| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
| |
This patch introduces the `otp status` subcommand that lists all OTP
slots and their current status. To avoid hardcoding the number of slots
per type, we iterate all slots until we get an `InvalidSlot` error
(assuming that the set of valid slots is {0, ..., n} for some n). The
`status` command is quite slow as we have to query each slot separately.
|
|
|
|
| |
This patch implements the `otp clear` subcommand that erases an OTP slot.
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the `otp set` subcommand that configures an OTP
slot. There are two ways to specify an OTP secret: as a hexadecimal
string (that means that every two characters are interpreted as a
hexadecimal representation of one byte of the secret) or as an ASCII
string (that means that the ASCII code of every character is interpreted
as one byte of the secret). As the HOTP RFC mentions both
representations, this implementation supports both.
|
|
|
|
|
|
|
| |
This patch implements the `otp get` subcommand that allows the user to
generate a one-time password on the Nitrokey device. Before generating
the password, the device configuration is checked so that the user only
has to enter a PIN if it is required for the OTP generation.
|
|
|
|
|
| |
This patch adds the `otp` top-level command. Its subcommands provide
access to one-time passwords on the Nitrokey.
|
|
|
|
|
|
| |
This patch implements authentication with the user or admin PIN. This
is a preparation for the `otp get` and `otp set` commands which require
user and admin access to the Nitrokey.
|
|
|
|
|
|
| |
Currently, we only clear the user PIN if clear is called. This patch
changes the clear command to also clear the admin PIN as we will start
to use the admin PIN in upcoming patches.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, `open` directly calls the `pinentry` module and loops until
the user entered a correct passphrase or the retry limit is reached.
This patch moves the pinentry call and the loop into the
`try_with_passphrase_and_data` function. This function queries a
passphrase of a given type and executes a function with that passphrase.
This function has a data argument and may return data that is passed to
the next call of the function (if it failed).
This data-passing mechanism is required for the `nitrokey`
authentication functions: These functions take ownership of the device
and either return an authenticated device after successful
authentication, or an error including the unauthenticated device if the
authentication failed. This patch enables the usage of these functions
in future patches.
|
|
|
|
|
|
|
| |
Currently, invalid UTF-8 code points in the passphrase returned by
pinentry are replaced with replacement characters by
`String::from_utf8_lossy`. This patch changes the code to use
`String::from_utf8` and returns an UTF-8 error if encountered.
|
|
|
|
|
|
|
|
|
| |
This patch replaces the macro for argument parsing with
`argparse::ArgumentParser` from the argparse crate. It moves the
application logic to the `commands` module and the argument parsing to
the `options` module. An enum is used to represent the available
commands. The code is based on the `subcommands.rs` example shipped
with argparse.
|
|
|
|
|
|
|
| |
In order to prepare for the new argument parsing support based on the
argparse crate, this change factors out the existing code used for
responding to commands in a new file, commands.rs. No semantic change is
introduced.
|
|
|
|
|
|
|
|
|
| |
This patch adds the crate rust-argparse [0] in version 0.2.2 as a
dependency, as discussed in issue #4.
[0] https://github.com/tailhook/rust-argparse
Import subrepo argparse/:argparse at 0de60a5e6d9ee1a3570d6089afd3ccd6ed7480c5
|
|
|
|
|
|
|
| |
Spaces in the arguments for gpg-connect-agent’s `GET_PASSPHRASE` command
have to be esaced using a plus sign. Somehow this was missing for the
prompt argument. This patch adds escaping for the prompt so that the
pinentry dialog is displayed correctly.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past we have used the 'devel' branch for more or less early
development work that includes the occasional rebase to fix up mistakes
and keep the history clean. That is a non-starter when it comes to
tagging signed releases, which we have introduced recently.
Hence, there is no point in diverging from what the rest of the world is
doing by using a branch name other than 'master' as the main development
vehicle.
By now we have introduced two dependencies on the branch name into the
code base, which this change fixes up.
|
|
|
|
|
|
|
|
|
|
|
| |
This change enables automated code format checking by means of the
rustfmt program in the Gitlab CI pipeline. The check is performed in a
third job in the hope that this helps identify problems more easily:
users can see which of the jobs failed and focus on them in isolation,
as opposed to having a single log file or, worse, just the results of
the stages up to the first failure.
This patch resolves issue #17.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An automated code formatter can help tremendously in reducing the amount
of cognitive energy wasted on thinking about the "best" formatting of
code as well as the number of nitpicks reviews typically get -- the
format is machine checked (and enforced) and there is usually little to
no discussion about the validity.
To reach the goal of having such automated enforcement, we want to run
the rustfmt tool as part of the CI pipeline. With rustfmt having reached
1.0 recently, the believe is that by now the formatting is reasonably
stable and usable for this purpose.
In that light, this change formats the code using rustfmt and prepares
for such an automated style check.
|
|
|
|
|
| |
This patch adds a new target to the pipeline that installs clippy and
then uses it to check for various potential problems in the crate.
|
|
|
|
|
|
|
| |
After the switch to using the nitrokey crate for communication with the
device, we have to warnings standing in the way of enabling clippy
unconditionally for the nitrocli crate. This change fixes those two
warnings.
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds another two badges to the repository. The first one
simply lists the most recent version of the crate as published on
crates.io. The second one states the minimum version of rustc that is
required for building. We have recently switched to using Rust 2018 and
with that we have a requirement for version 1.31 of the toolchain. In
the future the hope is that now that we have a proper CI/CD pipeline
based off of Docker images we should be able to build on past versions
of Rust, even if they are not used during development.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a configuration file for the Gitlab CI/CD pipeline to
the repository. This file (directly or indirectly) controls the
environment in which to build, what exactly to build, and ultimately
would also be used to define what tests to run.
With the pipeline in place the change also adds a badge indicating the
status of the build on the project's front page.
The following other CI services have been evaluated or tested and found
to be insufficient for the needs at hand:
- Travis CI: Does not support configuration in a directory other than
the repository root
- Cirrus CI: Has the same problem
- Semaphore: Does not support Rust
- Circle CI: Does not support Rust
- Google Cloud Build: Pretty much strictly a paid service
|
|
|
|
|
|
|
| |
Currently, the nitrokey crate is renamed to libnitrokey in Cargo.toml as
there used to exist a nitrokey module in this crate. As this module
does no longer exist and is not likely to return, this patch removes the
customized name for the nitrokey crate.
|
|
|
|
|
|
|
|
|
| |
This patch removes all dependencies that are no longer required since
the hidapi communication is replaced by libnitrokey.
Delete subrepo hid/:hid
Delete subrepo hidapi-sys/:hidapi-sys
Delete subrepo pkg-config/:pkg-config
|
|
|
|
|
|
| |
This patch removes the raw hidapi implementation of the status command
and all utility methods that are no longer needed. With this patch, all
device communication is performed using libnitrokey.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the raw hidapi implementations of the Enable
Encrypted Volume and Disable Encrypted Volume commands and replaces them
with the methods enable_encrypted_volume and disable_encrypted_volume of
the Storage struct provided by the nitrokey trait.
To provide some context to the error messages, the errors are wrapped
using the map_err method of the Result enum and the get_error function
that combines a nitrokey error code and a string into a nitrocli error.
It would be more idiomatic to define a conversion from a nitrokey error
to a nitrocli error, but then we would lose information about the
context of the error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nitrokey crate provides a simple interface to the Nitrokey Storage
and the Nitrokey Pro based on the libnitrokey library developed by
Nitrokey UG. The low-level bindings to this library are available in
the nitrokey-sys crate.
This patch adds version v0.2.1 of the nitrokey crate as a dependency
for nitrocli. It includes the indirect dependencies nitrokey-sys
(version 3.4.1) and rand (version 0.4.3).
Import subrepo nitrokey/:nitrokey at 2eccc96ceec2282b868891befe9cda7f941fbe7b
Import subrepo nitrokey-sys/:nitrokey-sys at f1a11ebf72610fb9cf80ac7f9f147b4ba1a5336f
Import subrepo rand/:rand at d7d5da49daf7ceb3e5940072940d495cced3a1b3
|
|
|
|
|
|
| |
This change adds a link to the nitrocli package for Arch Linux to the
README. The package is currently available in the Arch User Repository
(AUR).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.1.3. The following
notable changes have been made since 0.1.2:
- Show PIN related errors through pinentry native reporting mechanism
instead of emitting them to stdout
- Added a man page (nitrocli(1)) for the program to the repository
- Adjusted program to use Rust Edition 2018
- Applied a couple of clippy reported suggestions
- Added categories to Cargo.toml
- Changed dependency version requirements to be less strict (only up to
the minor version and not the patch level)
- Bumped pkg-config dependency to 0.3.14
- Bumped libc dependency to 0.2.45
- Bumped cc dependency to 1.0.25
|
|
|
|
|
|
|
|
| |
Given that development is picking up speed again we should accept all
the help we get from the compiler to catch issues as early as possible.
To that end, this change enables more lints for the program. As "usual",
lints that are suspected to potentially change in future versions of
Rust are reported as warnings and not errors.
|
| |
|
|
|
|
|
| |
This patch adds a .gitignore file that ignores the target directory that
is created by cargo during compilation and swap files created by vim.
|
|
|
|
|
|
|
|
|
| |
For a while now Cargo has supported the specification of categories in
the Cargo.toml file and crates.io will actually honor those categories
and show case the crate in them.
With this change we specify the four categories this crate is believed
to fit in the best: 'command-line-utilities', 'authentication',
'cryptography', and 'hardware-support'.
|
|
|
|
|
|
|
| |
With the 1.31 release of Rust support for Edition 2018 has reached
the stable tool chain.
This change enables compilation based off of this new edition for the
crate. This change resolves issue #6.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With a recent Rust version upgrade hidden lifetime parameters cause a
warning of the form:
> warning: hidden lifetime parameters in types are deprecated
> --> src/error.rs:58:25
> |
> 58 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
> | ^^^^^^^^^^^^^^- help: indicate the anonymous lifetime: `<'_>`
This change adjusts the code to make those lifetimes explicit (while
keeping them anonymous).
|
|
|
|
|
|
|
|
| |
This change enables the rust_2018_idioms lint which helps enforce the
usage of Rust 2018 code idioms. A while back the "impl trait" feature
stabilized and along with it trait objects are supposed to be prefixed
with "dyn".
This change adjusts the code accordingly.
|
|
|
|
|
|
|
|
| |
In preparation for the switch to using Rust 2018, this change enables
the rust_2018_compatibility lint. Along with that enablement we fix the
warnings emitted by it, which evolve around the module system changes
Rust has gone through and that require us to prefix initial uses of
crate local modules with "crate".
|
|
|
|
|
|
|
|
|
|
| |
In order for users to decide whether an update of the program is
justified (or, to potentially help in identifying changes that resulted
in a regression), it is often a good idea to provide a brief summary of
all the changes that went into a particular release.
With this change we add a change log for the program to the repository.
Through a bit of code archeology the log stretches back to the initial
release.
|
| |
|
|
|
|
|
|
|
|
| |
Currently, the pinentry module only supports querying the user PIN. The
Nitrokey devices also have an admin PIN. This patch adds support for
querying multiple PIN types to the pinentry module. While this is
currently not used, it will be needed to add support for administrative
commands like unlocking the device or changeing the user PIN.
|
|
|
|
|
|
|
|
|
| |
Currently, the error message for a wrong password is printed to the
standard output. Yet the standard output might not be visible to the
user if they are using the curses frontend for pinentry. Pinentry
already supports displaying an error message in the passphrase prompt.
This patch moves the error message from the standard output to the
pinentry prompt.
|
|
|
|
|
|
|
|
| |
The GnuPG documentation [0] refers to the GET_PASSPHRASE arguments as
“error message”, “prompt” and “description”. This patch changes the
names of the constants for these arguments to match the documented names.
[0] https://www.gnupg.org/documentation/manuals/gnupg/Agent-GET_005fPASSPHRASE.html#Agent-GET_005fPASSPHRASE
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the application name (nitrocli) and the type of the
requested PIN (user PIN) to the cache ID user with pinentry to conform
with the GnuPG documentation [0]:
> By convention either the hexified fingerprint of the key shall be used
> for cache_id or an arbitrary string prefixed with the name of the
> calling application and a colon: Like gpg:somestring.
[0] https://www.gnupg.org/documentation/manuals/gnupg/Agent-GET_005fPASSPHRASE.html#Agent-GET_005fPASSPHRASE
|
|
|
|
|
| |
rustfmt uses four-space indentation per default. This patch adds a
configuration file that sets the indentation with to two spaces.
|
|
|
|
|
|
| |
This change updates the cc crate to version 1.0.25.
Import subrepo cc/:cc at fe0a7acb6d3e22e03bf83bcbf89367be888b5448
|
|
|
|
|
|
| |
This change updates the libc crate to version 0.2.45.
Import subrepo libc/:libc at f5636fc618f8e16968b3178196d73c94ad9f7b05
|
|
|
|
|
|
| |
This change updates the pkg-config crate to version 0.3.14.
Import subrepo pkg-config/:pkg-config at f867f8be1babca4d6d9cddc92a817519ae845193
|
|
|
|
|
|
|
|
|
| |
We try to adhere to the Semantic Versioning convention and expect
dependent crates to do the same. So far we have been fairly strict in
terms of the specific versions we consume, specifying the full version
triple (x.y.z).
This change loosens that stance by only specifying the minor version
requirement of dependencies, not the patch level (i.e., x.y).
|
|
|
|
|
| |
The clippy tool has a couple of suggestions on how to improve the code.
This change applies them to the project's code base.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This change updates the hidapi-sys crate to version 0.1.4. In this
version the cc crate (the stable and renamed version of the gcc crate)
is used.
Import subrepo hidapi-sys/:hidapi-sys at c01043da72c0cac898660017e4c4115278c14369
Import subrepo cc/:cc at 500c65b03775cecf55bd358e616963bc3222acca
|