summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile31
-rw-r--r--crc32.cc37
-rw-r--r--device.cc52
-rw-r--r--include/crc32.h32
-rw-r--r--include/cxx_semantics.h15
-rw-r--r--include/device.h65
-rw-r--r--include/device_proto.h1055
-rw-r--r--test.cc35
8 files changed, 1322 insertions, 0 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..e98e631
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,31 @@
+CC = $(PREFIX)-gcc
+CXX = $(PREFIX)-g++
+LD = $(CXX)
+
+INCLUDE = -Iinclude/
+LIB = -lhidapi-libusb
+BUILD = build
+
+CXXFLAGS = -std=c++14
+
+CXXSOURCES = $(wildcard *.cc)
+OBJ = $(CXXSOURCES:%.cc:$(BUILD)/%.o)
+
+$(BUILD)/libnitrokey.so: $(OBJ)
+ $(CXX) -shared $(OBJ) -o $@
+
+$(BUILD)/%.o: %.cc
+ $(CXX) -c $< -o $@ $(INCLUDE) $(CXXFLAGS)
+
+all: $(OBJ) $(BUILD)/libnitrokey.so
+
+clean:
+ rm $(OBJ)
+ rm $(BUILD)/libnitrokey.so
+
+mrproper: clean
+ rm $(BUILD)/*.d
+
+.PHONY: all clean mrproper
+
+include $(wildcard build/*.d)
diff --git a/crc32.cc b/crc32.cc
new file mode 100644
index 0000000..558d4ef
--- /dev/null
+++ b/crc32.cc
@@ -0,0 +1,37 @@
+/*
+ * Author: Copyright (C) Andrzej Surowiec 2012
+ *
+ *
+ * This file is part of Nitrokey.
+ *
+ * Nitrokey is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Nitrokey is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Nitrokey. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "crc32.h"
+
+
+uint32_t Crc32 (uint32_t Crc, uint32_t Data)
+{
+int i;
+
+ Crc = Crc ^ Data;
+
+ for (i = 0; i < 32; i++)
+ if (Crc & 0x80000000)
+ Crc = (Crc << 1) ^ 0x04C11DB7; // Polynomial used in STM32
+ else
+ Crc = (Crc << 1);
+
+ return (Crc);
+}
diff --git a/device.cc b/device.cc
new file mode 100644
index 0000000..c954cb7
--- /dev/null
+++ b/device.cc
@@ -0,0 +1,52 @@
+#include <chrono>
+#include <thread>
+#include <cstddef>
+#include <hidapi/hidapi.h>
+#include "device.h"
+
+using namespace device;
+
+Device::Device()
+: m_vid(0), m_pid(0),
+ m_retry_count(4),
+ m_retry_timeout(50),
+ mp_devhandle(NULL) {}
+
+bool Device::connect() {
+ hid_init();
+
+ mp_devhandle = hid_open(m_vid, m_pid, NULL);
+ return mp_devhandle != NULL;
+}
+
+CommError Device::send(const void *packet) {
+ return (CommError)(
+ hid_send_feature_report(mp_devhandle, (const unsigned char *)(packet),
+ HID_REPORT_SIZE));
+}
+
+CommError Device::recv(void *packet) {
+ CommError status;
+ int retry_count = 0;
+
+ for(;;) {
+ status = (CommError)(
+ hid_get_feature_report(mp_devhandle, (unsigned char *)(packet),
+ HID_REPORT_SIZE));
+ if (status == CommError::ERR_NO_ERROR || retry_count++ >= m_retry_count)
+ break;
+ std::this_thread::sleep_for(m_retry_timeout);
+ }
+
+ return status;
+}
+
+Stick10::Stick10() {
+ m_vid = 0x20a0;
+ m_pid = 0x4108;
+}
+
+Stick20::Stick20() {
+ m_vid = 0x20a0;
+ m_pid = 0x4109;
+}
diff --git a/include/crc32.h b/include/crc32.h
new file mode 100644
index 0000000..b0e16ff
--- /dev/null
+++ b/include/crc32.h
@@ -0,0 +1,32 @@
+/*
+ * Author: Copyright (C) Andrzej Surowiec 2012
+ *
+ *
+ * This file is part of Nitrokey.
+ *
+ * Nitrokey is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * Nitrokey is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Nitrokey. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef CRC32_H
+#define CRC32_H
+
+#ifdef _MSC_VER
+#define uint32_t unsigned long
+#else
+#include "inttypes.h"
+#endif
+
+uint32_t Crc32 (uint32_t Crc, uint32_t Data);
+
+#endif // CRC32_H
diff --git a/include/cxx_semantics.h b/include/cxx_semantics.h
new file mode 100644
index 0000000..f5d3dca
--- /dev/null
+++ b/include/cxx_semantics.h
@@ -0,0 +1,15 @@
+#ifndef CXX_SEMANTICS_H
+#define CXX_SEMANTICS_H
+
+#define __packed __attribute__((__packed__))
+
+/*
+ * There's no need to include Boost for a simple subset this project needs.
+ */
+namespace semantics {
+ class non_constructible {
+ non_constructible() {}
+ };
+}
+
+#endif
diff --git a/include/device.h b/include/device.h
new file mode 100644
index 0000000..b2d83b5
--- /dev/null
+++ b/include/device.h
@@ -0,0 +1,65 @@
+#ifndef DEVICE_H
+#define DEVICE_H
+#include <chrono>
+#include <hidapi/hidapi.h>
+#include "inttypes.h"
+
+#define HID_REPORT_SIZE 65
+
+// TODO !! SEMAPHORE
+
+namespace device {
+enum class CommError
+{
+ ERR_NO_ERROR = 0,
+ ERR_NOT_CONNECTED = -1,
+ ERR_WRONG_RESPONSE_CRC = -2,
+ ERR_SENDING = -3,
+ ERR_STATUS_NOT_OK = -4
+};
+
+class Device {
+public:
+ Device();
+
+ // lack of device is not actually an error,
+ // so it doesn't throw
+ virtual bool connect();
+
+ /*
+ * Sends packet of HID_REPORT_SIZE.
+ */
+ virtual CommError send(const void *packet);
+
+ /*
+ * Gets packet of HID_REPORT_SIZE.
+ * Can sleep. See below.
+ */
+ virtual CommError recv(void *packet);
+
+protected:
+ uint16_t m_vid;
+ uint16_t m_pid;
+
+ /*
+ * While the project uses Signal11 portable HIDAPI
+ * library, there's no way of doing it asynchronously,
+ * hence polling.
+ */
+ int m_retry_count;
+ std::chrono::milliseconds m_retry_timeout;
+
+ hid_device *mp_devhandle;
+};
+
+class Stick10 : public Device {
+public:
+ Stick10();
+};
+
+class Stick20 : public Device {
+public:
+ Stick20();
+};
+}
+#endif
diff --git a/include/device_proto.h b/include/device_proto.h
new file mode 100644
index 0000000..fb1dd4e
--- /dev/null
+++ b/include/device_proto.h
@@ -0,0 +1,1055 @@
+#ifndef DEVICE_PROTO_H
+#define DEVICE_PROTO_H
+#include <utility>
+#include <type_traits>
+#include <stdexcept>
+#include <string>
+#include <strings.h>
+// a local version for compatibility with Windows
+#include "inttypes.h"
+#include "cxx_semantics.h"
+#include "device.h"
+#include "utils/crc32.h"
+
+#define STICK20_UPDATE_MODE_VID 0x03EB
+#define STICK20_UPDATE_MODE_PID 0x2FF1
+
+#define PAYLOAD_SIZE 53
+#define PWS_SLOT_COUNT 16
+#define PWS_SLOTNAME_LENGTH 11
+#define PWS_PASSWORD_LENGTH 20
+#define PWS_LOGINNAME_LENGTH 32
+
+#define PWS_SEND_PASSWORD 0
+#define PWS_SEND_LOGINNAME 1
+#define PWS_SEND_TAB 2
+#define PWS_SEND_CR 3
+
+namespace device {
+ class Device;
+ enum class CommError;
+}
+
+static inline uint32_t crc(const uint8_t *data, size_t size) {
+ uint32_t crc = 0xffffffff;
+ const uint32_t *pend = (const uint32_t *)(data + size);
+ for (const uint32_t *p = (const uint32_t *)(data); p < pend; p++)
+ crc = Crc32 (crc, *p);
+ return crc;
+}
+
+namespace proto {
+enum class CommandID : uint8_t {
+ GET_STATUS = 0x00,
+ WRITE_TO_SLOT = 0x01,
+ READ_SLOT_NAME = 0x02,
+ READ_SLOT = 0x03,
+ GET_CODE = 0x04,
+ WRITE_CONFIG = 0x05,
+ ERASE_SLOT = 0x06,
+ FIRST_AUTHENTICATE = 0x07,
+ AUTHORIZE = 0x08,
+ GET_PASSWORD_RETRY_COUNT = 0x09,
+ CLEAR_WARNING = 0x0A,
+ SET_TIME = 0x0B,
+ TEST_COUNTER = 0x0C,
+ TEST_TIME = 0x0D,
+ USER_AUTHENTICATE = 0x0E,
+ GET_USER_PASSWORD_RETRY_COUNT = 0x0F,
+ USER_AUTHORIZE = 0x10,
+ UNLOCK_USER_PASSWORD = 0x11,
+ LOCK_DEVICE = 0x12,
+ FACTORY_RESET = 0x13,
+ CHANGE_USER_PIN = 0x14,
+ CHANGE_ADMIN_PIN = 0x15,
+
+ ENABLE_CRYPTED_PARI = 0x20,
+ DISABLE_CRYPTED_PARI,
+ ENABLE_HIDDEN_CRYPTED_PARI,
+ DISABLE_HIDDEN_CRYPTED_PARI,
+ ENABLE_FIRMWARE_UPDATE,
+ EXPORT_FIRMWARE_TO_FILE,
+ GENERATE_NEW_KEYS,
+ FILL_SD_CARD_WITH_RANDOM_CHARS,
+
+ WRITE_STATUS_DATA,
+ ENABLE_READONLY_UNCRYPTED_LUN,
+ ENABLE_READWRITE_UNCRYPTED_LUN,
+
+ SEND_PASSWORD_MATRIX,
+ SEND_PASSWORD_MATRIX_PINDATA,
+ SEND_PASSWORD_MATRIX_SETUP,
+
+ GET_DEVICE_STATUS,
+ SEND_DEVICE_STATUS,
+
+ SEND_HIDDEN_VOLUME_PASSWORD,
+ SEND_HIDDEN_VOLUME_SETUP,
+ SEND_PASSWORD,
+ SEND_NEW_PASSWORD,
+ CLEAR_NEW_SD_CARD_FOUND,
+
+ SEND_STARTUP,
+ SEND_CLEAR_STICK_KEYS_NOT_INITIATED,
+ SEND_LOCK_STICK_HARDWARE,
+
+ PRODUCTION_TEST,
+ SEND_DEBUG_DATA,
+
+ CHANGE_UPDATE_PIN,
+
+ GET_PW_SAFE_SLOT_STATUS = 0x60,
+ GET_PW_SAFE_SLOT_NAME = 0x61,
+ GET_PW_SAFE_SLOT_PASSWORD = 0x62,
+ GET_PW_SAFE_SLOT_LOGINNAME = 0x63,
+ SET_PW_SAFE_SLOT_DATA_1 = 0x64,
+ SET_PW_SAFE_SLOT_DATA_2 = 0x65,
+ PW_SAFE_ERASE_SLOT = 0x66,
+ PW_SAFE_ENABLE = 0x67,
+ PW_SAFE_INIT_KEY = 0x68,
+ PW_SAFE_SEND_DATA = 0x69,
+ SD_CARD_HIGH_WATERMARK = 0x70,
+ DETECT_SC_AES = 0x6a,
+ NEW_AES_KEY = 0x6b
+};
+
+/*
+ * POD types for HID proto commands
+ * Instances are meant to be __packed.
+ *
+ * TODO (future) support for Big Endian
+ */
+
+/*
+ * Every packet is a USB HID report (check USB spec)
+ */
+template <CommandID cmd_id, typename Payload>
+struct HIDReport {
+ uint8_t _zero;
+ CommandID command_id; // uint8_t
+ union {
+ uint8_t _padding[HID_REPORT_SIZE - 6];
+ Payload payload;
+ } __packed;
+ uint32_t crc;
+
+ // POD types can't have non-default constructors
+ // used in Transaction<>::run()
+ void initialize() {
+ bzero(this, sizeof *this);
+ command_id = cmd_id;
+ }
+
+ uint32_t calculate_CRC() const {
+ // w/o leading zero, a part of each HID packet
+ // w/o 4-byte crc
+ return ::crc((const uint8_t *)(this) + 1,
+ (size_t)(HID_REPORT_SIZE - 5));
+ }
+
+ void update_CRC() {
+ crc = calculate_CRC();
+ }
+
+ bool isCRCcorrect() const {
+ return crc == calculate_CRC();
+ }
+
+ bool isValid() const {
+ return !_zero && payload.isValid() && isCRCcorrect();
+ }
+} __packed;
+
+/*
+ * Response payload (the parametrized type inside struct HIDReport)
+ *
+ * command_id member in incoming HIDReport structure carries the command
+ * type last used.
+ */
+template <typename ResponsePayload>
+struct DeviceResponse {
+ uint8_t _zero;
+ uint8_t device_status;
+ uint8_t last_command_type;
+ uint32_t last_command_crc;
+ uint8_t last_command_status;
+ union {
+ uint8_t _padding[HID_REPORT_SIZE - 12];
+ ResponsePayload payload;
+ } __packed;
+ uint32_t crc;
+
+ void initialize() {
+ bzero(this, sizeof *this);
+ }
+
+ uint32_t calculate_CRC() const {
+ // w/o leading zero, a part of each HID packet
+ // w/o 4-byte crc
+ return ::crc((const uint8_t *)(this) + 1,
+ (size_t)(HID_REPORT_SIZE - 5));
+ }
+
+ void update_CRC() {
+ crc = calculate_CRC();
+ }
+
+ bool isCRCcorrect() const {
+ return crc == calculate_CRC();
+ }
+
+ bool isValid() const {
+ return !_zero && payload.isValid() && isCRCcorrect();
+ }
+} __packed;
+
+struct EmptyPayload {
+ uint8_t _data[];
+
+ bool isValid() const {
+ return true;
+ }
+} __packed;
+
+template<CommandID cmd_id, typename command_payload,
+ typename response_payload>
+class Transaction : semantics::non_constructible {
+public:
+ // Types declared in command class scope can't be reached from there.
+ typedef command_payload CommandPayload;
+ typedef response_payload ResponsePayload;
+
+ typedef struct HIDReport<cmd_id, CommandPayload> OutgoingPacket;
+ typedef struct DeviceResponse<ResponsePayload> ResponsePacket;
+
+ static_assert(std::is_pod<OutgoingPacket>::value,
+ "OutgoingPacket must be a POD type");
+ static_assert(std::is_pod<ResponsePacket>::value,
+ "ResponsePacket must be a POD type");
+ static_assert(sizeof(OutgoingPacket) == HID_REPORT_SIZE,
+ "OutgoingPacket type is not the right size");
+ static_assert(sizeof(ResponsePacket) == HID_REPORT_SIZE,
+ "ResponsePacket type is not the right size");
+
+ static response_payload run(device::Device &dev,
+ const command_payload &payload) {
+ using namespace device;
+
+ CommError status;
+ OutgoingPacket outp;
+ ResponsePacket resp;
+
+ // POD types can't have non-default constructors
+ outp.initialize();
+ resp.initialize();
+
+ outp.payload = payload;
+ outp.update_CRC();
+
+ if (!outp.isValid())
+ throw std::runtime_error("Invalid outgoing packet");
+
+ status = dev.send(&outp);
+ if ((int)(status) < 0 && status != CommError::ERR_NO_ERROR)
+ throw std::runtime_error(
+ std::string("Device error while sending command ") +
+ std::to_string((int)(status)));
+
+ status = dev.recv(&resp);
+ if ((int)(status) < 0 && status != CommError::ERR_NO_ERROR)
+ throw std::runtime_error(
+ std::string("Device error while executing command ") +
+ std::to_string((int)(status)));
+
+ if (!resp.isValid())
+ throw std::runtime_error("Invalid incoming packet");
+
+ // See: DeviceResponse
+ return resp.payload;
+ }
+
+ static response_payload run(device::Device &dev) {
+ command_payload empty_payload;
+ return run(dev, empty_payload);
+ }
+};
+
+/*
+ * Stick10 protocol definition
+ */
+namespace stick10 {
+ namespace command {
+ class GetSlotName : semantics::non_constructible {
+ public:
+ // reachable as a typedef in Transaction
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t slot_name[15];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::READ_SLOT_NAME,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class EraseSlot : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::ERASE_SLOT,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SetTime : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t reset; // 0 - get time, 1 - set time
+ uint64_t time; // posix time
+
+ bool isValid() const {
+ return reset && reset != 1;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::SET_TIME,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ // TODO duplicate TOTP
+ class WriteToHOTPSlot : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint8_t slot_name[15];
+ uint8_t slot_secret[20];
+ uint8_t slot_config;
+ uint8_t slot_token_id[13];
+ uint8_t slot_counter[8];
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::WRITE_TO_SLOT,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class WriteToTOTPSlot : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint8_t slot_name[15];
+ uint8_t slot_secret[20];
+ uint8_t slot_config;
+ uint8_t slot_token_id[13];
+ uint16_t slot_interval;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::WRITE_TO_SLOT,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class GetCode : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint64_t challenge;
+ uint64_t last_totp_time;
+ uint8_t last_interval;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t code[18];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_CODE,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetHOTP : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_CODE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ReadSlot : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t slot_name[15];
+ uint8_t config;
+ uint8_t token_id[13];
+ uint64_t counter;
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::READ_SLOT,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetStatus : semantics::non_constructible {
+ public:
+ struct ResponsePayload {
+ uint16_t firmware_version;
+ uint8_t card_serial[4];
+ uint8_t general_config[3];
+ uint8_t otp_password_config[2];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_STATUS,
+ struct EmptyPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetPasswordRetryCount : semantics::non_constructible {
+ public:
+ struct ResponsePayload {
+ uint8_t password_retry_count;
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_PASSWORD_RETRY_COUNT,
+ struct EmptyPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetUserPasswordRetryCount : semantics::non_constructible {
+ public:
+ struct ResponsePayload {
+ uint8_t password_retry_count;
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_USER_PASSWORD_RETRY_COUNT,
+ struct EmptyPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetPasswordSafeSlotStatus : semantics::non_constructible {
+ public:
+ struct ResponsePayload {
+ uint8_t password_safe_status[PWS_SLOT_COUNT];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_PW_SAFE_SLOT_STATUS,
+ struct EmptyPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetPasswordSafeSlotName : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t slot_name[PWS_SLOTNAME_LENGTH];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_PW_SAFE_SLOT_NAME,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetPasswordSafeSlotPassword : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t slot_password[PWS_PASSWORD_LENGTH];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_PW_SAFE_SLOT_PASSWORD,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class GetPasswordSafeSlotLogin : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ struct ResponsePayload {
+ uint8_t slot_login[PWS_LOGINNAME_LENGTH];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::GET_PW_SAFE_SLOT_LOGINNAME,
+ struct CommandPayload,
+ struct ResponsePayload> CommandTransaction;
+ };
+
+ class SetPasswordSafeSlotData : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint8_t slot_name[PWS_SLOTNAME_LENGTH];
+ uint8_t slot_password[PWS_PASSWORD_LENGTH];
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::SET_PW_SAFE_SLOT_DATA_1,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SetPasswordSafeSlotData2 : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint8_t slot_name[PWS_SLOTNAME_LENGTH];
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::SET_PW_SAFE_SLOT_DATA_2,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ErasePasswordSafeSlot : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::PW_SAFE_ERASE_SLOT,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class EnablePasswordSafe : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::PW_SAFE_ENABLE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class PasswordSafeInitKey : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::PW_SAFE_INIT_KEY,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ // TODO naming screwed up, see above
+ class PasswordSafeSendSlotViaHID: semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t slot_number;
+ uint8_t slot_kind;
+
+ bool isValid() const {
+ return !(slot_number & 0xF0);
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::PW_SAFE_SEND_DATA,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+
+ // TODO "Device::passwordSafeSendSlotDataViaHID"
+
+ class WriteGeneralConfig : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t config[5];
+ } __packed;
+
+ typedef Transaction<CommandID::WRITE_CONFIG,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class FirstAuthenticate : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t card_password[25];
+ uint8_t temporary_password[25];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::FIRST_AUTHENTICATE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class UserAuthenticate : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t card_password[25];
+ uint8_t temporary_password[25];
+
+ bool isValid() const {
+ return true;
+ }
+ } __packed;
+
+ typedef Transaction<CommandID::USER_AUTHENTICATE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class Authorize : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t crc[4];
+ uint8_t password[25];
+ } __packed;
+
+ typedef Transaction<CommandID::AUTHORIZE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class UserAuthorize : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t crc[4];
+ uint8_t password[25];
+ } __packed;
+
+ typedef Transaction<CommandID::USER_AUTHORIZE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class UnlockUserPassword : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t admin_password[20]; // TODO
+ } __packed;
+
+ // TODO could we get the stick to return the retry count?
+
+ typedef Transaction<CommandID::UNLOCK_USER_PASSWORD,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ChangeUserPin : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t old_pin[25];
+ uint8_t new_pin[25];
+ } __packed;
+
+ typedef Transaction<CommandID::CHANGE_USER_PIN,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ // TODO why is it needed?
+ class IsAESSupported : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[20];
+ } __packed;
+
+ typedef Transaction<CommandID::DETECT_SC_AES,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ChangeAdminPin : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t old_pin[25];
+ uint8_t new_pin[25];
+ } __packed;
+
+ typedef Transaction<CommandID::CHANGE_ADMIN_PIN,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class LockDevice : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::LOCK_DEVICE,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class FactoryReset : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[20];
+ } __packed;
+
+ typedef Transaction<CommandID::FACTORY_RESET,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class BuildAESKey : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[20];
+ } __packed;
+
+ typedef Transaction<CommandID::NEW_AES_KEY,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+ }
+}
+
+/*
+* STICK20 protocol command ids
+* a superset of STICK10
+*/
+namespace stick20 {
+ namespace command {
+ class EnableEncryptedPartition : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30]; // TODO check w/ firmware
+ };
+
+ typedef Transaction<CommandID::ENABLE_CRYPTED_PARI,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class DisableEncryptedPartition : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::DISABLE_CRYPTED_PARI,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class EnableHiddenEncryptedPartition : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30]; // TODO check w/ firmware
+ };
+
+ typedef Transaction<CommandID::ENABLE_HIDDEN_CRYPTED_PARI,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class DisableHiddenEncryptedPartition : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::DISABLE_CRYPTED_PARI,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class EnableFirmwareUpdate : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30]; // TODO check w/ firmware
+ };
+
+ typedef Transaction<CommandID::ENABLE_FIRMWARE_UPDATE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class UpdatePassword : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t old_password[15];
+ uint8_t new_password[15];
+ };
+
+ typedef Transaction<CommandID::CHANGE_UPDATE_PIN,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ExportFirmware : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::EXPORT_FIRMWARE_TO_FILE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class CreateNewKeys : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::GENERATE_NEW_KEYS,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class FillSDCardWithRandomChars : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t volume_flag;
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::FILL_SD_CARD_WITH_RANDOM_CHARS,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SetupHiddenVolume : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::SEND_HIDDEN_VOLUME_SETUP,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendPasswordMatrix : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::SEND_PASSWORD_MATRIX,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendPasswordMatrixPinData : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t pin_data[30]; // TODO how long actually can it be?
+ };
+
+ typedef Transaction<CommandID::SEND_PASSWORD_MATRIX_PINDATA,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendPasswordMatrixSetup : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t setup_data[30]; // TODO how long actually can it be?
+ };
+
+ typedef Transaction<CommandID::SEND_PASSWORD_MATRIX_SETUP,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class GetDeviceStatus : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::GET_DEVICE_STATUS,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendPassword : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::SEND_PASSWORD,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendNewPassword : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::SEND_NEW_PASSWORD,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ // TODO fix original nomenclature
+ class SendSetReadonlyToUncryptedVolume : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::ENABLE_READWRITE_UNCRYPTED_LUN,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendSetReadwriteToUncryptedVolume : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::ENABLE_READWRITE_UNCRYPTED_LUN,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendClearNewSdCardFound : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::CLEAR_NEW_SD_CARD_FOUND,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendStartup : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint64_t localtime; // POSIX
+ };
+
+ typedef Transaction<CommandID::SEND_STARTUP,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class SendHiddenVolumeSetup : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ // TODO HiddenVolumeSetup_tst type
+ };
+
+ typedef Transaction<CommandID::SEND_HIDDEN_VOLUME_SETUP,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class LockFirmware : semantics::non_constructible {
+ public:
+ struct CommandPayload {
+ uint8_t password[30];
+ };
+
+ typedef Transaction<CommandID::SEND_LOCK_STICK_HARDWARE,
+ struct CommandPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+
+ class ProductionTest : semantics::non_constructible {
+ public:
+ typedef Transaction<CommandID::PRODUCTION_TEST,
+ struct EmptyPayload,
+ struct EmptyPayload> CommandTransaction;
+ };
+ }
+}
+}
+
+#endif
diff --git a/test.cc b/test.cc
new file mode 100644
index 0000000..5c59c60
--- /dev/null
+++ b/test.cc
@@ -0,0 +1,35 @@
+#include <iostream>
+#include <string.h>
+#include "device_proto.h"
+#include "device.h"
+
+using namespace std;
+
+using namespace device;
+using namespace proto;
+using namespace proto::stick10::command;
+
+int main() {
+ Stick20 stick;
+ cout << stick.connect() << endl;
+
+ {
+ auto resp = GetStatus::CommandTransaction::run(stick);
+ cout << resp.firmware_version << endl;
+ }
+
+ {
+ FirstAuthenticate::CommandTransaction::CommandPayload authreq;
+ strcpy((char *)(authreq.card_password), "12345678");
+ FirstAuthenticate::CommandTransaction::run(stick, authreq);
+ }
+
+ {
+ for (int i=0; i<32; i++) {
+ GetSlotName::CommandTransaction::CommandPayload slotname_req;
+ slotname_req.slot_number=i;
+ auto slot_resp = GetSlotName::CommandTransaction::run(stick);
+ cout << slot_resp.slot_name << endl;
+ }
+ }
+}