aboutsummaryrefslogtreecommitdiff
path: root/nitrocli/src/commands.rs
diff options
context:
space:
mode:
authorDaniel Mueller <deso@posteo.net>2019-01-20 09:26:11 -0800
committerDaniel Mueller <deso@posteo.net>2019-01-20 09:26:11 -0800
commitc3f1761ae147e562ec3565c7ba8a9cb1834759c2 (patch)
treefd272c279a41c30cf1585dc917f960751aabd3bb /nitrocli/src/commands.rs
parent6c54316bd512a1ad365f5c1e2cb17e7e53ea193c (diff)
downloadnitrocli-c3f1761ae147e562ec3565c7ba8a9cb1834759c2.tar.gz
nitrocli-c3f1761ae147e562ec3565c7ba8a9cb1834759c2.tar.bz2
Implement storage hidden subcommand
With this change we implement the storage hidden subcommand. We support creation, opening, and closing of hidden volumes. Note that the opening of a hidden volume automatically closes any opened encrypted volumes and vice versa. To that end, we force file system level caches to disk even from the storage open and storage hidden open commands.
Diffstat (limited to 'nitrocli/src/commands.rs')
-rw-r--r--nitrocli/src/commands.rs44
1 files changed, 44 insertions, 0 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index 5af2a44..ab70e29 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -296,6 +296,10 @@ pub fn storage_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
let device = get_storage_device(ctx)?;
let pin_entry = pinentry::PinEntry::from(pinentry::PinType::User, &device)?;
+ // We may forcefully close a hidden volume, if active, so be sure to
+ // flush caches to disk.
+ unsafe { sync() };
+
try_with_pin(ctx, &pin_entry, "Opening encrypted volume failed", |pin| {
device.enable_encrypted_volume(&pin)
})
@@ -314,6 +318,46 @@ pub fn storage_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
.map_err(|err| get_error("Closing encrypted volume failed", err))
}
+/// Create a hidden volume.
+pub fn storage_hidden_create(
+ ctx: &mut args::ExecCtx<'_>,
+ slot: u8,
+ start: u8,
+ end: u8,
+) -> Result<()> {
+ let device = get_storage_device(ctx)?;
+ let pwd_entry = pinentry::PwdEntry::from(&device)?;
+ let pwd = pinentry::choose(&pwd_entry)?;
+
+ device
+ .create_hidden_volume(slot, start, end, &pwd)
+ .map_err(|err| get_error("Creating hidden volume failed", err))
+}
+
+/// Open a hidden volume.
+pub fn storage_hidden_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
+ let device = get_storage_device(ctx)?;
+ let pwd_entry = pinentry::PwdEntry::from(&device)?;
+ let pwd = pinentry::inquire(&pwd_entry, pinentry::Mode::Query, None)?;
+
+ // We may forcefully close an encrypted volume, if active, so be sure
+ // to flush caches to disk.
+ unsafe { sync() };
+
+ device
+ .enable_hidden_volume(&pwd)
+ .map_err(|err| get_error("Opening hidden volume failed", err))
+}
+
+/// Close a previously opened hidden volume.
+pub fn storage_hidden_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
+ unsafe { sync() };
+
+ get_storage_device(ctx)?
+ .disable_hidden_volume()
+ .map_err(|err| get_error("Closing hidden volume failed", err))
+}
+
/// Pretty print the status of a Nitrokey Storage.
fn print_storage_status(
ctx: &mut args::ExecCtx<'_>,