException.last_command_status; @@ -380,6 +390,5 @@ extern int NK_erase_password_safe_slot(uint8_t slot_number) { }); } - } @@ -30,7 +30,9 @@ extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_passwor extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, const char *temporary_password); extern int NK_write_totp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password); extern uint32_t NK_get_hotp_code(uint8_t slot_number); +extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password); extern uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval); +extern uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval, const char* user_temporary_password); extern int NK_totp_set_time(uint64_t time); extern int NK_totp_get_time(); //passwords diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 2e2ad3d..e1eb8a0 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -19,6 +19,16 @@ namespace nitrokey{ return st; } + + // package type to auth, auth type [Authorize,UserAuthorize] + template <typename S, typename A, typename T> + void auth_package(T& package, const char* admin_temporary_password, Device * device){ + auto auth = get_payload<A>(); + strcpyT(auth.temporary_password, admin_temporary_password); + auth.crc_to_authorize = S::CommandTransaction::getCRC(package); + A::CommandTransaction::run(*device, auth); + } + NitrokeyManager * NitrokeyManager::_instance = nullptr; NitrokeyManager::NitrokeyManager(): device(nullptr) { @@ -55,12 +65,17 @@ namespace nitrokey{ return response.dissect(); } - uint32_t NitrokeyManager::get_HOTP_code(uint8_t slot_number) { + uint32_t NitrokeyManager::get_HOTP_code(uint8_t slot_number, const char *user_temporary_password) { assert(is_valid_hotp_slot_number(slot_number)); auto gh = get_payload<GetHOTP>(); gh.slot_number = get_internal_slot_number_for_hotp(slot_number); - auto resp = GetHOTP::CommandTransaction::run(*device, gh); + //TODO handle user authorization requests (taken from config) + if(user_temporary_password != nullptr && strlen(user_temporary_password)!=0){ //FIXME use string instead of strlen + auth_package<GetHOTP, UserAuthorize>(gh, user_temporary_password, device); + } + + auto resp = GetHOTP::CommandTransaction::run(*device, gh); return resp.code; } @@ -71,7 +86,8 @@ namespace nitrokey{ uint8_t NitrokeyManager::get_internal_slot_number_for_hotp(uint8_t slot_number) const { return (uint8_t) (0x10 + slot_number); } uint32_t NitrokeyManager::get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, - uint8_t last_interval) { + uint8_t last_interval, + const char *user_temporary_password) { assert(is_valid_totp_slot_number(slot_number)); slot_number = get_internal_slot_number_for_totp(slot_number); auto gt = get_payload<GetTOTP>(); @@ -79,8 +95,11 @@ namespace nitrokey{ gt.challenge = challenge; gt.last_interval = last_interval; gt.last_totp_time = last_totp_time; - auto resp = GetTOTP::CommandTransaction::run(*device, gt); //TODO handle user authorization requests (taken from config) + if(user_temporary_password != nullptr && strlen(user_temporary_password)!=0){ //FIXME use string instead of strlen + auth_package<GetTOTP, UserAuthorize>(gt, user_temporary_password, device); + } + auto resp = GetTOTP::CommandTransaction::run(*device, gt); return resp.code; } @@ -321,6 +340,7 @@ namespace nitrokey{ UnlockUserPassword::CommandTransaction::run(*device, p); } + void NitrokeyManager::write_config(bool numlock, bool capslock, bool scrolllock, bool enable_user_password, bool delete_user_password, const char *admin_temporary_password) { auto p = get_payload<WriteGeneralConfig>(); p.numlock = (uint8_t) numlock; @@ -329,10 +349,7 @@ namespace nitrokey{ p.enable_user_password = (uint8_t) enable_user_password; p.delete_user_password = (uint8_t) delete_user_password; - auto auth = get_payload<Authorize>(); - strcpyT(auth.temporary_password, admin_temporary_password); - auth.crc_to_authorize = WriteGeneralConfig::CommandTransaction::getCRC(p); - Authorize::CommandTransaction::run(*device, auth); + auth_package<WriteGeneralConfig, Authorize>(p, admin_temporary_password, device); WriteGeneralConfig::CommandTransaction::run(*device, p); } diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index a63b51f..90b2d1d 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -23,9 +23,9 @@ namespace nitrokey { const char *temporary_password); bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password); - uint32_t get_HOTP_code(uint8_t slot_number); - uint32_t get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, - uint8_t last_interval); + uint32_t get_HOTP_code(uint8_t slot_number, const char *user_temporary_password); + uint32_t get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval, + const char *user_temporary_password); bool set_time(uint64_t time); bool get_time(); bool erase_totp_slot(uint8_t slot_number, const char *temporary_password); |