Factor out new commands.rs file

In order to prepare for the new argument parsing support based on the
argparse crate, this change factors out the existing code used for
responding to commands in a new file, commands.rs. No semantic change is
introduced.

1 files changed, 149 insertions, 0 deletions

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
new file mode 100644
index 0000000..4a33364
--- /dev/null
+++ b/nitrocli/src/commands.rs
@@ -0,0 +1,149 @@
+// commands.rs
+
+// *************************************************************************
+// * Copyright (C) 2018 Daniel Mueller (deso@posteo.net)                   *
+// *                                                                       *
+// * This program is free software: you can redistribute it and/or modify  *
+// * it under the terms of the GNU General Public License as published by  *
+// * the Free Software Foundation, either version 3 of the License, or     *
+// * (at your option) any later version.                                   *
+// *                                                                       *
+// * This program is distributed in the hope that it will be useful,       *
+// * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+// * GNU General Public License for more details.                          *
+// *                                                                       *
+// * You should have received a copy of the GNU General Public License     *
+// * along with this program.  If not, see <http://www.gnu.org/licenses/>. *
+// *************************************************************************
+
+use crate::error::Error;
+use crate::pinentry;
+use crate::Result;
+
+const PIN_TYPE: pinentry::PinType = pinentry::PinType::User;
+
+/// Create an `error::Error` with an error message of the format `msg: err`.
+fn get_error(msg: &str, err: &nitrokey::CommandError) -> Error {
+  Error::Error(format!("{}: {:?}", msg, err))
+}
+
+/// Connect to a Nitrokey Storage device and return it.
+fn get_storage_device() -> Result<nitrokey::Storage> {
+  nitrokey::Storage::connect()
+    .or_else(|_| Err(Error::Error("Nitrokey device not found".to_string())))
+}
+
+/// Return a string representation of the given volume status.
+fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str {
+  if status.active {
+    if status.read_only {
+      "read-only"
+    } else {
+      "active"
+    }
+  } else {
+    "inactive"
+  }
+}
+
+/// Pretty print the response of a status command.
+fn print_status(status: &nitrokey::StorageStatus) {
+  // We omit displaying information about the smartcard here as this
+  // program really is only about the SD card portion of the device.
+  println!(
+    r#"Status:
+  SD card ID:        {id:#x}
+  firmware version:  {fwv0}.{fwv1}
+  firmware:          {fw}
+  storage keys:      {sk}
+  user retry count:  {urc}
+  admin retry count: {arc}
+  volumes:
+    unencrypted:     {vu}
+    encrypted:       {ve}
+    hidden:          {vh}"#,
+    id = status.serial_number_sd_card,
+    fwv0 = status.firmware_version_major,
+    fwv1 = status.firmware_version_minor,
+    fw = if status.firmware_locked {
+      "locked"
+    } else {
+      "unlocked"
+    },
+    sk = if status.stick_initialized {
+      "created"
+    } else {
+      "not created"
+    },
+    urc = status.user_retry_count,
+    arc = status.admin_retry_count,
+    vu = get_volume_status(&status.unencrypted_volume),
+    ve = get_volume_status(&status.encrypted_volume),
+    vh = get_volume_status(&status.hidden_volume),
+  );
+}
+
+/// Inquire the status of the nitrokey.
+pub fn status() -> Result<()> {
+  let status = get_storage_device()?
+    .get_status()
+    .map_err(|err| get_error("Getting Storage status failed", &err))?;
+
+  print_status(&status);
+  Ok(())
+}
+
+/// Open the encrypted volume on the nitrokey.
+pub fn open() -> Result<()> {
+  let device = get_storage_device()?;
+
+  let mut retry = 3;
+  let mut error_msg: Option<&str> = None;
+  loop {
+    // TODO: Rethink the usage of String::from_utf8_lossy here. We may
+    //       not want to silently modify the password!
+    let passphrase = pinentry::inquire_passphrase(PIN_TYPE, error_msg)?;
+    let passphrase = String::from_utf8_lossy(&passphrase);
+    match device.enable_encrypted_volume(&passphrase) {
+      Ok(()) => return Ok(()),
+      Err(err) => match err {
+        nitrokey::CommandError::WrongPassword => {
+          pinentry::clear_passphrase(PIN_TYPE)?;
+          retry -= 1;
+
+          if retry > 0 {
+            error_msg = Some("Wrong password, please reenter");
+            continue;
+          }
+          let error = "Opening encrypted volume failed: Wrong password";
+          return Err(Error::Error(error.to_string()));
+        }
+        err => return Err(get_error("Opening encrypted volume failed", &err)),
+      },
+    };
+  }
+}
+
+#[link(name = "c")]
+extern "C" {
+  fn sync();
+}
+
+/// Close the previously opened encrypted volume.
+pub fn close() -> Result<()> {
+  // Flush all filesystem caches to disk. We are mostly interested in
+  // making sure that the encrypted volume on the nitrokey we are
+  // about to close is not closed while not all data was written to
+  // it.
+  unsafe { sync() };
+
+  get_storage_device()?
+    .disable_encrypted_volume()
+    .map_err(|err| get_error("Closing encrypted volume failed", &err))
+}
+
+/// Clear the PIN stored when opening the nitrokey's encrypted volume.
+pub fn clear() -> Result<()> {
+  pinentry::clear_passphrase(PIN_TYPE)
+}