diff options
| author | Szczepan Zalega <szczepan@nitrokey.com> | 2017-05-13 15:54:00 +0200 |
|---|---|---|
| committer | Szczepan Zalega <szczepan@nitrokey.com> | 2017-05-13 15:54:00 +0200 |
| commit | 06c0deb7935a9390a67bc02d6c323e64c785a026 (patch) | |
| tree | c8343c0e1d504b2ae7d1ff5a727084f78a015f7e | |
| parent | be0d677aa2e7eb87a309dc3927c0917380892641 (diff) | |
| parent | 3b5f40a19ca6c6fde55fcdab4ff0a9f91a46a051 (diff) | |
| download | libnitrokey-06c0deb7935a9390a67bc02d6c323e64c785a026.tar.gz libnitrokey-06c0deb7935a9390a67bc02d6c323e64c785a026.tar.bz2 | |
Merge branch 'do_not_log_volatile_data'
| -rw-r--r-- | NitrokeyManager.cc | 25 | ||||
| -rw-r--r-- | include/command.h | 13 | ||||
| -rw-r--r-- | include/device_proto.h | 12 | ||||
| -rw-r--r-- | include/dissect.h | 4 | ||||
| -rw-r--r-- | include/log.h | 2 | ||||
| -rw-r--r-- | include/misc.h | 9 | ||||
| -rw-r--r-- | include/stick10_commands.h | 95 | ||||
| -rw-r--r-- | include/stick10_commands_0.8.h | 20 | ||||
| -rw-r--r-- | include/stick20_commands.h | 12 |
9 files changed, 103 insertions, 89 deletions
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 096a8c4..9a9d106 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -26,30 +26,7 @@ char * strndup(const char* str, size_t maxlen){ #endif - - /** - * Copies string from pointer to fixed size C-style array. Src needs to be a valid C-string - eg. ended with '\0'. - * Throws when source is bigger than destination. - * @tparam T type of destination array - * @param dest fixed size destination array - * @param src pointer to source c-style valid string - */ - template <typename T> - void strcpyT(T& dest, const char* src){ - - if (src == nullptr) -// throw EmptySourceStringException(slot_number); - return; - const size_t s_dest = sizeof dest; - LOG(std::string("strcpyT sizes dest src ") - +std::to_string(s_dest)+ " " - +std::to_string(strlen(src))+ " " - ,nitrokey::log::Loglevel::DEBUG_L2); - if (strlen(src) > s_dest){ - throw TooLongStringException(strlen(src), s_dest, src); - } - strncpy((char*) &dest, src, s_dest); - } +using nitrokey::misc::strcpyT; template <typename T> typename T::CommandPayload get_payload(){ diff --git a/include/command.h b/include/command.h index fc374f7..3f711c0 100644 --- a/include/command.h +++ b/include/command.h @@ -4,6 +4,15 @@ #include "command_id.h" #include "cxx_semantics.h" +#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#ifdef LOG_VOLATILE_DATA +#define print_to_ss_volatile(x) print_to_ss(x); +#else +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl ); +#endif +#define hexdump_to_ss(x) (ss << #x":\n"\ + << ::nitrokey::misc::hexdump((const char *) (&x), sizeof x, false)); + namespace nitrokey { namespace proto { @@ -18,7 +27,6 @@ namespace nitrokey { } }; -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); namespace stick20{ enum class PasswordKind : uint8_t { User = 'P', @@ -37,7 +45,7 @@ namespace stick20{ std::string dissect() const { std::stringstream ss; print_to_ss( kind ); - print_to_ss(password); + print_to_ss_volatile(password); return ss.str(); } void set_kind_admin() { @@ -79,6 +87,5 @@ namespace stick20{ } } } -#undef print_to_ss #endif diff --git a/include/device_proto.h b/include/device_proto.h index 964c2d9..b557384 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -236,6 +236,7 @@ namespace nitrokey { outp.payload = payload; outp.update_CRC(); + LOG("-------------------", Loglevel::DEBUG); LOG("Outgoing HID packet:", Loglevel::DEBUG); LOG(static_cast<std::string>(outp), Loglevel::DEBUG); @@ -334,7 +335,7 @@ namespace nitrokey { LOG( "Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...", - Loglevel::DEBUG); + Loglevel::DEBUG_L2); LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2); LOG(static_cast<std::string>(resp), Loglevel::DEBUG_L2); dev->m_counters.total_retries++; @@ -351,6 +352,13 @@ namespace nitrokey { clear_packet(outp); + if (!resp.isCRCcorrect()) + LOGD(std::string("Accepting response from device with invalid CRC. ") + + "Command ID: " + std::to_string(resp.command_id) + " " + + commandid_to_string(static_cast<CommandID>(resp.command_id)) + ); + + if (status <= 0) { dev->m_counters.receiving_error++; throw DeviceReceivingFailure( //FIXME replace with CriticalErrorException @@ -361,7 +369,7 @@ namespace nitrokey { LOG("Incoming HID packet:", Loglevel::DEBUG); LOG(static_cast<std::string>(resp), Loglevel::DEBUG); LOG(std::string("receiving_retry_counter count: ") + std::to_string(receiving_retry_counter), - Loglevel::DEBUG); + Loglevel::DEBUG_L2); if (resp.device_status == static_cast<uint8_t>(stick10::device_status::busy) && static_cast<stick20::device_status>(resp.storage_status.device_status) diff --git a/include/dissect.h b/include/dissect.h index 8992c56..69a5129 100644 --- a/include/dissect.h +++ b/include/dissect.h @@ -20,8 +20,10 @@ class QueryDissector : semantics::non_constructible { static std::string dissect(const HIDPacket &pod) { std::stringstream out; +#ifdef LOG_VOLATILE_DATA out << "Raw HID packet:" << std::endl; out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif out << "Contents:" << std::endl; out << "Command ID:\t" << commandid_to_string((CommandID)(pod.command_id)) @@ -83,8 +85,10 @@ class ResponseDissector : semantics::non_constructible { // FIXME use values from firmware (possibly generate separate // header automatically) +#ifdef LOG_VOLATILE_DATA out << "Raw HID packet:" << std::endl; out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif out << "Device status:\t" << pod.device_status + 0 << " " << status_translate_device(pod.device_status) << std::endl; diff --git a/include/log.h b/include/log.h index e559845..80e5097 100644 --- a/include/log.h +++ b/include/log.h @@ -73,7 +73,7 @@ namespace nitrokey { #ifdef NO_LOG #define LOG(string, level) while(false){} -#define LOGD(string, level) while(false){} +#define LOGD(string) while(false){} #else #define LOG(string, level) nitrokey::log::Log::instance()((string), (level)) #define LOGD(string) nitrokey::log::Log::instance()((string), (nitrokey::log::Loglevel::DEBUG_L2)) diff --git a/include/misc.h b/include/misc.h index 111d772..176b77c 100644 --- a/include/misc.h +++ b/include/misc.h @@ -21,6 +21,13 @@ namespace misc { return oss.str(); } + /** + * Copies string from pointer to fixed size C-style array. Src needs to be a valid C-string - eg. ended with '\0'. + * Throws when source is bigger than destination. + * @tparam T type of destination array + * @param dest fixed size destination array + * @param src pointer to source c-style valid string + */ template <typename T> void strcpyT(T& dest, const char* src){ @@ -31,7 +38,7 @@ namespace misc { LOG(std::string("strcpyT sizes dest src ") +std::to_string(s_dest)+ " " +std::to_string(strlen(src))+ " " - ,nitrokey::log::Loglevel::DEBUG); + ,nitrokey::log::Loglevel::DEBUG_L2); if (strlen(src) > s_dest){ throw TooLongStringException(strlen(src), s_dest, src); } diff --git a/include/stick10_commands.h b/include/stick10_commands.h index 74b73a8..e863328 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -39,9 +39,9 @@ class GetSlotName : public Command<CommandID::READ_SLOT_NAME> { bool isValid() const { return true; } std::string dissect() const { - std::stringstream ss; - ss << "slot_name:\t" << slot_name << std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(slot_name); + return ss.str(); } } __packed; @@ -118,9 +118,8 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; - ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:" << std::endl - << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret); + print_to_ss_volatile(slot_name); + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -170,8 +169,8 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; - ss << "slot_name:\t" << slot_name << std::endl; - ss << "slot_secret:\t" << slot_secret << std::endl; + print_to_ss_volatile(slot_name); + print_to_ss_volatile(slot_secret); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "slot_token_id:\t"; for (auto i : slot_token_id) @@ -324,7 +323,7 @@ class ReadSlot : Command<CommandID::READ_SLOT> { std::string dissect() const { std::stringstream ss; - ss << "slot_name:\t" << slot_name << std::endl; + print_to_ss_volatile(slot_name); ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -476,7 +475,7 @@ class GetPasswordSafeSlotName : Command<CommandID::GET_PW_SAFE_SLOT_NAME> { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_name\t" << (const char*) slot_name << std::endl; + print_to_ss_volatile(slot_name); return ss.str(); } } __packed; @@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " slot_login\t" << (const char*) slot_login << std::endl; + print_to_ss_volatile(slot_login); return ss.str(); } } __packed; @@ -554,8 +553,8 @@ class SetPasswordSafeSlotData : Command<CommandID::SET_PW_SAFE_SLOT_DATA_1> { std::string dissect() const { std::stringstream ss; ss << " slot_number\t" << (int)slot_number << std::endl; - ss << " slot_name\t" << (const char*) slot_name << std::endl; - ss << " slot_password\t" << (const char*) slot_password << std::endl; + print_to_ss_volatile(slot_name); + print_to_ss_volatile(slot_password); return ss.str(); } } __packed; @@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command<CommandID::SET_PW_SAFE_SLOT_DATA_2> { bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { - std::stringstream ss; - ss << " slot_number\t" << (int)slot_number << std::endl; - ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl; - return ss.str(); + std::stringstream ss; + ss << " slot_number\t" << (int)slot_number << std::endl; + print_to_ss_volatile(slot_login_name); + return ss.str(); } } __packed; @@ -609,7 +608,7 @@ class EnablePasswordSafe : Command<CommandID::PW_SAFE_ENABLE> { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; - ss << " user_password\t" << (const char*) user_password << std::endl; + print_to_ss_volatile(user_password); return ss.str(); } } __packed; @@ -683,8 +682,8 @@ class FirstAuthenticate : Command<CommandID::FIRST_AUTHENTICATE> { std::string dissect() const { std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; - ss << "temporary_password:\t" << temporary_password << std::endl; + print_to_ss_volatile(card_password); + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -701,10 +700,10 @@ class UserAuthenticate : Command<CommandID::USER_AUTHENTICATE> { bool isValid() const { return true; } std::string dissect() const { - std::stringstream ss; - ss << "card_password:\t" << card_password << std::endl; - ss << "temporary_password:\t" << temporary_password << std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(card_password); + hexdump_to_ss(temporary_password); + return ss.str(); } } __packed; @@ -721,7 +720,7 @@ class Authorize : Command<CommandID::AUTHORIZE> { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << std::hex << std::setw(2) << std::setfill('0') << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -738,7 +737,7 @@ class UserAuthorize : Command<CommandID::USER_AUTHORIZE> { std::string dissect() const { std::stringstream ss; ss << " crc_to_authorize:\t" << crc_to_authorize<< std::endl; - ss << " temporary_password:\t" << temporary_password<< std::endl; + hexdump_to_ss(temporary_password); return ss.str(); } } __packed; @@ -753,9 +752,10 @@ class UnlockUserPassword : Command<CommandID::UNLOCK_USER_PASSWORD> { uint8_t admin_password[25]; uint8_t user_new_password[25]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + print_to_ss_volatile(user_new_password); + return ss.str(); } } __packed; @@ -769,10 +769,10 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -785,9 +785,9 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> { struct CommandPayload { uint8_t user_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " user_password:\t" << user_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(user_password); + return ss.str(); } } __packed; @@ -795,16 +795,17 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> { CommandTransaction; }; + class ChangeAdminPin : Command<CommandID::CHANGE_ADMIN_PIN> { public: struct CommandPayload { uint8_t old_pin[25]; uint8_t new_pin[25]; std::string dissect() const { - std::stringstream ss; - ss << " old_pin:\t" << old_pin<< std::endl; - ss << " new_pin:\t" << new_pin<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(old_pin); + print_to_ss_volatile(new_pin); + return ss.str(); } } __packed; @@ -823,9 +824,9 @@ class FactoryReset : Command<CommandID::FACTORY_RESET> { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; @@ -838,9 +839,9 @@ class BuildAESKey : Command<CommandID::NEW_AES_KEY> { struct CommandPayload { uint8_t admin_password[20]; std::string dissect() const { - std::stringstream ss; - ss << " admin_password:\t" << admin_password<< std::endl; - return ss.str(); + std::stringstream ss; + print_to_ss_volatile(admin_password); + return ss.str(); } } __packed; diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h index 4337bb7..4209380 100644 --- a/include/stick10_commands_0.8.h +++ b/include/stick10_commands_0.8.h @@ -9,13 +9,14 @@ #include <iomanip> #include <string> #include <sstream> -#include <stdint.h> +#include <cstdint> #include "command.h" #include "device_proto.h" #include "stick10_commands.h" #pragma pack (push,1) + namespace nitrokey { namespace proto { @@ -59,6 +60,7 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; ss << "slot_number:\t" << (int)(slot_number) << std::endl; + hexdump_to_ss(temporary_admin_password); return ss.str(); } } __packed; @@ -87,11 +89,15 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; - ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + hexdump_to_ss(temporary_admin_password); ss << "type:\t" << type << std::endl; ss << "id:\t" << (int)id << std::endl; +#ifdef LOG_VOLATILE_DATA ss << "data:" << std::endl << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else + ss << " Volatile data not logged" << std::endl; +#endif return ss.str(); } } __packed; @@ -105,8 +111,12 @@ namespace nitrokey { bool isValid() const { return true; } std::string dissect() const { std::stringstream ss; +#ifdef LOG_VOLATILE_DATA ss << "data:" << std::endl << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else + ss << " Volatile data not logged" << std::endl; +#endif return ss.str(); } } __packed; @@ -148,7 +158,7 @@ namespace nitrokey { std::string dissect() const { std::stringstream ss; - ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl; + hexdump_to_ss(temporary_admin_password); ss << "slot_config:\t" << std::bitset<8>((int) _slot_config) << std::endl; ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -184,7 +194,7 @@ namespace nitrokey { bool isValid() const { return (slot_number & 0xF0); } std::string dissect() const { std::stringstream ss; - ss << "temporary_user_password:\t" << temporary_user_password << std::endl; + hexdump_to_ss(temporary_user_password); ss << "slot_number:\t" << (int)(slot_number) << std::endl; return ss.str(); } @@ -236,7 +246,7 @@ namespace nitrokey { bool isValid() const { return !(slot_number & 0xF0); } std::string dissect() const { std::stringstream ss; - ss << "temporary_user_password:\t" << temporary_user_password << std::endl; + hexdump_to_ss(temporary_user_password); ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "challenge:\t" << (challenge) << std::endl; ss << "last_totp_time:\t" << (last_totp_time) << std::endl; diff --git a/include/stick20_commands.h b/include/stick20_commands.h index 61758f6..5f99d28 100644 --- a/include/stick20_commands.h +++ b/include/stick20_commands.h @@ -3,7 +3,7 @@ -#include <stdint.h> +#include <cstdint> #include "command.h" #include <string> #include <sstream> @@ -18,7 +18,7 @@ namespace nitrokey { * STICK20 protocol command ids * a superset (almost) of STICK10 */ -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); + namespace stick20 { class ChangeAdminUserPin20Current : @@ -46,8 +46,8 @@ namespace nitrokey { uint8_t new_update_password[20]; std::string dissect() const { std::stringstream ss; - print_to_ss( current_update_password ); - print_to_ss( new_update_password ); + print_to_ss_volatile( current_update_password ); + print_to_ss_volatile( new_update_password ); return ss.str(); } }; @@ -78,7 +78,7 @@ namespace nitrokey { std::stringstream ss; print_to_ss( (int) volume_flag ); print_to_ss( kind ); - print_to_ss(admin_pin); + print_to_ss_volatile(admin_pin); return ss.str(); } void set_kind_user() { @@ -274,7 +274,7 @@ namespace nitrokey { print_to_ss((int) SlotNr_u8); print_to_ss((int) StartBlockPercent_u8); print_to_ss((int) EndBlockPercent_u8); - print_to_ss(HiddenVolumePassword_au8); + print_to_ss_volatile(HiddenVolumePassword_au8); return ss.str(); } } __packed; |