From 29fc4839b7aaf76c3587cf0d268546fd1d1390c4 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 21 Feb 2017 14:56:07 +0100 Subject: Build debug-log-free library for increased security Signed-off-by: Szczepan Zalega --- CMakeLists.txt | 6 +++++ NitrokeyManager.cc | 6 ++--- device.cc | 38 +++++++++++++++--------------- include/CommandFailedException.h | 2 +- include/LibraryException.h | 2 +- include/LongOperationInProgressException.h | 2 +- include/device_proto.h | 34 +++++++++++++------------- include/log.h | 7 ++++++ include/misc.h | 2 +- 9 files changed, 56 insertions(+), 43 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 89ab66d..0ed907b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -71,13 +71,19 @@ ENDIF() IF (NOT LIBNITROKEY_STATIC) add_library(nitrokey SHARED ${SOURCE_FILES}) + add_library(nitrokey-log SHARED ${SOURCE_FILES}) install (TARGETS nitrokey DESTINATION "lib") SET(LIBNAME nitrokey) ELSE() add_library(nitrokey-static STATIC ${SOURCE_FILES}) + add_library(nitrokey-static-log STATIC ${SOURCE_FILES}) SET(LIBNAME nitrokey-static) ENDIF() target_link_libraries(${LIBNAME} hidapi-libusb) +target_link_libraries(${LIBNAME}-log hidapi-libusb) + +SET_TARGET_PROPERTIES(${LIBNAME} PROPERTIES COMPILE_DEFINITIONS "NO_LOG") + file(GLOB LIB_INCLUDES "include/libnitrokey/*.h") install (FILES ${LIB_INCLUDES} DESTINATION "include") diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 62687b3..1e5c14e 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -22,7 +22,7 @@ namespace nitrokey{ // throw EmptySourceStringException(slot_number); return; const size_t s_dest = sizeof dest; - nitrokey::log::Log::instance()(std::string("strcpyT sizes dest src ") + LOG(std::string("strcpyT sizes dest src ") +std::to_string(s_dest)+ " " +std::to_string(strlen(src))+ " " ,nitrokey::log::Loglevel::DEBUG_L2); @@ -45,7 +45,7 @@ namespace nitrokey{ template void NitrokeyManager::authorize_packet(T &package, const char *admin_temporary_password, shared_ptr device){ if (!is_authorization_command_supported()){ - Log::instance()("Authorization command not supported, skipping", Loglevel::WARNING); + LOG("Authorization command not supported, skipping", Loglevel::WARNING); } auto auth = get_payload(); strcpyT(auth.temporary_password, admin_temporary_password); @@ -311,7 +311,7 @@ namespace nitrokey{ break; } default: - Log::instance()(string(__FILE__) + to_string(__LINE__) + + LOG(string(__FILE__) + to_string(__LINE__) + string(__FUNCTION__) + string(" Unhandled device model for HOTP") , Loglevel::DEBUG); break; diff --git a/device.cc b/device.cc index fcc3ba7..7201087 100644 --- a/device.cc +++ b/device.cc @@ -31,12 +31,12 @@ Device::Device(const uint16_t vid, const uint16_t pid, const DeviceModel model, bool Device::disconnect() { //called in object's destructor - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); std::lock_guard lock(mex_dev_com); - Log::instance()(std::string(__FUNCTION__) + std::string(m_model==DeviceModel::PRO?"PRO":"STORAGE"), Loglevel::DEBUG_L2); - Log::instance()(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); + LOG(std::string(__FUNCTION__) + std::string(m_model==DeviceModel::PRO?"PRO":"STORAGE"), Loglevel::DEBUG_L2); + LOG(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); - Log::instance()(std::string("Disconnection success: ") + std::to_string(mp_devhandle == nullptr), Loglevel::DEBUG_L2); + LOG(std::string("Disconnection success: ") + std::to_string(mp_devhandle == nullptr), Loglevel::DEBUG_L2); if(mp_devhandle == nullptr) return false; hid_close(mp_devhandle); @@ -46,24 +46,24 @@ bool Device::disconnect() { return true; } bool Device::connect() { - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); std::lock_guard lock(mex_dev_com); - Log::instance()(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); + LOG(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); // hid_init(); // done automatically on hid_open mp_devhandle = hid_open(m_vid, m_pid, nullptr); const auto success = mp_devhandle != nullptr; - Log::instance()(std::string("Connection success: ") + std::to_string(success), Loglevel::DEBUG_L2); + LOG(std::string("Connection success: ") + std::to_string(success), Loglevel::DEBUG_L2); return success; } int Device::send(const void *packet) { - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); std::lock_guard lock(mex_dev_com); - Log::instance()(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); + LOG(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); if (mp_devhandle == nullptr) { - Log::instance()(std::string("Connection fail") , Loglevel::DEBUG_L2); + LOG(std::string("Connection fail") , Loglevel::DEBUG_L2); throw DeviceNotConnected("Attempted HID send on an invalid descriptor."); } @@ -72,15 +72,15 @@ int Device::send(const void *packet) { } int Device::recv(void *packet) { - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); std::lock_guard lock(mex_dev_com); - Log::instance()(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); + LOG(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); int status; int retry_count = 0; if (mp_devhandle == nullptr){ - Log::instance()(std::string("Connection fail") , Loglevel::DEBUG_L2); + LOG(std::string("Connection fail") , Loglevel::DEBUG_L2); throw DeviceNotConnected("Attempted HID receive on an invalid descriptor."); } @@ -94,20 +94,20 @@ int Device::recv(void *packet) { auto pwherr = hid_error(mp_devhandle); std::wstring wherr = (pwherr != nullptr) ? pwherr : L"No error message"; std::string herr(wherr.begin(), wherr.end()); - Log::instance()(std::string("libhid error message: ") + herr, + LOG(std::string("libhid error message: ") + herr, Loglevel::DEBUG_L2); if (status > 0) break; // success if (retry_count++ >= m_retry_receiving_count) { - Log::instance()( + LOG( "Maximum retry count reached: " + std::to_string(retry_count), Loglevel::WARNING); - Log::instance()( + LOG( std::string("Counter stats: ") + m_counters.get_as_string(), Loglevel::DEBUG); break; } - Log::instance()("Retrying... " + std::to_string(retry_count), + LOG("Retrying... " + std::to_string(retry_count), Loglevel::DEBUG); std::this_thread::sleep_for(m_retry_timeout); } @@ -116,7 +116,7 @@ int Device::recv(void *packet) { } bool Device::could_be_enumerated() { - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); std::lock_guard lock(mex_dev_com); if (mp_devhandle==nullptr){ return false; @@ -135,7 +135,7 @@ bool Device::could_be_enumerated() { void Device::show_stats() { auto s = m_counters.get_as_string(); - Log::instance()(s, Loglevel::DEBUG_L2); + LOG(s, Loglevel::DEBUG_L2); } Stick10::Stick10(): diff --git a/include/CommandFailedException.h b/include/CommandFailedException.h index 6ff9a2d..417e850 100644 --- a/include/CommandFailedException.h +++ b/include/CommandFailedException.h @@ -20,7 +20,7 @@ public: CommandFailedException(uint8_t last_command_id, uint8_t last_command_status) : last_command_id(last_command_id), last_command_status(last_command_status){ - nitrokey::log::Log::instance()(std::string("CommandFailedException, status: ")+ std::to_string(last_command_status), nitrokey::log::Loglevel::DEBUG); + LOG(std::string("CommandFailedException, status: ")+ std::to_string(last_command_status), nitrokey::log::Loglevel::DEBUG); } virtual const char *what() const throw() { diff --git a/include/LibraryException.h b/include/LibraryException.h index daf0155..b9303ad 100644 --- a/include/LibraryException.h +++ b/include/LibraryException.h @@ -83,7 +83,7 @@ public: TooLongStringException(size_t size_source, size_t size_destination, const std::string &message = "") : size_source( size_source), size_destination(size_destination), message(message) { - nitrokey::log::Log::instance()(std::string("TooLongStringException, size diff: ")+ std::to_string(size_source-size_destination), nitrokey::log::Loglevel::DEBUG); + LOG(std::string("TooLongStringException, size diff: ")+ std::to_string(size_source-size_destination), nitrokey::log::Loglevel::DEBUG); } diff --git a/include/LongOperationInProgressException.h b/include/LongOperationInProgressException.h index 7f182b0..5b441c0 100644 --- a/include/LongOperationInProgressException.h +++ b/include/LongOperationInProgressException.h @@ -15,7 +15,7 @@ public: LongOperationInProgressException( unsigned char _command_id, uint8_t last_command_status, unsigned char _progress_bar_value) : CommandFailedException(_command_id, last_command_status), progress_bar_value(_progress_bar_value){ - nitrokey::log::Log::instance()( + LOG( std::string("LongOperationInProgressException, progress bar status: ")+ std::to_string(progress_bar_value), nitrokey::log::Loglevel::DEBUG); } diff --git a/include/device_proto.h b/include/device_proto.h index 3519123..ea8f136 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -218,7 +218,7 @@ namespace nitrokey { static std::mutex send_receive_mtx; std::lock_guard guard(send_receive_mtx); - Log::instance()(__FUNCTION__, Loglevel::DEBUG_L2); + LOG(__FUNCTION__, Loglevel::DEBUG_L2); if (dev == nullptr){ throw DeviceNotConnected("Device not initialized"); @@ -236,8 +236,8 @@ namespace nitrokey { outp.payload = payload; outp.update_CRC(); - Log::instance()("Outgoing HID packet:", Loglevel::DEBUG); - Log::instance()(static_cast(outp), Loglevel::DEBUG); + LOG("Outgoing HID packet:", Loglevel::DEBUG); + LOG(static_cast(outp), Loglevel::DEBUG); if (!outp.isValid()) throw std::runtime_error("Invalid outgoing packet"); @@ -249,7 +249,7 @@ namespace nitrokey { status = dev->send(&outp); if (status <= 0){ //FIXME early disconnection not yet working properly -// Log::instance()("Encountered communication error, disconnecting device", Loglevel::DEBUG_L2); +// LOG("Encountered communication error, disconnecting device", Loglevel::DEBUG_L2); // dev->disconnect(); dev->m_counters.sending_error++; throw DeviceSendingFailure( @@ -268,7 +268,7 @@ namespace nitrokey { if (dev->get_device_model() == DeviceModel::STORAGE && resp.command_id >= stick20::CMD_START_VALUE && resp.command_id < stick20::CMD_END_VALUE ) { - Log::instance()(std::string("Detected storage device cmd, status: ") + + LOG(std::string("Detected storage device cmd, status: ") + std::to_string(resp.storage_status.device_status), Loglevel::DEBUG_L2); resp.last_command_status = static_cast(stick10::command_status::ok); @@ -286,7 +286,7 @@ namespace nitrokey { resp.device_status = static_cast(stick10::device_status::ok); break; default: - Log::instance()(std::string("Unknown storage device status, cannot translate: ") + + LOG(std::string("Unknown storage device status, cannot translate: ") + std::to_string(resp.storage_status.device_status), Loglevel::DEBUG); resp.device_status = resp.storage_status.device_status; break; @@ -306,11 +306,11 @@ namespace nitrokey { dev->m_counters.busy++; if (busy_counter++<10) { receiving_retry_counter++; - Log::instance()("Status busy, not decreasing receiving_retry_counter counter: " + + LOG("Status busy, not decreasing receiving_retry_counter counter: " + std::to_string(receiving_retry_counter), Loglevel::DEBUG_L2); } else { busy_counter = 0; - Log::instance()("Status busy, decreasing receiving_retry_counter counter: " + + LOG("Status busy, decreasing receiving_retry_counter counter: " + std::to_string(receiving_retry_counter), Loglevel::DEBUG); } } @@ -320,7 +320,7 @@ namespace nitrokey { successful_communication = true; break; } - Log::instance()(std::string("Retry status - dev status, awaited cmd crc, correct packet CRC: ") + LOG(std::string("Retry status - dev status, awaited cmd crc, correct packet CRC: ") + std::to_string(resp.device_status) + " " + std::to_string(CRC_equal_awaited) + " " + std::to_string(resp.isCRCcorrect()), Loglevel::DEBUG_L2); @@ -329,18 +329,18 @@ namespace nitrokey { if (!CRC_equal_awaited) dev->m_counters.CRC_other_than_awaited++; - Log::instance()( + LOG( "Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...", Loglevel::DEBUG); - Log::instance()("Invalid incoming HID packet:", Loglevel::DEBUG_L2); - Log::instance()(static_cast(resp), Loglevel::DEBUG_L2); + LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2); + LOG(static_cast(resp), Loglevel::DEBUG_L2); dev->m_counters.total_retries++; std::this_thread::sleep_for(dev->get_retry_timeout()); continue; } if (successful_communication) break; - Log::instance()(std::string("Resending (outer loop) "), Loglevel::DEBUG_L2); - Log::instance()(std::string("sending_retry_counter count: ") + std::to_string(sending_retry_counter), + LOG(std::string("Resending (outer loop) "), Loglevel::DEBUG_L2); + LOG(std::string("sending_retry_counter count: ") + std::to_string(sending_retry_counter), Loglevel::DEBUG); } @@ -355,9 +355,9 @@ namespace nitrokey { std::to_string(status)); } - Log::instance()("Incoming HID packet:", Loglevel::DEBUG); - Log::instance()(static_cast(resp), Loglevel::DEBUG); - Log::instance()(std::string("receiving_retry_counter count: ") + std::to_string(receiving_retry_counter), + LOG("Incoming HID packet:", Loglevel::DEBUG); + LOG(static_cast(resp), Loglevel::DEBUG); + LOG(std::string("receiving_retry_counter count: ") + std::to_string(receiving_retry_counter), Loglevel::DEBUG); if (resp.device_status == static_cast(stick10::device_status::busy) && diff --git a/include/log.h b/include/log.h index 695884b..a3e8281 100644 --- a/include/log.h +++ b/include/log.h @@ -53,4 +53,11 @@ class Log { } } + +#ifdef NO_LOG +#define LOG(string, level) while(false){} +#else +#define LOG(string, level) nitrokey::log::Log::instance()((string), (level)) +#endif + #endif diff --git a/include/misc.h b/include/misc.h index c39c741..111d772 100644 --- a/include/misc.h +++ b/include/misc.h @@ -28,7 +28,7 @@ namespace misc { // throw EmptySourceStringException(slot_number); return; const size_t s_dest = sizeof dest; - nitrokey::log::Log::instance()(std::string("strcpyT sizes dest src ") + LOG(std::string("strcpyT sizes dest src ") +std::to_string(s_dest)+ " " +std::to_string(strlen(src))+ " " ,nitrokey::log::Loglevel::DEBUG); -- cgit v1.2.3