diff options
| -rw-r--r-- | CMakeLists.txt | 13 | ||||
| -rw-r--r-- | NK_C_API.cc | 147 | ||||
| -rw-r--r-- | NK_C_API.h | 164 | ||||
| -rw-r--r-- | NitrokeyManager.cc | 18 | ||||
| -rw-r--r-- | command_id.cc | 4 | ||||
| -rw-r--r-- | device.cc | 6 | ||||
| -rw-r--r-- | libnitrokey/NitrokeyManager.h | 19 | ||||
| -rw-r--r-- | libnitrokey/command_id.h | 2 | ||||
| -rw-r--r-- | libnitrokey/deprecated.h | 35 | ||||
| -rw-r--r-- | libnitrokey/stick20_commands.h | 6 | ||||
| -rw-r--r-- | libnitrokey/version.h | 33 | ||||
| -rw-r--r-- | unittest/conftest.py | 2 | ||||
| -rw-r--r-- | unittest/test_minimal.c | 28 | ||||
| -rw-r--r-- | unittest/test_offline.cc | 45 | ||||
| -rw-r--r-- | unittest/test_pro.py | 49 | ||||
| -rw-r--r-- | unittest/test_strdup.cpp | 2 | ||||
| -rw-r--r-- | version.cc.in | 37 |
17 files changed, 555 insertions, 55 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 3dacb48..43d15df 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -66,7 +66,9 @@ set(SOURCE_FILES NitrokeyManager.cc NK_C_API.h NK_C_API.cc - DeviceCommunicationExceptions.cpp) + DeviceCommunicationExceptions.cpp + ${CMAKE_CURRENT_BINARY_DIR}/version.cc + ) set(BUILD_SHARED_LIBS ON CACHE BOOL "Build all libraries as shared") add_library(nitrokey ${SOURCE_FILES}) @@ -115,6 +117,11 @@ IF (LOG_VOLATILE_DATA) ENDIF() +# generate version.h +exec_program("git" ${CMAKE_CURRENT_SOURCE_DIR} ARGS "describe --always" OUTPUT_VARIABLE PROJECT_VERSION_GIT) +configure_file("version.cc.in" "version.cc" @ONLY) + + file(GLOB LIB_INCLUDES "libnitrokey/*.h" "NK_C_API.h") install (FILES ${LIB_INCLUDES} DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/${PROJECT_NAME}) install (TARGETS nitrokey DESTINATION ${CMAKE_INSTALL_LIBDIR}) @@ -171,6 +178,10 @@ IF(COMPILE_OFFLINE_TESTS) #run with 'make test' or 'ctest' include (CTest) add_test (runs test_offline) + + add_executable(test_minimal unittest/test_minimal.c) + target_link_libraries(test_minimal ${EXTRA_LIBS} nitrokey) + add_test(minimal test_minimal) ENDIF() IF (COMPILE_TESTS) diff --git a/NK_C_API.cc b/NK_C_API.cc index ff612f0..7d0a10e 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -21,10 +21,13 @@ #include "NK_C_API.h" #include <iostream> +#include <tuple> #include "libnitrokey/NitrokeyManager.h" #include <cstring> #include "libnitrokey/LibraryException.h" #include "libnitrokey/cxx_semantics.h" +#include "libnitrokey/stick20_commands.h" +#include "version.h" #ifdef _MSC_VER #ifdef _WIN32 @@ -52,11 +55,11 @@ T* duplicate_vector_and_clear(std::vector<T> &v){ return d; } -template <typename T> -uint8_t * get_with_array_result(T func){ +template <typename R, typename T> +std::tuple<int, R> get_with_status(T func, R fallback) { NK_last_command_status = 0; try { - return func(); + return std::make_tuple(0, func()); } catch (CommandFailedException & commandFailedException){ NK_last_command_status = commandFailedException.last_command_status; @@ -67,43 +70,26 @@ uint8_t * get_with_array_result(T func){ catch (const DeviceCommunicationException &deviceException){ NK_last_command_status = 256-deviceException.getType(); } - return nullptr; + return std::make_tuple(NK_last_command_status, fallback); +} + +template <typename T> +uint8_t * get_with_array_result(T func){ + return std::get<1>(get_with_status<uint8_t*>(func, nullptr)); } template <typename T> char* get_with_string_result(T func){ - NK_last_command_status = 0; - try { - return func(); + auto result = std::get<1>(get_with_status<char*>(func, nullptr)); + if (result == nullptr) { + return strndup("", MAXIMUM_STR_REPLY_LENGTH); } - catch (CommandFailedException & commandFailedException){ - NK_last_command_status = commandFailedException.last_command_status; - } - catch (LibraryException & libraryException){ - NK_last_command_status = libraryException.exception_id(); - } - catch (const DeviceCommunicationException &deviceException){ - NK_last_command_status = 256-deviceException.getType(); - } - return strndup("", MAXIMUM_STR_REPLY_LENGTH); + return result; } template <typename T> auto get_with_result(T func){ - NK_last_command_status = 0; - try { - return func(); - } - catch (CommandFailedException & commandFailedException){ - NK_last_command_status = commandFailedException.last_command_status; - } - catch (LibraryException & libraryException){ - NK_last_command_status = libraryException.exception_id(); - } - catch (const DeviceCommunicationException &deviceException){ - NK_last_command_status = 256-deviceException.getType(); - } - return static_cast<decltype(func())>(0); + return std::get<1>(get_with_status(func, static_cast<decltype(func())>(0))); } template <typename T> @@ -373,6 +359,18 @@ extern "C" { m->set_loglevel(level); } + NK_C_API unsigned int NK_get_major_library_version() { + return get_major_library_version(); + } + + NK_C_API unsigned int NK_get_minor_library_version() { + return get_minor_library_version(); + } + + NK_C_API const char* NK_get_library_version() { + return get_library_version(); + } + NK_C_API int NK_totp_set_time(uint64_t time) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { @@ -380,11 +378,15 @@ extern "C" { }); } - NK_C_API int NK_totp_get_time() { + NK_C_API int NK_totp_set_time_soft(uint64_t time) { auto m = NitrokeyManager::instance(); return get_without_result([&]() { - m->get_time(0); // FIXME check how that should work + m->set_time_soft(time); }); + } + + NK_C_API int NK_totp_get_time() { + return 0; } NK_C_API int NK_change_admin_PIN(const char *current_PIN, const char *new_PIN) { @@ -616,7 +618,77 @@ extern "C" { }); } - NK_C_API char* NK_get_SD_usage_data_as_string() { + NK_C_API int NK_get_status_storage(NK_storage_status* out) { + if (out == nullptr) { + return -1; + } + auto m = NitrokeyManager::instance(); + auto result = get_with_status([&]() { + return m->get_status_storage(); + }, proto::stick20::DeviceConfigurationResponsePacket::ResponsePayload()); + auto error_code = std::get<0>(result); + if (error_code != 0) { + return error_code; + } + + auto status = std::get<1>(result); + out->unencrypted_volume_read_only = status.ReadWriteFlagUncryptedVolume_u8 != 0; + out->unencrypted_volume_active = status.VolumeActiceFlag_st.unencrypted; + out->encrypted_volume_read_only = status.ReadWriteFlagCryptedVolume_u8 != 0; + out->encrypted_volume_active = status.VolumeActiceFlag_st.encrypted; + out->hidden_volume_read_only = status.ReadWriteFlagHiddenVolume_u8 != 0; + out->hidden_volume_active = status.VolumeActiceFlag_st.hidden; + out->firmware_version_major = status.versionInfo.major; + out->firmware_version_minor = status.versionInfo.minor; + out->firmware_locked = status.FirmwareLocked_u8 != 0; + out->serial_number_sd_card = status.ActiveSD_CardID_u32; + out->serial_number_smart_card = status.ActiveSmartCardID_u32; + out->user_retry_count = status.UserPwRetryCount; + out->admin_retry_count = status.AdminPwRetryCount; + out->new_sd_card_found = status.NewSDCardFound_st.NewCard; + out->filled_with_random = (status.SDFillWithRandomChars_u8 & 0x01) != 0; + out->stick_initialized = status.StickKeysNotInitiated == 0; + return 0; + } + + NK_C_API int NK_get_storage_production_info(NK_storage_ProductionTest * out){ + if (out == nullptr) { + return -1; + } + auto m = NitrokeyManager::instance(); + auto result = get_with_status([&]() { + return m->production_info(); + }, proto::stick20::ProductionTest::ResponsePayload()); + + auto error_code = std::get<0>(result); + if (error_code != 0) { + return error_code; + } + + stick20::ProductionTest::ResponsePayload status = std::get<1>(result); + // Cannot use memcpy without declaring C API struct packed + // (which is not parsed by Python's CFFI apparently), hence the manual way. +#define a(x) out->x = status.x; + a(FirmwareVersion_au8[0]); + a(FirmwareVersion_au8[1]); + a(FirmwareVersionInternal_u8); + a(SD_Card_Size_u8); + a(CPU_CardID_u32); + a(SmartCardID_u32); + a(SD_CardID_u32); + a(SC_UserPwRetryCount); + a(SC_AdminPwRetryCount); + a(SD_Card_ManufacturingYear_u8); + a(SD_Card_ManufacturingMonth_u8); + a(SD_Card_OEM_u16); + a(SD_WriteSpeed_u16); + a(SD_Card_Manufacturer_u8); +#undef a + return 0; + } + + +NK_C_API char* NK_get_SD_usage_data_as_string() { auto m = NitrokeyManager::instance(); return get_with_string_result([&]() { return m->get_SD_usage_data_as_string(); @@ -671,7 +743,12 @@ extern "C" { }); } - + NK_C_API int NK_wink() { + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + return m->wink(); + }); + } #ifdef __cplusplus } @@ -25,6 +25,8 @@ #include <stdbool.h> #include <stdint.h> +#include "deprecated.h" + #ifdef _MSC_VER #define NK_C_API __declspec(dllexport) #else @@ -56,16 +58,127 @@ extern "C" { }; /** - * Set debug level of messages written on stderr - * @param state state=True - most messages, state=False - only errors level - */ + * Stores the status of a Storage device. + */ + struct NK_storage_status { + /** + * Indicates whether the unencrypted volume is read-only. + */ + bool unencrypted_volume_read_only; + /** + * Indicates whether the unencrypted volume is active. + */ + bool unencrypted_volume_active; + /** + * Indicates whether the encrypted volume is read-only. + */ + bool encrypted_volume_read_only; + /** + * Indicates whether the encrypted volume is active. + */ + bool encrypted_volume_active; + /** + * Indicates whether the hidden volume is read-only. + */ + bool hidden_volume_read_only; + /** + * Indicates whether the hidden volume is active. + */ + bool hidden_volume_active; + /** + * The major firmware version, e. g. 0 in v0.40. + */ + uint8_t firmware_version_major; + /** + * The minor firmware version, e. g. 40 in v0.40. + */ + uint8_t firmware_version_minor; + /** + * Indicates whether the firmware is locked. + */ + bool firmware_locked; + /** + * The serial number of the SD card in the Storage stick. + */ + uint32_t serial_number_sd_card; + /** + * The serial number of the smart card in the Storage stick. + */ + uint32_t serial_number_smart_card; + /** + * The number of remaining login attempts for the user PIN. + */ + uint8_t user_retry_count; + /** + * The number of remaining login attempts for the admin PIN. + */ + uint8_t admin_retry_count; + /** + * Indicates whether a new SD card was found. + */ + bool new_sd_card_found; + /** + * Indicates whether the SD card is filled with random characters. + */ + bool filled_with_random; + /** + * Indicates whether the stick has been initialized by generating + * the AES keys. + */ + bool stick_initialized; + }; + + struct NK_storage_ProductionTest{ + uint8_t FirmwareVersion_au8[2]; + uint8_t FirmwareVersionInternal_u8; + uint8_t SD_Card_Size_u8; + uint32_t CPU_CardID_u32; + uint32_t SmartCardID_u32; + uint32_t SD_CardID_u32; + uint8_t SC_UserPwRetryCount; + uint8_t SC_AdminPwRetryCount; + uint8_t SD_Card_ManufacturingYear_u8; + uint8_t SD_Card_ManufacturingMonth_u8; + uint16_t SD_Card_OEM_u16; + uint16_t SD_WriteSpeed_u16; + uint8_t SD_Card_Manufacturer_u8; + }; + + NK_C_API int NK_get_storage_production_info(struct NK_storage_ProductionTest * out); + + +/** + * Set debug level of messages written on stderr + * @param state state=True - most messages, state=False - only errors level + */ NK_C_API void NK_set_debug(bool state); /** * Set debug level of messages written on stderr * @param level (int) 0-lowest verbosity, 5-highest verbosity */ - NK_C_API void NK_set_debug_level(const int level); + NK_C_API void NK_set_debug_level(const int level); + + /** + * Get the major library version, e. g. the 3 in v3.2. + * @return the major library version + */ + NK_C_API unsigned int NK_get_major_library_version(); + + /** + * Get the minor library version, e. g. the 2 in v3.2. + * @return the minor library version + */ + NK_C_API unsigned int NK_get_minor_library_version(); + + /** + * Get the library version as a string. This is the output of + * `git describe --always` at compile time, for example "v3.3" or + * "v3.3-19-gaee920b". + * The return value is a string literal and must not be freed. + * @return the library version as a string + */ + NK_C_API const char* NK_get_library_version(); /** * Connect to device of given model. Currently library can be connected only to one device at once. @@ -277,9 +390,9 @@ extern "C" { /** * Get TOTP code from the device * @param slot_number TOTP slot number, slot_number<15 - * @param challenge TOTP challenge - * @param last_totp_time last time - * @param last_interval last interval + * @param challenge TOTP challenge -- unused + * @param last_totp_time last time -- unused + * @param last_interval last interval --unused * @return TOTP code */ NK_C_API char * NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, @@ -288,9 +401,9 @@ extern "C" { /** * Get TOTP code from the device (PIN protected) * @param slot_number TOTP slot number, slot_number<15 - * @param challenge TOTP challenge - * @param last_totp_time last time - * @param last_interval last interval + * @param challenge TOTP challenge -- unused + * @param last_totp_time last time -- unused + * @param last_interval last interval -- unused * @param user_temporary_password char[25] user temporary password if PIN protected OTP codes are enabled, * otherwise should be set to empty string - '' * @return TOTP code @@ -306,6 +419,20 @@ extern "C" { */ NK_C_API int NK_totp_set_time(uint64_t time); + /** + * Set the device time used for TOTP to the given time. Contrary to + * {@code set_time(uint64_t)}, this command fails if {@code old_time} + * > {@code time} or if {@code old_time} is zero (where {@code + * old_time} is the current time on the device). + * + * @param time new device time as Unix timestamp (seconds since + * 1970-01-01) + * @return command processing error code + */ + NK_C_API int NK_totp_set_time_soft(uint64_t time); + + // NK_totp_get_time is deprecated -- use NK_totp_set_time_soft instead + DEPRECATED NK_C_API int NK_totp_get_time(); //passwords @@ -599,6 +726,17 @@ extern "C" { NK_C_API char* NK_get_status_storage_as_string(); /** + * Get the Storage stick status and return the command processing + * error code. If the code is zero, i. e. the command was successful, + * the storage status is written to the output pointer's target. + * The output pointer must not be null. + * + * @param out the output pointer for the storage status + * @return command processing error code + */ + NK_C_API int NK_get_status_storage(struct NK_storage_status* out); + + /** * Get SD card usage attributes as string. * Usable during hidden volumes creation. * Storage only @@ -641,7 +779,11 @@ extern "C" { */ NK_C_API int NK_connect_with_ID(const char* id); - + /** + * Blink red and green LED alternatively and infinitely (until device is reconnected). + * @return command processing error code + */ + NK_C_API int NK_wink(); #ifdef __cplusplus } diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index 085bf78..a950e4b 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -234,12 +234,14 @@ using nitrokey::misc::strcpyT; bool NitrokeyManager::connect() { std::lock_guard<std::mutex> lock(mex_dev_com_manager); vector< shared_ptr<Device> > devices = { make_shared<Stick10>(), make_shared<Stick20>() }; + bool connected = false; for( auto & d : devices ){ if (d->connect()){ device = std::shared_ptr<Device>(d); + connected = true; } } - return device != nullptr; + return connected; } @@ -666,11 +668,15 @@ using nitrokey::misc::strcpyT; return false; } - bool NitrokeyManager::get_time(uint64_t time) { + void NitrokeyManager::set_time_soft(uint64_t time) { auto p = get_payload<SetTime>(); p.reset = 0; p.time = time; SetTime::CommandTransaction::run(device, p); + } + + bool NitrokeyManager::get_time(uint64_t time) { + set_time_soft(time); return true; } @@ -1131,5 +1137,13 @@ using nitrokey::misc::strcpyT; return current_device_id; } + void NitrokeyManager::wink(){ + stick20::Wink::CommandTransaction::run(device); + }; + + stick20::ProductionTest::ResponsePayload NitrokeyManager::production_info(){ + auto data = stick20::ProductionTest::CommandTransaction::run(device); + return data.data(); + }; } diff --git a/command_id.cc b/command_id.cc index d81d487..a6c2a28 100644 --- a/command_id.cc +++ b/command_id.cc @@ -173,10 +173,10 @@ const char *commandid_to_string(CommandID id) { return "NEW_AES_KEY"; case CommandID::WRITE_TO_SLOT_2: return "WRITE_TO_SLOT_2"; - break; case CommandID::SEND_OTP_DATA: return "SEND_OTP_DATA"; - break; + case CommandID::WINK: + return "WINK"; } return "UNKNOWN"; } @@ -69,8 +69,10 @@ bool Device::_disconnect() { LOG(std::string(__FUNCTION__) + std::string(m_model == DeviceModel::PRO ? "PRO" : "STORAGE"), Loglevel::DEBUG_L2); LOG(std::string(__FUNCTION__) + std::string(" *IN* "), Loglevel::DEBUG_L2); - LOG(std::string("Disconnection: handle already freed: ") + std::to_string(mp_devhandle == nullptr) + " ("+m_path+")", Loglevel::DEBUG_L1); - if(mp_devhandle == nullptr) return false; + if(mp_devhandle == nullptr) { + LOG(std::string("Disconnection: handle already freed: ") + std::to_string(mp_devhandle == nullptr) + " ("+m_path+")", Loglevel::DEBUG_L1); + return false; + } hid_close(mp_devhandle); mp_devhandle = nullptr; diff --git a/libnitrokey/NitrokeyManager.h b/libnitrokey/NitrokeyManager.h index d4630b0..d6e5df4 100644 --- a/libnitrokey/NitrokeyManager.h +++ b/libnitrokey/NitrokeyManager.h @@ -65,6 +65,18 @@ char * strndup(const char* str, size_t maxlen); stick10::ReadSlot::ResponsePayload get_HOTP_slot_data(const uint8_t slot_number); bool set_time(uint64_t time); + /** + * Set the device time used for TOTP to the given time. Contrary to + * {@code set_time(uint64_t)}, this command fails if {@code old_time} + * > {@code time} or if {@code old_time} is zero (where {@code + * old_time} is the current time on the device). + * + * @param time new device time as Unix timestamp (seconds since + * 1970-01-01) + */ + void set_time_soft(uint64_t time); + + [[deprecated("get_time is deprecated -- use set_time_soft instead")]] bool get_time(uint64_t time = 0); bool erase_totp_slot(uint8_t slot_number, const char *temporary_password); bool erase_hotp_slot(uint8_t slot_number, const char *temporary_password); @@ -276,6 +288,13 @@ char * strndup(const char* str, size_t maxlen); * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise. */ bool set_unencrypted_volume_rorw_pin_type_user(); + + /** + * Blink red and green LED alternatively and infinitely (until device is reconnected). + */ + void wink(); + + stick20::ProductionTest::ResponsePayload production_info(); }; } diff --git a/libnitrokey/command_id.h b/libnitrokey/command_id.h index 1092ea9..eb0d450 100644 --- a/libnitrokey/command_id.h +++ b/libnitrokey/command_id.h @@ -130,6 +130,8 @@ enum class CommandID : uint8_t { ENABLE_ADMIN_READONLY_ENCRYPTED_LUN = 0x20 + 30, ENABLE_ADMIN_READWRITE_ENCRYPTED_LUN = 0x20 + 31, CHECK_SMARTCARD_USAGE = 0x20 + 32, + //v0.52+ + WINK = 0x20 + 33, GET_PW_SAFE_SLOT_STATUS = 0x60, GET_PW_SAFE_SLOT_NAME = 0x61, diff --git a/libnitrokey/deprecated.h b/libnitrokey/deprecated.h new file mode 100644 index 0000000..5a83288 --- /dev/null +++ b/libnitrokey/deprecated.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2018 Nitrokey UG + * + * This file is part of libnitrokey. + * + * libnitrokey is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * libnitrokey is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. + * + * SPDX-License-Identifier: LGPL-3.0 + */ + + +#ifndef LIBNITROKEY_DEPRECATED_H +#define LIBNITROKEY_DEPRECATED_H + +#if defined(__GNUC__) || defined(__clang__) +#define DEPRECATED __attribute__((deprecated)) +#elif defined(_MSC_VER) +#define DEPRECATED __declspec(deprecated) +#else +#pragma message("WARNING: DEPRECATED macro is not defined for this compiler") +#define DEPRECATED +#endif + +#endif //LIBNITROKEY_DEPRECATED_H diff --git a/libnitrokey/stick20_commands.h b/libnitrokey/stick20_commands.h index 4b75e6a..7efa1b6 100644 --- a/libnitrokey/stick20_commands.h +++ b/libnitrokey/stick20_commands.h @@ -275,6 +275,12 @@ namespace nitrokey { CommandTransaction; }; + class Wink : Command<CommandID::WINK> { + public: + typedef Transaction<command_id(), struct EmptyPayload, struct EmptyPayload> + CommandTransaction; + }; + class CheckSmartcardUsage : Command<CommandID::CHECK_SMARTCARD_USAGE> { public: typedef Transaction<command_id(), struct EmptyPayload, EmptyPayload> diff --git a/libnitrokey/version.h b/libnitrokey/version.h new file mode 100644 index 0000000..6547af0 --- /dev/null +++ b/libnitrokey/version.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2018 Nitrokey UG + * + * This file is part of libnitrokey. + * + * libnitrokey is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * libnitrokey is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. + * + * SPDX-License-Identifier: LGPL-3.0 + */ + +#ifndef LIBNITROKEY_VERSION_H +#define LIBNITROKEY_VERSION_H + +namespace nitrokey { + unsigned int get_major_library_version(); + + unsigned int get_minor_library_version(); + + const char* get_library_version(); +} + +#endif diff --git a/unittest/conftest.py b/unittest/conftest.py index 49f1502..253e1d8 100644 --- a/unittest/conftest.py +++ b/unittest/conftest.py @@ -85,7 +85,7 @@ def C(request=None): assert nk_login != 0 # returns 0 if not connected or wrong model or 1 when connected global device_type firmware_version = C.NK_get_minor_firmware_version() - model = 'P' if firmware_version in [7,8] else 'S' + model = 'P' if firmware_version < 20 else 'S' device_type = (model, firmware_version) print('Connected device: {} {}'.format(model, firmware_version)) diff --git a/unittest/test_minimal.c b/unittest/test_minimal.c new file mode 100644 index 0000000..3cf3dd7 --- /dev/null +++ b/unittest/test_minimal.c @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2018 Nitrokey UG + * + * This file is part of libnitrokey. + * + * libnitrokey is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * libnitrokey is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. + * + * SPDX-License-Identifier: LGPL-3.0 + */ + +#include "../NK_C_API.h" + +// This test is only intended to make sure that the C API header can be +// compiled by a C compiler. (All other tests are written in C++.) +int main() { + return 0; +} diff --git a/unittest/test_offline.cc b/unittest/test_offline.cc index 468849e..2ad6a0e 100644 --- a/unittest/test_offline.cc +++ b/unittest/test_offline.cc @@ -22,6 +22,8 @@ #include "catch.hpp" #include <NitrokeyManager.h> #include <memory> +#include <string> +#include <regex> #include "../NK_C_API.h" using namespace nitrokey::proto; @@ -160,3 +162,46 @@ TEST_CASE("Test device commands ids", "[fast]") { REQUIRE(STICK20_CMD_CHANGE_UPDATE_PIN == static_cast<uint8_t>(CommandID::CHANGE_UPDATE_PIN)); } + +#include "version.h" +TEST_CASE("Test version getter", "[fast]") { + REQUIRE(nitrokey::get_major_library_version() >= 3u); + REQUIRE(nitrokey::get_minor_library_version() >= 3u); + const char *library_version = nitrokey::get_library_version(); + REQUIRE(library_version != nullptr); + + // The library version has to match the pattern returned by git describe: + // v<major>.<minor> or v<major>.<minor>-<n>-g<hash>, where <n> is the number + // of commits since the last tag, and <hash> is the hash of the current + // commit. (This assumes that all tags have the name v<major>.<minor>.) + std::string s = library_version; + std::string version("v[0-9]+\\.[0-9]+"); + std::string git_suffix("-[0-9]+-g[0-9a-z]+"); + std::regex pattern(version + "(" + git_suffix + "|)"); + REQUIRE(std::regex_match(s, pattern)); +} + +TEST_CASE("Connect should not return true after the second attempt", "[fast]") { + int result = 0; + + result = NK_login("S"); + REQUIRE(result == 0); + + result = NK_login_auto(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); + + result = NK_login("P"); + REQUIRE(result == 0); + + result = NK_login_auto(); + REQUIRE(result == 0); + + result = NK_logout(); + REQUIRE(result == 0); +} diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 6fac172..1c61399 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -577,6 +577,55 @@ def test_get_code_user_authorize(C): assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +@pytest.mark.otp +def test_authorize_issue_admin(C): + skip_if_device_version_lower_than({'S': 43, 'P': 9}) + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + +@pytest.mark.otp +def test_authorize_issue_user(C): + skip_if_device_version_lower_than({'S': 43, 'P': 9}) # issue fixed in Pro v0.9, Storage version chosen arbitrary + + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'', + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # enable PIN protection of OTP codes with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + # disable PIN protection with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code = gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert code != b'' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + def cast_pointer_to_tuple(obj, typen, len): # usage: # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) diff --git a/unittest/test_strdup.cpp b/unittest/test_strdup.cpp index f980eb9..6c2cfb3 100644 --- a/unittest/test_strdup.cpp +++ b/unittest/test_strdup.cpp @@ -25,7 +25,7 @@ #include <cstdio> #include <memory.h> -#include "NK_C_API.h" +#include "../NK_C_API.h" #include "catch.hpp" diff --git a/version.cc.in b/version.cc.in new file mode 100644 index 0000000..0eae647 --- /dev/null +++ b/version.cc.in @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2018 Nitrokey UG + * + * This file is part of libnitrokey. + * + * libnitrokey is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * any later version. + * + * libnitrokey is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. + * + * SPDX-License-Identifier: LGPL-3.0 + */ + +#include "version.h" + +namespace nitrokey { + unsigned int get_major_library_version() { + return @PROJECT_VERSION_MAJOR@; + } + + unsigned int get_minor_library_version() { + return @PROJECT_VERSION_MINOR@; + } + + const char* get_library_version() { + return "@PROJECT_VERSION_GIT@"; + } +} + |