| Commit message (Collapse) | Author | Age |
... | |
|
|
|
|
|
|
|
|
| |
We have functionality for changing the Nitrokey's user & admin PINs as
well as for resetting the user PIN coming up. With the prospect of this
new functionality arriving, it makes sense to introduce a new top-level
command for the sole purpose of PIN management.
This change introduces such a command, pin, and moves the existing clear
command for clearing the PIN cache into it.
|
|
|
|
|
|
|
| |
The mode argument is used to specify the context of the pinentry dialog:
querying an existing passphrase or prompting the user to choose a new
PIN. It is used to choose a description and to decide whether to show a
quality bar that measures the password strength.
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the otp get command to set the Nitrokey's time before
generating a one-time password using the TOTP algorithm. Per default,
it sets the time to the current system time. If the --time option is
set, it uses its value instead. See issue #34 [0] for a discussion of
this change.
[0] https://github.com/d-e-s-o/nitrocli/issues/34
|
|
|
|
|
|
|
|
|
|
| |
The 'status' command has traditionally printed information about the
connected Nitrokey and that included storage specific data if the device
present is a Nitrokey Storage.
Given that we have a root-level 'storage' command it arguably makes
sense to move the printing of the storage related status information
into a 'status' sub-command of the said command, which makes the output
more predictable.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upon their inception, the 'open' and 'close' commands were pretty much
the only relevant commands the program provided and it made sense to
have them reside in the root namespace. By now we support more commands
and have started to structure them in a more hierarchical fashion.
To go with the flow, this change introduces a new 'storage' command and
makes the existing 'open' and 'close' commands subcommands of it. We
chose the name 'storage' (over, say, 'volume') because we plan to move
the printing of the storage related status from the 'status' root level
command into a subcommand within 'storage'.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change implements the config set subcommand. The subcommand changes
the configuration of a Nitrokey device.
Its structure is more complex as it allows partial modifications: The
user does not have to change all settings, but may choose to change only
some. At the same time, the binding settings can be either set to a
value or disabled. Therefore, we have the --{num,caps,scrol}lock
options to set a value and the --no-{num,caps,scrol}lock options to
disable the value. If none of the two is set, the setting is not
changed.
|
|
|
|
|
| |
This change implements the config get subcommand. The subcommand reads
the device configuration and prints it.
|
|
|
|
|
|
|
|
| |
Currently, the status command fails for a Nitrokey Pro. This patch
changes the command to also print basic status information for Pro
devices. For the sake of consistency, the common status is always
queried using the common `Device` functions, even if the Storage status
includes the same information.
|
|
|
|
|
|
| |
This patch extracts the print_status function that prints the status
fields common to all supported Nitrokey devices from the
print_storage_status function.
|
|
|
|
|
| |
The print_status function only prints the Storage-specific status
struct. Therefore it is renamed to print_storage_status.
|
|
|
|
|
|
|
|
| |
This patch introduces the `otp status` subcommand that lists all OTP
slots and their current status. To avoid hardcoding the number of slots
per type, we iterate all slots until we get an `InvalidSlot` error
(assuming that the set of valid slots is {0, ..., n} for some n). The
`status` command is quite slow as we have to query each slot separately.
|
|
|
|
| |
This patch implements the `otp clear` subcommand that erases an OTP slot.
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the `otp set` subcommand that configures an OTP
slot. There are two ways to specify an OTP secret: as a hexadecimal
string (that means that every two characters are interpreted as a
hexadecimal representation of one byte of the secret) or as an ASCII
string (that means that the ASCII code of every character is interpreted
as one byte of the secret). As the HOTP RFC mentions both
representations, this implementation supports both.
|
|
|
|
|
|
|
| |
This patch implements the `otp get` subcommand that allows the user to
generate a one-time password on the Nitrokey device. Before generating
the password, the device configuration is checked so that the user only
has to enter a PIN if it is required for the OTP generation.
|
|
|
|
|
|
| |
This patch implements authentication with the user or admin PIN. This
is a preparation for the `otp get` and `otp set` commands which require
user and admin access to the Nitrokey.
|
|
|
|
|
|
| |
Currently, we only clear the user PIN if clear is called. This patch
changes the clear command to also clear the admin PIN as we will start
to use the admin PIN in upcoming patches.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, `open` directly calls the `pinentry` module and loops until
the user entered a correct passphrase or the retry limit is reached.
This patch moves the pinentry call and the loop into the
`try_with_passphrase_and_data` function. This function queries a
passphrase of a given type and executes a function with that passphrase.
This function has a data argument and may return data that is passed to
the next call of the function (if it failed).
This data-passing mechanism is required for the `nitrokey`
authentication functions: These functions take ownership of the device
and either return an authenticated device after successful
authentication, or an error including the unauthenticated device if the
authentication failed. This patch enables the usage of these functions
in future patches.
|
|
|
|
|
|
|
| |
Currently, invalid UTF-8 code points in the passphrase returned by
pinentry are replaced with replacement characters by
`String::from_utf8_lossy`. This patch changes the code to use
`String::from_utf8` and returns an UTF-8 error if encountered.
|
|
In order to prepare for the new argument parsing support based on the
argparse crate, this change factors out the existing code used for
responding to commands in a new file, commands.rs. No semantic change is
introduced.
|