-
Notifications
You must be signed in to change notification settings - Fork 22
/
report_protocol.h
298 lines (212 loc) · 9.33 KB
/
report_protocol.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
/*
* Author: Copyright (C) Andrzej Surowiec 2012
*
*
* This file is part of Nitrokey.
*
* Nitrokey is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* any later version.
*
* Nitrokey is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Nitrokey. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include "hotp.h"
#define FIRMWARE_VERSION (0x0F)
#define CMD_GET_STATUS 0x00
#define CMD_WRITE_TO_SLOT 0x01
#define CMD_READ_SLOT_NAME 0x02
#define CMD_READ_SLOT 0x03
#define CMD_GET_CODE 0x04
#define CMD_WRITE_CONFIG 0x05
#define CMD_ERASE_SLOT 0x06
#define CMD_FIRST_AUTHENTICATE 0x07
#define CMD_AUTHORIZE 0x08
#define CMD_GET_PASSWORD_RETRY_COUNT 0x09
#define CMD_SET_TIME 0x0B
#define CMD_TEST_COUNTER 0x0C
#define CMD_TEST_TIME 0x0D
#define CMD_USER_AUTHENTICATE 0x0E
#define CMD_GET_USER_PASSWORD_RETRY_COUNT 0x0F
#define CMD_USER_AUTHORIZE 0x10
#define CMD_UNLOCK_USER_PASSWORD 0x11
#define CMD_LOCK_DEVICE 0x12
#define CMD_FACTORY_RESET 0x13
#define CMD_CHANGE_USER_PIN 0x14
#define CMD_CHANGE_ADMIN_PIN 0x15
#define CMD_SEND_OTP_DATA 0x17
#define CMD_VERIFY_OTP_CODE 0x18
#define CMD_FIRMWARE_UPDATE 0x19
#define CMD_CHANGE_FIRMWARE_PASSWORD 0x1A
#define CMD_GET_RANDOM 0x1B
#define CMD_GET_PW_SAFE_SLOT_STATUS 0x60
#define CMD_GET_PW_SAFE_SLOT_NAME 0x61
#define CMD_GET_PW_SAFE_SLOT_PASSWORD 0x62
#define CMD_GET_PW_SAFE_SLOT_LOGINNAME 0x63
#define CMD_SET_PW_SAFE_SLOT_DATA_1 0x64
#define CMD_SET_PW_SAFE_SLOT_DATA_2 0x65
#define CMD_PW_SAFE_ERASE_SLOT 0x66
#define CMD_PW_SAFE_ENABLE 0x67
#define CMD_PW_SAFE_INIT_KEY 0x68
#define CMD_PW_SAFE_SEND_DATA 0x69
#define CMD_DETECT_SC_AES 0x6a
#define CMD_NEW_AES_KEY 0x6b
#define GET_PRO_DEBUG 0x6c
#define CMD_DATA_OFFSET 0x01
#define STATUS_READY 0x00
#define STATUS_BUSY 0x01
#define STATUS_ERROR 0x02
#define STATUS_RECEIVED_REPORT 0x03
#define CMD_STATUS_OK 0
#define CMD_STATUS_WRONG_CRC 1
#define CMD_STATUS_WRONG_SLOT 2
#define CMD_STATUS_SLOT_NOT_PROGRAMMED 3
#define CMD_STATUS_WRONG_PASSWORD 4
#define CMD_STATUS_NOT_AUTHORIZED 5
#define CMD_STATUS_TIMESTAMP_WARNING 6
#define CMD_STATUS_NO_NAME_ERROR 7
#define CMD_STATUS_NOT_SUPPORTED 8
#define CMD_STATUS_UNKNOWN_COMMAND 9
#define CMD_STATUS_AES_DEC_FAILED 10
#define CMD_STATUS_AES_CREATE_KEY_FAILED 11
#define CMD_STATUS_ERROR_CHANGING_USER_PASSWORD 12
#define CMD_STATUS_ERROR_CHANGING_ADMIN_PASSWORD 13
#define CMD_STATUS_ERROR_UNBLOCKING_PIN 14
/*
Output report size offset description 1 0 device status 1 1 last command's type 4 2 last command's CRC 1 6 last command's status 53 7 last
command's output 4 60 this report's CRC (with device status equal 0) */
#define OUTPUT_CMD_TYPE_OFFSET 1
#define OUTPUT_CMD_CRC_OFFSET 2
#define OUTPUT_CMD_STATUS_OFFSET 6
#define OUTPUT_CMD_RESULT_OFFSET 7
#define OUTPUT_CMD_RESULT_LENGTH 53
#define OUTPUT_CRC_OFFSET 60
#define CMD_TYPE_OFFSET 0
/*
CMD_WRITE_TO_SLOT
1b command type 1b slot number 15b slot name 20b secret 1b configuration flags 12b token id 1b keyboard layout 8b counter */
#define CMD_WTS_SLOT_NUMBER_OFFSET 1
#define CMD_WTS_SLOT_NAME_OFFSET 2
#define CMD_WTS_SECRET_OFFSET 17
#define CMD_WTS_CONFIG_OFFSET 37
#define CMD_WTS_TOKEN_ID_OFFSET 38
#define CMD_WTS_COUNTER_OFFSET 51
/*
CMD_READ_SLOT
1b command type 1b slot number
*/
#define CMD_RS_SLOT_NUMBER_OFFSET 1
#define CMD_RS_OUTPUT_COUNTER_OFFSET 34
/*
CMD_GET_CODE
report: 1b command type 1b slot number 8b challenge (for TOTP slot only)
output: 4b generated OTP 1b config flags 13b tokenID
*/
#define CMD_GC_SLOT_NUMBER_OFFSET (1)
#define CMD_GC_CHALLENGE_OFFSET (CMD_GC_SLOT_NUMBER_OFFSET + 1)
#define CMD_GC_PASSWORD_OFFSET (CMD_GC_CHALLENGE_OFFSET + 8 + 8 + 1)
/*
* CMD_GET_PASSWORD_RETRY_COUNT
*
* output:
* 1b number of password tries left
*/
/*
CMD_WRITE_CONFIG
report: 1b command type 1b Numlock slot 1b Capslock slot 1b Scrolllock slot
output:
*/
/*
CMD_FIRST_AUTHENTICATE
report: 1b command type 25b card password 25b new temporary password
*/
extern __IO uint8_t device_status;
uint8_t parse_report (uint8_t * report, uint8_t * output);
uint8_t cmd_get_status (uint8_t * report, uint8_t * output);
uint8_t cmd_write_to_slot (OTP_slot *new_slot_data, uint8_t * output);
uint8_t cmd_read_slot_name (uint8_t * report, uint8_t * output);
uint8_t cmd_read_slot (uint8_t * report, uint8_t * output);
uint8_t cmd_get_code (uint8_t * report, uint8_t * output);
uint8_t cmd_verify_code(uint8_t *report, uint8_t *output);
uint8_t cmd_write_config (uint8_t * report, uint8_t * output);
uint8_t cmd_erase_slot (uint8_t * report, uint8_t * output);
uint8_t cmd_first_authenticate (uint8_t * report, uint8_t * output);
uint8_t cmd_get_password_retry_count (uint8_t * report, uint8_t * output);
uint8_t cmd_user_authenticate (uint8_t * report, uint8_t * output);
uint8_t cmd_factory_reset (uint8_t * report, uint8_t * output);
uint8_t cmd_get_user_password_retry_count (uint8_t * report, uint8_t * output);
uint8_t cmd_set_time (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeStatus (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeSlotName (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeSlotPassword (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeSlotLoginName (uint8_t * report, uint8_t * output);
uint8_t cmd_setPasswordSafeSetSlotData_1 (uint8_t * report, uint8_t * output);
uint8_t cmd_setPasswordSafeSetSlotData_2 (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeEraseSlot (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeEnable (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeInitKey (uint8_t * report, uint8_t * output);
uint8_t cmd_getPasswordSafeSendData (uint8_t * report, uint8_t * output);
uint8_t cmd_detectSmartCardAES (uint8_t * report, uint8_t * output);
uint8_t cmd_newAesKey (uint8_t * report, uint8_t * output);
uint8_t cmd_lockDevice (uint8_t * report, uint8_t * output);
uint8_t cmd_change_user_pin (uint8_t * report, uint8_t * output);
uint8_t cmd_change_admin_pin (uint8_t * report, uint8_t * output);
uint8_t cmd_unblock_pin (uint8_t * report, uint8_t * output);
uint8_t cmd_getProDebug (uint8_t * report, uint8_t * output);
uint8_t cmd_enableFirmwareUpdate(uint8_t *report, uint8_t *output);
uint8_t cmd_changeFirmwarePassword(uint8_t *report, uint8_t *output);
uint8_t cmd_get_random(const uint8_t *const report, uint8_t *const output);
// START - OTP Test Routine --------------------------------
/*
uint8_t cmd_test_counter(uint8_t *report,uint8_t *output); uint8_t cmd_test_time(uint8_t *report,uint8_t *output); */
// END - OTP Test Routine ----------------------------------
#define __packed __attribute__((__packed__))
typedef struct {
uint8_t _command_type;
uint8_t temporary_admin_password[25];
uint8_t slot_number;
union {
uint64_t slot_counter_or_interval;
uint8_t slot_counter_s[8];
} __packed;
union {
uint8_t _slot_config;
struct {
bool use_8_digits : 1;
bool use_enter : 1;
bool use_tokenID : 1;
};
};
union {
uint8_t slot_token_id[13]; /** OATH Token Identifier */
struct { /** @see https://openauthentication.org/token-specs/ */
uint8_t omp[2];
uint8_t tt[2];
uint8_t mui[8];
uint8_t keyboard_layout; //disabled feature in nitroapp as of 20160805
} slot_token_fields;
};
} __packed write_to_slot_payload;
static const int CMD_WRITE_CONFIG_PASSWORD_OFFSET = 6;
static const int CMD_ERASE_SLOT_PASSWORD_OFFSET = 2;
typedef struct {
uint8_t temporary_admin_password[25];
uint8_t type; //0-secret, 1-name
uint8_t id; //multiple reports
uint8_t data[30]; //data, does not need null termination
} __packed cmd_send_OTP_data;
typedef struct {
uint32_t otp_code_to_verify;
} __packed cmd_query_verify_code;
#include <stddef.h>
size_t s_min(size_t a, size_t b);
bool is_HOTP_slot_programmed(int slot_no);
bool is_TOTP_slot_programmed(int slot_no);
void wink_correct(bool correct);