summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2019-02-02 11:27:52 +0100
committerRobin Krahl <robin.krahl@ireas.org>2019-02-02 11:27:52 +0100
commita31f73db289b00f81c5f70e60807ef7348f1a499 (patch)
tree6d51c0223778d4957ef1660f845fe5bd404d8538
parentad76653b3be57c0cfd31c8056a8d68537034324e (diff)
parent13006c00dcbd570cf8347d89557834e320427377 (diff)
downloadnitrokey-rs-a31f73db289b00f81c5f70e60807ef7348f1a499.tar.gz
nitrokey-rs-a31f73db289b00f81c5f70e60807ef7348f1a499.tar.bz2
Merge branch 'mutable-references' into next
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E * mutable-references: Store mutable reference to Device in PasswordSafe Refactor User and Admin to use a mutable reference Require mutable reference if method changes device state Add device_mut method to DeviceWrapper Implement DerefMut for User and Admin
-rw-r--r--CHANGELOG.md8
-rw-r--r--TODO.md1
-rw-r--r--src/auth.rs191
-rw-r--r--src/device.rs121
-rw-r--r--src/lib.rs8
-rw-r--r--src/otp.rs42
-rw-r--r--src/pws.rs57
-rw-r--r--tests/device.rs163
-rw-r--r--tests/otp.rs121
-rw-r--r--tests/pws.rs18
-rw-r--r--tests/util/mod.rs12
11 files changed, 346 insertions, 396 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9e3065..9227510 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,14 @@ SPDX-License-Identifier: MIT
- Always return a `Result` in functions that communicate with a device.
- Combine `get_{major,minor}_firmware_version` into `get_firmware_version`.
- Add `set_encrypted_volume_mode` to `Storage`.
+- Use mutability to represent changes to the device status:
+ - Implement `DerefMut` for `User<T>` and `Admin<T>`.
+ - Add `device_mut` method to `DeviceWrapper`.
+ - Require a mutable `Device` reference if a method changes the device state.
+- Let `Admin` and `User` store a mutable reference to the `Device` instead of
+ the `Device` value.
+- Let `PasswordStore` store a mutable reference to the `Device` instead of a
+ non-mutable reference.
# v0.3.4 (2019-01-20)
- Fix authentication methods that assumed that `char` is signed.
diff --git a/TODO.md b/TODO.md
index 1ff723d..d6a3509 100644
--- a/TODO.md
+++ b/TODO.md
@@ -13,7 +13,6 @@ SPDX-License-Identifier: MIT
- Clear passwords from memory.
- Lock password safe in `PasswordSafe::drop()` (see [nitrokey-storage-firmware
issue 65][]).
-- Disable creation of multiple password safes at the same time.
- Check timing in Storage tests.
- Consider restructuring `device::StorageStatus`.
diff --git a/src/auth.rs b/src/auth.rs
index 8978f32..573fed3 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -1,7 +1,7 @@
// Copyright (C) 2018-2019 Robin Krahl <robin.krahl@ireas.org>
// SPDX-License-Identifier: MIT
-use std::ops::Deref;
+use std::ops;
use std::os::raw::c_char;
use std::os::raw::c_int;
@@ -42,16 +42,10 @@ pub trait Authenticate {
/// fn perform_other_task(device: &DeviceWrapper) {}
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
- /// let device = match device.authenticate_user("123456") {
- /// Ok(user) => {
- /// perform_user_task(&user);
- /// user.device()
- /// },
- /// Err((device, err)) => {
- /// eprintln!("Could not authenticate as user: {}", err);
- /// device
- /// },
+ /// let mut device = nitrokey::connect()?;
+ /// match device.authenticate_user("123456") {
+ /// Ok(user) => perform_user_task(&user),
+ /// Err(err) => eprintln!("Could not authenticate as user: {}", err),
/// };
/// perform_other_task(&device);
/// # Ok(())
@@ -61,9 +55,9 @@ pub trait Authenticate {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`RngError`]: enum.CommandError.html#variant.RngError
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn authenticate_user(self, password: &str) -> Result<User<Self>, (Self, Error)>
+ fn authenticate_user(&mut self, password: &str) -> Result<User<'_, Self>, Error>
where
- Self: Device + Sized;
+ Self: Device + std::marker::Sized;
/// Performs admin authentication. This method consumes the device. If successful, an
/// authenticated device is returned. Otherwise, the current unauthenticated device and the
@@ -88,16 +82,10 @@ pub trait Authenticate {
/// fn perform_other_task(device: &DeviceWrapper) {}
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
- /// let device = match device.authenticate_admin("123456") {
- /// Ok(admin) => {
- /// perform_admin_task(&admin);
- /// admin.device()
- /// },
- /// Err((device, err)) => {
- /// eprintln!("Could not authenticate as admin: {}", err);
- /// device
- /// },
+ /// let mut device = nitrokey::connect()?;
+ /// match device.authenticate_admin("123456") {
+ /// Ok(admin) => perform_admin_task(&admin),
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// };
/// perform_other_task(&device);
/// # Ok(())
@@ -107,13 +95,13 @@ pub trait Authenticate {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`RngError`]: enum.CommandError.html#variant.RngError
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn authenticate_admin(self, password: &str) -> Result<Admin<Self>, (Self, Error)>
+ fn authenticate_admin(&mut self, password: &str) -> Result<Admin<'_, Self>, Error>
where
- Self: Device + Sized;
+ Self: Device + std::marker::Sized;
}
-trait AuthenticatedDevice<T> {
- fn new(device: T, temp_password: Vec<u8>) -> Self;
+trait AuthenticatedDevice<'a, T> {
+ fn new(device: &'a mut T, temp_password: Vec<u8>) -> Self;
fn temp_password_ptr(&self) -> *const c_char;
}
@@ -128,8 +116,8 @@ trait AuthenticatedDevice<T> {
/// [`authenticate_admin`]: trait.Authenticate.html#method.authenticate_admin
/// [`device`]: #method.device
#[derive(Debug)]
-pub struct User<T: Device> {
- device: T,
+pub struct User<'a, T: Device> {
+ device: &'a mut T,
temp_password: Vec<u8>,
}
@@ -143,84 +131,43 @@ pub struct User<T: Device> {
/// [`authenticate_admin`]: trait.Authenticate.html#method.authenticate_admin
/// [`device`]: #method.device
#[derive(Debug)]
-pub struct Admin<T: Device> {
- device: T,
+pub struct Admin<'a, T: Device> {
+ device: &'a mut T,
temp_password: Vec<u8>,
}
-fn authenticate<D, A, T>(device: D, password: &str, callback: T) -> Result<A, (D, Error)>
+fn authenticate<'a, D, A, T>(device: &'a mut D, password: &str, callback: T) -> Result<A, Error>
where
D: Device,
- A: AuthenticatedDevice<D>,
+ A: AuthenticatedDevice<'a, D>,
T: Fn(*const c_char, *const c_char) -> c_int,
{
- let temp_password = match generate_password(TEMPORARY_PASSWORD_LENGTH) {
- Ok(temp_password) => temp_password,
- Err(err) => return Err((device, err)),
- };
- let password = match get_cstring(password) {
- Ok(password) => password,
- Err(err) => return Err((device, err)),
- };
+ let temp_password = generate_password(TEMPORARY_PASSWORD_LENGTH)?;
+ let password = get_cstring(password)?;
let password_ptr = password.as_ptr();
let temp_password_ptr = temp_password.as_ptr() as *const c_char;
match callback(password_ptr, temp_password_ptr) {
0 => Ok(A::new(device, temp_password)),
- rv => Err((device, Error::from(rv))),
+ rv => Err(Error::from(rv)),
}
}
-fn authenticate_user_wrapper<T, C>(
- device: T,
- constructor: C,
- password: &str,
-) -> Result<User<DeviceWrapper>, (DeviceWrapper, Error)>
-where
- T: Device,
- C: Fn(T) -> DeviceWrapper,
-{
- let result = device.authenticate_user(password);
- match result {
- Ok(user) => Ok(User::new(constructor(user.device), user.temp_password)),
- Err((device, err)) => Err((constructor(device), err)),
- }
-}
-
-fn authenticate_admin_wrapper<T, C>(
- device: T,
- constructor: C,
- password: &str,
-) -> Result<Admin<DeviceWrapper>, (DeviceWrapper, Error)>
-where
- T: Device,
- C: Fn(T) -> DeviceWrapper,
-{
- let result = device.authenticate_admin(password);
- match result {
- Ok(user) => Ok(Admin::new(constructor(user.device), user.temp_password)),
- Err((device, err)) => Err((constructor(device), err)),
- }
-}
+impl<'a, T: Device> ops::Deref for User<'a, T> {
+ type Target = T;
-impl<T: Device> User<T> {
- /// Forgets the user authentication and returns an unauthenticated device. This method
- /// consumes the authenticated device. It does not perform any actual commands on the
- /// Nitrokey.
- pub fn device(self) -> T {
+ fn deref(&self) -> &Self::Target {
self.device
}
}
-impl<T: Device> Deref for User<T> {
- type Target = T;
-
- fn deref(&self) -> &Self::Target {
- &self.device
+impl<'a, T: Device> ops::DerefMut for User<'a, T> {
+ fn deref_mut(&mut self) -> &mut T {
+ self.device
}
}
-impl<T: Device> GenerateOtp for User<T> {
- fn get_hotp_code(&self, slot: u8) -> Result<String, Error> {
+impl<'a, T: Device> GenerateOtp for User<'a, T> {
+ fn get_hotp_code(&mut self, slot: u8) -> Result<String, Error> {
result_from_string(unsafe {
nitrokey_sys::NK_get_hotp_code_PIN(slot, self.temp_password_ptr())
})
@@ -233,8 +180,8 @@ impl<T: Device> GenerateOtp for User<T> {
}
}
-impl<T: Device> AuthenticatedDevice<T> for User<T> {
- fn new(device: T, temp_password: Vec<u8>) -> Self {
+impl<'a, T: Device> AuthenticatedDevice<'a, T> for User<'a, T> {
+ fn new(device: &'a mut T, temp_password: Vec<u8>) -> Self {
User {
device,
temp_password,
@@ -246,22 +193,21 @@ impl<T: Device> AuthenticatedDevice<T> for User<T> {
}
}
-impl<T: Device> Deref for Admin<T> {
+impl<'a, T: Device> ops::Deref for Admin<'a, T> {
type Target = T;
fn deref(&self) -> &Self::Target {
- &self.device
+ self.device
}
}
-impl<T: Device> Admin<T> {
- /// Forgets the user authentication and returns an unauthenticated device. This method
- /// consumes the authenticated device. It does not perform any actual commands on the
- /// Nitrokey.
- pub fn device(self) -> T {
+impl<'a, T: Device> ops::DerefMut for Admin<'a, T> {
+ fn deref_mut(&mut self) -> &mut T {
self.device
}
+}
+impl<'a, T: Device> Admin<'a, T> {
/// Writes the given configuration to the Nitrokey device.
///
/// # Errors
@@ -275,21 +221,18 @@ impl<T: Device> Admin<T> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let config = Config::new(None, None, None, false);
/// match device.authenticate_admin("12345678") {
- /// Ok(admin) => {
- /// admin.write_config(config);
- /// ()
- /// },
- /// Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+ /// Ok(mut admin) => admin.write_config(config)?,
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// };
/// # Ok(())
/// # }
/// ```
///
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
- pub fn write_config(&self, config: Config) -> Result<(), Error> {
+ pub fn write_config(&mut self, config: Config) -> Result<(), Error> {
let raw_config = RawConfig::try_from(config)?;
get_command_result(unsafe {
nitrokey_sys::NK_write_config(
@@ -304,8 +247,8 @@ impl<T: Device> Admin<T> {
}
}
-impl<T: Device> ConfigureOtp for Admin<T> {
- fn write_hotp_slot(&self, data: OtpSlotData, counter: u64) -> Result<(), Error> {
+impl<'a, T: Device> ConfigureOtp for Admin<'a, T> {
+ fn write_hotp_slot(&mut self, data: OtpSlotData, counter: u64) -> Result<(), Error> {
let raw_data = RawOtpSlotData::new(data)?;
get_command_result(unsafe {
nitrokey_sys::NK_write_hotp_slot(
@@ -322,7 +265,7 @@ impl<T: Device> ConfigureOtp for Admin<T> {
})
}
- fn write_totp_slot(&self, data: OtpSlotData, time_window: u16) -> Result<(), Error> {
+ fn write_totp_slot(&mut self, data: OtpSlotData, time_window: u16) -> Result<(), Error> {
let raw_data = RawOtpSlotData::new(data)?;
get_command_result(unsafe {
nitrokey_sys::NK_write_totp_slot(
@@ -339,21 +282,21 @@ impl<T: Device> ConfigureOtp for Admin<T> {
})
}
- fn erase_hotp_slot(&self, slot: u8) -> Result<(), Error> {
+ fn erase_hotp_slot(&mut self, slot: u8) -> Result<(), Error> {
get_command_result(unsafe {
nitrokey_sys::NK_erase_hotp_slot(slot, self.temp_password_ptr())
})
}
- fn erase_totp_slot(&self, slot: u8) -> Result<(), Error> {
+ fn erase_totp_slot(&mut self, slot: u8) -> Result<(), Error> {
get_command_result(unsafe {
nitrokey_sys::NK_erase_totp_slot(slot, self.temp_password_ptr())
})
}
}
-impl<T: Device> AuthenticatedDevice<T> for Admin<T> {
- fn new(device: T, temp_password: Vec<u8>) -> Self {
+impl<'a, T: Device> AuthenticatedDevice<'a, T> for Admin<'a, T> {
+ fn new(device: &'a mut T, temp_password: Vec<u8>) -> Self {
Admin {
device,
temp_password,
@@ -366,35 +309,27 @@ impl<T: Device> AuthenticatedDevice<T> for Admin<T> {
}
impl Authenticate for DeviceWrapper {
- fn authenticate_user(self, password: &str) -> Result<User<Self>, (Self, Error)> {
- match self {
- DeviceWrapper::Storage(storage) => {
- authenticate_user_wrapper(storage, DeviceWrapper::Storage, password)
- }
- DeviceWrapper::Pro(pro) => authenticate_user_wrapper(pro, DeviceWrapper::Pro, password),
- }
+ fn authenticate_user(&mut self, password: &str) -> Result<User<'_, Self>, Error> {
+ authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
+ nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
+ })
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<Self>, (Self, Error)> {
- match self {
- DeviceWrapper::Storage(storage) => {
- authenticate_admin_wrapper(storage, DeviceWrapper::Storage, password)
- }
- DeviceWrapper::Pro(pro) => {
- authenticate_admin_wrapper(pro, DeviceWrapper::Pro, password)
- }
- }
+ fn authenticate_admin(&mut self, password: &str) -> Result<Admin<'_, Self>, Error> {
+ authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
+ nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
+ })
}
}
impl Authenticate for Pro {
- fn authenticate_user(self, password: &str) -> Result<User<Self>, (Self, Error)> {
+ fn authenticate_user(&mut self, password: &str) -> Result<User<'_, Self>, Error> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
})
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<Self>, (Self, Error)> {
+ fn authenticate_admin(&mut self, password: &str) -> Result<Admin<'_, Self>, Error> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr)
})
@@ -402,13 +337,13 @@ impl Authenticate for Pro {
}
impl Authenticate for Storage {
- fn authenticate_user(self, password: &str) -> Result<User<Self>, (Self, Error)> {
+ fn authenticate_user(&mut self, password: &str) -> Result<User<'_, Self>, Error> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
})
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<Self>, (Self, Error)> {
+ fn authenticate_admin(&mut self, password: &str) -> Result<Admin<'_, Self>, Error> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr)
})
diff --git a/src/device.rs b/src/device.rs
index c985802..a0df30e 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -71,16 +71,10 @@ impl fmt::Display for VolumeMode {
/// fn perform_other_task(device: &DeviceWrapper) {}
///
/// # fn try_main() -> Result<(), Error> {
-/// let device = nitrokey::connect()?;
-/// let device = match device.authenticate_user("123456") {
-/// Ok(user) => {
-/// perform_user_task(&user);
-/// user.device()
-/// },
-/// Err((device, err)) => {
-/// eprintln!("Could not authenticate as user: {}", err);
-/// device
-/// },
+/// let mut device = nitrokey::connect()?;
+/// match device.authenticate_user("123456") {
+/// Ok(user) => perform_user_task(&user),
+/// Err(err) => eprintln!("Could not authenticate as user: {}", err),
/// };
/// perform_other_task(&device);
/// # Ok(())
@@ -135,16 +129,10 @@ pub enum DeviceWrapper {
/// fn perform_other_task(device: &Pro) {}
///
/// # fn try_main() -> Result<(), Error> {
-/// let device = nitrokey::Pro::connect()?;
-/// let device = match device.authenticate_user("123456") {
-/// Ok(user) => {
-/// perform_user_task(&user);
-/// user.device()
-/// },
-/// Err((device, err)) => {
-/// eprintln!("Could not authenticate as user: {}", err);
-/// device
-/// },
+/// let mut device = nitrokey::Pro::connect()?;
+/// match device.authenticate_user("123456") {
+/// Ok(user) => perform_user_task(&user),
+/// Err(err) => eprintln!("Could not authenticate as user: {}", err),
/// };
/// perform_other_task(&device);
/// # Ok(())
@@ -181,16 +169,10 @@ pub struct Pro {
/// fn perform_other_task(device: &Storage) {}
///
/// # fn try_main() -> Result<(), Error> {
-/// let device = nitrokey::Storage::connect()?;
-/// let device = match device.authenticate_user("123456") {
-/// Ok(user) => {
-/// perform_user_task(&user);
-/// user.device()
-/// },
-/// Err((device, err)) => {
-/// eprintln!("Could not authenticate as user: {}", err);
-/// device
-/// },
+/// let mut device = nitrokey::Storage::connect()?;
+/// match device.authenticate_user("123456") {
+/// Ok(user) => perform_user_task(&user),
+/// Err(err) => eprintln!("Could not authenticate as user: {}", err),
/// };
/// perform_other_task(&device);
/// # Ok(())
@@ -452,7 +434,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.change_admin_pin("12345678", "12345679") {
/// Ok(()) => println!("Updated admin PIN."),
/// Err(err) => eprintln!("Failed to update admin PIN: {}", err),
@@ -463,7 +445,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn change_admin_pin(&self, current: &str, new: &str) -> Result<(), Error> {
+ fn change_admin_pin(&mut self, current: &str, new: &str) -> Result<(), Error> {
let current_string = get_cstring(current)?;
let new_string = get_cstring(new)?;
get_command_result(unsafe {
@@ -485,7 +467,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.change_user_pin("123456", "123457") {
/// Ok(()) => println!("Updated admin PIN."),
/// Err(err) => eprintln!("Failed to update admin PIN: {}", err),
@@ -496,7 +478,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn change_user_pin(&self, current: &str, new: &str) -> Result<(), Error> {
+ fn change_user_pin(&mut self, current: &str, new: &str) -> Result<(), Error> {
let current_string = get_cstring(current)?;
let new_string = get_cstring(new)?;
get_command_result(unsafe {
@@ -518,7 +500,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.unlock_user_pin("12345678", "123456") {
/// Ok(()) => println!("Unlocked user PIN."),
/// Err(err) => eprintln!("Failed to unlock user PIN: {}", err),
@@ -529,7 +511,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn unlock_user_pin(&self, admin_pin: &str, user_pin: &str) -> Result<(), Error> {
+ fn unlock_user_pin(&mut self, admin_pin: &str, user_pin: &str) -> Result<(), Error> {
let admin_pin_string = get_cstring(admin_pin)?;
let user_pin_string = get_cstring(user_pin)?;
get_command_result(unsafe {
@@ -552,7 +534,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.lock() {
/// Ok(()) => println!("Locked the Nitrokey device."),
/// Err(err) => eprintln!("Could not lock the Nitrokey device: {}", err),
@@ -560,7 +542,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # Ok(())
/// # }
/// ```
- fn lock(&self) -> Result<(), Error> {
+ fn lock(&mut self) -> Result<(), Error> {
get_command_result(unsafe { nitrokey_sys::NK_lock_device() })
}
@@ -583,7 +565,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.factory_reset("12345678") {
/// Ok(()) => println!("Performed a factory reset."),
/// Err(err) => eprintln!("Could not perform a factory reset: {}", err),
@@ -593,7 +575,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// ```
///
/// [`build_aes_key`]: #method.build_aes_key
- fn factory_reset(&self, admin_pin: &str) -> Result<(), Error> {
+ fn factory_reset(&mut self, admin_pin: &str) -> Result<(), Error> {
let admin_pin_string = get_cstring(admin_pin)?;
get_command_result(unsafe { nitrokey_sys::NK_factory_reset(admin_pin_string.as_ptr()) })
}
@@ -617,7 +599,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.build_aes_key("12345678") {
/// Ok(()) => println!("New AES keys have been built."),
/// Err(err) => eprintln!("Could not build new AES keys: {}", err),
@@ -627,7 +609,7 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp + fmt::Debug {
/// ```
///
/// [`factory_reset`]: #method.factory_reset
- fn build_aes_key(&self, admin_pin: &str) -> Result<(), Error> {
+ fn build_aes_key(&mut self, admin_pin: &str) -> Result<(), Error> {
let admin_pin_string = get_cstring(admin_pin)?;
get_command_result(unsafe { nitrokey_sys::NK_build_aes_key(admin_pin_string.as_ptr()) })
}
@@ -728,6 +710,13 @@ impl DeviceWrapper {
DeviceWrapper::Pro(ref pro) => pro,
}
}
+
+ fn device_mut(&mut self) -> &mut dyn Device {
+ match *self {
+ DeviceWrapper::Storage(ref mut storage) => storage,
+ DeviceWrapper::Pro(ref mut pro) => pro,
+ }
+ }
}
impl From<Pro> for DeviceWrapper {
@@ -751,8 +740,8 @@ impl GenerateOtp for DeviceWrapper {
self.device().get_totp_slot_name(slot)
}
- fn get_hotp_code(&self, slot: u8) -> Result<String, Error> {
- self.device().get_hotp_code(slot)
+ fn get_hotp_code(&mut self, slot: u8) -> Result<String, Error> {
+ self.device_mut().get_hotp_code(slot)
}
fn get_totp_code(&self, slot: u8) -> Result<String, Error> {
@@ -875,7 +864,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.change_update_pin("12345678", "87654321") {
/// Ok(()) => println!("Updated update PIN."),
/// Err(err) => eprintln!("Failed to update update PIN: {}", err),
@@ -886,7 +875,7 @@ impl Storage {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- pub fn change_update_pin(&self, current: &str, new: &str) -> Result<(), Error> {
+ pub fn change_update_pin(&mut self, current: &str, new: &str) -> Result<(), Error> {
let current_string = get_cstring(current)?;
let new_string = get_cstring(new)?;
get_command_result(unsafe {
@@ -912,7 +901,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.enable_firmware_update("12345678") {
/// Ok(()) => println!("Nitrokey entered update mode."),
/// Err(err) => eprintln!("Could not enter update mode: {}", err),
@@ -923,7 +912,7 @@ impl Storage {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- pub fn enable_firmware_update(&self, update_pin: &str) -> Result<(), Error> {
+ pub fn enable_firmware_update(&mut self, update_pin: &str) -> Result<(), Error> {
let update_pin_string = get_cstring(update_pin)?;
get_command_result(unsafe {
nitrokey_sys::NK_enable_firmware_update(update_pin_string.as_ptr())
@@ -946,7 +935,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.enable_encrypted_volume("123456") {
/// Ok(()) => println!("Enabled the encrypted volume."),
/// Err(err) => eprintln!("Could not enable the encrypted volume: {}", err),
@@ -957,7 +946,7 @@ impl Storage {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- pub fn enable_encrypted_volume(&self, user_pin: &str) -> Result<(), Error> {
+ pub fn enable_encrypted_volume(&mut self, user_pin: &str) -> Result<(), Error> {
let user_pin = get_cstring(user_pin)?;
get_command_result(unsafe { nitrokey_sys::NK_unlock_encrypted_volume(user_pin.as_ptr()) })
}
@@ -975,7 +964,7 @@ impl Storage {
/// fn use_volume() {}
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.enable_encrypted_volume("123456") {
/// Ok(()) => {
/// println!("Enabled the encrypted volume.");
@@ -992,7 +981,7 @@ impl Storage {
/// # Ok(())
/// # }
/// ```
- pub fn disable_encrypted_volume(&self) -> Result<(), Error> {
+ pub fn disable_encrypted_volume(&mut self) -> Result<(), Error> {
get_command_result(unsafe { nitrokey_sys::NK_lock_encrypted_volume() })
}
@@ -1021,7 +1010,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// device.enable_encrypted_volume("123445")?;
/// match device.enable_hidden_volume("hidden-pw") {
/// Ok(()) => println!("Enabled a hidden volume."),
@@ -1034,7 +1023,7 @@ impl Storage {
/// [`enable_encrypted_volume`]: #method.enable_encrypted_volume
/// [`AesDecryptionFailed`]: enum.CommandError.html#variant.AesDecryptionFailed
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
- pub fn enable_hidden_volume(&self, volume_password: &str) -> Result<(), Error> {
+ pub fn enable_hidden_volume(&mut self, volume_password: &str) -> Result<(), Error> {
let volume_password = get_cstring(volume_password)?;
get_command_result(unsafe {
nitrokey_sys::NK_unlock_hidden_volume(volume_password.as_ptr())
@@ -1054,7 +1043,7 @@ impl Storage {
/// fn use_volume() {}
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// device.enable_encrypted_volume("123445")?;
/// match device.enable_hidden_volume("hidden-pw") {
/// Ok(()) => {
@@ -1072,7 +1061,7 @@ impl Storage {
/// # Ok(())
/// # }
/// ```
- pub fn disable_hidden_volume(&self) -> Result<(), Error> {
+ pub fn disable_hidden_volume(&mut self) -> Result<(), Error> {
get_command_result(unsafe { nitrokey_sys::NK_lock_hidden_volume() })
}
@@ -1101,7 +1090,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// device.enable_encrypted_volume("123445")?;
/// device.create_hidden_volume(0, 0, 100, "hidden-pw")?;
/// # Ok(())
@@ -1111,7 +1100,7 @@ impl Storage {
/// [`AesDecryptionFailed`]: enum.CommandError.html#variant.AesDecryptionFailed
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
pub fn create_hidden_volume(
- &self,
+ &mut self,
slot: u8,
start: u8,
end: u8,
@@ -1141,7 +1130,7 @@ impl Storage {
/// use nitrokey::VolumeMode;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.set_unencrypted_volume_mode("12345678", VolumeMode::ReadWrite) {
/// Ok(()) => println!("Set the unencrypted volume to read-write mode."),
/// Err(err) => eprintln!("Could not set the unencrypted volume to read-write mode: {}", err),
@@ -1153,7 +1142,7 @@ impl Storage {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
pub fn set_unencrypted_volume_mode(
- &self,
+ &mut self,
admin_pin: &str,
mode: VolumeMode,
) -> Result<(), Error> {
@@ -1186,7 +1175,7 @@ impl Storage {
/// use nitrokey::VolumeMode;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.set_encrypted_volume_mode("12345678", VolumeMode::ReadWrite) {
/// Ok(()) => println!("Set the encrypted volume to read-write mode."),
/// Err(err) => eprintln!("Could not set the encrypted volume to read-write mode: {}", err),
@@ -1198,7 +1187,7 @@ impl Storage {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
pub fn set_encrypted_volume_mode(
- &self,
+ &mut self,
admin_pin: &str,
mode: VolumeMode,
) -> Result<(), Error> {
@@ -1315,7 +1304,7 @@ impl Storage {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::Storage::connect()?;
+ /// let mut device = nitrokey::Storage::connect()?;
/// match device.clear_new_sd_card_warning("12345678") {
/// Ok(()) => println!("Cleared the new SD card warning."),
/// Err(err) => eprintln!("Could not set the clear the new SD card warning: {}", err),
@@ -1326,7 +1315,7 @@ impl Storage {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- pub fn clear_new_sd_card_warning(&self, admin_pin: &str) -> Result<(), Error> {
+ pub fn clear_new_sd_card_warning(&mut self, admin_pin: &str) -> Result<(), Error> {
let admin_pin = get_cstring(admin_pin)?;
get_command_result(unsafe {
nitrokey_sys::NK_clear_new_sd_card_warning(admin_pin.as_ptr())
@@ -1334,7 +1323,7 @@ impl Storage {
}
/// Blinks the red and green LED alternatively and infinitely until the device is reconnected.
- pub fn wink(&self) -> Result<(), Error> {
+ pub fn wink(&mut self) -> Result<(), Error> {
get_command_result(unsafe { nitrokey_sys::NK_wink() })
}
@@ -1354,7 +1343,7 @@ impl Storage {
///
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- pub fn export_firmware(&self, admin_pin: &str) -> Result<(), Error> {
+ pub fn export_firmware(&mut self, admin_pin: &str) -> Result<(), Error> {
let admin_pin_string = get_cstring(admin_pin)?;
get_command_result(unsafe { nitrokey_sys::NK_export_firmware(admin_pin_string.as_ptr()) })
}
diff --git a/src/lib.rs b/src/lib.rs
index f7da8e1..d7a8c5e 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -44,16 +44,16 @@
//! # use nitrokey::Error;
//!
//! # fn try_main() -> Result<(), Error> {
-//! let device = nitrokey::connect()?;
+//! let mut device = nitrokey::connect()?;
//! let slot_data = OtpSlotData::new(1, "test", "01234567890123456689", OtpMode::SixDigits);
//! match device.authenticate_admin("12345678") {
-//! Ok(admin) => {
+//! Ok(mut admin) => {
//! match admin.write_hotp_slot(slot_data, 0) {
//! Ok(()) => println!("Successfully wrote slot."),
//! Err(err) => eprintln!("Could not write slot: {}", err),
//! }
//! },
-//! Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+//! Err(err) => eprintln!("Could not authenticate as admin: {}", err),
//! }
//! # Ok(())
//! # }
@@ -66,7 +66,7 @@
//! # use nitrokey::Error;
//!
//! # fn try_main() -> Result<(), Error> {
-//! let device = nitrokey::connect()?;
+//! let mut device = nitrokey::connect()?;
//! match device.get_hotp_code(1) {
//! Ok(code) => println!("Generated HOTP code: {}", code),
//! Err(err) => eprintln!("Could not generate HOTP code: {}", err),
diff --git a/src/otp.rs b/src/otp.rs
index abaff66..a8dd20b 100644
--- a/src/otp.rs
+++ b/src/otp.rs
@@ -35,16 +35,16 @@ pub trait ConfigureOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let slot_data = OtpSlotData::new(1, "test", "01234567890123456689", OtpMode::SixDigits);
/// match device.authenticate_admin("12345678") {
- /// Ok(admin) => {
+ /// Ok(mut admin) => {
/// match admin.write_hotp_slot(slot_data, 0) {
/// Ok(()) => println!("Successfully wrote slot."),
/// Err(err) => eprintln!("Could not write slot: {}", err),
/// }
/// },
- /// Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// }
/// # Ok(())
/// # }
@@ -53,7 +53,7 @@ pub trait ConfigureOtp {
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`NoName`]: enum.CommandError.html#variant.NoName
- fn write_hotp_slot(&self, data: OtpSlotData, counter: u64) -> Result<(), Error>;
+ fn write_hotp_slot(&mut self, data: OtpSlotData, counter: u64) -> Result<(), Error>;
/// Configure a TOTP slot with the given data and set the TOTP time window to the given value
/// (default 30).
@@ -71,16 +71,16 @@ pub trait ConfigureOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let slot_data = OtpSlotData::new(1, "test", "01234567890123456689", OtpMode::EightDigits);
/// match device.authenticate_admin("12345678") {
- /// Ok(admin) => {
+ /// Ok(mut admin) => {
/// match admin.write_totp_slot(slot_data, 30) {
/// Ok(()) => println!("Successfully wrote slot."),
/// Err(err) => eprintln!("Could not write slot: {}", err),
/// }
/// },
- /// Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// }
/// # Ok(())
/// # }
@@ -89,7 +89,7 @@ pub trait ConfigureOtp {
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`NoName`]: enum.CommandError.html#variant.NoName
- fn write_totp_slot(&self, data: OtpSlotData, time_window: u16) -> Result<(), Error>;
+ fn write_totp_slot(&mut self, data: OtpSlotData, time_window: u16) -> Result<(), Error>;
/// Erases an HOTP slot.
///
@@ -104,22 +104,22 @@ pub trait ConfigureOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.authenticate_admin("12345678") {
- /// Ok(admin) => {
+ /// Ok(mut admin) => {
/// match admin.erase_hotp_slot(1) {
/// Ok(()) => println!("Successfully erased slot."),
/// Err(err) => eprintln!("Could not erase slot: {}", err),
/// }
/// },
- /// Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// }
/// # Ok(())
/// # }
/// ```
///
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
- fn erase_hotp_slot(&self, slot: u8) -> Result<(), Error>;
+ fn erase_hotp_slot(&mut self, slot: u8) -> Result<(), Error>;
/// Erases a TOTP slot.
///
@@ -134,22 +134,22 @@ pub trait ConfigureOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.authenticate_admin("12345678") {
- /// Ok(admin) => {
+ /// Ok(mut admin) => {
/// match admin.erase_totp_slot(1) {
/// Ok(()) => println!("Successfully erased slot."),
/// Err(err) => eprintln!("Could not erase slot: {}", err),
/// }
/// },
- /// Err((_, err)) => eprintln!("Could not authenticate as admin: {}", err),
+ /// Err(err) => eprintln!("Could not authenticate as admin: {}", err),
/// }
/// # Ok(())
/// # }
/// ```
///
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
- fn erase_totp_slot(&self, slot: u8) -> Result<(), Error>;
+ fn erase_totp_slot(&mut self, slot: u8) -> Result<(), Error>;
}
/// Provides methods to generate OTP codes and to query OTP slots on a Nitrokey
@@ -171,7 +171,7 @@ pub trait GenerateOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let time = time::SystemTime::now().duration_since(time::UNIX_EPOCH);
/// match time {
/// Ok(time) => device.set_time(time.as_secs(), false)?,
@@ -187,7 +187,7 @@ pub trait GenerateOtp {
///
/// [`get_totp_code`]: #method.get_totp_code
/// [`Timestamp`]: enum.CommandError.html#variant.Timestamp
- fn set_time(&self, time: u64, force: bool) -> Result<(), Error> {
+ fn set_time(&mut self, time: u64, force: bool) -> Result<(), Error> {
let result = if force {
unsafe { nitrokey_sys::NK_totp_set_time(time) }
} else {
@@ -270,7 +270,7 @@ pub trait GenerateOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let code = device.get_hotp_code(1)?;
/// println!("Generated HOTP code on slot 1: {}", code);
/// # Ok(())
@@ -281,7 +281,7 @@ pub trait GenerateOtp {
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
/// [`NotAuthorized`]: enum.CommandError.html#variant.NotAuthorized
/// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed
- fn get_hotp_code(&self, slot: u8) -> Result<String, Error> {
+ fn get_hotp_code(&mut self, slot: u8) -> Result<String, Error> {
result_from_string(unsafe { nitrokey_sys::NK_get_hotp_code(slot) })
}
@@ -305,7 +305,7 @@ pub trait GenerateOtp {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let time = time::SystemTime::now().duration_since(time::UNIX_EPOCH);
/// match time {
/// Ok(time) => {
diff --git a/src/pws.rs b/src/pws.rs
index 1e27935..a5b9d33 100644
--- a/src/pws.rs
+++ b/src/pws.rs
@@ -18,8 +18,7 @@ pub const SLOT_COUNT: u8 = 16;
/// The password safe stores a tuple consisting of a name, a login and a password on a slot. The
/// number of available slots is [`SLOT_COUNT`][]. The slots are addressed starting with zero. To
/// retrieve a password safe from a Nitrokey device, use the [`get_password_safe`][] method from
-/// the [`GetPasswordSafe`][] trait. Note that the device must live at least as long as the
-/// password safe.
+/// the [`GetPasswordSafe`][] trait.
///
/// Once the password safe has been unlocked, it can be accessed without a password. Therefore it
/// is mandatory to call [`lock`][] on the corresponding device after the password store is used.
@@ -43,9 +42,10 @@ pub const SLOT_COUNT: u8 = 16;
/// }
///
/// # fn try_main() -> Result<(), Error> {
-/// let device = nitrokey::connect()?;
+/// let mut device = nitrokey::connect()?;
/// let pws = device.get_password_safe("123456")?;
/// use_password_safe(&pws);
+/// drop(pws);
/// device.lock()?;
/// # Ok(())
/// # }
@@ -57,21 +57,17 @@ pub const SLOT_COUNT: u8 = 16;
/// [`GetPasswordSafe`]: trait.GetPasswordSafe.html
#[derive(Debug)]
pub struct PasswordSafe<'a> {
- _device: &'a dyn Device,
+ device: &'a mut dyn Device,
}
/// Provides access to a [`PasswordSafe`][].
///
-/// The device that implements this trait must always live at least as long as a password safe
-/// retrieved from it.
-///
/// [`PasswordSafe`]: struct.PasswordSafe.html
pub trait GetPasswordSafe {
/// Enables and returns the password safe.
///
- /// The underlying device must always live at least as long as a password safe retrieved from
- /// it. It is mandatory to lock the underlying device using [`lock`][] after the password safe
- /// has been used. Otherwise, other applications can access the password store without
+ /// It is mandatory to lock the underlying device using [`lock`][] after the password safe has
+ /// been used. Otherwise, other applications can access the password store without
/// authentication.
///
/// If this method returns an `AesDecryptionFailed` (Nitrokey Pro) or `Unknown` (Nitrokey
@@ -97,14 +93,14 @@ pub trait GetPasswordSafe {
/// fn use_password_safe(pws: &PasswordSafe) {}
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.get_password_safe("123456") {
/// Ok(pws) => {
/// use_password_safe(&pws);
- /// device.lock()?;
/// },
/// Err(err) => eprintln!("Could not open the password safe: {}", err),
/// };
+ /// device.lock()?;
/// # Ok(())
/// # }
/// ```
@@ -116,16 +112,21 @@ pub trait GetPasswordSafe {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`Unknown`]: enum.CommandError.html#variant.Unknown
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, Error>;
+ fn get_password_safe(&mut self, user_pin: &str) -> Result<PasswordSafe<'_>, Error>;
}
fn get_password_safe<'a>(
- device: &'a dyn Device,
+ device: &'a mut dyn Device,
user_pin: &str,
) -> Result<PasswordSafe<'a>, Error> {
let user_pin_string = get_cstring(user_pin)?;
- get_command_result(unsafe { nitrokey_sys::NK_enable_password_safe(user_pin_string.as_ptr()) })
- .map(|_| PasswordSafe { _device: device })
+ let result = get_command_result(unsafe {
+ nitrokey_sys::NK_enable_password_safe(user_pin_string.as_ptr())
+ });
+ match result {
+ Ok(()) => Ok(PasswordSafe { device }),
+ Err(err) => Err(err),
+ }
}
fn get_pws_result(s: String) -> Result<String, Error> {
@@ -148,7 +149,7 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let pws = device.get_password_safe("123456")?;
/// pws.get_slot_status()?.iter().enumerate().for_each(|(slot, programmed)| {
/// let status = match *programmed {
@@ -193,7 +194,7 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// match device.get_password_safe("123456") {
/// Ok(pws) => {
/// let name = pws.get_slot_name(0)?;
@@ -230,7 +231,7 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let pws = device.get_password_safe("123456")?;
/// let name = pws.get_slot_name(0)?;
/// let login = pws.get_slot_login(0)?;
@@ -263,7 +264,7 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let pws = device.get_password_safe("123456")?;
/// let name = pws.get_slot_name(0)?;
/// let login = pws.get_slot_login(0)?;
@@ -294,7 +295,7 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
+ /// let mut device = nitrokey::connect()?;
/// let pws = device.get_password_safe("123456")?;
/// let name = pws.get_slot_name(0)?;
/// let login = pws.get_slot_login(0)?;
@@ -307,7 +308,7 @@ impl<'a> PasswordSafe<'a> {
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
pub fn write_slot(
- &self,
+ &mut self,
slot: u8,
name: &str,
login: &str,
@@ -340,8 +341,8 @@ impl<'a> PasswordSafe<'a> {
/// # use nitrokey::Error;
///
/// # fn try_main() -> Result<(), Error> {
- /// let device = nitrokey::connect()?;
- /// let pws = device.get_password_safe("123456")?;
+ /// let mut device = nitrokey::connect()?;
+ /// let mut pws = device.get_password_safe("123456")?;
/// match pws.erase_slot(0) {
/// Ok(()) => println!("Erased slot 0."),
/// Err(err) => eprintln!("Could not erase slot 0: {}", err),
@@ -351,7 +352,7 @@ impl<'a> PasswordSafe<'a> {
/// ```
///
/// [`InvalidSlot`]: enum.LibraryError.html#variant.InvalidSlot
- pub fn erase_slot(&self, slot: u8) -> Result<(), Error> {
+ pub fn erase_slot(&mut self, slot: u8) -> Result<(), Error> {
get_command_result(unsafe { nitrokey_sys::NK_erase_password_safe_slot(slot) })
}
}
@@ -364,19 +365,19 @@ impl<'a> Drop for PasswordSafe<'a> {
}
impl GetPasswordSafe for Pro {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
+ fn get_password_safe(&mut self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
get_password_safe(self, user_pin)
}
}
impl GetPasswordSafe for Storage {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
+ fn get_password_safe(&mut self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
get_password_safe(self, user_pin)
}
}
impl GetPasswordSafe for DeviceWrapper {
- fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
+ fn get_password_safe(&mut self, user_pin: &str) -> Result<PasswordSafe<'_>, Error> {
get_password_safe(self, user_pin)
}
}
diff --git a/tests/device.rs b/tests/device.rs
index 969a7df..bffd767 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -98,42 +98,35 @@ fn get_firmware_version(device: Pro) {
assert!(version.minor > 0);
}
-fn admin_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T {
- let result = device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix));
- let device = match result {
- Ok(admin) => admin.device(),
- Err((device, _)) => device,
- };
+fn admin_retry<T: Authenticate + Device>(device: &mut T, suffix: &str, count: u8) {
+ assert_any_ok!(device.authenticate_admin(&(ADMIN_PASSWORD.to_owned() + suffix)));
assert_ok!(count, device.get_admin_retry_count());
- return device;
}
-fn user_retry<T: Authenticate + Device>(device: T, suffix: &str, count: u8) -> T {
- let result = device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix));
- let device = match result {
- Ok(admin) => admin.device(),
- Err((device, _)) => device,
- };
+fn user_retry<T: Authenticate + Device>(device: &mut T, suffix: &str, count: u8) {
+ assert_any_ok!(device.authenticate_user(&(USER_PASSWORD.to_owned() + suffix)));
assert_ok!(count, device.get_user_retry_count());
- return device;
}
#[test_device]
fn get_retry_count(device: DeviceWrapper) {
- let device = admin_retry(device, "", 3);
- let device = admin_retry(device, "123", 2);
- let device = admin_retry(device, "456", 1);
- let device = admin_retry(device, "", 3);
-
- let device = user_retry(device, "", 3);
- let device = user_retry(device, "123", 2);
- let device = user_retry(device, "456", 1);
- user_retry(device, "", 3);
+ let mut device = device;
+
+ admin_retry(&mut device, "", 3);
+ admin_retry(&mut device, "123", 2);
+ admin_retry(&mut device, "456", 1);
+ admin_retry(&mut device, "", 3);
+
+ user_retry(&mut device, "", 3);
+ user_retry(&mut device, "123", 2);
+ user_retry(&mut device, "456", 1);
+ user_retry(&mut device, "", 3);
}
#[test_device]
fn config(device: DeviceWrapper) {
- let admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD));
+ let mut device = device;
+ let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD));
let config = Config::new(None, None, None, true);
assert_ok!((), admin.write_config(config));
@@ -153,41 +146,52 @@ fn config(device: DeviceWrapper) {
#[test_device]
fn change_user_pin(device: DeviceWrapper) {
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
- let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0;
+ let mut device = device;
+ assert_any_ok!(device.authenticate_user(USER_PASSWORD));
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_user(USER_NEW_PASSWORD)
+ );
assert_ok!((), device.change_user_pin(USER_PASSWORD, USER_NEW_PASSWORD));
- let device = device.authenticate_user(USER_PASSWORD).unwrap_err().0;
- let device = device
- .authenticate_user(USER_NEW_PASSWORD)
- .unwrap()
- .device();
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_user(USER_PASSWORD)
+ );
+ assert_any_ok!(device.authenticate_user(USER_NEW_PASSWORD));
let result = device.change_user_pin(USER_PASSWORD, USER_PASSWORD);
assert_cmd_err!(CommandError::WrongPassword, result);
assert_ok!((), device.change_user_pin(USER_NEW_PASSWORD, USER_PASSWORD));
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
- assert!(device.authenticate_user(USER_NEW_PASSWORD).is_err());
+ assert_any_ok!(device.authenticate_user(USER_PASSWORD));
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_user(USER_NEW_PASSWORD)
+ );
}
#[test_device]
fn change_admin_pin(device: DeviceWrapper) {
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
- let device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0;
+ let mut device = device;
+ assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD));
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_admin(ADMIN_NEW_PASSWORD)
+ );
assert_ok!(
(),
device.change_admin_pin(ADMIN_PASSWORD, ADMIN_NEW_PASSWORD)
);
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap_err().0;
- let device = device
- .authenticate_admin(ADMIN_NEW_PASSWORD)
- .unwrap()
- .device();
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_admin(ADMIN_PASSWORD)
+ );
+ assert_any_ok!(device.authenticate_admin(ADMIN_NEW_PASSWORD));
assert_cmd_err!(
CommandError::WrongPassword,
@@ -199,28 +203,24 @@ fn change_admin_pin(device: DeviceWrapper) {
device.change_admin_pin(ADMIN_NEW_PASSWORD, ADMIN_PASSWORD)
);
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
- device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err();
+ assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD));
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_admin(ADMIN_NEW_PASSWORD)
+ );
}
-fn require_failed_user_login<D>(device: D, password: &str, error: CommandError) -> D
-where
- D: Device + Authenticate,
- nitrokey::User<D>: std::fmt::Debug,
-{
- let result = device.authenticate_user(password);
- assert!(result.is_err());
- let err = result.unwrap_err();
- match err.1 {
- Error::CommandError(err) => assert_eq!(error, err),
- _ => assert!(false),
- };
- err.0
+fn require_failed_user_login<D: Authenticate + Device>(device: &mut D, password: &str) {
+ assert_cmd_err!(
+ CommandError::WrongPassword,
+ device.authenticate_user(password)
+ );
}
#[test_device]
fn unlock_user_pin(device: DeviceWrapper) {
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
+ let mut device = device;
+ assert_any_ok!(device.authenticate_user(USER_PASSWORD));
assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD));
assert_cmd_err!(
CommandError::WrongPassword,
@@ -229,10 +229,10 @@ fn unlock_user_pin(device: DeviceWrapper) {
// block user PIN
let wrong_password = USER_PASSWORD.to_owned() + "foo";
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, USER_PASSWORD);
// unblock with current PIN
assert_cmd_err!(
@@ -240,13 +240,13 @@ fn unlock_user_pin(device: DeviceWrapper) {
device.unlock_user_pin(USER_PASSWORD, USER_PASSWORD)
);
assert_ok!((), device.unlock_user_pin(ADMIN_PASSWORD, USER_PASSWORD));
- let device = device.authenticate_user(USER_PASSWORD).unwrap().device();
+ assert_any_ok!(device.authenticate_user(USER_PASSWORD));
// block user PIN
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, &wrong_password, CommandError::WrongPassword);
- let device = require_failed_user_login(device, USER_PASSWORD, CommandError::WrongPassword);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, &wrong_password);
+ require_failed_user_login(&mut device, USER_PASSWORD);
// unblock with new PIN
assert_cmd_err!(
@@ -272,12 +272,12 @@ fn assert_utf8_err_or_ne(left: &str, right: Result<String, Error>) {
#[test_device]
fn factory_reset(device: DeviceWrapper) {
- let admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD));
+ let mut device = device;
+ let mut admin = unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD));
let otp_data = OtpSlotData::new(1, "test", "0123468790", OtpMode::SixDigits);
assert_ok!((), admin.write_totp_slot(otp_data, 30));
- let device = admin.device();
- let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
+ let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw"));
drop(pws);
@@ -297,23 +297,24 @@ fn factory_reset(device: DeviceWrapper) {
);
assert_ok!((), device.factory_reset(ADMIN_NEW_PASSWORD));
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
+ assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD));
let user = unwrap_ok!(device.authenticate_user(USER_PASSWORD));
assert_cmd_err!(CommandError::SlotNotProgrammed, user.get_totp_slot_name(1));
- let device = user.device();
let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
assert_utf8_err_or_ne("test", pws.get_slot_name(0));
assert_utf8_err_or_ne("testlogin", pws.get_slot_login(0));
assert_utf8_err_or_ne("testpw", pws.get_slot_password(0));
+ drop(pws);
assert_ok!((), device.build_aes_key(ADMIN_PASSWORD));
}
#[test_device]
fn build_aes_key(device: DeviceWrapper) {
- let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
+ let mut device = device;
+ let mut pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
assert_ok!((), pws.write_slot(0, "test", "testlogin", "testpw"));
drop(pws);
@@ -323,7 +324,7 @@ fn build_aes_key(device: DeviceWrapper) {
);
assert_ok!((), device.build_aes_key(ADMIN_PASSWORD));
- let device = device.authenticate_admin(ADMIN_PASSWORD).unwrap().device();
+ assert_any_ok!(device.authenticate_admin(ADMIN_PASSWORD));
let pws = unwrap_ok!(device.get_password_safe(USER_PASSWORD));
assert_utf8_err_or_ne("test", pws.get_slot_name(0));
@@ -333,6 +334,7 @@ fn build_aes_key(device: DeviceWrapper) {
#[test_device]
fn change_update_pin(device: Storage) {
+ let mut device = device;
assert_cmd_err!(
CommandError::WrongPassword,
device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN)
@@ -343,6 +345,7 @@ fn change_update_pin(device: Storage) {
#[test_device]
fn encrypted_volume(device: Storage) {
+ let mut device = device;
assert_ok!((), device.lock());
assert_eq!(1, count_nitrokey_block_devices());
@@ -361,6 +364,7 @@ fn encrypted_volume(device: Storage) {
#[test_device]
fn hidden_volume(device: Storage) {
+ let mut device = device;
assert_ok!((), device.lock());
assert_eq!(1, count_nitrokey_block_devices());
@@ -396,6 +400,7 @@ fn hidden_volume(device: Storage) {
#[test_device]
fn lock(device: Storage) {
+ let mut device = device;
assert_ok!((), device.enable_encrypted_volume(USER_PASSWORD));
assert_ok!((), device.lock());
assert_eq!(1, count_nitrokey_block_devices());
@@ -405,6 +410,7 @@ fn lock(device: Storage) {
fn set_encrypted_volume_mode(device: Storage) {
// This test case does not check the device status as the command only works with firmware
// version 0.49. For later versions, it does not do anything and always returns Ok(()).
+ let mut device = device;
assert_ok!(
(),
@@ -441,12 +447,13 @@ fn set_unencrypted_volume_mode(device: Storage) {
);
}
- fn assert_success(device: &Storage, mode: VolumeMode) {
+ fn assert_success(device: &mut Storage, mode: VolumeMode) {
assert_ok!((), device.set_unencrypted_volume_mode(ADMIN_PASSWORD, mode));
assert_mode(&device, mode);
}
- assert_success(&device, VolumeMode::ReadOnly);
+ let mut device = device;
+ assert_success(&mut device, VolumeMode::ReadOnly);
assert_cmd_err!(
CommandError::WrongPassword,
@@ -454,9 +461,9 @@ fn set_unencrypted_volume_mode(device: Storage) {
);
assert_mode(&device, VolumeMode::ReadOnly);
- assert_success(&device, VolumeMode::ReadWrite);
- assert_success(&device, VolumeMode::ReadWrite);
- assert_success(&device, VolumeMode::ReadOnly);
+ assert_success(&mut device, VolumeMode::ReadWrite);
+ assert_success(&mut device, VolumeMode::ReadWrite);
+ assert_success(&mut device, VolumeMode::ReadOnly);
}
#[test_device]
@@ -488,6 +495,7 @@ fn get_production_info(device: Storage) {
#[test_device]
fn clear_new_sd_card_warning(device: Storage) {
+ let mut device = device;
assert_ok!((), device.factory_reset(ADMIN_PASSWORD));
thread::sleep(time::Duration::from_secs(3));
assert_ok!((), device.build_aes_key(ADMIN_PASSWORD));
@@ -506,6 +514,7 @@ fn clear_new_sd_card_warning(device: Storage) {
#[test_device]
fn export_firmware(device: Storage) {
+ let mut device = device;
assert_cmd_err!(
CommandError::WrongPassword,
device.export_firmware("someadminpn")
diff --git a/tests/otp.rs b/tests/otp.rs
index fc0e79e..8ca8311 100644
--- a/tests/otp.rs
+++ b/tests/otp.rs
@@ -3,8 +3,7 @@
mod util;
-use std::fmt::Debug;
-use std::ops::Deref;
+use std::ops::DerefMut;
use nitrokey::{
Admin, Authenticate, CommandError, Config, ConfigureOtp, Device, GenerateOtp, LibraryError,
@@ -38,22 +37,19 @@ enum TotpTimestampSize {
U64,
}
-fn make_admin_test_device<T>(device: T) -> Admin<T>
+fn make_admin_test_device<'a, T>(device: &'a mut T) -> Admin<'a, T>
where
T: Device,
- (T, nitrokey::Error): Debug,
{
- device
- .authenticate_admin(ADMIN_PASSWORD)
- .expect("Could not login as admin.")
+ unwrap_ok!(device.authenticate_admin(ADMIN_PASSWORD))
}
-fn configure_hotp(admin: &ConfigureOtp, counter: u8) {
+fn configure_hotp(admin: &mut ConfigureOtp, counter: u8) {
let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
assert_ok!((), admin.write_hotp_slot(slot_data, counter.into()));
}
-fn check_hotp_codes(device: &GenerateOtp, offset: u8) {
+fn check_hotp_codes(device: &mut GenerateOtp, offset: u8) {
HOTP_CODES.iter().enumerate().for_each(|(i, code)| {
if i >= offset as usize {
assert_ok!(code.to_string(), device.get_hotp_code(1));
@@ -63,6 +59,7 @@ fn check_hotp_codes(device: &GenerateOtp, offset: u8) {
#[test_device]
fn set_time(device: DeviceWrapper) {
+ let mut device = device;
assert_ok!((), device.set_time(1546385382, true));
assert_ok!((), device.set_time(1546385392, false));
assert_cmd_err!(CommandError::Timestamp, device.set_time(1546385292, false));
@@ -71,47 +68,50 @@ fn set_time(device: DeviceWrapper) {
#[test_device]
fn hotp_no_pin(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, false);
assert_ok!((), admin.write_config(config));
- configure_hotp(&admin, 0);
- check_hotp_codes(admin.deref(), 0);
+ configure_hotp(&mut admin, 0);
+ check_hotp_codes(admin.deref_mut(), 0);
- configure_hotp(&admin, 5);
- check_hotp_codes(admin.deref(), 5);
+ configure_hotp(&mut admin, 5);
+ check_hotp_codes(admin.deref_mut(), 5);
- configure_hotp(&admin, 0);
- check_hotp_codes(&admin.device(), 0);
+ configure_hotp(&mut admin, 0);
+ check_hotp_codes(&mut device, 0);
}
#[test_device]
fn hotp_pin(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, true);
assert_ok!((), admin.write_config(config));
- configure_hotp(&admin, 0);
- let user = unwrap_ok!(admin.device().authenticate_user(USER_PASSWORD));
- check_hotp_codes(&user, 0);
+ configure_hotp(&mut admin, 0);
+ let mut user = unwrap_ok!(device.authenticate_user(USER_PASSWORD));
+ check_hotp_codes(&mut user, 0);
- assert_cmd_err!(CommandError::NotAuthorized, user.device().get_hotp_code(1));
+ assert_cmd_err!(CommandError::NotAuthorized, user.get_hotp_code(1));
}
#[test_device]
fn hotp_slot_name(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits);
assert_ok!((), admin.write_hotp_slot(slot_data, 0));
- let device = admin.device();
assert_ok!("test-hotp".to_string(), device.get_hotp_slot_name(1));
assert_lib_err!(LibraryError::InvalidSlot, device.get_hotp_slot_name(4));
}
#[test_device]
fn hotp_error(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits);
assert_cmd_err!(CommandError::NoName, admin.write_hotp_slot(slot_data, 0));
let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits);
@@ -130,7 +130,8 @@ fn hotp_error(device: DeviceWrapper) {
#[test_device]
fn hotp_erase(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, false);
assert_ok!((), admin.write_config(config));
let slot_data = OtpSlotData::new(1, "test1", HOTP_SECRET, OtpMode::SixDigits);
@@ -140,7 +141,6 @@ fn hotp_erase(device: DeviceWrapper) {
assert_ok!((), admin.erase_hotp_slot(1));
- let device = admin.device();
let result = device.get_hotp_slot_name(1);
assert_cmd_err!(CommandError::SlotNotProgrammed, result);
let result = device.get_hotp_code(1);
@@ -149,13 +149,13 @@ fn hotp_erase(device: DeviceWrapper) {
assert_ok!("test2".to_string(), device.get_hotp_slot_name(2));
}
-fn configure_totp(admin: &ConfigureOtp, factor: u64) {
+fn configure_totp(admin: &mut ConfigureOtp, factor: u64) {
let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
let time_window = 30u64.checked_mul(factor).unwrap();
assert_ok!((), admin.write_totp_slot(slot_data, time_window as u16));
}
-fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) {
+fn check_totp_codes(device: &mut GenerateOtp, factor: u64, timestamp_size: TotpTimestampSize) {
for (base_time, codes) in TOTP_CODES {
let time = base_time.checked_mul(factor).unwrap();
let is_u64 = time > u32::max_value() as u64;
@@ -177,74 +177,76 @@ fn check_totp_codes(device: &GenerateOtp, factor: u64, timestamp_size: TotpTimes
#[test_device]
fn totp_no_pin(device: DeviceWrapper) {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, false);
assert_ok!((), admin.write_config(config));
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U32);
+ configure_totp(&mut admin, 1);
+ check_totp_codes(admin.deref_mut(), 1, TotpTimestampSize::U32);
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U32);
+ configure_totp(&mut admin, 2);
+ check_totp_codes(admin.deref_mut(), 2, TotpTimestampSize::U32);
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U32);
+ configure_totp(&mut admin, 1);
+ check_totp_codes(&mut device, 1, TotpTimestampSize::U32);
}
#[test_device]
// Nitrokey Storage does only support timestamps that fit in a 32-bit
// unsigned integer, so don't test with it.
fn totp_no_pin_64(device: Pro) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, false);
assert_ok!((), admin.write_config(config));
- configure_totp(&admin, 1);
- check_totp_codes(admin.deref(), 1, TotpTimestampSize::U64);
+ configure_totp(&mut admin, 1);
+ check_totp_codes(admin.deref_mut(), 1, TotpTimestampSize::U64);
- configure_totp(&admin, 2);
- check_totp_codes(admin.deref(), 2, TotpTimestampSize::U64);
+ configure_totp(&mut admin, 2);
+ check_totp_codes(admin.deref_mut(), 2, TotpTimestampSize::U64);
- configure_totp(&admin, 1);
- check_totp_codes(&admin.device(), 1, TotpTimestampSize::U64);
+ configure_totp(&mut admin, 1);
+ check_totp_codes(&mut device, 1, TotpTimestampSize::U64);
}
#[test_device]
fn totp_pin(device: DeviceWrapper) {
- // TODO: this test may fail due to bad timing --> find solution
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, true);
assert_ok!((), admin.write_config(config));
- configure_totp(&admin, 1);
- let user = unwrap_ok!(admin.device().authenticate_user(USER_PASSWORD));
- check_totp_codes(&user, 1, TotpTimestampSize::U32);
+ configure_totp(&mut admin, 1);
+ let mut user = unwrap_ok!(device.authenticate_user(USER_PASSWORD));
+ check_totp_codes(&mut user, 1, TotpTimestampSize::U32);
- assert_cmd_err!(CommandError::NotAuthorized, user.device().get_totp_code(1));
+ assert_cmd_err!(CommandError::NotAuthorized, user.get_totp_code(1));
}
#[test_device]
// See comment for totp_no_pin_64.
fn totp_pin_64(device: Pro) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, true);
assert_ok!((), admin.write_config(config));
- configure_totp(&admin, 1);
- let user = unwrap_ok!(admin.device().authenticate_user(USER_PASSWORD));
- check_totp_codes(&user, 1, TotpTimestampSize::U64);
+ configure_totp(&mut admin, 1);
+ let mut user = unwrap_ok!(admin.authenticate_user(USER_PASSWORD));
+ check_totp_codes(&mut user, 1, TotpTimestampSize::U64);
- assert_cmd_err!(CommandError::NotAuthorized, user.device().get_totp_code(1));
+ assert_cmd_err!(CommandError::NotAuthorized, device.get_totp_code(1));
}
#[test_device]
fn totp_slot_name(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits);
assert_ok!((), admin.write_totp_slot(slot_data, 0));
- let device = admin.device();
let result = device.get_totp_slot_name(1);
assert_ok!("test-totp", result);
let result = device.get_totp_slot_name(16);
@@ -253,7 +255,8 @@ fn totp_slot_name(device: DeviceWrapper) {
#[test_device]
fn totp_error(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let slot_data = OtpSlotData::new(1, "", TOTP_SECRET, OtpMode::SixDigits);
assert_cmd_err!(CommandError::NoName, admin.write_totp_slot(slot_data, 0));
let slot_data = OtpSlotData::new(20, "test", TOTP_SECRET, OtpMode::SixDigits);
@@ -272,7 +275,8 @@ fn totp_error(device: DeviceWrapper) {
#[test_device]
fn totp_erase(device: DeviceWrapper) {
- let admin = make_admin_test_device(device);
+ let mut device = device;
+ let mut admin = make_admin_test_device(&mut device);
let config = Config::new(None, None, None, false);
assert_ok!((), admin.write_config(config));
let slot_data = OtpSlotData::new(1, "test1", TOTP_SECRET, OtpMode::SixDigits);
@@ -282,7 +286,6 @@ fn totp_erase(device: DeviceWrapper) {
assert_ok!((), admin.erase_totp_slot(1));
- let device = admin.device();
let result = device.get_totp_slot_name(1);
assert_cmd_err!(CommandError::SlotNotProgrammed, result);
let result = device.get_totp_code(1);
diff --git a/tests/pws.rs b/tests/pws.rs
index 32dc8f7..7805803 100644
--- a/tests/pws.rs
+++ b/tests/pws.rs
@@ -33,7 +33,7 @@ fn get_slot_name_direct(slot: u8) -> Result<String, Error> {
}
}
-fn get_pws<T>(device: &T) -> PasswordSafe
+fn get_pws<T>(device: &mut T) -> PasswordSafe
where
T: Device,
{
@@ -42,6 +42,7 @@ where
#[test_device]
fn enable(device: DeviceWrapper) {
+ let mut device = device;
assert_cmd_err!(
CommandError::WrongPassword,
device.get_password_safe(&(USER_PASSWORD.to_owned() + "123"))
@@ -56,8 +57,9 @@ fn enable(device: DeviceWrapper) {
#[test_device]
fn drop(device: DeviceWrapper) {
+ let mut device = device;
{
- let pws = get_pws(&device);
+ let mut pws = get_pws(&mut device);
assert_ok!((), pws.write_slot(1, "name", "login", "password"));
assert_ok!("name".to_string(), pws.get_slot_name(1));
let result = get_slot_name_direct(1);
@@ -72,7 +74,8 @@ fn drop(device: DeviceWrapper) {
#[test_device]
fn get_status(device: DeviceWrapper) {
- let pws = get_pws(&device);
+ let mut device = device;
+ let mut pws = get_pws(&mut device);
for i in 0..SLOT_COUNT {
assert_ok!((), pws.erase_slot(i));
}
@@ -93,7 +96,8 @@ fn get_status(device: DeviceWrapper) {
#[test_device]
fn get_data(device: DeviceWrapper) {
- let pws = get_pws(&device);
+ let mut device = device;
+ let mut pws = get_pws(&mut device);
assert_ok!((), pws.write_slot(1, "name", "login", "password"));
assert_ok!("name".to_string(), pws.get_slot_name(1));
assert_ok!("login".to_string(), pws.get_slot_login(1));
@@ -119,7 +123,8 @@ fn get_data(device: DeviceWrapper) {
#[test_device]
fn write(device: DeviceWrapper) {
- let pws = get_pws(&device);
+ let mut device = device;
+ let mut pws = get_pws(&mut device);
assert_lib_err!(
LibraryError::InvalidSlot,
@@ -144,7 +149,8 @@ fn write(device: DeviceWrapper) {
#[test_device]
fn erase(device: DeviceWrapper) {
- let pws = get_pws(&device);
+ let mut device = device;
+ let mut pws = get_pws(&mut device);
assert_lib_err!(LibraryError::InvalidSlot, pws.erase_slot(SLOT_COUNT));
assert_ok!((), pws.write_slot(0, "name", "login", "password"));
diff --git a/tests/util/mod.rs b/tests/util/mod.rs
index bd207a9..f80372d 100644
--- a/tests/util/mod.rs
+++ b/tests/util/mod.rs
@@ -8,7 +8,7 @@ pub static USER_PASSWORD: &str = "123456";
#[macro_export]
macro_rules! unwrap_ok {
- ($val:expr) => {{
+ ($val:expr) => {
match $val {
Ok(val) => val,
Err(err) => panic!(
@@ -18,12 +18,12 @@ macro_rules! unwrap_ok {
err
),
}
- }};
+ };
}
#[macro_export]
macro_rules! assert_any_ok {
- ($val:expr) => {{
+ ($val:expr) => {
match &$val {
Ok(_) => {}
Err(err) => panic!(
@@ -33,12 +33,12 @@ macro_rules! assert_any_ok {
err
),
}
- }};
+ };
}
#[macro_export]
macro_rules! assert_ok {
- ($left:expr, $right:expr) => {{
+ ($left:expr, $right:expr) => {
match &$right {
Ok(right) => match &$left {
left => {
@@ -59,7 +59,7 @@ macro_rules! assert_ok {
$left, right_err
),
}
- }};
+ };
}
#[macro_export]