aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2018-06-05 22:30:04 +0200
committerRobin Krahl <robin.krahl@ireas.org>2018-06-05 22:30:04 +0200
commit017a27a009947d73c00f934a1e052b0ef021680b (patch)
treec3c2c088d4eb0c07be16b1a46d7abddd131e9229 /src
parent5b536045bd4276b31edafb55f39ded8534732401 (diff)
downloadnitrokey-rs-017a27a009947d73c00f934a1e052b0ef021680b.tar.gz
nitrokey-rs-017a27a009947d73c00f934a1e052b0ef021680b.tar.bz2
Implement Drop for PasswordSafe
By calling NK_lock_device when dropping a PasswordSafe instance, we can make sure that the password safe cannot be reused without authentication.
Diffstat (limited to 'src')
-rw-r--r--src/pws.rs8
-rw-r--r--src/tests/pws.rs21
2 files changed, 28 insertions, 1 deletions
diff --git a/src/pws.rs b/src/pws.rs
index 87a71dd..85726c5 100644
--- a/src/pws.rs
+++ b/src/pws.rs
@@ -315,6 +315,14 @@ impl<'a> PasswordSafe<'a> {
}
}
+impl<'a> Drop for PasswordSafe<'a> {
+ fn drop(&mut self) {
+ unsafe {
+ nitrokey_sys::NK_lock_device();
+ }
+ }
+}
+
impl GetPasswordSafe for Pro {
fn get_password_safe(&self, user_pin: &str) -> Result<PasswordSafe, CommandError> {
get_password_safe(self, user_pin)
diff --git a/src/tests/pws.rs b/src/tests/pws.rs
index 30d6853..d6125a9 100644
--- a/src/tests/pws.rs
+++ b/src/tests/pws.rs
@@ -1,6 +1,7 @@
+use nitrokey_sys;
use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};
use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD};
-use util::{CommandError, CommandStatus};
+use util::{result_from_string, CommandError, CommandStatus};
fn get_pws(device: &Target) -> PasswordSafe {
device.get_password_safe(USER_PASSWORD).unwrap()
@@ -22,6 +23,24 @@ fn enable() {
#[test]
#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
+fn drop() {
+ let device = Target::connect().unwrap();
+ {
+ let pws = get_pws(&device);
+ assert_eq!(
+ CommandStatus::Success,
+ pws.write_slot(1, "name", "login", "password")
+ );
+ assert_eq!("name", pws.get_slot_name(1).unwrap());
+ let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
+ assert_eq!(Ok(String::from("name")), result);
+ }
+ let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) });
+ assert_eq!(Err(CommandError::NotAuthorized), result);
+}
+
+#[test]
+#[cfg_attr(not(any(feature = "test-pro", feature = "test-storage")), ignore)]
fn get_status() {
let device = Target::connect().unwrap();
let pws = get_pws(&device);