| Commit message (Collapse) | Author | Age |
... | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Pro and Storage structs may only be created using the connect
functions. This patch adds a private PhantomData field to the structs
to ensure that the compiler does not allow direct instantiation.
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | | |
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190117000856.slgb6jwkwd3qu6ey%40localhost%3E
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The CommandError::Undefined variant has been refactored into
Error::UnexpectedError and CommunicationError::NotConnected and is
therefore no longer needed.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, we returned a CommandError::Undefined if a connect function
failed. A CommunicationError::NotConnected is a more specific and
better fitting choice.
Once the Try trait has been stabilized, we should return an Option<_>
instead of a Result<_, Error> from the connect functions.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The UnexpectedError variant is used when a libnitrokey function returns
a value that violates the function’s contract, for example if a function
returns a null pointer although it guarantees to never return null.
Previously, we returned a CommandError::Unspecified in these cases.
|
| | | |
| | | |
| | | |
| | | | |
For example, the WrongSlot error may also be returned for a PWS slot.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
AsStr is automatically implementeded if Display is implemented, so
having a manual as_str() method is not necessary.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Communication errors returned by libnitrokey were previously not mapped
to an error type in the nitrokey crate. We introduce the
CommunicationError enum to represent these errors.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
An error code can not only indiciate a command error, but also a library
or device communication error. Therefore, the variant for an unknown
error code should be placed in the top-level Error enum instead of the
CommandError enum.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
We reserve CommandError for errors returned by the Nitrokey device.
Errors during random number generation should have their own type.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With the std feature enabled, rand_core::Error implements
std::error::Error, which we require for the error types wrapped in the
Error enum.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These macros allow easier comparisions using the new error type. This
patch fixes all tests and updates nitrokey-test to 0.2.0 so that it
integrates with the new error structure.
Some tests may still fail until CommunicationError::NotConnected is
actually returned.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch changes all public functions to return the Error enum instead
of the CommandError enum. This breaks the tests which will be fixed
with the next patch.
This patch also adds a placeholder variant Error::CommandError and a
placeholder enum CommandError to make the transition to a new
nitrokey-test version easier.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
The Error enum is a wrapper for the possible error types (currently only
CommandError). Result<T> is defined as Result<T, Error>.
|
| | | | |
|
|/ / /
| | |
| | |
| | | |
This prepares the refactoring of util::CommandError into multiple enums.
|
|\ \ \
| | |/
| |/| |
|
| | | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
The random number generator used for the temporary password produces a
Vec<u8>. The libnitrokey functions using the temporary password require
a pointer to a c_char. Previously, we cast the u8 pointer to the
Vec<u8> to a i8 pointer (unsigned to signed). This leads to a type
mismatch if the char type is not signed. Therefore we now cast to
c_char instead of i8.
|
| |
| |
| |
| | |
The constants can be used for tests or after a factory reset.
|
| | |
|
| |
| |
| |
| |
| |
| | |
The FirmwareVersion struct stores the major and minor firmware version
of a Nitrokey device. We refactor the StorageProductionInfo and
StorageStatus structs to use this new struct.
|
| |
| |
| |
| |
| |
| | |
NK_is_AES_supported is not needed for newer firmware versions of the Pro
and Storage, see this discussion for more information:
https://github.com/Nitrokey/libnitrokey/issues/142
|
|/
|
|
|
|
|
| |
Since commit 65bff57e6139cc126191d4faabbcf74118932dd2, we use the
nitrokey-test crate to select test cases. Previously, we used the
features test-pro and test-storage to select test suites. These
features are now obsolete.
|
| |
|
|
|
|
|
| |
The archlinux build compiles libnitrokey from source. Now we also
verify that we can use the system libnitrokey version.
|
|
|
|
|
| |
If libnitrokey has not been built from a clone of the Git repository,
the Git version string may be empty.
|
|
|
|
|
|
|
|
| |
There seems to be a bug in libnitrokey or the Nitrokey Storage firmware
that causes problems when chaining factory reset and build_AES_keys
without delay (upstream issue [0]).
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
|
|
|
|
|
|
| |
The device::clear_new_sd_card_warning used to perform a factory reset
without building an AES key. This led to errors in tests that assume
that an AES key is present.
|
|
|
|
|
|
|
|
|
|
|
| |
The device::factory_reset test used to first change the PINs and then
access the PWS and the OTP data. If for example the PWS access failed
due to an problem with the AES key, the PINs were not reset.
Now we perform the PWS and OTP access with the old PINs – which is okay
as we do not want to test the PIN change but the factory reset. If
these preparations fail, the tests is cancelled before the PINs are
changed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until the last commit, all empty strings returned by the library were
interepreted as errors. As the PWS functions return empty strings for
unprogrammed slots, the methods to access the PWS data returned an error
when querying a slot that is not programmed. Since the last commit,
they return an empty string instead.
This patch restores the old behavior by returning an error instead of an
empty string. Yet we change the error variant: SlotNotProgrammed
instead of Undefined.
|
|
|
|
|
|
|
|
|
|
|
| |
An empty string returned from a libnitrokey function can either indicate
an error or be a valid return value. Previously, we assumed that it
indicates an error. But instead, we should check the last command
status and use it to decide whether to return the empty string or an
error code.
This breaks the unit tests that assume that empty strings cause errors.
These will be fixed in the next patches.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rand crate comes with a slew of dependencies to cover all sort of
randomness related tasks in various scenarios. However, this crate
really only requires a tiny subset of this functionality. As it turns
out, this core functionality is provided by the rand_os crate.
This change drops the dependency to rand in favor of rand_os. In order
to accomplish that, it brings back the RngError variant for the
CommandError enum to capture the possibility of the creation of the
random number generator failing.
|
|
|
|
|
|
| |
The clear_new_sd_card_warning method calls the libnitrokey
NK_clear_new_sd_card_warning function to reset the corresponding flag in
the Storage status.
|
|
|
|
|
|
|
|
|
|
|
| |
The get_production_info method maps to the NK_get_production_info
function of libnitrokey. The Storage firmware supports two query modes:
with or without a write test. libnitrokey only performs the query
without write test, so the fields that are only set for the write test
are ignored in our implementation. This affects:
- user and admin retry counts
- smart card ID
- SD card size
|
| |
|
| |
|
|
|
|
|
|
|
| |
The export_firmware method writes the firmware of the Nitrokey Storage
to the unencrypted storage. We only test that the command succeeds as
mounting the unencrypted storage and accessing the file is out of scope
for the tests.
|
|
|
|
|
|
|
|
|
|
| |
We do not support old firmware versions on the Nitrokey Storage, so we
document that these outdated functions are not supported:
- NK_set_unencrypted_volume_rorw_pin_type_user
- NK_set_unencrypted_read_only
- NK_set_unencrypted_read_write
- NK_set_encrypted_read_only
- NK_set_encrypted_read_write
|
|
|
|
|
|
|
|
|
|
| |
The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage. Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.
Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
|
|
|
|
|
|
| |
The VolumeMode enum will be used when setting the access mode for the
unencrypted volume. It can also be used when refactoring the
VolumeStatus enum in a future release.
|
|
|
|
|
|
| |
The update PIN is only used in the Storage tests, so it is moved from
the common tests/util module to the tests/device module. This fixes
compiler warnings when compiling the other test modules.
|
| |
|
| |
|
|
|
|
|
|
| |
This patch adds the wink method to the Storage struct that lets the
Nitrokey device blink until reconnected. We do not test this method as
it does not change the state that we can observe.
|