From 32c22bd1eb9fe05db30cf1062d089b21bd00c3a7 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 27 Dec 2018 17:57:26 +0100 Subject: Implement the lock command This patch implements the lock command that locks the password safe and, on the Nitrokey Storage, the encrypted volume. See issue #18 for details on the locking mechanism. --- nitrocli/CHANGELOG.md | 1 + nitrocli/src/args.rs | 13 +++++++++++++ nitrocli/src/commands.rs | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/nitrocli/CHANGELOG.md b/nitrocli/CHANGELOG.md index f582461..2bc16a9 100644 --- a/nitrocli/CHANGELOG.md +++ b/nitrocli/CHANGELOG.md @@ -1,6 +1,7 @@ Unreleased ---------- - Added the `pws` command for accessing the password safe +- Added the `lock` command for locking the Nitrokey device 0.2.0 diff --git a/nitrocli/src/args.rs b/nitrocli/src/args.rs index 4cf6258..f1db33f 100644 --- a/nitrocli/src/args.rs +++ b/nitrocli/src/args.rs @@ -32,6 +32,7 @@ type Result = result::Result; #[derive(Debug)] pub enum Command { Config, + Lock, Otp, Pin, Pws, @@ -44,6 +45,7 @@ impl Command { pub fn execute(&self, args: Vec) -> Result<()> { match *self { Command::Config => config(args), + Command::Lock => lock(args), Command::Otp => otp(args), Command::Pin => pin(args), Command::Pws => pws(args), @@ -60,6 +62,7 @@ impl fmt::Display for Command { "{}", match *self { Command::Config => "config", + Command::Lock => "lock", Command::Otp => "otp", Command::Pin => "pin", Command::Pws => "pws", @@ -76,6 +79,7 @@ impl str::FromStr for Command { fn from_str(s: &str) -> result::Result { match s { "config" => Ok(Command::Config), + "lock" => Ok(Command::Lock), "otp" => Ok(Command::Otp), "pin" => Ok(Command::Pin), "pws" => Ok(Command::Pws), @@ -585,6 +589,15 @@ fn config_set(args: Vec) -> Result<()> { commands::config_set(numlock, capslock, scrollock, otp_pin) } +/// Lock the Nitrokey. +fn lock(args: Vec) -> Result<()> { + let mut parser = argparse::ArgumentParser::new(); + parser.set_description("Locks the connected Nitrokey device"); + parse(&parser, args)?; + + commands::lock() +} + /// Execute an OTP subcommand. fn otp(args: Vec) -> Result<()> { let mut subcommand = OtpCommand::Get; diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index c903cfd..1b26326 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -340,6 +340,13 @@ pub fn config_set( .map_err(|err| get_error("Could not set configuration", &err)) } +/// Lock the Nitrokey device. +pub fn lock() -> Result<()> { + get_device()? + .lock() + .map_err(|err| get_error("Getting Storage status failed", &err)) +} + fn get_otp(slot: u8, algorithm: args::OtpAlgorithm, device: &T) -> Result { match algorithm { args::OtpAlgorithm::Hotp => device.get_hotp_code(slot), -- cgit v1.2.3