aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2020-09-10 12:20:13 +0200
committerDaniel Mueller <deso@posteo.net>2020-09-12 14:11:05 -0700
commitca737e96c7688cc214e9cb514b18861b4671651c (patch)
treee4c2c35f35ed7acf2aaa7dc8dde41d4b7b1fbace
parentcce2ee3c72e680c14516979bfc0108ab2341141b (diff)
downloadnitrocli-ca737e96c7688cc214e9cb514b18861b4671651c.tar.gz
nitrocli-ca737e96c7688cc214e9cb514b18861b4671651c.tar.bz2
Add fill command to overwrite SD card
This patch adds the fill command that overwrites the SD card with random data. Similar to the reset command, we always require the user to enter the admin PIN even if is cached.
-rw-r--r--CHANGELOG.md2
-rw-r--r--doc/nitrocli.110
-rw-r--r--doc/nitrocli.1.pdfbin42350 -> 43024 bytes
-rw-r--r--src/args.rs2
-rw-r--r--src/commands.rs33
-rw-r--r--src/tests/fill.rs15
-rw-r--r--src/tests/mod.rs1
7 files changed, 63 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6a7cd93..ce3887c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@ Unreleased
device to connect to
- Added `--usb-path` option that restricts the USB path of the device to
connect to
+- Added the `fill` command that fills the SD card of a Nitrokey Storage device
+ with random data
- Added SD card usage information to the output of the `status` command for
Storage devices
- Bumped `structopt` dependency to `0.3.17`
diff --git a/doc/nitrocli.1 b/doc/nitrocli.1
index b07b36a..0b0a8fe 100644
--- a/doc/nitrocli.1
+++ b/doc/nitrocli.1
@@ -136,6 +136,16 @@ open.
.TP
\fBnitrocli hidden close
Close a hidden volume.
+.TP
+\fBnitrocli fill\fR
+Fills the SD card with random data, overwriting all existing data.
+This operation takes about one hour to finish for a 16 GB SD card.
+It cannot be cancelled, even if the \fBnitrocli\fR process is terminated before
+it finishes.
+
+This command requires the admin PIN.
+To avoid accidental calls of this command, the user has to enter the PIN even
+if it has been cached.
.SS One-time passwords
The Nitrokey Pro and the Nitrokey Storage support the generation of one-time
diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf
index be86627..fb41790 100644
--- a/doc/nitrocli.1.pdf
+++ b/doc/nitrocli.1.pdf
Binary files differ
diff --git a/src/args.rs b/src/args.rs
index 80abe17..4947825 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -79,6 +79,8 @@ Command! {
Config(ConfigArgs) => |ctx, args: ConfigArgs| args.subcmd.execute(ctx),
/// Interacts with the device's encrypted volume
Encrypted(EncryptedArgs) => |ctx, args: EncryptedArgs| args.subcmd.execute(ctx),
+ /// Fills the SD card with random data
+ Fill => crate::commands::fill,
/// Interacts with the device's hidden volume
Hidden(HiddenArgs) => |ctx, args: HiddenArgs| args.subcmd.execute(ctx),
/// Lists the attached Nitrokey devices
diff --git a/src/commands.rs b/src/commands.rs
index 07ba652..9af1853 100644
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -469,6 +469,39 @@ pub fn list(ctx: &mut Context<'_>, no_connect: bool) -> anyhow::Result<()> {
Ok(())
}
+/// Fill the SD card with random data
+pub fn fill(ctx: &mut Context<'_>) -> anyhow::Result<()> {
+ with_storage_device(ctx, |ctx, mut device| {
+ let pin_entry = pinentry::PinEntry::from(args::PinType::Admin, &device)?;
+
+ // Similar to reset, we want the user to re-enter the admin PIN even if is cached to avoid
+ // accidental data loss.
+ pinentry::clear(&pin_entry).context("Failed to clear cached secret")?;
+
+ try_with_pin(ctx, &pin_entry, |pin| {
+ device.fill_sd_card(&pin).context("Failed to fill SD card")
+ })?;
+
+ let mut last_progress = 0;
+ loop {
+ let status = device
+ .get_operation_status()
+ .context("Failed to query operation status")?;
+ match status {
+ nitrokey::OperationStatus::Ongoing(progress) => {
+ if last_progress != progress {
+ println!(ctx, "{}/100", progress)?;
+ }
+ last_progress = progress;
+ }
+ nitrokey::OperationStatus::Idle => break,
+ };
+ }
+
+ Ok(())
+ })
+}
+
/// Perform a factory reset.
pub fn reset(ctx: &mut Context<'_>) -> anyhow::Result<()> {
with_device(ctx, |ctx, mut device| {
diff --git a/src/tests/fill.rs b/src/tests/fill.rs
new file mode 100644
index 0000000..70ea081
--- /dev/null
+++ b/src/tests/fill.rs
@@ -0,0 +1,15 @@
+// fill.rs
+
+// Copyright (C) 2020 The Nitrocli Developers
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+use super::*;
+
+// Ignore this test as it takes about one hour to execute
+#[ignore]
+#[test_device(storage)]
+fn fill(model: nitrokey::Model) -> anyhow::Result<()> {
+ let res = Nitrocli::new().model(model).handle(&["fill"]);
+ assert!(res.is_ok());
+ Ok(())
+}
diff --git a/src/tests/mod.rs b/src/tests/mod.rs
index 631ffb0..e0a5b9a 100644
--- a/src/tests/mod.rs
+++ b/src/tests/mod.rs
@@ -9,6 +9,7 @@ use nitrokey_test::test as test_device;
mod config;
mod encrypted;
+mod fill;
mod hidden;
mod list;
mod lock;