aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2019-01-03 12:16:21 +0000
committerRobin Krahl <robin.krahl@ireas.org>2019-01-03 13:17:54 +0100
commitd60e03b46a6af75056f07394ef66ecaa35f32d77 (patch)
treeeecd8b42abaf5a125d5d7ddcdc9e0b6225755ce5
parent1061005a82ed0ba6ad5c48322e704f786bd802ab (diff)
downloadnitrokey-rs-d60e03b46a6af75056f07394ef66ecaa35f32d77.tar.gz
nitrokey-rs-d60e03b46a6af75056f07394ef66ecaa35f32d77.tar.bz2
Add Storage::change_update_pin method
This patch adds the change_update_pin method to the Storage struct that uses the NK_change_update_password function to set the password required for firmware updates.
-rw-r--r--CHANGELOG.md2
-rw-r--r--TODO.md1
-rw-r--r--src/device.rs39
-rw-r--r--tests/device.rs13
-rw-r--r--tests/util/mod.rs1
5 files changed, 54 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 018ff4d..1611414 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
- Add `CommandError::Undefined` to represent errors without further
information (e. g. a method returned `NULL` unexpectedly).
- Add error code to `CommandError::Unknown`.
+- Add function `Storage::change_update_pin` that changes the firmware update
+ PIN.
# v0.2.3 (2018-12-31)
diff --git a/TODO.md b/TODO.md
index 16ec558..0071dcc 100644
--- a/TODO.md
+++ b/TODO.md
@@ -17,7 +17,6 @@
- `NK_export_firmware`
- `NK_clear_new_sd_card_warning`
- `NK_fill_SD_card_with_random_data`
- - `NK_change_update_password`
- `NK_get_SD_usage_data_as_string`
- `NK_get_progress_bar_value`
- `NK_list_devices_by_cpuID`
diff --git a/src/device.rs b/src/device.rs
index 33e5410..4b8cc5c 100644
--- a/src/device.rs
+++ b/src/device.rs
@@ -667,6 +667,45 @@ impl Storage {
}
}
+ /// Changes the update PIN.
+ ///
+ /// The update PIN is used to enable firmware updates. Unlike the user and the admin PIN, the
+ /// update PIN is not managed by the OpenPGP smart card but by the Nitrokey firmware. There is
+ /// no retry counter as with the other PIN types.
+ ///
+ /// # Errors
+ ///
+ /// - [`InvalidString`][] if one of the provided passwords contains a null byte
+ /// - [`WrongPassword`][] if the current update password is wrong
+ ///
+ /// # Example
+ ///
+ /// ```no_run
+ /// # use nitrokey::CommandError;
+ ///
+ /// # fn try_main() -> Result<(), CommandError> {
+ /// let device = nitrokey::Storage::connect()?;
+ /// match device.change_storage_pin("12345678", "87654321") {
+ /// Ok(()) => println!("Updated update PIN."),
+ /// Err(err) => println!("Failed to update update PIN: {}", err),
+ /// };
+ /// # Ok(())
+ /// # }
+ /// ```
+ ///
+ /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString
+ /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
+ pub fn change_update_pin(&self, current: &str, new: &str) -> Result<(), CommandError> {
+ let current_string = get_cstring(current)?;
+ let new_string = get_cstring(new)?;
+ unsafe {
+ get_command_result(nitrokey_sys::NK_change_update_password(
+ current_string.as_ptr(),
+ new_string.as_ptr(),
+ ))
+ }
+ }
+
/// Enables the encrypted storage volume.
///
/// Once the encrypted volume is enabled, it is presented to the operating system as a block
diff --git a/tests/device.rs b/tests/device.rs
index 4551534..a225d2d 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -6,9 +6,10 @@ use std::{thread, time};
use nitrokey::{Authenticate, CommandError, Config, Device, Storage};
-use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
+use crate::util::{Target, ADMIN_PASSWORD, USER_PASSWORD, UPDATE_PIN};
static ADMIN_NEW_PASSWORD: &str = "1234567890";
+static UPDATE_NEW_PIN: &str = "87654321";
static USER_NEW_PASSWORD: &str = "abcdefghij";
fn count_nitrokey_block_devices() -> usize {
@@ -296,6 +297,16 @@ fn unlock_user_pin() {
#[test]
#[cfg_attr(not(feature = "test-storage"), ignore)]
+fn change_update_pin() {
+ let device = Storage::connect().unwrap();
+
+ assert_eq!(Err(CommandError::WrongPassword), device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN));
+ assert_eq!(Ok(()), device.change_update_pin(UPDATE_PIN, UPDATE_NEW_PIN));
+ assert_eq!(Ok(()), device.change_update_pin(UPDATE_NEW_PIN, UPDATE_PIN));
+}
+
+#[test]
+#[cfg_attr(not(feature = "test-storage"), ignore)]
fn encrypted_volume() {
let device = Storage::connect().unwrap();
assert!(device.lock().is_ok());
diff --git a/tests/util/mod.rs b/tests/util/mod.rs
index c2c94e2..5e495d8 100644
--- a/tests/util/mod.rs
+++ b/tests/util/mod.rs
@@ -1,4 +1,5 @@
pub static ADMIN_PASSWORD: &str = "12345678";
+pub static UPDATE_PIN: &str = "12345678";
pub static USER_PASSWORD: &str = "123456";
#[cfg(not(feature = "test-storage"))]