aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Document the otp commandsRobin Krahl2018-12-27
| | | | | This patch adds the otp commands to the README and describes them in the nitrocli(1) man page.
* Implement the config set subcommandRobin Krahl2018-12-27
| | | | | | | | | | | | | This change implements the config set subcommand. The subcommand changes the configuration of a Nitrokey device. Its structure is more complex as it allows partial modifications: The user does not have to change all settings, but may choose to change only some. At the same time, the binding settings can be either set to a value or disabled. Therefore, we have the --{num,caps,scrol}lock options to set a value and the --no-{num,caps,scrol}lock options to disable the value. If none of the two is set, the setting is not changed.
* Implement the config get subcommandRobin Krahl2018-12-27
| | | | | This change implements the config get subcommand. The subcommand reads the device configuration and prints it.
* Implement the config commandRobin Krahl2018-12-27
| | | | | This patch adds the top-level config command. Its subcommands will provide access to the device configuration.
* Add status output for Nitrokey ProRobin Krahl2018-12-27
| | | | | | | | Currently, the status command fails for a Nitrokey Pro. This patch changes the command to also print basic status information for Pro devices. For the sake of consistency, the common status is always queried using the common `Device` functions, even if the Storage status includes the same information.
* Extract print_status from print_storage_status functionRobin Krahl2018-12-27
| | | | | | This patch extracts the print_status function that prints the status fields common to all supported Nitrokey devices from the print_storage_status function.
* Rename print_status to print_storage_statusRobin Krahl2018-12-25
| | | | | The print_status function only prints the Storage-specific status struct. Therefore it is renamed to print_storage_status.
* Add Acknowledgments section to READMEDaniel Mueller2018-12-24
| | | | | | This change adds a new section for acknowledgments surrounding the program to the README. Robin Krahl (robinkrahl @ Github) has been a great help with respect to recent developments.
* Implement the otp status subcommandRobin Krahl2018-12-24
| | | | | | | | This patch introduces the `otp status` subcommand that lists all OTP slots and their current status. To avoid hardcoding the number of slots per type, we iterate all slots until we get an `InvalidSlot` error (assuming that the set of valid slots is {0, ..., n} for some n). The `status` command is quite slow as we have to query each slot separately.
* Implement the otp clear subcommandRobin Krahl2018-12-24
| | | | This patch implements the `otp clear` subcommand that erases an OTP slot.
* Implement the otp set subcommandRobin Krahl2018-12-24
| | | | | | | | | | This patch implements the `otp set` subcommand that configures an OTP slot. There are two ways to specify an OTP secret: as a hexadecimal string (that means that every two characters are interpreted as a hexadecimal representation of one byte of the secret) or as an ASCII string (that means that the ASCII code of every character is interpreted as one byte of the secret). As the HOTP RFC mentions both representations, this implementation supports both.
* Implement the otp get subcommandRobin Krahl2018-12-24
| | | | | | | This patch implements the `otp get` subcommand that allows the user to generate a one-time password on the Nitrokey device. Before generating the password, the device configuration is checked so that the user only has to enter a PIN if it is required for the OTP generation.
* Implement otp commandRobin Krahl2018-12-24
| | | | | This patch adds the `otp` top-level command. Its subcommands provide access to one-time passwords on the Nitrokey.
* Implement user and admin authenticationRobin Krahl2018-12-24
| | | | | | This patch implements authentication with the user or admin PIN. This is a preparation for the `otp get` and `otp set` commands which require user and admin access to the Nitrokey.
* Clear both user and admin PINRobin Krahl2018-12-24
| | | | | | Currently, we only clear the user PIN if clear is called. This patch changes the clear command to also clear the admin PIN as we will start to use the admin PIN in upcoming patches.
* Refactor the pinentry call into new helper functionsDaniel Mueller2018-12-24
| | | | | | | | | | | | | | | | | Currently, `open` directly calls the `pinentry` module and loops until the user entered a correct passphrase or the retry limit is reached. This patch moves the pinentry call and the loop into the `try_with_passphrase_and_data` function. This function queries a passphrase of a given type and executes a function with that passphrase. This function has a data argument and may return data that is passed to the next call of the function (if it failed). This data-passing mechanism is required for the `nitrokey` authentication functions: These functions take ownership of the device and either return an authenticated device after successful authentication, or an error including the unauthenticated device if the authentication failed. This patch enables the usage of these functions in future patches.
* Return UTF-8 error when handling the passphraseRobin Krahl2018-12-23
| | | | | | | Currently, invalid UTF-8 code points in the passphrase returned by pinentry are replaced with replacement characters by `String::from_utf8_lossy`. This patch changes the code to use `String::from_utf8` and returns an UTF-8 error if encountered.
* Port argument handling to argparseRobin Krahl2018-12-23
| | | | | | | | | This patch replaces the macro for argument parsing with `argparse::ArgumentParser` from the argparse crate. It moves the application logic to the `commands` module and the argument parsing to the `options` module. An enum is used to represent the available commands. The code is based on the `subcommands.rs` example shipped with argparse.
* Factor out new commands.rs fileDaniel Mueller2018-12-20
| | | | | | | In order to prepare for the new argument parsing support based on the argparse crate, this change factors out the existing code used for responding to commands in a new file, commands.rs. No semantic change is introduced.
* Add argparse 0.2.2 as a dependencyRobin Krahl2018-12-21
| | | | | | | | | This patch adds the crate rust-argparse [0] in version 0.2.2 as a dependency, as discussed in issue #4. [0] https://github.com/tailhook/rust-argparse Import subrepo argparse/:argparse at 0de60a5e6d9ee1a3570d6089afd3ccd6ed7480c5
* pinentry: Encode spaces in prompt argumentRobin Krahl2018-12-19
| | | | | | | Spaces in the arguments for gpg-connect-agent’s `GET_PASSPHRASE` command have to be esaced using a plus sign. Somehow this was missing for the prompt argument. This patch adds escaping for the prompt so that the pinentry dialog is displayed correctly.
* Migrate work to the 'master' branchDaniel Mueller2018-12-17
| | | | | | | | | | | | In the past we have used the 'devel' branch for more or less early development work that includes the occasional rebase to fix up mistakes and keep the history clean. That is a non-starter when it comes to tagging signed releases, which we have introduced recently. Hence, there is no point in diverging from what the rest of the world is doing by using a branch name other than 'master' as the main development vehicle. By now we have introduced two dependencies on the branch name into the code base, which this change fixes up.
* Enable rustfmt in the CI pipelineDaniel Mueller2018-12-17
| | | | | | | | | | | This change enables automated code format checking by means of the rustfmt program in the Gitlab CI pipeline. The check is performed in a third job in the hope that this helps identify problems more easily: users can see which of the jobs failed and focus on them in isolation, as opposed to having a single log file or, worse, just the results of the stages up to the first failure. This patch resolves issue #17.
* Make code conforming to rustfmt's expectationsDaniel Mueller2018-12-17
| | | | | | | | | | | | | | An automated code formatter can help tremendously in reducing the amount of cognitive energy wasted on thinking about the "best" formatting of code as well as the number of nitpicks reviews typically get -- the format is machine checked (and enforced) and there is usually little to no discussion about the validity. To reach the goal of having such automated enforcement, we want to run the rustfmt tool as part of the CI pipeline. With rustfmt having reached 1.0 recently, the believe is that by now the formatting is reasonably stable and usable for this purpose. In that light, this change formats the code using rustfmt and prepares for such an automated style check.
* Add clippy target to CI/CD pipelineDaniel Mueller2018-12-17
| | | | | This patch adds a new target to the pipeline that installs clippy and then uses it to check for various potential problems in the crate.
* Fix two clippy warningsDaniel Mueller2018-12-17
| | | | | | | After the switch to using the nitrokey crate for communication with the device, we have to warnings standing in the way of enabling clippy unconditionally for the nitrocli crate. This change fixes those two warnings.
* Add badges for crates.io and minimum rustc versionDaniel Mueller2018-12-16
| | | | | | | | | | | This change adds another two badges to the repository. The first one simply lists the most recent version of the crate as published on crates.io. The second one states the minimum version of rustc that is required for building. We have recently switched to using Rust 2018 and with that we have a requirement for version 1.31 of the toolchain. In the future the hope is that now that we have a proper CI/CD pipeline based off of Docker images we should be able to build on past versions of Rust, even if they are not used during development.
* Add gitlab-ci.yml configuration fileDaniel Mueller2018-12-16
| | | | | | | | | | | | | | | | | | This change adds a configuration file for the Gitlab CI/CD pipeline to the repository. This file (directly or indirectly) controls the environment in which to build, what exactly to build, and ultimately would also be used to define what tests to run. With the pipeline in place the change also adds a badge indicating the status of the build on the project's front page. The following other CI services have been evaluated or tested and found to be insufficient for the needs at hand: - Travis CI: Does not support configuration in a directory other than the repository root - Cirrus CI: Has the same problem - Semaphore: Does not support Rust - Circle CI: Does not support Rust - Google Cloud Build: Pretty much strictly a paid service
* Rename libnitrokey to nitrokeyRobin Krahl2018-12-17
| | | | | | | Currently, the nitrokey crate is renamed to libnitrokey in Cargo.toml as there used to exist a nitrokey module in this crate. As this module does no longer exist and is not likely to return, this patch removes the customized name for the nitrokey crate.
* Remove unused dependenciesRobin Krahl2018-12-17
| | | | | | | | | This patch removes all dependencies that are no longer required since the hidapi communication is replaced by libnitrokey. Delete subrepo hid/:hid Delete subrepo hidapi-sys/:hidapi-sys Delete subrepo pkg-config/:pkg-config
* Port the status command to libnitrokeyRobin Krahl2018-12-17
| | | | | | This patch removes the raw hidapi implementation of the status command and all utility methods that are no longer needed. With this patch, all device communication is performed using libnitrokey.
* Port the open and close commands to libnitrokeyRobin Krahl2018-12-17
| | | | | | | | | | | | | | This patch removes the raw hidapi implementations of the Enable Encrypted Volume and Disable Encrypted Volume commands and replaces them with the methods enable_encrypted_volume and disable_encrypted_volume of the Storage struct provided by the nitrokey trait. To provide some context to the error messages, the errors are wrapped using the map_err method of the Result enum and the get_error function that combines a nitrokey error code and a string into a nitrocli error. It would be more idiomatic to define a conversion from a nitrokey error to a nitrocli error, but then we would lose information about the context of the error.
* Add nitrokey as a dependency to nitrocliRobin Krahl2018-12-17
| | | | | | | | | | | | | | | The nitrokey crate provides a simple interface to the Nitrokey Storage and the Nitrokey Pro based on the libnitrokey library developed by Nitrokey UG. The low-level bindings to this library are available in the nitrokey-sys crate. This patch adds version v0.2.1 of the nitrokey crate as a dependency for nitrocli. It includes the indirect dependencies nitrokey-sys (version 3.4.1) and rand (version 0.4.3). Import subrepo nitrokey/:nitrokey at 2eccc96ceec2282b868891befe9cda7f941fbe7b Import subrepo nitrokey-sys/:nitrokey-sys at f1a11ebf72610fb9cf80ac7f9f147b4ba1a5336f Import subrepo rand/:rand at d7d5da49daf7ceb3e5940072940d495cced3a1b3
* Link Arch package in READMERobin Krahl2018-12-17
| | | | | | This change adds a link to the nitrocli package for Arch Linux to the README. The package is currently available in the Arch User Repository (AUR).
* Bump version to 0.1.3Daniel Mueller2018-12-11
| | | | | | | | | | | | | | | | This change bumps the version of the crate to 0.1.3. The following notable changes have been made since 0.1.2: - Show PIN related errors through pinentry native reporting mechanism instead of emitting them to stdout - Added a man page (nitrocli(1)) for the program to the repository - Adjusted program to use Rust Edition 2018 - Applied a couple of clippy reported suggestions - Added categories to Cargo.toml - Changed dependency version requirements to be less strict (only up to the minor version and not the patch level) - Bumped pkg-config dependency to 0.3.14 - Bumped libc dependency to 0.2.45 - Bumped cc dependency to 1.0.25
* Enable more lintsDaniel Mueller2018-12-11
| | | | | | | | Given that development is picking up speed again we should accept all the help we get from the compiler to catch issues as early as possible. To that end, this change enables more lints for the program. As "usual", lints that are suspected to potentially change in future versions of Rust are reported as warnings and not errors.
* Add a nitrocli(1) man pageRobin Krahl2018-12-14
|
* Add a .gitignore fileRobin Krahl2018-12-13
| | | | | This patch adds a .gitignore file that ignores the target directory that is created by cargo during compilation and swap files created by vim.
* Add Cargo.toml categoriesDaniel Mueller2018-12-11
| | | | | | | | | For a while now Cargo has supported the specification of categories in the Cargo.toml file and crates.io will actually honor those categories and show case the crate in them. With this change we specify the four categories this crate is believed to fit in the best: 'command-line-utilities', 'authentication', 'cryptography', and 'hardware-support'.
* Compile program with 2018 Edition of RustDaniel Mueller2018-12-11
| | | | | | | With the 1.31 release of Rust support for Edition 2018 has reached the stable tool chain. This change enables compilation based off of this new edition for the crate. This change resolves issue #6.
* Make hidden lifetime parameters explicitDaniel Mueller2018-12-10
| | | | | | | | | | | | | With a recent Rust version upgrade hidden lifetime parameters cause a warning of the form: > warning: hidden lifetime parameters in types are deprecated > --> src/error.rs:58:25 > | > 58 | fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { > | ^^^^^^^^^^^^^^- help: indicate the anonymous lifetime: `<'_>` This change adjusts the code to make those lifetimes explicit (while keeping them anonymous).
* Enable rust_2018_idioms lintDaniel Mueller2018-12-10
| | | | | | | | This change enables the rust_2018_idioms lint which helps enforce the usage of Rust 2018 code idioms. A while back the "impl trait" feature stabilized and along with it trait objects are supposed to be prefixed with "dyn". This change adjusts the code accordingly.
* Enable rust_2018_compatibility lintDaniel Mueller2018-12-10
| | | | | | | | In preparation for the switch to using Rust 2018, this change enables the rust_2018_compatibility lint. Along with that enablement we fix the warnings emitted by it, which evolve around the module system changes Rust has gone through and that require us to prefix initial uses of crate local modules with "crate".
* Add change log detailing the changes between releasesDaniel Mueller2018-12-11
| | | | | | | | | | In order for users to decide whether an update of the program is justified (or, to potentially help in identifying changes that resulted in a regression), it is often a good idea to provide a brief summary of all the changes that went into a particular release. With this change we add a change log for the program to the repository. Through a bit of code archeology the log stretches back to the initial release.
* Add doc comment to pinentry::inquire_passphraseRobin Krahl2018-12-11
|
* Add support for multiple PIN typesRobin Krahl2018-12-11
| | | | | | | | Currently, the pinentry module only supports querying the user PIN. The Nitrokey devices also have an admin PIN. This patch adds support for querying multiple PIN types to the pinentry module. While this is currently not used, it will be needed to add support for administrative commands like unlocking the device or changeing the user PIN.
* Show error in pinentry dialog instead of printing to stdoutRobin Krahl2018-12-11
| | | | | | | | | Currently, the error message for a wrong password is printed to the standard output. Yet the standard output might not be visible to the user if they are using the curses frontend for pinentry. Pinentry already supports displaying an error message in the passphrase prompt. This patch moves the error message from the standard output to the pinentry prompt.
* Rename pinentry constants to match the documented namesRobin Krahl2018-12-11
| | | | | | | | The GnuPG documentation [0] refers to the GET_PASSPHRASE arguments as “error message”, “prompt” and “description”. This patch changes the names of the constants for these arguments to match the documented names. [0] https://www.gnupg.org/documentation/manuals/gnupg/Agent-GET_005fPASSPHRASE.html#Agent-GET_005fPASSPHRASE
* Add application name and PIN type to the pinentry cache IDRobin Krahl2018-12-11
| | | | | | | | | | | | This patch adds the application name (nitrocli) and the type of the requested PIN (user PIN) to the cache ID user with pinentry to conform with the GnuPG documentation [0]: > By convention either the hexified fingerprint of the key shall be used > for cache_id or an arbitrary string prefixed with the name of the > calling application and a colon: Like gpg:somestring. [0] https://www.gnupg.org/documentation/manuals/gnupg/Agent-GET_005fPASSPHRASE.html#Agent-GET_005fPASSPHRASE
* Add rustfmt configurationRobin Krahl2018-12-11
| | | | | rustfmt uses four-space indentation per default. This patch adds a configuration file that sets the indentation with to two spaces.