1 /* 2 * Copyright (c) 2015-2018 Nitrokey UG 3 * 4 * This file is part of libnitrokey. 5 * 6 * libnitrokey is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU Lesser General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * any later version. 10 * 11 * libnitrokey is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public License 17 * along with libnitrokey. If not, see <http://www.gnu.org/licenses/>. 18 * 19 * SPDX-License-Identifier: LGPL-3.0 20 */ 21 22 #ifndef LIBNITROKEY_NITROKEYMANAGER_H 23 #define LIBNITROKEY_NITROKEYMANAGER_H 24 25 #include "device.h" 26 #include "log.h" 27 #include "device_proto.h" 28 #include "stick10_commands.h" 29 #include "stick10_commands_0.8.h" 30 #include "stick20_commands.h" 31 #include <vector> 32 #include <memory> 33 #include <unordered_map> 34 35 namespace nitrokey { 36 using namespace nitrokey::device; 37 using namespace std; 38 using namespace nitrokey::proto::stick10; 39 using namespace nitrokey::proto::stick20; 40 using namespace nitrokey::proto; 41 using namespace nitrokey::log; 42 43 44 #ifdef __WIN32 45 char * strndup(const char* str, size_t maxlen); 46 #endif 47 48 class NitrokeyManager { 49 public: 50 static shared_ptr <NitrokeyManager> instance(); 51 52 bool first_authenticate(const char *pin, const char *temporary_password); 53 bool write_HOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter, 54 bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID, 55 const char *temporary_password); 56 bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, 57 bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID, 58 const char *temporary_password); 59 string get_HOTP_code(uint8_t slot_number, const char *user_temporary_password); 60 string get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, 61 uint8_t last_interval, 62 const char *user_temporary_password); 63 string get_TOTP_code(uint8_t slot_number, const char *user_temporary_password); 64 stick10::ReadSlot::ResponsePayload get_TOTP_slot_data(const uint8_t slot_number); 65 stick10::ReadSlot::ResponsePayload get_HOTP_slot_data(const uint8_t slot_number); 66 67 bool set_time(uint64_t time); 68 /** 69 * Set the device time used for TOTP to the given time. Contrary to 70 * {@code set_time(uint64_t)}, this command fails if {@code old_time} 71 * > {@code time} or if {@code old_time} is zero (where {@code 72 * old_time} is the current time on the device). 73 * 74 * @param time new device time as Unix timestamp (seconds since 75 * 1970-01-01) 76 */ 77 void set_time_soft(uint64_t time); 78 79 [[deprecated("get_time is deprecated -- use set_time_soft instead")]] 80 bool get_time(uint64_t time = 0); 81 bool erase_totp_slot(uint8_t slot_number, const char *temporary_password); 82 bool erase_hotp_slot(uint8_t slot_number, const char *temporary_password); 83 std::vector<DeviceInfo> list_devices(); 84 std::vector<std::string> list_devices_by_cpuID(); 85 86 /** 87 * Connect to the device using unique smartcard:datacard id. 88 * Needs list_device_by_cpuID() run first 89 * @param id Current ID of the target device 90 * @return true on success, false on failure 91 */ 92 bool connect_with_ID(const std::string id); 93 bool connect_with_path (std::string path); 94 bool connect(const char *device_model); 95 bool connect(device::DeviceModel device_model); 96 bool connect(); 97 bool disconnect(); 98 bool is_connected() throw() ; 99 bool could_current_device_be_enumerated(); 100 bool set_default_commands_delay(int delay); 101 102 DeviceModel get_connected_device_model() const; 103 void set_debug(bool state); 104 stick10::GetStatus::ResponsePayload get_status(); 105 string get_status_as_string(); 106 string get_serial_number(); 107 uint32_t get_serial_number_as_u32(); 108 109 char * get_totp_slot_name(uint8_t slot_number); 110 char * get_hotp_slot_name(uint8_t slot_number); 111 112 void change_user_PIN(const char *current_PIN, const char *new_PIN); 113 void change_admin_PIN(const char *current_PIN, const char *new_PIN); 114 115 void enable_password_safe(const char *user_pin); 116 117 vector <uint8_t> get_password_safe_slot_status(); 118 119 uint8_t get_admin_retry_count(); 120 uint8_t get_user_retry_count(); 121 122 void lock_device(); 123 124 char * get_password_safe_slot_name(uint8_t slot_number); 125 char * get_password_safe_slot_password(uint8_t slot_number); 126 char * get_password_safe_slot_login(uint8_t slot_number); 127 128 void 129 write_password_safe_slot(uint8_t slot_number, const char *slot_name, const char *slot_login, 130 const char *slot_password); 131 132 void erase_password_safe_slot(uint8_t slot_number); 133 134 void user_authenticate(const char *user_password, const char *temporary_password); 135 136 void factory_reset(const char *admin_password); 137 138 void build_aes_key(const char *admin_password); 139 140 void unlock_user_password(const char *admin_password, const char *new_user_password); 141 142 void write_config(uint8_t numlock, uint8_t capslock, uint8_t scrolllock, bool enable_user_password, 143 bool delete_user_password, const char *admin_temporary_password); 144 145 vector<uint8_t> read_config(); 146 147 bool is_AES_supported(const char *user_password); 148 149 void unlock_encrypted_volume(const char *user_password); 150 void lock_encrypted_volume(); 151 152 void unlock_hidden_volume(const char *hidden_volume_password); 153 void lock_hidden_volume(); 154 155 /** 156 * Sets unencrypted volume read-only. 157 * Works until v0.48 (incl. v0.50), where User PIN was sufficient 158 * Does nothing otherwise. 159 * @param user_pin User PIN 160 */ 161 [[deprecated("Use set_unencrypted_read_only_admin instead.")]] 162 void set_unencrypted_read_only(const char *user_pin); 163 164 /** 165 * Sets unencrypted volume read-only. 166 * Works from v0.49 (except v0.50) accepts Admin PIN 167 * Does nothing otherwise. 168 * @param admin_pin Admin PIN 169 */ 170 void set_unencrypted_read_only_admin(const char *admin_pin); 171 172 /** 173 * Sets unencrypted volume read-write. 174 * Works until v0.48 (incl. v0.50), where User PIN was sufficient 175 * Does nothing otherwise. 176 * @param user_pin User PIN 177 */ 178 [[deprecated("Use set_unencrypted_read_write_admin instead")]] 179 void set_unencrypted_read_write(const char *user_pin); 180 181 /** 182 * Sets unencrypted volume read-write. 183 * Works from v0.49 (except v0.50) accepts Admin PIN 184 * Does nothing otherwise. 185 * @param admin_pin Admin PIN 186 */ 187 void set_unencrypted_read_write_admin(const char *admin_pin); 188 189 void export_firmware(const char *admin_pin); 190 void enable_firmware_update(const char *firmware_pin); 191 192 void clear_new_sd_card_warning(const char *admin_pin); 193 194 void fill_SD_card_with_random_data(const char *admin_pin); 195 196 uint8_t get_SD_card_size(); 197 198 void change_update_password(const char *current_update_password, const char *new_update_password); 199 200 void create_hidden_volume(uint8_t slot_nr, uint8_t start_percent, uint8_t end_percent, 201 const char *hidden_volume_password); 202 203 void send_startup(uint64_t seconds_from_epoch); 204 205 char * get_status_storage_as_string(); 206 stick20::DeviceConfigurationResponsePacket::ResponsePayload get_status_storage(); 207 208 char * get_SD_usage_data_as_string(); 209 std::pair<uint8_t,uint8_t> get_SD_usage_data(); 210 211 212 int get_progress_bar_value(); 213 214 ~NitrokeyManager(); 215 bool is_authorization_command_supported(); 216 bool is_320_OTP_secret_supported(); 217 218 219 template <typename S, typename A, typename T> 220 void authorize_packet(T &package, const char *admin_temporary_password, shared_ptr<Device> device); 221 uint8_t get_minor_firmware_version(); 222 223 explicit NitrokeyManager(); 224 void set_log_function(std::function<void(std::string)> log_function); 225 private: 226 227 static shared_ptr <NitrokeyManager> _instance; 228 std::shared_ptr<Device> device; 229 std::string current_device_id; 230 public: 231 const string get_current_device_id() const; 232 233 private: 234 std::unordered_map<std::string, shared_ptr<Device> > connected_devices; 235 std::unordered_map<std::string, shared_ptr<Device> > connected_devices_byID; 236 237 238 stick10::ReadSlot::ResponsePayload get_OTP_slot_data(const uint8_t slot_number); 239 bool is_valid_hotp_slot_number(uint8_t slot_number) const; 240 bool is_valid_totp_slot_number(uint8_t slot_number) const; 241 bool is_valid_password_safe_slot_number(uint8_t slot_number) const; 242 uint8_t get_internal_slot_number_for_hotp(uint8_t slot_number) const; 243 uint8_t get_internal_slot_number_for_totp(uint8_t slot_number) const; 244 bool erase_slot(uint8_t slot_number, const char *temporary_password); 245 char * get_slot_name(uint8_t slot_number); 246 247 template <typename ProCommand, PasswordKind StoKind> 248 void change_PIN_general(const char *current_PIN, const char *new_PIN); 249 250 void write_HOTP_slot_authorize(uint8_t slot_number, const char *slot_name, const char *secret, uint64_t hotp_counter, 251 bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID, 252 const char *temporary_password); 253 254 void write_TOTP_slot_authorize(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window, 255 bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID, 256 const char *temporary_password); 257 258 void write_OTP_slot_no_authorize(uint8_t internal_slot_number, const char *slot_name, const char *secret, 259 uint64_t counter_or_interval, 260 bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID, 261 const char *temporary_password) const; 262 bool _disconnect_no_lock(); 263 264 public: 265 bool set_current_device_speed(int retry_delay, int send_receive_delay); 266 void set_loglevel(Loglevel loglevel); 267 268 void set_loglevel(int loglevel); 269 270 /** 271 * Sets encrypted volume read-only. 272 * Supported from future versions of Storage. 273 * @param admin_pin Admin PIN 274 */ 275 void set_encrypted_volume_read_only(const char *admin_pin); 276 277 /** 278 * Sets encrypted volume read-write. 279 * Supported from future versions of Storage. 280 * @param admin_pin Admin PIN 281 */ 282 void set_encrypted_volume_read_write(const char *admin_pin); 283 284 uint8_t get_major_firmware_version(); 285 286 bool is_smartcard_in_use(); 287 288 /** 289 * Function to determine unencrypted volume PIN type 290 * @param minor_firmware_version 291 * @return Returns true, if set unencrypted volume ro/rw pin type is User, false otherwise. 292 */ 293 bool set_unencrypted_volume_rorw_pin_type_user(); 294 295 /** 296 * Blink red and green LED alternatively and infinitely (until device is reconnected). 297 */ 298 void wink(); 299 300 stick20::ProductionTest::ResponsePayload production_info(); 301 302 void enable_firmware_update_pro(const char *firmware_pin); 303 304 void change_firmware_update_password_pro(const char *firmware_pin_current, const char *firmware_pin_new); 305 bool is_internal_hotp_slot_number(uint8_t slot_number) const; 306 }; 307 } 308 309 310 311 #endif //LIBNITROKEY_NITROKEYMANAGER_H 312