aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Supply ExecCtx to op used in with_* and try_with_* functionsDaniel Mueller2019-07-14
| | | | | | | With an upcoming change we will require an ExecCtx in one of the op functions passed to the with_* and try_with_* functionality. To allow for such cases, this change adjusts the signature of those functions to provide a reference to such a context.
* Introduce TryInto<T> traitRobin Krahl2019-08-13
| | | | | | | | | | | This change introduces a new trait, TryInto, to the crate. In the future this trait will allow us to keep a flexible set of error result types from the various try_with_* functions, which use a certain nitrokey error variant to check for the entry of a wrong secret. Note that while a TryInto trait exists in Rust's standard library, that was not found to be helpful because we have no way to define it for nitrkey crate's error type. Because of that, we will always have a mismatch between our internal error and std::convert::Infallible.
* Introduce with_*device functionalityDaniel Mueller2019-07-14
| | | | | | | | | | | | | | | | | | The upcoming nitrokey 0.4 release changes the way a device handle can be acquired, requiring a manager instance for doing so in an attempt to prevent users from opening multiple sessions (which is not something that libnitrokey supports). A straight integration of the reworked API surface into our program would severely complicate the architecture because of the additional requirement of keeping a manager object around while a device is being used. To make the program more amenable to those changes in nitrokey, this patch reworks the way we interact with a device handle: instead of passing the device object around we pass in the functionality making use of it in the form of a function. In more concrete terms, instead of retrieving a device handle via get_device() we now have a with_device() function that takes care of opening the device and then passing it to a user-provided function.
* Use FnMut over Fn in try_with_* and authenticate functionsDaniel Mueller2019-07-14
| | | | | | | | | The try_with_* and authenticate functions accept a user-supplied function to work with. Currently this function is declared as Fn. That, however, is unnecessarily restrictive. With this change we declare said function an FnMut instead, which allows it to potentially capture variables from its environment in a mutable manner.
* Downgrade crate-level lints to 'warn'Daniel Mueller2019-07-13
| | | | | | | | | | | | | We recently fixed a compilation failure in some test code caused by a use declaration that was ultimately unused. To this point we were under the impression that there was a set of lints that were known to be potentially changing in backwards incompatible ways while others would not. Discovery of unused use declarations or symbols was always assumed to fall into the latter category. Because such a build breakage due to semantic change in what a lint can detect by now is a repeated pattern (with dire consequences), this change downgrades all 'deny'-style lints to warnings in order to prevent similar problems in the future.
* Include Nitrokey model in error message when no device is foundDaniel Mueller2019-07-14
| | | | | | | | For functionality that explicitly works with the storage device we emit an error message stating that a "Nitrokey Storage" device could not be found. When the user chooses the model using the -m/--model argument that is not the case. With this patch we adjust the error message printed.
* Use map_err over or_else to convert errorsDaniel Mueller2019-07-14
| | | | | This patch replaces two cases where we use Result::or_else over the more idiomatic (and shorter) Result::map_err for converting errors.
* Remove explicit change of global allocatorDaniel Mueller2019-06-17
| | | | | | | | | | This change removes the explicit change of the global allocator to the system allocator that we introduced a while back. The reason this was needed in the past was due to Rust's use of jemalloc in the default configuration, which increases binary size quite significantly. However, with Rust issue #36963 fixed, jemalloc is now an explicit opt-in and the system allocator is the default choice -- rendering our explicit change rather pointless.
* Improve error message when gpg-connect-agent cannot be foundDaniel Mueller2019-06-14
| | | | | | | | | | | When the gpg-connect-agent binary is not available on the system we report an error that is really only hinting at the problem and without knowing internals it is hard to guess what may be wrong: $ nitrocli pws get 0 > IO error: No such file or directory (os error 2) This change adjusts the code to make the error less ambiguous and more to the point.
* Add support for changing read-write mode of unencrypted volumeDaniel Mueller2019-06-08
| | | | | | | This change adds support for changing the read-write mode of the unencrypted volume. To do so, we introduce a new top-level command, unencrypted, with a new subcommand, set, that accepts the new mode of the volume.
* Reword an incorrect error messageDaniel Mueller2019-06-08
| | | | | | | | | This change rewords the error message that is emitted if the lock command fails. The old message was incorrectly stating a problem with the retrieval of the device's status. While at it, also slightly rephrase the description for the hidden command to be more in line with that of the other storage commands, and replace lowercase 'nitrokey' with a capitalized one in a few comments.
* Remove deprecated --ascii option of otp set subcommandDaniel Mueller2019-05-27
| | | | | | | The --ascii option of the otp set subcommand has been deprecated a while in favor of --format. As the next release is slated to be a major one breaking backwards compatibility, this change removes this option for good.
* Rename storage command to encryptedDaniel Mueller2019-05-27
| | | | | | | | This change is the last step in the process of restructuring the storage command. In particular, now that functionality pertaining hidden volumes has been moved out into a dedicated top-level command, it renames said command to encrypted, because dealing with the encrypted volume is the only functionality it provides.
* Make storage hidden subcommand a top-level commandDaniel Mueller2019-05-27
| | | | | | This patch marks the next step in the process of restructuring the storage command. Specifically, it promotes the storage hidden subcommand to a top-level command, hidden.
* Move storage status subcommand into status commandDaniel Mueller2019-05-27
| | | | | | | | In an attempt to rework the structure of the storage command to better accommodate future requirements for allowing to change the read-write state of the unencrypted volume (as well as potentially the encrypted one), this change removes the storage status subcommand and merges its output into the storage command.
* Bump version to 0.2.4v0.2.4Daniel Mueller2019-06-01
| | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.4. The following notable changes have been made since 0.2.3: - Added the reset command to perform a factory reset - Added the -V/--version option to print the program's version - Check the status of a PWS slot before accessing it in pws get - Added NITROCLI_NO_CACHE environment variable to bypass caching of secrets - Clear cached PIN entry as part of pin set command to prevent spurious authentication failures - Bumped libc dependency to 0.2.57 - Bumped cc dependency to 1.0.37
* Update libc crate to 0.2.57Daniel Mueller2019-06-01
| | | | | | This change updates the libc crate to version 0.2.57. Import subrepo libc/:libc at cdc48ea36d8d2890dba38e8f779001e6855339a2
* Clear cached PIN entry as part of pin set commandDaniel Mueller2019-06-01
| | | | | | | | | | When a PIN is changed using the pin set command, the last action is to confirm the operation with the previously used PIN. This step will cause this PIN, which is now stale and no longer valid, to be cached, which in turn can cause follow up command using the same PIN type to use this wrong cached entry for authentication. To fix this problem, this change explicitly clear the PIN entry from the cache after the PIN has been changed.
* Allow for disabling of secret cachingDaniel Mueller2019-05-27
| | | | | | | | | | | | So far we have cached secrets in gpg-agent(1) whenever that made sense to do (i.e., for the two PINs in most contexts but not for passwords). While there is reason to believe that such caching is desired by the majority of users, not everybody has a use for it. To give users an opportunity to opt out of such caching, this change introduces a new environment variable, NITROCLI_NO_CACHE, that, when present in the environment, instructs the program to bypass the cache for all operations that require a secret and to instead inquire such secrets each time they are needed.
* Require trailing comma in Enum macro's inputDaniel Mueller2019-05-27
| | | | | | | | | | The input to the Enum macro is supposed to resemble the definition of an enum in Rust code. When manually defining an enum (or a struct for that matter), we typically terminate all branches with a comma, and don't just omit that on the last line. To mirror this behavior, this change adjusts the Enum macro to accept (and in fact, require) a comma-terminated last line as well, as opposed to not accepting it as had been the case so far.
* Update cc crate to 1.0.37Daniel Mueller2019-05-24
| | | | | | This change updates the cc crate to version 1.0.37. Import subrepo cc/:cc at cbf6d2f1312b6be22a7a363cf5c2a02acabc531f
* Update libc crate to 0.2.55Daniel Mueller2019-05-24
| | | | | | This change updates the libc crate to version 0.2.55. Import subrepo libc/:libc at caf17a0641d29dc624621177f5756804dd180c13
* Use full reference to AsRef in Enum macroDaniel Mueller2019-05-24
| | | | | | | | | Macros typically should reference types by their full path and not assume that they are in scope wherever the macro is expanded. We did missed one spot where AsRef was not fully qualified in the Enum macro. While that is not much of an issue here (and there may be more occurrences, e.g., in the auto derives) lets fix that up for the sake of consistency.
* Allow for unused doc comments on macrosDaniel Mueller2019-05-24
| | | | | | | | | | With Rust 1.35 we get compile errors due to doc comments that are added to macro invocations but not actually included in the expanded output. The rustc wrongly assumes that we want to document the resulting code and not just provide details about the invocation itself. This change explicitly allows for those cases. Alternatively we could have "downgraded" the doc comments to normal comments or removed them altogether. There is little difference between those alternatives.
* Add test case for --version optionRobin Krahl2019-02-17
| | | | | This change adds a test case for the -V/--version option to the suite of tests.
* Respect ctx.std{out,err} for version outputRobin Krahl2019-02-17
| | | | | | | | | | | | | Due to a bug in argparse [0], custom stdout and stderr settings are ignored when using argparse::Print, as we currently do for the --version option. This patch adds a workaround for this problem: Instead of using argparse::Print, we use argparse::StoreTrue for the --version option. The argument parsing will fail as the command is missing, but the version variable will still be set to true if the version option was set. So we ignore the parsing result and discard the argparse output if the version variable is set. [0] https://github.com/tailhook/rust-argparse/pull/50
* Remove args::parse_arguments functionDaniel Mueller2019-02-17
| | | | | | | | | The split between the parse_arguments and the handle_arguments functions is not really useful for reasoning about the code. In fact, it just adds additional overhead in the form of complex function signatures into the picture. As it provides no real other value, this change merges the functionality of both functions into a single one: handle_arguments.
* Use buffered writer in args::parse_argumentsRobin Krahl2019-02-17
| | | | | | | | | To be able to decide whether to print the argparse output depending on the result of the argument parsing, this patch wraps stdout and stderr in a BufWriter before invoking argparse. Our BufWriter implementation only writes to the inner Write if the flush method is called. This allows us to decide whether the buffered data should be written or silently dropped.
* Consume ArgumentParser object as part of parsingDaniel Mueller2019-02-08
| | | | | | | | | | We have introduced the parse function to unify the common parsing related tasks. In that vein, this change goes one step further and adjusts the function to actually consume the ArgumentParser object used by it. All clients using this function actually do not access the parser afterwards, and, in fact, some of them have to explicitly drop it because of borrow conflicts with "referred" arguments.
* Simplify error handling in the parse functionDaniel Mueller2019-02-08
| | | | | This patch changes the error handling in the args' module parse function to use the Result's map_err instead of a more verbose if let expression.
* Add Ubuntu package to README and doc/packaging.mdRobin Krahl2019-02-02
|
* Update libc crate to 0.2.48Daniel Mueller2019-01-29
| | | | | | This change updates the libc crate to version 0.2.48. Import subrepo libc/:libc at 42cd3ba27254c423e03f6f4324de57075047f6a0
* Update regex-syntax crate to 0.6.5Daniel Mueller2019-01-29
| | | | This change updates the regex-syntax crate to version 0.6.5.
* Update memchr crate to 2.1.3Daniel Mueller2019-01-29
| | | | This change updates the memchr crate to version 2.1.3.
* Update proc-macro2 crate to 0.4.26Daniel Mueller2019-01-29
| | | | This change updates the proc-macro2 crate to version 0.4.26.
* Update quote crate to 0.6.11Daniel Mueller2019-01-28
| | | | This change updates the quote crate to version 0.6.11.
* Update syn crate to 0.15.26Daniel Mueller2019-01-28
| | | | This change updates the syn crate to version 0.15.26.
* Add Debian package to package list in READMERobin Krahl2019-01-29
|
* Add test for pws get after factory resetRobin Krahl2019-01-26
| | | | | | | | The factory reset only clears the slot status. The slot content is overwritten with random data. Therefore accessing a PWS slot after a factory reset returns garbage data. We fixed this by always querying the status before accessing the PWS. This patch adds a corresponding test case.
* Check slot status before accessing the PWSRobin Krahl2019-01-26
| | | | | | | | | | | | The Nitrokey devices do not check whether a PWS slot is programmed before accessing it (upstream issues [0] [1]). Until this is fixed in the firmware, we have to manually check the slot status in pws get. This could have been done in libnitrokey or the nitrokey crate, yet this would lead to unnecessary commands if we check multiple fields of a slot at the same time. [0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56 [1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
* Add test case for the reset commandRobin Krahl2019-01-26
|
* Add the reset command to perform a factory resetRobin Krahl2019-01-26
| | | | | | After performing the factory reset, we also build the AES key so that the device is fully usable. Due to timing issue, we have to add a delay between the factory reset and building the AES key.
* Add the -V/--version optionRobin Krahl2019-01-26
| | | | | | | | The -V/--version option prints the nitrocli version to stdout and exits. In the future, it should also print the used libnitrokey version, but as the required function is only available with nitrokey 0.3.2 and as the current interface does not reflect the latest change in version naming, I skipped that in this patch.
* Bump version to 0.2.3v0.2.3Daniel Mueller2019-01-26
| | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.3. The following notable changes have been made since 0.2.2: - Added the storage hidden subcommand for working with hidden volumes - Store cached PINs on a per-device basis to better support multi-device scenarios - Further decreased binary size by using system allocator - Bumped nitrokey dependency to 0.3.4 - Bumped rand dependency to 0.6.4 - Removed rustc_version, semver, and semver-parser dependencies - Bumped nitrokey-sys dependency to 3.4.3 - Bumped libc dependency to 0.2.47
* Remove no longer used duplicate_associated_type_bindings lintDaniel Mueller2019-01-26
| | | | | | | The duplicate_associated_type_bindings lint seems to have been removed with the Rust 1.32 release. This change removes the lint from the program to prevent the newly introduced warning from being emitted.
* Document problems in conjunction with nitrokey-appRobin Krahl2019-01-26
| | | | | | If nitrokey-app is running, the device it connected to cannot be detected by other applications. This patch adds this issue to the list of known problems in the README.
* Exclude CI scripts and rustmft configRobin Krahl2019-01-26
| | | | | | | The CI scripts and the rustfmt configuration are only needed when developing. There is no point in distributing them in the package published on crates.io, so we exclude them from packaging using the exclude setting in Cargo.toml.
* Update libc crate to 0.2.47Daniel Mueller2019-01-22
| | | | | | This change updates the libc crate to version 0.2.47. Import subrepo libc/:libc at ce1dfcbf81bd74662b5cd02a9214818a0bfbbffa
* Update nitrokey crate to 0.3.4Daniel Mueller2019-01-22
| | | | | | This change updates the nitrokey crate to version 0.3.4. Import subrepo nitrokey/:nitrokey at 41cdc1f7091a3c442241dbb2379c50dbcc7e9c5f
* Add tests for the lock commandDaniel Mueller2019-01-20
| | | | | | | | | This change adds tests for the lock command. For the Nitrokey Pro we cannot test too much because the only side-effect is that the password safe is closed and it will be opened automatically again by virtue of our non-interactive testing methodology. For Storage devices we verify that the encrypted volume is closed, which is a documented side-effect.