summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSzczepan Zalega <szczepan@nitrokey.com>2017-05-13 01:15:26 +0200
committerSzczepan Zalega <szczepan@nitrokey.com>2017-05-13 10:13:05 +0200
commit59ae52487d142fb2b13407419351255c667faa14 (patch)
tree06a256eb98a2602cb23097bc09fe66b67a73e917
parentbe0d677aa2e7eb87a309dc3927c0917380892641 (diff)
downloadlibnitrokey-59ae52487d142fb2b13407419351255c667faa14.tar.gz
libnitrokey-59ae52487d142fb2b13407419351255c667faa14.tar.bz2
Do not log volatile data
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
-rw-r--r--include/command.h11
-rw-r--r--include/device_proto.h3
-rw-r--r--include/dissect.h4
-rw-r--r--include/stick10_commands.h73
-rw-r--r--include/stick10_commands_0.8.h8
-rw-r--r--include/stick20_commands.h12
6 files changed, 65 insertions, 46 deletions
diff --git a/include/command.h b/include/command.h
index fc374f7..bf3cb4e 100644
--- a/include/command.h
+++ b/include/command.h
@@ -4,6 +4,13 @@
#include "command_id.h"
#include "cxx_semantics.h"
+#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
+#ifdef LOG_VOLATILE_DATA
+#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
+#else
+#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl );
+#endif
+
namespace nitrokey {
namespace proto {
@@ -18,7 +25,6 @@ namespace nitrokey {
}
};
-#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
namespace stick20{
enum class PasswordKind : uint8_t {
User = 'P',
@@ -37,7 +43,7 @@ namespace stick20{
std::string dissect() const {
std::stringstream ss;
print_to_ss( kind );
- print_to_ss(password);
+ print_to_ss_volatile(password);
return ss.str();
}
void set_kind_admin() {
@@ -79,6 +85,5 @@ namespace stick20{
}
}
}
-#undef print_to_ss
#endif
diff --git a/include/device_proto.h b/include/device_proto.h
index 964c2d9..ad2dbae 100644
--- a/include/device_proto.h
+++ b/include/device_proto.h
@@ -236,6 +236,7 @@ namespace nitrokey {
outp.payload = payload;
outp.update_CRC();
+ LOG("-------------------", Loglevel::DEBUG);
LOG("Outgoing HID packet:", Loglevel::DEBUG);
LOG(static_cast<std::string>(outp), Loglevel::DEBUG);
@@ -334,7 +335,7 @@ namespace nitrokey {
LOG(
"Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...",
- Loglevel::DEBUG);
+ Loglevel::DEBUG_L2);
LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2);
LOG(static_cast<std::string>(resp), Loglevel::DEBUG_L2);
dev->m_counters.total_retries++;
diff --git a/include/dissect.h b/include/dissect.h
index 8992c56..69a5129 100644
--- a/include/dissect.h
+++ b/include/dissect.h
@@ -20,8 +20,10 @@ class QueryDissector : semantics::non_constructible {
static std::string dissect(const HIDPacket &pod) {
std::stringstream out;
+#ifdef LOG_VOLATILE_DATA
out << "Raw HID packet:" << std::endl;
out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod);
+#endif
out << "Contents:" << std::endl;
out << "Command ID:\t" << commandid_to_string((CommandID)(pod.command_id))
@@ -83,8 +85,10 @@ class ResponseDissector : semantics::non_constructible {
// FIXME use values from firmware (possibly generate separate
// header automatically)
+#ifdef LOG_VOLATILE_DATA
out << "Raw HID packet:" << std::endl;
out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod);
+#endif
out << "Device status:\t" << pod.device_status + 0 << " "
<< status_translate_device(pod.device_status) << std::endl;
diff --git a/include/stick10_commands.h b/include/stick10_commands.h
index 74b73a8..af8d2bd 100644
--- a/include/stick10_commands.h
+++ b/include/stick10_commands.h
@@ -119,8 +119,7 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
std::stringstream ss;
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
ss << "slot_name:\t" << slot_name << std::endl;
- ss << "slot_secret:" << std::endl
- << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret);
+ print_to_ss_volatile(slot_secret);
ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;
ss << "\tuse_enter(1):\t" << use_enter << std::endl;
@@ -171,7 +170,7 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> {
std::stringstream ss;
ss << "slot_number:\t" << (int)(slot_number) << std::endl;
ss << "slot_name:\t" << slot_name << std::endl;
- ss << "slot_secret:\t" << slot_secret << std::endl;
+ print_to_ss_volatile(slot_secret);
ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;
ss << "slot_token_id:\t";
for (auto i : slot_token_id)
@@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " slot_password\t" << (const char*) slot_password << std::endl;
+ print_to_ss_volatile(slot_password);
return ss.str();
}
} __packed;
@@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " slot_login\t" << (const char*) slot_login << std::endl;
+ print_to_ss_volatile(slot_login);
return ss.str();
}
} __packed;
@@ -555,7 +554,7 @@ class SetPasswordSafeSlotData : Command<CommandID::SET_PW_SAFE_SLOT_DATA_1> {
std::stringstream ss;
ss << " slot_number\t" << (int)slot_number << std::endl;
ss << " slot_name\t" << (const char*) slot_name << std::endl;
- ss << " slot_password\t" << (const char*) slot_password << std::endl;
+ print_to_ss_volatile(slot_password);
return ss.str();
}
} __packed;
@@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command<CommandID::SET_PW_SAFE_SLOT_DATA_2> {
bool isValid() const { return !(slot_number & 0xF0); }
std::string dissect() const {
- std::stringstream ss;
- ss << " slot_number\t" << (int)slot_number << std::endl;
- ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl;
- return ss.str();
+ std::stringstream ss;
+ ss << " slot_number\t" << (int)slot_number << std::endl;
+ print_to_ss_volatile(slot_login_name);
+ return ss.str();
}
} __packed;
@@ -609,7 +608,7 @@ class EnablePasswordSafe : Command<CommandID::PW_SAFE_ENABLE> {
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
- ss << " user_password\t" << (const char*) user_password << std::endl;
+ print_to_ss_volatile(user_password);
return ss.str();
}
} __packed;
@@ -683,7 +682,7 @@ class FirstAuthenticate : Command<CommandID::FIRST_AUTHENTICATE> {
std::string dissect() const {
std::stringstream ss;
- ss << "card_password:\t" << card_password << std::endl;
+ print_to_ss_volatile(card_password);
ss << "temporary_password:\t" << temporary_password << std::endl;
return ss.str();
}
@@ -701,10 +700,10 @@ class UserAuthenticate : Command<CommandID::USER_AUTHENTICATE> {
bool isValid() const { return true; }
std::string dissect() const {
- std::stringstream ss;
- ss << "card_password:\t" << card_password << std::endl;
- ss << "temporary_password:\t" << temporary_password << std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(card_password);
+ ss << "temporary_password:\t" << temporary_password << std::endl;
+ return ss.str();
}
} __packed;
@@ -753,9 +752,10 @@ class UnlockUserPassword : Command<CommandID::UNLOCK_USER_PASSWORD> {
uint8_t admin_password[25];
uint8_t user_new_password[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ print_to_ss_volatile(user_new_password);
+ return ss.str();
}
} __packed;
@@ -769,10 +769,10 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> {
uint8_t old_pin[25];
uint8_t new_pin[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " old_pin:\t" << old_pin<< std::endl;
- ss << " new_pin:\t" << new_pin<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(old_pin);
+ print_to_ss_volatile(new_pin);
+ return ss.str();
}
} __packed;
@@ -785,9 +785,9 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {
struct CommandPayload {
uint8_t user_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " user_password:\t" << user_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(user_password);
+ return ss.str();
}
} __packed;
@@ -795,16 +795,17 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {
CommandTransaction;
};
+
class ChangeAdminPin : Command<CommandID::CHANGE_ADMIN_PIN> {
public:
struct CommandPayload {
uint8_t old_pin[25];
uint8_t new_pin[25];
std::string dissect() const {
- std::stringstream ss;
- ss << " old_pin:\t" << old_pin<< std::endl;
- ss << " new_pin:\t" << new_pin<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(old_pin);
+ print_to_ss_volatile(new_pin);
+ return ss.str();
}
} __packed;
@@ -823,9 +824,9 @@ class FactoryReset : Command<CommandID::FACTORY_RESET> {
struct CommandPayload {
uint8_t admin_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ return ss.str();
}
} __packed;
@@ -838,9 +839,9 @@ class BuildAESKey : Command<CommandID::NEW_AES_KEY> {
struct CommandPayload {
uint8_t admin_password[20];
std::string dissect() const {
- std::stringstream ss;
- ss << " admin_password:\t" << admin_password<< std::endl;
- return ss.str();
+ std::stringstream ss;
+ print_to_ss_volatile(admin_password);
+ return ss.str();
}
} __packed;
diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h
index 4337bb7..3aa60e3 100644
--- a/include/stick10_commands_0.8.h
+++ b/include/stick10_commands_0.8.h
@@ -90,8 +90,12 @@ namespace nitrokey {
ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl;
ss << "type:\t" << type << std::endl;
ss << "id:\t" << (int)id << std::endl;
+#ifdef LOG_VOLATILE_DATA
ss << "data:" << std::endl
<< ::nitrokey::misc::hexdump((const char *) (&data), sizeof data);
+#else
+ ss << " Volatile data not logged" << std::endl;
+#endif
return ss.str();
}
} __packed;
@@ -105,8 +109,12 @@ namespace nitrokey {
bool isValid() const { return true; }
std::string dissect() const {
std::stringstream ss;
+#ifdef LOG_VOLATILE_DATA
ss << "data:" << std::endl
<< ::nitrokey::misc::hexdump((const char *) (&data), sizeof data);
+#else
+ ss << " Volatile data not logged" << std::endl;
+#endif
return ss.str();
}
} __packed;
diff --git a/include/stick20_commands.h b/include/stick20_commands.h
index 61758f6..5f99d28 100644
--- a/include/stick20_commands.h
+++ b/include/stick20_commands.h
@@ -3,7 +3,7 @@
-#include <stdint.h>
+#include <cstdint>
#include "command.h"
#include <string>
#include <sstream>
@@ -18,7 +18,7 @@ namespace nitrokey {
* STICK20 protocol command ids
* a superset (almost) of STICK10
*/
-#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );
+
namespace stick20 {
class ChangeAdminUserPin20Current :
@@ -46,8 +46,8 @@ namespace nitrokey {
uint8_t new_update_password[20];
std::string dissect() const {
std::stringstream ss;
- print_to_ss( current_update_password );
- print_to_ss( new_update_password );
+ print_to_ss_volatile( current_update_password );
+ print_to_ss_volatile( new_update_password );
return ss.str();
}
};
@@ -78,7 +78,7 @@ namespace nitrokey {
std::stringstream ss;
print_to_ss( (int) volume_flag );
print_to_ss( kind );
- print_to_ss(admin_pin);
+ print_to_ss_volatile(admin_pin);
return ss.str();
}
void set_kind_user() {
@@ -274,7 +274,7 @@ namespace nitrokey {
print_to_ss((int) SlotNr_u8);
print_to_ss((int) StartBlockPercent_u8);
print_to_ss((int) EndBlockPercent_u8);
- print_to_ss(HiddenVolumePassword_au8);
+ print_to_ss_volatile(HiddenVolumePassword_au8);
return ss.str();
}
} __packed;