diff options
| author | Daniel Mueller <deso@posteo.net> | 2019-01-20 09:26:11 -0800 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2019-01-20 09:26:11 -0800 |
| commit | c3f1761ae147e562ec3565c7ba8a9cb1834759c2 (patch) | |
| tree | fd272c279a41c30cf1585dc917f960751aabd3bb /nitrocli/src/commands.rs | |
| parent | 6c54316bd512a1ad365f5c1e2cb17e7e53ea193c (diff) | |
| download | nitrocli-c3f1761ae147e562ec3565c7ba8a9cb1834759c2.tar.gz nitrocli-c3f1761ae147e562ec3565c7ba8a9cb1834759c2.tar.bz2 | |
Implement storage hidden subcommand
With this change we implement the storage hidden subcommand. We support
creation, opening, and closing of hidden volumes.
Note that the opening of a hidden volume automatically closes any opened
encrypted volumes and vice versa. To that end, we force file system
level caches to disk even from the storage open and storage hidden open
commands.
Diffstat (limited to 'nitrocli/src/commands.rs')
| -rw-r--r-- | nitrocli/src/commands.rs | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index 5af2a44..ab70e29 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -296,6 +296,10 @@ pub fn storage_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> { let device = get_storage_device(ctx)?; let pin_entry = pinentry::PinEntry::from(pinentry::PinType::User, &device)?; + // We may forcefully close a hidden volume, if active, so be sure to + // flush caches to disk. + unsafe { sync() }; + try_with_pin(ctx, &pin_entry, "Opening encrypted volume failed", |pin| { device.enable_encrypted_volume(&pin) }) @@ -314,6 +318,46 @@ pub fn storage_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> { .map_err(|err| get_error("Closing encrypted volume failed", err)) } +/// Create a hidden volume. +pub fn storage_hidden_create( + ctx: &mut args::ExecCtx<'_>, + slot: u8, + start: u8, + end: u8, +) -> Result<()> { + let device = get_storage_device(ctx)?; + let pwd_entry = pinentry::PwdEntry::from(&device)?; + let pwd = pinentry::choose(&pwd_entry)?; + + device + .create_hidden_volume(slot, start, end, &pwd) + .map_err(|err| get_error("Creating hidden volume failed", err)) +} + +/// Open a hidden volume. +pub fn storage_hidden_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> { + let device = get_storage_device(ctx)?; + let pwd_entry = pinentry::PwdEntry::from(&device)?; + let pwd = pinentry::inquire(&pwd_entry, pinentry::Mode::Query, None)?; + + // We may forcefully close an encrypted volume, if active, so be sure + // to flush caches to disk. + unsafe { sync() }; + + device + .enable_hidden_volume(&pwd) + .map_err(|err| get_error("Opening hidden volume failed", err)) +} + +/// Close a previously opened hidden volume. +pub fn storage_hidden_close(ctx: &mut args::ExecCtx<'_>) -> Result<()> { + unsafe { sync() }; + + get_storage_device(ctx)? + .disable_hidden_volume() + .map_err(|err| get_error("Closing hidden volume failed", err)) +} + /// Pretty print the status of a Nitrokey Storage. fn print_storage_status( ctx: &mut args::ExecCtx<'_>, |