From 4200af146a17398dc7050c92e1f861f2066debec Mon Sep 17 00:00:00 2001 From: Amit Aronovitch Date: Wed, 2 Oct 2019 00:01:48 +0300 Subject: Identify Librem Key, behaving like Nitrokey Pro device --- NK_C_API.cc | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'NK_C_API.cc') diff --git a/NK_C_API.cc b/NK_C_API.cc index 1d3fa3a..75c8b97 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -158,6 +158,9 @@ extern "C" { case NK_STORAGE: model_string = "S"; break; + case NK_LIBREM: + model_string = "L"; + break; case NK_DISCONNECTED: default: /* no such enum value -- return error code */ @@ -236,6 +239,8 @@ extern "C" { return NK_PRO; case DeviceModel::STORAGE: return NK_STORAGE; + case DeviceModel::LIBREM: + return NK_LIBREM; default: /* unknown or not connected device */ return NK_device_model::NK_DISCONNECTED; @@ -791,6 +796,9 @@ NK_C_API char* NK_get_SD_usage_data_as_string() { case DeviceModel::STORAGE: target->model = NK_STORAGE; break; + case DeviceModel::LIBREM: + target->model = NK_LIBREM; + break; default: return false; } -- cgit v1.2.3 From fedf828e394938fb6f84407b4de7412a3fb6ec40 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 2 Apr 2020 15:19:00 +0200 Subject: Return serial number as uint32_t from C API This patch adds the function NK_device_serial_number_as_u32 to the C API. It is similar to NK_device_serial_number but returns the raw unsigned integer instead of a formatted string. This patch also adds a simple test case that ensures that the number is not zero. Fixes #172. --- NK_C_API.cc | 7 +++++++ NK_C_API.h | 8 ++++++++ unittest/test_pro.py | 9 ++++++++- 3 files changed, 23 insertions(+), 1 deletion(-) (limited to 'NK_C_API.cc') diff --git a/NK_C_API.cc b/NK_C_API.cc index 1d3fa3a..c44e36f 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -299,6 +299,13 @@ extern "C" { }); } + NK_C_API uint32_t NK_device_serial_number_as_u32() { + auto m = NitrokeyManager::instance(); + return get_with_result([&]() { + return m->get_serial_number_as_u32(); + }); + } + NK_C_API char * NK_get_hotp_code(uint8_t slot_number) { return NK_get_hotp_code_PIN(slot_number, ""); } diff --git a/NK_C_API.h b/NK_C_API.h index d5c54a3..df3e992 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -385,6 +385,14 @@ extern "C" { */ NK_C_API char * NK_device_serial_number(); + /** + * Return the device's serial number string as an integer. Use + * NK_last_command_status to check for an error if this function + * returns zero. + * @return device's serial number as an integer + */ + NK_C_API uint32_t NK_device_serial_number_as_u32(); + /** * Get last command processing status. Useful for commands which returns the results of their own and could not return * an error code. diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 99d7b1f..d25a50e 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -704,6 +704,13 @@ def test_get_serial_number(C): print(('Serial number of the device: ', sn)) +@pytest.mark.status +def test_get_serial_number_as_u32(C): + sn = C.NK_device_serial_number_as_u32() + assert sn > 0 + print(('Serial number of the device (u32): ', sn)) + + @pytest.mark.otp @pytest.mark.parametrize("secret", ['000001', '00'*10+'ff', '00'*19+'ff', '000102', '00'*29+'ff', '00'*39+'ff', '002EF43F51AFA97BA2B46418768123C9E1809A5B' ]) @@ -1038,4 +1045,4 @@ def test_OTP_all_rw(C): this_loop_codes.append(('H', i, code)) all_codes.append(this_loop_codes) from pprint import pprint - pprint(all_codes) \ No newline at end of file + pprint(all_codes) -- cgit v1.2.3 From 2a7b3f4e2ae09d665f9783030323dfb1a4c5ee9f Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 2 Apr 2020 15:51:25 +0200 Subject: Add missing free functions to C API This patch adds two missing free functions, NK_free_config and NK_free_password_safe_slot_status, to enable memory-safe use of the C API. Fixes #173. --- NK_C_API.cc | 8 ++++++++ NK_C_API.h | 14 ++++++++++++++ unittest/test_memory.c | 4 ++-- 3 files changed, 24 insertions(+), 2 deletions(-) (limited to 'NK_C_API.cc') diff --git a/NK_C_API.cc b/NK_C_API.cc index 1d3fa3a..0b7f5f7 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -226,6 +226,10 @@ extern "C" { }); } + NK_C_API void NK_free_config(uint8_t* config) { + delete[] config; + } + NK_C_API enum NK_device_model NK_get_device_model() { auto m = NitrokeyManager::instance(); @@ -448,6 +452,10 @@ extern "C" { } + NK_C_API void NK_free_password_safe_slot_status(uint8_t* status) { + delete[] status; + } + NK_C_API uint8_t NK_get_user_retry_count() { auto m = NitrokeyManager::instance(); return get_with_result([&]() { diff --git a/NK_C_API.h b/NK_C_API.h index d5c54a3..c4cb448 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -451,6 +451,7 @@ extern "C" { /** * Get currently set config - status of function Numlock/Capslock/Scrollock OTP sending and is enabled PIN protected OTP + * The return value must be freed using NK_free_config. * @see NK_write_config * @return uint8_t general_config[5]: * uint8_t numlock; @@ -462,6 +463,12 @@ extern "C" { */ NK_C_API uint8_t* NK_read_config(); + /** + * Free a value returned by NK_read_config. May be called with a NULL + * argument. + */ + NK_C_API void NK_free_config(uint8_t* config); + //OTP /** @@ -634,10 +641,17 @@ extern "C" { /** * Get password safe slots' status + * The return value must be freed using NK_free_password_safe_slot_status. * @return uint8_t[16] slot statuses - each byte represents one slot with 0 (not programmed) and 1 (programmed) */ NK_C_API uint8_t * NK_get_password_safe_slot_status(); + /** + * Free a value returned by NK_get_password_safe_slot_status. May be + * called with a NULL argument. + */ + NK_C_API void NK_free_password_safe_slot_status(uint8_t* status); + /** * Get password safe slot name * @param slot_number password safe slot number, slot_number<16 diff --git a/unittest/test_memory.c b/unittest/test_memory.c index 34ea7d5..20b11b2 100644 --- a/unittest/test_memory.c +++ b/unittest/test_memory.c @@ -44,7 +44,7 @@ int main() { uint8_t *config = NK_read_config(); if (config == NULL) return 1; - free(config); + NK_free_config(config); result = NK_enable_password_safe("123456"); if (result != 0) @@ -54,7 +54,7 @@ int main() { if (slot_status == NULL) { return 1; } - free(slot_status); + NK_free_password_safe_slot_status(slot_status); NK_logout(); -- cgit v1.2.3 From 0270a9b3de4b45fcfcb83f8e20a78702811d4192 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 2 Apr 2020 16:29:27 +0200 Subject: Add NK_config struct and read/write functions This patch adds the NK_config struct to the C API that stores the general configuration of a Nitrokey device. It also adds the NK_read_config_struct and NK_write_config_struct functions to make the API easier to use. While NK_write_config_struct is only a convenience method, NK_read_config_struct makes the API more safe as the user no longer has to read the data from a pointer to an array. This patch also extends the test_read_write_config test case with the two new functions. --- NK_C_API.cc | 21 +++++++++++++++++++++ NK_C_API.h | 43 +++++++++++++++++++++++++++++++++++++++++++ unittest/test_pro.py | 26 +++++++++++++++++++++++++- 3 files changed, 89 insertions(+), 1 deletion(-) (limited to 'NK_C_API.cc') diff --git a/NK_C_API.cc b/NK_C_API.cc index 1d3fa3a..d993671 100644 --- a/NK_C_API.cc +++ b/NK_C_API.cc @@ -217,6 +217,12 @@ extern "C" { }); } + NK_C_API int NK_write_config_struct(struct NK_config config, + const char *admin_temporary_password) { + return NK_write_config(config.numlock, config.capslock, config.scrolllock, config.enable_user_password, + config.disable_user_password, admin_temporary_password); + } + NK_C_API uint8_t* NK_read_config() { auto m = NitrokeyManager::instance(); @@ -226,6 +232,21 @@ extern "C" { }); } + NK_C_API int NK_read_config_struct(struct NK_config* out) { + if (out == nullptr) { + return -1; + } + auto m = NitrokeyManager::instance(); + return get_without_result([&]() { + auto v = m->read_config(); + out->numlock = v[0]; + out->capslock = v[1]; + out->scrolllock = v[2]; + out->enable_user_password = v[3]; + out->disable_user_password = v[4]; + }); + } + NK_C_API enum NK_device_model NK_get_device_model() { auto m = NitrokeyManager::instance(); diff --git a/NK_C_API.h b/NK_C_API.h index d5c54a3..6aab7ca 100644 --- a/NK_C_API.h +++ b/NK_C_API.h @@ -265,6 +265,32 @@ extern "C" { uint8_t write_level_max; }; + /** + * The general configuration of a Nitrokey device. + */ + struct NK_config { + /** + * value in range [0-1] to send HOTP code from slot 'numlock' after double pressing numlock + * or outside the range to disable this function + */ + uint8_t numlock; + /** + * similar to numlock but with capslock + */ + uint8_t capslock; + /** + * similar to numlock but with scrolllock + */ + uint8_t scrolllock; + /** + * True to enable OTP PIN protection (require PIN each OTP code request) + */ + bool enable_user_password; + /** + * Unused. + */ + bool disable_user_password; + }; struct NK_storage_ProductionTest{ uint8_t FirmwareVersion_au8[2]; @@ -449,6 +475,14 @@ extern "C" { NK_C_API int NK_write_config(uint8_t numlock, uint8_t capslock, uint8_t scrolllock, bool enable_user_password, bool delete_user_password, const char *admin_temporary_password); + /** + * Write general config to the device + * @param config the configuration data + * @param admin_temporary_password current admin temporary password + * @return command processing error code + */ + NK_C_API int NK_write_config_struct(struct NK_config config, const char *admin_temporary_password); + /** * Get currently set config - status of function Numlock/Capslock/Scrollock OTP sending and is enabled PIN protected OTP * @see NK_write_config @@ -462,6 +496,15 @@ extern "C" { */ NK_C_API uint8_t* NK_read_config(); + /** + * Get currently set config and write it to the given pointer. + * @see NK_read_config + * @see NK_write_config_struct + * @param out a pointer to the struct that should be written to + * @return command processing error code + */ + NK_C_API int NK_read_config_struct(struct NK_config* out); + //OTP /** diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 99d7b1f..e61d8bf 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -647,6 +647,30 @@ def test_read_write_config(C): config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) assert config == (0, 1, 2, True, False) + # use structs: read I + config_st = ffi.new('struct NK_config *') + if not config_st: + raise Exception("Could not allocate config") + assert C.NK_read_config_struct(config_st) == DeviceErrorCode.STATUS_OK + assert config_st.numlock == 0 + assert config_st.capslock == 1 + assert config_st.scrolllock == 2 + assert config_st.enable_user_password + assert not config_st.disable_user_password + + # use structs: write + config_st.numlock = 3 + assert C.NK_write_config_struct(config_st[0], DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + # use structs: read II + err = C.NK_read_config_struct(config_st) + assert err == 0 + assert config_st.numlock == 3 + assert config_st.capslock == 1 + assert config_st.scrolllock == 2 + assert config_st.enable_user_password + assert not config_st.disable_user_password + # restore defaults and check assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK @@ -1038,4 +1062,4 @@ def test_OTP_all_rw(C): this_loop_codes.append(('H', i, code)) all_codes.append(this_loop_codes) from pprint import pprint - pprint(all_codes) \ No newline at end of file + pprint(all_codes) -- cgit v1.2.3