From 59ae52487d142fb2b13407419351255c667faa14 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 13 May 2017 01:15:26 +0200 Subject: Do not log volatile data Signed-off-by: Szczepan Zalega --- include/command.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'include/command.h') diff --git a/include/command.h b/include/command.h index fc374f7..bf3cb4e 100644 --- a/include/command.h +++ b/include/command.h @@ -4,6 +4,13 @@ #include "command_id.h" #include "cxx_semantics.h" +#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#ifdef LOG_VOLATILE_DATA +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#else +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl ); +#endif + namespace nitrokey { namespace proto { @@ -18,7 +25,6 @@ namespace nitrokey { } }; -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); namespace stick20{ enum class PasswordKind : uint8_t { User = 'P', @@ -37,7 +43,7 @@ namespace stick20{ std::string dissect() const { std::stringstream ss; print_to_ss( kind ); - print_to_ss(password); + print_to_ss_volatile(password); return ss.str(); } void set_kind_admin() { @@ -79,6 +85,5 @@ namespace stick20{ } } } -#undef print_to_ss #endif -- cgit v1.2.3 From 1634bddb91323753546e6fe475d70d41dd79faee Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 13 May 2017 14:20:40 +0200 Subject: Log temporary password as hexdump instead of string representation Signed-off-by: Szczepan Zalega --- include/command.h | 4 +++- include/stick10_commands.h | 8 ++++---- include/stick10_commands_0.8.h | 12 +++++++----- 3 files changed, 14 insertions(+), 10 deletions(-) (limited to 'include/command.h') diff --git a/include/command.h b/include/command.h index bf3cb4e..3f711c0 100644 --- a/include/command.h +++ b/include/command.h @@ -6,10 +6,12 @@ #define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); #ifdef LOG_VOLATILE_DATA -#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#define print_to_ss_volatile(x) print_to_ss(x); #else #define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl ); #endif +#define hexdump_to_ss(x) (ss << #x":\n"\ + << ::nitrokey::misc::hexdump((const char *) (&x), sizeof x, false)); namespace nitrokey { namespace proto { diff --git a/include/stick10_commands.h b/include/stick10_commands.h index b38ea06..e863328 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -683,7 +683,7 @@ class FirstAuthenticate : Command { std::string dissect() const { std::stringstream ss; print_to_ss_volatile(card_password); - ss << "temporary_password:\t" << temporary_password << std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -702,7 +702,7 @@ class UserAuthenticate : Command { std::string dissect() const { std::stringstream ss; print_to_ss_volatile(card_password); - ss << "temporary_password:\t" << temporary_password << std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -720,7 +720,7 @@ class Authorize : Command { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << std::hex << std::setw(2) << std::setfill('0') << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -737,7 +737,7 @@ class UserAuthorize : Command { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h index 3aa60e3..4209380 100644 --- a/include/stick10_commands_0.8.h +++ b/include/stick10_commands_0.8.h @@ -9,13 +9,14 @@ #include #include #include -#include +#include #include "command.h" #include "device_proto.h" #include "stick10_commands.h" #pragma pack (push,1) + namespace nitrokey { namespace proto { @@ -59,6 +60,7 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; + hexdump_to_ss(temporary_admin_password); return ss.str(); } } __packed; @@ -87,7 +89,7 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; - ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + hexdump_to_ss(temporary_admin_password); ss << "type:\t" << type << std::endl; ss << "id:\t" << (int)id << std::endl; #ifdef LOG_VOLATILE_DATA @@ -156,7 +158,7 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; - ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + hexdump_to_ss(temporary_admin_password); ss << "slot_config:\t" << std::bitset<8>((int) _slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -192,7 +194,7 @@ namespace nitrokey { bool isValid() const { return (slot_number & 0xF0); } std::string dissect() const { std::stringstream ss; - ss << "temporary_user_password:\t" << temporary_user_password << std::endl; + hexdump_to_ss(temporary_user_password); ss << "slot_number:\t" << (int)(slot_number) << std::endl; return ss.str(); } @@ -244,7 +246,7 @@ namespace nitrokey { bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { std::stringstream ss; - ss << "temporary_user_password:\t" << temporary_user_password << std::endl; + hexdump_to_ss(temporary_user_password); ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "challenge:\t" << (challenge) << std::endl; ss << "last_totp_time:\t" << (last_totp_time) << std::endl; -- cgit v1.2.3