| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
RFC:
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E
* mutable-references:
Store mutable reference to Device in PasswordSafe
Refactor User and Admin to use a mutable reference
Require mutable reference if method changes device state
Add device_mut method to DeviceWrapper
Implement DerefMut for User and Admin
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
| |
| |
| |
| |
| |
| | |
To prepare the mutability refactoring, we add a device_mut method to
DeviceWrapper that can be used to obtain a mutable reference to the
wrapped device.
|
|/
|
|
|
|
| |
As we want to change some methods to take a mutable reference to a
Device, we implement DerefMut for User<T> and Admin<T> so that users can
obtain a mutable reference to the wrapped device.
|
|
|
|
|
|
|
|
|
|
| |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or
do not want to). For these cases, this patch adds the new assert_any_ok
macro to use instead of assert!(x.is_ok()). The advantage is that the
error information is not discarded but printed in a helpful error
message.
|
|
|
|
|
|
| |
The unwrap error message is not very useful. This patch adds the
unwrap_ok macro that is basically the same as unwrap but prints a more
readable error message.
|
|
|
|
|
|
|
| |
After a factory reset or after building the AES key, the password safe
contains garbage data. This will most likely not be valid UTF-8.
Therefore we change the tests to also accept an UTF-8 error in these
cases.
|
|
|
|
|
|
|
|
| |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
|
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
To avoid unnecessary function calls, we replace the or with an or_else
in get_cstring.
|
|
|
|
|
| |
The DEFAULT_{ADMIN,USER}_PIN constants implicitly have static lifetime.
Therefore we can remove the static lifetime modifiers.
|
|
|
|
|
| |
For consistency with the other Error variants, we rename Unknown to
UnknownError.
|
|
|
|
|
|
|
|
|
| |
Many of our functions do not return a Result<_, Error>, but for example
a Result<_, (Device, Error)>. We only use the typedef in one function,
but it makes the other functions more complicated as we have to use
result::Result (if crate::Result is imported). Therefore, this patch
removes the typedef. Applications or libraries can still redefine it if
they want to.
|
|
|
|
|
|
| |
I changed the build setup so that the trigger is determined by the
branch being pushed to. Therefore the triggers in the build scripts are
no longer needed and removed in this patch.
|
|
|
|
|
|
| |
The TOTP test with the timestamp 59 often fails as the Nitrokey’s clock
ticks between setting the time and generating the TOTP code. This patch
also allows the TOTP code for timestamp 60 for this test case.
|
|
|
|
|
|
|
| |
rand_core does not have a stable release yet, and it is unlikely that
there will be one soon. To be able to stabilize nitrokey without
waiting for a stable rand_core version, we remove the rand_core::Error
type from the public API and replace it with a Box<dyn error::Error>.
|
|
|
|
|
| |
The reuse linter verifies that nitrokey-rs complies with the REUSE
specification 2.0.
|
|
|
|
|
|
| |
While we want to test the code on multiple platforms and with different
configurations, it is sufficient to execute the linting once. Therefore
we move the formatting checks into a new lint build.
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
| |
|
|
|
|
|
|
| |
Not all users of the authenticate methods want to use the device after
an error, so implementing From<(T: Device, Error)> for Error makes it
easier for them to discard the device.
|
|
|
|
|
|
|
| |
Previously, we used lossy UTF-8 conversion. Yet the user should be
notified if we have a problem instead of silently changing the data.
Therefore, we now return an error if we enocunter an invalid UTF-8
string. This leads to a change in `get_library_version`’s signature.
|
|
|
|
|
| |
Previously, we just ignored UTF-8 errors. This patch prepares the
Utf8Error variant so that we are able to return UTF-8 errors.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This includes:
- using idiomatic Rust
- limiting the scope of unsafe blocks
- simplifying code
|
|
|
|
|
|
| |
To reduce the number of casts, we introduce the temp_password_ptr method
that casts the pointer received from the Vec<u8> to a c_char pointer
that can be handled by libnitrokey.
|
|
|
|
|
|
| |
Numeric casting might truncate an integer, while into() is only
implemented for numeric types if the cast is possible without
truncation.
|
|
|
|
|
|
| |
The Pro and Storage structs may only be created using the connect
functions. This patch adds a private PhantomData field to the structs
to ensure that the compiler does not allow direct instantiation.
|
| |
|
|\
| |
| |
| | |
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190117000856.slgb6jwkwd3qu6ey%40localhost%3E
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
| |
| |
| |
| |
| |
| | |
The CommandError::Undefined variant has been refactored into
Error::UnexpectedError and CommunicationError::NotConnected and is
therefore no longer needed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we returned a CommandError::Undefined if a connect function
failed. A CommunicationError::NotConnected is a more specific and
better fitting choice.
Once the Try trait has been stabilized, we should return an Option<_>
instead of a Result<_, Error> from the connect functions.
|
| |
| |
| |
| |
| |
| |
| | |
The UnexpectedError variant is used when a libnitrokey function returns
a value that violates the function’s contract, for example if a function
returns a null pointer although it guarantees to never return null.
Previously, we returned a CommandError::Unspecified in these cases.
|
| |
| |
| |
| | |
For example, the WrongSlot error may also be returned for a PWS slot.
|
| |
| |
| |
| |
| | |
AsStr is automatically implementeded if Display is implemented, so
having a manual as_str() method is not necessary.
|
| |
| |
| |
| |
| |
| | |
Communication errors returned by libnitrokey were previously not mapped
to an error type in the nitrokey crate. We introduce the
CommunicationError enum to represent these errors.
|
| |
| |
| |
| |
| |
| | |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|