| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
|
|
|
|
| |
In order to flush file system level buffers to disk we use the sync
function. The way we made this function known to the crate was by
explicitly declaring it as extern "C" and linking against libc. However,
given that we already (indirectly) depend on libc through the nitrokey
crate (and that is unlikely to change) we may as well make libc a direct
dependency and invoke the function through the crate.
Given that the libc crate is available for a variety of platforms, it
seems likely that its approach to interfacing with the system libc
library is more portable than our hand rolled version.
|
|
|
|
|
|
|
|
| |
For a while now the program has supported the Nitrokey Pro device in
addition to the Nitrokey Storage. To reflect this change, this patch
adjusts the keywords in Cargo.toml to include 'nitrokey-pro' as well.
In order to not exceed the crates.io imposed limit, it removes the 'hid'
keyword.
|
|
|
|
|
|
|
|
|
|
| |
A while ago we removed all device specific tests from the project as
part of the move to using the nitrokey crate. While adding additional
tests is a work in progress, the intention is to have them run solely by
issuing 'cargo test'.
In any case, this change removes the 'test' target from the Makefile as
it is no longer needed, because all tests can run concurrently just
fine.
|
|
|
|
|
|
|
|
| |
With the recent update of the nitrokey create the nitrokey::CommandError
enum has become trivially copyable. Hence, there is no more point in
passing a reference to it to the get_error function.
To that end, this change adjusts the signature to accept an owned value
instead.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change updates the nitrokey crate to version 0.2.3. This version
bumps the rand crate used to 0.6.1, which in turn requires an additional
set of dependencies.
Import subrepo nitrokey/:nitrokey at b3e2adc5bb1300441ca74cc7672617c042f3ea31
Import subrepo rand/:rand at 73613ff903512e9503e41cc8ba9eae76269dc598
Import subrepo rustc_version/:rustc_version at 0294f2ba2018bf7be672abd53db351ce5055fa02
Import subrepo semver-parser/:semver-parser at 750da9b11a04125231b1fb293866ca036845acee
Import subrepo semver/:semver at 5eb6db94fa03f4d5c64a625a56188f496be47598
|
|
|
|
|
|
|
|
|
|
|
| |
The clippy target as executed by the Gitlab CI excludes a bunch of lints
when performing an initial run. That is necessary because some of the
source code we rely on violates those rules and would cause the target
to fail.
The problem with the approach taken is that we list all the individual
failing lints, which quickly becomes a maintenance burden. As it turns
out clippy has the clippy::all meta-lint that subsumes all of the
explicitly specified ones and so with this change we use that instead.
|
|
|
|
|
| |
This change adjusts the README to reflect that we support both Nitrokey
Pro and Nitrokey Storage devices with the program.
|
|
|
|
|
|
| |
This change updates the cc crate to version 1.0.28.
Import subrepo cc/:cc at 9490b5ecb43b8b926f96a7e484fa83e39620d8e5
|
|
|
|
|
|
|
| |
To make life easier for possible future maintainers, this change
documentes the packaging process for Arch Linux and Debian in the
doc/packaging.md file. Note that nitrocli is not yet packaged for
Debian, so that section is hypothetical.
|
|
|
|
|
|
| |
This patch adds documentation and examples for the lock command to the
README and to the man page. It also adds the lock command to the
top-level help message.
|
|
|
|
|
| |
This patch adds documentation and examples for the pws commands to the
README and to the man page.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The program's binary is more than 1,5 MiB in size (after stripping debug
symbols). Although in general that is not a size to worry about, keeping
a small binary and memory footprint is beneficial in the majority of
cases and leaves a tangentially better impression with users.
To that end, this change enables the following optimizations to be
performed when creating a release build:
1) We compile with optimization for code size. We have no performance
sensitive code and are communicating with a slow I/O device to begin
with, meaning that binary size will ultimately have the most weight
when judging the program. Hence, minimizing it seems like the best
trade-off.
2) We enable link-time optimization (LTO). At the expense of compilation
time (which is not a concern for what may almost be considered a
one-off operation), this step can reduce binary size by eliminating
more unused code as well as enable performance related optimizations
not possible without this setting. For similar reasons we disable
incremental builds and treat the entire compilation as one unit.
The end result of these optimizations is a reduction of binary size by
almost a fourth (420 KiB).
Those optimizations come at little to no cost (depending on one's view).
There is another one that we could enable and that is to abort on panics
instead of unwinding, yielding savings of 44 KiB. However, we refrained
from doing so because that has a negative impact on the amount of error
reporting happening in case of a panic.
|
|
|
|
|
|
| |
This patch implements the lock command that locks the password safe and,
on the Nitrokey Storage, the encrypted volume. See issue #18 for
details on the locking mechanism.
|
|
|
|
|
| |
This patch implements the pws status command that can be used to print
status information for the slots in the password safe.
|
|
|
|
|
| |
This patch implements the pws clear command which allows the user to
clear a slot in the password safe.
|
|
|
|
| |
This patch adds the pws set subcommand that writes a PWS slot.
|
|
|
|
|
|
|
|
|
| |
This patch implements the pws get subcommand that provides read access
to a slot of the password safe. Per default, all available information
– slot name, login and password – are printed. If one or more of the
options --name, --login and --password are set, only the selected fields
are printed. If --quiet is set, the field description is omitted such
that the output can be easily parsed by other applications.
|
|
|
|
|
| |
This patch adds the basic structure for the pws command that can be used
to access the password safe on the Nitrokey Pro and Nitrokey Storage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change bumps the version of the crate to 0.2.0. The following
notable changes have been made since 0.1.3:
- Use the nitrokey crate for the 'open', 'close', and 'status'
commands instead of directly communicating with the Nitrokey device
- Added nitrokey version 0.2.1 as a direct dependency and
nitrokey-sys version 3.4.1 as well as rand version 0.4.3 as
indirect dependencies
- Removed the hid, hidapi-sys and pkg-config dependencies
- Added the 'otp' command for working with one-time passwords
- Added the 'config' command for reading and writing the device configuration
- Added the 'pin' command for managing PINs
- Renamed the 'clear' command to 'pin clear'
- Moved 'open' and 'close' commands as subcommands into newly introduced
'storage' command
- Moved printing of storage related information from 'status' command
into new 'storage status' subcommand
- Made 'status' command work with Nitrokey Pro devices
- Enabled CI pipeline comprising code style conformance checks, linting,
and building of the project
- Added badges indicating pipeline status, current crates.io published
version of the crate, and minimum version of rustc required
- Fixed wrong messages in the pinentry dialog that were caused by unescaped
spaces in a string
- Use the argparse crate to parse the command-line arguments
- Added argparse dependency in version 0.2.2
|
|
|
|
|
|
| |
This change adds a new file, CONTRIBUTING.md, that details some
generally applicable rules for the contribution to this project. It also
links this file from the README.
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes the following set of changes to the installation
sections:
- Note that Rust and Cargo are implicit dependencies
- Remove the notice about the hid crate being required from the "From
Source" section as that is no longer a requirement with the switch to
using the nitrokey crate
- Mention that from source compilation should happen from the nitrocli/
subfolder
|
|
|
|
|
|
| |
This change reorders the individual ways to install the program in order
of preference. If possible, the user most likely wants to use a
distribution's package over installation from crates.io or from source.
|
|
|
|
|
|
| |
This change adds a new section detailing the project's license to the
README. Having such a section seems to be relatively common practice
among projects.
|
|
|
|
|
|
|
|
|
| |
This change removes the note about firmware version 0.47 being the
minimum required. The note is outdated, because with the switch to using
the nitrokey crate and with it libnitrokey we no longer have such a
requirement as the CRC check we performed that caused incompatibilities
with earlier versions does not exist in libnitrokey (see issue
Nitrokey/libnitrokey issue #134).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds a new target to the Makefile that can be used for
generating a PDF version of the man page. It also checks in the
generated file and links to it from the README.
We have also experimented with creation of an HTML version, but at least
the groff generated file is not very visually pleasing and also cannot
be linked to directly from Github. Github wants to prevent hosting of
web pages directly like this in repositories and instead promote their
Github Pages solution for that purpose. To that end they deliver content
with a Content-Type representing plain text which causes HTML to not be
rendered. PDF content, however, is rendered in-line and looks reasonable
at that.
|
|
|
|
|
| |
This change implements the pin set command which can be used to change
a Nitrokey's user or admin PIN.
|
|
|
|
|
|
|
| |
This patch implements the pin unblock command that unblocks and resets
the user PIN. The name unblock is chosen over libnitrokey's unlock to
be consistent with the GnuPG terminology and to avoid confusion with the
unrelated lock command.
|
|
|
|
|
|
|
|
|
| |
We have functionality for changing the Nitrokey's user & admin PINs as
well as for resetting the user PIN coming up. With the prospect of this
new functionality arriving, it makes sense to introduce a new top-level
command for the sole purpose of PIN management.
This change introduces such a command, pin, and moves the existing clear
command for clearing the PIN cache into it.
|
|
|
|
|
|
|
| |
The mode argument is used to specify the context of the pinentry dialog:
querying an existing passphrase or prompting the user to choose a new
PIN. It is used to choose a description and to decide whether to show a
quality bar that measures the password strength.
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the otp get command to set the Nitrokey's time before
generating a one-time password using the TOTP algorithm. Per default,
it sets the time to the current system time. If the --time option is
set, it uses its value instead. See issue #34 [0] for a discussion of
this change.
[0] https://github.com/d-e-s-o/nitrocli/issues/34
|
|
|
|
|
|
|
|
|
|
| |
The main change introduced in this patch is the correct usage of - and
\-. Instead of the \(em macro for em-dashes as suggested by
man-pages(7) it uses the \(en macro: Both dashes are typeset as a
single UTF-8 character on my terminal. If spaces are omitted, the
resulting text is very hard to read if set in monospace fonts as the en-
or em-dash is not significantly different from a regular dash. The
em-dash may not be used with spaces, hence the usage of en-dash.
|
|
|
|
|
|
| |
The man page incorrectly documented the otp get command twice. The
second occurrence is supposed to detail the otp clear command. This
change adjusts the code accordingly.
|
|
|
|
|
| |
This patch adds documentation and examples for config get and config set
to the README and to the man page.
|
|
|
|
|
|
| |
This patch adds a short description of the Nitrokey OTP capabilities to
the OTP section of the man page. This should make it easier to
understand the commands without prior knowledge of the Nitrokey devices.
|
|
|
|
|
|
|
|
|
|
| |
The 'status' command has traditionally printed information about the
connected Nitrokey and that included storage specific data if the device
present is a Nitrokey Storage.
Given that we have a root-level 'storage' command it arguably makes
sense to move the printing of the storage related status information
into a 'status' sub-command of the said command, which makes the output
more predictable.
|
|
|
|
|
|
|
|
| |
We have kept the code organized such that the function for handling a
command is located above the functions taking care of handling the
subcommands.
This change moves the storage_* subcommand functions below the storage
function to be more consistent with existing code.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upon their inception, the 'open' and 'close' commands were pretty much
the only relevant commands the program provided and it made sense to
have them reside in the root namespace. By now we support more commands
and have started to structure them in a more hierarchical fashion.
To go with the flow, this change introduces a new 'storage' command and
makes the existing 'open' and 'close' commands subcommands of it. We
chose the name 'storage' (over, say, 'volume') because we plan to move
the printing of the storage related status from the 'status' root level
command into a subcommand within 'storage'.
|
|
|
|
|
|
|
| |
With recent refactorings the output of the status command changed
slightly.
With this patch we update the README that happens to provide an example
of said output in accordance with this change.
|
|
|
|
|
|
|
| |
The Nitrokey UG was generous enough to sponsor a Nitrokey Pro as well as
a Nitrokey Storage device for development and testing of the program.
This change mentions the company in the acknowledgments section of the
README.
|
|
|
|
|
| |
This patch adds the otp commands to the README and describes them in the
nitrocli(1) man page.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements the config set subcommand. The subcommand changes
the configuration of a Nitrokey device.
Its structure is more complex as it allows partial modifications: The
user does not have to change all settings, but may choose to change only
some. At the same time, the binding settings can be either set to a
value or disabled. Therefore, we have the --{num,caps,scrol}lock
options to set a value and the --no-{num,caps,scrol}lock options to
disable the value. If none of the two is set, the setting is not
changed.
|
|
|
|
|
| |
This change implements the config get subcommand. The subcommand reads
the device configuration and prints it.
|
|
|
|
|
| |
This patch adds the top-level config command. Its subcommands will
provide access to the device configuration.
|
|
|
|
|
|
|
|
| |
Currently, the status command fails for a Nitrokey Pro. This patch
changes the command to also print basic status information for Pro
devices. For the sake of consistency, the common status is always
queried using the common `Device` functions, even if the Storage status
includes the same information.
|
|
|
|
|
|
| |
This patch extracts the print_status function that prints the status
fields common to all supported Nitrokey devices from the
print_storage_status function.
|
|
|
|
|
| |
The print_status function only prints the Storage-specific status
struct. Therefore it is renamed to print_storage_status.
|
|
|
|
|
|
| |
This change adds a new section for acknowledgments surrounding the
program to the README. Robin Krahl (robinkrahl @ Github) has been a
great help with respect to recent developments.
|
|
|
|
|
|
|
|
| |
This patch introduces the `otp status` subcommand that lists all OTP
slots and their current status. To avoid hardcoding the number of slots
per type, we iterate all slots until we get an `InvalidSlot` error
(assuming that the set of valid slots is {0, ..., n} for some n). The
`status` command is quite slow as we have to query each slot separately.
|
|
|
|
| |
This patch implements the `otp clear` subcommand that erases an OTP slot.
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the `otp set` subcommand that configures an OTP
slot. There are two ways to specify an OTP secret: as a hexadecimal
string (that means that every two characters are interpreted as a
hexadecimal representation of one byte of the secret) or as an ASCII
string (that means that the ASCII code of every character is interpreted
as one byte of the secret). As the HOTP RFC mentions both
representations, this implementation supports both.
|