summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2017-05-13 15:54:00 +0200
committerSzczepan Zalega <szczepan@nitrokey.com>2017-05-13 15:54:00 +0200
commit06c0deb7935a9390a67bc02d6c323e64c785a026 (patch)
treec8343c0e1d504b2ae7d1ff5a727084f78a015f7e
parentbe0d677aa2e7eb87a309dc3927c0917380892641 (diff)
parent3b5f40a19ca6c6fde55fcdab4ff0a9f91a46a051 (diff)
downloadlibnitrokey-06c0deb7935a9390a67bc02d6c323e64c785a026.tar.gz
libnitrokey-06c0deb7935a9390a67bc02d6c323e64c785a026.tar.bz2
Merge branch 'do_not_log_volatile_data'
-rw-r--r--NitrokeyManager.cc25
-rw-r--r--include/command.h13
-rw-r--r--include/device_proto.h12
-rw-r--r--include/dissect.h4
-rw-r--r--include/log.h2
-rw-r--r--include/misc.h9
-rw-r--r--include/stick10_commands.h95
-rw-r--r--include/stick10_commands_0.8.h20
-rw-r--r--include/stick20_commands.h12
9 files changed, 103 insertions, 89 deletions
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index 096a8c4..9a9d106 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -26,30 +26,7 @@ char * strndup(const char* str, size_t maxlen){
#endif
-
- /**
- * Copies string from pointer to fixed size C-style array. Src needs to be a valid C-string - eg. ended with '\0'.
- * Throws when source is bigger than destination.
- * @tparam T type of destination array
- * @param dest fixed size destination array
- * @param src pointer to source c-style valid string
- */
- template <typename T>
- void strcpyT(T& dest, const char* src){
-
- if (src == nullptr)
-// throw EmptySourceStringException(slot_number);
- return;
- const size_t s_dest = sizeof dest;
- LOG(std::string("strcpyT sizes dest src ")
- +std::to_string(s_dest)+ " "
- +std::to_string(strlen(src))+ " "
- ,nitrokey::log::Loglevel::DEBUG_L2);
- if (strlen(src) > s_dest){
- throw TooLongStringException(strlen(src), s_dest, src);
- }
- strncpy((char*) &dest, src, s_dest);
- }
+using nitrokey::misc::strcpyT;
template <typename T>
typename T::CommandPayload get_payload(){
diff --git a/include/command.h b/include/command.h
index fc374f7..3f711c0 100644
--- a/include/command.h
+++ b/include/command.h
@@ -4,6 +4,15 @@
#include "command_id.h"
#include "cxx_semantics.h"
+#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
+#ifdef LOG_VOLATILE_DATA
+#define print_to_ss_volatile(x) print_to_ss(x);
+#else
+#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl );
+#endif
+#define hexdump_to_ss(x) (ss << #x":\n"\
+ << ::nitrokey::misc::hexdump((const char *) (&x), sizeof x, false));
+
namespace nitrokey {
namespace proto {
@@ -18,7 +27,6 @@ namespace nitrokey {
}
};
-#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
namespace stick20{
enum class PasswordKind : uint8_t {
User = 'P',
@@ -37,7 +45,7 @@ namespace stick20{
std::string dissect() const {
std::stringstream ss;
print_to_ss( kind );
- print_to_ss(password);
+ print_to_ss_volatile(password);
return ss.str();
}
void set_kind_admin() {
@@ -79,6 +87,5 @@ namespace stick20{
}
}
}
-#undef print_to_ss
#endif
diff --git a/include/device_proto.h b/include/device_proto.h
index 964c2d9..b557384 100644
--- a/include/device_proto.h
+++ b/include/device_proto.h
@@ -236,6 +236,7 @@ namespace nitrokey {
outp.payload = payload;
outp.update_CRC();
+ LOG("-------------------", Loglevel::DEBUG);
LOG("Outgoing HID packet:", Loglevel::DEBUG);
LOG(static_cast<std::string>(outp), Loglevel::DEBUG);
@@ -334,7 +335,7 @@ namespace nitrokey {
LOG(
"Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...",
- Loglevel::DEBUG);
+ Loglevel::DEBUG_L2);
LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2);
LOG(static_cast<std::string>(resp), Loglevel::DEBUG_L2);
dev->m_counters.total_retries++;
@@ -351,6 +352,13 @@ namespace nitrokey {
clear_packet(outp);
+ if (!resp.isCRCcorrect())
+ LOGD(std::string("Accepting response from device with invalid CRC. ")
+ + "Command ID: " + std::to_string(resp.command_id) + " " +
+ commandid_to_string(static_cast<CommandID>(resp.command_id))
+ );
+
+
if (status <= 0) {
dev->m_counters.receiving_error++;
throw DeviceReceivingFailure( //FIXME replace with CriticalErrorException
@@ -361,7 +369,7 @@ namespace nitrokey {
LOG("Incoming HID packet:", Loglevel::DEBUG);
LOG(static_cast<std::string>(resp), Loglevel::DEBUG);
LOG(std::string("receiving_retry_counter count: ") + std::to_string(receiving_retry_counter),
- Loglevel::DEBUG);
+ Loglevel::DEBUG_L2);
if (resp.device_status == static_cast<uint8_t>(stick10::device_status::busy) &&
static_cast<stick20::device_status>(resp.storage_status.device_status)
diff --git a/include/dissect.h b/include/dissect.h
index 8992c56..69a5129 100644
--- a/include/dissect.h
+++ b/include/dissect.h
@@ -20,8 +20,10 @@ class QueryDissector : semantics::non_constructible {
static std::string dissect(const HIDPacket &pod) {
std::stringstream out;
+#ifdef LOG_VOLATILE_DATA
out << "Raw HID packet:" << std::endl;
out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod);
+#endif
out << "Contents:" << std::endl;
out << "Command ID:\t" << commandid_to_string((CommandID)(pod.command_id))
@@ -83,8 +85,10 @@ class ResponseDissector : semantics::non_constructible {
// FIXME use values from firmware (possibly generate separate
// header automatically)
+#ifdef LOG_VOLATILE_DATA
out << "Raw HID packet:" << std::endl;
out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod);
+#endif
out << "Device status:\t" << pod.device_status + 0 << " "
<< status_translate_device(pod.device_status) << std::endl;
diff --git a/include/log.h b/include/log.h
index e559845..80e5097 100644
--- a/include/log.h
+++ b/include/log.h
@@ -73,7 +73,7 @@ namespace nitrokey {
#ifdef NO_LOG
#define LOG(string, level) while(false){}
-#define LOGD(string, level) while(false){}
+#define LOGD(string) while(false){}
#else
#define LOG(string, level) nitrokey::log::Log::instance()((string), (level))
#define LOGD(string) nitrokey::log::Log::instance()((string), (nitrokey::log::Loglevel::DEBUG_L2))
diff --git a/include/misc.h b/include/misc.h
index 111d772..176b77c 100644
--- a/include/misc.h
+++ b/include/misc.h
@@ -21,6 +21,13 @@ namespace misc {
return oss.str();
}
+ /**
+ * Copies string from pointer to fixed size C-style array. Src needs to be a valid C-string - eg. ended with '\0'.
+ * Throws when source is bigger than destination.
+ * @tparam T type of destination array
+ * @param dest fixed size destination array
+ * @param src pointer to source c-style valid string
+ */
template <typename T>
void strcpyT(T& dest, const char* src){
@@ -31,7 +38,7 @@ namespace misc {
LOG(std::string("strcpyT sizes dest src ")
+std::to_string(s_dest)+ " "
+std::to_string(strlen(src))+ " "
- ,nitrokey::log::Loglevel::DEBUG);
+ ,nitrokey::log::Loglevel::DEBUG_L2);
if (strlen(src) > s_dest){
throw TooLongStringException(strlen(src), s_dest, src);
}
diff --git a/include/stick10_commands.h b/include/stick10_commands.h
index 74b73a8..e863328 100644
--- a/include/stick10_commands.h
+++ b/include/stick10_commands.h
@@ -39,9 +39,9 @@ class GetSlotName : public Command<CommandID::READ_SLOT_NAME> {
bool isValid() const { return true; }
std::string dissect() const {
- std::stringstream ss;
- ss << "slot_name:\t" << slot_name << std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(slot_name);
+ return ss.str();
}
} __packed;
@@ -118,9 +118,8 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
std::string dissect() const {
std::stringstream ss;
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
- ss << "slot_name:\t" << slot_name << std::endl;
- ss << "slot_secret:" << std::endl
- << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret);
+ print_to_ss_volatile(slot_name);
+ print_to_ss_volatile(slot_secret);
ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;
ss << "\tuse_enter(1):\t" << use_enter << std::endl;
@@ -170,8 +169,8 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
std::string dissect() const {
std::stringstream ss;
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
- ss << "slot_name:\t" << slot_name << std::endl;
- ss << "slot_secret:\t" << slot_secret << std::endl;
+ print_to_ss_volatile(slot_name);
+ print_to_ss_volatile(slot_secret);
ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "slot_token_id:\t";
for (auto i : slot_token_id)
@@ -324,7 +323,7 @@ class ReadSlot : Command<CommandID::READ_SLOT> {
std::string dissect() const {
std::stringstream ss;
- ss << "slot_name:\t" << slot_name << std::endl;
+ print_to_ss_volatile(slot_name);
ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;
ss << "\tuse_enter(1):\t" << use_enter << std::endl;
@@ -476,7 +475,7 @@ class GetPasswordSafeSlotName : Command<CommandID::GET_PW_SAFE_SLOT_NAME> {
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " slot_name\t" << (const char*) slot_name << std::endl;
+ print_to_ss_volatile(slot_name);
return ss.str();
}
} __packed;
@@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " slot_password\t" << (const char*) slot_password << std::endl;
+ print_to_ss_volatile(slot_password);
return ss.str();
}
} __packed;
@@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " slot_login\t" << (const char*) slot_login << std::endl;
+ print_to_ss_volatile(slot_login);
return ss.str();
}
} __packed;
@@ -554,8 +553,8 @@ class SetPasswordSafeSlotData : Command<CommandID::SET_PW_SAFE_SLOT_DATA_1> {
std::string dissect() const {
std::stringstream ss;
ss << " slot_number\t" << (int)slot_number << std::endl;
- ss << " slot_name\t" << (const char*) slot_name << std::endl;
- ss << " slot_password\t" << (const char*) slot_password << std::endl;
+ print_to_ss_volatile(slot_name);
+ print_to_ss_volatile(slot_password);
return ss.str();
}
} __packed;
@@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command<CommandID::SET_PW_SAFE_SLOT_DATA_2> {
bool isValid() const { return !(slot_number & 0xF0); }
std::string dissect() const {
- std::stringstream ss;
- ss << " slot_number\t" << (int)slot_number << std::endl;
- ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl;
- return ss.str();
+ std::stringstream ss;
+ ss << " slot_number\t" << (int)slot_number << std::endl;
+ print_to_ss_volatile(slot_login_name);
+ return ss.str();
}
} __packed;
@@ -609,7 +608,7 @@ class EnablePasswordSafe : Command<CommandID::PW_SAFE_ENABLE> {
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " user_password\t" << (const char*) user_password << std::endl;
+ print_to_ss_volatile(user_password);
return ss.str();
}
} __packed;
@@ -683,8 +682,8 @@ class FirstAuthenticate : Command<CommandID::FIRST_AUTHENTICATE> {
std::string dissect() const {
std::stringstream ss;
- ss << "card_password:\t" << card_password << std::endl;
- ss << "temporary_password:\t" << temporary_password << std::endl;
+ print_to_ss_volatile(card_password);
+ hexdump_to_ss(temporary_password);
return ss.str();
}
} __packed;
@@ -701,10 +700,10 @@ class UserAuthenticate : Command<CommandID::USER_AUTHENTICATE> {
bool isValid() const { return true; }
std::string dissect() const {
- std::stringstream ss;
- ss << "card_password:\t" << card_password << std::endl;
- ss << "temporary_password:\t" << temporary_password << std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(card_password);
+ hexdump_to_ss(temporary_password);
+ return ss.str();
}
} __packed;
@@ -721,7 +720,7 @@ class Authorize : Command<CommandID::AUTHORIZE> {
std::string dissect() const {
std::stringstream ss;
ss << " crc_to_authorize:\t" << std::hex << std::setw(2) << std::setfill('0') << crc_to_authorize<< std::endl;
- ss << " temporary_password:\t" << temporary_password<< std::endl;
+ hexdump_to_ss(temporary_password);
return ss.str();
}
} __packed;
@@ -738,7 +737,7 @@ class UserAuthorize : Command<CommandID::USER_AUTHORIZE> {
std::string dissect() const {
std::stringstream ss;
ss << " crc_to_authorize:\t" << crc_to_authorize<< std::endl;
- ss << " temporary_password:\t" << temporary_password<< std::endl;
+ hexdump_to_ss(temporary_password);
return ss.str();
}
} __packed;
@@ -753,9 +752,10 @@ class UnlockUserPassword : Command<CommandID::UNLOCK_USER_PASSWORD> {
uint8_t admin_password[25];
uint8_t user_new_password[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ print_to_ss_volatile(user_new_password);
+ return ss.str();
}
} __packed;
@@ -769,10 +769,10 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> {
uint8_t old_pin[25];
uint8_t new_pin[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " old_pin:\t" << old_pin<< std::endl;
- ss << " new_pin:\t" << new_pin<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(old_pin);
+ print_to_ss_volatile(new_pin);
+ return ss.str();
}
} __packed;
@@ -785,9 +785,9 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {
struct CommandPayload {
uint8_t user_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " user_password:\t" << user_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(user_password);
+ return ss.str();
}
} __packed;
@@ -795,16 +795,17 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {
CommandTransaction;
};
+
class ChangeAdminPin : Command<CommandID::CHANGE_ADMIN_PIN> {
public:
struct CommandPayload {
uint8_t old_pin[25];
uint8_t new_pin[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " old_pin:\t" << old_pin<< std::endl;
- ss << " new_pin:\t" << new_pin<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(old_pin);
+ print_to_ss_volatile(new_pin);
+ return ss.str();
}
} __packed;
@@ -823,9 +824,9 @@ class FactoryReset : Command<CommandID::FACTORY_RESET> {
struct CommandPayload {
uint8_t admin_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ return ss.str();
}
} __packed;
@@ -838,9 +839,9 @@ class BuildAESKey : Command<CommandID::NEW_AES_KEY> {
struct CommandPayload {
uint8_t admin_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ return ss.str();
}
} __packed;
diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h
index 4337bb7..4209380 100644
--- a/include/stick10_commands_0.8.h
+++ b/include/stick10_commands_0.8.h
@@ -9,13 +9,14 @@
#include <iomanip>
#include <string>
#include <sstream>
-#include <stdint.h>
+#include <cstdint>
#include "command.h"
#include "device_proto.h"
#include "stick10_commands.h"
#pragma pack (push,1)
+
namespace nitrokey {
namespace proto {
@@ -59,6 +60,7 @@ namespace nitrokey {
std::string dissect() const {
std::stringstream ss;
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
+ hexdump_to_ss(temporary_admin_password);
return ss.str();
}
} __packed;
@@ -87,11 +89,15 @@ namespace nitrokey {
std::string dissect() const {
std::stringstream ss;
- ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl;
+ hexdump_to_ss(temporary_admin_password);
ss << "type:\t" << type << std::endl;
ss << "id:\t" << (int)id << std::endl;
+#ifdef LOG_VOLATILE_DATA
ss << "data:" << std::endl
<< ::nitrokey::misc::hexdump((const char *) (&data), sizeof data);
+#else
+ ss << " Volatile data not logged" << std::endl;
+#endif
return ss.str();
}
} __packed;
@@ -105,8 +111,12 @@ namespace nitrokey {
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
+#ifdef LOG_VOLATILE_DATA
ss << "data:" << std::endl
<< ::nitrokey::misc::hexdump((const char *) (&data), sizeof data);
+#else
+ ss << " Volatile data not logged" << std::endl;
+#endif
return ss.str();
}
} __packed;
@@ -148,7 +158,7 @@ namespace nitrokey {
std::string dissect() const {
std::stringstream ss;
- ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl;
+ hexdump_to_ss(temporary_admin_password);
ss << "slot_config:\t" << std::bitset<8>((int) _slot_config) << std::endl;
ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;
ss << "\tuse_enter(1):\t" << use_enter << std::endl;
@@ -184,7 +194,7 @@ namespace nitrokey {
bool isValid() const { return (slot_number & 0xF0); }
std::string dissect() const {
std::stringstream ss;
- ss << "temporary_user_password:\t" << temporary_user_password << std::endl;
+ hexdump_to_ss(temporary_user_password);
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
return ss.str();
}
@@ -236,7 +246,7 @@ namespace nitrokey {
bool isValid() const { return !(slot_number & 0xF0); }
std::string dissect() const {
std::stringstream ss;
- ss << "temporary_user_password:\t" << temporary_user_password << std::endl;
+ hexdump_to_ss(temporary_user_password);
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
ss << "challenge:\t" << (challenge) << std::endl;
ss << "last_totp_time:\t" << (last_totp_time) << std::endl;
diff --git a/include/stick20_commands.h b/include/stick20_commands.h
index 61758f6..5f99d28 100644
--- a/include/stick20_commands.h
+++ b/include/stick20_commands.h
@@ -3,7 +3,7 @@
-#include <stdint.h>
+#include <cstdint>
#include "command.h"
#include <string>
#include <sstream>
@@ -18,7 +18,7 @@ namespace nitrokey {
* STICK20 protocol command ids
* a superset (almost) of STICK10
*/
-#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
+
namespace stick20 {
class ChangeAdminUserPin20Current :
@@ -46,8 +46,8 @@ namespace nitrokey {
uint8_t new_update_password[20];
std::string dissect() const {
std::stringstream ss;
- print_to_ss( current_update_password );
- print_to_ss( new_update_password );
+ print_to_ss_volatile( current_update_password );
+ print_to_ss_volatile( new_update_password );
return ss.str();
}
};
@@ -78,7 +78,7 @@ namespace nitrokey {
std::stringstream ss;
print_to_ss( (int) volume_flag );
print_to_ss( kind );
- print_to_ss(admin_pin);
+ print_to_ss_volatile(admin_pin);
return ss.str();
}
void set_kind_user() {
@@ -274,7 +274,7 @@ namespace nitrokey {
print_to_ss((int) SlotNr_u8);
print_to_ss((int) StartBlockPercent_u8);
print_to_ss((int) EndBlockPercent_u8);
- print_to_ss(HiddenVolumePassword_au8);
+ print_to_ss_volatile(HiddenVolumePassword_au8);
return ss.str();
}
} __packed;