diff options
| -rw-r--r-- | include/command.h | 11 | ||||
| -rw-r--r-- | include/device_proto.h | 3 | ||||
| -rw-r--r-- | include/dissect.h | 4 | ||||
| -rw-r--r-- | include/stick10_commands.h | 73 | ||||
| -rw-r--r-- | include/stick10_commands_0.8.h | 8 | ||||
| -rw-r--r-- | include/stick20_commands.h | 12 | 
6 files changed, 65 insertions, 46 deletions
| diff --git a/include/command.h b/include/command.h index fc374f7..bf3cb4e 100644 --- a/include/command.h +++ b/include/command.h @@ -4,6 +4,13 @@  #include "command_id.h"  #include "cxx_semantics.h" +#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#ifdef LOG_VOLATILE_DATA +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +#else +#define print_to_ss_volatile(x) ( ss << " " << (#x) <<":\t" << "***********" << std::endl ); +#endif +  namespace nitrokey {      namespace proto { @@ -18,7 +25,6 @@ namespace nitrokey {              }          }; -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl );  namespace stick20{          enum class PasswordKind : uint8_t {              User = 'P', @@ -37,7 +43,7 @@ namespace stick20{                  std::string dissect() const {                    std::stringstream ss;                    print_to_ss( kind ); -                  print_to_ss(password); +                  print_to_ss_volatile(password);                    return ss.str();                  }                  void set_kind_admin() { @@ -79,6 +85,5 @@ namespace stick20{      }      }  } -#undef print_to_ss  #endif diff --git a/include/device_proto.h b/include/device_proto.h index 964c2d9..ad2dbae 100644 --- a/include/device_proto.h +++ b/include/device_proto.h @@ -236,6 +236,7 @@ namespace nitrokey {                outp.payload = payload;                outp.update_CRC(); +              LOG("-------------------", Loglevel::DEBUG);                LOG("Outgoing HID packet:", Loglevel::DEBUG);                LOG(static_cast<std::string>(outp), Loglevel::DEBUG); @@ -334,7 +335,7 @@ namespace nitrokey {                    LOG(                        "Device is not ready or received packet's last CRC is not equal to sent CRC packet, retrying...", -                      Loglevel::DEBUG); +                      Loglevel::DEBUG_L2);                    LOG("Invalid incoming HID packet:", Loglevel::DEBUG_L2);                    LOG(static_cast<std::string>(resp), Loglevel::DEBUG_L2);                    dev->m_counters.total_retries++; diff --git a/include/dissect.h b/include/dissect.h index 8992c56..69a5129 100644 --- a/include/dissect.h +++ b/include/dissect.h @@ -20,8 +20,10 @@ class QueryDissector : semantics::non_constructible {    static std::string dissect(const HIDPacket &pod) {      std::stringstream out; +#ifdef LOG_VOLATILE_DATA      out << "Raw HID packet:" << std::endl;      out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif      out << "Contents:" << std::endl;      out << "Command ID:\t" << commandid_to_string((CommandID)(pod.command_id)) @@ -83,8 +85,10 @@ class ResponseDissector : semantics::non_constructible {      // FIXME use values from firmware (possibly generate separate      // header automatically) +#ifdef LOG_VOLATILE_DATA      out << "Raw HID packet:" << std::endl;      out << ::nitrokey::misc::hexdump((const char *)(&pod), sizeof pod); +#endif      out << "Device status:\t" << pod.device_status + 0 << " "          << status_translate_device(pod.device_status) << std::endl; diff --git a/include/stick10_commands.h b/include/stick10_commands.h index 74b73a8..af8d2bd 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -119,8 +119,7 @@ class WriteToHOTPSlot : Command<CommandID::WRITE_TO_SLOT> {          std::stringstream ss;          ss << "slot_number:\t" << (int)(slot_number) << std::endl;          ss << "slot_name:\t" << slot_name << std::endl; -        ss << "slot_secret:" << std::endl -           << ::nitrokey::misc::hexdump((const char *)(&slot_secret), sizeof slot_secret); +        print_to_ss_volatile(slot_secret);          ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;          ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl;          ss << "\tuse_enter(1):\t" << use_enter << std::endl; @@ -171,7 +170,7 @@ class WriteToTOTPSlot : Command<CommandID::WRITE_TO_SLOT> {            std::stringstream ss;            ss << "slot_number:\t" << (int)(slot_number) << std::endl;            ss << "slot_name:\t" << slot_name << std::endl; -          ss << "slot_secret:\t" << slot_secret << std::endl; +          print_to_ss_volatile(slot_secret);            ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl;            ss << "slot_token_id:\t";            for (auto i : slot_token_id) @@ -505,7 +504,7 @@ class GetPasswordSafeSlotPassword      bool isValid() const { return true; }      std::string dissect() const {        std::stringstream ss; -      ss << " slot_password\t" << (const char*) slot_password << std::endl; +      print_to_ss_volatile(slot_password);        return ss.str();      }    } __packed; @@ -534,7 +533,7 @@ class GetPasswordSafeSlotLogin      bool isValid() const { return true; }      std::string dissect() const {        std::stringstream ss; -      ss << " slot_login\t" << (const char*) slot_login << std::endl; +      print_to_ss_volatile(slot_login);        return ss.str();      }    } __packed; @@ -555,7 +554,7 @@ class SetPasswordSafeSlotData : Command<CommandID::SET_PW_SAFE_SLOT_DATA_1> {            std::stringstream ss;            ss << " slot_number\t" << (int)slot_number << std::endl;            ss << " slot_name\t" << (const char*) slot_name << std::endl; -          ss << " slot_password\t" << (const char*) slot_password << std::endl; +          print_to_ss_volatile(slot_password);            return ss.str();        }    } __packed; @@ -572,10 +571,10 @@ class SetPasswordSafeSlotData2 : Command<CommandID::SET_PW_SAFE_SLOT_DATA_2> {      bool isValid() const { return !(slot_number & 0xF0); }        std::string dissect() const { -          std::stringstream ss; -          ss << " slot_number\t" << (int)slot_number << std::endl; -          ss << " slot_login_name\t" << (const char*) slot_login_name << std::endl; -          return ss.str(); +        std::stringstream ss; +        ss << " slot_number\t" << (int)slot_number << std::endl; +        print_to_ss_volatile(slot_login_name); +        return ss.str();        }    } __packed; @@ -609,7 +608,7 @@ class EnablePasswordSafe : Command<CommandID::PW_SAFE_ENABLE> {      bool isValid() const { return true; }      std::string dissect() const {        std::stringstream ss; -      ss << " user_password\t" << (const char*)  user_password << std::endl; +      print_to_ss_volatile(user_password);        return ss.str();      }    } __packed; @@ -683,7 +682,7 @@ class FirstAuthenticate : Command<CommandID::FIRST_AUTHENTICATE> {      std::string dissect() const {        std::stringstream ss; -      ss << "card_password:\t" << card_password << std::endl; +      print_to_ss_volatile(card_password);        ss << "temporary_password:\t" << temporary_password << std::endl;        return ss.str();      } @@ -701,10 +700,10 @@ class UserAuthenticate : Command<CommandID::USER_AUTHENTICATE> {      bool isValid() const { return true; }        std::string dissect() const { -          std::stringstream ss; -          ss << "card_password:\t" << card_password << std::endl; -          ss << "temporary_password:\t" << temporary_password << std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(card_password); +        ss << "temporary_password:\t" << temporary_password << std::endl; +        return ss.str();        }    } __packed; @@ -753,9 +752,10 @@ class UnlockUserPassword : Command<CommandID::UNLOCK_USER_PASSWORD> {      uint8_t admin_password[25];      uint8_t user_new_password[25];        std::string dissect() const { -          std::stringstream ss; -          ss << " admin_password:\t" <<  admin_password<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(admin_password); +        print_to_ss_volatile(user_new_password); +        return ss.str();        }    } __packed; @@ -769,10 +769,10 @@ class ChangeUserPin : Command<CommandID::CHANGE_USER_PIN> {      uint8_t old_pin[25];      uint8_t new_pin[25];        std::string dissect() const { -          std::stringstream ss; -          ss << " old_pin:\t" <<  old_pin<< std::endl; -          ss << " new_pin:\t" << new_pin<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(old_pin); +        print_to_ss_volatile(new_pin); +        return ss.str();        }    } __packed; @@ -785,9 +785,9 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {    struct CommandPayload {      uint8_t user_password[20];        std::string dissect() const { -          std::stringstream ss; -          ss << " user_password:\t" <<  user_password<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(user_password); +        return ss.str();        }    } __packed; @@ -795,16 +795,17 @@ class IsAESSupported : Command<CommandID::DETECT_SC_AES> {        CommandTransaction;  }; +  class ChangeAdminPin : Command<CommandID::CHANGE_ADMIN_PIN> {   public:    struct CommandPayload {      uint8_t old_pin[25];      uint8_t new_pin[25];        std::string dissect() const { -          std::stringstream ss; -          ss << " old_pin:\t" <<  old_pin<< std::endl; -          ss << " new_pin:\t" << new_pin<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(old_pin); +        print_to_ss_volatile(new_pin); +        return ss.str();        }    } __packed; @@ -823,9 +824,9 @@ class FactoryReset : Command<CommandID::FACTORY_RESET> {    struct CommandPayload {      uint8_t admin_password[20];        std::string dissect() const { -          std::stringstream ss; -          ss << " admin_password:\t" <<  admin_password<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(admin_password); +        return ss.str();        }    } __packed; @@ -838,9 +839,9 @@ class BuildAESKey : Command<CommandID::NEW_AES_KEY> {    struct CommandPayload {      uint8_t admin_password[20];        std::string dissect() const { -          std::stringstream ss; -          ss << " admin_password:\t" <<  admin_password<< std::endl; -          return ss.str(); +        std::stringstream ss; +        print_to_ss_volatile(admin_password); +        return ss.str();        }    } __packed; diff --git a/include/stick10_commands_0.8.h b/include/stick10_commands_0.8.h index 4337bb7..3aa60e3 100644 --- a/include/stick10_commands_0.8.h +++ b/include/stick10_commands_0.8.h @@ -90,8 +90,12 @@ namespace nitrokey {                        ss << "temporary_admin_password:\t" << temporary_admin_password << std::endl;                        ss << "type:\t" << type << std::endl;                        ss << "id:\t" << (int)id << std::endl; +#ifdef LOG_VOLATILE_DATA                        ss << "data:" << std::endl                           << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else +                      ss << " Volatile data not logged" << std::endl; +#endif                        return ss.str();                      }                  } __packed; @@ -105,8 +109,12 @@ namespace nitrokey {                      bool isValid() const { return true; }                      std::string dissect() const {                        std::stringstream ss; +#ifdef LOG_VOLATILE_DATA                        ss << "data:" << std::endl                           << ::nitrokey::misc::hexdump((const char *) (&data), sizeof data); +#else +                      ss << " Volatile data not logged" << std::endl; +#endif                        return ss.str();                      }                  } __packed; diff --git a/include/stick20_commands.h b/include/stick20_commands.h index 61758f6..5f99d28 100644 --- a/include/stick20_commands.h +++ b/include/stick20_commands.h @@ -3,7 +3,7 @@ -#include <stdint.h> +#include <cstdint>  #include "command.h"  #include <string>  #include <sstream> @@ -18,7 +18,7 @@ namespace nitrokey {  *	STICK20 protocol command ids  *	a superset (almost) of STICK10  */ -#define print_to_ss(x) ( ss << " " << (#x) <<":\t" << (x) << std::endl ); +          namespace stick20 {              class ChangeAdminUserPin20Current : @@ -46,8 +46,8 @@ namespace nitrokey {                      uint8_t new_update_password[20];                      std::string dissect() const {                        std::stringstream ss; -                      print_to_ss( current_update_password ); -                      print_to_ss( new_update_password ); +                      print_to_ss_volatile( current_update_password ); +                      print_to_ss_volatile( new_update_password );                        return ss.str();                      }                  }; @@ -78,7 +78,7 @@ namespace nitrokey {                        std::stringstream ss;                        print_to_ss( (int) volume_flag );                        print_to_ss( kind ); -                      print_to_ss(admin_pin); +                      print_to_ss_volatile(admin_pin);                        return ss.str();                      }                      void set_kind_user() { @@ -274,7 +274,7 @@ namespace nitrokey {                        print_to_ss((int) SlotNr_u8);                        print_to_ss((int) StartBlockPercent_u8);                        print_to_ss((int) EndBlockPercent_u8); -                      print_to_ss(HiddenVolumePassword_au8); +                      print_to_ss_volatile(HiddenVolumePassword_au8);                        return ss.str();                      }                  } __packed; | 
