| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
This patch adds the factory_reset_method to the Device trait that uses
the NK_factory_reset function to perform a factory reset. The tests
verify that the user and admin PIN are reset and that the OTP storage
and the password safe are deleted.
|
|
|
|
|
|
| |
This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates.
|
|
|
|
|
|
| |
After a factory reset, the password safe cannot be accessed as its
secret cannot be decrypted. This patch improves the documentation for
GetPasswordSafe::get_password_safe to reflect this behavior.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CommandError::Unknown variant, which is used whenever a reported
error code is not known, makes it close to impossible to determine the
root cause of, say, a one-off error, because all information explaining
what went wrong is discarded.
With this change we adjust the Unknown variant to include the error
report. In addition, we introduce a new CommandError variant, Undefined,
that is used when no error code is available.
|
| |
|
|
|
|
|
|
| |
This patch adds a test case that changes the PIN when calling
unlock_user_pin. The previous test case only unlocked the current user
PIN.
|
|
|
|
|
| |
We switched to rand::thread_rng() which cannot fail. Therefore the
CommandError::RngError is no longer needed and removed in this patch.
|
|
|
|
|
|
|
|
| |
This patch adds the force argument to the set_time method in the
ConfigureOtp trait that allows the user to choose whether jumps to the
past are allowed when updating the time. It is implemented by using the
NK_totp_set_time_soft function. Previously, jumps where unconditionally
allowed.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The Cargo.toml extract in the README does not provide any real value,
but it adds maintenance effort. Therefore it is removed in this patch.
|
|
|
|
|
|
| |
It seems that with newer firmeware, the model string in the lsblk output
is Nitrokey_Storage instead of Nitrokey Storage. Therefore this patch
replaces underscores with spaces to account for both versions.
|
| |
|
|
|
|
|
|
| |
As these three enums are scalar values, this patch derives the Clone and
Copy traits for them. This should avoid unnecessary allocations and
reduce the memory footprint.
|
| |
|
|
|
|
|
| |
This patch adds the function Device::get_model that returns the model of
the connected Nitrokey stick.
|
| |
|
|
|
|
|
|
|
|
| |
This patch updates the rand dependecy to version 0.6. It also replaces
the OsRng, which is guaranteed to use OS/hardware entropy, with the
thread_rng, which is likely to use OS/hardware entropy as a seed. The
choice of RNG and the handling of password should be reviewed at a later
point.
|
|
|
|
|
|
|
| |
Currently, the test-no-device feature is used for tests that expect no
Nitrokey to be connected. Yet test-no-device is equivalent to not
test-pro and not test-storage. Therefore, this patch removes the
test-no-device feature.
|
| |
|
|
|
|
|
|
| |
Newer Rust versions support integration tests in a top-level tests
directory. This patch refactors the existing unit tests into
integration tests.
|
|
|
|
|
|
|
| |
With Rust edition 2018, it is no longer necessary to declare
dependencies in the code using `extern crate`. Therefore, this patch
removes these declarations and replaces them with `use` declarations if
necessary.
|
| |
|
|
|
|
|
|
| |
This patch changes use declarations for modules within this crate to use
the crate:: path qualifier. This will be mandatory in Rust edition
2018.
|
|
|
|
|
| |
This patch changes the type of trait objects from `Trait` to `dyn
Trait`. This fixes bare-trait-object compiler warnings.
|
|
|
|
|
| |
This patch makes hidden life time parameters explicit to fix
elided-lifetime-in-path compiler warnings.
|
| |
|
|
|
|
|
|
|
|
| |
This patch enables the following compiler warnings:
- missing_docs for public symbols without documentation
- rust_2018_compatibility for Rust edition 2018 support
- rust_2018_idioms for Rust edition 2018 support
- unused for different types of unused code
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This patch adds a `get_status` method to the `Storage` structure. The
returned structure `StorageStatus` is based on the structure provided by
libnitrokey.
|
|
|
|
|
|
|
| |
As connect() now returns DeviceWrappers of the correct type, this patch
adds an example to the DeviceWrapper documentation that shows how to use
type conditions, i. e. how to execute a command only for Nitrokey
Storage devices.
|
|
|
|
|
|
| |
This patch fixes the generic connect() method to return a DeviceWrapper
of the correct type. This is enabled by the NK_get_device_model()
method introduced in libnitrokey v3.4.
|
|
|
|
|
|
|
|
| |
Old libnitrokey versions could return pointers to both statically and
dynamically allocated strings for functions that return strings. This
has been fixed in libnitrokey commit 7a8550d (included in v3.4). This
patch removes the old workaround and always frees the return value of
functions returning a string pointer.
|
| |
|
|
|
|
|
| |
Most notably, for command errors, this will print a human-readable error
message instead of just the name of the enum.
|
|
|
|
|
|
| |
The std::fmt::Display implementation provides a human-readable error
message for a CommandError. It is intended to be used in error
messages displayed to the user.
|
|
|
|
|
|
| |
The new get_cstring method in util returns a Result<CString,
CommandError>, so mast callers can just use the ? operator to unwrap the
result instead of cumbersome unwrapping code.
|
|
|
|
|
|
| |
The Result enum is more idiomatic and easier to use than our custom
CommandStatus enum with the same structure. This is especially true for
the try operator ?.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enabled, the password safe can be used without authentication. The
lock device can be used to lock the password safe. Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.
On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume. As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation. Instead, the user
should call this method after making sure that it does not have side
effects.
A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the commands to enable or disable the
encrypted volume on the Nitrokey Storage. To test these commands, the
output of lsblk is parsed for the device model “Nitrokey Storage”. This
is not perfect but seems to be the best solution for automated testing.
As the effect of enabling and disabling volumes is not immediate, a
delay of two seconds is added to the tests before checking lsblk. This
is sufficient on my machine, yet it would be better to have a portable
version of this check.
This patch also adds a lock method to Device that executes the
lock_device command. This command was previously only used to close the
password safe. On the Nitrokey Storage, it also disables the encrypted
and hidden volume.
|
| |
|
|
|
|
|
|
|
|
| |
The current Nitrokey Storage firmware does not support timestamps that
do not fit into an unsigned integer. Therefore, the tests totp_pin and
totp_no_pin are restricted to 32-bit timestamps. New tests totp_pin_64
and totp_no_pin_64 are introduced for 64-bit timestamps. These are
expected to panic for the Nitrokey Storage.
|