aboutsummaryrefslogtreecommitdiff
path: root/nitrokey/src
diff options
context:
space:
mode:
Diffstat (limited to 'nitrokey/src')
-rw-r--r--nitrokey/src/auth.rs5
-rw-r--r--nitrokey/src/device.rs130
-rw-r--r--nitrokey/src/lib.rs9
-rw-r--r--nitrokey/src/pws.rs29
-rw-r--r--nitrokey/src/util.rs26
5 files changed, 181 insertions, 18 deletions
diff --git a/nitrokey/src/auth.rs b/nitrokey/src/auth.rs
index a129bd8..3280924 100644
--- a/nitrokey/src/auth.rs
+++ b/nitrokey/src/auth.rs
@@ -149,7 +149,10 @@ where
A: AuthenticatedDevice<D>,
T: Fn(*const i8, *const i8) -> c_int,
{
- let temp_password = generate_password(TEMPORARY_PASSWORD_LENGTH);
+ let temp_password = match generate_password(TEMPORARY_PASSWORD_LENGTH) {
+ Ok(temp_password) => temp_password,
+ Err(err) => return Err((device, err)),
+ };
let password = match get_cstring(password) {
Ok(password) => password,
Err(err) => return Err((device, err)),
diff --git a/nitrokey/src/device.rs b/nitrokey/src/device.rs
index f247f58..9813c50 100644
--- a/nitrokey/src/device.rs
+++ b/nitrokey/src/device.rs
@@ -208,6 +208,38 @@ pub struct VolumeStatus {
pub active: bool,
}
+/// Information about the SD card in a Storage device.
+#[derive(Debug)]
+pub struct SdCardData {
+ /// The serial number of the SD card.
+ pub serial_number: u32,
+ /// The size of the SD card in GB.
+ pub size: u8,
+ /// The year the card was manufactured, e. g. 17 for 2017.
+ pub manufacturing_year: u8,
+ /// The month the card was manufactured.
+ pub manufacturing_month: u8,
+ /// The OEM ID.
+ pub oem: u16,
+ /// The manufacturer ID.
+ pub manufacturer: u8,
+}
+
+#[derive(Debug)]
+/// Production information for a Storage device.
+pub struct StorageProductionInfo {
+ /// The major firmware version, e. g. 0 in v0.40.
+ pub firmware_version_major: u8,
+ /// The minor firmware version, e. g. 40 in v0.40.
+ pub firmware_version_minor: u8,
+ /// The internal firmware version.
+ pub firmware_version_internal: u8,
+ /// The serial number of the CPU.
+ pub serial_number_cpu: u32,
+ /// Information about the SD card.
+ pub sd_card: SdCardData,
+}
+
/// The status of a Nitrokey Storage device.
#[derive(Debug)]
pub struct StorageStatus {
@@ -566,7 +598,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
///
/// The AES key is used to encrypt the password safe and the encrypted volume. You may need
/// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg
- /// --card-edit`. You can also use it to destory the data stored in the password safe or on
+ /// --card-edit`. You can also use it to destroy the data stored in the password safe or on
/// the encrypted volume.
///
/// # Errors
@@ -1166,6 +1198,83 @@ impl Storage {
result.and(Ok(StorageStatus::from(raw_status)))
}
+ /// Returns the production information for the connected storage device.
+ ///
+ /// # Example
+ ///
+ /// ```no_run
+ /// # use nitrokey::CommandError;
+ ///
+ /// fn use_volume() {}
+ ///
+ /// # fn try_main() -> Result<(), CommandError> {
+ /// let device = nitrokey::Storage::connect()?;
+ /// match device.get_production_info() {
+ /// Ok(data) => {
+ /// println!("SD card ID: {:#x}", data.sd_card.serial_number);
+ /// println!("SD card size: {} GB", data.sd_card.size);
+ /// },
+ /// Err(err) => println!("Could not get Storage production info: {}", err),
+ /// };
+ /// # Ok(())
+ /// # }
+ /// ```
+ pub fn get_production_info(&self) -> Result<StorageProductionInfo, CommandError> {
+ let mut raw_data = nitrokey_sys::NK_storage_ProductionTest {
+ FirmwareVersion_au8: [0, 2],
+ FirmwareVersionInternal_u8: 0,
+ SD_Card_Size_u8: 0,
+ CPU_CardID_u32: 0,
+ SmartCardID_u32: 0,
+ SD_CardID_u32: 0,
+ SC_UserPwRetryCount: 0,
+ SC_AdminPwRetryCount: 0,
+ SD_Card_ManufacturingYear_u8: 0,
+ SD_Card_ManufacturingMonth_u8: 0,
+ SD_Card_OEM_u16: 0,
+ SD_WriteSpeed_u16: 0,
+ SD_Card_Manufacturer_u8: 0,
+ };
+ let raw_result = unsafe { nitrokey_sys::NK_get_storage_production_info(&mut raw_data) };
+ let result = get_command_result(raw_result);
+ result.and(Ok(StorageProductionInfo::from(raw_data)))
+ }
+
+ /// Clears the warning for a new SD card.
+ ///
+ /// The Storage status contains a field for a new SD card warning. After a factory reset, the
+ /// field is set to true. After filling the SD card with random data, it is set to false.
+ /// This method can be used to set it to false without filling the SD card with random data.
+ ///
+ /// # Errors
+ ///
+ /// - [`InvalidString`][] if the provided password contains a null byte
+ /// - [`WrongPassword`][] if the provided admin password is wrong
+ ///
+ /// # Example
+ ///
+ /// ```no_run
+ /// # use nitrokey::CommandError;
+ ///
+ /// # fn try_main() -> Result<(), CommandError> {
+ /// let device = nitrokey::Storage::connect()?;
+ /// match device.clear_new_sd_card_warning("12345678") {
+ /// Ok(()) => println!("Cleared the new SD card warning."),
+ /// Err(err) => println!("Could not set the clear the new SD card warning: {}", err),
+ /// };
+ /// # Ok(())
+ /// # }
+ /// ```
+ ///
+ /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString
+ /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
+ pub fn clear_new_sd_card_warning(&self, admin_pin: &str) -> Result<(), CommandError> {
+ let admin_pin = get_cstring(admin_pin)?;
+ get_command_result(unsafe {
+ nitrokey_sys::NK_clear_new_sd_card_warning(admin_pin.as_ptr())
+ })
+ }
+
/// Blinks the red and green LED alternatively and infinitely until the device is reconnected.
pub fn wink(&self) -> Result<(), CommandError> {
get_command_result(unsafe { nitrokey_sys::NK_wink() })
@@ -1209,6 +1318,25 @@ impl Device for Storage {
impl GenerateOtp for Storage {}
+impl From<nitrokey_sys::NK_storage_ProductionTest> for StorageProductionInfo {
+ fn from(data: nitrokey_sys::NK_storage_ProductionTest) -> Self {
+ Self {
+ firmware_version_major: data.FirmwareVersion_au8[0],
+ firmware_version_minor: data.FirmwareVersion_au8[1],
+ firmware_version_internal: data.FirmwareVersionInternal_u8,
+ serial_number_cpu: data.CPU_CardID_u32,
+ sd_card: SdCardData {
+ serial_number: data.SD_CardID_u32,
+ size: data.SD_Card_Size_u8,
+ manufacturing_year: data.SD_Card_ManufacturingYear_u8,
+ manufacturing_month: data.SD_Card_ManufacturingMonth_u8,
+ oem: data.SD_Card_OEM_u16,
+ manufacturer: data.SD_Card_Manufacturer_u8,
+ },
+ }
+ }
+}
+
impl From<nitrokey_sys::NK_storage_status> for StorageStatus {
fn from(status: nitrokey_sys::NK_storage_status) -> Self {
StorageStatus {
diff --git a/nitrokey/src/lib.rs b/nitrokey/src/lib.rs
index c50b713..02a622b 100644
--- a/nitrokey/src/lib.rs
+++ b/nitrokey/src/lib.rs
@@ -98,8 +98,8 @@ use nitrokey_sys;
pub use crate::auth::{Admin, Authenticate, User};
pub use crate::config::Config;
pub use crate::device::{
- connect, connect_model, Device, DeviceWrapper, Model, Pro, Storage, StorageStatus, VolumeMode,
- VolumeStatus,
+ connect, connect_model, Device, DeviceWrapper, Model, Pro, SdCardData, Storage,
+ StorageProductionInfo, StorageStatus, VolumeMode, VolumeStatus,
};
pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};
pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
@@ -111,12 +111,13 @@ pub use crate::util::{CommandError, LogLevel};
/// version.
#[derive(Clone, Debug, PartialEq)]
pub struct Version {
- /// The library version as a string.
+ /// The Git library version as a string.
///
/// The library version is the output of `git describe --always` at compile time, for example
/// `v3.3` or `v3.4.1`. If the library has not been built from a release, the version string
/// contains the number of commits since the last release and the hash of the current commit, for
- /// example `v3.3-19-gaee920b`.
+ /// example `v3.3-19-gaee920b`. If the library has not been built from a Git checkout, this
+ /// string may be empty.
pub git: String,
/// The major library version.
pub major: u32,
diff --git a/nitrokey/src/pws.rs b/nitrokey/src/pws.rs
index ebd5fcd..28f0681 100644
--- a/nitrokey/src/pws.rs
+++ b/nitrokey/src/pws.rs
@@ -129,6 +129,14 @@ fn get_password_safe<'a>(
result.map(|()| PasswordSafe { _device: device })
}
+fn get_pws_result(s: String) -> Result<String, CommandError> {
+ if s.is_empty() {
+ Err(CommandError::SlotNotProgrammed)
+ } else {
+ Ok(s)
+ }
+}
+
impl<'a> PasswordSafe<'a> {
/// Returns the status of all password slots.
///
@@ -172,10 +180,12 @@ impl<'a> PasswordSafe<'a> {
/// Returns the name of the given slot (if it is programmed).
///
+ /// This method also returns a `SlotNotProgrammed` error if the name is empty.
+ ///
/// # Errors
///
/// - [`InvalidSlot`][] if the given slot is out of range
- /// - [`Undefined`][] if the slot is not programmed
+ /// - [`SlotNotProgrammed`][] if the slot is not programmed
///
/// # Example
///
@@ -199,17 +209,20 @@ impl<'a> PasswordSafe<'a> {
/// ```
///
/// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot
- /// [`Undefined`]: enum.CommandError.html#variant.Undefined
+ /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed
pub fn get_slot_name(&self, slot: u8) -> Result<String, CommandError> {
unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_name(slot)) }
+ .and_then(get_pws_result)
}
/// Returns the login for the given slot (if it is programmed).
///
+ /// This method also returns a `SlotNotProgrammed` error if the login is empty.
+ ///
/// # Errors
///
/// - [`InvalidSlot`][] if the given slot is out of range
- /// - [`Undefined`][] if the slot is not programmed
+ /// - [`SlotNotProgrammed`][] if the slot is not programmed
///
/// # Example
///
@@ -229,17 +242,20 @@ impl<'a> PasswordSafe<'a> {
/// ```
///
/// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot
- /// [`Undefined`]: enum.CommandError.html#variant.Undefined
+ /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed
pub fn get_slot_login(&self, slot: u8) -> Result<String, CommandError> {
unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_login(slot)) }
+ .and_then(get_pws_result)
}
/// Returns the password for the given slot (if it is programmed).
///
+ /// This method also returns a `SlotNotProgrammed` error if the password is empty.
+ ///
/// # Errors
///
/// - [`InvalidSlot`][] if the given slot is out of range
- /// - [`Undefined`][] if the slot is not programmed
+ /// - [`SlotNotProgrammed`][] if the slot is not programmed
///
/// # Example
///
@@ -259,9 +275,10 @@ impl<'a> PasswordSafe<'a> {
/// ```
///
/// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot
- /// [`Undefined`]: enum.CommandError.html#variant.Undefined
+ /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed
pub fn get_slot_password(&self, slot: u8) -> Result<String, CommandError> {
unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_password(slot)) }
+ .and_then(get_pws_result)
}
/// Writes the given slot with the given name, login and password.
diff --git a/nitrokey/src/util.rs b/nitrokey/src/util.rs
index cb109d0..567c478 100644
--- a/nitrokey/src/util.rs
+++ b/nitrokey/src/util.rs
@@ -4,7 +4,8 @@ use std::fmt;
use std::os::raw::{c_char, c_int};
use libc::{c_void, free};
-use rand::Rng;
+use rand_core::RngCore;
+use rand_os::OsRng;
/// Error types returned by Nitrokey device or by the library.
#[derive(Clone, Copy, Debug, PartialEq)]
@@ -44,6 +45,8 @@ pub enum CommandError {
InvalidHexString,
/// The target buffer was smaller than the source.
TargetBufferTooSmall,
+ /// An error occurred during random number generation.
+ RngError,
}
/// Log level for libnitrokey.
@@ -80,10 +83,13 @@ pub fn result_from_string(ptr: *const c_char) -> Result<String, CommandError> {
unsafe {
let s = owned_str_from_ptr(ptr);
free(ptr as *mut c_void);
+ // An empty string can both indicate an error or be a valid return value. In this case, we
+ // have to check the last command status to decide what to return.
if s.is_empty() {
- return Err(get_last_error());
+ get_last_result().map(|_| s)
+ } else {
+ Ok(s)
}
- return Ok(s);
}
}
@@ -106,10 +112,11 @@ pub fn get_last_error() -> CommandError {
};
}
-pub fn generate_password(length: usize) -> Vec<u8> {
+pub fn generate_password(length: usize) -> Result<Vec<u8>, CommandError> {
+ let mut rng = OsRng::new()?;
let mut data = vec![0u8; length];
- rand::thread_rng().fill(&mut data[..]);
- return data;
+ rng.fill_bytes(&mut data[..]);
+ Ok(data)
}
pub fn get_cstring<T: Into<Vec<u8>>>(s: T) -> Result<CString, CommandError> {
@@ -146,6 +153,7 @@ impl CommandError {
"The supplied string is not in hexadecimal format".into()
}
CommandError::TargetBufferTooSmall => "The target buffer is too small".into(),
+ CommandError::RngError => "An error occurred during random number generation".into(),
}
}
}
@@ -178,6 +186,12 @@ impl From<c_int> for CommandError {
}
}
+impl From<rand_core::Error> for CommandError {
+ fn from(_error: rand_core::Error) -> Self {
+ CommandError::RngError
+ }
+}
+
impl Into<i32> for LogLevel {
fn into(self) -> i32 {
match self {