|  | Commit message (Collapse) | Author | Age | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This change is the first in a series to migrate the existing tests to
using the nitrokey-test crate. The crate provides a couple of benefits
over the existing way testing works:
- test execution is automatically serialized (i.e., no more need for
  --test-threads)
- available devices are detected at runtime (i.e., no more need for
  --features test-pro)
- tests capable of running only on a specific device are automatically
  skipped if this device is not present
In addition to that, the crate also offers selection of particular
groups of tests by virtue of the NITROKEY_TEST_GROUP environment
variable. If set (valid values are "nodev", "pro", and "storage") only
tests of the particular group are run (those tests will fail if a
required precondition is not met, i.e., if a device is present but
"nodev" is set, or if the "pro" group is run but no device or a storage
device is present).
Unfortunately, it has some limitations as well. Most importantly Rust
does not allow us to indicate whether a test has been skipped or not.
While it has #[ignore] support, that strictly is a compile-time feature
and, hence, not usable.
This patch in particular pulls in the nitrokey-test crate and adjusts
the existing device tests to make use of it. | 
| | |  | 
| | 
| 
| 
| 
| 
| | Contrary to my previous beliefs, build_aes_key has to be called even
after a factory reset using the Nitrokey API.  This patch updates the
documentation and the unit tests based on this insight. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | This patch adds the enable_firmware_update method to the Storage struct
that uses NK_enable_firmware_update to put the Nitrokey Storage into
update mode.  This method is not tested as external tooling is required
to resume normal operation and as it is hard to bail out if an error
occurs. | 
| | 
| 
| 
| 
| 
| 
| 
| | This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device.  This
effectively resets the password safe and the encrypted storage.  It is
unclear whether other data (e. g. the one-time passwords) are affected
too. | 
| | 
| 
| 
| 
| 
| 
| | This patch adds the factory_reset_method to the Device trait that uses
the NK_factory_reset function to perform a factory reset.  The tests
verify that the user and admin PIN are reset and that the OTP storage
and the password safe are deleted. | 
| | 
| 
| 
| 
| 
| | This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates. | 
| | 
| 
| 
| 
| 
| | After a factory reset, the password safe cannot be accessed as its
secret cannot be decrypted.  This patch improves the documentation for
GetPasswordSafe::get_password_safe to reflect this behavior. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | The CommandError::Unknown variant, which is used whenever a reported
error code is not known, makes it close to impossible to determine the
root cause of, say, a one-off error, because all information explaining
what went wrong is discarded.
With this change we adjust the Unknown variant to include the error
report. In addition, we introduce a new CommandError variant, Undefined,
that is used when no error code is available. | 
| | |  | 
| | 
| 
| 
| 
| 
| | This patch adds a test case that changes the PIN when calling
unlock_user_pin.  The previous test case only unlocked the current user
PIN. | 
| | 
| 
| 
| 
| | We switched to rand::thread_rng() which cannot fail.  Therefore the
CommandError::RngError is no longer needed and removed in this patch. | 
| | 
| 
| 
| 
| 
| 
| 
| | This patch adds the force argument to the set_time method in the
ConfigureOtp trait that allows the user to choose whether jumps to the
past are allowed when updating the time.  It is implemented by using the
NK_totp_set_time_soft function.  Previously, jumps where unconditionally
allowed. | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | The Cargo.toml extract in the README does not provide any real value,
but it adds maintenance effort.  Therefore it is removed in this patch. | 
| | 
| 
| 
| 
| 
| | It seems that with newer firmeware, the model string in the lsblk output
is Nitrokey_Storage instead of Nitrokey Storage.  Therefore this patch
replaces underscores with spaces to account for both versions. | 
| | |  | 
| | 
| 
| 
| 
| 
| | As these three enums are scalar values, this patch derives the Clone and
Copy traits for them.  This should avoid unnecessary allocations and
reduce the memory footprint. | 
| | |  | 
| | 
| 
| 
| 
| | This patch adds the function Device::get_model that returns the model of
the connected Nitrokey stick. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | This patch updates the rand dependecy to version 0.6.  It also replaces
the OsRng, which is guaranteed to use OS/hardware entropy, with the
thread_rng, which is likely to use OS/hardware entropy as a seed.  The
choice of RNG and the handling of password should be reviewed at a later
point. | 
| | 
| 
| 
| 
| 
| 
| | Currently, the test-no-device feature is used for tests that expect no
Nitrokey to be connected.  Yet test-no-device is equivalent to not
test-pro and not test-storage.  Therefore, this patch removes the
test-no-device feature. | 
| | |  | 
| | 
| 
| 
| 
| 
| | Newer Rust versions support integration tests in a top-level tests
directory.  This patch refactors the existing unit tests into
integration tests. | 
| | 
| 
| 
| 
| 
| 
| | With Rust edition 2018, it is no longer necessary to declare
dependencies in the code using `extern crate`.  Therefore, this patch
removes these declarations and replaces them with `use` declarations if
necessary. | 
| | |  | 
| | 
| 
| 
| 
| 
| | This patch changes use declarations for modules within this crate to use
the crate:: path qualifier.  This will be mandatory in Rust edition
2018. | 
| | 
| 
| 
| 
| | This patch changes the type of trait objects from `Trait` to `dyn
Trait`.  This fixes bare-trait-object compiler warnings. | 
| | 
| 
| 
| 
| | This patch makes hidden life time parameters explicit to fix
elided-lifetime-in-path compiler warnings. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | This patch enables the following compiler warnings:
- missing_docs for public symbols without documentation
- rust_2018_compatibility for Rust edition 2018 support
- rust_2018_idioms for Rust edition 2018 support
- unused for different types of unused code | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | This patch adds a `get_status` method to the `Storage` structure.  The
returned structure `StorageStatus` is based on the structure provided by
libnitrokey. | 
| | 
| 
| 
| 
| 
| 
| | As connect() now returns DeviceWrappers of the correct type, this patch
adds an example to the DeviceWrapper documentation that shows how to use
type conditions, i. e. how to execute a command only for Nitrokey
Storage devices. | 
| | 
| 
| 
| 
| 
| | This patch fixes the generic connect() method to return a DeviceWrapper
of the correct type.  This is enabled by the NK_get_device_model()
method introduced in libnitrokey v3.4. | 
| | 
| 
| 
| 
| 
| 
| 
| | Old libnitrokey versions could return pointers to both statically and
dynamically allocated strings for functions that return strings.  This
has been fixed in libnitrokey commit 7a8550d (included in v3.4).  This
patch removes the old workaround and always frees the return value of
functions returning a string pointer. | 
| | |  | 
| | 
| 
| 
| 
| | Most notably, for command errors, this will print a human-readable error
message instead of just the name of the enum. | 
| | 
| 
| 
| 
| 
| | The std::fmt::Display implementation provides a human-readable error
message for a CommandError.  It is intended to be used in error
messages displayed to the user. | 
| | 
| 
| 
| 
| 
| | The new get_cstring method in util returns a Result<CString,
CommandError>, so mast callers can just use the ? operator to unwrap the
result instead of cumbersome unwrapping code. |