| Commit message (Collapse) | Author | Age |
... | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Due to a timing issue, some calls to the build_aes_key function may fail
after a factory reset. As a workaround for this firmware bug, we check
the user retry count before building the aes key in the factory_reset
test. For details, see the upstream issue:
https://github.com/Nitrokey/nitrokey-pro-firmware/issues/57
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To avoid a ConcurrentAccessError, we have to use the
Device::into_manager function instead of calling take to obtain a
Manager instance.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch updates the nitrokey-test dependency to a new development
version that uses force_take instead of take to get a Manager instance.
If a test fails, the thread panics, leading to a poisoned cache – yet
this should not affect the other test cases. Therefore we want to
ignore the poisoned caches.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The take and take_blocking functions return a PoisonError if the cache
is poisoned, i. e. if a thread panicked while holding the manager. This
is a sensible default behaviour, but for example during testing, one
might want to ignore the poisoned cache. This patch adds the force_take
function that unwraps the PoisonError and returns the cached Manager
even if the cache was poisoned.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
During the connection manager refactoring, we temporarily used
deprecated methods. This is no longer the case, so we can remove the
allow(deprecated) attribute.
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Refactor the connection management to prevent multiple device
connections at the same time.
RFC: https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch updates the documentation to reflect the latest changes to
connection handling. It also updates the doc tests to prefer the new
methods over the old ones.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The previous patches refactored the connection handling to use the
Manager struct. This patch changes the tests to use the new Manager
methods instead of the deprecated functions.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To test the changes to connection handling, we temporarily use the
development version of nitrokey-test.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In the last patches, we ensured that devices can only be obtained using
the Manager struct. But we did not ensure that there is only one device
at a time. This patch adds a mutable reference to the Manager instance
to the Device implementations. The borrow checker makes sure that there
is only one mutable reference at a time.
In this patch, we have to remove the old connect, Pro::connect and
Storage::connect functions as they do no longer compile. (They discard
the MutexGuard which invalidates the reference to the Manager.)
Therefore the tests do no longer compile.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct. To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct. As the connect_model
function is not used by nitrokey-test, it is removed.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of the connection refactoring, we replace the connect function
with the Manager::connect method. To maintain compatibility with
nitrokey-test, the connect function is not removed but marked as
deprecated.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As part of the connection refactoring, we introduce the Manager struct
that deals with connection management. To make sure there can be only
once instance of the manager, we add a global static Mutex that holds
the single Manager instance. We use the struct to ensure that the user
can only connect to one device at a time.
This also changes the Error::PoisonError variant to store the
sync::PoisonError. This allows the user to call into_inner on the
PoisonError to retrieve the MutexGuard and to ignore the error (for
example useful during testing).
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch prepares the refactoring of the connection methods by
introducing the Error variants ConcurrentAccessError and PoisonError.
ConcurrentAccessError indicates that the user tried to connect to
obtain a token that is currently locked, and PoisonError indicates that
a lock has been poisoned, i. e. a thread panicked while accessing using
a token.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch updates the list of unsupported functions in the README and
the TODO and the list of functions changed in the libnitrokey 3.5
release:
- List all `*_as_string` functions as unsupported.
- List deprecated functions as unsupported.
- List `NK_read_HOTP_slot` as unsupported until an equivalent function
for TOTP exists.
- Ignore the changes to `NK_get_progress_bar_value` as the function is
not yet used by `nitrokey-rs`.
- Add the new functions from version 3.5 to the list of missing
functions.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The new 0.2.1 version of nitrokey-test requires an additional crate,
nitrokey-test-state. This patch updates the nitrokey-test version and
adds the nitrokey-test-state dependency in version 0.1.0. See this
thread [0] for more information.
[0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3Ce3e908e5-3f66-7072-9603-8a4de5ac614b%40posteo.net%3E
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As the return type of the NK_get_{major,minor}_firmware_version methods
changed with libnitrokey 3.5, we also have to adapt our
get_firmware_version function in device.rs.
This patch also updates the changelog and the todo list with the changes
caused by the new libnitrokey version.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Firstly, the libnitrokey API contains breaking changes between minor
versions. Therefore we have to fix the nitrokey-sys version using a
tilde requirement ("~3.4" means ">= 3.4.0, < 3.5.0").
Secondly, nitrokey-test’s 0.2.1 release requires some changes that are
not yet implemented in this crate, so we have to pin its version to
0.2.0.
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The tests with the 0.4.0-alpha.1 version showed that the approach using
mutable references to the Device in User, Admin and PasswordSafe causes
problems in nitrocli, see [0]. Therefore, these changes are reverted.
[0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E
* revert:
Revert "Store mutable reference to Device in PasswordSafe"
Revert "Refactor User and Admin to use a mutable reference"
|
| | | |
| | | |
| | | |
| | | | |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
| |/ /
| | |
| | |
| | | |
This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
|
| | |
| | |
| | |
| | |
| | |
| | | |
In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN
constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD
constants in the util module for the tests.
|
| | | |
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
RFC:
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20190126174327.tbuyk2s535kfiqm4%40localhost%3E
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C43cc304d-23e8-7f95-2167-ce3f0530b81e%40posteo.net%3E
* mutable-references:
Store mutable reference to Device in PasswordSafe
Refactor User and Admin to use a mutable reference
Require mutable reference if method changes device state
Add device_mut method to DeviceWrapper
Implement DerefMut for User and Admin
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To prepare the mutability refactoring, we add a device_mut method to
DeviceWrapper that can be used to obtain a mutable reference to the
wrapped device.
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
As we want to change some methods to take a mutable reference to a
Device, we implement DerefMut for User<T> and Admin<T> so that users can
obtain a mutable reference to the wrapped device.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or
do not want to). For these cases, this patch adds the new assert_any_ok
macro to use instead of assert!(x.is_ok()). The advantage is that the
error information is not discarded but printed in a helpful error
message.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The unwrap error message is not very useful. This patch adds the
unwrap_ok macro that is basically the same as unwrap but prints a more
readable error message.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
After a factory reset or after building the AES key, the password safe
contains garbage data. This will most likely not be valid UTF-8.
Therefore we change the tests to also accept an UTF-8 error in these
cases.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
To avoid unnecessary function calls, we replace the or with an or_else
in get_cstring.
|
| | |
| | |
| | |
| | |
| | | |
The DEFAULT_{ADMIN,USER}_PIN constants implicitly have static lifetime.
Therefore we can remove the static lifetime modifiers.
|
| | |
| | |
| | |
| | |
| | | |
For consistency with the other Error variants, we rename Unknown to
UnknownError.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Many of our functions do not return a Result<_, Error>, but for example
a Result<_, (Device, Error)>. We only use the typedef in one function,
but it makes the other functions more complicated as we have to use
result::Result (if crate::Result is imported). Therefore, this patch
removes the typedef. Applications or libraries can still redefine it if
they want to.
|
| | |
| | |
| | |
| | |
| | |
| | | |
I changed the build setup so that the trigger is determined by the
branch being pushed to. Therefore the triggers in the build scripts are
no longer needed and removed in this patch.
|