|  | Commit message (Collapse) | Author | Age | 
|---|
| | 
| 
| 
| 
| 
| 
| | In the last patch, we added the get_status function to the Device trait.
This patch renames the Storage::get_status function to
get_storage_status to resolve the name clash – though allowed by the
compiler, it is rather confusing for the end user. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This patch adds support for the GET_STATUS command that returns the
status information common to all Nitrokey devices.  It can be accessed
using the Device::get_status function and is stored in a Status struct.
Due to a bug in the Storage firmware [0], the GET_STATUS command returns
wrong firmware versions and serial numbers.  Until this is fixed in
libnitrokey [1], we have to manually execute the GET_DEVICE_STATUS
command to fix these values for the Nitrokey Storage.
Also, this leads to a name clash with the existing Storage::get_status
function, which will be renamed in an upcoming patch.
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/96
[1] https://github.com/Nitrokey/libnitrokey/issues/166 | 
| |\  
| | 
| | 
| | 
| | 
| | | This patch series adds the list_devices function that returns a list of
available Nitrokey devices and the Manager::connect_path function that
connects to one of the available devices. | 
| | | 
| | 
| | 
| | 
| | 
| | | This patch adds the connect_path function to the Manager struct that
uses NK_connect_with_path to connect to a Nitrokey device at a given USB
path. | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | | This patch adds support for libnitrokey’s NK_list_devices function by
introducing the top-level list_devices function.  It returns a vector of
DeviceInfo structs with information about all connected Nitrokey
devices. | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | In the next patch, we will add support for the NK_list_devices functions
that returns a list of NK_device_info structs with information about the
connected devices.  This patch introduces the DeviceInfo struct that
holds the information returned by NK_list_devices and that can be
created from a NK_device_info struct. | 
| | | 
| | 
| | 
| | 
| | 
| | | A nitrokey_sys::NK_device_model (= u32) value may correspond to a
nitrokey::Model, and vice versa.  This patch adds the appropriate From
and TryFrom implementations. | 
| |/  
|   
|   
|   
|   
| | This patch adds the UnsupportedModelError variant to the Error enum:
When parsing the model returned by libnitrokey, we should provide a
meaningful error message for unknown values. | 
| | 
| 
| 
| 
| 
| 
| | After some more research, I decided not to implement some of the methods
provided by libnitrokey.  This patch adds them to the list of
unsupported functions in the readme, and removes them from the list of
unimplemented functions in the todo list. | 
| |\ |  | 
| |/  
|   
|   
|   
|   
|   
|   
|   
| | This version contains these major changes:
- Refactoring of the error handling.
- Using mutability to represent changes to the device status.
- Updating the nitrokey-sys/libnitrokey dependency to version 3.5.
- Refactoring the connection management and introducing the Manager
  struct. | 
| | 
| 
| 
| 
| | To fix a compiler warning, we use the dyn keyword for trait arguments in
the otp.rs instead of using the trait directly. | 
| | 
| 
| 
| 
| | This patch updates the readme regarding the support by Nitrokey UG and
fixes an editing error in the test section. | 
| | 
| 
| 
| 
| 
| | Since Rust 1.34.0, we no longer need a `fn main` comment in doc tests
that return results.  It is sufficient to have an `Ok` return value with
type annotations. | 
| | 
| 
| 
| 
| 
| | Previously, the RawConfig struct had a try_from function.  As the
TryFrom trait has been stabilized with Rust 1.34.0, we can use it
instead. | 
| | 
| 
| 
| 
| | rand_os::OsRng has been deprecated.  Instead we can use rand_core with
the getrandom feature. | 
| | 
| 
| 
| 
| | This patch adds a new archlinux-msrv build that compiles the code and
the tests on the Minimum Supported Rust Version. | 
| | 
| 
| 
| 
| 
| | The version 1.34.2 is picked arbitrarily as it is the Rust version in
Debian buster and nitrocli is known to work with it.  Earlier versions
might work too, but they might break with any future release. | 
| | 
| 
| 
| 
| | This patch adds a verify task to the lint build that checks the OpenPGP
signature of the last commit. | 
| | 
| 
| 
| 
| | Previously, we used pip to manually install the fsfe-reuse package.  Now
we can use the new AUR package reuse. | 
| | 
| 
| 
| 
| 
| 
| | The Rust package for Arch includes rustfmt and clippy, so we don’t have
to use rustup for it.  To make the builds simpler and faster, we move
the format and clippy tasks to the archlinux-*.yml build that already
has Rust installed. | 
| | |  | 
| | 
| 
| 
| 
| 
| | To comply with the new version 3.0 of the REUSE specification, we have
to add a copyright header to the .gitignore file and move the LICENSE
file to LICENSES/MIT.txt. | 
| |\ |  | 
| | | |  | 
| | | 
| | 
| | 
| | 
| | 
| | | Due to a change in the CI infrastructure, we have to change the source
URL for the CI scripts in .builds.  Also, we can remove the triggers as
they are automatically inferred by the build submit script. | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | Previously, we required nitrokey-sys version 3.4, which allows the
upgrade to nitrokey-sys 3.5.  Unfortunately, libnitrokey version 3.5,
which is packaged as nitrokey-sys 3.5, introduced breaking changes,
breaking the semantic versioning guarantees and causing compilation
errors if this version is selected.
This patch changes the version specification from 3.4 to ~3.4, i. e. >=
3.4.0, < 3.5.0, to make sure that nitrokey-rs can be compiled without
errors. | 
| | |\ |  | 
| | | | 
| | | 
| | | 
| | | 
| | | 
| | | | This patch splits the rather large device module into the submodules
pro, storage and wrapper.  This only changes the internal code structure
and does not affect the public API. | 
| | | | 
| | | 
| | | 
| | | 
| | | 
| | | 
| | | | This patch updates the rand_core dependency to version 0.5 and the
rand_os dependency to version 0.2.  This causes a change in util.rs:
Instead of constructing an OsRng instance using OsRng::new(), we can
directly instantiate the (now empty) struct. | 
| | | | |  | 
| | | | 
| | | 
| | | 
| | | 
| | | 
| | | | Previously, we were using a development version of nitrokey-test that
was compatible with nitrokey 0.4.  This patch updates nitrokey-test to
version 0.3, which includes the required changes. | 
| |\ \ \ |  | 
| | | | | |  | 
| | | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | | Due to a timing issue, some calls to the build_aes_key function may fail
after a factory reset.  As a workaround for this firmware bug, we check
the user retry count before building the aes key in the factory_reset
test.  For details, see the upstream issue:
	https://github.com/Nitrokey/nitrokey-pro-firmware/issues/57 | 
| | | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | | To avoid a ConcurrentAccessError, we have to use the
Device::into_manager function instead of calling take to obtain a
Manager instance. | 
| | | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | | This patch updates the nitrokey-test dependency to a new development
version that uses force_take instead of take to get a Manager instance.
If a test fails, the thread panics, leading to a poisoned cache – yet
this should not affect the other test cases.  Therefore we want to
ignore the poisoned caches. | 
| | | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | | The take and take_blocking functions return a PoisonError if the cache
is poisoned, i. e. if a thread panicked while holding the manager.  This
is a sensible default behaviour, but for example during testing, one
might want to ignore the poisoned cache.  This patch adds the force_take
function that unwraps the PoisonError and returns the cached Manager
even if the cache was poisoned. | 
| | | | | 
| | | | 
| | | | 
| | | | 
| | | | 
| | | | | During the connection manager refactoring, we temporarily used
deprecated methods.  This is no longer the case, so we can remove the
allow(deprecated) attribute. | 
| |\ \ \ \  
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | Refactor the connection management to prevent multiple device
connections at the same time.
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | This patch updates the documentation to reflect the latest changes to
connection handling.  It also updates the doc tests to prefer the new
methods over the old ones. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | The previous patches refactored the connection handling to use the
Manager struct.  This patch changes the tests to use the new Manager
methods instead of the deprecated functions. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | To test the changes to connection handling, we temporarily use the
development version of nitrokey-test. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait.  To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device). | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | In the last patches, we ensured that devices can only be obtained using
the Manager struct.  But we did not ensure that there is only one device
at a time.  This patch adds a mutable reference to the Manager instance
to the Device implementations.  The borrow checker makes sure that there
is only one mutable reference at a time.
In this patch, we have to remove the old connect, Pro::connect and
Storage::connect functions as they do no longer compile.  (They discard
the MutexGuard which invalidates the reference to the Manager.)
Therefore the tests do no longer compile. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct.  To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct.  As the connect_model
function is not used by nitrokey-test, it is removed. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | As part of the connection refactoring, we replace the connect function
with the Manager::connect method.  To maintain compatibility with
nitrokey-test, the connect function is not removed but marked as
deprecated. | 
| | | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | 
| | | | | | As part of the connection refactoring, we introduce the Manager struct
that deals with connection management.  To make sure there can be only
once instance of the manager, we add a global static Mutex that holds
the single Manager instance.  We use the struct to ensure that the user
can only connect to one device at a time.
This also changes the Error::PoisonError variant to store the
sync::PoisonError.  This allows the user to call into_inner on the
PoisonError to retrieve the MutexGuard and to ignore the error (for
example useful during testing). | 
| |/ / / /  
| | | |   
| | | |   
| | | |   
| | | |   
| | | |   
| | | |   
| | | |   
| | | | | This patch prepares the refactoring of the connection methods by
introducing the Error variants ConcurrentAccessError and PoisonError.
ConcurrentAccessError indicates that the user tried to connect to
obtain a token that is currently locked, and PoisonError indicates that
a lock has been poisoned, i. e. a thread panicked while accessing using
a token. |