aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Add test case for --version optionRobin Krahl2019-02-17
| | | | | This change adds a test case for the -V/--version option to the suite of tests.
* Respect ctx.std{out,err} for version outputRobin Krahl2019-02-17
| | | | | | | | | | | | | Due to a bug in argparse [0], custom stdout and stderr settings are ignored when using argparse::Print, as we currently do for the --version option. This patch adds a workaround for this problem: Instead of using argparse::Print, we use argparse::StoreTrue for the --version option. The argument parsing will fail as the command is missing, but the version variable will still be set to true if the version option was set. So we ignore the parsing result and discard the argparse output if the version variable is set. [0] https://github.com/tailhook/rust-argparse/pull/50
* Remove args::parse_arguments functionDaniel Mueller2019-02-17
| | | | | | | | | The split between the parse_arguments and the handle_arguments functions is not really useful for reasoning about the code. In fact, it just adds additional overhead in the form of complex function signatures into the picture. As it provides no real other value, this change merges the functionality of both functions into a single one: handle_arguments.
* Use buffered writer in args::parse_argumentsRobin Krahl2019-02-17
| | | | | | | | | To be able to decide whether to print the argparse output depending on the result of the argument parsing, this patch wraps stdout and stderr in a BufWriter before invoking argparse. Our BufWriter implementation only writes to the inner Write if the flush method is called. This allows us to decide whether the buffered data should be written or silently dropped.
* Consume ArgumentParser object as part of parsingDaniel Mueller2019-02-08
| | | | | | | | | | We have introduced the parse function to unify the common parsing related tasks. In that vein, this change goes one step further and adjusts the function to actually consume the ArgumentParser object used by it. All clients using this function actually do not access the parser afterwards, and, in fact, some of them have to explicitly drop it because of borrow conflicts with "referred" arguments.
* Simplify error handling in the parse functionDaniel Mueller2019-02-08
| | | | | This patch changes the error handling in the args' module parse function to use the Result's map_err instead of a more verbose if let expression.
* Add Ubuntu package to README and doc/packaging.mdRobin Krahl2019-02-02
|
* Update libc crate to 0.2.48Daniel Mueller2019-01-29
| | | | | | This change updates the libc crate to version 0.2.48. Import subrepo libc/:libc at 42cd3ba27254c423e03f6f4324de57075047f6a0
* Update regex-syntax crate to 0.6.5Daniel Mueller2019-01-29
| | | | This change updates the regex-syntax crate to version 0.6.5.
* Update memchr crate to 2.1.3Daniel Mueller2019-01-29
| | | | This change updates the memchr crate to version 2.1.3.
* Update proc-macro2 crate to 0.4.26Daniel Mueller2019-01-29
| | | | This change updates the proc-macro2 crate to version 0.4.26.
* Update quote crate to 0.6.11Daniel Mueller2019-01-28
| | | | This change updates the quote crate to version 0.6.11.
* Update syn crate to 0.15.26Daniel Mueller2019-01-28
| | | | This change updates the syn crate to version 0.15.26.
* Add Debian package to package list in READMERobin Krahl2019-01-29
|
* Add test for pws get after factory resetRobin Krahl2019-01-26
| | | | | | | | The factory reset only clears the slot status. The slot content is overwritten with random data. Therefore accessing a PWS slot after a factory reset returns garbage data. We fixed this by always querying the status before accessing the PWS. This patch adds a corresponding test case.
* Check slot status before accessing the PWSRobin Krahl2019-01-26
| | | | | | | | | | | | The Nitrokey devices do not check whether a PWS slot is programmed before accessing it (upstream issues [0] [1]). Until this is fixed in the firmware, we have to manually check the slot status in pws get. This could have been done in libnitrokey or the nitrokey crate, yet this would lead to unnecessary commands if we check multiple fields of a slot at the same time. [0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56 [1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
* Add test case for the reset commandRobin Krahl2019-01-26
|
* Add the reset command to perform a factory resetRobin Krahl2019-01-26
| | | | | | After performing the factory reset, we also build the AES key so that the device is fully usable. Due to timing issue, we have to add a delay between the factory reset and building the AES key.
* Add the -V/--version optionRobin Krahl2019-01-26
| | | | | | | | The -V/--version option prints the nitrocli version to stdout and exits. In the future, it should also print the used libnitrokey version, but as the required function is only available with nitrokey 0.3.2 and as the current interface does not reflect the latest change in version naming, I skipped that in this patch.
* Bump version to 0.2.3Daniel Mueller2019-01-26
| | | | | | | | | | | | | | This change bumps the version of the crate to 0.2.3. The following notable changes have been made since 0.2.2: - Added the storage hidden subcommand for working with hidden volumes - Store cached PINs on a per-device basis to better support multi-device scenarios - Further decreased binary size by using system allocator - Bumped nitrokey dependency to 0.3.4 - Bumped rand dependency to 0.6.4 - Removed rustc_version, semver, and semver-parser dependencies - Bumped nitrokey-sys dependency to 3.4.3 - Bumped libc dependency to 0.2.47
* Remove no longer used duplicate_associated_type_bindings lintDaniel Mueller2019-01-26
| | | | | | | The duplicate_associated_type_bindings lint seems to have been removed with the Rust 1.32 release. This change removes the lint from the program to prevent the newly introduced warning from being emitted.
* Document problems in conjunction with nitrokey-appRobin Krahl2019-01-26
| | | | | | If nitrokey-app is running, the device it connected to cannot be detected by other applications. This patch adds this issue to the list of known problems in the README.
* Exclude CI scripts and rustmft configRobin Krahl2019-01-26
| | | | | | | The CI scripts and the rustfmt configuration are only needed when developing. There is no point in distributing them in the package published on crates.io, so we exclude them from packaging using the exclude setting in Cargo.toml.
* Update libc crate to 0.2.47Daniel Mueller2019-01-22
| | | | | | This change updates the libc crate to version 0.2.47. Import subrepo libc/:libc at ce1dfcbf81bd74662b5cd02a9214818a0bfbbffa
* Update nitrokey crate to 0.3.4Daniel Mueller2019-01-22
| | | | | | This change updates the nitrokey crate to version 0.3.4. Import subrepo nitrokey/:nitrokey at 41cdc1f7091a3c442241dbb2379c50dbcc7e9c5f
* Add tests for the lock commandDaniel Mueller2019-01-20
| | | | | | | | | This change adds tests for the lock command. For the Nitrokey Pro we cannot test too much because the only side-effect is that the password safe is closed and it will be opened automatically again by virtue of our non-interactive testing methodology. For Storage devices we verify that the encrypted volume is closed, which is a documented side-effect.
* Document hidden volumes in the README and the manual pageDaniel Mueller2019-01-20
| | | | | | This change updates the README and the man page with documentation about hidden volumes in general and the storage hidden subcommand in particular.
* Add test for storage hidden subcommandDaniel Mueller2019-01-20
| | | | | | | This change adds a test for the creation, opening, and closing of a hidden subvolume. In order to support that in a non-interactive fashion, we introduce and honor the NITROCLI_PASSWORD environment variable, that prevents an interactive password query.
* Implement storage hidden subcommandDaniel Mueller2019-01-20
| | | | | | | | | With this change we implement the storage hidden subcommand. We support creation, opening, and closing of hidden volumes. Note that the opening of a hidden volume automatically closes any opened encrypted volumes and vice versa. To that end, we force file system level caches to disk even from the storage open and storage hidden open commands.
* Introduce storage hidden subcommand scaffoldingDaniel Mueller2019-01-15
| | | | | | | | | This change introduces a new subcommand to the storage command called 'hidden'. This subcommand can be used to interact with hidden volumes. Right now we support three operations pertaining hidden volumes: create, open, and close. This patch merely provides the infrastructure for parsing the commands and all their arguments, it does not yet implement them fully.
* Introduce PwdEntry struct implementing SecretEntry for passwordsDaniel Mueller2019-01-19
| | | | | | | | | | | | With the required interface for secrets well defined, this change introduces a second secret type in addition to PINs: passwords. Similar to a PIN, a password can contain pretty arbitrary characters but passwords can be retried repeatedly, whereas PINs cause a lockout after a certain number of failed attempts. Our first use case for passwords will be for hidden volumes. For those, we do not want to gpg-agent to cache entries and so a password entry indicates that it is not to be cached through the previously introduced mechanism for optional caching.
* Add minimum length to SecretEntry traitDaniel Mueller2019-01-19
| | | | | | | | Another commonality between a password and a PIN is that they typically both have a minimum length. To accommodate for this requirement, this change introduces another method to the SecretEntry trait that represents the secret's minimum character length.
* Make caching of secrets optionalDaniel Mueller2019-01-20
| | | | | | | | | | | | | Currently, when we enter a secret (i.e., a PIN) through the pinentry module, this PIN will automatically be cached and not asked from the user again on subsequent inquiries. However, caching may not always be desired. For the upcoming support of passwords used in conjunction with hidden volumes, we do not want any caching because different passwords can be entered for different volumes and the user's intention is not clear until a password has actually been entered. To accommodate this use case, this change modifies the signature of the SecretEntry trait's cache_id method to return an optional cache ID. If none is returned, caching of the entered secret is disabled.
* Return Cow object from SecretEntry methodsDaniel Mueller2019-01-20
| | | | | | | | | We do not know what kind of data future implementers of the SecretEntry trait may want to return. For all we know these could just be static strings, in which case the forced conversion into a String by virtue of the return type is wasteful. To be more flexible in the future while gaining some consistency, this change makes all those trait's methods return a Cow object instead.
* Introduce SecretEntry traitDaniel Mueller2019-01-19
| | | | | | | | | | | | Now that we have introduced the notion of a secret abstracting over whether something is a PIN or a password in terms of terminology, we need to define what makes a secret in code. From the pinentry module's perspective, the commonality between the two is that they both can be entered through a dialog containing a prompt and a description, and they can be cached. This change introduces a trait, SecretEntry, that defines methods representing those properties. Right now only the existing PinEntry struct implements this trait.
* Generalize terminology from "PIN" to "secret"Daniel Mueller2019-01-19
| | | | | | | | | | | | In the past we have worked solely with PINs. PINs in our (or rather, the Nitrokey's) sense are not necessarily numbers but they can be reasonably short in length, because they can only be retried a limited number of times. In the future, however, we will introduce the notion of a password, which does not carry such a restriction. The commonality between the two is that they are secrets and so with this change we refer to secrets -- rather than PINs -- in places where both passwords and PINs can conceptually be used.
* Drop '_pin' suffix from various pinentry functionsDaniel Mueller2019-01-19
| | | | | | Various functions in the pinentry module contain an arguably redundant '_pin' suffix in their name. Examples include inquire_pin and clear_pin. This change removes this part from their names.
* Move PIN choosing functionality into pinentry moduleDaniel Mueller2019-01-19
| | | | | | | | | The functionality we have in place for choosing a PIN can arguably be moved into the pinentry module: it can be considered logic directly related to working with PINs or secrets and that has no dependencies to unrelated modules of the program. This patch moves the choose_pin and check_pin functions into the pinentry module.
* Add tests for the storage commandDaniel Mueller2019-01-19
| | | | | | | | This change adds two tests for the storage command. The first one verifies that a proper error message is emitted if a storage command is attempted on a Pro device. The second one checks the output of the status subcommand and expected changes to it when opening or closing the encrypted volume.
* Add tests for pws commandDaniel Mueller2019-01-19
| | | | | This change adds a set of tests for the pws command. Covered are all subcommands with the most commonly used parameter combinations.
* Auto-generate help text for Option-based argumentsDaniel Mueller2019-01-15
| | | | | | | | | The previous change to properly format the help text for optional arguments left one thing out: parameters that are based on an Option as opposed to an enum. The problem with those is that we cannot simply ask the value (i.e., the Option) for all the variants of the inner type. Instead, we have to reference the actual type of the inner enum in order to retrieve all its possible variants.
* Auto-generate help text for enum-backed optional argumentsDaniel Mueller2019-01-15
| | | | | | | This change continues the effort of auto-generating more of the help text content by extending the logic to optional arguments. We make use of the fmt_enum macro to format the description of the argument with the available variants (as well as the default, if any) interpolated.
* Auto-populate help text contentDaniel Mueller2019-01-14
| | | | | | | | | With the ability to fully generate the command enums we use for working with the argparse crate, we can now take things one step further and populate the contents of the help string we print for the user that lists the available commands. Doing so we also fix a bug where we forgot to mention the "storage status" command in the help text.
* Auto-generate execute methods for generated command enumsDaniel Mueller2019-01-14
| | | | | | | | | | | | | | | Not too long ago we added a macro to auto generate the command enums and the required trait implementations from a concise declarative representation. This change extends this mechanism to the execute method implementation that some of those enums provide. When a tuple is specified as the "destination", e.g., here: > Enum! {ConfigCommand, [ > Get => ("get", config_get), > Set => ("set", config_set) > ]} the second component of this tuple will be interpreted as the function to invoke when this variant used in the newly generated execute method.
* Add a script to determine the nitrocli binary size at a git revisionDaniel Mueller2019-01-16
| | | | | | | | | | | We have been loosely tracking the resulting size of the stripped release binary as that is arguably the most relevant metric to optimize for. To have a better idea of the influence of various changes and their effect on the binary size, this change adds a script that automates the process of gathering this metric. E.g., $ var/binary-size.py HEAD~3 HEAD --unit kib > 994 > 970
* Remove no longer required dependenciesDaniel Mueller2019-01-16
| | | | | | | | | | With the update to rand 0.6.4 we no longer require the dependencies to rustc_version, semver, and semver-parser. Hence, this change removes them. Delete subrepo rustc_version/:rustc_version Delete subrepo semver/:semver Delete subrepo semver-parser/:semver-parser
* Update nitrokey crate to 0.3.3Daniel Mueller2019-01-16
| | | | | | | | | | | This change updates the nitrokey crate to version 0.3.3. Along with that change we update rand to 0.6.4 because rand 0.6.1 does not yet contain a publicly accessible rand_os. Note that we no longer require all crates in rand's workspace, but only rand_os and rand_core, which is a significant reduction in the number of lines of code compiled. Import subrepo nitrokey/:nitrokey at 7cf747d56ddc0b7eeedc3caf36dcc909907a171c Import subrepo rand/:rand at 4336232dda03323634b10ec72ddf27914aebc3a2
* Add tests for config commandDaniel Mueller2019-01-14
| | | | | | This change adds a set of tests for the config get and set commands. We cover chosen valid parameter combinations and verify that they work as expected as well as an invalid one.
* Add tests for otp commandDaniel Mueller2019-01-14
| | | | | | | This change adds a set of tests for the otp command. We cover some variants of the status, set, get, and clear. Testing all the possible combinations is out of scope and so only a more or less arbitrary subset of arguments was chosen.
* Update libc crate to 0.2.46Daniel Mueller2019-01-14
| | | | | | This change updates the libc crate to version 0.2.46. Import subrepo libc/:libc at a9e3cc6c1b529eaffef5b82934d0c47203edebe5