diff options
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | TODO.md | 3 | ||||
| -rw-r--r-- | src/device/mod.rs | 147 | ||||
| -rw-r--r-- | src/error.rs | 4 | ||||
| -rw-r--r-- | src/lib.rs | 124 | ||||
| -rw-r--r-- | tests/device.rs | 83 | 
6 files changed, 341 insertions, 25 deletions
| diff --git a/CHANGELOG.md b/CHANGELOG.md index 71d2377..abdcab7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,11 @@ SPDX-License-Identifier: CC0-1.0    - `NK_enable_firmware_update_pro`    - `NK_list_devices_by_cpuID`    - `NK_send_startup` +- Implement connection by path: +  - Add the `Error::UnsupportedDeviceError` variant. +  - Add the `DeviceInfo` struct. +  - Add the `list_devices` function. +  - Add the `connect_path` function to the `Manager` struct.  # v0.4.0 (2020-01-02)  - Remove the `test-pro` and `test-storage` features. @@ -8,9 +8,6 @@ SPDX-License-Identifier: CC0-1.0      - `NK_get_SD_usage_data`      - `NK_get_progress_bar_value`      - `NK_get_status` -- waiting for [libnitrokey issue 166][] -    - `NK_list_devices` -    - `NK_free_device_info` -    - `NK_connect_with_path`  - Clear passwords from memory.  - Lock password safe in `PasswordSafe::drop()` (see [nitrokey-storage-firmware    issue 65][]). diff --git a/src/device/mod.rs b/src/device/mod.rs index 5e15f08..e015886 100644 --- a/src/device/mod.rs +++ b/src/device/mod.rs @@ -5,6 +5,9 @@ mod pro;  mod storage;  mod wrapper; +use std::cmp; +use std::convert::{TryFrom, TryInto}; +use std::ffi;  use std::fmt;  use libc; @@ -16,7 +19,8 @@ use crate::error::{CommunicationError, Error};  use crate::otp::GenerateOtp;  use crate::pws::GetPasswordSafe;  use crate::util::{ -    get_command_result, get_cstring, get_last_error, result_from_string, result_or_error, +    get_command_result, get_cstring, get_last_error, owned_str_from_ptr, result_from_string, +    result_or_error,  };  pub use pro::Pro; @@ -43,6 +47,97 @@ impl fmt::Display for Model {      }  } +impl From<Model> for nitrokey_sys::NK_device_model { +    fn from(model: Model) -> Self { +        match model { +            Model::Storage => nitrokey_sys::NK_device_model_NK_STORAGE, +            Model::Pro => nitrokey_sys::NK_device_model_NK_PRO, +        } +    } +} + +impl TryFrom<nitrokey_sys::NK_device_model> for Model { +    type Error = Error; + +    fn try_from(model: nitrokey_sys::NK_device_model) -> Result<Self, Error> { +        match model { +            nitrokey_sys::NK_device_model_NK_DISCONNECTED => { +                Err(CommunicationError::NotConnected.into()) +            } +            nitrokey_sys::NK_device_model_NK_PRO => Ok(Model::Pro), +            nitrokey_sys::NK_device_model_NK_STORAGE => Ok(Model::Storage), +            _ => Err(Error::UnsupportedModelError), +        } +    } +} + +/// Connection information for a Nitrokey device. +#[derive(Clone, Debug, PartialEq)] +pub struct DeviceInfo { +    /// The model of the Nitrokey device, or `None` if the model is not supported by this crate. +    pub model: Option<Model>, +    /// The USB device path. +    pub path: String, +    /// The serial number as a 8-character hex string, or `None` if the device does not expose its +    /// serial number. +    pub serial_number: Option<String>, +} + +impl TryFrom<&nitrokey_sys::NK_device_info> for DeviceInfo { +    type Error = Error; + +    fn try_from(device_info: &nitrokey_sys::NK_device_info) -> Result<DeviceInfo, Error> { +        let model_result = device_info.model.try_into(); +        let model_option = model_result.map(Some).or_else(|err| match err { +            Error::UnsupportedModelError => Ok(None), +            _ => Err(err), +        })?; +        let serial_number = unsafe { ffi::CStr::from_ptr(device_info.serial_number) } +            .to_str() +            .map_err(Error::from)?; +        Ok(DeviceInfo { +            model: model_option, +            path: owned_str_from_ptr(device_info.path)?, +            serial_number: get_hidapi_serial_number(serial_number), +        }) +    } +} + +impl fmt::Display for DeviceInfo { +    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { +        match self.model { +            Some(model) => write!(f, "Nitrokey {}", model)?, +            None => write!(f, "Unsupported Nitrokey model")?, +        } +        write!(f, " at {} with ", self.path)?; +        match &self.serial_number { +            Some(ref serial_number) => write!(f, "serial no. {}", serial_number), +            None => write!(f, "an unknown serial number"), +        } +    } +} + +/// Parses a serial number returned by hidapi and transforms it to the Nitrokey format. +/// +/// If the serial number is all zero, this function returns `None`.  Otherwise, all leading zeros +/// (except the last eight characters) are stripped and `Some(_)` is returned.  If the serial +/// number has less than eight characters, leading zeros are added. +fn get_hidapi_serial_number(serial_number: &str) -> Option<String> { +    let mut iter = serial_number.char_indices().skip_while(|(_, c)| *c == '0'); +    let first_non_null = iter.next(); +    if let Some((i, _)) = first_non_null { +        // keep at least the last 8 characters +        let len = serial_number.len(); +        let cut = cmp::min(len.saturating_sub(8), i); +        let (_, suffix) = serial_number.split_at(cut); +        // if necessary, add leading zeros to reach 8 characters +        let fill = 8usize.saturating_sub(len); +        Some("0".repeat(fill) + suffix) +    } else { +        None +    } +} +  /// A firmware version for a Nitrokey device.  #[derive(Clone, Copy, Debug, PartialEq)]  pub struct FirmwareVersion { @@ -428,12 +523,8 @@ pub trait Device<'a>: Authenticate<'a> + GetPasswordSafe<'a> + GenerateOtp + fmt      }  } -fn get_connected_model() -> Option<Model> { -    match unsafe { nitrokey_sys::NK_get_device_model() } { -        nitrokey_sys::NK_device_model_NK_PRO => Some(Model::Pro), -        nitrokey_sys::NK_device_model_NK_STORAGE => Some(Model::Storage), -        _ => None, -    } +fn get_connected_model() -> Result<Model, Error> { +    Model::try_from(unsafe { nitrokey_sys::NK_get_device_model() })  }  pub(crate) fn create_device_wrapper( @@ -449,16 +540,40 @@ pub(crate) fn create_device_wrapper(  pub(crate) fn get_connected_device(      manager: &mut crate::Manager,  ) -> Result<DeviceWrapper<'_>, Error> { -    match get_connected_model() { -        Some(model) => Ok(create_device_wrapper(manager, model)), -        None => Err(CommunicationError::NotConnected.into()), -    } +    Ok(create_device_wrapper(manager, get_connected_model()?))  }  pub(crate) fn connect_enum(model: Model) -> bool { -    let model = match model { -        Model::Storage => nitrokey_sys::NK_device_model_NK_STORAGE, -        Model::Pro => nitrokey_sys::NK_device_model_NK_PRO, -    }; -    unsafe { nitrokey_sys::NK_login_enum(model) == 1 } +    unsafe { nitrokey_sys::NK_login_enum(model.into()) == 1 } +} + +#[cfg(test)] +mod tests { +    use super::get_hidapi_serial_number; + +    #[test] +    fn hidapi_serial_number() { +        assert_eq!(None, get_hidapi_serial_number("")); +        assert_eq!(None, get_hidapi_serial_number("00000000000000000")); +        assert_eq!( +            Some("00001234".to_string()), +            get_hidapi_serial_number("1234") +        ); +        assert_eq!( +            Some("00001234".to_string()), +            get_hidapi_serial_number("00001234") +        ); +        assert_eq!( +            Some("00001234".to_string()), +            get_hidapi_serial_number("000000001234") +        ); +        assert_eq!( +            Some("100000001234".to_string()), +            get_hidapi_serial_number("100000001234") +        ); +        assert_eq!( +            Some("10000001234".to_string()), +            get_hidapi_serial_number("010000001234") +        ); +    }  } diff --git a/src/error.rs b/src/error.rs index 9e6adc0..f9af594 100644 --- a/src/error.rs +++ b/src/error.rs @@ -28,6 +28,8 @@ pub enum Error {      UnexpectedError,      /// An unknown error returned by libnitrokey.      UnknownError(i64), +    /// An error caused by a Nitrokey model that is not supported by this crate. +    UnsupportedModelError,      /// An error occurred when interpreting a UTF-8 string.      Utf8Error(str::Utf8Error),  } @@ -102,6 +104,7 @@ impl error::Error for Error {              Error::RandError(ref err) => Some(err.as_ref()),              Error::UnexpectedError => None,              Error::UnknownError(_) => None, +            Error::UnsupportedModelError => None,              Error::Utf8Error(ref err) => Some(err),          }      } @@ -118,6 +121,7 @@ impl fmt::Display for Error {              Error::RandError(ref err) => write!(f, "RNG error: {}", err),              Error::UnexpectedError => write!(f, "An unexpected error occurred"),              Error::UnknownError(ref err) => write!(f, "Unknown error: {}", err), +            Error::UnsupportedModelError => write!(f, "Unsupported Nitrokey model"),              Error::Utf8Error(ref err) => write!(f, "UTF-8 error: {}", err),          }      } @@ -16,6 +16,10 @@  //! [`connect_model`][], [`connect_pro`][] or [`connect_storage`][] to connect to a specific  //! device.  //! +//! To get a list of all connected Nitrokey devices, use the [`list_devices`][] function.  You can +//! then connect to one of the connected devices using the [`connect_path`][] function of the +//! `Manager` struct. +//!  //! You can call [`authenticate_user`][] or [`authenticate_admin`][] to get an authenticated device  //! that can perform operations that require authentication.  You can use [`device`][] to go back  //! to the unauthenticated device. @@ -86,8 +90,10 @@  //! [`take`]: fn.take.html  //! [`connect`]: struct.Manager.html#method.connect  //! [`connect_model`]: struct.Manager.html#method.connect_model +//! [`connect_path`]: struct.Manager.html#method.connect_path  //! [`connect_pro`]: struct.Manager.html#method.connect_pro  //! [`connect_storage`]: struct.Manager.html#method.connect_storage +//! [`list_devices`]: fn.list_devices.html  //! [`manager`]: trait.Device.html#method.manager  //! [`device`]: struct.User.html#method.device  //! [`get_hotp_code`]: trait.GenerateOtp.html#method.get_hotp_code @@ -109,8 +115,10 @@ mod otp;  mod pws;  mod util; +use std::convert::TryInto as _;  use std::fmt;  use std::marker; +use std::ptr::NonNull;  use std::sync;  use nitrokey_sys; @@ -118,14 +126,16 @@ use nitrokey_sys;  pub use crate::auth::{Admin, Authenticate, User};  pub use crate::config::Config;  pub use crate::device::{ -    Device, DeviceWrapper, Model, Pro, SdCardData, Storage, StorageProductionInfo, StorageStatus, -    VolumeMode, VolumeStatus, +    Device, DeviceInfo, DeviceWrapper, Model, Pro, SdCardData, Storage, StorageProductionInfo, +    StorageStatus, VolumeMode, VolumeStatus,  };  pub use crate::error::{CommandError, CommunicationError, Error, LibraryError};  pub use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData};  pub use crate::pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT};  pub use crate::util::LogLevel; +use crate::util::{get_cstring, get_last_result}; +  /// The default admin PIN for all Nitrokey devices.  pub const DEFAULT_ADMIN_PIN: &str = "12345678";  /// The default user PIN for all Nitrokey devices. @@ -235,6 +245,7 @@ impl Manager {      /// # Errors      ///      /// - [`NotConnected`][] if no Nitrokey device is connected +    /// - [`UnsupportedModelError`][] if the Nitrokey device is not supported by this crate      ///      /// # Example      /// @@ -252,6 +263,7 @@ impl Manager {      /// ```      ///      /// [`NotConnected`]: enum.CommunicationError.html#variant.NotConnected +    /// [`UnsupportedModelError`]: enum.Error.html#variant.UnsupportedModelError      pub fn connect(&mut self) -> Result<DeviceWrapper<'_>, Error> {          if unsafe { nitrokey_sys::NK_login_auto() } == 1 {              device::get_connected_device(self) @@ -290,6 +302,49 @@ impl Manager {          }      } +    /// Connects to a Nitrokey device at the given USB path. +    /// +    /// To get a list of all connected Nitrokey devices, use the [`list_devices`][] function.  The +    /// [`DeviceInfo`][] structs returned by that function contain the USB path in the `path` +    /// field. +    /// +    /// # Errors +    /// +    /// - [`InvalidString`][] if the USB path contains a null byte +    /// - [`NotConnected`][] if no Nitrokey device can be found at the given USB path +    /// - [`UnsupportedModelError`][] if the model of the Nitrokey device at the given USB path is +    ///   not supported by this crate +    /// +    /// # Example +    /// +    /// ``` +    /// use nitrokey::DeviceWrapper; +    /// +    /// fn use_device(device: DeviceWrapper) {} +    /// +    /// let mut manager = nitrokey::take()?; +    /// let devices = nitrokey::list_devices()?; +    /// for device in devices { +    ///     let device = manager.connect_path(device.path)?; +    ///     use_device(device); +    /// } +    /// # Ok::<(), nitrokey::Error>(()) +    /// ``` +    /// +    /// [`list_devices`]: fn.list_devices.html +    /// [`DeviceInfo`]: struct.DeviceInfo.html +    /// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString +    /// [`NotConnected`]: enum.CommunicationError.html#variant.NotConnected +    /// [`UnsupportedModelError`]: enum.Error.html#variant.UnsupportedModelError +    pub fn connect_path<S: Into<Vec<u8>>>(&mut self, path: S) -> Result<DeviceWrapper<'_>, Error> { +        let path = get_cstring(path)?; +        if unsafe { nitrokey_sys::NK_connect_with_path(path.as_ptr()) } == 1 { +            device::get_connected_device(self) +        } else { +            Err(CommunicationError::NotConnected.into()) +        } +    } +      /// Connects to a Nitrokey Pro.      ///      /// # Errors @@ -414,6 +469,71 @@ pub fn force_take() -> Result<sync::MutexGuard<'static, Manager>, Error> {      }  } +/// List all connected Nitrokey devices. +/// +/// This functions returns a vector with [`DeviceInfo`][] structs that contain information about +/// all connected Nitrokey devices.  It will even list unsupported models, although you cannot +/// connect to them.  To connect to a supported model, call the [`connect_path`][] function. +/// +/// # Errors +/// +/// - [`NotConnected`][] if a Nitrokey device has been disconnected during enumeration +/// - [`Utf8Error`][] if the USB path or the serial number returned by libnitrokey are invalid +///   UTF-8 strings +/// +/// # Example +/// +/// ``` +/// let devices = nitrokey::list_devices()?; +/// if devices.is_empty() { +///     println!("No connected Nitrokey devices found."); +/// } else { +///     println!("model\tpath\tserial number"); +///     for device in devices { +///         match device.model { +///             Some(model) => print!("{}", model), +///             None => print!("unsupported"), +///         } +///         print!("\t{}\t", device.path); +///         match device.serial_number { +///             Some(serial_number) => println!("{}", serial_number), +///             None => println!("unknown"), +///         } +///     } +/// } +/// # Ok::<(), nitrokey::Error>(()) +/// ``` +/// +/// [`connect_path`]: struct.Manager.html#fn.connect_path +/// [`DeviceInfo`]: struct.DeviceInfo.html +/// [`NotConnected`]: enum.CommunicationError.html#variant.NotConnected +/// [`Utf8Error`]: enum.Error.html#variant.Utf8Error +pub fn list_devices() -> Result<Vec<DeviceInfo>, Error> { +    let ptr = NonNull::new(unsafe { nitrokey_sys::NK_list_devices() }); +    match ptr { +        Some(mut ptr) => { +            let mut vec: Vec<DeviceInfo> = Vec::new(); +            push_device_info(&mut vec, unsafe { ptr.as_ref() })?; +            unsafe { +                nitrokey_sys::NK_free_device_info(ptr.as_mut()); +            } +            Ok(vec) +        } +        None => get_last_result().map(|_| Vec::new()), +    } +} + +fn push_device_info( +    vec: &mut Vec<DeviceInfo>, +    info: &nitrokey_sys::NK_device_info, +) -> Result<(), Error> { +    vec.push(info.try_into()?); +    if let Some(ptr) = NonNull::new(info.next) { +        push_device_info(vec, unsafe { ptr.as_ref() })?; +    } +    Ok(()) +} +  /// Enables or disables debug output.  Calling this method with `true` is equivalent to setting the  /// log level to `Debug`; calling it with `false` is equivalent to the log level `Error` (see  /// [`set_log_level`][]). diff --git a/tests/device.rs b/tests/device.rs index e367558..509763b 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -8,8 +8,8 @@ use std::process::Command;  use std::{thread, time};  use nitrokey::{ -    Authenticate, CommandError, CommunicationError, Config, ConfigureOtp, Device, Error, -    GenerateOtp, GetPasswordSafe, LibraryError, OtpMode, OtpSlotData, Storage, VolumeMode, +    Authenticate, CommandError, CommunicationError, Config, ConfigureOtp, Device, DeviceInfo, +    Error, GenerateOtp, GetPasswordSafe, LibraryError, OtpMode, OtpSlotData, Storage, VolumeMode,      DEFAULT_ADMIN_PIN, DEFAULT_USER_PIN,  };  use nitrokey_test::test as test_device; @@ -32,6 +32,33 @@ fn count_nitrokey_block_devices() -> usize {  }  #[test_device] +fn list_no_devices() { +    let devices = nitrokey::list_devices(); +    assert_ok!(Vec::<DeviceInfo>::new(), devices); +} + +#[test_device] +fn list_devices(_device: DeviceWrapper) { +    let devices = unwrap_ok!(nitrokey::list_devices()); +    for device in devices { +        assert!(!device.path.is_empty()); +        if let Some(model) = device.model { +            match model { +                nitrokey::Model::Pro => { +                    assert!(device.serial_number.is_some()); +                    let serial_number = device.serial_number.unwrap(); +                    assert!(!serial_number.is_empty()); +                    assert_valid_serial_number(&serial_number); +                } +                nitrokey::Model::Storage => { +                    assert_eq!(None, device.serial_number); +                } +            } +        } +    } +} + +#[test_device]  fn connect_no_device() {      let mut manager = unwrap_ok!(nitrokey::take()); @@ -78,17 +105,65 @@ fn assert_empty_serial_number() {  }  #[test_device] +fn connect_path_no_device() { +    let mut manager = unwrap_ok!(nitrokey::take()); + +    assert_cmu_err!(CommunicationError::NotConnected, manager.connect_path("")); +    assert_cmu_err!( +        CommunicationError::NotConnected, +        manager.connect_path("foobar") +    ); +    // TODO: add realistic path +} + +#[test_device] +fn connect_path(device: DeviceWrapper) { +    let manager = device.into_manager(); + +    assert_cmu_err!(CommunicationError::NotConnected, manager.connect_path("")); +    assert_cmu_err!( +        CommunicationError::NotConnected, +        manager.connect_path("foobar") +    ); +    // TODO: add realistic path + +    let devices = unwrap_ok!(nitrokey::list_devices()); +    assert!(!devices.is_empty()); +    for device in devices { +        let connected_device = unwrap_ok!(manager.connect_path(device.path)); +        assert_eq!(device.model, Some(connected_device.get_model())); +        match device.model.unwrap() { +            nitrokey::Model::Pro => { +                assert!(device.serial_number.is_some()); +                assert_ok!( +                    device.serial_number.unwrap(), +                    connected_device.get_serial_number() +                ); +            } +            nitrokey::Model::Storage => { +                assert_eq!(None, device.serial_number); +            } +        } +    } +} + +#[test_device]  fn disconnect(device: DeviceWrapper) {      drop(device);      assert_empty_serial_number();  } +fn assert_valid_serial_number(serial_number: &str) { +    assert!(serial_number.is_ascii()); +    assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); +} +  #[test_device]  fn get_serial_number(device: DeviceWrapper) {      let serial_number = unwrap_ok!(device.get_serial_number()); -    assert!(serial_number.is_ascii()); -    assert!(serial_number.chars().all(|c| c.is_ascii_hexdigit())); +    assert_valid_serial_number(&serial_number);  } +  #[test_device]  fn get_firmware_version(device: Pro) {      let version = unwrap_ok!(device.get_firmware_version()); | 
