| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
This patch splits the rather large device module into the submodules
pro, storage and wrapper. This only changes the internal code structure
and does not affect the public API.
|
| |
|
|
|
|
|
| |
This patch updates the rand_core dependency to version 0.5 and the
rand_os dependency to version 0.2. This causes a change in util.rs:
Instead of constructing an OsRng instance using OsRng::new(), we can
directly instantiate the (now empty) struct.
|
| | |
|
| |
|
|
|
|
| |
Previously, we were using a development version of nitrokey-test that
was compatible with nitrokey 0.4. This patch updates nitrokey-test to
version 0.3, which includes the required changes.
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Due to a timing issue, some calls to the build_aes_key function may fail
after a factory reset. As a workaround for this firmware bug, we check
the user retry count before building the aes key in the factory_reset
test. For details, see the upstream issue:
https://github.com/Nitrokey/nitrokey-pro-firmware/issues/57
|
| | |
| |
| |
| |
| |
| | |
To avoid a ConcurrentAccessError, we have to use the
Device::into_manager function instead of calling take to obtain a
Manager instance.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This patch updates the nitrokey-test dependency to a new development
version that uses force_take instead of take to get a Manager instance.
If a test fails, the thread panics, leading to a poisoned cache – yet
this should not affect the other test cases. Therefore we want to
ignore the poisoned caches.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The take and take_blocking functions return a PoisonError if the cache
is poisoned, i. e. if a thread panicked while holding the manager. This
is a sensible default behaviour, but for example during testing, one
might want to ignore the poisoned cache. This patch adds the force_take
function that unwraps the PoisonError and returns the cached Manager
even if the cache was poisoned.
|
| | |
| |
| |
| |
| |
| | |
During the connection manager refactoring, we temporarily used
deprecated methods. This is no longer the case, so we can remove the
allow(deprecated) attribute.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Refactor the connection management to prevent multiple device
connections at the same time.
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This patch updates the documentation to reflect the latest changes to
connection handling. It also updates the doc tests to prefer the new
methods over the old ones.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The previous patches refactored the connection handling to use the
Manager struct. This patch changes the tests to use the new Manager
methods instead of the deprecated functions.
|
| | | |
| | |
| | |
| | |
| | | |
To test the changes to connection handling, we temporarily use the
development version of nitrokey-test.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the last patches, we ensured that devices can only be obtained using
the Manager struct. But we did not ensure that there is only one device
at a time. This patch adds a mutable reference to the Manager instance
to the Device implementations. The borrow checker makes sure that there
is only one mutable reference at a time.
In this patch, we have to remove the old connect, Pro::connect and
Storage::connect functions as they do no longer compile. (They discard
the MutexGuard which invalidates the reference to the Manager.)
Therefore the tests do no longer compile.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct. To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct. As the connect_model
function is not used by nitrokey-test, it is removed.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
As part of the connection refactoring, we replace the connect function
with the Manager::connect method. To maintain compatibility with
nitrokey-test, the connect function is not removed but marked as
deprecated.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As part of the connection refactoring, we introduce the Manager struct
that deals with connection management. To make sure there can be only
once instance of the manager, we add a global static Mutex that holds
the single Manager instance. We use the struct to ensure that the user
can only connect to one device at a time.
This also changes the Error::PoisonError variant to store the
sync::PoisonError. This allows the user to call into_inner on the
PoisonError to retrieve the MutexGuard and to ignore the error (for
example useful during testing).
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This patch prepares the refactoring of the connection methods by
introducing the Error variants ConcurrentAccessError and PoisonError.
ConcurrentAccessError indicates that the user tried to connect to
obtain a token that is currently locked, and PoisonError indicates that
a lock has been poisoned, i. e. a thread panicked while accessing using
a token.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch updates the list of unsupported functions in the README and
the TODO and the list of functions changed in the libnitrokey 3.5
release:
- List all `*_as_string` functions as unsupported.
- List deprecated functions as unsupported.
- List `NK_read_HOTP_slot` as unsupported until an equivalent function
for TOTP exists.
- Ignore the changes to `NK_get_progress_bar_value` as the function is
not yet used by `nitrokey-rs`.
- Add the new functions from version 3.5 to the list of missing
functions.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The new 0.2.1 version of nitrokey-test requires an additional crate,
nitrokey-test-state. This patch updates the nitrokey-test version and
adds the nitrokey-test-state dependency in version 0.1.0. See this
thread [0] for more information.
[0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3Ce3e908e5-3f66-7072-9603-8a4de5ac614b%40posteo.net%3E
|
| |/
|
|
|
|
|
|
|
| |
As the return type of the NK_get_{major,minor}_firmware_version methods
changed with libnitrokey 3.5, we also have to adapt our
get_firmware_version function in device.rs.
This patch also updates the changelog and the todo list with the changes
caused by the new libnitrokey version.
|
| |
|
|
|
|
|
|
|
|
| |
Firstly, the libnitrokey API contains breaking changes between minor
versions. Therefore we have to fix the nitrokey-sys version using a
tilde requirement ("~3.4" means ">= 3.4.0, < 3.5.0").
Secondly, nitrokey-test’s 0.2.1 release requires some changes that are
not yet implemented in this crate, so we have to pin its version to
0.2.0.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tests with the 0.4.0-alpha.1 version showed that the approach using
mutable references to the Device in User, Admin and PasswordSafe causes
problems in nitrocli, see [0]. Therefore, these changes are reverted.
[0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E
* revert:
Revert "Store mutable reference to Device in PasswordSafe"
Revert "Refactor User and Admin to use a mutable reference"
|
| | |
| |
| |
| | |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
| |/
|
|
| |
This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
|
| |
|
|
|
|
| |
In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN
constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD
constants in the util module for the tests.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RFC:
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E
* mutable-references:
Store mutable reference to Device in PasswordSafe
Refactor User and Admin to use a mutable reference
Require mutable reference if method changes device state
Add device_mut method to DeviceWrapper
Implement DerefMut for User and Admin
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
| | |
| |
| |
| |
| |
| | |
To prepare the mutability refactoring, we add a device_mut method to
DeviceWrapper that can be used to obtain a mutable reference to the
wrapped device.
|
| |/
|
|
|
|
| |
As we want to change some methods to take a mutable reference to a
Device, we implement DerefMut for User<T> and Admin<T> so that users can
obtain a mutable reference to the wrapped device.
|
| |
|
|
|
|
|
|
|
|
| |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or
do not want to). For these cases, this patch adds the new assert_any_ok
macro to use instead of assert!(x.is_ok()). The advantage is that the
error information is not discarded but printed in a helpful error
message.
|
| |
|
|
|
|
| |
The unwrap error message is not very useful. This patch adds the
unwrap_ok macro that is basically the same as unwrap but prints a more
readable error message.
|
| |
|
|
|
|
|
| |
After a factory reset or after building the AES key, the password safe
contains garbage data. This will most likely not be valid UTF-8.
Therefore we change the tests to also accept an UTF-8 error in these
cases.
|
| |
|
|
|
|
|
|
| |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
| |
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
| | |
|
