From 8350ac6afb2d678b74581000a6aafe1994b72231 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Wed, 16 Jan 2019 17:26:30 -0800 Subject: Update nitrokey crate to 0.3.3 This change updates the nitrokey crate to version 0.3.3. Along with that change we update rand to 0.6.4 because rand 0.6.1 does not yet contain a publicly accessible rand_os. Note that we no longer require all crates in rand's workspace, but only rand_os and rand_core, which is a significant reduction in the number of lines of code compiled. Import subrepo nitrokey/:nitrokey at 7cf747d56ddc0b7eeedc3caf36dcc909907a171c Import subrepo rand/:rand at 4336232dda03323634b10ec72ddf27914aebc3a2 --- nitrokey/src/auth.rs | 5 +- nitrokey/src/device.rs | 130 ++++++++++++++++++++++++++++++++++++++++++++++++- nitrokey/src/lib.rs | 9 ++-- nitrokey/src/pws.rs | 29 ++++++++--- nitrokey/src/util.rs | 26 +++++++--- 5 files changed, 181 insertions(+), 18 deletions(-) (limited to 'nitrokey/src') diff --git a/nitrokey/src/auth.rs b/nitrokey/src/auth.rs index a129bd8..3280924 100644 --- a/nitrokey/src/auth.rs +++ b/nitrokey/src/auth.rs @@ -149,7 +149,10 @@ where A: AuthenticatedDevice, T: Fn(*const i8, *const i8) -> c_int, { - let temp_password = generate_password(TEMPORARY_PASSWORD_LENGTH); + let temp_password = match generate_password(TEMPORARY_PASSWORD_LENGTH) { + Ok(temp_password) => temp_password, + Err(err) => return Err((device, err)), + }; let password = match get_cstring(password) { Ok(password) => password, Err(err) => return Err((device, err)), diff --git a/nitrokey/src/device.rs b/nitrokey/src/device.rs index f247f58..9813c50 100644 --- a/nitrokey/src/device.rs +++ b/nitrokey/src/device.rs @@ -208,6 +208,38 @@ pub struct VolumeStatus { pub active: bool, } +/// Information about the SD card in a Storage device. +#[derive(Debug)] +pub struct SdCardData { + /// The serial number of the SD card. + pub serial_number: u32, + /// The size of the SD card in GB. + pub size: u8, + /// The year the card was manufactured, e. g. 17 for 2017. + pub manufacturing_year: u8, + /// The month the card was manufactured. + pub manufacturing_month: u8, + /// The OEM ID. + pub oem: u16, + /// The manufacturer ID. + pub manufacturer: u8, +} + +#[derive(Debug)] +/// Production information for a Storage device. +pub struct StorageProductionInfo { + /// The major firmware version, e. g. 0 in v0.40. + pub firmware_version_major: u8, + /// The minor firmware version, e. g. 40 in v0.40. + pub firmware_version_minor: u8, + /// The internal firmware version. + pub firmware_version_internal: u8, + /// The serial number of the CPU. + pub serial_number_cpu: u32, + /// Information about the SD card. + pub sd_card: SdCardData, +} + /// The status of a Nitrokey Storage device. #[derive(Debug)] pub struct StorageStatus { @@ -566,7 +598,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { /// /// The AES key is used to encrypt the password safe and the encrypted volume. You may need /// to call this method after a factory reset, either using [`factory_reset`][] or using `gpg - /// --card-edit`. You can also use it to destory the data stored in the password safe or on + /// --card-edit`. You can also use it to destroy the data stored in the password safe or on /// the encrypted volume. /// /// # Errors @@ -1166,6 +1198,83 @@ impl Storage { result.and(Ok(StorageStatus::from(raw_status))) } + /// Returns the production information for the connected storage device. + /// + /// # Example + /// + /// ```no_run + /// # use nitrokey::CommandError; + /// + /// fn use_volume() {} + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.get_production_info() { + /// Ok(data) => { + /// println!("SD card ID: {:#x}", data.sd_card.serial_number); + /// println!("SD card size: {} GB", data.sd_card.size); + /// }, + /// Err(err) => println!("Could not get Storage production info: {}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + pub fn get_production_info(&self) -> Result { + let mut raw_data = nitrokey_sys::NK_storage_ProductionTest { + FirmwareVersion_au8: [0, 2], + FirmwareVersionInternal_u8: 0, + SD_Card_Size_u8: 0, + CPU_CardID_u32: 0, + SmartCardID_u32: 0, + SD_CardID_u32: 0, + SC_UserPwRetryCount: 0, + SC_AdminPwRetryCount: 0, + SD_Card_ManufacturingYear_u8: 0, + SD_Card_ManufacturingMonth_u8: 0, + SD_Card_OEM_u16: 0, + SD_WriteSpeed_u16: 0, + SD_Card_Manufacturer_u8: 0, + }; + let raw_result = unsafe { nitrokey_sys::NK_get_storage_production_info(&mut raw_data) }; + let result = get_command_result(raw_result); + result.and(Ok(StorageProductionInfo::from(raw_data))) + } + + /// Clears the warning for a new SD card. + /// + /// The Storage status contains a field for a new SD card warning. After a factory reset, the + /// field is set to true. After filling the SD card with random data, it is set to false. + /// This method can be used to set it to false without filling the SD card with random data. + /// + /// # Errors + /// + /// - [`InvalidString`][] if the provided password contains a null byte + /// - [`WrongPassword`][] if the provided admin password is wrong + /// + /// # Example + /// + /// ```no_run + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.clear_new_sd_card_warning("12345678") { + /// Ok(()) => println!("Cleared the new SD card warning."), + /// Err(err) => println!("Could not set the clear the new SD card warning: {}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + /// + /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString + /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword + pub fn clear_new_sd_card_warning(&self, admin_pin: &str) -> Result<(), CommandError> { + let admin_pin = get_cstring(admin_pin)?; + get_command_result(unsafe { + nitrokey_sys::NK_clear_new_sd_card_warning(admin_pin.as_ptr()) + }) + } + /// Blinks the red and green LED alternatively and infinitely until the device is reconnected. pub fn wink(&self) -> Result<(), CommandError> { get_command_result(unsafe { nitrokey_sys::NK_wink() }) @@ -1209,6 +1318,25 @@ impl Device for Storage { impl GenerateOtp for Storage {} +impl From for StorageProductionInfo { + fn from(data: nitrokey_sys::NK_storage_ProductionTest) -> Self { + Self { + firmware_version_major: data.FirmwareVersion_au8[0], + firmware_version_minor: data.FirmwareVersion_au8[1], + firmware_version_internal: data.FirmwareVersionInternal_u8, + serial_number_cpu: data.CPU_CardID_u32, + sd_card: SdCardData { + serial_number: data.SD_CardID_u32, + size: data.SD_Card_Size_u8, + manufacturing_year: data.SD_Card_ManufacturingYear_u8, + manufacturing_month: data.SD_Card_ManufacturingMonth_u8, + oem: data.SD_Card_OEM_u16, + manufacturer: data.SD_Card_Manufacturer_u8, + }, + } + } +} + impl From for StorageStatus { fn from(status: nitrokey_sys::NK_storage_status) -> Self { StorageStatus { diff --git a/nitrokey/src/lib.rs b/nitrokey/src/lib.rs index c50b713..02a622b 100644 --- a/nitrokey/src/lib.rs +++ b/nitrokey/src/lib.rs @@ -98,8 +98,8 @@ use nitrokey_sys; pub use crate::auth::{Admin, Authenticate, User}; pub use crate::config::Config; pub use crate::device::{ - connect, connect_model, Device, DeviceWrapper, Model, Pro, Storage, StorageStatus, VolumeMode, - VolumeStatus, + connect, connect_model, Device, DeviceWrapper, Model, Pro, SdCardData, Storage, + StorageProductionInfo, StorageStatus, VolumeMode, VolumeStatus, }; pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData}; pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; @@ -111,12 +111,13 @@ pub use crate::util::{CommandError, LogLevel}; /// version. #[derive(Clone, Debug, PartialEq)] pub struct Version { - /// The library version as a string. + /// The Git library version as a string. /// /// The library version is the output of `git describe --always` at compile time, for example /// `v3.3` or `v3.4.1`. If the library has not been built from a release, the version string /// contains the number of commits since the last release and the hash of the current commit, for - /// example `v3.3-19-gaee920b`. + /// example `v3.3-19-gaee920b`. If the library has not been built from a Git checkout, this + /// string may be empty. pub git: String, /// The major library version. pub major: u32, diff --git a/nitrokey/src/pws.rs b/nitrokey/src/pws.rs index ebd5fcd..28f0681 100644 --- a/nitrokey/src/pws.rs +++ b/nitrokey/src/pws.rs @@ -129,6 +129,14 @@ fn get_password_safe<'a>( result.map(|()| PasswordSafe { _device: device }) } +fn get_pws_result(s: String) -> Result { + if s.is_empty() { + Err(CommandError::SlotNotProgrammed) + } else { + Ok(s) + } +} + impl<'a> PasswordSafe<'a> { /// Returns the status of all password slots. /// @@ -172,10 +180,12 @@ impl<'a> PasswordSafe<'a> { /// Returns the name of the given slot (if it is programmed). /// + /// This method also returns a `SlotNotProgrammed` error if the name is empty. + /// /// # Errors /// /// - [`InvalidSlot`][] if the given slot is out of range - /// - [`Undefined`][] if the slot is not programmed + /// - [`SlotNotProgrammed`][] if the slot is not programmed /// /// # Example /// @@ -199,17 +209,20 @@ impl<'a> PasswordSafe<'a> { /// ``` /// /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot - /// [`Undefined`]: enum.CommandError.html#variant.Undefined + /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed pub fn get_slot_name(&self, slot: u8) -> Result { unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_name(slot)) } + .and_then(get_pws_result) } /// Returns the login for the given slot (if it is programmed). /// + /// This method also returns a `SlotNotProgrammed` error if the login is empty. + /// /// # Errors /// /// - [`InvalidSlot`][] if the given slot is out of range - /// - [`Undefined`][] if the slot is not programmed + /// - [`SlotNotProgrammed`][] if the slot is not programmed /// /// # Example /// @@ -229,17 +242,20 @@ impl<'a> PasswordSafe<'a> { /// ``` /// /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot - /// [`Undefined`]: enum.CommandError.html#variant.Undefined + /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed pub fn get_slot_login(&self, slot: u8) -> Result { unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_login(slot)) } + .and_then(get_pws_result) } /// Returns the password for the given slot (if it is programmed). /// + /// This method also returns a `SlotNotProgrammed` error if the password is empty. + /// /// # Errors /// /// - [`InvalidSlot`][] if the given slot is out of range - /// - [`Undefined`][] if the slot is not programmed + /// - [`SlotNotProgrammed`][] if the slot is not programmed /// /// # Example /// @@ -259,9 +275,10 @@ impl<'a> PasswordSafe<'a> { /// ``` /// /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot - /// [`Undefined`]: enum.CommandError.html#variant.Undefined + /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed pub fn get_slot_password(&self, slot: u8) -> Result { unsafe { result_from_string(nitrokey_sys::NK_get_password_safe_slot_password(slot)) } + .and_then(get_pws_result) } /// Writes the given slot with the given name, login and password. diff --git a/nitrokey/src/util.rs b/nitrokey/src/util.rs index cb109d0..567c478 100644 --- a/nitrokey/src/util.rs +++ b/nitrokey/src/util.rs @@ -4,7 +4,8 @@ use std::fmt; use std::os::raw::{c_char, c_int}; use libc::{c_void, free}; -use rand::Rng; +use rand_core::RngCore; +use rand_os::OsRng; /// Error types returned by Nitrokey device or by the library. #[derive(Clone, Copy, Debug, PartialEq)] @@ -44,6 +45,8 @@ pub enum CommandError { InvalidHexString, /// The target buffer was smaller than the source. TargetBufferTooSmall, + /// An error occurred during random number generation. + RngError, } /// Log level for libnitrokey. @@ -80,10 +83,13 @@ pub fn result_from_string(ptr: *const c_char) -> Result { unsafe { let s = owned_str_from_ptr(ptr); free(ptr as *mut c_void); + // An empty string can both indicate an error or be a valid return value. In this case, we + // have to check the last command status to decide what to return. if s.is_empty() { - return Err(get_last_error()); + get_last_result().map(|_| s) + } else { + Ok(s) } - return Ok(s); } } @@ -106,10 +112,11 @@ pub fn get_last_error() -> CommandError { }; } -pub fn generate_password(length: usize) -> Vec { +pub fn generate_password(length: usize) -> Result, CommandError> { + let mut rng = OsRng::new()?; let mut data = vec![0u8; length]; - rand::thread_rng().fill(&mut data[..]); - return data; + rng.fill_bytes(&mut data[..]); + Ok(data) } pub fn get_cstring>>(s: T) -> Result { @@ -146,6 +153,7 @@ impl CommandError { "The supplied string is not in hexadecimal format".into() } CommandError::TargetBufferTooSmall => "The target buffer is too small".into(), + CommandError::RngError => "An error occurred during random number generation".into(), } } } @@ -178,6 +186,12 @@ impl From for CommandError { } } +impl From for CommandError { + fn from(_error: rand_core::Error) -> Self { + CommandError::RngError + } +} + impl Into for LogLevel { fn into(self) -> i32 { match self { -- cgit v1.2.1