| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the last patches, we ensured that devices can only be obtained using
the Manager struct. But we did not ensure that there is only one device
at a time. This patch adds a mutable reference to the Manager instance
to the Device implementations. The borrow checker makes sure that there
is only one mutable reference at a time.
In this patch, we have to remove the old connect, Pro::connect and
Storage::connect functions as they do no longer compile. (They discard
the MutexGuard which invalidates the reference to the Manager.)
Therefore the tests do no longer compile.
|
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct. To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated.
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct. As the connect_model
function is not used by nitrokey-test, it is removed.
|
|
|
|
|
|
|
| |
As part of the connection refactoring, we replace the connect function
with the Manager::connect method. To maintain compatibility with
nitrokey-test, the connect function is not removed but marked as
deprecated.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the connection refactoring, we introduce the Manager struct
that deals with connection management. To make sure there can be only
once instance of the manager, we add a global static Mutex that holds
the single Manager instance. We use the struct to ensure that the user
can only connect to one device at a time.
This also changes the Error::PoisonError variant to store the
sync::PoisonError. This allows the user to call into_inner on the
PoisonError to retrieve the MutexGuard and to ignore the error (for
example useful during testing).
|
|
|
|
|
|
|
|
|
| |
This patch prepares the refactoring of the connection methods by
introducing the Error variants ConcurrentAccessError and PoisonError.
ConcurrentAccessError indicates that the user tried to connect to
obtain a token that is currently locked, and PoisonError indicates that
a lock has been poisoned, i. e. a thread panicked while accessing using
a token.
|
|
|
|
|
|
|
|
|
| |
The new 0.2.1 version of nitrokey-test requires an additional crate,
nitrokey-test-state. This patch updates the nitrokey-test version and
adds the nitrokey-test-state dependency in version 0.1.0. See this
thread [0] for more information.
[0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3Ce3e908e5-3f66-7072-9603-8a4de5ac614b%40posteo.net%3E
|
|
|
|
|
|
|
|
|
| |
As the return type of the NK_get_{major,minor}_firmware_version methods
changed with libnitrokey 3.5, we also have to adapt our
get_firmware_version function in device.rs.
This patch also updates the changelog and the todo list with the changes
caused by the new libnitrokey version.
|
|
|
|
| |
This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
|
|
|
|
|
|
|
|
|
| |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
|
|
|
|
|
| |
To prepare the mutability refactoring, we add a device_mut method to
DeviceWrapper that can be used to obtain a mutable reference to the
wrapped device.
|
|
|
|
|
|
| |
As we want to change some methods to take a mutable reference to a
Device, we implement DerefMut for User<T> and Admin<T> so that users can
obtain a mutable reference to the wrapped device.
|
|
|
|
|
|
|
|
|
|
| |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
|
|
|
|
|
|
|
| |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
|
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
|
|
|
|
| |
For consistency with the other Error variants, we rename Unknown to
UnknownError.
|
|
|
|
|
|
|
|
|
| |
Many of our functions do not return a Result<_, Error>, but for example
a Result<_, (Device, Error)>. We only use the typedef in one function,
but it makes the other functions more complicated as we have to use
result::Result (if crate::Result is imported). Therefore, this patch
removes the typedef. Applications or libraries can still redefine it if
they want to.
|
|
|
|
|
|
| |
The TOTP test with the timestamp 59 often fails as the Nitrokey’s clock
ticks between setting the time and generating the TOTP code. This patch
also allows the TOTP code for timestamp 60 for this test case.
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
|
|
|
|
|
| |
Not all users of the authenticate methods want to use the device after
an error, so implementing From<(T: Device, Error)> for Error makes it
easier for them to discard the device.
|
|
|
|
|
|
|
| |
Previously, we used lossy UTF-8 conversion. Yet the user should be
notified if we have a problem instead of silently changing the data.
Therefore, we now return an error if we enocunter an invalid UTF-8
string. This leads to a change in `get_library_version`’s signature.
|
|
|
|
|
| |
Previously, we just ignored UTF-8 errors. This patch prepares the
Utf8Error variant so that we are able to return UTF-8 errors.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This includes:
- using idiomatic Rust
- limiting the scope of unsafe blocks
- simplifying code
|
|
|
|
|
|
| |
Numeric casting might truncate an integer, while into() is only
implemented for numeric types if the cast is possible without
truncation.
|
|
|
|
|
|
| |
The Pro and Storage structs may only be created using the connect
functions. This patch adds a private PhantomData field to the structs
to ensure that the compiler does not allow direct instantiation.
|
|
|
|
|
|
| |
The CommandError::Undefined variant has been refactored into
Error::UnexpectedError and CommunicationError::NotConnected and is
therefore no longer needed.
|
|
|
|
|
|
|
|
|
| |
Previously, we returned a CommandError::Undefined if a connect function
failed. A CommunicationError::NotConnected is a more specific and
better fitting choice.
Once the Try trait has been stabilized, we should return an Option<_>
instead of a Result<_, Error> from the connect functions.
|
|
|
|
|
|
| |
Communication errors returned by libnitrokey were previously not mapped
to an error type in the nitrokey crate. We introduce the
CommunicationError enum to represent these errors.
|
|
|
|
|
|
| |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
|
|
|
|
|
|
| |
An error code can not only indiciate a command error, but also a library
or device communication error. Therefore, the variant for an unknown
error code should be placed in the top-level Error enum instead of the
CommandError enum.
|
|
|
|
|
| |
We reserve CommandError for errors returned by the Nitrokey device.
Errors during random number generation should have their own type.
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all public functions to return the Error enum instead
of the CommandError enum. This breaks the tests which will be fixed
with the next patch.
This patch also adds a placeholder variant Error::CommandError and a
placeholder enum CommandError to make the transition to a new
nitrokey-test version easier.
|
|
|
|
|
| |
The Error enum is a wrapper for the possible error types (currently only
CommandError). Result<T> is defined as Result<T, Error>.
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| | |
The constants can be used for tests or after a factory reset.
|
| | |
|
|/
|
|
|
|
|
| |
Since commit 65bff57e6139cc126191d4faabbcf74118932dd2, we use the
nitrokey-test crate to select test cases. Previously, we used the
features test-pro and test-storage to select test suites. These
features are now obsolete.
|
| |
|
|
|
|
|
|
|
|
| |
There seems to be a bug in libnitrokey or the Nitrokey Storage firmware
that causes problems when chaining factory reset and build_AES_keys
without delay (upstream issue [0]).
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
|
|
|
|
|
|
|
|
|
|
|
| |
An empty string returned from a libnitrokey function can either indicate
an error or be a valid return value. Previously, we assumed that it
indicates an error. But instead, we should check the last command
status and use it to decide whether to return the empty string or an
error code.
This breaks the unit tests that assume that empty strings cause errors.
These will be fixed in the next patches.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rand crate comes with a slew of dependencies to cover all sort of
randomness related tasks in various scenarios. However, this crate
really only requires a tiny subset of this functionality. As it turns
out, this core functionality is provided by the rand_os crate.
This change drops the dependency to rand in favor of rand_os. In order
to accomplish that, it brings back the RngError variant for the
CommandError enum to capture the possibility of the creation of the
random number generator failing.
|
|
|
|
|
|
| |
The clear_new_sd_card_warning method calls the libnitrokey
NK_clear_new_sd_card_warning function to reset the corresponding flag in
the Storage status.
|
|
|
|
|
|
|
|
|
|
|
| |
The get_production_info method maps to the NK_get_production_info
function of libnitrokey. The Storage firmware supports two query modes:
with or without a write test. libnitrokey only performs the query
without write test, so the fields that are only set for the write test
are ignored in our implementation. This affects:
- user and admin retry counts
- smart card ID
- SD card size
|