aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2019-01-25 17:03:35 +0000
committerDaniel Mueller <deso@posteo.net>2019-01-26 23:35:09 -0800
commit2809a90f3a790e3fc0a81ddac58f6de56e783cf2 (patch)
tree59e1cd39a404dd507ef65d0c1468c8d1e7f2300e
parentc2159f7d35c17c9d45fdf8ab01d4c33fd4e9590e (diff)
downloadnitrocli-2809a90f3a790e3fc0a81ddac58f6de56e783cf2.tar.gz
nitrocli-2809a90f3a790e3fc0a81ddac58f6de56e783cf2.tar.bz2
Check slot status before accessing the PWS
The Nitrokey devices do not check whether a PWS slot is programmed before accessing it (upstream issues [0] [1]). Until this is fixed in the firmware, we have to manually check the slot status in pws get. This could have been done in libnitrokey or the nitrokey crate, yet this would lead to unnecessary commands if we check multiple fields of a slot at the same time. [0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56 [1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
-rw-r--r--nitrocli/CHANGELOG.md1
-rw-r--r--nitrocli/src/commands.rs19
2 files changed, 20 insertions, 0 deletions
diff --git a/nitrocli/CHANGELOG.md b/nitrocli/CHANGELOG.md
index 8e70530..ce0adaf 100644
--- a/nitrocli/CHANGELOG.md
+++ b/nitrocli/CHANGELOG.md
@@ -2,6 +2,7 @@ Unreleased
----------
- Added the `reset` command to perform a factory reset
- Added the `-V`/`--version` option to print the program's version
+- Check the status of a PWS slot before accessing it in `pws get`
0.2.3
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index aed0319..82d6240 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -757,6 +757,23 @@ fn print_pws_data(
Ok(())
}
+fn check_slot(pws: &nitrokey::PasswordSafe<'_>, slot: u8) -> Result<()> {
+ if slot >= nitrokey::SLOT_COUNT {
+ return Err(nitrokey::CommandError::InvalidSlot.into());
+ }
+ let status = pws
+ .get_slot_status()
+ .map_err(|err| get_error("Could not read PWS slot status", err))?;
+ if status[slot as usize] {
+ Ok(())
+ } else {
+ Err(get_error(
+ "Could not access PWS slot",
+ nitrokey::CommandError::SlotNotProgrammed,
+ ))
+ }
+}
+
/// Read a PWS slot.
pub fn pws_get(
ctx: &mut args::ExecCtx<'_>,
@@ -768,6 +785,8 @@ pub fn pws_get(
) -> Result<()> {
let device = get_device(ctx)?;
let pws = get_password_safe(ctx, &device)?;
+ check_slot(&pws, slot)?;
+
let show_all = !show_name && !show_login && !show_password;
if show_all || show_name {
print_pws_data(ctx, "name: ", pws.get_slot_name(slot), quiet)?;