summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nitrocli/src/args.rs6
-rw-r--r--nitrocli/src/commands.rs44
-rw-r--r--nitrocli/src/pinentry.rs2
3 files changed, 47 insertions, 5 deletions
diff --git a/nitrocli/src/args.rs b/nitrocli/src/args.rs
index 4c9ed52..0f4ef4f 100644
--- a/nitrocli/src/args.rs
+++ b/nitrocli/src/args.rs
@@ -315,7 +315,7 @@ fn storage_hidden_create(ctx: &mut ExecCtx<'_>, args: Vec<String>) -> Result<()>
parse(ctx, &parser, args)?;
drop(parser);
- Ok(())
+ commands::storage_hidden_create(ctx, slot, start, end)
}
fn storage_hidden_open(ctx: &mut ExecCtx<'_>, args: Vec<String>) -> Result<()> {
@@ -323,7 +323,7 @@ fn storage_hidden_open(ctx: &mut ExecCtx<'_>, args: Vec<String>) -> Result<()> {
parser.set_description("Opens a hidden volume on a Nitrokey Storage");
parse(ctx, &parser, args)?;
- Ok(())
+ commands::storage_hidden_open(ctx)
}
fn storage_hidden_close(ctx: &mut ExecCtx<'_>, args: Vec<String>) -> Result<()> {
@@ -331,7 +331,7 @@ fn storage_hidden_close(ctx: &mut ExecCtx<'_>, args: Vec<String>) -> Result<()>
parser.set_description("Closes the hidden volume on a Nitrokey Storage");
parse(ctx, &parser, args)?;
- Ok(())
+ commands::storage_hidden_close(ctx)
}
/// Execute a config subcommand.
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index 5af2a44..ab70e29 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -296,6 +296,10 @@ pub fn storage_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
let device = get_storage_device(ctx)?;
let pin_entry = pinentry::PinEntry::from(pinentry::PinType::User, &device)?;
+ // We may forcefully close a hidden volume, if active, so be sure to
+ // flush caches to disk.
+ unsafe { sync() };
+
try_with_pin(ctx, &pin_entry, "Opening encrypted volume failed", |pin| {
device.enable_encrypted_volume(&pin)
})
@@ -314,6 +318,46 @@ pub fn storage_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
.map_err(|err| get_error("Closing encrypted volume failed", err))
}
+/// Create a hidden volume.
+pub fn storage_hidden_create(
+ ctx: &mut args::ExecCtx<'_>,
+ slot: u8,
+ start: u8,
+ end: u8,
+) -> Result<()> {
+ let device = get_storage_device(ctx)?;
+ let pwd_entry = pinentry::PwdEntry::from(&device)?;
+ let pwd = pinentry::choose(&pwd_entry)?;
+
+ device
+ .create_hidden_volume(slot, start, end, &pwd)
+ .map_err(|err| get_error("Creating hidden volume failed", err))
+}
+
+/// Open a hidden volume.
+pub fn storage_hidden_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
+ let device = get_storage_device(ctx)?;
+ let pwd_entry = pinentry::PwdEntry::from(&device)?;
+ let pwd = pinentry::inquire(&pwd_entry, pinentry::Mode::Query, None)?;
+
+ // We may forcefully close an encrypted volume, if active, so be sure
+ // to flush caches to disk.
+ unsafe { sync() };
+
+ device
+ .enable_hidden_volume(&pwd)
+ .map_err(|err| get_error("Opening hidden volume failed", err))
+}
+
+/// Close a previously opened hidden volume.
+pub fn storage_hidden_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
+ unsafe { sync() };
+
+ get_storage_device(ctx)?
+ .disable_hidden_volume()
+ .map_err(|err| get_error("Closing hidden volume failed", err))
+}
+
/// Pretty print the status of a Nitrokey Storage.
fn print_storage_status(
ctx: &mut args::ExecCtx<'_>,
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs
index f8606ed..8370328 100644
--- a/nitrocli/src/pinentry.rs
+++ b/nitrocli/src/pinentry.rs
@@ -122,14 +122,12 @@ impl SecretEntry for PinEntry {
}
#[derive(Debug)]
-#[allow(unused)]
pub struct PwdEntry {
model: nitrokey::Model,
serial: String,
}
impl PwdEntry {
- #[allow(unused)]
pub fn from<D>(device: &D) -> crate::Result<Self>
where
D: nitrokey::Device,