diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2019-01-03 12:16:21 +0000 |
|---|---|---|
| committer | Robin Krahl <robin.krahl@ireas.org> | 2019-01-03 13:17:54 +0100 |
| commit | d60e03b46a6af75056f07394ef66ecaa35f32d77 (patch) | |
| tree | eecd8b42abaf5a125d5d7ddcdc9e0b6225755ce5 | |
| parent | 1061005a82ed0ba6ad5c48322e704f786bd802ab (diff) | |
| download | nitrokey-rs-d60e03b46a6af75056f07394ef66ecaa35f32d77.tar.gz nitrokey-rs-d60e03b46a6af75056f07394ef66ecaa35f32d77.tar.bz2 | |
Add Storage::change_update_pin method
This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates.
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | TODO.md | 1 | ||||
| -rw-r--r-- | src/device.rs | 39 | ||||
| -rw-r--r-- | tests/device.rs | 13 | ||||
| -rw-r--r-- | tests/util/mod.rs | 1 |
5 files changed, 54 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 018ff4d..1611414 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ - Add `CommandError::Undefined` to represent errors without further information (e. g. a method returned `NULL` unexpectedly). - Add error code to `CommandError::Unknown`. +- Add function `Storage::change_update_pin` that changes the firmware update + PIN. # v0.2.3 (2018-12-31) @@ -17,7 +17,6 @@ - `NK_export_firmware` - `NK_clear_new_sd_card_warning` - `NK_fill_SD_card_with_random_data` - - `NK_change_update_password` - `NK_get_SD_usage_data_as_string` - `NK_get_progress_bar_value` - `NK_list_devices_by_cpuID` diff --git a/src/device.rs b/src/device.rs index 33e5410..4b8cc5c 100644 --- a/src/device.rs +++ b/src/device.rs @@ -667,6 +667,45 @@ impl Storage { } } + /// Changes the update PIN. + /// + /// The update PIN is used to enable firmware updates. Unlike the user and the admin PIN, the + /// update PIN is not managed by the OpenPGP smart card but by the Nitrokey firmware. There is + /// no retry counter as with the other PIN types. + /// + /// # Errors + /// + /// - [`InvalidString`][] if one of the provided passwords contains a null byte + /// - [`WrongPassword`][] if the current update password is wrong + /// + /// # Example + /// + /// ```no_run + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.change_storage_pin("12345678", "87654321") { + /// Ok(()) => println!("Updated update PIN."), + /// Err(err) => println!("Failed to update update PIN: {}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + /// + /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString + /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword + pub fn change_update_pin(&self, current: &str, new: &str) -> Result<(), CommandError> { + let current_string = get_cstring(current)?; + let new_string = get_cstring(new)?; + unsafe { + get_command_result(nitrokey_sys::NK_change_update_password( + current_string.as_ptr(), + new_string.as_ptr(), + )) + } + } + /// Enables the encrypted storage volume. /// /// Once the encrypted volume is enabled, it is presented to the operating system as a block diff --git a/tests/device.rs b/tests/device.rs index 4551534..a225d2d 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -6,9 +6,10 @@ use std::{thread, time}; use nitrokey::{Authenticate, CommandError, Config, Device, Storage}; -use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; +use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD, UPDATE_PIN}; static ADMIN_NEW_PASSWORD: &str = "1234567890"; +static UPDATE_NEW_PIN: &str = "87654321"; static USER_NEW_PASSWORD: &str = "abcdefghij"; fn count_nitrokey_block_devices() -> usize { @@ -296,6 +297,16 @@ fn unlock_user_pin() { #[test] #[cfg_attr(not(feature = "test-storage"), ignore)] +fn change_update_pin() { + let device = Storage::connect().unwrap(); + + assert_eq!(Err(CommandError::WrongPassword), device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN)); + assert_eq!(Ok(()), device.change_update_pin(UPDATE_PIN, UPDATE_NEW_PIN)); + assert_eq!(Ok(()), device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN)); +} + +#[test] +#[cfg_attr(not(feature = "test-storage"), ignore)] fn encrypted_volume() { let device = Storage::connect().unwrap(); assert!(device.lock().is_ok()); diff --git a/tests/util/mod.rs b/tests/util/mod.rs index c2c94e2..5e495d8 100644 --- a/tests/util/mod.rs +++ b/tests/util/mod.rs @@ -1,4 +1,5 @@ pub static ADMIN_PASSWORD: &str = "12345678"; +pub static UPDATE_PIN: &str = "12345678"; pub static USER_PASSWORD: &str = "123456"; #[cfg(not(feature = "test-storage"))] |