diff options
Diffstat (limited to 'src/device.rs')
| -rw-r--r-- | src/device.rs | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/src/device.rs b/src/device.rs index d6b9780..f901306 100644 --- a/src/device.rs +++ b/src/device.rs @@ -408,6 +408,30 @@ pub trait Device: Authenticate + GetPasswordSafe + GenerateOtp { )) } } + + /// Locks the Nitrokey device. + /// + /// This disables the password store if it has been unlocked. On the Nitrokey Storage, this + /// also disables the volumes if they have been enabled. + /// + /// # Example + /// + /// ```no_run + /// use nitrokey::{CommandStatus, Device}; + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::connect()?; + /// match device.lock() { + /// CommandStatus::Success => println!("Locked the Nitrokey device."), + /// CommandStatus::Error(err) => println!("Could not lock the Nitrokey device: {:?}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + fn lock(&self) -> CommandStatus { + unsafe { CommandStatus::from(nitrokey_sys::NK_lock_device()) } + } } /// Connects to a Nitrokey device. This method can be used to connect to any connected device, @@ -509,6 +533,81 @@ impl Storage { false => Err(CommandError::Unknown), } } + + /// Enables the encrypted storage volume. + /// + /// Once the encrypted volume is enabled, it is presented to the operating system as a block + /// device. The API does not provide any information on the name or path of this block device. + /// + /// # Errors + /// + /// - [`InvalidString`][] if the provided password contains a null byte + /// - [`WrongPassword`][] if the provided user password is wrong + /// + /// # Example + /// + /// ```no_run + /// use nitrokey::{CommandStatus}; + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.enable_encrypted_volume("123456") { + /// CommandStatus::Success => println!("Enabled the encrypted volume."), + /// CommandStatus::Error(err) => println!("Could not enable the encrypted volume: {:?}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + /// + /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString + /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword + pub fn enable_encrypted_volume(&self, user_pin: &str) -> CommandStatus { + let user_pin = CString::new(user_pin); + if user_pin.is_err() { + return CommandStatus::Error(CommandError::InvalidString); + } + let user_pin = user_pin.unwrap(); + unsafe { CommandStatus::from(nitrokey_sys::NK_unlock_encrypted_volume(user_pin.as_ptr())) } + } + + /// Disables the encrypted storage volume. + /// + /// Once the volume is disabled, it can be no longer accessed as a block device. If the + /// encrypted volume has not been enabled, this method still returns a success. + /// + /// # Example + /// + /// ```no_run + /// use nitrokey::{CommandStatus}; + /// # use nitrokey::CommandError; + /// + /// fn use_volume() {} + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.enable_encrypted_volume("123456") { + /// CommandStatus::Success => { + /// println!("Enabled the encrypted volume."); + /// use_volume(); + /// match device.disable_encrypted_volume() { + /// CommandStatus::Success => println!("Disabled the encrypted volume."), + /// CommandStatus::Err(err) => { + /// println!("Could not disable the encrypted volume: {:?}", err); + /// }, + /// }; + /// }, + /// CommandStatus::Error(err) => println!("Could not enable the encrypted volume: {:?}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + /// + /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString + /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword + pub fn disable_encrypted_volume(&self) -> CommandStatus { + unsafe { CommandStatus::from(nitrokey_sys::NK_lock_encrypted_volume()) } + } } impl Drop for Storage { |