aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2016-07-27 19:05:18 +0200
committerSzczepan Zalega <szczepan@nitrokey.com>2016-08-01 13:54:57 +0200
commit7b6800f7e2cf890a14e3b49d6fc7405e70d94a1e (patch)
tree36c0c8640021e726b14258835c2d6c2430b78276
parent97b2b07bf359344695059858d7dd63865df97213 (diff)
downloadlibnitrokey-7b6800f7e2cf890a14e3b49d6fc7405e70d94a1e.tar.gz
libnitrokey-7b6800f7e2cf890a14e3b49d6fc7405e70d94a1e.tar.bz2
Config options for OTP slots added to command structure
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r--NK_C_API.cc4
-rw-r--r--NK_C_API.h2
-rw-r--r--NitrokeyManager.cc10
-rw-r--r--include/NitrokeyManager.h2
-rw-r--r--include/stick10_commands.h26
-rw-r--r--unittest/test_bindings.py11
6 files changed, 37 insertions, 18 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc
index ff7ecae..1e5da56 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -212,10 +212,10 @@ extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_passwor
}
extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter,
- const char *temporary_password) {
+ bool use_8_digits, const char *temporary_password) {
auto m = NitrokeyManager::instance();
try {
- m->write_HOTP_slot(slot_number, slot_name, secret, hotp_counter, temporary_password);
+ m->write_HOTP_slot(slot_number, slot_name, secret, hotp_counter, use_8_digits, temporary_password);
}
catch (CommandFailedException & commandFailedException){
NK_last_command_status = commandFailedException.last_command_status;
diff --git a/NK_C_API.h b/NK_C_API.h
index 1334d12..458dd31 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -27,7 +27,7 @@ extern const char * NK_get_totp_slot_name(uint8_t slot_number);
extern const char * NK_get_hotp_slot_name(uint8_t slot_number);
extern int NK_erase_hotp_slot(uint8_t slot_number, const char *temporary_password);
extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_password);
-extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, const char *temporary_password);
+extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, bool use_8_digits, const char *temporary_password);
extern int NK_write_totp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password);
extern uint32_t NK_get_hotp_code(uint8_t slot_number);
extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password);
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index e1eb8a0..caf9724 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -130,7 +130,7 @@ namespace nitrokey{
bool NitrokeyManager::write_HOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter,
- const char *temporary_password) {
+ bool use_8_digits, const char *temporary_password) {
assert(is_valid_hotp_slot_number(slot_number));
assert(strlen(secret)==20); //160 bits
assert(strlen(slot_name)<=15);
@@ -141,7 +141,7 @@ namespace nitrokey{
strcpyT(payload.slot_secret, secret);
strcpyT(payload.slot_name, slot_name);
payload.slot_counter = hotp_counter;
- payload.slot_config; //TODO
+ payload.use_8_digits = use_8_digits;
auto auth = get_payload<Authorize>();
strcpyT(auth.temporary_password, temporary_password);
@@ -152,8 +152,6 @@ namespace nitrokey{
return true;
}
- enum totp_config{digits8=0, enter=1, tokenID=2};
-
bool NitrokeyManager::write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret,
uint16_t time_window, bool use_8_digits, const char *temporary_password) {
auto payload = get_payload<WriteToTOTPSlot>();
@@ -166,9 +164,7 @@ namespace nitrokey{
strcpyT(payload.slot_secret, secret);
strcpyT(payload.slot_name, slot_name);
payload.slot_interval = time_window; //FIXME naming
- bitset<8> config; //FIXME better config manipulation
- config.set(totp_config::digits8, use_8_digits);
- payload.slot_config = (uint8_t) config.to_ulong();
+ payload.use_8_digits = use_8_digits;
auto auth = get_payload<Authorize>();
strcpyT(auth.temporary_password, temporary_password);
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index 90b2d1d..3a86597 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -20,7 +20,7 @@ namespace nitrokey {
bool first_authenticate(const char *pin, const char *temporary_password);
bool write_HOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter,
- const char *temporary_password);
+ bool use_8_digits, const char *temporary_password);
bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret,
uint16_t time_window, bool use_8_digits, const char *temporary_password);
uint32_t get_HOTP_code(uint8_t slot_number, const char *user_temporary_password);
diff --git a/include/stick10_commands.h b/include/stick10_commands.h
index 7a7e2f2..6df8727 100644
--- a/include/stick10_commands.h
+++ b/include/stick10_commands.h
@@ -88,7 +88,14 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
uint8_t slot_number;
uint8_t slot_name[15];
uint8_t slot_secret[20];
- uint8_t slot_config;
+ union{
+ uint8_t _slot_config;
+ struct{
+ bool use_8_digits : 1;
+ bool use_enter : 1;
+ bool use_tokenID : 1;
+ };
+ };
uint8_t slot_token_id[13];
uint64_t slot_counter;
@@ -98,7 +105,11 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
ss << "slot_name:\t" << slot_name << std::endl;
ss << "slot_secret:\t" << slot_secret << std::endl;
- ss << "slot_config:\t" << std::bitset<8>((int)slot_config) << std::endl;
+ ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
+ ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;
+ ss << "\tuse_enter(1):\t" << use_enter << std::endl;
+ ss << "\tuse_tokenID(2):\t" << use_tokenID << std::endl;
+
ss << "slot_token_id:\t";
for (auto i : slot_token_id)
ss << std::hex << std::setw(2) << std::setfill('0')<< (int) i << " " ;
@@ -118,7 +129,14 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
uint8_t slot_number;
uint8_t slot_name[15];
uint8_t slot_secret[20];
- uint8_t slot_config;
+ union{
+ uint8_t _slot_config;
+ struct{
+ bool use_8_digits : 1;
+ bool use_enter : 1;
+ bool use_tokenID : 1;
+ };
+ };
uint8_t slot_token_id[13];
uint16_t slot_interval;
@@ -128,7 +146,7 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
ss << "slot_name:\t" << slot_name << std::endl;
ss << "slot_secret:\t" << slot_secret << std::endl;
- ss << "slot_config:\t" << std::bitset<8>((int)slot_config) << std::endl;
+ ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "slot_token_id:\t";
for (auto i : slot_token_id)
ss << std::hex << std::setw(2) << std::setfill('0')<< (int) i << " " ;
diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py
index f12a20e..59ca07f 100644
--- a/unittest/test_bindings.py
+++ b/unittest/test_bindings.py
@@ -153,7 +153,7 @@ def test_user_auth(C):
def check_RFC_codes(C, func, prep=None):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
test_data = [
755224, 287082, 359152, 969429, 338314, 254676, 287922, 162583, 399871, 520489,
]
@@ -165,19 +165,24 @@ def check_RFC_codes(C, func, prep=None):
def test_HOTP_RFC_pin_protection(C):
+ C.NK_set_debug(True)
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(True, True, True, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
# check_RFC_codes(C, lambda x: C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP), lambda: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP))
assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_get_hotp_code_PIN(1, DefaultPasswords.USER_TEMP) == 755224
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
+def test_HOTP_RFC_no_pin_protection_8digits(C):
+ assert False # TODO to write
+
+
def test_HOTP_RFC_no_pin_protection(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+ assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(True, True, True, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
# https://tools.ietf.org/html/rfc4226#page-32