aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Make storage hidden subcommand a top-level commandDaniel Mueller2019-05-27
| | | | | | This patch marks the next step in the process of restructuring the storage command. Specifically, it promotes the storage hidden subcommand to a top-level command, hidden.
* Move storage status subcommand into status commandDaniel Mueller2019-05-27
| | | | | | | | In an attempt to rework the structure of the storage command to better accommodate future requirements for allowing to change the read-write state of the unencrypted volume (as well as potentially the encrypted one), this change removes the storage status subcommand and merges its output into the storage command.
* Bump version to 0.2.4Daniel Mueller2019-06-01
| | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.4. The following notable changes have been made since 0.2.3: - Added the reset command to perform a factory reset - Added the -V/--version option to print the program's version - Check the status of a PWS slot before accessing it in pws get - Added NITROCLI_NO_CACHE environment variable to bypass caching of secrets - Clear cached PIN entry as part of pin set command to prevent spurious authentication failures - Bumped libc dependency to 0.2.57 - Bumped cc dependency to 1.0.37
* Update libc crate to 0.2.57Daniel Mueller2019-06-01
| | | | | | This change updates the libc crate to version 0.2.57. Import subrepo libc/:libc at cdc48ea36d8d2890dba38e8f779001e6855339a2
* Clear cached PIN entry as part of pin set commandDaniel Mueller2019-06-01
| | | | | | | | | | When a PIN is changed using the pin set command, the last action is to confirm the operation with the previously used PIN. This step will cause this PIN, which is now stale and no longer valid, to be cached, which in turn can cause follow up command using the same PIN type to use this wrong cached entry for authentication. To fix this problem, this change explicitly clear the PIN entry from the cache after the PIN has been changed.
* Allow for disabling of secret cachingDaniel Mueller2019-05-27
| | | | | | | | | | | | So far we have cached secrets in gpg-agent(1) whenever that made sense to do (i.e., for the two PINs in most contexts but not for passwords). While there is reason to believe that such caching is desired by the majority of users, not everybody has a use for it. To give users an opportunity to opt out of such caching, this change introduces a new environment variable, NITROCLI_NO_CACHE, that, when present in the environment, instructs the program to bypass the cache for all operations that require a secret and to instead inquire such secrets each time they are needed.
* Require trailing comma in Enum macro's inputDaniel Mueller2019-05-27
| | | | | | | | | | The input to the Enum macro is supposed to resemble the definition of an enum in Rust code. When manually defining an enum (or a struct for that matter), we typically terminate all branches with a comma, and don't just omit that on the last line. To mirror this behavior, this change adjusts the Enum macro to accept (and in fact, require) a comma-terminated last line as well, as opposed to not accepting it as had been the case so far.
* Update cc crate to 1.0.37Daniel Mueller2019-05-24
| | | | | | This change updates the cc crate to version 1.0.37. Import subrepo cc/:cc at cbf6d2f1312b6be22a7a363cf5c2a02acabc531f
* Update libc crate to 0.2.55Daniel Mueller2019-05-24
| | | | | | This change updates the libc crate to version 0.2.55. Import subrepo libc/:libc at caf17a0641d29dc624621177f5756804dd180c13
* Use full reference to AsRef in Enum macroDaniel Mueller2019-05-24
| | | | | | | | | Macros typically should reference types by their full path and not assume that they are in scope wherever the macro is expanded. We did missed one spot where AsRef was not fully qualified in the Enum macro. While that is not much of an issue here (and there may be more occurrences, e.g., in the auto derives) lets fix that up for the sake of consistency.
* Allow for unused doc comments on macrosDaniel Mueller2019-05-24
| | | | | | | | | | With Rust 1.35 we get compile errors due to doc comments that are added to macro invocations but not actually included in the expanded output. The rustc wrongly assumes that we want to document the resulting code and not just provide details about the invocation itself. This change explicitly allows for those cases. Alternatively we could have "downgraded" the doc comments to normal comments or removed them altogether. There is little difference between those alternatives.
* Add test case for --version optionRobin Krahl2019-02-17
| | | | | This change adds a test case for the -V/--version option to the suite of tests.
* Respect ctx.std{out,err} for version outputRobin Krahl2019-02-17
| | | | | | | | | | | | | Due to a bug in argparse [0], custom stdout and stderr settings are ignored when using argparse::Print, as we currently do for the --version option. This patch adds a workaround for this problem: Instead of using argparse::Print, we use argparse::StoreTrue for the --version option. The argument parsing will fail as the command is missing, but the version variable will still be set to true if the version option was set. So we ignore the parsing result and discard the argparse output if the version variable is set. [0] https://github.com/tailhook/rust-argparse/pull/50
* Remove args::parse_arguments functionDaniel Mueller2019-02-17
| | | | | | | | | The split between the parse_arguments and the handle_arguments functions is not really useful for reasoning about the code. In fact, it just adds additional overhead in the form of complex function signatures into the picture. As it provides no real other value, this change merges the functionality of both functions into a single one: handle_arguments.
* Use buffered writer in args::parse_argumentsRobin Krahl2019-02-17
| | | | | | | | | To be able to decide whether to print the argparse output depending on the result of the argument parsing, this patch wraps stdout and stderr in a BufWriter before invoking argparse. Our BufWriter implementation only writes to the inner Write if the flush method is called. This allows us to decide whether the buffered data should be written or silently dropped.
* Consume ArgumentParser object as part of parsingDaniel Mueller2019-02-08
| | | | | | | | | | We have introduced the parse function to unify the common parsing related tasks. In that vein, this change goes one step further and adjusts the function to actually consume the ArgumentParser object used by it. All clients using this function actually do not access the parser afterwards, and, in fact, some of them have to explicitly drop it because of borrow conflicts with "referred" arguments.
* Simplify error handling in the parse functionDaniel Mueller2019-02-08
| | | | | This patch changes the error handling in the args' module parse function to use the Result's map_err instead of a more verbose if let expression.
* Add Ubuntu package to README and doc/packaging.mdRobin Krahl2019-02-02
|
* Update libc crate to 0.2.48Daniel Mueller2019-01-29
| | | | | | This change updates the libc crate to version 0.2.48. Import subrepo libc/:libc at 42cd3ba27254c423e03f6f4324de57075047f6a0
* Update regex-syntax crate to 0.6.5Daniel Mueller2019-01-29
| | | | This change updates the regex-syntax crate to version 0.6.5.
* Update memchr crate to 2.1.3Daniel Mueller2019-01-29
| | | | This change updates the memchr crate to version 2.1.3.
* Update proc-macro2 crate to 0.4.26Daniel Mueller2019-01-29
| | | | This change updates the proc-macro2 crate to version 0.4.26.
* Update quote crate to 0.6.11Daniel Mueller2019-01-28
| | | | This change updates the quote crate to version 0.6.11.
* Update syn crate to 0.15.26Daniel Mueller2019-01-28
| | | | This change updates the syn crate to version 0.15.26.
* Add Debian package to package list in READMERobin Krahl2019-01-29
|
* Add test for pws get after factory resetRobin Krahl2019-01-26
| | | | | | | | The factory reset only clears the slot status. The slot content is overwritten with random data. Therefore accessing a PWS slot after a factory reset returns garbage data. We fixed this by always querying the status before accessing the PWS. This patch adds a corresponding test case.
* Check slot status before accessing the PWSRobin Krahl2019-01-26
| | | | | | | | | | | | The Nitrokey devices do not check whether a PWS slot is programmed before accessing it (upstream issues [0] [1]). Until this is fixed in the firmware, we have to manually check the slot status in pws get. This could have been done in libnitrokey or the nitrokey crate, yet this would lead to unnecessary commands if we check multiple fields of a slot at the same time. [0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56 [1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
* Add test case for the reset commandRobin Krahl2019-01-26
|
* Add the reset command to perform a factory resetRobin Krahl2019-01-26
| | | | | | After performing the factory reset, we also build the AES key so that the device is fully usable. Due to timing issue, we have to add a delay between the factory reset and building the AES key.
* Add the -V/--version optionRobin Krahl2019-01-26
| | | | | | | | The -V/--version option prints the nitrocli version to stdout and exits. In the future, it should also print the used libnitrokey version, but as the required function is only available with nitrokey 0.3.2 and as the current interface does not reflect the latest change in version naming, I skipped that in this patch.
* Bump version to 0.2.3Daniel Mueller2019-01-26
| | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.3. The following notable changes have been made since 0.2.2: - Added the storage hidden subcommand for working with hidden volumes - Store cached PINs on a per-device basis to better support multi-device scenarios - Further decreased binary size by using system allocator - Bumped nitrokey dependency to 0.3.4 - Bumped rand dependency to 0.6.4 - Removed rustc_version, semver, and semver-parser dependencies - Bumped nitrokey-sys dependency to 3.4.3 - Bumped libc dependency to 0.2.47
* Remove no longer used duplicate_associated_type_bindings lintDaniel Mueller2019-01-26
| | | | | | | The duplicate_associated_type_bindings lint seems to have been removed with the Rust 1.32 release. This change removes the lint from the program to prevent the newly introduced warning from being emitted.
* Document problems in conjunction with nitrokey-appRobin Krahl2019-01-26
| | | | | | If nitrokey-app is running, the device it connected to cannot be detected by other applications. This patch adds this issue to the list of known problems in the README.
* Exclude CI scripts and rustmft configRobin Krahl2019-01-26
| | | | | | | The CI scripts and the rustfmt configuration are only needed when developing. There is no point in distributing them in the package published on crates.io, so we exclude them from packaging using the exclude setting in Cargo.toml.
* Update libc crate to 0.2.47Daniel Mueller2019-01-22
| | | | | | This change updates the libc crate to version 0.2.47. Import subrepo libc/:libc at ce1dfcbf81bd74662b5cd02a9214818a0bfbbffa
* Update nitrokey crate to 0.3.4Daniel Mueller2019-01-22
| | | | | | This change updates the nitrokey crate to version 0.3.4. Import subrepo nitrokey/:nitrokey at 41cdc1f7091a3c442241dbb2379c50dbcc7e9c5f
* Add tests for the lock commandDaniel Mueller2019-01-20
| | | | | | | | | This change adds tests for the lock command. For the Nitrokey Pro we cannot test too much because the only side-effect is that the password safe is closed and it will be opened automatically again by virtue of our non-interactive testing methodology. For Storage devices we verify that the encrypted volume is closed, which is a documented side-effect.
* Document hidden volumes in the README and the manual pageDaniel Mueller2019-01-20
| | | | | | This change updates the README and the man page with documentation about hidden volumes in general and the storage hidden subcommand in particular.
* Add test for storage hidden subcommandDaniel Mueller2019-01-20
| | | | | | | This change adds a test for the creation, opening, and closing of a hidden subvolume. In order to support that in a non-interactive fashion, we introduce and honor the NITROCLI_PASSWORD environment variable, that prevents an interactive password query.
* Implement storage hidden subcommandDaniel Mueller2019-01-20
| | | | | | | | | With this change we implement the storage hidden subcommand. We support creation, opening, and closing of hidden volumes. Note that the opening of a hidden volume automatically closes any opened encrypted volumes and vice versa. To that end, we force file system level caches to disk even from the storage open and storage hidden open commands.
* Introduce storage hidden subcommand scaffoldingDaniel Mueller2019-01-15
| | | | | | | | | This change introduces a new subcommand to the storage command called 'hidden'. This subcommand can be used to interact with hidden volumes. Right now we support three operations pertaining hidden volumes: create, open, and close. This patch merely provides the infrastructure for parsing the commands and all their arguments, it does not yet implement them fully.
* Introduce PwdEntry struct implementing SecretEntry for passwordsDaniel Mueller2019-01-19
| | | | | | | | | | | | With the required interface for secrets well defined, this change introduces a second secret type in addition to PINs: passwords. Similar to a PIN, a password can contain pretty arbitrary characters but passwords can be retried repeatedly, whereas PINs cause a lockout after a certain number of failed attempts. Our first use case for passwords will be for hidden volumes. For those, we do not want to gpg-agent to cache entries and so a password entry indicates that it is not to be cached through the previously introduced mechanism for optional caching.
* Add minimum length to SecretEntry traitDaniel Mueller2019-01-19
| | | | | | | | Another commonality between a password and a PIN is that they typically both have a minimum length. To accommodate for this requirement, this change introduces another method to the SecretEntry trait that represents the secret's minimum character length.
* Make caching of secrets optionalDaniel Mueller2019-01-20
| | | | | | | | | | | | | Currently, when we enter a secret (i.e., a PIN) through the pinentry module, this PIN will automatically be cached and not asked from the user again on subsequent inquiries. However, caching may not always be desired. For the upcoming support of passwords used in conjunction with hidden volumes, we do not want any caching because different passwords can be entered for different volumes and the user's intention is not clear until a password has actually been entered. To accommodate this use case, this change modifies the signature of the SecretEntry trait's cache_id method to return an optional cache ID. If none is returned, caching of the entered secret is disabled.
* Return Cow object from SecretEntry methodsDaniel Mueller2019-01-20
| | | | | | | | | We do not know what kind of data future implementers of the SecretEntry trait may want to return. For all we know these could just be static strings, in which case the forced conversion into a String by virtue of the return type is wasteful. To be more flexible in the future while gaining some consistency, this change makes all those trait's methods return a Cow object instead.
* Introduce SecretEntry traitDaniel Mueller2019-01-19
| | | | | | | | | | | | Now that we have introduced the notion of a secret abstracting over whether something is a PIN or a password in terms of terminology, we need to define what makes a secret in code. From the pinentry module's perspective, the commonality between the two is that they both can be entered through a dialog containing a prompt and a description, and they can be cached. This change introduces a trait, SecretEntry, that defines methods representing those properties. Right now only the existing PinEntry struct implements this trait.
* Generalize terminology from "PIN" to "secret"Daniel Mueller2019-01-19
| | | | | | | | | | | | In the past we have worked solely with PINs. PINs in our (or rather, the Nitrokey's) sense are not necessarily numbers but they can be reasonably short in length, because they can only be retried a limited number of times. In the future, however, we will introduce the notion of a password, which does not carry such a restriction. The commonality between the two is that they are secrets and so with this change we refer to secrets -- rather than PINs -- in places where both passwords and PINs can conceptually be used.
* Drop '_pin' suffix from various pinentry functionsDaniel Mueller2019-01-19
| | | | | | Various functions in the pinentry module contain an arguably redundant '_pin' suffix in their name. Examples include inquire_pin and clear_pin. This change removes this part from their names.
* Move PIN choosing functionality into pinentry moduleDaniel Mueller2019-01-19
| | | | | | | | | The functionality we have in place for choosing a PIN can arguably be moved into the pinentry module: it can be considered logic directly related to working with PINs or secrets and that has no dependencies to unrelated modules of the program. This patch moves the choose_pin and check_pin functions into the pinentry module.
* Add tests for the storage commandDaniel Mueller2019-01-19
| | | | | | | | This change adds two tests for the storage command. The first one verifies that a proper error message is emitted if a storage command is attempted on a Pro device. The second one checks the output of the status subcommand and expected changes to it when opening or closing the encrypted volume.