diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2018-06-05 22:30:04 +0200 |
|---|---|---|
| committer | Robin Krahl <robin.krahl@ireas.org> | 2018-06-05 22:30:04 +0200 |
| commit | 017a27a009947d73c00f934a1e052b0ef021680b (patch) | |
| tree | c3c2c088d4eb0c07be16b1a46d7abddd131e9229 | |
| parent | 5b536045bd4276b31edafb55f39ded8534732401 (diff) | |
| download | nitrokey-rs-017a27a009947d73c00f934a1e052b0ef021680b.tar.gz nitrokey-rs-017a27a009947d73c00f934a1e052b0ef021680b.tar.bz2 | |
Implement Drop for PasswordSafe
By calling NK_lock_device when dropping a PasswordSafe instance, we can
make sure that the password safe cannot be reused without
authentication.
| -rw-r--r-- | TODO.md | 3 | ||||
| -rw-r--r-- | src/pws.rs | 8 | ||||
| -rw-r--r-- | src/tests/pws.rs | 21 |
3 files changed, 30 insertions, 2 deletions
@@ -1,6 +1,5 @@ - Add support for the currently unsupported commands: - `NK_set_unencrypted_volume_rorw_pin_type_user` - - `NK_lock_device` - `NK_factory_reset` - `NK_build_aes_key` - `NK_is_AES_supported` @@ -38,3 +37,5 @@ - Differentiate empty strings and errors (see `result_from_string`). - Check integer conversions. - Consider implementing `Into<CommandError>` for `(Device, CommandError)` +- Check error handling in PasswordSafe::drop(). +- Disable creation of multiple password safes at the same time. @@ -315,6 +315,14 @@ impl<'a> PasswordSafe<'a> { } } +impl<'a> Drop for PasswordSafe<'a> { + fn drop(&mut self) { + unsafe { + nitrokey_sys::NK_lock_device(); + } + } +} + impl GetPasswordSafe for Pro { fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> { get_password_safe(self, user_pin) diff --git a/src/tests/pws.rs b/src/tests/pws.rs index 30d6853..d6125a9 100644 --- a/src/tests/pws.rs +++ b/src/tests/pws.rs @@ -1,6 +1,7 @@ +use nitrokey_sys; use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; -use util::{CommandError, CommandStatus}; +use util::{result_from_string, CommandError, CommandStatus}; fn get_pws(device: &Target) -> PasswordSafe { device.get_password_safe(USER_PASSWORD).unwrap() @@ -22,6 +23,24 @@ fn enable() { #[test] #[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] +fn drop() { + let device = Target::connect().unwrap(); + { + let pws = get_pws(&device); + assert_eq!( + CommandStatus::Success, + pws.write_slot(1, "name", "login", "password") + ); + assert_eq!("name", pws.get_slot_name(1).unwrap()); + let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); + assert_eq!(Ok(String::from("name")), result); + } + let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); + assert_eq!(Err(CommandError::NotAuthorized), result); +} + +#[test] +#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)] fn get_status() { let device = Target::connect().unwrap(); let pws = get_pws(&device); |