aboutsummaryrefslogtreecommitdiff
path: root/nitrokey/src
diff options
context:
space:
mode:
Diffstat (limited to 'nitrokey/src')
-rw-r--r--nitrokey/src/auth.rs14
-rw-r--r--nitrokey/src/config.rs2
-rw-r--r--nitrokey/src/device.rs99
-rw-r--r--nitrokey/src/lib.rs22
-rw-r--r--nitrokey/src/otp.rs8
-rw-r--r--nitrokey/src/pws.rs19
-rw-r--r--nitrokey/src/tests/device.rs304
-rw-r--r--nitrokey/src/tests/mod.rs4
-rw-r--r--nitrokey/src/tests/otp.rs283
-rw-r--r--nitrokey/src/tests/pws.rs143
-rw-r--r--nitrokey/src/tests/util.rs11
-rw-r--r--nitrokey/src/util.rs19
12 files changed, 131 insertions, 797 deletions
diff --git a/nitrokey/src/auth.rs b/nitrokey/src/auth.rs
index 0918222..017cdbb 100644
--- a/nitrokey/src/auth.rs
+++ b/nitrokey/src/auth.rs
@@ -1,10 +1,14 @@
-use config::{Config, RawConfig};
-use device::{Device, DeviceWrapper, Pro, Storage};
-use nitrokey_sys;
-use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData};
use std::ops::Deref;
use std::os::raw::c_int;
-use util::{generate_password, get_command_result, get_cstring, result_from_string, CommandError};
+
+use nitrokey_sys;
+
+use crate::config::{Config, RawConfig};
+use crate::device::{Device, DeviceWrapper, Pro, Storage};
+use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData};
+use crate::util::{
+ generate_password, get_command_result, get_cstring, result_from_string, CommandError,
+};
static TEMPORARY_PASSWORD_LENGTH: usize = 25;
diff --git a/nitrokey/src/config.rs b/nitrokey/src/config.rs
index 33bf256..2ce6f77 100644
--- a/nitrokey/src/config.rs
+++ b/nitrokey/src/config.rs
@@ -1,4 +1,4 @@
-use util::CommandError;
+use crate::util::CommandError;
/// The configuration for a Nitrokey.
#[derive(Clone, Copy, Debug, PartialEq)]
diff --git a/nitrokey/src/device.rs b/nitrokey/src/device.rs
index f135261..9c6608d 100644
--- a/nitrokey/src/device.rs
+++ b/nitrokey/src/device.rs
@@ -1,20 +1,38 @@
-use auth::Authenticate;
-use config::{Config, RawConfig};
+use std::fmt;
+
use libc;
use nitrokey_sys;
-use otp::GenerateOtp;
-use pws::GetPasswordSafe;
-use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError};
+
+use crate::auth::Authenticate;
+use crate::config::{Config, RawConfig};
+use crate::otp::GenerateOtp;
+use crate::pws::GetPasswordSafe;
+use crate::util::{
+ get_command_result, get_cstring, get_last_error, result_from_string, CommandError,
+};
/// Available Nitrokey models.
-#[derive(Debug, PartialEq)]
-enum Model {
+#[derive(Clone, Copy, Debug, PartialEq)]
+pub enum Model {
/// The Nitrokey Storage.
Storage,
/// The Nitrokey Pro.
Pro,
}
+impl fmt::Display for Model {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ write!(
+ f,
+ "{}",
+ match *self {
+ Model::Pro => "Pro",
+ Model::Storage => "Storage",
+ }
+ )
+ }
+}
+
/// A wrapper for a Nitrokey device of unknown type.
///
/// Use the function [`connect`][] to obtain a wrapped instance. The wrapper implements all traits
@@ -210,6 +228,21 @@ pub struct StorageStatus {
/// This trait provides the commands that can be executed without authentication and that are
/// present on all supported Nitrokey devices.
pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp {
+ /// Returns the model of the connected Nitrokey device.
+ ///
+ /// # Example
+ ///
+ /// ```no_run
+ /// use nitrokey::Device;
+ /// # use nitrokey::CommandError;
+ ///
+ /// # fn try_main() -> Result<(), CommandError> {
+ /// let device = nitrokey::connect()?;
+ /// println!("Connected to a Nitrokey {}", device.get_model());
+ /// # Ok(())
+ /// # }
+ fn get_model(&self) -> Model;
+
/// Returns the serial number of the Nitrokey device. The serial number is the string
/// representation of a hex number.
///
@@ -536,7 +569,7 @@ fn connect_model(model: Model) -> bool {
}
impl DeviceWrapper {
- fn device(&self) -> &Device {
+ fn device(&self) -> &dyn Device {
match *self {
DeviceWrapper::Storage(ref storage) => storage,
DeviceWrapper::Pro(ref pro) => pro,
@@ -562,9 +595,30 @@ impl GenerateOtp for DeviceWrapper {
}
}
-impl Device for DeviceWrapper {}
+impl Device for DeviceWrapper {
+ fn get_model(&self) -> Model {
+ match *self {
+ DeviceWrapper::Pro(_) => Model::Pro,
+ DeviceWrapper::Storage(_) => Model::Storage,
+ }
+ }
+}
impl Pro {
+ /// Connects to a Nitrokey Pro.
+ ///
+ /// # Example
+ ///
+ /// ```
+ /// use nitrokey::Pro;
+ ///
+ /// fn use_pro(device: Pro) {}
+ ///
+ /// match nitrokey::Pro::connect() {
+ /// Ok(device) => use_pro(device),
+ /// Err(err) => println!("Could not connect to the Nitrokey Pro: {}", err),
+ /// }
+ /// ```
pub fn connect() -> Result<Pro, CommandError> {
// TODO: maybe Option instead of Result?
match connect_model(Model::Pro) {
@@ -582,11 +636,29 @@ impl Drop for Pro {
}
}
-impl Device for Pro {}
+impl Device for Pro {
+ fn get_model(&self) -> Model {
+ Model::Pro
+ }
+}
impl GenerateOtp for Pro {}
impl Storage {
+ /// Connects to a Nitrokey Storage.
+ ///
+ /// # Example
+ ///
+ /// ```
+ /// use nitrokey::Storage;
+ ///
+ /// fn use_storage(device: Storage) {}
+ ///
+ /// match nitrokey::Storage::connect() {
+ /// Ok(device) => use_storage(device),
+ /// Err(err) => println!("Could not connect to the Nitrokey Storage: {}", err),
+ /// }
+ /// ```
pub fn connect() -> Result<Storage, CommandError> {
// TODO: maybe Option instead of Result?
match connect_model(Model::Storage) {
@@ -661,7 +733,6 @@ impl Storage {
unsafe { get_command_result(nitrokey_sys::NK_lock_encrypted_volume()) }
}
-
/// Returns the status of the connected storage device.
///
/// # Example
@@ -715,7 +786,11 @@ impl Drop for Storage {
}
}
-impl Device for Storage {}
+impl Device for Storage {
+ fn get_model(&self) -> Model {
+ Model::Storage
+ }
+}
impl GenerateOtp for Storage {}
diff --git a/nitrokey/src/lib.rs b/nitrokey/src/lib.rs
index e70aa73..9f21518 100644
--- a/nitrokey/src/lib.rs
+++ b/nitrokey/src/lib.rs
@@ -84,25 +84,25 @@
//! [`DeviceWrapper`]: enum.DeviceWrapper.html
//! [`User`]: struct.User.html
-extern crate libc;
-extern crate nitrokey_sys;
-extern crate rand;
+#![warn(missing_docs, rust_2018_compatibility, rust_2018_idioms, unused)]
mod auth;
mod config;
mod device;
mod otp;
mod pws;
-#[cfg(test)]
-mod tests;
mod util;
-pub use auth::{Admin, Authenticate, User};
-pub use config::Config;
-pub use device::{connect, Device, DeviceWrapper, Pro, Storage, StorageStatus, VolumeStatus};
-pub use otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};
-pub use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
-pub use util::{CommandError, LogLevel};
+use nitrokey_sys;
+
+pub use crate::auth::{Admin, Authenticate, User};
+pub use crate::config::Config;
+pub use crate::device::{
+ connect, Device, DeviceWrapper, Model, Pro, Storage, StorageStatus, VolumeStatus,
+};
+pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};
+pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
+pub use crate::util::{CommandError, LogLevel};
/// Enables or disables debug output. Calling this method with `true` is equivalent to setting the
/// log level to `Debug`; calling it with `false` is equivalent to the log level `Error` (see
diff --git a/nitrokey/src/otp.rs b/nitrokey/src/otp.rs
index 00a5e5e..6f6bd80 100644
--- a/nitrokey/src/otp.rs
+++ b/nitrokey/src/otp.rs
@@ -1,9 +1,11 @@
-use nitrokey_sys;
use std::ffi::CString;
-use util::{get_command_result, get_cstring, result_from_string, CommandError};
+
+use nitrokey_sys;
+
+use crate::util::{get_command_result, get_cstring, result_from_string, CommandError};
/// Modes for one-time password generation.
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Copy, Debug, PartialEq)]
pub enum OtpMode {
/// Generate one-time passwords with six digits.
SixDigits,
diff --git a/nitrokey/src/pws.rs b/nitrokey/src/pws.rs
index c20fe9d..08ac365 100644
--- a/nitrokey/src/pws.rs
+++ b/nitrokey/src/pws.rs
@@ -1,7 +1,10 @@
-use device::{Device, DeviceWrapper, Pro, Storage};
use libc;
use nitrokey_sys;
-use util::{get_command_result, get_cstring, get_last_error, result_from_string, CommandError};
+
+use crate::device::{Device, DeviceWrapper, Pro, Storage};
+use crate::util::{
+ get_command_result, get_cstring, get_last_error, result_from_string, CommandError,
+};
/// The number of slots in a [`PasswordSafe`][].
///
@@ -51,7 +54,7 @@ pub const SLOT_COUNT: u8 = 16;
/// [`lock`]: trait.Device.html#method.lock
/// [`GetPasswordSafe`]: trait.GetPasswordSafe.html
pub struct PasswordSafe<'a> {
- _device: &'a Device,
+ _device: &'a dyn Device,
}
/// Provides access to a [`PasswordSafe`][].
@@ -98,11 +101,11 @@ pub trait GetPasswordSafe {
/// [`lock`]: trait.Device.html#method.lock
/// [`InvalidString`]: enum.CommandError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError>;
+ fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError>;
}
fn get_password_safe<'a>(
- device: &'a Device,
+ device: &'a dyn Device,
user_pin: &str,
) -> Result<PasswordSafe<'a>, CommandError> {
let user_pin_string = get_cstring(user_pin)?;
@@ -333,19 +336,19 @@ impl<'a> Drop for PasswordSafe<'a> {
}
impl GetPasswordSafe for Pro {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> {
+ fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> {
get_password_safe(self, user_pin)
}
}
impl GetPasswordSafe for Storage {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> {
+ fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> {
get_password_safe(self, user_pin)
}
}
impl GetPasswordSafe for DeviceWrapper {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> {
+ fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, CommandError> {
get_password_safe(self, user_pin)
}
}
diff --git a/nitrokey/src/tests/device.rs b/nitrokey/src/tests/device.rs
deleted file mode 100644
index fed465d..0000000
--- a/nitrokey/src/tests/device.rs
+++ /dev/null
@@ -1,304 +0,0 @@
-use std::ffi::CStr;
-use std::process::Command;
-use std::{thread, time};
-use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
-use {Authenticate, CommandError, Config, Device, Storage};
-
-static ADMIN_NEW_PASSWORD: &str = "1234567890";
-static USER_NEW_PASSWORD: &str = "abcdefghij";
-
-fn count_nitrokey_block_devices() -> usize {
- thread::sleep(time::Duration::from_secs(2));
- let output = Command::new("lsblk")
- .args(&["-o", "MODEL"])
- .output()
- .expect("Could not list block devices");
- String::from_utf8_lossy(&output.stdout)
- .split("\n")
- .filter(|&s| s == "Nitrokey Storage")
- .count()
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-no-device"), ignore)]
-fn connect_no_device() {
- assert!(::connect().is_err());
- assert!(::Pro::connect().is_err());
- assert!(::Storage::connect().is_err());
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-pro"), ignore)]
-fn connect_pro() {
- assert!(::connect().is_ok());
- assert!(::Pro::connect().is_ok());
- assert!(::Storage::connect().is_err());
- match ::connect().unwrap() {
- ::DeviceWrapper::Pro(_) => assert!(true),
- ::DeviceWrapper::Storage(_) => assert!(false),
- };
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-storage"), ignore)]
-fn connect_storage() {
- assert!(::connect().is_ok());
- assert!(::Pro::connect().is_err());
- assert!(::Storage::connect().is_ok());
- match ::connect().unwrap() {
- ::DeviceWrapper::Pro(_) => assert!(false),
- ::DeviceWrapper::Storage(_) => assert!(true),
- };
-}
-
-fn assert_empty_serial_number() {
- unsafe {
- let ptr = ::nitrokey_sys::NK_device_serial_number();
- assert!(!ptr.is_null());
- let cstr = CStr::from_ptr(ptr);
- assert_eq!(cstr.to_string_lossy(), "");
- }
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn disconnect() {
- Target::connect().unwrap();
- assert_empty_serial_number();
- Target::connect()
- .unwrap()
- .authenticate_admin(ADMIN_PASSWORD)
- .unwrap();
- assert_empty_serial_number();
- Target::connect()
- .unwrap()
- .authenticate_user(USER_PASSWORD)
- .unwrap();
- assert_empty_serial_number();
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn get_serial_number() {
- let device = Target::connect().unwrap();
- let result = device.get_serial_number();
- assert!(result.is_ok());
- let serial_number = result.unwrap();
- assert!(serial_number.is_ascii());
- assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit()));
-}
-#[test]
-#[cfg_attr(not(feature = "test-pro"), ignore)]
-fn get_firmware_version() {
- let device = Target::connect().unwrap();
- assert_eq!(0, device.get_major_firmware_version());
- let minor = device.get_minor_firmware_version();
- assert!(minor > 0);
-}
-
-fn admin_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T {
- let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix));
- let device = match result {
- Ok(admin) => admin.device(),
- Err((device, _)) => device,
- };
- assert_eq!(count, device.get_admin_retry_count());
- return device;
-}
-
-fn user_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T {
- let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix));
- let device = match result {
- Ok(admin) => admin.device(),
- Err((device, _)) => device,
- };
- assert_eq!(count, device.get_user_retry_count());
- return device;
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn get_retry_count() {
- let device = Target::connect().unwrap();
-
- let device = admin_retry(device, "", 3);
- let device = admin_retry(device, "123", 2);
- let device = admin_retry(device, "456", 1);
- let device = admin_retry(device, "", 3);
-
- let device = user_retry(device, "", 3);
- let device = user_retry(device, "123", 2);
- let device = user_retry(device, "456", 1);
- user_retry(device, "", 3);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn config() {
- let device = Target::connect().unwrap();
- let admin = device.authenticate_admin(ADMIN_PASSWORD).unwrap();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
- let get_config = admin.get_config().unwrap();
- assert_eq!(config, get_config);
-
- let config = Config::new(None, Some(9), None, true);
- assert_eq!(Err(CommandError::InvalidSlot), admin.write_config(config));
-
- let config = Config::new(Some(1), None, Some(0), false);
- assert!(admin.write_config(config).is_ok());
- let get_config = admin.get_config().unwrap();
- assert_eq!(config, get_config);
-
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
- let get_config = admin.get_config().unwrap();
- assert_eq!(config, get_config);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn change_user_pin() {
- let device = Target::connect().unwrap();
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
- let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0;
-
- assert!(
- device
- .change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD)
- .is_ok()
- );
-
- let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0;
- let device = device
- .authenticate_user(USER_NEW_PASSWORD)
- .unwrap()
- .device();
-
- let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD);
- assert_eq!(Err(CommandError::WrongPassword), result);
-
- assert!(
- device
- .change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD)
- .is_ok()
- );
-
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
- assert!(device.authenticate_user(USER_NEW_PASSWORD).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn change_admin_pin() {
- let device = Target::connect().unwrap();
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
- let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0;
-
- assert!(
- device
- .change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD)
- .is_ok()
- );
-
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0;
- let device = device
- .authenticate_admin(ADMIN_NEW_PASSWORD)
- .unwrap()
- .device();
-
- assert_eq!(
- Err(CommandError::WrongPassword),
- device.change_admin_pin(ADMIN_PASSWORD, ADMIN_PASSWORD)
- );
-
- assert!(
- device
- .change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD)
- .is_ok()
- );
-
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
- device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err();
-}
-
-fn require_failed_user_login(device: Target, password: &str, error: CommandError) -> Target {
- let result = device.authenticate_user(password);
- assert!(result.is_err());
- let err = result.unwrap_err();
- assert_eq!(error, err.1);
- err.0
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn unlock_user_pin() {
- let device = Target::connect().unwrap();
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
- assert!(
- device
- .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)
- .is_ok()
- );
- assert_eq!(
- Err(CommandError::WrongPassword),
- device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD)
- );
-
- let wrong_password = USER_PASSWORD.to_owned() + "foo";
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword);
-
- assert_eq!(
- Err(CommandError::WrongPassword),
- device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD)
- );
- assert!(
- device
- .unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD)
- .is_ok()
- );
- device.authenticate_user(USER_PASSWORD).unwrap();
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-storage"), ignore)]
-fn encrypted_volume() {
- let device = Storage::connect().unwrap();
- assert!(device.lock().is_ok());
-
- assert_eq!(1, count_nitrokey_block_devices());
- assert!(device.disable_encrypted_volume().is_ok());
- assert_eq!(1, count_nitrokey_block_devices());
- assert_eq!(
- Err(CommandError::WrongPassword),
- device.enable_encrypted_volume("123")
- );
- assert_eq!(1, count_nitrokey_block_devices());
- assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok());
- assert_eq!(2, count_nitrokey_block_devices());
- assert!(device.disable_encrypted_volume().is_ok());
- assert_eq!(1, count_nitrokey_block_devices());
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-storage"), ignore)]
-fn lock() {
- let device = Storage::connect().unwrap();
-
- assert!(device.enable_encrypted_volume(USER_PASSWORD).is_ok());
- assert!(device.lock().is_ok());
- assert_eq!(1, count_nitrokey_block_devices());
-}
-
-#[test]
-#[cfg_attr(not(feature = "test-storage"), ignore)]
-fn get_storage_status() {
- let device = Storage::connect().unwrap();
- let status = device.get_status().unwrap();
-
- assert!(status.serial_number_sd_card > 0);
- assert!(status.serial_number_smart_card > 0);
-}
diff --git a/nitrokey/src/tests/mod.rs b/nitrokey/src/tests/mod.rs
deleted file mode 100644
index 34ca0aa..0000000
--- a/nitrokey/src/tests/mod.rs
+++ /dev/null
@@ -1,4 +0,0 @@
-mod device;
-mod otp;
-mod pws;
-mod util;
diff --git a/nitrokey/src/tests/otp.rs b/nitrokey/src/tests/otp.rs
deleted file mode 100644
index cf71d9d..0000000
--- a/nitrokey/src/tests/otp.rs
+++ /dev/null
@@ -1,283 +0,0 @@
-use std::ops::Deref;
-use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
-use {Admin, Authenticate, CommandError, Config, ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};
-
-// test suite according to RFC 4226, Appendix D
-static HOTP_SECRET: &str = "3132333435363738393031323334353637383930";
-static HOTP_CODES: &[&str] = &[
- "755224", "287082", "359152", "969429", "338314", "254676", "287922", "162583", "399871",
- "520489",
-];
-
-// test suite according to RFC 6238, Appendix B
-static TOTP_SECRET: &str = "3132333435363738393031323334353637383930";
-static TOTP_CODES: &[(u64, &str)] = &[
- (59, "94287082"),
- (1111111109, "07081804"),
- (1111111111, "14050471"),
- (1234567890, "89005924"),
- (2000000000, "69279037"),
- (20000000000, "65353130"),
-];
-
-#[derive(PartialEq)]
-enum TotpTimestampSize {
- U32,
- U64,
-}
-
-fn get_admin_test_device() -> Admin<Target> {
- Target::connect()
- .expect("Could not connect to the Nitrokey.")
- .authenticate_admin(ADMIN_PASSWORD)
- .expect("Could not login as admin.")
-}
-
-fn configure_hotp(admin: &ConfigureOtp, counter: u8) {
- let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, counter.into()).is_ok());
-}
-
-fn check_hotp_codes(device: &GenerateOtp, offset: u8) {
- HOTP_CODES.iter().enumerate().for_each(|(i, code)| {
- if i >= offset as usize {
- let result = device.get_hotp_code(1);
- assert_eq!(code, &result.unwrap());
- }
- });
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_no_pin() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_hotp(&admin, 0);
- check_hotp_codes(admin.deref(), 0);
-
- configure_hotp(&admin, 5);
- check_hotp_codes(admin.deref(), 5);
-
- configure_hotp(&admin, 0);
- check_hotp_codes(&admin.device(), 0);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_pin() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_hotp(&admin, 0);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_hotp_codes(&user, 0);
-
- assert!(user.device().get_hotp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_slot_name() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
-
- let device = admin.device();
- let result = device.get_hotp_slot_name(1);
- assert_eq!("test-hotp", result.unwrap());
- let result = device.get_hotp_slot_name(4);
- assert_eq!(CommandError::InvalidSlot, result.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_error() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::NoName),
- admin.write_hotp_slot(slot_data, 0)
- );
- let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::InvalidSlot),
- admin.write_hotp_slot(slot_data, 0)
- );
- let code = admin.get_hotp_code(4);
- assert_eq!(CommandError::InvalidSlot, code.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn hotp_erase() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
- let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
- let slot_data = OtpSlotData::new(2, "test2", HOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_hotp_slot(slot_data, 0).is_ok());
-
- assert!(admin.erase_hotp_slot(1).is_ok());
-
- let device = admin.device();
- let result = device.get_hotp_slot_name(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
- let result = device.get_hotp_code(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
-
- assert_eq!("test2", device.get_hotp_slot_name(2).unwrap());
-}
-
-fn configure_totp(admin: &ConfigureOtp, factor: u64) {
- let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
- let time_window = 30u64.checked_mul(factor).unwrap();
- assert!(admin.write_totp_slot(slot_data, time_window as u16).is_ok());
-}
-
-fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) {
- for (i, &(base_time, code)) in TOTP_CODES.iter().enumerate() {
- let time = base_time.checked_mul(factor).unwrap();
- let is_u64 = time > u32::max_value() as u64;
- if is_u64 != (timestamp_size == TotpTimestampSize::U64) {
- continue;
- }
-
- assert!(device.set_time(time).is_ok());
- let result = device.get_totp_code(1);
- assert!(result.is_ok());
- let result_code = result.unwrap();
- assert_eq!(
- code, result_code,
- "TOTP code {} should be {} but is {}",
- i, code, result_code
- );
- }
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_no_pin() {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32);
-
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32);
-
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
-// Nitrokey Storage does only support timestamps that fit in a 32-bit unsigned integer. Therefore
-// the last RFC test case is expected to fail.
-fn totp_no_pin_64() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64);
-
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64);
-
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_pin() {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_totp_codes(&user, 1, TotpTimestampSize::U32);
-
- assert!(user.device().get_totp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-#[cfg_attr(feature = "test-storage", should_panic(expected = "assertion failed"))]
-// See comment for totp_no_pin_64.
-fn totp_pin_64() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, true);
- assert!(admin.write_config(config).is_ok());
-
- configure_totp(&admin, 1);
- let user = admin.device().authenticate_user(USER_PASSWORD).unwrap();
- check_totp_codes(&user, 1, TotpTimestampSize::U64);
-
- assert!(user.device().get_totp_code(1).is_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_slot_name() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
-
- let device = admin.device();
- let result = device.get_totp_slot_name(1);
- assert!(result.is_ok());
- assert_eq!("test-totp", result.unwrap());
- let result = device.get_totp_slot_name(16);
- assert_eq!(CommandError::InvalidSlot, result.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_error() {
- let admin = get_admin_test_device();
- let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::NoName),
- admin.write_hotp_slot(slot_data, 0)
- );
- let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits);
- assert_eq!(
- Err(CommandError::InvalidSlot),
- admin.write_hotp_slot(slot_data, 0)
- );
- let code = admin.get_hotp_code(4);
- assert_eq!(CommandError::InvalidSlot, code.unwrap_err());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn totp_erase() {
- let admin = get_admin_test_device();
- let config = Config::new(None, None, None, false);
- assert!(admin.write_config(config).is_ok());
- let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
- let slot_data = OtpSlotData::new(2, "test2", TOTP_SECRET, OtpMode::SixDigits);
- assert!(admin.write_totp_slot(slot_data, 0).is_ok());
-
- assert!(admin.erase_totp_slot(1).is_ok());
-
- let device = admin.device();
- let result = device.get_totp_slot_name(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
- let result = device.get_totp_code(1);
- assert_eq!(CommandError::SlotNotProgrammed, result.unwrap_err());
-
- assert_eq!("test2", device.get_totp_slot_name(2).unwrap());
-}
diff --git a/nitrokey/src/tests/pws.rs b/nitrokey/src/tests/pws.rs
deleted file mode 100644
index f581515..0000000
--- a/nitrokey/src/tests/pws.rs
+++ /dev/null
@@ -1,143 +0,0 @@
-use device::Device;
-use nitrokey_sys;
-use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
-use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
-use util::{result_from_string, CommandError};
-
-fn get_pws(device: &Target) -> PasswordSafe {
- device.get_password_safe(USER_PASSWORD).unwrap()
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn enable() {
- let device = Target::connect().unwrap();
- assert!(
- device
- .get_password_safe(&(USER_PASSWORD.to_owned() + "123"))
- .is_err()
- );
- assert!(device.get_password_safe(USER_PASSWORD).is_ok());
- assert!(device.get_password_safe(ADMIN_PASSWORD).is_err());
- assert!(device.get_password_safe(USER_PASSWORD).is_ok());
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn drop() {
- let device = Target::connect().unwrap();
- {
- let pws = get_pws(&device);
- assert!(pws.write_slot(1, "name", "login", "password").is_ok());
- assert_eq!("name", pws.get_slot_name(1).unwrap());
- let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
- assert_eq!(Ok(String::from("name")), result);
- }
- let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
- assert_eq!(Ok(String::from("name")), result);
- assert!(device.lock().is_ok());
- let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
- assert_eq!(Err(CommandError::NotAuthorized), result);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn get_status() {
- let device = Target::connect().unwrap();
- let pws = get_pws(&device);
- for i in 0..SLOT_COUNT {
- assert!(pws.erase_slot(i).is_ok(), "Could not erase slot {}", i);
- }
- let status = pws.get_slot_status().unwrap();
- assert_eq!(status, [false; SLOT_COUNT as usize]);
-
- assert!(pws.write_slot(1, "name", "login", "password").is_ok());
- let status = pws.get_slot_status().unwrap();
- for i in 0..SLOT_COUNT {
- assert_eq!(i == 1, status[i as usize]);
- }
-
- for i in 0..SLOT_COUNT {
- assert!(pws.write_slot(i, "name", "login", "password").is_ok());
- }
- let status = pws.get_slot_status().unwrap();
- assert_eq!(status, [true; SLOT_COUNT as usize]);
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn get_data() {
- let device = Target::connect().unwrap();
- let pws = get_pws(&device);
- assert!(pws.write_slot(1, "name", "login", "password").is_ok());
- assert_eq!("name", pws.get_slot_name(1).unwrap());
- assert_eq!("login", pws.get_slot_login(1).unwrap());
- assert_eq!("password", pws.get_slot_password(1).unwrap());
-
- assert!(pws.erase_slot(1).is_ok());
- // TODO: check error codes
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(1));
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(1));
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(1));
-
- let name = "with å";
- let login = "pär@test.com";
- let password = "'i3lJc[09?I:,[u7dWz9";
- assert!(pws.write_slot(1, name, login, password).is_ok());
- assert_eq!(name, pws.get_slot_name(1).unwrap());
- assert_eq!(login, pws.get_slot_login(1).unwrap());
- assert_eq!(password, pws.get_slot_password(1).unwrap());
-
- assert_eq!(
- Err(CommandError::InvalidSlot),
- pws.get_slot_name(SLOT_COUNT)
- );
- assert_eq!(
- Err(CommandError::InvalidSlot),
- pws.get_slot_login(SLOT_COUNT)
- );
- assert_eq!(
- Err(CommandError::InvalidSlot),
- pws.get_slot_password(SLOT_COUNT)
- );
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn write() {
- let device = Target::connect().unwrap();
- let pws = get_pws(&device);
-
- assert_eq!(
- Err(CommandError::InvalidSlot),
- pws.write_slot(SLOT_COUNT, "name", "login", "password")
- );
-
- assert!(pws.write_slot(0, "", "login", "password").is_ok());
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0));
- assert_eq!(Ok(String::from("login")), pws.get_slot_login(0));
- assert_eq!(Ok(String::from("password")), pws.get_slot_password(0));
-
- assert!(pws.write_slot(0, "name", "", "password").is_ok());
- assert_eq!(Ok(String::from("name")), pws.get_slot_name(0));
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_login(0));
- assert_eq!(Ok(String::from("password")), pws.get_slot_password(0));
-
- assert!(pws.write_slot(0, "name", "login", "").is_ok());
- assert_eq!(Ok(String::from("name")), pws.get_slot_name(0));
- assert_eq!(Ok(String::from("login")), pws.get_slot_login(0));
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_password(0));
-}
-
-#[test]
-#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
-fn erase() {
- let device = Target::connect().unwrap();
- let pws = get_pws(&device);
- assert_eq!(Err(CommandError::InvalidSlot), pws.erase_slot(SLOT_COUNT));
-
- assert!(pws.write_slot(0, "name", "login", "password").is_ok());
- assert!(pws.erase_slot(0).is_ok());
- assert!(pws.erase_slot(0).is_ok());
- assert_eq!(Err(CommandError::Unknown), pws.get_slot_name(0));
-}
diff --git a/nitrokey/src/tests/util.rs b/nitrokey/src/tests/util.rs
deleted file mode 100644
index c6fbb8f..0000000
--- a/nitrokey/src/tests/util.rs
+++ /dev/null
@@ -1,11 +0,0 @@
-pub static ADMIN_PASSWORD: &str = "12345678";
-pub static USER_PASSWORD: &str = "123456";
-
-#[cfg(feature = "test-no-device")]
-pub type Target = ::Pro;
-
-#[cfg(feature = "test-pro")]
-pub type Target = ::Pro;
-
-#[cfg(feature = "test-storage")]
-pub type Target = ::Storage;
diff --git a/nitrokey/src/util.rs b/nitrokey/src/util.rs
index 6f4fbb0..a2e957e 100644
--- a/nitrokey/src/util.rs
+++ b/nitrokey/src/util.rs
@@ -1,13 +1,12 @@
-use libc::{c_void, free};
-use nitrokey_sys;
-use rand::{OsRng, Rng};
-use std;
use std::ffi::{CStr, CString};
use std::fmt;
use std::os::raw::{c_char, c_int};
+use libc::{c_void, free};
+use rand::Rng;
+
/// Error types returned by Nitrokey device or by the library.
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Copy, Debug, PartialEq)]
pub enum CommandError {
/// A packet with a wrong checksum has been sent or received.
WrongCrc,
@@ -44,7 +43,7 @@ pub enum CommandError {
///
/// Setting the log level to a lower level enables all output from higher levels too. Currently,
/// only the log levels `Warning`, `DebugL1`, `Debug` and `DebugL2` are actually used.
-#[derive(Debug, PartialEq)]
+#[derive(Clone, Copy, Debug, PartialEq)]
pub enum LogLevel {
/// Error messages. Currently not used.
Error,
@@ -101,12 +100,8 @@ pub fn get_last_error() -> CommandError {
}
pub fn generate_password(length: usize) -> std::io::Result<Vec<u8>> {
- let mut rng = match OsRng::new() {
- Ok(rng) => rng,
- Err(err) => return Err(err),
- };
let mut data = vec![0u8; length];
- rng.fill_bytes(&mut data[..]);
+ rand::thread_rng().fill(&mut data[..]);
return Ok(data);
}
@@ -115,7 +110,7 @@ pub fn get_cstring<T: Into<Vec<u8>>>(s: T) -> Result<CString, CommandError> {
}
impl fmt::Display for CommandError {
- fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
let msg = match *self {
CommandError::WrongCrc => "A packet with a wrong checksum has been sent or received",
CommandError::WrongSlot => "The given OTP slot does not exist",