aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Implement the pws commandRobin Krahl2019-01-07
| | | | | This patch adds the basic structure for the pws command that can be used to access the password safe on the Nitrokey Pro and Nitrokey Storage.
* Bump version to 0.2.0Daniel Mueller2019-01-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.0. The following notable changes have been made since 0.1.3: - Use the nitrokey crate for the 'open', 'close', and 'status' commands instead of directly communicating with the Nitrokey device - Added nitrokey version 0.2.1 as a direct dependency and nitrokey-sys version 3.4.1 as well as rand version 0.4.3 as indirect dependencies - Removed the hid, hidapi-sys and pkg-config dependencies - Added the 'otp' command for working with one-time passwords - Added the 'config' command for reading and writing the device configuration - Added the 'pin' command for managing PINs - Renamed the 'clear' command to 'pin clear' - Moved 'open' and 'close' commands as subcommands into newly introduced 'storage' command - Moved printing of storage related information from 'status' command into new 'storage status' subcommand - Made 'status' command work with Nitrokey Pro devices - Enabled CI pipeline comprising code style conformance checks, linting, and building of the project - Added badges indicating pipeline status, current crates.io published version of the crate, and minimum version of rustc required - Fixed wrong messages in the pinentry dialog that were caused by unescaped spaces in a string - Use the argparse crate to parse the command-line arguments - Added argparse dependency in version 0.2.2
* Add file detailing some general rules for contribution to the projectDaniel Mueller2019-01-01
| | | | | | This change adds a new file, CONTRIBUTING.md, that details some generally applicable rules for the contribution to this project. It also links this file from the README.
* Update proposed installation methods sectionsDaniel Mueller2019-01-01
| | | | | | | | | | | This change makes the following set of changes to the installation sections: - Note that Rust and Cargo are implicit dependencies - Remove the notice about the hid crate being required from the "From Source" section as that is no longer a requirement with the switch to using the nitrokey crate - Mention that from source compilation should happen from the nitrocli/ subfolder
* Reorder contents of Installation section in READMEDaniel Mueller2019-01-01
| | | | | | This change reorders the individual ways to install the program in order of preference. If possible, the user most likely wants to use a distribution's package over installation from crates.io or from source.
* Add section about the project's licenseDaniel Mueller2019-01-01
| | | | | | This change adds a new section detailing the project's license to the README. Having such a section seems to be relatively common practice among projects.
* Remove note about firmware version 0.47 requirementDaniel Mueller2019-01-01
| | | | | | | | | This change removes the note about firmware version 0.47 being the minimum required. The note is outdated, because with the switch to using the nitrokey crate and with it libnitrokey we no longer have such a requirement as the CRC check we performed that caused incompatibilities with earlier versions does not exist in libnitrokey (see issue Nitrokey/libnitrokey issue #134).
* Add 'doc' Makefile target for generating PDF version of man pageDaniel Mueller2019-01-01
| | | | | | | | | | | | | | This change adds a new target to the Makefile that can be used for generating a PDF version of the man page. It also checks in the generated file and links to it from the README. We have also experimented with creation of an HTML version, but at least the groff generated file is not very visually pleasing and also cannot be linked to directly from Github. Github wants to prevent hosting of web pages directly like this in repositories and instead promote their Github Pages solution for that purpose. To that end they deliver content with a Content-Type representing plain text which causes HTML to not be rendered. PDF content, however, is rendered in-line and looks reasonable at that.
* Implement the pin set commandRobin Krahl2019-01-01
| | | | | This change implements the pin set command which can be used to change a Nitrokey's user or admin PIN.
* Implement the pin unblock subcommandRobin Krahl2019-01-01
| | | | | | | This patch implements the pin unblock command that unblocks and resets the user PIN. The name unblock is chosen over libnitrokey's unlock to be consistent with the GnuPG terminology and to avoid confusion with the unrelated lock command.
* Implement the pin command and rename clear to pin clearRobin Krahl2019-01-01
| | | | | | | | | We have functionality for changing the Nitrokey's user & admin PINs as well as for resetting the user PIN coming up. With the prospect of this new functionality arriving, it makes sense to introduce a new top-level command for the sole purpose of PIN management. This change introduces such a command, pin, and moves the existing clear command for clearing the PIN cache into it.
* Add mode argument to pinentry::inquire_passphraseRobin Krahl2019-01-01
| | | | | | | The mode argument is used to specify the context of the pinentry dialog: querying an existing passphrase or prompting the user to choose a new PIN. It is used to choose a description and to decide whether to show a quality bar that measures the password strength.
* Set the time before generating a TOTPRobin Krahl2019-01-01
| | | | | | | | | | This patch changes the otp get command to set the Nitrokey's time before generating a one-time password using the TOTP algorithm. Per default, it sets the time to the current system time. If the --time option is set, it uses its value instead. See issue #34 [0] for a discussion of this change. [0] https://github.com/d-e-s-o/nitrocli/issues/34
* Fix man page formatting and wordingRobin Krahl2019-01-01
| | | | | | | | | | The main change introduced in this patch is the correct usage of - and \-. Instead of the \(em macro for em-dashes as suggested by man-pages(7) it uses the \(en macro: Both dashes are typeset as a single UTF-8 character on my terminal. If spaces are omitted, the resulting text is very hard to read if set in monospace fonts as the en- or em-dash is not significantly different from a regular dash. The em-dash may not be used with spaces, hence the usage of en-dash.
* Fix documentation for otp clear commandDaniel Mueller2019-01-01
| | | | | | The man page incorrectly documented the otp get command twice. The second occurrence is supposed to detail the otp clear command. This change adjusts the code accordingly.
* Document the config commandsRobin Krahl2019-01-01
| | | | | This patch adds documentation and examples for config get and config set to the README and to the man page.
* Add general information on OTP to man pageRobin Krahl2019-01-01
| | | | | | This patch adds a short description of the Nitrokey OTP capabilities to the OTP section of the man page. This should make it easier to understand the commands without prior knowledge of the Nitrokey devices.
* Move printing of storage related status into 'storage status' sub-commandDaniel Mueller2018-12-28
| | | | | | | | | | The 'status' command has traditionally printed information about the connected Nitrokey and that included storage specific data if the device present is a Nitrokey Storage. Given that we have a root-level 'storage' command it arguably makes sense to move the printing of the storage related status information into a 'status' sub-command of the said command, which makes the output more predictable.
* Move storage_* subcommand functions below storage command functionDaniel Mueller2018-12-29
| | | | | | | | We have kept the code organized such that the function for handling a command is located above the functions taking care of handling the subcommands. This change moves the storage_* subcommand functions below the storage function to be more consistent with existing code.
* Make 'open' and 'close' subcommands of new 'storage' commandDaniel Mueller2018-12-27
| | | | | | | | | | | | | Upon their inception, the 'open' and 'close' commands were pretty much the only relevant commands the program provided and it made sense to have them reside in the root namespace. By now we support more commands and have started to structure them in a more hierarchical fashion. To go with the flow, this change introduces a new 'storage' command and makes the existing 'open' and 'close' commands subcommands of it. We chose the name 'storage' (over, say, 'volume') because we plan to move the printing of the storage related status from the 'status' root level command into a subcommand within 'storage'.
* Update README to reflect changes in output of the status commandDaniel Mueller2018-12-27
| | | | | | | With recent refactorings the output of the status command changed slightly. With this patch we update the README that happens to provide an example of said output in accordance with this change.
* Acknowledge Nitrokey UG for sponsoring development hardwareDaniel Mueller2018-12-27
| | | | | | | The Nitrokey UG was generous enough to sponsor a Nitrokey Pro as well as a Nitrokey Storage device for development and testing of the program. This change mentions the company in the acknowledgments section of the README.
* Document the otp commandsRobin Krahl2018-12-27
| | | | | This patch adds the otp commands to the README and describes them in the nitrocli(1) man page.
* Implement the config set subcommandRobin Krahl2018-12-27
| | | | | | | | | | | | | This change implements the config set subcommand. The subcommand changes the configuration of a Nitrokey device. Its structure is more complex as it allows partial modifications: The user does not have to change all settings, but may choose to change only some. At the same time, the binding settings can be either set to a value or disabled. Therefore, we have the --{num,caps,scrol}lock options to set a value and the --no-{num,caps,scrol}lock options to disable the value. If none of the two is set, the setting is not changed.
* Implement the config get subcommandRobin Krahl2018-12-27
| | | | | This change implements the config get subcommand. The subcommand reads the device configuration and prints it.
* Implement the config commandRobin Krahl2018-12-27
| | | | | This patch adds the top-level config command. Its subcommands will provide access to the device configuration.
* Add status output for Nitrokey ProRobin Krahl2018-12-27
| | | | | | | | Currently, the status command fails for a Nitrokey Pro. This patch changes the command to also print basic status information for Pro devices. For the sake of consistency, the common status is always queried using the common `Device` functions, even if the Storage status includes the same information.
* Extract print_status from print_storage_status functionRobin Krahl2018-12-27
| | | | | | This patch extracts the print_status function that prints the status fields common to all supported Nitrokey devices from the print_storage_status function.
* Rename print_status to print_storage_statusRobin Krahl2018-12-25
| | | | | The print_status function only prints the Storage-specific status struct. Therefore it is renamed to print_storage_status.
* Add Acknowledgments section to READMEDaniel Mueller2018-12-24
| | | | | | This change adds a new section for acknowledgments surrounding the program to the README. Robin Krahl (robinkrahl @ Github) has been a great help with respect to recent developments.
* Implement the otp status subcommandRobin Krahl2018-12-24
| | | | | | | | This patch introduces the `otp status` subcommand that lists all OTP slots and their current status. To avoid hardcoding the number of slots per type, we iterate all slots until we get an `InvalidSlot` error (assuming that the set of valid slots is {0, ..., n} for some n). The `status` command is quite slow as we have to query each slot separately.
* Implement the otp clear subcommandRobin Krahl2018-12-24
| | | | This patch implements the `otp clear` subcommand that erases an OTP slot.
* Implement the otp set subcommandRobin Krahl2018-12-24
| | | | | | | | | | This patch implements the `otp set` subcommand that configures an OTP slot. There are two ways to specify an OTP secret: as a hexadecimal string (that means that every two characters are interpreted as a hexadecimal representation of one byte of the secret) or as an ASCII string (that means that the ASCII code of every character is interpreted as one byte of the secret). As the HOTP RFC mentions both representations, this implementation supports both.
* Implement the otp get subcommandRobin Krahl2018-12-24
| | | | | | | This patch implements the `otp get` subcommand that allows the user to generate a one-time password on the Nitrokey device. Before generating the password, the device configuration is checked so that the user only has to enter a PIN if it is required for the OTP generation.
* Implement otp commandRobin Krahl2018-12-24
| | | | | This patch adds the `otp` top-level command. Its subcommands provide access to one-time passwords on the Nitrokey.
* Implement user and admin authenticationRobin Krahl2018-12-24
| | | | | | This patch implements authentication with the user or admin PIN. This is a preparation for the `otp get` and `otp set` commands which require user and admin access to the Nitrokey.
* Clear both user and admin PINRobin Krahl2018-12-24
| | | | | | Currently, we only clear the user PIN if clear is called. This patch changes the clear command to also clear the admin PIN as we will start to use the admin PIN in upcoming patches.
* Refactor the pinentry call into new helper functionsDaniel Mueller2018-12-24
| | | | | | | | | | | | | | | | | Currently, `open` directly calls the `pinentry` module and loops until the user entered a correct passphrase or the retry limit is reached. This patch moves the pinentry call and the loop into the `try_with_passphrase_and_data` function. This function queries a passphrase of a given type and executes a function with that passphrase. This function has a data argument and may return data that is passed to the next call of the function (if it failed). This data-passing mechanism is required for the `nitrokey` authentication functions: These functions take ownership of the device and either return an authenticated device after successful authentication, or an error including the unauthenticated device if the authentication failed. This patch enables the usage of these functions in future patches.
* Return UTF-8 error when handling the passphraseRobin Krahl2018-12-23
| | | | | | | Currently, invalid UTF-8 code points in the passphrase returned by pinentry are replaced with replacement characters by `String::from_utf8_lossy`. This patch changes the code to use `String::from_utf8` and returns an UTF-8 error if encountered.
* Port argument handling to argparseRobin Krahl2018-12-23
| | | | | | | | | This patch replaces the macro for argument parsing with `argparse::ArgumentParser` from the argparse crate. It moves the application logic to the `commands` module and the argument parsing to the `options` module. An enum is used to represent the available commands. The code is based on the `subcommands.rs` example shipped with argparse.
* Factor out new commands.rs fileDaniel Mueller2018-12-20
| | | | | | | In order to prepare for the new argument parsing support based on the argparse crate, this change factors out the existing code used for responding to commands in a new file, commands.rs. No semantic change is introduced.
* Add argparse 0.2.2 as a dependencyRobin Krahl2018-12-21
| | | | | | | | | This patch adds the crate rust-argparse [0] in version 0.2.2 as a dependency, as discussed in issue #4. [0] https://github.com/tailhook/rust-argparse Import subrepo argparse/:argparse at 0de60a5e6d9ee1a3570d6089afd3ccd6ed7480c5
* pinentry: Encode spaces in prompt argumentRobin Krahl2018-12-19
| | | | | | | Spaces in the arguments for gpg-connect-agent’s `GET_PASSPHRASE` command have to be esaced using a plus sign. Somehow this was missing for the prompt argument. This patch adds escaping for the prompt so that the pinentry dialog is displayed correctly.
* Migrate work to the 'master' branchDaniel Mueller2018-12-17
| | | | | | | | | | | | In the past we have used the 'devel' branch for more or less early development work that includes the occasional rebase to fix up mistakes and keep the history clean. That is a non-starter when it comes to tagging signed releases, which we have introduced recently. Hence, there is no point in diverging from what the rest of the world is doing by using a branch name other than 'master' as the main development vehicle. By now we have introduced two dependencies on the branch name into the code base, which this change fixes up.
* Enable rustfmt in the CI pipelineDaniel Mueller2018-12-17
| | | | | | | | | | | This change enables automated code format checking by means of the rustfmt program in the Gitlab CI pipeline. The check is performed in a third job in the hope that this helps identify problems more easily: users can see which of the jobs failed and focus on them in isolation, as opposed to having a single log file or, worse, just the results of the stages up to the first failure. This patch resolves issue #17.
* Make code conforming to rustfmt's expectationsDaniel Mueller2018-12-17
| | | | | | | | | | | | | | An automated code formatter can help tremendously in reducing the amount of cognitive energy wasted on thinking about the "best" formatting of code as well as the number of nitpicks reviews typically get -- the format is machine checked (and enforced) and there is usually little to no discussion about the validity. To reach the goal of having such automated enforcement, we want to run the rustfmt tool as part of the CI pipeline. With rustfmt having reached 1.0 recently, the believe is that by now the formatting is reasonably stable and usable for this purpose. In that light, this change formats the code using rustfmt and prepares for such an automated style check.
* Add clippy target to CI/CD pipelineDaniel Mueller2018-12-17
| | | | | This patch adds a new target to the pipeline that installs clippy and then uses it to check for various potential problems in the crate.
* Fix two clippy warningsDaniel Mueller2018-12-17
| | | | | | | After the switch to using the nitrokey crate for communication with the device, we have to warnings standing in the way of enabling clippy unconditionally for the nitrocli crate. This change fixes those two warnings.
* Add badges for crates.io and minimum rustc versionDaniel Mueller2018-12-16
| | | | | | | | | | | This change adds another two badges to the repository. The first one simply lists the most recent version of the crate as published on crates.io. The second one states the minimum version of rustc that is required for building. We have recently switched to using Rust 2018 and with that we have a requirement for version 1.31 of the toolchain. In the future the hope is that now that we have a proper CI/CD pipeline based off of Docker images we should be able to build on past versions of Rust, even if they are not used during development.
* Add gitlab-ci.yml configuration fileDaniel Mueller2018-12-16
| | | | | | | | | | | | | | | | | | This change adds a configuration file for the Gitlab CI/CD pipeline to the repository. This file (directly or indirectly) controls the environment in which to build, what exactly to build, and ultimately would also be used to define what tests to run. With the pipeline in place the change also adds a badge indicating the status of the build on the project's front page. The following other CI services have been evaluated or tested and found to be insufficient for the needs at hand: - Travis CI: Does not support configuration in a directory other than the repository root - Cirrus CI: Has the same problem - Semaphore: Does not support Rust - Circle CI: Does not support Rust - Google Cloud Build: Pretty much strictly a paid service