diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2017-05-13 01:15:26 +0200 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2017-05-13 10:13:05 +0200 |
commit | 59ae52487d142fb2b13407419351255c667faa14 (patch) | |
tree | 06a256eb98a2602cb23097bc09fe66b67a73e917 | |
parent | be0d677aa2e7eb87a309dc3927c0917380892641 (diff) | |
download | libnitrokey-59ae52487d142fb2b13407419351255c667faa14.tar.gz libnitrokey-59ae52487d142fb2b13407419351255c667faa14.tar.bz2 |
Do not log volatile data
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r-- | include/command.h | 11 | ||||
-rw-r--r-- | include/device_proto.h | 3 | ||||
-rw-r--r-- | include/dissect.h | 4 | ||||
-rw-r--r-- | include/stick10_commands.h | 73 | ||||
-rw-r--r-- | include/stick10_commands_0.8.h | 8 | ||||
-rw-r--r-- | include/stick20_commands.h | 12 |
6 files changed, 65 insertions, 46 deletions
diff --git a/include/command.h b/include/command.h index fc374f7..bf3cb4e 100644 --- a/include/command.h +++ b/include/command.h @@ -4,6 +4,13 @@ #include "command_id.h" #include "cxx_semantics.h" +#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#ifdef LOG_VOLATILE_DATA +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#else +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl ); +#endif + namespace nitrokey { namespace proto { @@ -18,7 +25,6 @@ namespace nitrokey { } }; -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); namespace stick20{ enum class PasswordKind : uint8_t { User = 'P', @@ -37,7 +43,7 @@ namespace stick20{ std::string dissect() const { std::stringstream ss; print_to_ss( kind ); - print_to_ss(password); + print_to_ss_volatile(password); return ss.str(); } void set_kind_admin() { @@ -79,6 +85,5 @@ namespace stick20{ } } } -#undef print_to_ss #endif diff --git a/include/device_proto.h b/include/device_proto.h index 964c2d9..ad2dbae 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -236,6 +236,7 @@ namespace nitrokey { outp.payload = payload; outp.update_CRC(); + LOG("-------------------", Loglevel::DEBUG); LOG("Outgoing HID packet:", Loglevel::DEBUG); LOG(static_cast<std::string>(outp), Loglevel::DEBUG); @@ -334,7 +335,7 @@ namespace nitrokey { LOG( "Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...", - Loglevel::DEBUG); + Loglevel::DEBUG_L2); LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2); LOG(static_cast<std::string>(resp), Loglevel::DEBUG_L2); dev->m_counters.total_retries++; diff --git a/include/dissect.h b/include/dissect.h index 8992c56..69a5129 100644 --- a/include/dissect.h +++ b/include/dissect.h @@ -20,8 +20,10 @@ class QueryDissector : semantics::non_constructible { static std::string dissect(const HIDPacket &pod) { std::stringstream out; +#ifdef LOG_VOLATILE_DATA out << "Raw HID packet:" << std::endl; out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif out << "Contents:" << std::endl; out << "Command ID:\t" << commandid_to_string((CommandID)(pod.command_id)) @@ -83,8 +85,10 @@ class ResponseDissector : semantics::non_constructible { // FIXME use values from firmware (possibly generate separate // header automatically) +#ifdef LOG_VOLATILE_DATA out << "Raw HID packet:" << std::endl; out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif out << "Device status:\t" << pod.device_status + 0 << " " << status_translate_device(pod.device_status) << std::endl; diff --git a/include/stick10_commands.h b/include/stick10_commands.h index 74b73a8..af8d2bd 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -119,8 +119,7 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:" << std::endl - << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret); + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -171,7 +170,7 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:\t" << slot_secret << std::endl; + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "slot_token_id:\t"; for (auto i : slot_token_id) @@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_login\t" << (const char*) slot_login << std::endl; + print_to_ss_volatile(slot_login); return ss.str(); } } __packed; @@ -555,7 +554,7 @@ class SetPasswordSafeSlotData : Command<CommandID::SET_PW_SAFE_SLOT_DATA_1> { std::stringstream ss; ss << " slot_number\t" << (int)slot_number << std::endl; ss << " slot_name\t" << (const char*) slot_name << std::endl; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command<CommandID::SET_PW_SAFE_SLOT_DATA_2> { bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { - std::stringstream ss; - ss << " slot_number\t" << (int)slot_number << std::endl; - ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl; - return ss.str(); + std::stringstream ss; + ss << " slot_number\t" << (int)slot_number << std::endl; + print_to_ss_volatile(slot_login_name); + return ss.str(); } } __packed; @@ -609,7 +608,7 @@ class EnablePasswordSafe : Command<CommandID::PW_SAFE_ENABLE> { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " user_password\t" << (const char*) user_password << std::endl; + print_to_ss_volatile(user_password); return ss.str(); } } __packed; @@ -683,7 +682,7 @@ class FirstAuthenticate : Command<CommandID::FIRST_AUTHENTICATE> { std::string dissect() const { std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; + print_to_ss_volatile(card_password); ss << "temporary_password:\t" << temporary_password << std::endl; return ss.str(); } @@ -701,10 +700,10 @@ class UserAuthenticate : Command<CommandID::USER_AUTHENTICATE> { bool isValid() const { return true; } std::string dissect() const { - std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; - ss << "temporary_password:\t" << temporary_password << std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(card_password); + ss << "temporary_password:\t" << temporary_password << std::endl; + return ss.str(); } } __packed; @@ -753,9 +752,10 @@ class UnlockUserPassword : Command<CommandID::UNLOCK_USER_PASSWORD> { uint8_t admin_password[25]; uint8_t user_new_password[25]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + print_to_ss_volatile(user_new_password); + return ss.str(); } } __packed; @@ -769,10 +769,10 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -785,9 +785,9 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> { struct CommandPayload { uint8_t user_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " user_password:\t" << user_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(user_password); + return ss.str(); } } __packed; @@ -795,16 +795,17 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> { CommandTransaction; }; + class ChangeAdminPin : Command<CommandID::CHANGE_ADMIN_PIN> { public: struct CommandPayload { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -823,9 +824,9 @@ class FactoryReset : Command<CommandID::FACTORY_RESET> { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; @@ -838,9 +839,9 @@ class BuildAESKey : Command<CommandID::NEW_AES_KEY> { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h index 4337bb7..3aa60e3 100644 --- a/include/stick10_commands_0.8.h +++ b/include/stick10_commands_0.8.h @@ -90,8 +90,12 @@ namespace nitrokey { ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; ss << "type:\t" << type << std::endl; ss << "id:\t" << (int)id << std::endl; +#ifdef LOG_VOLATILE_DATA ss << "data:" << std::endl << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else + ss << " Volatile data not logged" << std::endl; +#endif return ss.str(); } } __packed; @@ -105,8 +109,12 @@ namespace nitrokey { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; +#ifdef LOG_VOLATILE_DATA ss << "data:" << std::endl << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else + ss << " Volatile data not logged" << std::endl; +#endif return ss.str(); } } __packed; diff --git a/include/stick20_commands.h b/include/stick20_commands.h index 61758f6..5f99d28 100644 --- a/include/stick20_commands.h +++ b/include/stick20_commands.h @@ -3,7 +3,7 @@ -#include <stdint.h> +#include <cstdint> #include "command.h" #include <string> #include <sstream> @@ -18,7 +18,7 @@ namespace nitrokey { * STICK20 protocol command ids * a superset (almost) of STICK10 */ -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); + namespace stick20 { class ChangeAdminUserPin20Current : @@ -46,8 +46,8 @@ namespace nitrokey { uint8_t new_update_password[20]; std::string dissect() const { std::stringstream ss; - print_to_ss( current_update_password ); - print_to_ss( new_update_password ); + print_to_ss_volatile( current_update_password ); + print_to_ss_volatile( new_update_password ); return ss.str(); } }; @@ -78,7 +78,7 @@ namespace nitrokey { std::stringstream ss; print_to_ss( (int) volume_flag ); print_to_ss( kind ); - print_to_ss(admin_pin); + print_to_ss_volatile(admin_pin); return ss.str(); } void set_kind_user() { @@ -274,7 +274,7 @@ namespace nitrokey { print_to_ss((int) SlotNr_u8); print_to_ss((int) StartBlockPercent_u8); print_to_ss((int) EndBlockPercent_u8); - print_to_ss(HiddenVolumePassword_au8); + print_to_ss_volatile(HiddenVolumePassword_au8); return ss.str(); } } __packed; |