From 986ad2f782cf944990e4eda8bf88ea1821233302 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Tue, 11 Dec 2018 23:50:45 +0100 Subject: Add nitrokey as a dependency to nitrocli The nitrokey crate provides a simple interface to the Nitrokey Storage and the Nitrokey Pro based on the libnitrokey library developed by Nitrokey UG. The low-level bindings to this library are available in the nitrokey-sys crate. This patch adds version v0.2.1 of the nitrokey crate as a dependency for nitrocli. It includes the indirect dependencies nitrokey-sys (version 3.4.1) and rand (version 0.4.3). Import subrepo nitrokey/:nitrokey at 2eccc96ceec2282b868891befe9cda7f941fbe7b Import subrepo nitrokey-sys/:nitrokey-sys at f1a11ebf72610fb9cf80ac7f9f147b4ba1a5336f Import subrepo rand/:rand at d7d5da49daf7ceb3e5940072940d495cced3a1b3 --- nitrokey-sys/src/ffi.rs | 1112 +++++++++++++++++++++++++++++++++++++++++++++++ nitrokey-sys/src/lib.rs | 33 ++ 2 files changed, 1145 insertions(+) create mode 100644 nitrokey-sys/src/ffi.rs create mode 100644 nitrokey-sys/src/lib.rs (limited to 'nitrokey-sys/src') diff --git a/nitrokey-sys/src/ffi.rs b/nitrokey-sys/src/ffi.rs new file mode 100644 index 0000000..58879ad --- /dev/null +++ b/nitrokey-sys/src/ffi.rs @@ -0,0 +1,1112 @@ +/* automatically generated by rust-bindgen, manually modified */ + +/// Use, if no supported device is connected +pub const NK_device_model_NK_DISCONNECTED: NK_device_model = 0; +/// Nitrokey Pro. +pub const NK_device_model_NK_PRO: NK_device_model = 1; +/// Nitrokey Storage. +pub const NK_device_model_NK_STORAGE: NK_device_model = 2; +/// The Nitrokey device models supported by the API. +pub type NK_device_model = u32; +/// Stores the status of a Storage device. +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct NK_storage_status { + /// Indicates whether the unencrypted volume is read-only. + pub unencrypted_volume_read_only: bool, + /// Indicates whether the unencrypted volume is active. + pub unencrypted_volume_active: bool, + /// Indicates whether the encrypted volume is read-only. + pub encrypted_volume_read_only: bool, + /// Indicates whether the encrypted volume is active. + pub encrypted_volume_active: bool, + /// Indicates whether the hidden volume is read-only. + pub hidden_volume_read_only: bool, + /// Indicates whether the hidden volume is active. + pub hidden_volume_active: bool, + /// The major firmware version, e. g. 0 in v0.40. + pub firmware_version_major: u8, + /// The minor firmware version, e. g. 40 in v0.40. + pub firmware_version_minor: u8, + /// Indicates whether the firmware is locked. + pub firmware_locked: bool, + /// The serial number of the SD card in the Storage stick. + pub serial_number_sd_card: u32, + /// The serial number of the smart card in the Storage stick. + pub serial_number_smart_card: u32, + /// The number of remaining login attempts for the user PIN. + pub user_retry_count: u8, + /// The number of remaining login attempts for the admin PIN. + pub admin_retry_count: u8, + /// Indicates whether a new SD card was found. + pub new_sd_card_found: bool, + /// Indicates whether the SD card is filled with random characters. + pub filled_with_random: bool, + /// Indicates whether the stick has been initialized by generating + /// the AES keys. + pub stick_initialized: bool, +} +#[test] +fn bindgen_test_layout_NK_storage_status() { + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(NK_storage_status)) + ); + assert_eq!( + ::std::mem::align_of::(), + 4usize, + concat!("Alignment of ", stringify!(NK_storage_status)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).unencrypted_volume_read_only as *const _ + as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(unencrypted_volume_read_only) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).unencrypted_volume_active as *const _ + as usize + }, + 1usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(unencrypted_volume_active) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).encrypted_volume_read_only as *const _ + as usize + }, + 2usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(encrypted_volume_read_only) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).encrypted_volume_active as *const _ + as usize + }, + 3usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(encrypted_volume_active) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).hidden_volume_read_only as *const _ + as usize + }, + 4usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(hidden_volume_read_only) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).hidden_volume_active as *const _ as usize + }, + 5usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(hidden_volume_active) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).firmware_version_major as *const _ + as usize + }, + 6usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(firmware_version_major) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).firmware_version_minor as *const _ + as usize + }, + 7usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(firmware_version_minor) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).firmware_locked as *const _ as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(firmware_locked) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).serial_number_sd_card as *const _ as usize + }, + 12usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(serial_number_sd_card) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).serial_number_smart_card as *const _ + as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(serial_number_smart_card) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).user_retry_count as *const _ as usize + }, + 20usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(user_retry_count) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).admin_retry_count as *const _ as usize + }, + 21usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(admin_retry_count) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).new_sd_card_found as *const _ as usize + }, + 22usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(new_sd_card_found) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).filled_with_random as *const _ as usize + }, + 23usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(filled_with_random) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).stick_initialized as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_status), + "::", + stringify!(stick_initialized) + ) + ); +} +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct NK_storage_ProductionTest { + pub FirmwareVersion_au8: [u8; 2usize], + pub FirmwareVersionInternal_u8: u8, + pub SD_Card_Size_u8: u8, + pub CPU_CardID_u32: u32, + pub SmartCardID_u32: u32, + pub SD_CardID_u32: u32, + pub SC_UserPwRetryCount: u8, + pub SC_AdminPwRetryCount: u8, + pub SD_Card_ManufacturingYear_u8: u8, + pub SD_Card_ManufacturingMonth_u8: u8, + pub SD_Card_OEM_u16: u16, + pub SD_WriteSpeed_u16: u16, + pub SD_Card_Manufacturer_u8: u8, +} +#[test] +fn bindgen_test_layout_NK_storage_ProductionTest() { + assert_eq!( + ::std::mem::size_of::(), + 28usize, + concat!("Size of: ", stringify!(NK_storage_ProductionTest)) + ); + assert_eq!( + ::std::mem::align_of::(), + 4usize, + concat!("Alignment of ", stringify!(NK_storage_ProductionTest)) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).FirmwareVersion_au8 as *const _ + as usize + }, + 0usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(FirmwareVersion_au8) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).FirmwareVersionInternal_u8 + as *const _ as usize + }, + 2usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(FirmwareVersionInternal_u8) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_Card_Size_u8 as *const _ + as usize + }, + 3usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_Card_Size_u8) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).CPU_CardID_u32 as *const _ + as usize + }, + 4usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(CPU_CardID_u32) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SmartCardID_u32 as *const _ + as usize + }, + 8usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SmartCardID_u32) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_CardID_u32 as *const _ as usize + }, + 12usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_CardID_u32) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SC_UserPwRetryCount as *const _ + as usize + }, + 16usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SC_UserPwRetryCount) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SC_AdminPwRetryCount as *const _ + as usize + }, + 17usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SC_AdminPwRetryCount) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_Card_ManufacturingYear_u8 + as *const _ as usize + }, + 18usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_Card_ManufacturingYear_u8) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_Card_ManufacturingMonth_u8 + as *const _ as usize + }, + 19usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_Card_ManufacturingMonth_u8) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_Card_OEM_u16 as *const _ + as usize + }, + 20usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_Card_OEM_u16) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_WriteSpeed_u16 as *const _ + as usize + }, + 22usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_WriteSpeed_u16) + ) + ); + assert_eq!( + unsafe { + &(*(::std::ptr::null::())).SD_Card_Manufacturer_u8 + as *const _ as usize + }, + 24usize, + concat!( + "Offset of field: ", + stringify!(NK_storage_ProductionTest), + "::", + stringify!(SD_Card_Manufacturer_u8) + ) + ); +} +extern "C" { + pub fn NK_get_storage_production_info( + out: *mut NK_storage_ProductionTest, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Set debug level of messages written on stderr + /// @param state state=True - most messages, state=False - only errors level + pub fn NK_set_debug(state: bool); +} +extern "C" { + /// Set debug level of messages written on stderr + /// @param level (int) 0-lowest verbosity, 5-highest verbosity + pub fn NK_set_debug_level(level: ::std::os::raw::c_int); +} +extern "C" { + /// Get the major library version, e. g. the 3 in v3.2. + /// @return the major library version + pub fn NK_get_major_library_version() -> ::std::os::raw::c_uint; +} +extern "C" { + /// Get the minor library version, e. g. the 2 in v3.2. + /// @return the minor library version + pub fn NK_get_minor_library_version() -> ::std::os::raw::c_uint; +} +extern "C" { + /// Get the library version as a string. This is the output of + /// `git describe --always` at compile time, for example "v3.3" or + /// "v3.3-19-gaee920b". + /// The return value is a string literal and must not be freed. + /// @return the library version as a string + pub fn NK_get_library_version() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Connect to device of given model. Currently library can be connected only to one device at once. + /// @param device_model char 'S': Nitrokey Storage, 'P': Nitrokey Pro + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login(device_model: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +extern "C" { + /// Connect to device of given model. Currently library can be connected only to one device at once. + /// @param device_model NK_device_model: NK_PRO: Nitrokey Pro, NK_STORAGE: Nitrokey Storage + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login_enum(device_model: NK_device_model) -> ::std::os::raw::c_int; +} +extern "C" { + /// Connect to first available device, starting checking from Pro 1st to Storage 2nd. + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login_auto() -> ::std::os::raw::c_int; +} +extern "C" { + /// Disconnect from the device. + /// @return command processing error code + pub fn NK_logout() -> ::std::os::raw::c_int; +} +extern "C" { + /// Query the model of the connected device. + /// Returns the model of the connected device or NK_DISCONNECTED. + /// + /// @return true if a device is connected and the out argument has been set + pub fn NK_get_device_model() -> NK_device_model; +} +extern "C" { + /// Return the debug status string. Debug purposes. + /// @return command processing error code + pub fn NK_status() -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Return the device's serial number string in hex. + /// @return string device's serial number in hex + pub fn NK_device_serial_number() -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get last command processing status. Useful for commands which returns the results of their own and could not return + /// an error code. + /// @return previous command processing error code + pub fn NK_get_last_command_status() -> u8; +} +extern "C" { + /// Lock device - cancel any user device unlocking. + /// @return command processing error code + pub fn NK_lock_device() -> ::std::os::raw::c_int; +} +extern "C" { + /// Authenticates the user on USER privilages with user_password and sets user's temporary password on device to user_temporary_password. + /// @param user_password char[25] current user password + /// @param user_temporary_password char[25] user temporary password to be set on device for further communication (authentication command) + /// @return command processing error code + pub fn NK_user_authenticate( + user_password: *const ::std::os::raw::c_char, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Authenticates the user on ADMIN privilages with admin_password and sets user's temporary password on device to admin_temporary_password. + /// @param admin_password char[25] current administrator PIN + /// @param admin_temporary_password char[25] admin temporary password to be set on device for further communication (authentication command) + /// @return command processing error code + pub fn NK_first_authenticate( + admin_password: *const ::std::os::raw::c_char, + admin_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Execute a factory reset. + /// @param admin_password char[20] current administrator PIN + /// @return command processing error code + pub fn NK_factory_reset(admin_password: *const ::std::os::raw::c_char) + -> ::std::os::raw::c_int; +} +extern "C" { + /// Generates AES key on the device + /// @param admin_password char[20] current administrator PIN + /// @return command processing error code + pub fn NK_build_aes_key(admin_password: *const ::std::os::raw::c_char) + -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock user PIN locked after 3 incorrect codes tries. + /// @param admin_password char[20] current administrator PIN + /// @return command processing error code + pub fn NK_unlock_user_password( + admin_password: *const ::std::os::raw::c_char, + new_user_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write general config to the device + /// @param numlock set value in range [0-1] to send HOTP code from slot 'numlock' after double pressing numlock + /// or outside the range to disable this function + /// @param capslock similar to numlock but with capslock + /// @param scrolllock similar to numlock but with scrolllock + /// @param enable_user_password set True to enable OTP PIN protection (require PIN each OTP code request) + /// @param delete_user_password (unused) + /// @param admin_temporary_password current admin temporary password + /// @return command processing error code + pub fn NK_write_config( + numlock: u8, + capslock: u8, + scrolllock: u8, + enable_user_password: bool, + delete_user_password: bool, + admin_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get currently set config - status of function Numlock/Capslock/Scrollock OTP sending and is enabled PIN protected OTP + /// @see NK_write_config + /// @return uint8_t general_config[5]: + /// uint8_t numlock; + /// uint8_t capslock; + /// uint8_t scrolllock; + /// uint8_t enable_user_password; + /// uint8_t delete_user_password; + pub fn NK_read_config() -> *mut u8; +} +extern "C" { + /// Get name of given TOTP slot + /// @param slot_number TOTP slot number, slot_number<15 + /// @return char[20] the name of the slot + pub fn NK_get_totp_slot_name(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// @param slot_number HOTP slot number, slot_number<3 + /// @return char[20] the name of the slot + pub fn NK_get_hotp_slot_name(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Erase HOTP slot data from the device + /// @param slot_number HOTP slot number, slot_number<3 + /// @param temporary_password admin temporary password + /// @return command processing error code + pub fn NK_erase_hotp_slot( + slot_number: u8, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Erase TOTP slot data from the device + /// @param slot_number TOTP slot number, slot_number<15 + /// @param temporary_password admin temporary password + /// @return command processing error code + pub fn NK_erase_totp_slot( + slot_number: u8, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write HOTP slot data to the device + /// @param slot_number HOTP slot number, slot_number<3, 0-numbered + /// @param slot_name char[15] desired slot name. C string (requires ending '\0'; 16 bytes). + /// @param secret char[40] 160-bit or 320-bit (currently Pro v0.8 only) secret as a hex string. C string (requires ending '\0'; 41 bytes). + /// See NitrokeyManager::is_320_OTP_secret_supported. + /// @param hotp_counter uint32_t starting value of HOTP counter + /// @param use_8_digits should returned codes be 6 (false) or 8 digits (true) + /// @param use_enter press ENTER key after sending OTP code using double-pressed scroll/num/capslock + /// @param use_tokenID @see token_ID + /// @param token_ID @see https://openauthentication.org/token-specs/, 'Class A' section + /// @param temporary_password char[25] admin temporary password + /// @return command processing error code + pub fn NK_write_hotp_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + secret: *const ::std::os::raw::c_char, + hotp_counter: u64, + use_8_digits: bool, + use_enter: bool, + use_tokenID: bool, + token_ID: *const ::std::os::raw::c_char, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write TOTP slot data to the device + /// @param slot_number TOTP slot number, slot_number<15, 0-numbered + /// @param slot_name char[15] desired slot name. C string (requires ending '\0'; 16 bytes). + /// @param secret char[40] 160-bit or 320-bit (currently Pro v0.8 only) secret as a hex string. C string (requires ending '\0'; 41 bytes). + /// See NitrokeyManager::is_320_OTP_secret_supported. + /// @param time_window uint16_t time window for this TOTP + /// @param use_8_digits should returned codes be 6 (false) or 8 digits (true) + /// @param use_enter press ENTER key after sending OTP code using double-pressed scroll/num/capslock + /// @param use_tokenID @see token_ID + /// @param token_ID @see https://openauthentication.org/token-specs/, 'Class A' section + /// @param temporary_password char[20] admin temporary password + /// @return command processing error code + pub fn NK_write_totp_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + secret: *const ::std::os::raw::c_char, + time_window: u16, + use_8_digits: bool, + use_enter: bool, + use_tokenID: bool, + token_ID: *const ::std::os::raw::c_char, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get HOTP code from the device + /// @param slot_number HOTP slot number, slot_number<3 + /// @return HOTP code + pub fn NK_get_hotp_code(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get HOTP code from the device (PIN protected) + /// @param slot_number HOTP slot number, slot_number<3 + /// @param user_temporary_password char[25] user temporary password if PIN protected OTP codes are enabled, + /// otherwise should be set to empty string - '' + /// @return HOTP code + pub fn NK_get_hotp_code_PIN( + slot_number: u8, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get TOTP code from the device + /// @param slot_number TOTP slot number, slot_number<15 + /// @param challenge TOTP challenge -- unused + /// @param last_totp_time last time -- unused + /// @param last_interval last interval --unused + /// @return TOTP code + pub fn NK_get_totp_code( + slot_number: u8, + challenge: u64, + last_totp_time: u64, + last_interval: u8, + ) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get TOTP code from the device (PIN protected) + /// @param slot_number TOTP slot number, slot_number<15 + /// @param challenge TOTP challenge -- unused + /// @param last_totp_time last time -- unused + /// @param last_interval last interval -- unused + /// @param user_temporary_password char[25] user temporary password if PIN protected OTP codes are enabled, + /// otherwise should be set to empty string - '' + /// @return TOTP code + pub fn NK_get_totp_code_PIN( + slot_number: u8, + challenge: u64, + last_totp_time: u64, + last_interval: u8, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Set time on the device (for TOTP requests) + /// @param time seconds in unix epoch (from 01.01.1970) + /// @return command processing error code + pub fn NK_totp_set_time(time: u64) -> ::std::os::raw::c_int; +} +extern "C" { + /// Set the device time used for TOTP to the given time. Contrary to + /// {@code set_time(uint64_t)}, this command fails if {@code old_time} + /// > {@code time} or if {@code old_time} is zero (where {@code + /// old_time} is the current time on the device). + /// + /// @param time new device time as Unix timestamp (seconds since + /// 1970-01-01) + /// @return command processing error code + pub fn NK_totp_set_time_soft(time: u64) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn NK_totp_get_time() -> ::std::os::raw::c_int; +} +extern "C" { + /// Change administrator PIN + /// @param current_PIN char[25] current PIN + /// @param new_PIN char[25] new PIN + /// @return command processing error code + pub fn NK_change_admin_PIN( + current_PIN: *const ::std::os::raw::c_char, + new_PIN: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Change user PIN + /// @param current_PIN char[25] current PIN + /// @param new_PIN char[25] new PIN + /// @return command processing error code + pub fn NK_change_user_PIN( + current_PIN: *const ::std::os::raw::c_char, + new_PIN: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get retry count of user PIN + /// @return user PIN retry count + pub fn NK_get_user_retry_count() -> u8; +} +extern "C" { + /// Get retry count of admin PIN + /// @return admin PIN retry count + pub fn NK_get_admin_retry_count() -> u8; +} +extern "C" { + /// Enable password safe access + /// @param user_pin char[30] current user PIN + /// @return command processing error code + pub fn NK_enable_password_safe( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get password safe slots' status + /// @return uint8_t[16] slot statuses - each byte represents one slot with 0 (not programmed) and 1 (programmed) + pub fn NK_get_password_safe_slot_status() -> *mut u8; +} +extern "C" { + /// Get password safe slot name + /// @param slot_number password safe slot number, slot_number<16 + /// @return slot name + pub fn NK_get_password_safe_slot_name(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get password safe slot login + /// @param slot_number password safe slot number, slot_number<16 + /// @return login from the PWS slot + pub fn NK_get_password_safe_slot_login(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get the password safe slot password + /// @param slot_number password safe slot number, slot_number<16 + /// @return password from the PWS slot + pub fn NK_get_password_safe_slot_password(slot_number: u8) -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Write password safe data to the slot + /// @param slot_number password safe slot number, slot_number<16 + /// @param slot_name char[11] name of the slot + /// @param slot_login char[32] login string + /// @param slot_password char[20] password string + /// @return command processing error code + pub fn NK_write_password_safe_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + slot_login: *const ::std::os::raw::c_char, + slot_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Erase the password safe slot from the device + /// @param slot_number password safe slot number, slot_number<16 + /// @return command processing error code + pub fn NK_erase_password_safe_slot(slot_number: u8) -> ::std::os::raw::c_int; +} +extern "C" { + /// Check whether AES is supported by the device + /// @return 0 for no and 1 for yes + pub fn NK_is_AES_supported( + user_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get device's major firmware version + /// @return major part of the version number (e.g. 0 from 0.48, 0 from 0.7 etc.) + pub fn NK_get_major_firmware_version() -> ::std::os::raw::c_int; +} +extern "C" { + /// Get device's minor firmware version + /// @return minor part of the version number (e.g. 7 from 0.7, 48 from 0.48 etc.) + pub fn NK_get_minor_firmware_version() -> ::std::os::raw::c_int; +} +extern "C" { + /// Function to determine unencrypted volume PIN type + /// @param minor_firmware_version + /// @return Returns 1, if set unencrypted volume ro/rw pin type is User, 0 otherwise. + pub fn NK_set_unencrypted_volume_rorw_pin_type_user() -> ::std::os::raw::c_int; +} +extern "C" { + /// This command is typically run to initiate + /// communication with the device (altough not required). + /// It sets time on device and returns its current status + /// - a combination of set_time and get_status_storage commands + /// Storage only + /// @param seconds_from_epoch date and time expressed in seconds + pub fn NK_send_startup(seconds_from_epoch: u64) -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock encrypted volume. + /// Storage only + /// @param user_pin user pin 20 characters + /// @return command processing error code + pub fn NK_unlock_encrypted_volume( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Locks encrypted volume + /// @return command processing error code + pub fn NK_lock_encrypted_volume() -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock hidden volume and lock encrypted volume. + /// Requires encrypted volume to be unlocked. + /// Storage only + /// @param hidden_volume_password 20 characters + /// @return command processing error code + pub fn NK_unlock_hidden_volume( + hidden_volume_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Locks hidden volume + /// @return command processing error code + pub fn NK_lock_hidden_volume() -> ::std::os::raw::c_int; +} +extern "C" { + /// Create hidden volume. + /// Requires encrypted volume to be unlocked. + /// Storage only + /// @param slot_nr slot number in range 0-3 + /// @param start_percent volume begin expressed in percent of total available storage, int in range 0-99 + /// @param end_percent volume end expressed in percent of total available storage, int in range 1-100 + /// @param hidden_volume_password 20 characters + /// @return command processing error code + pub fn NK_create_hidden_volume( + slot_nr: u8, + start_percent: u8, + end_percent: u8, + hidden_volume_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-only. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.50, v0.48 and below + /// Storage only + /// @param user_pin 20 characters User PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_only( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-write. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.50, v0.48 and below + /// Storage only + /// @param user_pin 20 characters User PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_write( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-only. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.49, v0.51+ + /// Storage only + /// @param admin_pin 20 characters Admin PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_only_admin( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-write. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.49, v0.51+ + /// Storage only + /// @param admin_pin 20 characters Admin PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_write_admin( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make encrypted volume read-only. + /// Device hides encrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Firmware range: v0.49 only, future (see firmware release notes) + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_set_encrypted_read_only( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make encrypted volume read-write. + /// Device hides encrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Firmware range: v0.49 only, future (see firmware release notes) + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_set_encrypted_read_write( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Exports device's firmware to unencrypted volume. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_export_firmware(admin_pin: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +extern "C" { + /// Clear new SD card notification. It is set after factory reset. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_clear_new_sd_card_warning( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Fill SD card with random data. + /// Should be done on first stick initialization after creating keys. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_fill_SD_card_with_random_data( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Change update password. + /// Update password is used for entering update mode, where firmware + /// could be uploaded using dfu-programmer or other means. + /// Storage only + /// @param current_update_password 20 characters + /// @param new_update_password 20 characters + /// @return command processing error code + pub fn NK_change_update_password( + current_update_password: *const ::std::os::raw::c_char, + new_update_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Enter update mode. Needs update password. + /// When device is in update mode it no longer accepts any HID commands until + /// firmware is launched (regardless of being updated or not). + /// Smartcard (through CCID interface) and its all volumes are not visible as well. + /// Its VID and PID are changed to factory-default (03eb:2ff1 Atmel Corp.) + /// to be detected by flashing software. Result of this command can be reversed + /// by using 'launch' command. + /// For dfu-programmer it would be: 'dfu-programmer at32uc3a3256s launch'. + /// Storage only + /// @param update_password 20 characters + /// @return command processing error code + pub fn NK_enable_firmware_update( + update_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get Storage stick status as string. + /// Storage only + /// @return string with devices attributes + pub fn NK_get_status_storage_as_string() -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get the Storage stick status and return the command processing + /// error code. If the code is zero, i. e. the command was successful, + /// the storage status is written to the output pointer's target. + /// The output pointer must not be null. + /// + /// @param out the output pointer for the storage status + /// @return command processing error code + pub fn NK_get_status_storage(out: *mut NK_storage_status) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get SD card usage attributes as string. + /// Usable during hidden volumes creation. + /// Storage only + /// @return string with SD card usage attributes + pub fn NK_get_SD_usage_data_as_string() -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Get progress value of current long operation. + /// Storage only + /// @return int in range 0-100 or -1 if device is not busy + pub fn NK_get_progress_bar_value() -> ::std::os::raw::c_int; +} +extern "C" { + /// Returns a list of connected devices' id's, delimited by ';' character. Empty string is returned on no device found. + /// Each ID could consist of: + /// 1. SC_id:SD_id_p_path (about 40 bytes) + /// 2. path (about 10 bytes) + /// where 'path' is USB path (bus:num), 'SC_id' is smartcard ID, 'SD_id' is storage card ID and + /// '_p_' and ':' are field delimiters. + /// Case 2 (USB path only) is used, when the device cannot be asked about its status data (e.g. during a long operation, + /// like clearing SD card. + /// Internally connects to all available devices and creates a map between ids and connection objects. + /// Side effects: changes active device to last detected Storage device. + /// Storage only + /// @example Example of returned data: '00005d19:dacc2cb4_p_0001:0010:02;000037c7:4cf12445_p_0001:000f:02;0001:000c:02' + /// @return string delimited id's of connected devices + pub fn NK_list_devices_by_cpuID() -> *mut ::std::os::raw::c_char; +} +extern "C" { + /// Connects to the device with given ID. ID's list could be created with NK_list_devices_by_cpuID. + /// Requires calling to NK_list_devices_by_cpuID first. Connecting to arbitrary ID/USB path is not handled. + /// On connection requests status from device and disconnects it / removes from map on connection failure. + /// Storage only + /// @param id Target device ID (example: '00005d19:dacc2cb4_p_0001:0010:02') + /// @return 1 on successful connection, 0 otherwise + pub fn NK_connect_with_ID(id: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +extern "C" { + /// Blink red and green LED alternatively and infinitely (until device is reconnected). + /// @return command processing error code + pub fn NK_wink() -> ::std::os::raw::c_int; +} diff --git a/nitrokey-sys/src/lib.rs b/nitrokey-sys/src/lib.rs new file mode 100644 index 0000000..2740cc9 --- /dev/null +++ b/nitrokey-sys/src/lib.rs @@ -0,0 +1,33 @@ +#![allow(non_upper_case_globals)] +#![allow(non_camel_case_types)] +#![allow(non_snake_case)] + +mod ffi; + +pub use ffi::*; + +#[cfg(test)] +mod tests { + use super::*; + use std::ffi::CString; + + #[test] + fn login_auto() { + unsafe { + // logout required due to https://github.com/Nitrokey/libnitrokey/pull/115 + NK_logout(); + assert_eq!(0, NK_login_auto()); + } + } + + #[test] + fn login() { + unsafe { + // Unconnected + assert_eq!(0, NK_login(CString::new("S").unwrap().as_ptr())); + assert_eq!(0, NK_login(CString::new("P").unwrap().as_ptr())); + // Unsupported model + assert_eq!(0, NK_login(CString::new("T").unwrap().as_ptr())); + } + } +} -- cgit v1.2.3