diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | doc/nitrocli.1 | 10 | ||||
| -rw-r--r-- | doc/nitrocli.1.pdf | bin | 42350 -> 43024 bytes | |||
| -rw-r--r-- | src/args.rs | 2 | ||||
| -rw-r--r-- | src/commands.rs | 33 | ||||
| -rw-r--r-- | src/tests/fill.rs | 15 | ||||
| -rw-r--r-- | src/tests/mod.rs | 1 |
7 files changed, 63 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a7cd93..ce3887c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ Unreleased device to connect to - Added `--usb-path` option that restricts the USB path of the device to connect to +- Added the `fill` command that fills the SD card of a Nitrokey Storage device + with random data - Added SD card usage information to the output of the `status` command for Storage devices - Bumped `structopt` dependency to `0.3.17` diff --git a/doc/nitrocli.1 b/doc/nitrocli.1 index b07b36a..0b0a8fe 100644 --- a/doc/nitrocli.1 +++ b/doc/nitrocli.1 @@ -136,6 +136,16 @@ open. .TP \fBnitrocli hidden close Close a hidden volume. +.TP +\fBnitrocli fill\fR +Fills the SD card with random data, overwriting all existing data. +This operation takes about one hour to finish for a 16 GB SD card. +It cannot be cancelled, even if the \fBnitrocli\fR process is terminated before +it finishes. + +This command requires the admin PIN. +To avoid accidental calls of this command, the user has to enter the PIN even +if it has been cached. .SS One-time passwords The Nitrokey Pro and the Nitrokey Storage support the generation of one-time diff --git a/doc/nitrocli.1.pdf b/doc/nitrocli.1.pdf Binary files differindex be86627..fb41790 100644 --- a/doc/nitrocli.1.pdf +++ b/doc/nitrocli.1.pdf diff --git a/src/args.rs b/src/args.rs index 80abe17..4947825 100644 --- a/src/args.rs +++ b/src/args.rs @@ -79,6 +79,8 @@ Command! { Config(ConfigArgs) => |ctx, args: ConfigArgs| args.subcmd.execute(ctx), /// Interacts with the device's encrypted volume Encrypted(EncryptedArgs) => |ctx, args: EncryptedArgs| args.subcmd.execute(ctx), + /// Fills the SD card with random data + Fill => crate::commands::fill, /// Interacts with the device's hidden volume Hidden(HiddenArgs) => |ctx, args: HiddenArgs| args.subcmd.execute(ctx), /// Lists the attached Nitrokey devices diff --git a/src/commands.rs b/src/commands.rs index 07ba652..9af1853 100644 --- a/src/commands.rs +++ b/src/commands.rs @@ -469,6 +469,39 @@ pub fn list(ctx: &mut Context<'_>, no_connect: bool) -> anyhow::Result<()> { Ok(()) } +/// Fill the SD card with random data +pub fn fill(ctx: &mut Context<'_>) -> anyhow::Result<()> { + with_storage_device(ctx, |ctx, mut device| { + let pin_entry = pinentry::PinEntry::from(args::PinType::Admin, &device)?; + + // Similar to reset, we want the user to re-enter the admin PIN even if is cached to avoid + // accidental data loss. + pinentry::clear(&pin_entry).context("Failed to clear cached secret")?; + + try_with_pin(ctx, &pin_entry, |pin| { + device.fill_sd_card(&pin).context("Failed to fill SD card") + })?; + + let mut last_progress = 0; + loop { + let status = device + .get_operation_status() + .context("Failed to query operation status")?; + match status { + nitrokey::OperationStatus::Ongoing(progress) => { + if last_progress != progress { + println!(ctx, "{}/100", progress)?; + } + last_progress = progress; + } + nitrokey::OperationStatus::Idle => break, + }; + } + + Ok(()) + }) +} + /// Perform a factory reset. pub fn reset(ctx: &mut Context<'_>) -> anyhow::Result<()> { with_device(ctx, |ctx, mut device| { diff --git a/src/tests/fill.rs b/src/tests/fill.rs new file mode 100644 index 0000000..70ea081 --- /dev/null +++ b/src/tests/fill.rs @@ -0,0 +1,15 @@ +// fill.rs + +// Copyright (C) 2020 The Nitrocli Developers +// SPDX-License-Identifier: GPL-3.0-or-later + +use super::*; + +// Ignore this test as it takes about one hour to execute +#[ignore] +#[test_device(storage)] +fn fill(model: nitrokey::Model) -> anyhow::Result<()> { + let res = Nitrocli::new().model(model).handle(&["fill"]); + assert!(res.is_ok()); + Ok(()) +} diff --git a/src/tests/mod.rs b/src/tests/mod.rs index 631ffb0..e0a5b9a 100644 --- a/src/tests/mod.rs +++ b/src/tests/mod.rs @@ -9,6 +9,7 @@ use nitrokey_test::test as test_device; mod config; mod encrypted; +mod fill; mod hidden; mod list; mod lock; |