diff options
author | Szczepan Zalega <szczepan@nitrokey.com> | 2016-11-08 17:03:48 +0100 |
---|---|---|
committer | Szczepan Zalega <szczepan@nitrokey.com> | 2016-11-26 20:21:21 +0100 |
commit | 130d7f12e42505a33f41073983d868ca0c3c78d1 (patch) | |
tree | 1e7067147c6aef95799a9b627dfbe23d18baf968 /include | |
parent | f60f2cf0144a91769a5fc00fac1314d2e00cdf0d (diff) | |
download | libnitrokey-130d7f12e42505a33f41073983d868ca0c3c78d1.tar.gz libnitrokey-130d7f12e42505a33f41073983d868ca0c3c78d1.tar.bz2 |
Fix for auth issue in NK Pro
for commands EraseSlot, WriteToSlot, GetCode + tests
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/command_id.h | 1 | ||||
-rw-r--r-- | include/stick10_commands.h | 4 | ||||
-rw-r--r-- | include/stick10_commands_0.8.h | 178 |
3 files changed, 183 insertions, 0 deletions
diff --git a/include/command_id.h b/include/command_id.h index a3806f0..1f7affc 100644 --- a/include/command_id.h +++ b/include/command_id.h @@ -65,6 +65,7 @@ enum class CommandID : uint8_t { FACTORY_RESET = 0x13, CHANGE_USER_PIN = 0x14, CHANGE_ADMIN_PIN = 0x15, + WRITE_TO_SLOT_2 = 0x16, ENABLE_CRYPTED_PARI = 0x20, DISABLE_CRYPTED_PARI = 0x20 + 1, //@unused diff --git a/include/stick10_commands.h b/include/stick10_commands.h index f02fd70..5ae2591 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -48,6 +48,7 @@ class EraseSlot : Command<CommandID::ERASE_SLOT> { public: struct CommandPayload { uint8_t slot_number; + uint8_t temporary_admin_password[25]; bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { @@ -137,6 +138,7 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> { }; class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> { + //admin auth public: struct CommandPayload { uint8_t slot_number; @@ -182,6 +184,7 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> { }; class GetTOTP : Command<CommandID::GET_CODE> { + //user auth public: struct CommandPayload { uint8_t slot_number; @@ -612,6 +615,7 @@ class PasswordSafeSendSlotViaHID : Command<CommandID::PW_SAFE_SEND_DATA> { // TODO "Device::passwordSafeSendSlotDataViaHID" class WriteGeneralConfig : Command<CommandID::WRITE_CONFIG> { + //admin auth public: struct CommandPayload { union{ diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h new file mode 100644 index 0000000..037a777 --- /dev/null +++ b/include/stick10_commands_0.8.h @@ -0,0 +1,178 @@ +// +// Created by sz on 08.11.16. +// + +#ifndef LIBNITROKEY_STICK10_COMMANDS_0_8_H +#define LIBNITROKEY_STICK10_COMMANDS_0_8_H + +#include <bitset> +#include <iomanip> +#include <string> +#include <sstream> +#include "inttypes.h" +#include "command.h" +#include "device_proto.h" + +namespace nitrokey { + namespace proto { + +/* + * Stick10 protocol definition + */ + namespace stick10_08 { + + class EraseSlot : Command<CommandID::ERASE_SLOT> { + public: + struct CommandPayload { + uint8_t slot_number; + uint8_t temporary_admin_password[25]; + + bool isValid() const { return !(slot_number & 0xF0); } + std::string dissect() const { + std::stringstream ss; + ss << "slot_number:\t" << (int)(slot_number) << std::endl; + return ss.str(); + } + } __packed; + + typedef Transaction<command_id(), struct CommandPayload, struct EmptyPayload> + CommandTransaction; + }; + + class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> { + //admin auth + public: + struct CommandPayload { + uint8_t temporary_admin_password[25]; + uint8_t slot_secret[20]; + union { + uint8_t _slot_config; + struct { + bool use_8_digits : 1; + bool use_enter : 1; + bool use_tokenID : 1; + }; + }; + union { + uint8_t slot_token_id[13]; /** OATH Token Identifier */ + struct { /** @see https://openauthentication.org/token-specs/ */ + uint8_t omp[2]; + uint8_t tt[2]; + uint8_t mui[8]; + uint8_t keyboard_layout; //disabled feature in nitroapp as of 20160805 + } slot_token_fields; + }; + + bool isValid() const { return true; } + + std::string dissect() const { + std::stringstream ss; + ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + ss << "slot_secret:" << std::endl + << ::nitrokey::misc::hexdump((const char *) (&slot_secret), sizeof slot_secret); + ss << "slot_config:\t" << std::bitset<8>((int) _slot_config) << std::endl; + ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; + ss << "\tuse_enter(1):\t" << use_enter << std::endl; + ss << "\tuse_tokenID(2):\t" << use_tokenID << std::endl; + + ss << "slot_token_id:\t"; + for (auto i : slot_token_id) + ss << std::hex << std::setw(2) << std::setfill('0') << (int) i << " "; + ss << std::endl; + + return ss.str(); + } + } __packed; + + typedef Transaction<command_id(), struct CommandPayload, struct EmptyPayload> + CommandTransaction; + }; + + class WriteToHOTPSlot_2 : Command<CommandID::WRITE_TO_SLOT_2> { + public: + struct CommandPayload { + uint8_t temporary_admin_password[25]; + uint8_t slot_number; + uint8_t slot_name[15]; + union { + uint64_t slot_counter; + uint8_t slot_counter_s[8]; + } __packed; + + bool isValid() const { return !(slot_number & 0xF0); } + + std::string dissect() const { + std::stringstream ss; + ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + ss << "slot_number:\t" << (int) (slot_number) << std::endl; + ss << "slot_name:\t" << slot_name << std::endl; + ss << "slot_counter:\t[" << (int) slot_counter << "]\t" + << ::nitrokey::misc::hexdump((const char *) (&slot_counter), sizeof slot_counter, false); + + return ss.str(); + } + } __packed; + + typedef Transaction<command_id(), struct CommandPayload, struct EmptyPayload> + CommandTransaction; + }; + + + class GetTOTP : Command<CommandID::GET_CODE> { + //user auth + public: + struct CommandPayload { + uint8_t slot_number; + uint64_t challenge; + uint64_t last_totp_time; + uint8_t last_interval; + uint8_t user_temporary_password[25]; + + bool isValid() const { return !(slot_number & 0xF0); } + std::string dissect() const { + std::stringstream ss; + ss << "slot_number:\t" << (int)(slot_number) << std::endl; + ss << "challenge:\t" << (challenge) << std::endl; + ss << "last_totp_time:\t" << (last_totp_time) << std::endl; + ss << "last_interval:\t" << (int)(last_interval) << std::endl; + return ss.str(); + } + } __packed; + + struct ResponsePayload { + union { + uint8_t whole_response[18]; //14 bytes reserved for config, but used only 1 + struct { + uint32_t code; + union{ + uint8_t _slot_config; + struct{ + bool use_8_digits : 1; + bool use_enter : 1; + bool use_tokenID : 1; + }; + }; + } __packed ; + } __packed ; + + bool isValid() const { return true; } + std::string dissect() const { + std::stringstream ss; + ss << "code:\t" << (code) << std::endl; + ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; + ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; + ss << "\tuse_enter(1):\t" << use_enter << std::endl; + ss << "\tuse_tokenID(2):\t" << use_tokenID << std::endl; + return ss.str(); + } + } __packed; + + typedef Transaction<command_id(), struct CommandPayload, struct ResponsePayload> + CommandTransaction; + }; + + + } + } +} +#endif //LIBNITROKEY_STICK10_COMMANDS_0_8_H |