Authorizing getting OTP codes - initial version

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>

4 files changed, 43 insertions, 15 deletions

diff --git a/NK_C_API.cc b/NK_C_API.cc
index d93fafc..ff7ecae 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -154,10 +154,15 @@ extern const char * NK_status() {
     return "";
 }
 
-extern uint32_t NK_get_hotp_code(uint8_t slot_number){
+
+extern uint32_t NK_get_hotp_code(uint8_t slot_number) {
+    return NK_get_hotp_code_PIN(slot_number, "");
+}
+
+extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password){
     auto m = NitrokeyManager::instance();
     try {
-        return m->get_HOTP_code(slot_number);
+        return m->get_HOTP_code(slot_number, user_temporary_password);
     }
     catch (CommandFailedException & commandFailedException){
         NK_last_command_status = commandFailedException.last_command_status;
@@ -167,9 +172,14 @@ extern uint32_t NK_get_hotp_code(uint8_t slot_number){
 
 extern uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
                                  uint8_t last_interval){
+    return NK_get_totp_code_PIN(slot_number, challenge, last_totp_time, last_interval, "");
+}
+
+extern uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+                                 uint8_t last_interval, const char* user_temporary_password){
     auto m = NitrokeyManager::instance();
     try {
-        return m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval);
+        return m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password);
     }
     catch (CommandFailedException & commandFailedException){
         NK_last_command_status = commandFailedException.last_command_status;
@@ -380,6 +390,5 @@ extern int NK_erase_password_safe_slot(uint8_t slot_number) {
     });
 }
 
-
 }
 
diff --git a/NK_C_API.h b/NK_C_API.h
index 1aeeab6..1334d12 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -30,7 +30,9 @@ extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_passwor
 extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, const char *temporary_password);
 extern int NK_write_totp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password);
 extern uint32_t NK_get_hotp_code(uint8_t slot_number);
+extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password);
 extern uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval);
+extern uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval, const char* user_temporary_password);
 extern int NK_totp_set_time(uint64_t time);
 extern int NK_totp_get_time();
 //passwords
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index 2e2ad3d..e1eb8a0 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -19,6 +19,16 @@ namespace nitrokey{
         return st;
     }
 
+
+    // package type to auth, auth type [Authorize,UserAuthorize]
+    template <typename S, typename A, typename T>
+    void auth_package(T& package, const char* admin_temporary_password, Device * device){
+        auto auth = get_payload<A>();
+        strcpyT(auth.temporary_password, admin_temporary_password);
+        auth.crc_to_authorize = S::CommandTransaction::getCRC(package);
+        A::CommandTransaction::run(*device, auth);
+    }
+
     NitrokeyManager * NitrokeyManager::_instance = nullptr;
 
     NitrokeyManager::NitrokeyManager(): device(nullptr) {
@@ -55,12 +65,17 @@ namespace nitrokey{
         return response.dissect();
     }
 
-    uint32_t NitrokeyManager::get_HOTP_code(uint8_t slot_number) {
+    uint32_t NitrokeyManager::get_HOTP_code(uint8_t slot_number, const char *user_temporary_password) {
         assert(is_valid_hotp_slot_number(slot_number));
         auto gh = get_payload<GetHOTP>();
         gh.slot_number = get_internal_slot_number_for_hotp(slot_number);
-        auto resp = GetHOTP::CommandTransaction::run(*device, gh);
+
         //TODO handle user authorization requests (taken from config)
+        if(user_temporary_password != nullptr && strlen(user_temporary_password)!=0){ //FIXME use string instead of strlen
+            auth_package<GetHOTP, UserAuthorize>(gh, user_temporary_password, device);
+        }
+
+        auto resp = GetHOTP::CommandTransaction::run(*device, gh);
         return resp.code;
     }
 
@@ -71,7 +86,8 @@ namespace nitrokey{
     uint8_t NitrokeyManager::get_internal_slot_number_for_hotp(uint8_t slot_number) const { return (uint8_t) (0x10 + slot_number); }
 
     uint32_t NitrokeyManager::get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
-                                                uint8_t last_interval) {
+                                            uint8_t last_interval,
+                                            const char *user_temporary_password) {
         assert(is_valid_totp_slot_number(slot_number));
         slot_number = get_internal_slot_number_for_totp(slot_number);
         auto gt = get_payload<GetTOTP>();
@@ -79,8 +95,11 @@ namespace nitrokey{
         gt.challenge = challenge;
         gt.last_interval = last_interval;
         gt.last_totp_time = last_totp_time;
-        auto resp = GetTOTP::CommandTransaction::run(*device, gt);
         //TODO handle user authorization requests (taken from config)
+        if(user_temporary_password != nullptr && strlen(user_temporary_password)!=0){ //FIXME use string instead of strlen
+            auth_package<GetTOTP, UserAuthorize>(gt, user_temporary_password, device);
+        }
+        auto resp = GetTOTP::CommandTransaction::run(*device, gt);
         return resp.code;
     }
 
@@ -321,6 +340,7 @@ namespace nitrokey{
         UnlockUserPassword::CommandTransaction::run(*device, p);
     }
 
+
     void NitrokeyManager::write_config(bool numlock, bool capslock, bool scrolllock, bool enable_user_password, bool delete_user_password, const char *admin_temporary_password) {
         auto p = get_payload<WriteGeneralConfig>();
         p.numlock = (uint8_t) numlock;
@@ -329,10 +349,7 @@ namespace nitrokey{
         p.enable_user_password = (uint8_t) enable_user_password;
         p.delete_user_password = (uint8_t) delete_user_password;
 
-        auto auth = get_payload<Authorize>();
-        strcpyT(auth.temporary_password, admin_temporary_password);
-        auth.crc_to_authorize = WriteGeneralConfig::CommandTransaction::getCRC(p);
-        Authorize::CommandTransaction::run(*device, auth);
+        auth_package<WriteGeneralConfig, Authorize>(p, admin_temporary_password, device);
 
         WriteGeneralConfig::CommandTransaction::run(*device, p);
     }
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index a63b51f..90b2d1d 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -23,9 +23,9 @@ namespace nitrokey {
                                      const char *temporary_password);
         bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret,
                              uint16_t time_window, bool use_8_digits, const char *temporary_password);
-        uint32_t get_HOTP_code(uint8_t slot_number);
-        uint32_t get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
-                                       uint8_t last_interval);
+        uint32_t get_HOTP_code(uint8_t slot_number, const char *user_temporary_password);
+        uint32_t get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval,
+                               const char *user_temporary_password);
         bool set_time(uint64_t time);
         bool get_time();
         bool erase_totp_slot(uint8_t slot_number, const char *temporary_password);