From 7b6800f7e2cf890a14e3b49d6fc7405e70d94a1e Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 27 Jul 2016 19:05:18 +0200 Subject: Config options for OTP slots added to command structure Signed-off-by: Szczepan Zalega --- NK_C_API.cc | 4 ++-- NK_C_API.h | 2 +- NitrokeyManager.cc | 10 +++------- include/NitrokeyManager.h | 2 +- include/stick10_commands.h | 26 ++++++++++++++++++++++---- unittest/test_bindings.py | 11 ++++++++--- 6 files changed, 37 insertions(+), 18 deletions(-) diff --git a/NK_C_API.cc b/NK_C_API.cc index ff7ecae..1e5da56 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -212,10 +212,10 @@ extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_passwor } extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, - const char *temporary_password) { + bool use_8_digits, const char *temporary_password) { auto m = NitrokeyManager::instance(); try { - m->write_HOTP_slot(slot_number, slot_name, secret, hotp_counter, temporary_password); + m->write_HOTP_slot(slot_number, slot_name, secret, hotp_counter, use_8_digits, temporary_password); } catch (CommandFailedException & commandFailedException){ NK_last_command_status = commandFailedException.last_command_status; diff --git a/NK_C_API.h b/NK_C_API.h index 1334d12..458dd31 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -27,7 +27,7 @@ extern const char * NK_get_totp_slot_name(uint8_t slot_number); extern const char * NK_get_hotp_slot_name(uint8_t slot_number); extern int NK_erase_hotp_slot(uint8_t slot_number, const char *temporary_password); extern int NK_erase_totp_slot(uint8_t slot_number, const char *temporary_password); -extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, const char *temporary_password); +extern int NK_write_hotp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint8_t hotp_counter, bool use_8_digits, const char *temporary_password); extern int NK_write_totp_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password); extern uint32_t NK_get_hotp_code(uint8_t slot_number); extern uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password); diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc index e1eb8a0..caf9724 100644 --- a/NitrokeyManager.cc +++ b/NitrokeyManager.cc @@ -130,7 +130,7 @@ namespace nitrokey{ bool NitrokeyManager::write_HOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter, - const char *temporary_password) { + bool use_8_digits, const char *temporary_password) { assert(is_valid_hotp_slot_number(slot_number)); assert(strlen(secret)==20); //160 bits assert(strlen(slot_name)<=15); @@ -141,7 +141,7 @@ namespace nitrokey{ strcpyT(payload.slot_secret, secret); strcpyT(payload.slot_name, slot_name); payload.slot_counter = hotp_counter; - payload.slot_config; //TODO + payload.use_8_digits = use_8_digits; auto auth = get_payload(); strcpyT(auth.temporary_password, temporary_password); @@ -152,8 +152,6 @@ namespace nitrokey{ return true; } - enum totp_config{digits8=0, enter=1, tokenID=2}; - bool NitrokeyManager::write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password) { auto payload = get_payload(); @@ -166,9 +164,7 @@ namespace nitrokey{ strcpyT(payload.slot_secret, secret); strcpyT(payload.slot_name, slot_name); payload.slot_interval = time_window; //FIXME naming - bitset<8> config; //FIXME better config manipulation - config.set(totp_config::digits8, use_8_digits); - payload.slot_config = (uint8_t) config.to_ulong(); + payload.use_8_digits = use_8_digits; auto auth = get_payload(); strcpyT(auth.temporary_password, temporary_password); diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h index 90b2d1d..3a86597 100644 --- a/include/NitrokeyManager.h +++ b/include/NitrokeyManager.h @@ -20,7 +20,7 @@ namespace nitrokey { bool first_authenticate(const char *pin, const char *temporary_password); bool write_HOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter, - const char *temporary_password); + bool use_8_digits, const char *temporary_password); bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, bool use_8_digits, const char *temporary_password); uint32_t get_HOTP_code(uint8_t slot_number, const char *user_temporary_password); diff --git a/include/stick10_commands.h b/include/stick10_commands.h index 7a7e2f2..6df8727 100644 --- a/include/stick10_commands.h +++ b/include/stick10_commands.h @@ -88,7 +88,14 @@ class WriteToHOTPSlot : Command { uint8_t slot_number; uint8_t slot_name[15]; uint8_t slot_secret[20]; - uint8_t slot_config; + union{ + uint8_t _slot_config; + struct{ + bool use_8_digits : 1; + bool use_enter : 1; + bool use_tokenID : 1; + }; + }; uint8_t slot_token_id[13]; uint64_t slot_counter; @@ -98,7 +105,11 @@ class WriteToHOTPSlot : Command { ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; ss << "slot_secret:\t" << slot_secret << std::endl; - ss << "slot_config:\t" << std::bitset<8>((int)slot_config) << std::endl; + ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; + ss << "\tuse_8_digits(0):\t" << use_8_digits << std::endl; + ss << "\tuse_enter(1):\t" << use_enter << std::endl; + ss << "\tuse_tokenID(2):\t" << use_tokenID << std::endl; + ss << "slot_token_id:\t"; for (auto i : slot_token_id) ss << std::hex << std::setw(2) << std::setfill('0')<< (int) i << " " ; @@ -118,7 +129,14 @@ class WriteToTOTPSlot : Command { uint8_t slot_number; uint8_t slot_name[15]; uint8_t slot_secret[20]; - uint8_t slot_config; + union{ + uint8_t _slot_config; + struct{ + bool use_8_digits : 1; + bool use_enter : 1; + bool use_tokenID : 1; + }; + }; uint8_t slot_token_id[13]; uint16_t slot_interval; @@ -128,7 +146,7 @@ class WriteToTOTPSlot : Command { ss << "slot_number:\t" << (int)(slot_number) << std::endl; ss << "slot_name:\t" << slot_name << std::endl; ss << "slot_secret:\t" << slot_secret << std::endl; - ss << "slot_config:\t" << std::bitset<8>((int)slot_config) << std::endl; + ss << "slot_config:\t" << std::bitset<8>((int)_slot_config) << std::endl; ss << "slot_token_id:\t"; for (auto i : slot_token_id) ss << std::hex << std::setw(2) << std::setfill('0')<< (int) i << " " ; diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py index f12a20e..59ca07f 100644 --- a/unittest/test_bindings.py +++ b/unittest/test_bindings.py @@ -153,7 +153,7 @@ def test_user_auth(C): def check_RFC_codes(C, func, prep=None): assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK test_data = [ 755224, 287082, 359152, 969429, 338314, 254676, 287922, 162583, 399871, 520489, ] @@ -165,19 +165,24 @@ def check_RFC_codes(C, func, prep=None): def test_HOTP_RFC_pin_protection(C): + C.NK_set_debug(True) assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(True, True, True, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK # check_RFC_codes(C, lambda x: C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP), lambda: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP)) assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_get_hotp_code_PIN(1, DefaultPasswords.USER_TEMP) == 755224 assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +def test_HOTP_RFC_no_pin_protection_8digits(C): + assert False # TODO to write + + def test_HOTP_RFC_no_pin_protection(C): assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK - assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(True, True, True, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK # https://tools.ietf.org/html/rfc4226#page-32 -- cgit v1.2.3