diff options
author | Robin Krahl <robin.krahl@ireas.org> | 2018-05-21 21:59:25 +0000 |
---|---|---|
committer | Robin Krahl <robin.krahl@ireas.org> | 2018-05-22 00:01:54 +0200 |
commit | 9428ce3221209828b8cff0e34957ebb9b10b2d99 (patch) | |
tree | 94fb08204694966d6db1a487add706c7fedc85a9 /src | |
parent | 3472841949caacadeec92dbf80eca13fd2171f5c (diff) | |
download | nitrokey-rs-9428ce3221209828b8cff0e34957ebb9b10b2d99.tar.gz nitrokey-rs-9428ce3221209828b8cff0e34957ebb9b10b2d99.tar.bz2 |
Correct invalid slot handling
While the Nitrokey device would generate a WrongSlot error, libnitrokey
catches these errors and raises an InvalidSlotException with error code
201. This patch matches this error code to CommandError::InvalidSlot,
corrects the documentation and adds test cases.
To be able to test a failing OTP generation command, we have to adapt
get_string_result to free the string only if successful. This is due to
the segfault issue in libnitrokey v3.3 (see todo list).
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 28 | ||||
-rw-r--r-- | src/tests/pro.rs | 34 |
2 files changed, 47 insertions, 15 deletions
@@ -394,8 +394,8 @@ pub trait Device { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`SlotNotProgrammed`][] if the given slot is not configured - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -413,8 +413,8 @@ pub trait Device { /// # } /// ``` /// + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot fn get_hotp_slot_name(&self, slot: u8) -> Result<String, CommandError> { unsafe { result_from_string(nitrokey_sys::NK_get_hotp_slot_name(slot)) } } @@ -423,8 +423,8 @@ pub trait Device { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`SlotNotProgrammed`][] if the given slot is not configured - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -442,8 +442,8 @@ pub trait Device { /// # } /// ``` /// + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot fn get_totp_slot_name(&self, slot: u8) -> Result<String, CommandError> { unsafe { result_from_string(nitrokey_sys::NK_get_totp_slot_name(slot)) } } @@ -569,9 +569,9 @@ pub trait Device { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`NotAuthorized`][] if OTP generation requires user authentication /// - [`SlotNotProgrammed`][] if the given slot is not configured - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -588,9 +588,9 @@ pub trait Device { /// ``` /// /// [`get_config`]: #method.get_config + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`NotAuthorized`]: enum.CommandError.html#variant.NotAuthorized /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot fn get_hotp_code(&self, slot: u8) -> Result<String, CommandError> { unsafe { return result_from_string(nitrokey_sys::NK_get_hotp_code(slot)); @@ -606,9 +606,9 @@ pub trait Device { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`NotAuthorized`][] if OTP generation requires user authentication /// - [`SlotNotProgrammed`][] if the given slot is not configured - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -626,9 +626,9 @@ pub trait Device { /// /// [`set_time`]: #method.set_time /// [`get_config`]: #method.get_config + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`NotAuthorized`]: enum.CommandError.html#variant.NotAuthorized /// [`SlotNotProgrammed`]: enum.CommandError.html#variant.SlotNotProgrammed - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot fn get_totp_code(&self, slot: u8) -> Result<String, CommandError> { unsafe { return result_from_string(nitrokey_sys::NK_get_totp_code(slot, 0, 0, 0)); @@ -746,6 +746,7 @@ impl From<c_int> for CommandError { 8 => CommandError::NotSupported, 9 => CommandError::UnknownCommand, 10 => CommandError::AesDecryptionFailed, + 201 => CommandError::InvalidSlot, _ => CommandError::Unknown, } } @@ -799,10 +800,11 @@ fn result_from_string(ptr: *const std::os::raw::c_char) -> Result<String, Comman } unsafe { let s = owned_str_from_ptr(ptr); - libc::free(ptr as *mut libc::c_void); if s.is_empty() { return Err(get_last_error()); } + // TODO: move up for newer libnitrokey versions + libc::free(ptr as *mut libc::c_void); return Ok(s); } } @@ -1214,9 +1216,9 @@ impl AdminAuthenticatedDevice { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`InvalidString`][] if the provided token ID contains a null byte /// - [`NoName`][] if the provided name is empty - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -1240,9 +1242,9 @@ impl AdminAuthenticatedDevice { /// # } /// ``` /// + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString /// [`NoName`]: enum.CommandError.html#variant.NoName - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot pub fn write_hotp_slot(&self, data: OtpSlotData, counter: u64) -> CommandStatus { return self.write_otp_slot(data, |raw_data: RawOtpSlotData, temp_password_ptr| unsafe { nitrokey_sys::NK_write_hotp_slot( @@ -1264,9 +1266,9 @@ impl AdminAuthenticatedDevice { /// /// # Errors /// + /// - [`InvalidSlot`][] if there is no slot with the given number /// - [`InvalidString`][] if the provided token ID contains a null byte /// - [`NoName`][] if the provided name is empty - /// - [`WrongSlot`][] if there is no slot with the given number /// /// # Example /// @@ -1290,9 +1292,9 @@ impl AdminAuthenticatedDevice { /// # } /// ``` /// + /// [`InvalidSlot`]: enum.CommandError.html#variant.InvalidSlot /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString /// [`NoName`]: enum.CommandError.html#variant.NoName - /// [`WrongSlot`]: enum.CommandError.html#variant.WrongSlot pub fn write_totp_slot(&self, data: OtpSlotData, time_window: u16) -> CommandStatus { return self.write_otp_slot(data, |raw_data: RawOtpSlotData, temp_password_ptr| unsafe { nitrokey_sys::NK_write_totp_slot( diff --git a/src/tests/pro.rs b/src/tests/pro.rs index 8394e47..a508801 100644 --- a/src/tests/pro.rs +++ b/src/tests/pro.rs @@ -117,8 +117,23 @@ fn hotp_slot_name() { let slot_data = OtpSlotData::new(1, "test-hotp", HOTP_SECRET, OtpMode::SixDigits); assert_eq!(CommandStatus::Success, admin.write_hotp_slot(slot_data, 0)); - let result = admin.device().get_hotp_slot_name(1); + let device = admin.device(); + let result = device.get_hotp_slot_name(1); assert_eq!("test-hotp", result.unwrap()); + let result = device.get_hotp_slot_name(4); + assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn hotp_error() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Error(CommandError::NoName), admin.write_hotp_slot(slot_data, 0)); + let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Error(CommandError::InvalidSlot), admin.write_hotp_slot(slot_data, 0)); + let code = admin.get_hotp_code(4); + assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); } fn configure_totp(admin: &AdminAuthenticatedDevice) { @@ -181,9 +196,24 @@ fn totp_slot_name() { let slot_data = OtpSlotData::new(1, "test-totp", TOTP_SECRET, OtpMode::EightDigits); assert_eq!(CommandStatus::Success, admin.write_totp_slot(slot_data, 0)); - let result = admin.device().get_totp_slot_name(1); + let device = admin.device(); + let result = device.get_totp_slot_name(1); assert!(result.is_ok()); assert_eq!("test-totp", result.unwrap()); + let result = device.get_totp_slot_name(16); + assert_eq!(CommandError::InvalidSlot, result.unwrap_err()); +} + +#[test] +#[cfg_attr(not(feature = "test-pro"), ignore)] +fn totp_error() { + let admin = get_admin_test_device(); + let slot_data = OtpSlotData::new(1, "", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Error(CommandError::NoName), admin.write_hotp_slot(slot_data, 0)); + let slot_data = OtpSlotData::new(4, "test", HOTP_SECRET, OtpMode::SixDigits); + assert_eq!(CommandStatus::Error(CommandError::InvalidSlot), admin.write_hotp_slot(slot_data, 0)); + let code = admin.get_hotp_code(4); + assert_eq!(CommandError::InvalidSlot, code.unwrap_err()); } #[test] |