From 59ae52487d142fb2b13407419351255c667faa14 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 13 May 2017 01:15:26 +0200 Subject: Do not log volatile data Signed-off-by: Szczepan Zalega --- include/stick10_commands.h | 73 +++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 36 deletions(-) (limited to 'include/stick10_commands.h') diff --git a/include/stick10_commands.h b/include/stick10_commands.h index 74b73a8..af8d2bd 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -119,8 +119,7 @@ class WriteToHOTPSlot : Command { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:" << std::endl - << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret); + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -171,7 +170,7 @@ class WriteToTOTPSlot : Command { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:\t" << slot_secret << std::endl; + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "slot_token_id:\t"; for (auto i : slot_token_id) @@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_login\t" << (const char*) slot_login << std::endl; + print_to_ss_volatile(slot_login); return ss.str(); } } __packed; @@ -555,7 +554,7 @@ class SetPasswordSafeSlotData : Command { std::stringstream ss; ss << " slot_number\t" << (int)slot_number << std::endl; ss << " slot_name\t" << (const char*) slot_name << std::endl; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command { bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { - std::stringstream ss; - ss << " slot_number\t" << (int)slot_number << std::endl; - ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl; - return ss.str(); + std::stringstream ss; + ss << " slot_number\t" << (int)slot_number << std::endl; + print_to_ss_volatile(slot_login_name); + return ss.str(); } } __packed; @@ -609,7 +608,7 @@ class EnablePasswordSafe : Command { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " user_password\t" << (const char*) user_password << std::endl; + print_to_ss_volatile(user_password); return ss.str(); } } __packed; @@ -683,7 +682,7 @@ class FirstAuthenticate : Command { std::string dissect() const { std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; + print_to_ss_volatile(card_password); ss << "temporary_password:\t" << temporary_password << std::endl; return ss.str(); } @@ -701,10 +700,10 @@ class UserAuthenticate : Command { bool isValid() const { return true; } std::string dissect() const { - std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; - ss << "temporary_password:\t" << temporary_password << std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(card_password); + ss << "temporary_password:\t" << temporary_password << std::endl; + return ss.str(); } } __packed; @@ -753,9 +752,10 @@ class UnlockUserPassword : Command { uint8_t admin_password[25]; uint8_t user_new_password[25]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + print_to_ss_volatile(user_new_password); + return ss.str(); } } __packed; @@ -769,10 +769,10 @@ class ChangeUserPin : Command { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -785,9 +785,9 @@ class IsAESSupported : Command { struct CommandPayload { uint8_t user_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " user_password:\t" << user_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(user_password); + return ss.str(); } } __packed; @@ -795,16 +795,17 @@ class IsAESSupported : Command { CommandTransaction; }; + class ChangeAdminPin : Command { public: struct CommandPayload { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -823,9 +824,9 @@ class FactoryReset : Command { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; @@ -838,9 +839,9 @@ class BuildAESKey : Command { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; -- cgit v1.2.1 From 79b616830381d0ea5f89e920b55f154d2e7e06ce Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 13 May 2017 10:09:02 +0200 Subject: Assume slot_names are volatile data Signed-off-by: Szczepan Zalega --- include/stick10_commands.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'include/stick10_commands.h') diff --git a/include/stick10_commands.h b/include/stick10_commands.h index af8d2bd..b38ea06 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -39,9 +39,9 @@ class GetSlotName : public Command { bool isValid() const { return true; } std::string dissect() const { - std::stringstream ss; - ss << "slot_name:\t" << slot_name << std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(slot_name); + return ss.str(); } } __packed; @@ -118,7 +118,7 @@ class WriteToHOTPSlot : Command { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; - ss << "slot_name:\t" << slot_name << std::endl; + print_to_ss_volatile(slot_name); print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; @@ -169,7 +169,7 @@ class WriteToTOTPSlot : Command { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; - ss << "slot_name:\t" << slot_name << std::endl; + print_to_ss_volatile(slot_name); print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "slot_token_id:\t"; @@ -323,7 +323,7 @@ class ReadSlot : Command { std::string dissect() const { std::stringstream ss; - ss << "slot_name:\t" << slot_name << std::endl; + print_to_ss_volatile(slot_name); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -475,7 +475,7 @@ class GetPasswordSafeSlotName : Command { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_name\t" << (const char*) slot_name << std::endl; + print_to_ss_volatile(slot_name); return ss.str(); } } __packed; @@ -553,7 +553,7 @@ class SetPasswordSafeSlotData : Command { std::string dissect() const { std::stringstream ss; ss << " slot_number\t" << (int)slot_number << std::endl; - ss << " slot_name\t" << (const char*) slot_name << std::endl; + print_to_ss_volatile(slot_name); print_to_ss_volatile(slot_password); return ss.str(); } -- cgit v1.2.1 From 1634bddb91323753546e6fe475d70d41dd79faee Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 13 May 2017 14:20:40 +0200 Subject: Log temporary password as hexdump instead of string representation Signed-off-by: Szczepan Zalega --- include/stick10_commands.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/stick10_commands.h') diff --git a/include/stick10_commands.h b/include/stick10_commands.h index b38ea06..e863328 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -683,7 +683,7 @@ class FirstAuthenticate : Command { std::string dissect() const { std::stringstream ss; print_to_ss_volatile(card_password); - ss << "temporary_password:\t" << temporary_password << std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -702,7 +702,7 @@ class UserAuthenticate : Command { std::string dissect() const { std::stringstream ss; print_to_ss_volatile(card_password); - ss << "temporary_password:\t" << temporary_password << std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -720,7 +720,7 @@ class Authorize : Command { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << std::hex << std::setw(2) << std::setfill('0') << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -737,7 +737,7 @@ class UserAuthorize : Command { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; -- cgit v1.2.1