nitrocli/src/nitrokey.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

// nitrokey.rs

// *************************************************************************
// * Copyright (C) 2017 Daniel Mueller (deso@posteo.net)                   *
// *                                                                       *
// * This program is free software: you can redistribute it and/or modify  *
// * it under the terms of the GNU General Public License as published by  *
// * the Free Software Foundation, either version 3 of the License, or     *
// * (at your option) any later version.                                   *
// *                                                                       *
// * This program is distributed in the hope that it will be useful,       *
// * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
// * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
// * GNU General Public License for more details.                          *
// *                                                                       *
// * You should have received a copy of the GNU General Public License     *
// * along with this program.  If not, see <http://www.gnu.org/licenses/>. *
// *************************************************************************

use crc32::crc;
use std::cmp;
use std::mem;


// The Nitrokey Storage vendor ID.
pub const VID: u16 = 0x20A0;
// The Nitrokey Storage product ID.
pub const PID: u16 = 0x4109;


#[derive(Debug)]
#[derive(PartialEq)]
#[repr(u8)]
pub enum Command {
  // The command to enable the encrypted volume.
  EnableEncryptedVolume = 0x20,
  // The command to disable the encrypted volume.
  DisableEncryptedVolume = 0x21,
}


/// A report is the entity we send to the Nitrokey Storage HID.
///
/// A report is always 64 bytes in size. The last four bytes comprise a
/// CRC of the actual payload. Note that when sending or receiving a
/// report it usually is preceded by a one byte report ID. This report
/// ID is zero here and not represented in the actual report object in
/// our design.
#[repr(packed)]
pub struct Report<Payload>
  where Payload: AsRef<[u8]>,
{
  // The actual payload data. A report may encapsulate a command to send
  // to the stick or a response to receive from it.
  pub data: Payload,
  pub crc: u32,
}


impl<P> AsRef<[u8]> for Report<P>
  where P: AsRef<[u8]>,
{
  fn as_ref(&self) -> &[u8] {
    unsafe { return mem::transmute::<&Report<P>, &[u8; 64]>(self) };
  }
}


impl<P> From<P> for Report<P>
  where P: AsRef<[u8]>,
{
  fn from(payload: P) -> Report<P> {
    let crc = crc(payload.as_ref());
    return Report {
      data: payload,
      crc: crc,
    };
  }
}


#[allow(dead_code)]
#[repr(packed)]
pub struct EnableEncryptedVolumeCommand {
  command: Command,
  // The kind of password. Unconditionally 'P' because the User PIN is
  // used to enable the encrypted volume.
  kind: u8,
  // The password has a maximum length of twenty characters.
  password: [u8; 20],
  padding: [u8; 38],
}


impl EnableEncryptedVolumeCommand {
  pub fn new(password: &Vec<u8>) -> EnableEncryptedVolumeCommand {
    let mut report = EnableEncryptedVolumeCommand {
      command: Command::EnableEncryptedVolume,
      kind: 'P' as u8,
      password: [0; 20],
      padding: [0; 38],
    };

    debug_assert!(password.len() <= report.password.len());

    let len = cmp::min(report.password.len(), password.len());
    report.password[..len].copy_from_slice(&password[..len]);
    return report;
  }
}

impl AsRef<[u8]> for EnableEncryptedVolumeCommand {
  fn as_ref(&self) -> &[u8] {
    unsafe { return mem::transmute::<&EnableEncryptedVolumeCommand, &[u8; 60]>(self) };
  }
}


#[allow(dead_code)]
#[repr(packed)]
pub struct DisableEncryptedVolumeCommand {
  command: Command,
  padding: [u8; 59],
}

impl DisableEncryptedVolumeCommand {
  pub fn new() -> DisableEncryptedVolumeCommand {
    return DisableEncryptedVolumeCommand {
      command: Command::DisableEncryptedVolume,
      padding: [0; 59],
    };
  }
}

impl AsRef<[u8]> for DisableEncryptedVolumeCommand {
  fn as_ref(&self) -> &[u8] {
    unsafe { return mem::transmute::<&DisableEncryptedVolumeCommand, &[u8; 60]>(self) };
  }
}


#[cfg(test)]
mod tests {
  use super::*;

  #[test]
  fn encrypted_volume_report() {
    let password = "test42".to_string().into_bytes();
    let report = EnableEncryptedVolumeCommand::new(&password);
    let expected = ['t' as u8, 'e' as u8, 's' as u8, 't' as u8, '4' as u8, '2' as u8, 0u8, 0u8,
                    0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8, 0u8];
    assert_eq!(report.password, expected);
  }

  #[test]
  #[cfg(debug)]
  #[should_panic(expected = "assertion failed")]
  fn overly_long_password() {
    let password = "012345678912345678901".to_string().into_bytes();
    EnableEncryptedVolumeCommand::new(&password);
  }

  #[test]
  fn report_crc() {
    let password = "passphrase".to_string().into_bytes();
    let payload = EnableEncryptedVolumeCommand::new(&password);
    let report = Report::from(payload);

    // The expected checksum was computed using the original
    // functionality.
    assert_eq!(report.crc, 0xeeb583c);
  }
}